package de.tsl2.nano.serviceaccess.aas.module;

import de.tsl2.nano.core.ENV;
import de.tsl2.nano.core.Messages;
import de.tsl2.nano.core.log.LogFactory;
import de.tsl2.nano.core.util.ConcurrentUtil;
import de.tsl2.nano.core.util.StringUtil;
import de.tsl2.nano.core.util.Util;
import de.tsl2.nano.serviceaccess.Authorization;
import de.tsl2.nano.serviceaccess.IAuthorization;
import de.tsl2.nano.serviceaccess.ServiceFactory;
import de.tsl2.nano.serviceaccess.aas.principal.UserPrincipal;
import java.io.IOException;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.apache.commons.logging.Log;

/* loaded from: input_file:tsl2.nano.serviceaccess-2.5.6.jar:de/tsl2/nano/serviceaccess/aas/module/AbstractLoginModule.class */
public class AbstractLoginModule implements LoginModule {
    protected static final Log LOG = LogFactory.getLog(AbstractLoginModule.class);
    public static final String PROP_USER = "jaas.login.user";
    public static final String PROP_PASSWORD = "jaas.login.password";
    private static final String ENCSUFFIX = "lkj sdf9872450nLJHG OUTWZ)(//&%!";
    protected Subject subject;
    private CallbackHandler callbackHandler;
    private boolean debug = false;
    private boolean succeeded = false;
    private boolean commitSucceeded = false;
    protected String username;
    protected char[] password;
    protected char[] password1;
    protected char[] password2;
    private UserPrincipal userPrincipal;

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        this.subject = subject;
        this.callbackHandler = callbackHandler;
        this.debug = "true".equalsIgnoreCase((String) map2.get("debug"));
    }

    public boolean login() throws LoginException {
        if (this.callbackHandler == null) {
            throw new LoginException("Error: no CallbackHandler available to garner authentication information from the user");
        }
        Callback[] callbackArr = {new NameCallback("user name: "), new PasswordCallback("password: ", false), new PasswordCallback("new password 1: ", false), new PasswordCallback("new password 2: ", false)};
        try {
            this.callbackHandler.handle(callbackArr);
            return authenticate(callbackArr);
        } catch (IOException e) {
            throw new LoginException(e.toString());
        } catch (UnsupportedCallbackException e2) {
            throw new LoginException("Error: " + e2.getCallback().toString() + " not available to garner authentication information from the user");
        }
    }

    protected boolean authenticate(Callback[] callbackArr) throws FailedLoginException {
        this.username = ((NameCallback) callbackArr[0]).getName();
        char[] password = ((PasswordCallback) callbackArr[1]).getPassword();
        if (password == null) {
            password = new char[0];
        }
        this.password = new char[password.length];
        System.arraycopy(password, 0, this.password, 0, password.length);
        this.password = encode(this.password);
        ((PasswordCallback) callbackArr[1]).clearPassword();
        char[] password2 = ((PasswordCallback) callbackArr[2]).getPassword();
        if (password2 != null) {
            this.password1 = new char[password2.length];
            System.arraycopy(password2, 0, this.password1, 0, password2.length);
            this.password1 = encode(this.password1);
            char[] password3 = ((PasswordCallback) callbackArr[3]).getPassword();
            this.password2 = new char[password3.length];
            System.arraycopy(password3, 0, this.password2, 0, password3.length);
            this.password2 = encode(this.password2);
        } else {
            this.password1 = null;
            this.password2 = null;
        }
        LOG.debug("user entered user name: " + this.username);
        this.succeeded = authenticate();
        return this.succeeded;
    }

    protected boolean authenticate() throws FailedLoginException {
        boolean z = this.username.length() > 0;
        if (z && this.password.length > 0) {
            if (!this.debug) {
                return true;
            }
            LOG.debug("authentication succeeded");
            return true;
        }
        if (this.debug) {
            LOG.debug("authentication failed");
        }
        this.username = null;
        for (int i = 0; i < this.password.length; i++) {
            this.password[i] = ' ';
        }
        this.password = null;
        if (z) {
            throw new FailedLoginException(Messages.getString("tsl2nano.login.error.password"));
        }
        throw new FailedLoginException(Messages.getString("tsl2nano.login.error.user"));
    }

    protected char[] encode(char[] cArr) {
        StringBuilder sb = new StringBuilder(String.valueOf(cArr));
        int i = 0;
        while (i < cArr.length) {
            sb.insert(i, ENCSUFFIX.charAt(i));
            i++;
        }
        if (i < ENCSUFFIX.length()) {
            sb.append(ENCSUFFIX.substring(i));
        }
        return StringUtil.toHexString(StringUtil.cryptoHash(sb.toString())).toCharArray();
    }

    public boolean commit() throws LoginException {
        if (!this.succeeded) {
            return false;
        }
        authorize();
        this.username = null;
        for (int i = 0; i < this.password.length; i++) {
            this.password[i] = ' ';
        }
        this.password = null;
        this.commitSucceeded = true;
        return this.commitSucceeded;
    }

    protected void authorize() {
        if (Util.isEmpty(this.username)) {
            return;
        }
        this.userPrincipal = new UserPrincipal(this.username);
        if (!this.subject.getPrincipals().contains(this.userPrincipal)) {
            this.subject.getPrincipals().add(this.userPrincipal);
        }
        ServiceFactory.instance().setSubject(this.subject);
        Authorization authorization = new Authorization(this.subject);
        ENV.addService(IAuthorization.class, authorization);
        ConcurrentUtil.setCurrent(authorization);
        LOG.debug("added UserPrincipal to Subject");
    }

    public boolean abort() throws LoginException {
        if (!this.succeeded) {
            return false;
        }
        if (!this.succeeded || this.commitSucceeded) {
            logout();
            return true;
        }
        this.succeeded = false;
        this.username = null;
        if (this.password != null) {
            for (int i = 0; i < this.password.length; i++) {
                this.password[i] = ' ';
            }
            this.password = null;
        }
        this.userPrincipal = null;
        return true;
    }

    public boolean logout() throws LoginException {
        this.subject.getPrincipals().remove(this.userPrincipal);
        this.succeeded = this.commitSucceeded;
        this.username = null;
        if (this.password != null) {
            for (int i = 0; i < this.password.length; i++) {
                this.password[i] = ' ';
            }
            this.password = null;
        }
        this.userPrincipal = null;
        return true;
    }
}
