package net.sourceforge.openutils.mgnlcas;

import info.magnolia.cms.security.User;
import info.magnolia.cms.security.auth.callback.RealmCallback;
import info.magnolia.cms.util.BooleanUtil;
import info.magnolia.jaas.principal.EntityImpl;
import info.magnolia.jaas.principal.GroupListImpl;
import info.magnolia.jaas.principal.RoleListImpl;
import info.magnolia.jaas.sp.AbstractLoginModule;
import info.magnolia.jaas.sp.UserAwareLoginModule;
import java.io.IOException;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.TextInputCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.jasig.cas.client.authentication.AttributePrincipal;
import org.jasig.cas.client.validation.Assertion;
import org.jasig.cas.client.validation.Cas20ProxyTicketValidator;
import org.jasig.cas.client.validation.TicketValidationException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/sourceforge/openutils/mgnlcas/CASAuthenticationModule.class */
public class CASAuthenticationModule extends AbstractLoginModule implements LoginModule, UserAwareLoginModule {
    protected Subject subject;
    protected CallbackHandler callbackHandler;
    protected String casValidateUrl;
    protected String service;
    protected AttributePrincipal principal;
    protected User user;
    private boolean skipOnPreviousSuccess;
    private String defaultGroup;
    private String defaultRole;
    private String rolesAttribute = "roles";
    private String groupsAttribute = "groups";
    protected Logger log = LoggerFactory.getLogger(getClass());

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        super.initialize(subject, callbackHandler, map, map2);
        this.subject = subject;
        this.callbackHandler = callbackHandler;
        this.casValidateUrl = (String) map2.get("cas_validate_url");
        this.service = (String) map2.get("service");
        this.defaultGroup = (String) map2.get("default_group");
        this.defaultRole = (String) map2.get("default_role");
        if (map2.get("roles_attribute") != null) {
            this.rolesAttribute = (String) map2.get("roles_attribute");
        }
        if (map2.get("groups_attribute") != null) {
            this.groupsAttribute = (String) map2.get("groups_attribute");
        }
        this.skipOnPreviousSuccess = BooleanUtil.toBoolean((String) map2.get("skip_on_previous_success"), false);
    }

    public boolean login() throws LoginException {
        if (this.skipOnPreviousSuccess && getSharedStatus() == 1) {
            return true;
        }
        if (this.callbackHandler == null) {
            throw new LoginException("Error: no CallbackHandler available");
        }
        ArrayList arrayList = new ArrayList();
        TextInputCallback textInputCallback = new TextInputCallback("ticket");
        TextInputCallback textInputCallback2 = null;
        TextInputCallback textInputCallback3 = null;
        RealmCallback realmCallback = null;
        arrayList.add(textInputCallback);
        if (StringUtils.isBlank(this.service)) {
            textInputCallback2 = new TextInputCallback("service");
            arrayList.add(textInputCallback2);
        }
        if (StringUtils.isBlank(this.service)) {
            textInputCallback3 = new TextInputCallback("casValidateUrl");
            arrayList.add(textInputCallback3);
        }
        if (this.useRealmCallback) {
            realmCallback = new RealmCallback();
            arrayList.add(realmCallback);
        }
        this.success = false;
        try {
            this.callbackHandler.handle((Callback[]) arrayList.toArray(new Callback[arrayList.size()]));
            if (this.useRealmCallback) {
                this.realm = StringUtils.defaultIfEmpty(realmCallback.getRealm(), this.realm);
            }
            String text = textInputCallback.getText();
            if (StringUtils.isNotEmpty(text)) {
                if (textInputCallback2 != null) {
                    this.service = textInputCallback2.getText();
                }
                if (textInputCallback3 != null) {
                    this.casValidateUrl = textInputCallback3.getText();
                }
                try {
                    Assertion validate = new Cas20ProxyTicketValidator(this.casValidateUrl).validate(text, this.service);
                    if (validate.getPrincipal() != null) {
                        this.principal = validate.getPrincipal();
                        this.subject.getPrincipals().add(this.principal);
                        setEntity();
                        this.user = new CasMagnoliaUser(this.subject);
                        this.success = true;
                        setSharedStatus(1);
                    }
                } catch (TicketValidationException e) {
                    throw new LoginException(e.getMessage());
                }
            }
            return this.success;
        } catch (IOException e2) {
            if (this.log.isDebugEnabled()) {
                this.log.debug("Exception caught", e2);
            }
            throw new LoginException(e2.toString());
        } catch (UnsupportedCallbackException e3) {
            if (this.log.isDebugEnabled()) {
                this.log.debug(e3.getMessage(), e3);
            }
            throw new LoginException(e3.getCallback().toString() + " not available");
        }
    }

    public void validateUser() throws LoginException {
    }

    public boolean commit() throws LoginException {
        if (this.principal == null) {
            return false;
        }
        this.subject.getPrincipals().add(this.principal);
        return true;
    }

    public User getUser() {
        return this.user;
    }

    public boolean release() {
        if (this.principal == null) {
            return false;
        }
        this.principal = null;
        this.user = null;
        return true;
    }

    public void setACL() {
    }

    public void setEntity() {
        Principal entityImpl = new EntityImpl();
        entityImpl.addProperty("name", this.principal.getName());
        Map attributes = this.principal.getAttributes();
        String str = (String) attributes.get("title");
        if (str != null) {
            entityImpl.addProperty("fullName", str);
        }
        entityImpl.addProperty("language", "en");
        this.subject.getPrincipals().add(entityImpl);
        String[] split = StringUtils.split((String) attributes.get(this.rolesAttribute));
        String[] split2 = StringUtils.split((String) attributes.get(this.groupsAttribute));
        if (split == null) {
            split = new String[0];
        }
        if (split2 == null) {
            split2 = new String[0];
        }
        if (this.defaultGroup != null) {
            split2 = (String[]) ArrayUtils.add(split2, this.defaultGroup);
        }
        if (this.defaultRole != null) {
            split = (String[]) ArrayUtils.add(split, this.defaultRole);
        }
        addGroups(split2);
        addRoles(split);
    }

    protected void addGroups(String[] strArr) {
        Principal groupListImpl = new GroupListImpl();
        for (String str : strArr) {
            groupListImpl.add(str);
            addGroupName(str);
        }
        this.subject.getPrincipals().add(groupListImpl);
    }

    protected void addRoles(String[] strArr) {
        Principal roleListImpl = new RoleListImpl();
        for (String str : strArr) {
            roleListImpl.add(str);
            addRoleName(str);
        }
        this.subject.getPrincipals().add(roleListImpl);
    }
}
