package org.apache.jackrabbit.oak.security.authentication.ldap;

import java.security.Principal;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import javax.annotation.Nonnull;
import javax.jcr.Credentials;
import javax.jcr.SimpleCredentials;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import org.apache.jackrabbit.oak.api.AuthInfo;
import org.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule;
import org.apache.jackrabbit.oak.spi.security.authentication.AuthInfoImpl;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalLoginModule;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/oak-core-0.15.jar:org/apache/jackrabbit/oak/security/authentication/ldap/LdapLoginModule.class
 */
/* loaded from: input_file:org/apache/jackrabbit/oak/security/authentication/ldap/LdapLoginModule.class */
public final class LdapLoginModule extends ExternalLoginModule {
    private static final Logger log = LoggerFactory.getLogger(LdapLoginModule.class);
    private Credentials credentials;
    private LdapUser ldapUser;
    private boolean success;
    private LdapSearch search;

    @Override // org.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule
    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        super.initialize(subject, callbackHandler, map, map2);
        this.search = new JndiLdapSearch(new LdapSettings(map2));
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalLoginModule
    public boolean commit() throws LoginException {
        if (!this.success || !super.commit()) {
            return false;
        }
        if (this.subject.isReadOnly()) {
            log.debug("Could not add information to read only subject {}", this.subject);
            return true;
        }
        String id = this.ldapUser.getId();
        Set<? extends Principal> principals = getPrincipals(id);
        this.subject.getPrincipals().addAll(principals);
        this.subject.getPublicCredentials().add(this.credentials);
        this.subject.getPublicCredentials().add(createAuthInfo(id, principals));
        return true;
    }

    public boolean login() throws LoginException {
        this.ldapUser = getExternalUser();
        if (this.ldapUser != null && this.search.findUser(this.ldapUser) && this.search.authenticate(this.ldapUser)) {
            this.success = true;
            log.debug("Adding Credentials to shared state.");
            this.sharedState.put(AbstractLoginModule.SHARED_KEY_CREDENTIALS, this.credentials);
            log.debug("Adding login name to shared state.");
            this.sharedState.put(AbstractLoginModule.SHARED_KEY_LOGIN_NAME, this.ldapUser.getId());
        }
        return this.success;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule
    public void clearState() {
        super.clearState();
        this.success = false;
        this.credentials = null;
        this.ldapUser = null;
        this.search = null;
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalLoginModule
    protected boolean loginSucceeded() {
        return this.success;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalLoginModule
    public LdapUser getExternalUser() {
        if (this.ldapUser == null) {
            this.credentials = getCredentials();
            if (this.credentials instanceof SimpleCredentials) {
                return new LdapUser(((SimpleCredentials) this.credentials).getUserID(), new String(((SimpleCredentials) this.credentials).getPassword()), this.search);
            }
        }
        return this.ldapUser;
    }

    private AuthInfo createAuthInfo(@Nonnull String str, Set<? extends Principal> set) {
        HashMap hashMap = new HashMap();
        if (this.credentials instanceof SimpleCredentials) {
            SimpleCredentials simpleCredentials = (SimpleCredentials) this.credentials;
            for (String str2 : simpleCredentials.getAttributeNames()) {
                hashMap.put(str2, simpleCredentials.getAttribute(str2));
            }
        }
        return new AuthInfoImpl(str, hashMap, set);
    }
}
