package com.edulib.muse.proxy.authentication.jaas.modules;

import com.edulib.ice.security.ICEGroupPrincipal;
import com.edulib.ice.security.ICESubject;
import com.edulib.ice.security.ICEUserPrincipal;
import com.edulib.ice.security.authentication.ICECallback;
import com.edulib.ice.security.authentication.exceptions.ICEUserFailedLoginException;
import com.edulib.muse.proxy.core.MuseProxy;
import com.edulib.muse.proxy.filter.authenticationtoken.AuthenticationToken;
import java.io.IOException;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;

/* loaded from: input_file:install/data/c209c5bada6eba92aa597d306a6100b8/2.1.0.1/assembly.dat:af19655828940eb48f353d7110581e68/museproxy.jar:com/edulib/muse/proxy/authentication/jaas/modules/JAASLoginModuleMuseProxyAuthenticationToken.class */
public class JAASLoginModuleMuseProxyAuthenticationToken implements LoginModule {
    private String userID = null;
    private String userGroup = null;
    private Subject subject = null;
    private ICESubject iceSubject = null;
    private CallbackHandler callbackHandler = null;
    private Map sharedState = null;
    private Map options = null;
    private boolean succeeded = false;
    private boolean commitSucceeded = false;
    private String proxyConnectionId = "";
    private String authenticationTokenId = "";
    private ICEUserPrincipal userPrincipal = null;
    private ICEGroupPrincipal groupPrincipal = null;

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        this.subject = subject;
        this.callbackHandler = callbackHandler;
        this.sharedState = map;
        this.options = map2;
    }

    public boolean login() throws LoginException {
        Callback[] callbackArr = {new ICECallback()};
        try {
            this.callbackHandler.handle(callbackArr);
            this.iceSubject = ((ICECallback) callbackArr[0]).getSubject();
            this.userID = ((ICECallback) callbackArr[0]).getParameter("userID");
            this.userGroup = ((ICECallback) callbackArr[0]).getParameter("userGroup");
            this.authenticationTokenId = ((ICECallback) callbackArr[0]).getParameter("authenticationTokenId");
            this.proxyConnectionId = ((ICECallback) callbackArr[0]).getParameter("proxyConnectionId");
            if (this.iceSubject.getSubject() != null) {
                this.subject = this.iceSubject.getSubject();
            } else {
                this.iceSubject.setSubject(this.subject);
            }
            if (this.userID == null) {
                throw new ICEUserFailedLoginException("Login failed: The parameter User ID is mandatory. Cannot perform authentication.");
            }
            if (this.authenticationTokenId != null) {
                MuseProxy.log(4, this, "[connection.id=" + this.proxyConnectionId + "] Authenticating user: \"" + this.userID + "\" using the authentication token: \"" + this.authenticationTokenId + "\".");
            }
            AuthenticationToken authenticationToken = MuseProxy.getAuthenticationTokensManager().getAuthenticationToken(this.authenticationTokenId);
            if (authenticationToken == null) {
                this.succeeded = false;
                throw new ICEUserFailedLoginException("The authentication token: \"" + this.authenticationTokenId + "\" was not found in the list of authentication tokens.");
            }
            authenticationToken.updateLastAccessedTime();
            this.succeeded = true;
            return this.succeeded;
        } catch (IOException e) {
            throw new LoginException(e.getMessage());
        } catch (UnsupportedCallbackException e2) {
            throw new LoginException("Login failed: " + e2.getCallback().toString() + " not available to garner authentication information from the user.");
        }
    }

    public boolean commit() throws LoginException {
        if (!this.succeeded) {
            MuseProxy.log(8, this, "[connection.id=" + this.proxyConnectionId + "] Authentication failed. Cannot proceed to phase 2");
            return false;
        }
        MuseProxy.log(8, this, "[connection.id=" + this.proxyConnectionId + "] Phase 1 of authentication succeeded. Proceeding to phase 2.");
        this.sharedState.put("userID", this.userID);
        if (this.userGroup != null && this.userGroup.length() > 0) {
            this.sharedState.put("userGroup", this.userGroup);
        }
        if (this.authenticationTokenId != null && this.authenticationTokenId.length() > 0) {
            this.sharedState.put("authenticationTokenId", this.authenticationTokenId);
        }
        this.userPrincipal = new ICEUserPrincipal();
        this.userPrincipal.setUserName(this.userID);
        if (!this.subject.getPrincipals().contains(this.userPrincipal)) {
            this.subject.getPrincipals().add(this.userPrincipal);
        }
        if (this.userGroup != null && this.userGroup.length() > 0) {
            this.groupPrincipal = new ICEGroupPrincipal();
            this.groupPrincipal.setUserGroup(this.userGroup);
            if (!this.subject.getPrincipals().contains(this.groupPrincipal)) {
                this.subject.getPrincipals().add(this.groupPrincipal);
            }
        }
        this.iceSubject.setUserName(this.userID);
        if (this.userGroup != null && this.userGroup.length() > 0) {
            this.iceSubject.setUserGroup(this.userGroup);
        }
        this.commitSucceeded = true;
        MuseProxy.log(8, this, "[connection.id=" + this.proxyConnectionId + "] Phase 2 of authentication succeeded. Proceeding...");
        MuseProxy.log(4, this, "[connection.id=" + this.proxyConnectionId + "] Authentication succeeded.");
        return true;
    }

    public boolean abort() throws LoginException {
        if (!this.succeeded) {
            MuseProxy.log(8, this, "[connection.id=" + this.proxyConnectionId + "] Login failed. Aborting...");
            return false;
        }
        if (!this.succeeded || this.commitSucceeded) {
            MuseProxy.log(8, this, "[connection.id=" + this.proxyConnectionId + "] Authentication succeeded, but someone else commit failed... Logout.");
            logout();
            return true;
        }
        MuseProxy.log(8, this, "[connection.id=" + this.proxyConnectionId + "] Authentication failed. Aborting...");
        this.succeeded = false;
        this.userPrincipal = null;
        this.userGroup = null;
        this.proxyConnectionId = null;
        this.authenticationTokenId = null;
        return true;
    }

    public boolean logout() throws LoginException {
        MuseProxy.log(8, this, "[connection.id=" + this.proxyConnectionId + "] Log out.");
        this.userGroup = null;
        this.proxyConnectionId = null;
        this.authenticationTokenId = null;
        return true;
    }
}
