package com.openkm.jaas;

import com.openkm.module.common.CommonAuthModule;
import com.openkm.principal.PrincipalAdapterException;
import com.openkm.util.SecureStore;
import com.openkm.util.WebUtils;
import com.openkm.webdav.resource.ResourceFactoryImpl;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.util.Iterator;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.CredentialNotFoundException;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/openkm/jaas/CustomLoginModule.class */
public class CustomLoginModule implements LoginModule {
    private static Logger log = LoggerFactory.getLogger(CustomLoginModule.class);
    private Subject subject;
    private CallbackHandler callbackHandler;
    private String password;
    private String name;
    private boolean customCallbackHandler = false;

    /* loaded from: input_file:com/openkm/jaas/CustomLoginModule$MyCallbackHandler.class */
    static class MyCallbackHandler implements CallbackHandler {
        private String user;
        private String password;

        public MyCallbackHandler(String str, String str2) {
            this.user = str;
            this.password = str2;
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
            for (int i = 0; i < callbackArr.length; i++) {
                if (callbackArr[i] instanceof NameCallback) {
                    ((NameCallback) callbackArr[i]).setName(this.user);
                    CustomLoginModule.log.info("User: {}", this.user);
                } else {
                    if (!(callbackArr[i] instanceof PasswordCallback)) {
                        throw new UnsupportedCallbackException(callbackArr[i], "MyCallbackHandler");
                    }
                    ((PasswordCallback) callbackArr[i]).setPassword(this.password.toCharArray());
                    CustomLoginModule.log.info("Password: {}", this.password);
                }
            }
        }
    }

    public static void main(String[] strArr) throws LoginException {
        if (strArr.length != 2) {
            System.out.println("Usage: java CustomLoginModule -Djava.security.auth.login.config=jaas.config <user> <password>");
            return;
        }
        LoginContext loginContext = new LoginContext(ResourceFactoryImpl.REALM, new MyCallbackHandler(strArr[0], strArr[1]));
        loginContext.login();
        log.info("Authentication successful for {}", loginContext.getSubject());
        loginContext.logout();
    }

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        this.subject = subject;
        this.callbackHandler = callbackHandler;
    }

    public boolean commit() throws LoginException {
        try {
            authenticate();
            populateRoles();
            return true;
        } catch (PrincipalAdapterException e) {
            throw new LoginException(e.getMessage());
        } catch (NoSuchAlgorithmException e2) {
            throw new LoginException(e2.getMessage());
        }
    }

    public boolean login() throws LoginException {
        Callback nameCallback = new NameCallback("User: ");
        PasswordCallback passwordCallback = new PasswordCallback("Password: ", true);
        try {
            this.callbackHandler.handle(new Callback[]{nameCallback, passwordCallback});
            this.name = nameCallback.getName();
            this.password = new String(passwordCallback.getPassword());
        } catch (IOException e) {
            log.error(e.getMessage(), e);
        } catch (UnsupportedCallbackException e2) {
            try {
                this.callbackHandler.handle(new Callback[]{nameCallback});
                this.name = nameCallback.getName();
                this.customCallbackHandler = true;
            } catch (Exception e3) {
                throw new LoginException(e2.getMessage());
            }
        }
        if (this.name == null || this.name.equals(WebUtils.EMPTY_STRING)) {
            throw new CredentialNotFoundException("User name is required");
        }
        if (this.customCallbackHandler) {
            return true;
        }
        if (this.password == null || this.password.equals(WebUtils.EMPTY_STRING)) {
            throw new CredentialNotFoundException("Password is required");
        }
        return true;
    }

    public boolean abort() throws LoginException {
        return true;
    }

    public boolean logout() throws LoginException {
        return true;
    }

    private void populateRoles() throws PrincipalAdapterException {
        Iterator<String> it = CommonAuthModule.getPrincipalAdapter().getRolesByUser(this.name).iterator();
        while (it.hasNext()) {
            this.subject.getPrincipals().add(new RoleImpl(it.next()));
        }
        log.debug("Roles: {}", this.subject.getPrincipals());
    }

    private void authenticate() throws PrincipalAdapterException, NoSuchAlgorithmException, LoginException {
        String password = CommonAuthModule.getPrincipalAdapter().getPassword(this.name);
        log.debug("User: {}, Password: {}, DBPassword: {}", new Object[]{this.name, this.password, password});
        if (!this.customCallbackHandler && !password.equals(SecureStore.md5Encode(this.password.getBytes()))) {
            throw new LoginException("Password does not match");
        }
        this.subject.getPrincipals().add(new UserImpl(this.name));
        log.debug("Users: {}", this.subject.getPrincipals());
    }
}
