package org.josso.wls92.agent.jaas;

import java.io.IOException;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.josso.agent.AbstractSSOAgent;
import org.josso.agent.Lookup;
import org.josso.agent.SSOAgentRequest;
import org.josso.gateway.identity.SSORole;
import org.josso.gateway.identity.exceptions.SSOIdentityException;
import weblogic.security.principal.WLSGroupImpl;
import weblogic.security.principal.WLSUserImpl;
import weblogic.security.spi.WLSGroup;
import weblogic.security.spi.WLSUser;

/* loaded from: input_file:org/josso/wls92/agent/jaas/SSOGatewayLoginModuleNoCustomPrincipalsImpl.class */
public class SSOGatewayLoginModuleNoCustomPrincipalsImpl implements LoginModule {
    private static final Log logger = LogFactory.getLog(SSOGatewayLoginModuleImpl.class);
    private Subject _subject;
    private CallbackHandler _callbackHandler;
    protected boolean _succeeded;
    protected boolean commitSucceeded;
    protected String _requester;
    protected String _currentSSOSessionId;
    protected WLSUser _ssoUserPrincipal;
    protected WLSGroup[] _ssoRolePrincipals;

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        this._subject = subject;
        this._callbackHandler = callbackHandler;
    }

    public boolean login() throws LoginException {
        if (this._callbackHandler == null) {
            throw new LoginException("Error: no CallbackHandler available to garner authentication information from the user");
        }
        NameCallback[] nameCallbackArr = {new NameCallback("ssoSessionId"), new PasswordCallback("password", false)};
        String str = null;
        try {
            this._callbackHandler.handle(nameCallbackArr);
            String name = nameCallbackArr[0].getName();
            if (((PasswordCallback) nameCallbackArr[1]).getPassword() != null) {
                str = String.valueOf(((PasswordCallback) nameCallbackArr[1]).getPassword());
            }
            this._requester = "";
            SSOAgentRequest sSOAgentRequest = (SSOAgentRequest) AbstractSSOAgent._currentRequest.get();
            if (sSOAgentRequest == null) {
                logger.debug("No SSO Agent request found in thread local variable, assuming non SSO login");
                this._succeeded = false;
                return false;
            }
            this._requester = sSOAgentRequest.getRequester();
            logger.debug("Requested authentication to gateway by " + this._requester + " using sso session " + name + "/" + str);
            if (str != null) {
                try {
                    if (!str.equals(name)) {
                        name = str;
                    }
                } catch (SSOIdentityException e) {
                    logger.debug(e.getMessage());
                    this._succeeded = false;
                    return false;
                } catch (Exception e2) {
                    logger.error("Session login failed for Principal : " + this._ssoUserPrincipal + e2.getMessage());
                    if (logger.isDebugEnabled()) {
                        logger.debug(e2.getMessage(), e2);
                    }
                    this._succeeded = false;
                    clearCredentials();
                    throw new FailedLoginException("Fatal error authenticating session : " + this._ssoUserPrincipal + " : " + e2.getMessage());
                }
            }
            if (name == null) {
                if (logger.isDebugEnabled()) {
                    logger.debug("Session authentication failed : " + name);
                }
                this._succeeded = false;
                return false;
            }
            this._currentSSOSessionId = name;
            WLSUserImpl wLSUserImpl = new WLSUserImpl(Lookup.getInstance().lookupSSOAgent().getSSOIdentityManager().findUserInSession(this._requester, name).getName());
            if (logger.isDebugEnabled()) {
                logger.debug("Session authentication succeeded : " + name);
            }
            this._ssoUserPrincipal = wLSUserImpl;
            this._succeeded = true;
            return true;
        } catch (IOException e3) {
            throw new LoginException(e3.toString());
        } catch (UnsupportedCallbackException e4) {
            throw new LoginException("Error: " + e4.getCallback().toString() + " not available to garner authentication information from the user");
        }
    }

    public boolean commit() throws LoginException {
        try {
            if (!this._succeeded) {
                return false;
            }
            try {
                if (!this._subject.getPrincipals().contains(this._ssoUserPrincipal)) {
                    this._subject.getPrincipals().add(this._ssoUserPrincipal);
                }
                if (logger.isDebugEnabled()) {
                    logger.debug("Added SSOUser Principal to the Subject : " + this._ssoUserPrincipal);
                }
                this._ssoRolePrincipals = getRoleSets();
                for (int i = 0; i < this._ssoRolePrincipals.length; i++) {
                    if (!this._subject.getPrincipals().contains(this._ssoRolePrincipals[i])) {
                        this._subject.getPrincipals().add(this._ssoRolePrincipals[i]);
                        if (logger.isDebugEnabled()) {
                            logger.debug("Added SSORole Principal to the Subject : " + this._ssoRolePrincipals[i]);
                        }
                    }
                }
                this.commitSucceeded = true;
                clearCredentials();
                return true;
            } catch (Exception e) {
                logger.error("Session commit failed for Principal : " + this._ssoUserPrincipal + e.getMessage());
                if (logger.isDebugEnabled()) {
                    logger.debug(e.getMessage(), e);
                }
                throw new LoginException("Session commit failed for Principal : " + this._ssoUserPrincipal + " : " + e.getMessage());
            }
        } catch (Throwable th) {
            clearCredentials();
            throw th;
        }
    }

    public boolean abort() throws LoginException {
        if (!this._succeeded) {
            return false;
        }
        if (!this._succeeded || this.commitSucceeded) {
            logout();
            return true;
        }
        this._succeeded = false;
        clearCredentials();
        return true;
    }

    public boolean logout() throws LoginException {
        this._subject.getPrincipals().remove(this._ssoUserPrincipal);
        if (logger.isDebugEnabled()) {
            logger.debug("Removed SSOUser Principal from Subject : " + this._ssoUserPrincipal);
        }
        for (int i = 0; i < this._ssoRolePrincipals.length; i++) {
            this._subject.getPrincipals().remove(this._ssoRolePrincipals[i]);
            if (logger.isDebugEnabled()) {
                logger.debug("Removed SSORole Principal from Subject : " + this._ssoRolePrincipals[i]);
            }
        }
        this._succeeded = this.commitSucceeded;
        clearCredentials();
        return true;
    }

    private void clearCredentials() {
        this._ssoUserPrincipal = null;
        this._ssoRolePrincipals = null;
        this._currentSSOSessionId = null;
    }

    protected WLSGroup[] getRoleSets() throws LoginException {
        try {
            SSORole[] findRolesBySSOSessionId = Lookup.getInstance().lookupSSOAgent().getSSOIdentityManager().findRolesBySSOSessionId(this._requester, this._currentSSOSessionId);
            WLSGroupImpl[] wLSGroupImplArr = new WLSGroupImpl[findRolesBySSOSessionId.length];
            for (int i = 0; i < findRolesBySSOSessionId.length; i++) {
                wLSGroupImplArr[i] = new WLSGroupImpl(findRolesBySSOSessionId[i].getName());
            }
            return wLSGroupImplArr;
        } catch (Exception e) {
            logger.error("Session login failed for Principal : " + this._ssoUserPrincipal, e);
            throw new LoginException("Session login failed for Principal : " + this._ssoUserPrincipal);
        }
    }
}
