package org.jboss.security.auth.spi;

import io.undertow.server.handlers.builder.PredicatedHandlersParser;
import java.security.Principal;
import java.security.acl.Group;
import java.util.Enumeration;
import java.util.Map;
import java.util.Properties;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import org.jboss.security.PicketBoxLogger;
import org.jboss.security.PicketBoxMessages;
import org.jboss.security.SecurityConstants;
import org.jboss.security.util.StringPropertyReplacer;

/* loaded from: input_file:org/jboss/security/auth/spi/RoleMappingLoginModule.class */
public class RoleMappingLoginModule extends AbstractServerLoginModule {
    private static final String REPLACE_ROLE_OPT = "replaceRole";
    private static final String ROLES_PROPERTIES = "rolesProperties";
    private static final String[] ALL_VALID_OPTIONS = {REPLACE_ROLE_OPT, ROLES_PROPERTIES};
    protected boolean REPLACE_ROLE = false;

    @Override // org.jboss.security.auth.spi.AbstractServerLoginModule
    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        addValidOptions(ALL_VALID_OPTIONS);
        super.initialize(subject, callbackHandler, map, map2);
    }

    @Override // org.jboss.security.auth.spi.AbstractServerLoginModule
    public boolean login() throws LoginException {
        if (super.login()) {
            return true;
        }
        this.loginOk = true;
        return true;
    }

    @Override // org.jboss.security.auth.spi.AbstractServerLoginModule
    protected Principal getIdentity() {
        for (Principal principal : this.subject.getPrincipals()) {
            if (!(principal instanceof Group)) {
                return principal;
            }
        }
        return null;
    }

    @Override // org.jboss.security.auth.spi.AbstractServerLoginModule
    protected Group[] getRoleSets() throws LoginException {
        if (PredicatedHandlersParser.TRUE.equalsIgnoreCase((String) this.options.get(REPLACE_ROLE_OPT))) {
            this.REPLACE_ROLE = true;
        }
        String str = (String) this.options.get(ROLES_PROPERTIES);
        if (str == null) {
            throw new LoginException(PicketBoxMessages.MESSAGES.missingRequiredModuleOptionMessage(ROLES_PROPERTIES));
        }
        String replaceProperties = StringPropertyReplacer.replaceProperties(str);
        Group existingRolesFromSubject = getExistingRolesFromSubject();
        if (replaceProperties != null) {
            Properties properties = new Properties();
            try {
                properties = Util.loadProperties(replaceProperties);
            } catch (Exception e) {
                PicketBoxLogger.LOGGER.debugFailureToLoadPropertiesFile(replaceProperties, e);
            }
            if (properties != null) {
                processRoles(existingRolesFromSubject, properties);
            }
        }
        return new Group[]{existingRolesFromSubject};
    }

    private Group getExistingRolesFromSubject() {
        for (Principal principal : this.subject.getPrincipals()) {
            if (principal instanceof Group) {
                Group group = (Group) principal;
                if (SecurityConstants.ROLES_IDENTIFIER.equals(group.getName())) {
                    return group;
                }
            }
        }
        return null;
    }

    private void processRoles(Group group, Properties properties) {
        Enumeration<?> propertyNames = properties.propertyNames();
        while (propertyNames.hasMoreElements()) {
            String str = (String) propertyNames.nextElement();
            String property = properties.getProperty(str);
            try {
                Principal createIdentity = createIdentity(str);
                if (group != null) {
                    if (group.isMember(createIdentity)) {
                        Util.parseGroupMembers(group, property, this);
                    }
                    if (this.REPLACE_ROLE) {
                        group.removeMember(createIdentity);
                    }
                }
            } catch (Exception e) {
                PicketBoxLogger.LOGGER.debugFailureToCreatePrincipal(str, e);
            }
        }
    }
}
