package com.sun.enterprise.security.ee.authentication.glassfish.digest;

import com.sun.enterprise.security.PrincipalGroupFactory;
import com.sun.enterprise.security.auth.digest.api.DigestAlgorithmParameter;
import com.sun.enterprise.security.auth.realm.Realm;
import com.sun.enterprise.security.auth.realm.exceptions.InvalidOperationException;
import com.sun.enterprise.security.auth.realm.exceptions.NoSuchRealmException;
import com.sun.enterprise.security.auth.realm.exceptions.NoSuchUserException;
import com.sun.logging.LogDomains;
import java.lang.annotation.Annotation;
import java.security.Principal;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.glassfish.internal.api.Globals;
import org.glassfish.security.common.Group;
import org.glassfish.security.common.UserPrincipal;

/* loaded from: input_file:com/sun/enterprise/security/ee/authentication/glassfish/digest/DigestLoginModule.class */
public class DigestLoginModule implements LoginModule {
    protected static final Logger _logger = LogDomains.getLogger(DigestLoginModule.class, "jakarta.enterprise.system.core.security");
    private Subject subject;
    protected boolean _succeeded;
    protected boolean _commitSucceeded;
    protected UserPrincipal _userPrincipal;
    private DigestCredentials digestCredentials;
    private Realm _realm;

    public final void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        this.subject = subject;
        _logger.log(Level.FINE, () -> {
            return "Login module initialized: " + getClass().toString();
        });
    }

    public final boolean login() throws LoginException {
        Iterator<Object> it = this.subject.getPrivateCredentials().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Object next = it.next();
            if (next instanceof DigestCredentials) {
                this.digestCredentials = (DigestCredentials) next;
                break;
            }
            if (next instanceof com.sun.enterprise.security.auth.login.DigestCredentials) {
                com.sun.enterprise.security.auth.login.DigestCredentials digestCredentials = (com.sun.enterprise.security.auth.login.DigestCredentials) next;
                this.digestCredentials = new DigestCredentials(digestCredentials.getRealmName(), digestCredentials.getUserName(), digestCredentials.getParameters());
            }
        }
        if (this.digestCredentials == null) {
            throw new LoginException();
        }
        DigestAlgorithmParameter[] parameters = this.digestCredentials.getParameters();
        String userName = this.digestCredentials.getUserName();
        try {
            this._realm = Realm.getInstance(this.digestCredentials.getRealmName());
            if (!(this._realm instanceof DigestRealm)) {
                _logger.log(Level.SEVERE, "digest.realm", this.digestCredentials.getRealmName());
                throw new LoginException("Realm" + this.digestCredentials.getRealmName() + " does not support Digest validation");
            }
            if (((DigestRealm) this._realm).validate(userName, parameters)) {
                this._succeeded = true;
            }
            return this._succeeded;
        } catch (NoSuchRealmException e) {
            _logger.log(Level.FINE, "", (Throwable) e);
            _logger.log(Level.SEVERE, "no.realm", this.digestCredentials.getRealmName());
            throw new LoginException(e.getMessage());
        }
    }

    public final boolean commit() throws LoginException {
        if (!this._succeeded) {
            this._commitSucceeded = false;
            return false;
        }
        PrincipalGroupFactory principalGroupFactory = (PrincipalGroupFactory) Globals.getDefaultHabitat().getService(PrincipalGroupFactory.class, new Annotation[0]);
        this._userPrincipal = principalGroupFactory.getPrincipalInstance(this.digestCredentials.getUserName(), this.digestCredentials.getRealmName());
        Set<Principal> principals = this.subject.getPrincipals();
        if (!principals.contains(this._userPrincipal)) {
            principals.add(this._userPrincipal);
        }
        Enumeration<String> groups = getGroups(this.digestCredentials.getUserName());
        while (groups.hasMoreElements()) {
            Group groupInstance = principalGroupFactory.getGroupInstance(groups.nextElement(), this.digestCredentials.getRealmName());
            if (!principals.contains(groupInstance)) {
                principals.add(groupInstance);
            }
        }
        return true;
    }

    public final boolean abort() throws LoginException {
        _logger.log(Level.FINE, "JAAS authentication aborted.");
        if (!this._succeeded) {
            return false;
        }
        if (!this._succeeded || this._commitSucceeded) {
            logout();
            return true;
        }
        this._succeeded = false;
        return true;
    }

    public final boolean logout() throws LoginException {
        this.subject.getPrincipals().clear();
        this.subject.getPublicCredentials().clear();
        this.subject.getPrivateCredentials().clear();
        this._succeeded = false;
        this._commitSucceeded = false;
        return true;
    }

    protected Enumeration<String> getGroups(String str) {
        try {
            return getRealm().getGroupNames(str);
        } catch (InvalidOperationException | NoSuchUserException e) {
            _logger.log(Level.SEVERE, (String) null, e);
            return null;
        }
    }

    protected Realm getRealm() {
        return this._realm;
    }
}
