package com.ibm.security.auth.module;

import com.ibm.security.auth.NTDomainPrincipal;
import com.ibm.security.auth.NTNumericCredential;
import com.ibm.security.auth.NTSidDomainPrincipal;
import com.ibm.security.auth.NTSidGroupPrincipal;
import com.ibm.security.auth.NTSidPrimaryGroupPrincipal;
import com.ibm.security.auth.NTSidUserPrincipal;
import com.ibm.security.auth.NTUserPrincipal;
import java.io.IOException;
import java.security.Principal;
import java.util.LinkedList;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;

/* loaded from: input_file:com/ibm/security/auth/module/NTActiveLoginModule.class */
public class NTActiveLoginModule implements LoginModule {
    private Subject subject;
    private CallbackHandler callbackHandler;
    private Map sharedState;
    private Map options;
    private NTUserPrincipal usernamePrincipal;
    private NTSidUserPrincipal userIDPrincipal;
    private NTDomainPrincipal domainPrincipal;
    private NTSidDomainPrincipal domainIDPrincipal;
    private NTSidPrimaryGroupPrincipal primaryGroupIDPrincipal;
    private NTNumericCredential numericCredential;
    private NTActiveSystem system;
    private boolean debug = false;
    private boolean succeeded = false;
    private boolean commitSucceeded = false;
    private LinkedList supplementaryGroups = new LinkedList();

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        this.subject = subject;
        this.callbackHandler = callbackHandler;
        this.sharedState = map;
        this.options = map2;
        this.debug = "true".equalsIgnoreCase((String) map2.get("debug"));
    }

    public boolean login() throws LoginException {
        String[] strArr = null;
        this.succeeded = false;
        this.system = null;
        if (this.callbackHandler == null) {
            this.system = new NTActiveSystem();
            if (this.system == null) {
                if (this.debug) {
                    System.out.println("\t\t[NTActiveLoginModule] Failed in NT login");
                }
                throw new FailedLoginException("Failed in attempt to import the underlying NT system identity information");
            }
        } else {
            NameCallback[] nameCallbackArr = {new NameCallback("NT username: "), new PasswordCallback("NT password: ", false)};
            try {
                this.callbackHandler.handle(nameCallbackArr);
                String name = nameCallbackArr[0].getName();
                char[] password = ((PasswordCallback) nameCallbackArr[1]).getPassword();
                char[] cArr = new char[password.length];
                System.arraycopy(password, 0, cArr, 0, password.length);
                ((PasswordCallback) nameCallbackArr[1]).clearPassword();
                this.system = new NTActiveSystem(name, cArr);
                if (this.system == null) {
                    if (this.debug) {
                        System.out.println("\t\t[NTActiveLoginModule] Failed in NT login");
                    }
                    throw new FailedLoginException("Failed in NT login");
                }
            } catch (IOException e) {
                throw new LoginException(e.toString());
            } catch (UnsupportedCallbackException e2) {
                throw new LoginException("Error: " + e2.getCallback().toString() + " not available to garner authentication information from the user");
            }
        }
        if (this.debug) {
            System.out.println("\t\t[NTActiveLoginModule]: succeeded importing info: ");
            System.out.println("\t\t\tuser       = " + this.system.getName());
            System.out.println("\t\t\tuser id    = " + this.system.getUserSID());
            System.out.println("\t\t\tdomain     = " + this.system.getDomain());
            System.out.println("\t\t\tdomain id  = " + this.system.getDomainSID());
            System.out.println("\t\t\tgroup id   = " + this.system.getPrimaryGroupID());
            strArr = this.system.getGroupIDs();
            for (String str : strArr) {
                System.out.println("\t\t\tsupp gid = " + str);
            }
            System.out.println("\t\t\tnumeric credential = " + this.system.getImpersonationToken());
        }
        this.usernamePrincipal = new NTUserPrincipal(this.system.getName());
        this.userIDPrincipal = new NTSidUserPrincipal(this.system.getUserSID());
        this.domainPrincipal = new NTDomainPrincipal(this.system.getDomain());
        if (!this.system.getDomainSID().equals("")) {
            this.domainIDPrincipal = new NTSidDomainPrincipal(this.system.getDomainSID());
        }
        this.primaryGroupIDPrincipal = new NTSidPrimaryGroupPrincipal(this.system.getPrimaryGroupID());
        if (this.system.getGroupIDs() != null && this.system.getGroupIDs().length > 0) {
            strArr = this.system.getGroupIDs();
        }
        for (String str2 : strArr) {
            NTSidGroupPrincipal nTSidGroupPrincipal = new NTSidGroupPrincipal(str2);
            if (!nTSidGroupPrincipal.getName().equals(this.primaryGroupIDPrincipal.getName())) {
                this.supplementaryGroups.add(nTSidGroupPrincipal);
            }
        }
        this.numericCredential = new NTNumericCredential(this.system.getImpersonationToken(), this.system);
        this.succeeded = true;
        return this.succeeded;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public boolean commit() throws LoginException {
        if (!this.succeeded) {
            if (!this.debug) {
                return false;
            }
            System.out.println("\t\t[NTActiveLoginModule]: did not add any Principals to Subject because own authentication failed.");
            return false;
        }
        if (this.subject.isReadOnly()) {
            throw new LoginException("Subject is ReadOnly");
        }
        Set<Principal> principals = this.subject.getPrincipals();
        if (!principals.contains(this.usernamePrincipal)) {
            principals.add(this.usernamePrincipal);
            if (this.debug) {
                System.out.println("\t\t[NTActiveLoginModule]: added NTUserPrincipal");
            }
        }
        if (this.userIDPrincipal != null && !principals.contains(this.userIDPrincipal)) {
            principals.add(this.userIDPrincipal);
            if (this.debug) {
                System.out.println("\t\t[NTActiveLoginModule]: added NTSidUserPrincipal");
            }
        }
        if (this.domainPrincipal != null && !principals.contains(this.domainPrincipal)) {
            principals.add(this.domainPrincipal);
            if (this.debug) {
                System.out.println("\t\t[NTActiveLoginModule]: added NTDomainPrincipal");
            }
        }
        if (this.domainIDPrincipal != null && !principals.contains(this.domainIDPrincipal)) {
            principals.add(this.domainIDPrincipal);
            if (this.debug) {
                System.out.println("\t\t[NTActiveLoginModule]: added NTSidDomainPrincipal");
            }
        }
        if (this.primaryGroupIDPrincipal != null && !principals.contains(this.primaryGroupIDPrincipal)) {
            principals.add(this.primaryGroupIDPrincipal);
            if (this.debug) {
                System.out.println("\t\t[NTActiveLoginModule]: added NTSidPrimaryGroupPrincipal");
            }
        }
        for (int i = 0; i < this.supplementaryGroups.size(); i++) {
            if (!principals.contains(this.supplementaryGroups.get(i))) {
                principals.add(this.supplementaryGroups.get(i));
                if (this.debug) {
                    System.out.println("\t\t[NTActiveLoginModule]: added NTSidGroupPrincipal");
                }
            }
        }
        if (this.numericCredential != null && !this.subject.getPublicCredentials().contains(this.numericCredential)) {
            this.subject.getPublicCredentials().add(this.numericCredential);
        }
        this.commitSucceeded = true;
        return true;
    }

