package com.stratelia.webactiv.jaas;

import com.silverpeas.jcrutil.security.impl.DigestCredentials;
import com.silverpeas.jcrutil.security.impl.SilverpeasCredentials;
import com.silverpeas.jcrutil.security.impl.SilverpeasSystemCredentials;
import com.silverpeas.jcrutil.security.impl.SilverpeasSystemPrincipal;
import com.stratelia.webactiv.beans.admin.Admin;
import com.stratelia.webactiv.beans.admin.AdminException;
import com.stratelia.webactiv.beans.admin.AdminReference;
import com.stratelia.webactiv.beans.admin.UserDetail;
import com.stratelia.webactiv.util.exception.WithNested;
import java.io.IOException;
import java.security.Principal;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.jcr.SimpleCredentials;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.apache.jackrabbit.core.security.AnonymousPrincipal;
import org.apache.jackrabbit.core.security.authentication.CredentialsCallback;
import org.silverpeas.authentication.AuthenticationCredential;
import org.silverpeas.authentication.AuthenticationService;
import org.silverpeas.util.crypto.CryptMD5;

/* loaded from: input_file:com/stratelia/webactiv/jaas/SilverpeasLoginModule.class */
public class SilverpeasLoginModule implements LoginModule {
    private String userId;
    private Subject subject;
    private CallbackHandler callbackHandler;
    private Set<Principal> principals = new HashSet();
    private AuthenticationService authenticator;
    private Admin administrator;

    public String getUserId() {
        return this.userId;
    }

    public Subject getSubject() {
        return this.subject;
    }

    public void setAuthenticator(AuthenticationService authenticationService) {
        this.authenticator = authenticationService;
    }

    public void setAdministrator(Admin admin) {
        this.administrator = admin;
    }

    public boolean abort() throws LoginException {
        if (this.principals.isEmpty()) {
            return false;
        }
        logout();
        return true;
    }

    public boolean commit() throws LoginException {
        if (this.principals.isEmpty()) {
            return false;
        }
        this.subject.getPrincipals().addAll(this.principals);
        return true;
    }

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        this.subject = subject;
        this.callbackHandler = callbackHandler;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v20, types: [java.lang.Throwable] */
    public boolean login() throws LoginException {
        if (this.callbackHandler == null) {
            throw new LoginException("no CallbackHandler available");
        }
        boolean z = false;
        this.principals.clear();
        try {
            Callback credentialsCallback = new CredentialsCallback();
            this.callbackHandler.handle(new Callback[]{credentialsCallback});
            SimpleCredentials credentials = credentialsCallback.getCredentials();
            if (credentials == null) {
                this.principals.add(new AnonymousPrincipal());
                z = true;
            } else if (credentials instanceof SimpleCredentials) {
                SimpleCredentials simpleCredentials = credentials;
                Iterator<String> it = this.administrator.getAllDomainIdsForLogin(simpleCredentials.getUserID()).iterator();
                while (it.hasNext()) {
                    String authenticate = this.authenticator.authenticate(AuthenticationCredential.newWithAsLogin(simpleCredentials.getUserID()).withAsPassword(new String(simpleCredentials.getPassword())).withAsDomainId(it.next()));
                    if (authenticate != null && !authenticate.startsWith("Error_")) {
                        this.userId = this.administrator.identify(authenticate, null, false);
                        this.principals.add(new SilverpeasUserPrincipal(this.userId, isRoot(this.userId)));
                    }
                }
                if (this.principals.isEmpty() && UserDetail.isAnonymousUser(simpleCredentials.getUserID())) {
                    this.principals.add(new AnonymousPrincipal());
                }
                z = true;
            } else if (credentials instanceof SilverpeasCredentials) {
                String userId = ((SilverpeasCredentials) credentials).getUserId();
                this.principals.add(new SilverpeasUserPrincipal(userId, isRoot(userId)));
                z = true;
            } else if (credentials instanceof SilverpeasSystemCredentials) {
                this.principals.add(new SilverpeasSystemPrincipal());
                z = true;
            } else if (credentials instanceof DigestCredentials) {
                DigestCredentials digestCredentials = (DigestCredentials) credentials;
                Iterator<String> it2 = this.administrator.getAllDomainIdsForLogin(digestCredentials.getUsername()).iterator();
                while (it2.hasNext()) {
                    String authenticate2 = this.authenticator.authenticate(AuthenticationCredential.newWithAsLogin(digestCredentials.getUsername()).withAsDomainId(it2.next()));
                    if (authenticate2 != null && !authenticate2.startsWith("Error_")) {
                        this.userId = this.administrator.identify(authenticate2, null, false);
                        SilverpeasUserPrincipal silverpeasUserPrincipal = new SilverpeasUserPrincipal(this.userId, isRoot(this.userId));
                        validateDigestUser(silverpeasUserPrincipal, digestCredentials);
                        this.principals.add(silverpeasUserPrincipal);
                    }
                }
                if (this.principals.isEmpty() && UserDetail.isAnonymousUser(digestCredentials.getUsername())) {
                    this.principals.add(new AnonymousPrincipal());
                }
                z = true;
            }
            if (z) {
                return !this.principals.isEmpty();
            }
            this.principals.clear();
            throw new FailedLoginException();
        } catch (AdminException e) {
            StringBuilder sb = new StringBuilder();
            AdminException adminException = e;
            int i = 0;
            while (adminException != null && i < 10) {
                i++;
                sb.append(" - ").append(adminException.getMessage());
                adminException = adminException instanceof WithNested ? adminException.getNested() : null;
            }
            throw new LoginException(sb.toString());
        } catch (IOException e2) {
            throw new LoginException(e2.toString());
        } catch (UnsupportedCallbackException e3) {
            throw new LoginException(e3.getCallback().toString() + " not available");
        }
    }

    private boolean isRoot(String str) {
        boolean z = false;
        try {
            UserDetail userDetail = this.administrator.getUserDetail(str);
            if (userDetail != null) {
                z = userDetail.isAccessAdmin();
            }
        } catch (AdminException e) {
        }
        return z;
    }

    public boolean logout() throws LoginException {
        this.subject.getPrincipals().removeAll(this.principals);
        this.principals.clear();
        return true;
    }

    public boolean validateDigestUser(SilverpeasUserPrincipal silverpeasUserPrincipal, DigestCredentials digestCredentials) throws AdminException {
        return CryptMD5.encrypt(CryptMD5.encrypt(AdminReference.getAdminService().getUserFull(this.userId).getPassword()) + ":" + digestCredentials.getNonce() + ":" + digestCredentials.getNc() + ":" + digestCredentials.getCnonce() + ":" + digestCredentials.getQop() + ":" + digestCredentials.getMd5a2()).equals(digestCredentials.getClientDigest());
    }
}
