package org.kaazing.gateway.security.auth;

import java.io.File;
import java.io.IOException;
import java.security.Principal;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.kaazing.gateway.security.auth.config.JaasConfig;
import org.kaazing.gateway.security.auth.config.RoleConfig;
import org.kaazing.gateway.security.auth.config.UserConfig;
import org.kaazing.gateway.security.auth.config.parse.JaasConfigParser;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/kaazing/gateway/security/auth/FileLoginModule.class */
public class FileLoginModule implements LoginModule {
    private static final String INITIALIZATION_FAILED_MESSAGE = "[FileLoginModule] Initialization failed";
    private static final String AUTHENTICATION_FAILED_MESSAGE = "[FileLoginModule] Authentication failed";
    private static final String FILE_KEY = "file";
    private static final String NAME = "javax.security.auth.login.name";
    private static final String PWD = "javax.security.auth.login.password";
    private State state = State.INITIALIZE_REQUIRED;
    private Subject subject;
    private UserConfig user;
    private Collection<RoleConfig> userRoles;
    private CallbackHandler handler;
    private JaasConfig jaasConfig;
    private Map sharedState;
    private boolean tryFirstPass;
    private boolean debug;
    private String username;
    private char[] password;
    public static final String CLASS_NAME = FileLoginModule.class.getName();
    public static final Logger LOG = LoggerFactory.getLogger(CLASS_NAME);
    private static final ConcurrentMap<String, JaasConfig> SHARED_STATE = new ConcurrentHashMap();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/kaazing/gateway/security/auth/FileLoginModule$State.class */
    public enum State {
        INITIALIZE_REQUIRED,
        INITIALIZE_COMPLETE,
        LOGIN_COMPLETE,
        COMMIT_COMPLETE
    }

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        String str;
        this.sharedState = map;
        this.tryFirstPass = "true".equalsIgnoreCase((String) map2.get("tryFirstPass"));
        this.debug = "true".equalsIgnoreCase((String) map2.get("debug"));
        String str2 = (String) map2.get(FILE_KEY);
        if (str2 == null) {
            IllegalArgumentException illegalArgumentException = new IllegalArgumentException(String.format("Missing required option \"%s\" to locate JAAS configuration file", FILE_KEY));
            if (this.debug) {
                LOG.debug(INITIALIZATION_FAILED_MESSAGE, illegalArgumentException);
            }
        }
        JaasConfig jaasConfig = SHARED_STATE.get(str2);
        if (jaasConfig == null) {
            File file = new File(str2);
            if (!file.isAbsolute() && (str = (String) map2.get("GATEWAY_CONFIG_DIRECTORY")) != null) {
                file = new File(str, str2);
            }
            if (!file.exists() || !file.isFile()) {
                IllegalArgumentException illegalArgumentException2 = new IllegalArgumentException(String.format("Unable to use \"%s\" for file-based login: File does not exist or is directory", file));
                if (this.debug) {
                    LOG.debug(INITIALIZATION_FAILED_MESSAGE, illegalArgumentException2);
                }
                throw illegalArgumentException2;
            }
            try {
                jaasConfig = new JaasConfigParser().parse(file.toURI().toURL());
                SHARED_STATE.put(str2, jaasConfig);
            } catch (Exception e) {
                if (this.debug) {
                    LOG.debug(INITIALIZATION_FAILED_MESSAGE, e);
                }
                throw new IllegalArgumentException(e);
            }
        }
        this.state = State.INITIALIZE_COMPLETE;
        this.subject = subject;
        this.handler = callbackHandler;
        this.jaasConfig = jaasConfig;
    }

    public boolean login() throws LoginException {
        switch (this.state) {
            case INITIALIZE_COMPLETE:
                return login0();
            case LOGIN_COMPLETE:
                return login0();
            case COMMIT_COMPLETE:
                return true;
            case INITIALIZE_REQUIRED:
            default:
                throw new LoginException("Login module is not initialized");
        }
    }

    public boolean logout() throws LoginException {
        switch (this.state) {
            case INITIALIZE_COMPLETE:
            case LOGIN_COMPLETE:
            default:
                return false;
            case COMMIT_COMPLETE:
                logout0();
                return true;
            case INITIALIZE_REQUIRED:
                throw new LoginException("Login module is not initialized");
        }
    }

    public boolean commit() throws LoginException {
        switch (this.state) {
            case INITIALIZE_COMPLETE:
                logout0();
                return false;
            case LOGIN_COMPLETE:
                commit0();
                return true;
            case COMMIT_COMPLETE:
                return true;
            case INITIALIZE_REQUIRED:
            default:
                throw new LoginException("Login module is not initialized");
        }
    }

