package org.nuxeo.ecm.platform.login;

import java.security.Principal;
import java.security.acl.Group;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:org/nuxeo/ecm/platform/login/NuxeoAbstractServerLoginModule.class */
public abstract class NuxeoAbstractServerLoginModule implements LoginModule {
    private static final Log log = LogFactory.getLog(NuxeoAbstractServerLoginModule.class);
    protected Subject subject;
    protected Map sharedState;
    protected Map options;
    protected boolean loginOk;
    protected String principalClassName;
    protected Principal unauthenticatedIdentity;
    protected CallbackHandler callbackHandler;
    protected boolean useFirstPass;

    protected abstract Principal getIdentity();

    protected abstract Group[] getRoleSets() throws LoginException;

    protected abstract Principal createIdentity(String str) throws Exception;

    public boolean abort() throws LoginException {
        log.trace("abort");
        return true;
    }

    public boolean commit() throws LoginException {
        log.trace("commit, loginOk=" + this.loginOk);
        if (!this.loginOk) {
            return false;
        }
        Set<Principal> principals = this.subject.getPrincipals();
        principals.add(getIdentity());
        for (Group group : getRoleSets()) {
            Group createGroup = createGroup(group.getName(), principals);
            Enumeration<? extends Principal> members = group.members();
            while (members.hasMoreElements()) {
                createGroup.addMember(members.nextElement());
            }
        }
        return true;
    }

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        this.subject = subject;
        this.callbackHandler = callbackHandler;
        this.sharedState = map;
        this.options = map2;
        if (log.isTraceEnabled()) {
            log.trace("initialize, instance=@" + System.identityHashCode(this));
        }
        String str = (String) map2.get("password-stacking");
        if (str != null && str.equalsIgnoreCase("useFirstPass")) {
            this.useFirstPass = true;
        }
        this.principalClassName = (String) map2.get("principalClass");
        String str2 = (String) map2.get("unauthenticatedIdentity");
        if (str2 != null) {
            try {
                this.unauthenticatedIdentity = createIdentity(str2);
                log.trace("Saw unauthenticatedIdentity=" + str2);
            } catch (Exception e) {
                log.warn("Failed to create custom unauthenticatedIdentity", e);
            }
        }
    }

    public boolean logout() throws LoginException {
        log.trace("logout");
        this.subject.getPrincipals().remove(getIdentity());
        return true;
    }

    protected Group createGroup(String str, Set<Principal> set) {
        Group group = null;
        Iterator<Principal> it = set.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Principal next = it.next();
            if (next instanceof Group) {
                Group group2 = (Group) next;
                if (group2.getName().equals(str)) {
                    group = group2;
                    break;
                }
            }
        }
        if (group == null) {
            group = new GroupImpl(str);
            set.add(group);
        }
        return group;
    }
}
