package net.ontopia.topicmaps.nav2.realm;

import java.io.IOException;
import java.security.MessageDigest;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import net.ontopia.net.Base64Encoder;
import net.ontopia.topicmaps.core.TMObjectIF;
import net.ontopia.topicmaps.core.TopicIF;
import net.ontopia.topicmaps.core.TopicMapIF;
import net.ontopia.topicmaps.core.TopicMapStoreIF;
import net.ontopia.topicmaps.entry.TopicMapReferenceIF;
import net.ontopia.topicmaps.entry.TopicMaps;
import net.ontopia.topicmaps.nav2.impl.basic.NavigatorApplication;
import net.ontopia.topicmaps.nav2.utils.NavigatorUtils;
import net.ontopia.topicmaps.query.core.InvalidQueryException;
import net.ontopia.topicmaps.query.core.QueryProcessorIF;
import net.ontopia.topicmaps.query.core.QueryResultIF;
import net.ontopia.topicmaps.query.utils.QueryUtils;
import net.ontopia.topicmaps.utils.TopicStringifiers;
import net.ontopia.utils.OntopiaRuntimeException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/ontopia/topicmaps/nav2/realm/TMLoginModule.class */
public class TMLoginModule implements LoginModule {
    private static Logger log = LoggerFactory.getLogger(TMLoginModule.class.getName());
    private Subject subject;
    private CallbackHandler callbackHandler;
    private Map<String, ?> sharedState;
    private Map<String, ?> options;
    private boolean loginSucceeded;
    private boolean commitSucceeded;
    private String username;
    private String password;
    private String hashMethod;
    private Principal userPrincipal;
    private List<RolePrincipal> rolePrincipals;
    private String jndiname;
    protected String topicmapId;
    private String repositoryId;

    public TMLoginModule() {
        log.debug("TMLoginModule: constructor");
        this.rolePrincipals = new ArrayList();
    }

    public boolean abort() throws LoginException {
        if (!this.loginSucceeded) {
            return false;
        }
        if (this.commitSucceeded) {
            logout();
            return true;
        }
        this.loginSucceeded = false;
        this.username = null;
        this.password = null;
        this.userPrincipal = null;
        this.rolePrincipals.clear();
        return true;
    }

    public boolean commit() throws LoginException {
        if (!this.loginSucceeded) {
            return false;
        }
        this.userPrincipal = new UserPrincipal(this.username);
        if (!this.subject.getPrincipals().contains(this.userPrincipal)) {
            this.subject.getPrincipals().add(this.userPrincipal);
        }
        processRoles();
        for (RolePrincipal rolePrincipal : this.rolePrincipals) {
            if (!this.subject.getPrincipals().contains(rolePrincipal)) {
                this.subject.getPrincipals().add(rolePrincipal);
            }
        }
        log.debug("TMLoginModule: committed");
        this.commitSucceeded = true;
        this.username = null;
        this.password = null;
        return true;
    }

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        log.debug("TMLoginModule: initialize");
        this.subject = subject;
        this.callbackHandler = callbackHandler;
        this.sharedState = map;
        this.options = map2;
        this.jndiname = (String) map2.get("jndi_repository");
        if (this.jndiname == null) {
            this.jndiname = (String) map2.get("jndiname");
        }
        this.topicmapId = (String) map2.get("topicmap");
        this.repositoryId = (String) map2.get("repository");
        if (this.topicmapId == null) {
            throw new OntopiaRuntimeException("'topicmap' option is not provided to the JAAS module. Check jaas.config file.");
        }
        this.hashMethod = (String) map2.get("hashmethod");
        if (this.hashMethod == null) {
            this.hashMethod = "plaintext";
        }
    }

    public boolean login() throws LoginException {
        log.debug("TMLoginModule: login");
        if (this.callbackHandler == null) {
            throw new LoginException("Error: no CallbackHandler available to garner authentication information from the user");
        }
        Callback nameCallback = new NameCallback("user name: ");
        PasswordCallback passwordCallback = new PasswordCallback("password: ", false);
        try {
            this.callbackHandler.handle(new Callback[]{nameCallback, passwordCallback});
            this.username = nameCallback.getName();
            char[] password = passwordCallback.getPassword();
            this.password = password == null ? "" : new String(password);
            passwordCallback.clearPassword();
            this.loginSucceeded = verifyUsernamePassword(this.username, this.password);
            return this.loginSucceeded;
        } catch (IOException e) {
            throw new LoginException(e.toString());
        } catch (UnsupportedCallbackException e2) {
            throw new LoginException("Error: " + e2.getCallback() + " not available to garner authentication information from the user");
        }
    }

    public boolean logout() throws LoginException {
        this.subject.getPrincipals().remove(this.userPrincipal);
        for (RolePrincipal rolePrincipal : this.rolePrincipals) {
            if (!this.subject.getPrincipals().contains(rolePrincipal)) {
                this.subject.getPrincipals().remove(rolePrincipal);
            }
        }
        log.debug("TMLoginModule: logout");
        this.loginSucceeded = false;
        this.commitSucceeded = false;
        this.username = null;
        this.password = null;
        this.userPrincipal = null;
        this.rolePrincipals.clear();
        return true;
    }

    private static String getName(TopicIF topicIF) {
        return TopicStringifiers.getDefaultStringifier().toString(topicIF);
    }

    private static String getId(Object obj) {
        if (obj instanceof TMObjectIF) {
            return NavigatorUtils.getStableId((TMObjectIF) obj);
        }
        if (obj instanceof TopicMapReferenceIF) {
            return ((TopicMapReferenceIF) obj).getId();
        }
        return null;
    }

