package de.adorsys.oauth.loginmodule;

import java.security.Principal;
import java.security.acl.Group;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import org.jboss.security.PicketBoxLogger;
import org.jboss.security.SimpleGroup;
import org.jboss.security.auth.spi.LdapUsersLoginModule;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/oauth-jboss-support-0.11.jar:de/adorsys/oauth/loginmodule/LdapPwCheckLoginModule.class */
public class LdapPwCheckLoginModule extends LdapUsersLoginModule {
    private static final Logger LOG = LoggerFactory.getLogger(LdapPwCheckLoginModule.class);
    private static final String DEFAULT_ROLE = "defaultRole";
    private transient SimpleGroup userRoles = new SimpleGroup("Roles");

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        addValidOptions(new String[]{DEFAULT_ROLE});
        super.initialize(subject, callbackHandler, map, map2);
    }

    public boolean login() throws LoginException {
        if (!super.login()) {
            return false;
        }
        if (validatePassword((String) this.sharedState.get("javax.security.auth.login.password"), null)) {
            defaultRole();
            return true;
        }
        LOG.error("LDAP error {}", getValidateError());
        throw new LoginException(getValidateError().getMessage());
    }

    private void defaultRole() {
        String str = (String) this.options.get(DEFAULT_ROLE);
        if (str != null) {
            try {
                if (str.equals("")) {
                    return;
                }
                Principal createIdentity = super.createIdentity(str);
                PicketBoxLogger.LOGGER.traceAssignUserToRole(str);
                this.userRoles.addMember(createIdentity);
            } catch (Exception e) {
                PicketBoxLogger.LOGGER.debugFailureToCreatePrincipal(str, e);
            }
        }
    }

    protected Group[] getRoleSets() throws LoginException {
        return new Group[]{this.userRoles};
    }
}
