package waffle.jaas;

import cn.hutool.core.text.StrPool;
import java.io.IOException;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import waffle.windows.auth.IWindowsAccount;
import waffle.windows.auth.IWindowsAuthProvider;
import waffle.windows.auth.IWindowsIdentity;
import waffle.windows.auth.PrincipalFormat;
import waffle.windows.auth.impl.WindowsAuthProviderImpl;

/* loaded from: input_file:waffle/jaas/WindowsLoginModule.class */
public class WindowsLoginModule implements LoginModule {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) WindowsLoginModule.class);
    private String username;
    private boolean debug;
    private Subject subject;
    private CallbackHandler callbackHandler;
    private Set<Principal> principals;
    private IWindowsAuthProvider auth = new WindowsAuthProviderImpl();
    private PrincipalFormat principalFormat = PrincipalFormat.FQN;
    private PrincipalFormat roleFormat = PrincipalFormat.FQN;
    private boolean allowGuestLogin = true;

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        this.subject = subject;
        this.callbackHandler = callbackHandler;
        for (Map.Entry<String, ?> entry : map2.entrySet()) {
            if ("debug".equalsIgnoreCase(entry.getKey())) {
                this.debug = Boolean.parseBoolean((String) entry.getValue());
            } else if ("principalFormat".equalsIgnoreCase(entry.getKey())) {
                this.principalFormat = PrincipalFormat.valueOf(((String) entry.getValue()).toUpperCase(Locale.ENGLISH));
            } else if ("roleFormat".equalsIgnoreCase(entry.getKey())) {
                this.roleFormat = PrincipalFormat.valueOf(((String) entry.getValue()).toUpperCase(Locale.ENGLISH));
            }
        }
    }

    public boolean login() throws LoginException {
        if (this.callbackHandler == null) {
            throw new LoginException("Missing callback to gather information from the user.");
        }
        Callback nameCallback = new NameCallback("user name: ");
        PasswordCallback passwordCallback = new PasswordCallback("password: ", false);
        try {
            this.callbackHandler.handle(new Callback[]{nameCallback, passwordCallback});
            String name = nameCallback.getName();
            String str = passwordCallback.getPassword() == null ? "" : new String(passwordCallback.getPassword());
            passwordCallback.clearPassword();
            try {
                IWindowsIdentity logonUser = this.auth.logonUser(name, str);
                try {
                    if (!this.allowGuestLogin && logonUser.isGuest()) {
                        LOGGER.debug("guest login disabled: {}", logonUser.getFqn());
                        throw new LoginException("Guest login disabled");
                    }
                    this.principals = new LinkedHashSet();
                    this.principals.addAll(getUserPrincipals(logonUser, this.principalFormat));
                    if (this.roleFormat != PrincipalFormat.NONE) {
                        for (IWindowsAccount iWindowsAccount : logonUser.getGroups()) {
                            this.principals.addAll(getRolePrincipals(iWindowsAccount, this.roleFormat));
                        }
                    }
                    this.username = logonUser.getFqn();
                    LOGGER.debug("successfully logged in {} ({})", this.username, logonUser.getSidString());
                    logonUser.dispose();
                    return true;
                } catch (Throwable th) {
                    logonUser.dispose();
                    throw th;
                }
            } catch (Exception e) {
                LOGGER.trace("", (Throwable) e);
                throw new LoginException(e.getMessage());
            }
        } catch (IOException e2) {
            LOGGER.trace("", (Throwable) e2);
            throw new LoginException(e2.toString());
        } catch (UnsupportedCallbackException e3) {
            LOGGER.trace("", (Throwable) e3);
            throw new LoginException("Callback {} not available to gather authentication information from the user.".replace(StrPool.EMPTY_JSON, e3.getCallback().getClass().getName()));
        }
    }

    public boolean abort() throws LoginException {
        return logout();
    }

    public boolean commit() throws LoginException {
        if (this.principals == null) {
            return false;
        }
        if (this.subject.isReadOnly()) {
            throw new LoginException("Subject cannot be read-only.");
        }
        Set<Principal> principals = this.subject.getPrincipals();
        principals.addAll(this.principals);
        LOGGER.debug("committing {} principals", Integer.valueOf(this.subject.getPrincipals().size()));
        if (!this.debug) {
            return true;
        }
        Iterator<Principal> it = principals.iterator();
        while (it.hasNext()) {
            LOGGER.debug(" principal: {}", it.next().getName());
        }
        return true;
    }

    public boolean logout() throws LoginException {
        if (this.subject.isReadOnly()) {
            throw new LoginException("Subject cannot be read-only.");
        }
        this.subject.getPrincipals().clear();
        if (this.username == null) {
            return true;
        }
        LOGGER.debug("logging out {}", this.username);
        return true;
    }

    public boolean isDebug() {
        return this.debug;
    }

    public IWindowsAuthProvider getAuth() {
        return this.auth;
    }

    public void setAuth(IWindowsAuthProvider iWindowsAuthProvider) {
        this.auth = iWindowsAuthProvider;
    }

    private static List<Principal> getUserPrincipals(IWindowsIdentity iWindowsIdentity, PrincipalFormat principalFormat) {
        ArrayList arrayList = new ArrayList();
        switch (principalFormat) {
            case FQN:
                arrayList.add(new UserPrincipal(iWindowsIdentity.getFqn()));
                break;
            case SID:
                arrayList.add(new UserPrincipal(iWindowsIdentity.getSidString()));
                break;
            case BOTH:
                arrayList.add(new UserPrincipal(iWindowsIdentity.getFqn()));
                arrayList.add(new UserPrincipal(iWindowsIdentity.getSidString()));
                break;
        }
        return arrayList;
    }

    private static List<Principal> getRolePrincipals(IWindowsAccount iWindowsAccount, PrincipalFormat principalFormat) {
        ArrayList arrayList = new ArrayList();
        switch (principalFormat) {
            case FQN:
                arrayList.add(new RolePrincipal(iWindowsAccount.getFqn()));
                break;
            case SID:
                arrayList.add(new RolePrincipal(iWindowsAccount.getSidString()));
                break;
            case BOTH:
                arrayList.add(new RolePrincipal(iWindowsAccount.getFqn()));
                arrayList.add(new RolePrincipal(iWindowsAccount.getSidString()));
                break;
        }
        return arrayList;
    }

    public boolean isAllowGuestLogin() {
        return this.allowGuestLogin;
    }

    public void setAllowGuestLogin(boolean z) {
        this.allowGuestLogin = z;
    }
}
