package org.nuxeo.ecm.platform.login.test;

import java.io.IOException;
import java.security.Principal;
import java.security.acl.Group;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Random;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.nuxeo.ecm.core.api.NuxeoPrincipal;
import org.nuxeo.ecm.core.api.SystemPrincipal;
import org.nuxeo.ecm.platform.api.login.RestrictedLoginHelper;
import org.nuxeo.ecm.platform.api.login.UserIdentificationInfo;
import org.nuxeo.ecm.platform.api.login.UserIdentificationInfoCallback;
import org.nuxeo.ecm.platform.login.CallbackResult;
import org.nuxeo.ecm.platform.login.GroupImpl;
import org.nuxeo.ecm.platform.login.LoginPlugin;
import org.nuxeo.ecm.platform.login.LoginPluginDescriptor;
import org.nuxeo.ecm.platform.login.LoginPluginRegistry;
import org.nuxeo.ecm.platform.login.NuxeoAbstractServerLoginModule;
import org.nuxeo.ecm.platform.login.PrincipalImpl;
import org.nuxeo.ecm.platform.usermanager.NuxeoPrincipalImpl;
import org.nuxeo.runtime.api.Framework;
import org.nuxeo.runtime.api.login.LoginComponent;

/* loaded from: input_file:org/nuxeo/ecm/platform/login/test/DummyNuxeoLoginModule.class */
public class DummyNuxeoLoginModule extends NuxeoAbstractServerLoginModule {
    private static final Log log = LogFactory.getLog(DummyNuxeoLoginModule.class);
    private Random random;
    private NuxeoPrincipal identity;
    private LoginPluginRegistry loginPluginManager;
    public static final String ADMINISTRATOR_USERNAME = "Administrator";
    private boolean useUserIdentificationInfoCB = false;
    public final List<String> groupsToAdd = new ArrayList();

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        String str = (String) map2.get("useUserIdentificationInfoCB");
        if (str != null && str.equalsIgnoreCase("true")) {
            this.useUserIdentificationInfoCB = true;
        }
        super.initialize(subject, callbackHandler, map, map2);
        this.random = new Random(System.currentTimeMillis());
        log.debug("DummyNuxeoLoginModule initialized");
        try {
            this.loginPluginManager = (LoginPluginRegistry) Framework.getRuntime().getComponent(LoginPluginRegistry.NAME);
        } catch (Throwable th) {
            log.error("Unable to load Plugin Registry : " + th.getMessage());
        }
    }

    protected Group[] getRoleSets() throws LoginException {
        String name = this.identity.getName();
        List<String> roles = this.identity.getRoles();
        Group groupImpl = new GroupImpl("Roles");
        log.debug("Getting roles for user=" + name);
        for (String str : roles) {
            PrincipalImpl principalImpl = new PrincipalImpl(str);
            log.debug("Found role=" + str);
            groupImpl.addMember(principalImpl);
        }
        Group groupImpl2 = new GroupImpl("CallerPrincipal");
        groupImpl2.addMember(this.identity);
        return new Group[]{groupImpl, groupImpl2};
    }