    public boolean abort() throws LoginException {
        if (this.debug) {
            System.out.println("\t\t[NTActiveLoginModule]: aborted authentication attempt");
        }
        if (!this.succeeded) {
            return false;
        }
        if (!this.succeeded || this.commitSucceeded) {
            logout();
        } else {
            this.usernamePrincipal = null;
            this.userIDPrincipal = null;
            this.domainPrincipal = null;
            this.domainIDPrincipal = null;
            this.supplementaryGroups = null;
            this.primaryGroupIDPrincipal = null;
            this.numericCredential = null;
            this.system = null;
            this.succeeded = false;
        }
        return this.succeeded;
    }

    public boolean logout() throws LoginException {
        if (this.subject.isReadOnly()) {
            throw new LoginException("Subject is ReadOnly");
        }
        Set<Principal> principals = this.subject.getPrincipals();
        if (principals.contains(this.usernamePrincipal)) {
            principals.remove(this.usernamePrincipal);
        }
        if (principals.contains(this.userIDPrincipal)) {
            principals.remove(this.userIDPrincipal);
        }
        if (principals.contains(this.domainPrincipal)) {
            principals.remove(this.domainPrincipal);
        }
        if (principals.contains(this.domainIDPrincipal)) {
            principals.remove(this.domainIDPrincipal);
        }
        if (principals.contains(this.primaryGroupIDPrincipal)) {
            principals.remove(this.primaryGroupIDPrincipal);
        }
        for (int i = 0; i < this.supplementaryGroups.size(); i++) {
            if (principals.contains(this.supplementaryGroups.get(i))) {
                principals.remove(this.supplementaryGroups.get(i));
            }
        }
        Set<Object> publicCredentials = this.subject.getPublicCredentials();
        if (publicCredentials.contains(this.numericCredential)) {
            publicCredentials.remove(this.numericCredential);
        }
        this.succeeded = false;
        this.commitSucceeded = false;
        this.system.logoff();
        this.usernamePrincipal = null;
        this.domainPrincipal = null;
        this.userIDPrincipal = null;
        this.domainIDPrincipal = null;
        this.supplementaryGroups = null;
        this.primaryGroupIDPrincipal = null;
        this.numericCredential = null;
        this.system = null;
        if (!this.debug) {
            return true;
        }
        System.out.println("\t\t[NTActiveLoginModule] completed logout processing");
        return true;
    }
}
