package br.gov.component.demoiselle.security.auth.provider;

import br.gov.component.demoiselle.security.auth.AuthException;
import br.gov.component.demoiselle.security.auth.Role;
import br.gov.component.demoiselle.security.auth.SimpleGroup;
import br.gov.component.demoiselle.security.auth.adapter.ICertificateCallbackAdapter;
import java.security.Principal;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Iterator;
import java.util.Map;
import java.util.Properties;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;

/* loaded from: input_file:br/gov/component/demoiselle/security/auth/provider/ProviderLoginModule.class */
public class ProviderLoginModule implements LoginModule {
    private static Logger log = Logger.getLogger(ProviderLoginModule.class.getName());
    private static final String OPTION_CREDENTIAL_TYPE = "credential-type";
    private static final String OPTION_AUTHENTICATION_PROVIDER_CLASS = "authentication-provider-class";
    private static final String OPTION_AUTHORIZATION_PROVIDER_CLASS = "authorization-provider-class";
    private static final String OPTION_CERTIFICATE_CALLBACK_ADAPTER_CLASS = "certificate-callback-adapter-class";
    private static final String STATE_LOGIN_NAME = "javax.security.auth.login.name";
    private static final String STATE_LOGIN_PASSWORD = "javax.security.auth.login.password";
    private static final String STATE_LOGIN_CERTIFICATE = "javax.security.auth.login.certificate";
    private static final int DEFAULT_CHAR_TOKEN = 127;
    private Subject subject;
    private CallbackHandler callbackHandler;
    private Map<String, Object> sharedState;
    private Map<String, Object> options;
    private CredentialType type;
    private IAuthenticationProvider authentication;
    private IAuthorizationProvider authorization;
    private ICertificateCallbackAdapter certificateCallbackAdapter;
    private Properties publicOptions;
    private Principal callerPrincipal;

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        log.fine("initialize");
        this.subject = subject;
        this.callbackHandler = callbackHandler;
        this.sharedState = map;
        this.options = map2;
        processOptions();
    }

    public boolean login() throws LoginException {
        log.fine("login");
        switch (this.type) {
            case USER_PASSWORD:
                log.fine("user-password login");
                Callback nameCallback = new NameCallback("username:");
                PasswordCallback passwordCallback = new PasswordCallback("password:", false);
                try {
                    this.callbackHandler.handle(new Callback[]{nameCallback, passwordCallback});
                    this.authentication.initialize(this.publicOptions);
                    String[] decodePassword = decodePassword(passwordCallback.getPassword());
                    if (decodePassword[1] == null || decodePassword[1].equals("")) {
                        this.callerPrincipal = this.authentication.authenticate(nameCallback.getName(), decodePassword[0]);
                    } else {
                        this.callerPrincipal = this.authentication.authenticate(nameCallback.getName(), decodePassword[0], decodePassword[1]);
                    }
                    if (this.callerPrincipal == null) {
                        return false;
                    }
                    this.sharedState.put(STATE_LOGIN_NAME, nameCallback.getName());
                    this.sharedState.put(STATE_LOGIN_PASSWORD, passwordCallback.getPassword());
                    return true;
                } catch (Exception e) {
                    throw new AuthException("Error on Callback Handle", e);
                }
            case CERTIFICATE:
                log.fine("certificate login");
                Callback createCertificateCallback = this.certificateCallbackAdapter.createCertificateCallback("credential:");
                try {
                    this.callbackHandler.handle(new Callback[]{createCertificateCallback});
                    X509Certificate certificate = this.certificateCallbackAdapter.getCertificate(createCertificateCallback);
                    this.authentication.initialize(this.publicOptions);
                    this.callerPrincipal = this.authentication.authenticate(certificate);
                    if (this.callerPrincipal == null) {
                        return false;
                    }
                    this.sharedState.put(STATE_LOGIN_CERTIFICATE, certificate);
                    return true;
                } catch (Exception e2) {
                    throw new AuthException("Error on Callback Handle", e2);
                }
            default:
                throw new AuthException("Credential type " + this.type + " not implemented");
        }
    }