    protected NuxeoPrincipal getPrincipal() throws LoginException {
        CallbackResult handleSpecifcCallbacks;
        UserIdentificationInfo userIdentificationInfo = null;
        Callback nameCallback = new NameCallback("Username: ", "anonymous");
        PasswordCallback passwordCallback = new PasswordCallback("Password: ", false);
        Callback userIdentificationInfoCallback = new UserIdentificationInfoCallback();
        boolean z = false;
        try {
            if (this.useUserIdentificationInfoCB) {
                this.callbackHandler.handle(new Callback[]{userIdentificationInfoCallback});
                userIdentificationInfo = userIdentificationInfoCallback.getUserInfo();
                z = true;
            }
        } catch (IOException e) {
            log.warn("Error calling callback handler with UserIdentificationInfoCallback : " + e.getMessage());
        } catch (UnsupportedCallbackException e2) {
            log.debug("UserIdentificationInfoCallback is not supported");
        }
        Principal principal = null;
        Object obj = null;
        if (!z && (handleSpecifcCallbacks = this.loginPluginManager.handleSpecifcCallbacks(this.callbackHandler)) != null && handleSpecifcCallbacks.cb_handled) {
            if (handleSpecifcCallbacks.userIdent == null || !handleSpecifcCallbacks.userIdent.containsValidIdentity()) {
                principal = handleSpecifcCallbacks.principal;
                obj = handleSpecifcCallbacks.credential;
                if (principal != null) {
                    z = true;
                }
            } else {
                userIdentificationInfo = handleSpecifcCallbacks.userIdent;
                z = true;
            }
        }
        if (!z) {
            try {
                this.callbackHandler.handle(new Callback[]{nameCallback, passwordCallback});
            } catch (IOException e3) {
                new LoginException("Authentications Failure - " + e3.getMessage()).initCause(e3);
            } catch (UnsupportedCallbackException e4) {
                new LoginException("Authentications Failure - " + e4.getMessage()).initCause(e4);
            }
        }
        if (userIdentificationInfo != null) {
            try {
                if (userIdentificationInfo.containsValidIdentity()) {
                    NuxeoPrincipal validateUserIdentity = validateUserIdentity(userIdentificationInfo);
                    if (validateUserIdentity != null) {
                        this.sharedState.put("javax.security.auth.login.name", validateUserIdentity.getName());
                        this.sharedState.put("javax.security.auth.login.password", userIdentificationInfo);
                    }
                    return validateUserIdentity;
                }
            } catch (LoginException e5) {
                throw e5;
            } catch (Exception e6) {
                String str = "Authentication failed: " + e6.getMessage();
                log.error(str, e6);
                throw ((LoginException) new LoginException(str).initCause(e6));
            }
        }
        if (LoginComponent.isSystemLogin(principal)) {
            return new SystemPrincipal(principal.getName());
        }
        if (principal == null) {
            String name = nameCallback.getName();
            if (name == null) {
                return null;
            }
            char[] password = passwordCallback.getPassword();
            return validateUsernamePassword(name, password != null ? new String(password) : null);
        }
        String str2 = null;
        if (obj instanceof char[]) {
            str2 = new String((char[]) obj);
        } else if (obj != null) {
            str2 = obj.toString();
        }
        return validateUsernamePassword(principal.getName(), str2);
    }

    public boolean login() throws LoginException {
        this.loginOk = false;
        this.identity = getPrincipal();
        if (this.identity == null) {
            throw new LoginException("Authentication Failed");
        }
        if (RestrictedLoginHelper.isRestrictedModeActivated() && !this.identity.isAdministrator()) {
            throw new LoginException("Only Administrators can login when restricted mode is activated");
        }
        this.loginOk = true;
        log.trace("User '" + this.identity + "' authenticated");
        return true;
    }

    public Principal getIdentity() {
        return this.identity;
    }

    public Principal createIdentity(String str) throws LoginException {
        log.debug("createIdentity: " + str);
        try {
            boolean z = false;
            if (ADMINISTRATOR_USERNAME.equalsIgnoreCase(str)) {
                z = true;
            }
            NuxeoPrincipalImpl nuxeoPrincipalImpl = new NuxeoPrincipalImpl(str, false, z);
            nuxeoPrincipalImpl.setPrincipalId(String.valueOf(this.random.nextLong()));
            return nuxeoPrincipalImpl;
        } catch (Exception e) {
            log.error("createIdentity failed", e);
            LoginException loginException = new LoginException("createIdentity failed for user " + str);
            loginException.initCause(e);
            throw loginException;
        }
    }

    protected NuxeoPrincipal validateUserIdentity(UserIdentificationInfo userIdentificationInfo) throws LoginException {
        String loginPluginName = userIdentificationInfo.getLoginPluginName();
        if (loginPluginName == null) {
            return createIdentity(userIdentificationInfo.getUserName());
        }
        LoginPlugin plugin = this.loginPluginManager.getPlugin(loginPluginName);
        if (plugin == null) {
            log.error("Can't authenticate against a null loginModul plugin");
            return null;
        }
        LoginPluginDescriptor pluginDescriptor = this.loginPluginManager.getPluginDescriptor(loginPluginName);
        if (!pluginDescriptor.getInitialized()) {
            Map parameters = plugin.getParameters();
            if (parameters == null) {
                parameters = new HashMap();
            }
            Map loginParameters = userIdentificationInfo.getLoginParameters();
            if (loginParameters != null) {
                parameters.putAll(loginParameters);
            }
            if (!plugin.initLoginModule().booleanValue()) {
                log.error("Unable to initialize LoginModulePlugin " + plugin.getName());
                return null;
            }
            pluginDescriptor.setInitialized(true);
        }
        String validatedUserIdentity = plugin.validatedUserIdentity(userIdentificationInfo);
        if (validatedUserIdentity == null) {
            return null;
        }
        return createIdentity(validatedUserIdentity);
    }

    protected NuxeoPrincipal validateUsernamePassword(String str, String str2) throws Exception {
        return createIdentity(str);
    }
}