    public boolean abort() throws LoginException {
        switch (this.state) {
            case INITIALIZE_COMPLETE:
            case INITIALIZE_REQUIRED:
            default:
                return false;
            case LOGIN_COMPLETE:
            case COMMIT_COMPLETE:
                logout0();
                return true;
        }
    }

    private boolean login0() throws LoginException {
        if (this.tryFirstPass) {
            try {
                attemptAuthenticate(true);
                return true;
            } catch (LoginException e) {
                cleanState();
                if (this.debug) {
                    LOG.debug("[FileLoginModule] read from shared state failed", e);
                }
            }
        }
        try {
            attemptAuthenticate(false);
            return true;
        } catch (LoginException e2) {
            cleanState();
            if (this.debug) {
                LOG.debug("[FileLoginModule] regular authentication failed", e2);
            }
            throw e2;
        }
    }

    private void cleanState() {
        this.user = null;
        this.userRoles = null;
        this.username = null;
        if (this.password != null) {
            Arrays.fill(this.password, (char) 0);
        }
        this.password = null;
    }

    private void attemptAuthenticate(boolean z) throws LoginException {
        getUsernamePassword(z);
        if (this.username == null) {
            LoginException loginException = new LoginException("Username not found");
            if (this.debug) {
                LOG.debug(AUTHENTICATION_FAILED_MESSAGE, loginException);
            }
            throw loginException;
        }
        if (this.password == null) {
            LoginException loginException2 = new LoginException("Password not found");
            if (this.debug) {
                LOG.debug(AUTHENTICATION_FAILED_MESSAGE, loginException2);
            }
            throw loginException2;
        }
        Map<String, UserConfig> users = this.jaasConfig.getUsers();
        Map<String, RoleConfig> roles = this.jaasConfig.getRoles();
        this.user = users.get(this.username);
        if (this.user == null) {
            FailedLoginException failedLoginException = new FailedLoginException(String.format("User '%s' not found", this.username));
            if (this.debug) {
                LOG.debug(AUTHENTICATION_FAILED_MESSAGE, failedLoginException);
            }
            throw failedLoginException;
        }
        if (!new String(this.password).equals(this.user.getPassword())) {
            FailedLoginException failedLoginException2 = new FailedLoginException("Wrong password");
            if (this.debug) {
                LOG.debug(AUTHENTICATION_FAILED_MESSAGE, failedLoginException2);
            }
            throw failedLoginException2;
        }
        this.userRoles = new HashSet();
        LinkedList linkedList = new LinkedList();
        linkedList.addAll(this.user.getRoleNames());
        while (!linkedList.isEmpty()) {
            String str = (String) linkedList.poll();
            RoleConfig roleConfig = roles.get(str);
            if (roleConfig == null) {
                IllegalArgumentException illegalArgumentException = new IllegalArgumentException(String.format("Unrecognized role \"%s\"", str));
                if (this.debug) {
                    LOG.debug(AUTHENTICATION_FAILED_MESSAGE, illegalArgumentException);
                }
                cleanState();
                throw illegalArgumentException;
            }
            if (this.userRoles.add(roleConfig)) {
                linkedList.addAll(roleConfig.getRoleNames());
            }
        }
        this.state = State.LOGIN_COMPLETE;
    }

    private void getUsernamePassword(boolean z) throws LoginException {
        if (z) {
            this.username = (String) this.sharedState.get(NAME);
            this.password = (char[]) this.sharedState.get(PWD);
            return;
        }
        Callback nameCallback = new NameCallback("username");
        PasswordCallback passwordCallback = new PasswordCallback("password", false);
        try {
            this.handler.handle(new Callback[]{nameCallback, passwordCallback});
            this.username = nameCallback.getName();
            this.password = passwordCallback.getPassword();
            passwordCallback.clearPassword();
        } catch (IOException | UnsupportedCallbackException e) {
            if (this.debug) {
                LOG.debug("[FileLoginModule] - Encountered exception while handling name, password callbacks.", e);
            }
            throw ((LoginException) new LoginException(e.getMessage()).initCause(e));
        }
    }

    private void logout0() throws LoginException {
        Set<Principal> principals = this.subject.getPrincipals();
        principals.remove(this.user);
        if (this.userRoles != null) {
            principals.removeAll(this.userRoles);
        }
        this.user = null;
        this.userRoles = null;
        this.state = State.INITIALIZE_COMPLETE;
    }

    private void commit0() throws LoginException {
        Set<Principal> principals = this.subject.getPrincipals();
        principals.add(this.user);
        principals.addAll(this.userRoles);
        this.state = State.COMMIT_COMPLETE;
    }
}