    public boolean logout() throws LoginException {
        log.fine("logout");
        return true;
    }

    public boolean commit() throws LoginException {
        log.fine("commit");
        this.authorization.initialize(this.publicOptions);
        Collection<Role> authorize = this.authorization.authorize(this.callerPrincipal);
        SimpleGroup simpleGroup = new SimpleGroup("CallerPrincipal");
        simpleGroup.addMember(this.callerPrincipal);
        this.subject.getPrincipals().add(simpleGroup);
        log.fine("caller principal add in subject");
        SimpleGroup simpleGroup2 = new SimpleGroup("Roles");
        Iterator<Role> it = authorize.iterator();
        while (it.hasNext()) {
            simpleGroup2.addMember(it.next());
        }
        this.subject.getPrincipals().add(simpleGroup2);
        log.fine("roles add in subject");
        return true;
    }

    public boolean abort() throws LoginException {
        log.fine("abort");
        return true;
    }

    private void processOptions() {
        log.fine("processing options");
        String str = (String) this.options.get(OPTION_CREDENTIAL_TYPE);
        if (str == null) {
            throw new AuthException("Option credential-type not found");
        }
        try {
            this.type = CredentialType.valueOf(str.toUpperCase());
            String str2 = (String) this.options.get(OPTION_AUTHENTICATION_PROVIDER_CLASS);
            if (str2 == null) {
                throw new AuthException("Option authentication-provider-class not found");
            }
            try {
                this.authentication = (IAuthenticationProvider) Class.forName(str2).newInstance();
                String str3 = (String) this.options.get(OPTION_AUTHORIZATION_PROVIDER_CLASS);
                if (str3 == null) {
                    throw new AuthException("Option authorization-provider-class not found");
                }
                try {
                    this.authorization = (IAuthorizationProvider) Class.forName(str3).newInstance();
                    String str4 = (String) this.options.get(OPTION_CERTIFICATE_CALLBACK_ADAPTER_CLASS);
                    if (str4 == null && this.type == CredentialType.CERTIFICATE) {
                        throw new AuthException("Option certificate-callback-adapter-class not found");
                    }
                    if (str4 != null) {
                        try {
                            this.certificateCallbackAdapter = (ICertificateCallbackAdapter) Class.forName(str4).newInstance();
                        } catch (Exception e) {
                            throw new AuthException("Invalid value of option certificate-callback-adapter-class", e);
                        }
                    }
                    createPublicOptions();
                } catch (Exception e2) {
                    throw new AuthException("Invalid value of option authorization-provider-class", e2);
                }
            } catch (Exception e3) {
                throw new AuthException("Invalid value of option authentication-provider-class", e3);
            }
        } catch (Exception e4) {
            throw new AuthException("Invalid value of option credential-type", e4);
        }
    }

    private void createPublicOptions() {
        log.fine("create public options");
        this.publicOptions = new Properties();
        for (String str : this.options.keySet()) {
            if (!str.equals(OPTION_CREDENTIAL_TYPE) && !str.equals(OPTION_AUTHENTICATION_PROVIDER_CLASS) && !str.equals(OPTION_AUTHORIZATION_PROVIDER_CLASS) && !str.equals(OPTION_CERTIFICATE_CALLBACK_ADAPTER_CLASS)) {
                this.publicOptions.put(str, this.options.get(str));
            }
        }
    }

    private String[] decodePassword(char[] cArr) {
        log.fine("decode password");
        StringBuffer stringBuffer = new StringBuffer();
        StringBuffer stringBuffer2 = new StringBuffer();
        boolean z = false;
        for (char c : cArr) {
            log.finest(c + " = " + ((int) c));
            if (c == DEFAULT_CHAR_TOKEN) {
                z = true;
            } else if (z) {
                stringBuffer2.append(c);
            } else {
                stringBuffer.append(c);
            }
        }
        return new String[]{stringBuffer.toString(), stringBuffer2.toString()};
    }
}
