package org.apache.slide.jaas.spi;

import java.io.IOException;
import java.security.Principal;
import java.security.acl.Group;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.apache.slide.authenticate.CredentialsToken;
import org.apache.slide.authenticate.SecurityToken;
import org.apache.slide.common.Domain;
import org.apache.slide.common.NamespaceAccessToken;
import org.apache.slide.common.SlideException;
import org.apache.slide.common.SlideTokenImpl;
import org.apache.slide.content.Content;
import org.apache.slide.content.NodeProperty;
import org.apache.slide.security.Security;
import org.apache.slide.structure.ObjectNotFoundException;
import org.apache.slide.structure.SubjectNode;

/* loaded from: input_file:org/apache/slide/jaas/spi/SlideLoginModule.class */
public class SlideLoginModule implements LoginModule {
    private Content m_content;
    private Security m_security;
    private String m_usersPath;
    private String m_rolesPath;
    private Subject m_subject;
    private Principal m_principal;
    private Principal[] m_roles;
    private Group m_group;
    private CallbackHandler m_callbackHandler;
    private Map m_sharedState;
    private boolean m_authenticated = false;
    private boolean m_committed = false;

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        this.m_subject = subject;
        this.m_callbackHandler = callbackHandler;
        this.m_sharedState = map;
        String str = (String) map2.get("namespace");
        if (str == null) {
            str = Domain.getDefaultNamespace();
        }
        NamespaceAccessToken accessNamespace = Domain.accessNamespace(new SecurityToken(this), str);
        this.m_content = accessNamespace.getContentHelper();
        this.m_security = accessNamespace.getSecurityHelper();
        this.m_usersPath = accessNamespace.getNamespaceConfig().getUsersPath();
        this.m_rolesPath = accessNamespace.getNamespaceConfig().getRolesPath();
    }

    public boolean login() throws LoginException {
        if (this.m_callbackHandler == null) {
            throw new LoginException("No callback handler");
        }
        NameCallback[] nameCallbackArr = {new NameCallback("Username: "), new PasswordCallback("Password: ", false)};
        try {
            this.m_callbackHandler.handle(nameCallbackArr);
            String name = nameCallbackArr[0].getName();
            char[] password = ((PasswordCallback) nameCallbackArr[1]).getPassword();
            if (name == null) {
                throw new LoginException("No user name entered");
            }
            if (password == null) {
                throw new LoginException("No password entered");
            }
            this.m_sharedState.put("javax.security.auth.login.name", name);
            this.m_sharedState.put("javax.security.auth.login.password", password);
            SlideTokenImpl slideTokenImpl = new SlideTokenImpl(new CredentialsToken(name));
            try {
                SubjectNode principal = this.m_security.getPrincipal(slideTokenImpl);
                this.m_principal = new SlidePrincipal(name);
                this.m_group = new SlideGroup();
                NodeProperty property = this.m_content.retrieve(slideTokenImpl, this.m_content.retrieve(slideTokenImpl, new StringBuffer().append(this.m_usersPath).append("/").append(name).toString())).getProperty("password", "http://jakarta.apache.org/slide/");
                if (property == null) {
                    String stringBuffer = new StringBuffer().append("User ").append(name).append(" doesn't have his password ").append("property set: can't authenticate.").toString();
                    Domain.warn(new StringBuffer().append("[SlideLoginModule] - ").append(stringBuffer).toString());
                    throw new LoginException(stringBuffer);
                }
                this.m_authenticated = new String(password).equals(property.getValue());
                if (!this.m_authenticated) {
                    if (Domain.isDebugEnabled()) {
                        Domain.debug(new StringBuffer().append("[SlideLoginModule] - Authentication failed for user ").append(name).append(": wrong password.").toString());
                    }
                    throw new LoginException("Authentication failed");
                }
                if (Domain.isDebugEnabled()) {
                    Domain.debug(new StringBuffer().append("[SlideLoginModule] - user ").append(name).append(" successfully authenticated").toString());
                }
                ArrayList arrayList = new ArrayList();
                Enumeration groupMembership = this.m_security.getGroupMembership(slideTokenImpl, principal);
                while (groupMembership.hasMoreElements()) {
                    String substring = ((String) groupMembership.nextElement()).substring(this.m_rolesPath.length() + 1);
                    if (Domain.isDebugEnabled()) {
                        Domain.debug(new StringBuffer().append("[SlideLoginModule] - adding role ").append(substring).append(" for user ").append(name).toString());
                    }
                    SlideRole slideRole = new SlideRole(substring);
                    this.m_group.addMember(slideRole);
                    arrayList.add(slideRole);
                }
                this.m_roles = (Principal[]) arrayList.toArray(new Principal[arrayList.size()]);
                return true;
            } catch (SlideException e) {
                Domain.error("[SlideLoginModule] - Failure loading user object", e);
                throw new LoginException("Failure loading user object");
            } catch (ObjectNotFoundException e2) {
                if (Domain.isDebugEnabled()) {
                    Domain.debug("[SlideLoginModule] - No such user");
                }
                throw new LoginException("No such user");
            }
        } catch (IOException e3) {
            Domain.error("[SlideLoginModule] - Failure during login()", e3);
            throw new LoginException("Failure during login()");
        } catch (UnsupportedCallbackException e4) {
            Domain.error("[SlideLoginModule] - Failure during login()", e4);
            throw new LoginException("Failure during login()");
        } catch (SlideException e5) {
            Domain.error("[SlideLoginModule] - Failure during login()", e5);
            throw new LoginException("Failure during login()");
        }
    }

    public boolean commit() throws LoginException {
        if (this.m_authenticated) {
            this.m_subject.getPrincipals().add(this.m_principal);
            this.m_subject.getPrincipals().add(this.m_group);
            for (int i = 0; i < this.m_roles.length; i++) {
                this.m_subject.getPrincipals().add(this.m_roles[i]);
            }
        }
        this.m_committed = true;
        return this.m_authenticated;
    }

    public boolean abort() throws LoginException {
        this.m_principal = null;
        this.m_group = null;
        this.m_roles = null;
        return this.m_authenticated;
    }

    public boolean logout() throws LoginException {
        this.m_subject.getPrincipals().remove(this.m_principal);
        this.m_subject.getPrincipals().remove(this.m_group);
        for (int i = 0; i < this.m_roles.length; i++) {
            this.m_subject.getPrincipals().remove(this.m_roles[i]);
        }
        this.m_committed = false;
        this.m_principal = null;
        this.m_group = null;
        this.m_roles = null;
        return true;
    }
}
