package org.ldaptive.jaas;

import com.sun.security.auth.callback.TextCallbackHandler;
import java.security.Principal;
import java.util.Arrays;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.ldaptive.FilterTemplate;
import org.ldaptive.LdapException;
import org.ldaptive.ReturnAttributes;
import org.ldaptive.SearchRequest;

/* loaded from: input_file:WEB-INF/lib/ldaptive-2.1.0.jar:org/ldaptive/jaas/LdapRoleAuthorizationModule.class */
public class LdapRoleAuthorizationModule extends AbstractLoginModule {
    private String roleFilter;
    private String[] roleAttribute = ReturnAttributes.NONE.value();
    private boolean noResultsIsError;
    private RoleResolverFactory roleResolverFactory;
    private RoleResolver roleResolver;
    private SearchRequest searchRequest;

    @Override // org.ldaptive.jaas.AbstractLoginModule
    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        super.initialize(subject, callbackHandler, map, map2);
        for (String str : map2.keySet()) {
            String str2 = (String) map2.get(str);
            if ("roleFilter".equalsIgnoreCase(str)) {
                this.roleFilter = str2;
            } else if ("roleAttribute".equalsIgnoreCase(str)) {
                if ("".equals(str2)) {
                    this.roleAttribute = ReturnAttributes.NONE.value();
                } else if ("*".equals(str2)) {
                    this.roleAttribute = ReturnAttributes.ALL_USER.value();
                } else {
                    this.roleAttribute = str2.split(",");
                }
            } else if ("noResultsIsError".equalsIgnoreCase(str)) {
                this.noResultsIsError = Boolean.valueOf(str2).booleanValue();
            } else if ("roleResolverFactory".equalsIgnoreCase(str)) {
                try {
                    this.roleResolverFactory = (RoleResolverFactory) Class.forName(str2).getDeclaredConstructor(new Class[0]).newInstance(new Object[0]);
                } catch (Exception e) {
                    throw new IllegalArgumentException(e);
                }
            } else {
                continue;
            }
        }
        if (this.roleResolverFactory == null) {
            this.roleResolverFactory = new PropertiesRoleResolverFactory();
        }
        this.logger.trace("roleResolverFactory = {}, roleFilter = {}, roleAttribute = {}, noResultsIsError = {}", this.roleResolverFactory, this.roleFilter, Arrays.toString(this.roleAttribute), Boolean.valueOf(this.noResultsIsError));
        this.roleResolver = this.roleResolverFactory.createRoleResolver(map2);
        this.logger.debug("Retrieved role resolver from factory: {}", this.roleResolver);
        this.searchRequest = this.roleResolverFactory.createSearchRequest(map2);
        this.searchRequest.setReturnAttributes(this.roleAttribute);
        this.logger.debug("Retrieved search request from factory: {}", this.searchRequest);
    }

    @Override // org.ldaptive.jaas.AbstractLoginModule
    protected boolean login(NameCallback nameCallback, PasswordCallback passwordCallback) throws LoginException {
        try {
            getCredentials(nameCallback, passwordCallback, false);
            if (nameCallback.getName() == null && this.tryFirstPass) {
                getCredentials(nameCallback, passwordCallback, true);
            }
            String name = nameCallback.getName();
            if (name != null && this.setLdapPrincipal) {
                this.principals.add(new LdapPrincipal(name, null));
                this.loginSuccess = true;
            }
            String str = (String) this.sharedState.get(AbstractLoginModule.LOGIN_DN);
            if (str != null && this.setLdapDnPrincipal) {
                this.principals.add(new LdapDnPrincipal(str, null));
                this.loginSuccess = true;
            }
            FilterTemplate filterTemplate = new FilterTemplate(this.roleFilter);
            filterTemplate.setParameter("dn", str);
            filterTemplate.setParameter("user", name);
            this.searchRequest.setFilter(filterTemplate);
            Set<LdapRole> search = this.roleResolver.search(this.searchRequest);
            if (search.isEmpty() && this.noResultsIsError) {
                this.loginSuccess = false;
                throw new LoginException("Could not find roles using " + this.roleFilter);
            }
            this.roles.addAll(search);
            if (this.defaultRole != null && !this.defaultRole.isEmpty()) {
                this.roles.addAll(this.defaultRole);
            }
            if (!this.roles.isEmpty()) {
                this.loginSuccess = true;
            }
            storeCredentials(nameCallback, passwordCallback, null);
            return true;
        } catch (LdapException e) {
            this.logger.debug("Error occurred attempting role lookup", (Throwable) e);
            this.loginSuccess = false;
            throw new LoginException(e.getMessage());
        }
    }

    public static void main(String[] strArr) throws Exception {
        LoginContext loginContext = new LoginContext(strArr.length > 0 ? strArr[0] : "ldaptive-role", new TextCallbackHandler());
        loginContext.login();
        Set<Principal> principals = loginContext.getSubject().getPrincipals();
        System.out.println("Subject Principal(s): ");
        Iterator<Principal> it = principals.iterator();
        while (it.hasNext()) {
            System.out.println("  " + it.next().getName());
        }
        loginContext.logout();
    }
}
