package edu.vt.middleware.ldap.jaas;

import com.sun.security.auth.callback.TextCallbackHandler;
import edu.vt.middleware.ldap.auth.Authenticator;
import java.security.Principal;
import java.util.Arrays;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.naming.AuthenticationException;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;

/* loaded from: input_file:edu/vt/middleware/ldap/jaas/LdapLoginModule.class */
public class LdapLoginModule extends AbstractLoginModule implements LoginModule {
    private String[] userRoleAttribute = new String[0];
    private Authenticator auth;

    @Override // edu.vt.middleware.ldap.jaas.AbstractLoginModule
    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        this.setLdapPrincipal = true;
        this.setLdapCredential = true;
        super.initialize(subject, callbackHandler, map, map2);
        for (String str : map2.keySet()) {
            String str2 = (String) map2.get(str);
            if (str.equalsIgnoreCase("userRoleAttribute")) {
                if ("*".equals(str2)) {
                    this.userRoleAttribute = null;
                } else {
                    this.userRoleAttribute = str2.split(",");
                }
            }
        }
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("userRoleAttribute = " + Arrays.toString(this.userRoleAttribute));
        }
        this.auth = createAuthenticator(map2);
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Created authenticator: " + this.auth.getAuthenticatorConfig());
        }
    }

    @Override // edu.vt.middleware.ldap.jaas.AbstractLoginModule
    public boolean login() throws LoginException {
        try {
            try {
                NameCallback nameCallback = new NameCallback("Enter user: ");
                PasswordCallback passwordCallback = new PasswordCallback("Enter user password: ", false);
                getCredentials(nameCallback, passwordCallback, false);
                Throwable th = null;
                Attributes attributes = null;
                try {
                    attributes = this.auth.authenticate(nameCallback.getName(), passwordCallback.getPassword(), this.userRoleAttribute);
                    this.roles.addAll(attributesToRoles(attributes));
                    if (this.defaultRole != null && !this.defaultRole.isEmpty()) {
                        this.roles.addAll(this.defaultRole);
                    }
                    this.success = true;
                } catch (AuthenticationException e) {
                    if (this.tryFirstPass) {
                        getCredentials(nameCallback, passwordCallback, true);
                        try {
                            attributes = this.auth.authenticate(nameCallback.getName(), passwordCallback.getPassword(), this.userRoleAttribute);
                            this.roles.addAll(attributesToRoles(attributes));
                            if (this.defaultRole != null && !this.defaultRole.isEmpty()) {
                                this.roles.addAll(this.defaultRole);
                            }
                            this.success = true;
                        } catch (AuthenticationException e2) {
                            th = e;
                            this.success = false;
                        }
                    } else {
                        th = e;
                        this.success = false;
                    }
                }
                if (!this.success) {
                    if (this.logger.isDebugEnabled()) {
                        this.logger.debug("Authentication failed", th);
                    }
                    throw new LoginException(th != null ? th.getMessage() : "Authentication failed");
                }
                if (this.setLdapPrincipal) {
                    LdapPrincipal ldapPrincipal = new LdapPrincipal(nameCallback.getName());
                    if (attributes != null) {
                        ldapPrincipal.getLdapAttributes().addAttributes(attributes);
                    }
                    this.principals.add(ldapPrincipal);
                }
                String dn = this.auth.getDn(nameCallback.getName());
                if (dn != null && this.setLdapDnPrincipal) {
                    LdapDnPrincipal ldapDnPrincipal = new LdapDnPrincipal(dn);
                    if (attributes != null) {
                        ldapDnPrincipal.getLdapAttributes().addAttributes(attributes);
                    }
                    this.principals.add(ldapDnPrincipal);
                }
                if (this.setLdapCredential) {
                    this.credentials.add(new LdapCredential(passwordCallback.getPassword()));
                }
                storeCredentials(nameCallback, passwordCallback, dn);
                this.auth.close();
                return true;
            } catch (NamingException e3) {
                if (this.logger.isDebugEnabled()) {
                    this.logger.debug("Error occured attempting authentication", e3);
                }
                this.success = false;
                throw new LoginException(e3 != null ? e3.getMessage() : "Authentication Error");
            }
        } catch (Throwable th2) {
            this.auth.close();
            throw th2;
        }
    }

    public static void main(String[] strArr) throws Exception {
        LoginContext loginContext = new LoginContext(strArr.length > 0 ? strArr[0] : "vt-ldap", new TextCallbackHandler());
        loginContext.login();
        System.out.println("Authentication/Authorization succeeded");
        Set<Principal> principals = loginContext.getSubject().getPrincipals();
        System.out.println("Subject Principal(s): ");
        Iterator<Principal> it = principals.iterator();
        while (it.hasNext()) {
            System.out.println("  " + it.next());
        }
        loginContext.logout();
    }
}
