package org.apache.jackrabbit.oak.security.authentication.ldap;

import java.util.Map;
import javax.jcr.Credentials;
import javax.jcr.SimpleCredentials;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalLoginModule;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser;

/* loaded from: input_file:WEB-INF/lib/oak-core-0.8.jar:org/apache/jackrabbit/oak/security/authentication/ldap/LdapLoginModule.class */
public final class LdapLoginModule extends ExternalLoginModule {
    private Credentials credentials;
    private LdapUser ldapUser;
    private boolean success;
    private LdapSearch search;

    @Override // org.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule
    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        super.initialize(subject, callbackHandler, map, map2);
        this.search = new JndiLdapSearch(new LdapSettings(map2));
    }

    public boolean login() throws LoginException {
        getExternalUser();
        if (this.ldapUser != null && this.search.findUser(this.ldapUser)) {
            this.search.authenticate(this.ldapUser);
            this.success = true;
        }
        return this.success;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule
    public Credentials getCredentials() {
        if (this.credentials == null) {
            this.credentials = super.getCredentials();
        }
        return this.credentials;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule
    public void clearState() {
        super.clearState();
        this.success = false;
        this.credentials = null;
        this.ldapUser = null;
        this.search = null;
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalLoginModule
    protected boolean loginSucceeded() {
        return this.success;
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalLoginModule
    protected ExternalUser getExternalUser() {
        if (this.ldapUser == null) {
            SimpleCredentials credentials = getCredentials();
            if (credentials instanceof SimpleCredentials) {
                this.ldapUser = new LdapUser(credentials.getUserID(), new String(credentials.getPassword()), this.search);
            }
        }
        return this.ldapUser;
    }
}