    protected TopicMapIF getTopicMap() {
        TopicMapStoreIF createStore;
        if (this.jndiname != null) {
            try {
                createStore = NavigatorApplication.lookupSharedStoreRegistry(this.jndiname).getTopicMapRepository().getReferenceByKey(this.topicmapId).createStore(true);
            } catch (IOException e) {
                throw new OntopiaRuntimeException("Unable to create store for '" + this.topicmapId + "'", e);
            }
        } else {
            createStore = this.repositoryId == null ? TopicMaps.createStore(this.topicmapId, true) : TopicMaps.createStore(this.topicmapId, true, this.repositoryId);
        }
        log.debug("TMLoginModule Initialised Correctly");
        return createStore.getTopicMap();
    }

    public static String hashPassword(String str, String str2, String str3) {
        String encode;
        if (str3.equals("base64")) {
            try {
                encode = Base64Encoder.encode(str + str2);
            } catch (Exception e) {
                throw new OntopiaRuntimeException("Problem occurred when attempting to hash password", e);
            }
        } else if (str3.equals("md5")) {
            try {
                encode = Base64Encoder.encode(new String(MessageDigest.getInstance("MD5").digest((str + str2).getBytes("ISO-8859-1")), "ISO-8859-1"));
            } catch (Exception e2) {
                throw new OntopiaRuntimeException("Problems occurrend when attempting to hash password", e2);
            }
        } else {
            if (!str3.equals("plaintext")) {
                throw new OntopiaRuntimeException("Invalid password encoding: " + str3);
            }
            encode = str2;
        }
        return encode;
    }

    private void processRoles() {
        TopicMapIF topicMap = getTopicMap();
        QueryResultIF queryResultIF = null;
        try {
            try {
                QueryProcessorIF queryProcessor = QueryUtils.getQueryProcessor(topicMap);
                log.info("Processing roles for user '" + this.username + "'");
                queryResultIF = queryProcessor.execute("using um for i\"http://psi.ontopia.net/userman/\"select $ROLE, $PRIVILEGE from instance-of($USER, um:user), occurrence($USER, $O1), type($O1, um:username), value($O1, %USERNAME%), um:plays-role($USER : um:user, $ROLE : um:role), { um:has-privilege($ROLE : um:receiver, $PRIVILEGE : um:privilege) }?", Collections.singletonMap("USERNAME", this.username));
                HashSet hashSet = new HashSet();
                while (queryResultIF.next()) {
                    TopicIF topicIF = (TopicIF) queryResultIF.getValue(0);
                    if (!hashSet.contains(topicIF)) {
                        String name = getName(topicIF);
                        if (name != null) {
                            this.rolePrincipals.add(new RolePrincipal(name));
                        }
                        hashSet.add(topicIF);
                        log.info("Added role-principal from user-group '" + name + "' for user '" + this.username + "'");
                    }
                    TopicIF topicIF2 = (TopicIF) queryResultIF.getValue(1);
                    if (topicIF2 != null && !hashSet.contains(topicIF2)) {
                        String name2 = getName(topicIF2);
                        if (name2 != null) {
                            this.rolePrincipals.add(new RolePrincipal(name2));
                        }
                        hashSet.add(topicIF2);
                        log.info("Added role-principal from privilege '" + name2 + "' for user '" + this.username + "'");
                    }
                }
                log.info("Added implicit role-principal 'user' for user '" + this.username + "'");
                this.rolePrincipals.add(new RolePrincipal("user"));
                if (queryResultIF != null) {
                    queryResultIF.close();
                }
                if (topicMap != null) {
                    topicMap.getStore().close();
                }
            } catch (InvalidQueryException e) {
                throw new OntopiaRuntimeException(e);
            }
        } catch (Throwable th) {
            if (queryResultIF != null) {
                queryResultIF.close();
            }
            if (topicMap != null) {
                topicMap.getStore().close();
            }
            throw th;
        }
    }

    private boolean verifyUsernamePassword(String str, String str2) {
        if (str == null || str2 == null) {
            return false;
        }
        TopicMapIF topicMap = getTopicMap();
        QueryResultIF queryResultIF = null;
        try {
            try {
                log.debug("Topic map: " + topicMap);
                QueryProcessorIF queryProcessor = QueryUtils.getQueryProcessor(topicMap);
                HashMap hashMap = new HashMap(2);
                hashMap.put("USERNAME", str);
                hashMap.put("PASSWORD", hashPassword(str, str2, this.hashMethod));
                QueryResultIF execute = queryProcessor.execute("using um for i\"http://psi.ontopia.net/userman/\" select $USER from instance-of($USER, um:user), occurrence($USER, $O1), type($O1, um:username), value($O1, %USERNAME%), occurrence($USER, $O2), type($O2, um:password), value($O2, %PASSWORD%)?", hashMap);
                if (!execute.next()) {
                    log.info("User '" + str + "' not authenticated");
                    if (execute != null) {
                        execute.close();
                    }
                    if (topicMap != null) {
                        topicMap.getStore().close();
                    }
                    return false;
                }
                log.info("Authenticated user: " + ((TopicIF) execute.getValue(0)));
                if (execute != null) {
                    execute.close();
                }
                if (topicMap != null) {
                    topicMap.getStore().close();
                }
                return true;
            } catch (InvalidQueryException e) {
                throw new OntopiaRuntimeException(e);
            }
        } catch (Throwable th) {
            if (0 != 0) {
                queryResultIF.close();
            }
            if (topicMap != null) {
                topicMap.getStore().close();
            }
            throw th;
        }
    }
}
