package org.apache.geronimo.security.jaas.client;

import java.util.HashMap;
import java.util.Map;
import javax.management.MalformedObjectNameException;
import javax.management.ObjectName;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.apache.geronimo.kernel.Kernel;
import org.apache.geronimo.kernel.KernelRegistry;
import org.apache.geronimo.kernel.proxy.ProxyManager;
import org.apache.geronimo.security.jaas.LoginModuleControlFlag;
import org.apache.geronimo.security.jaas.LoginUtils;
import org.apache.geronimo.security.jaas.server.JaasLoginModuleConfiguration;
import org.apache.geronimo.security.jaas.server.JaasLoginServiceMBean;
import org.apache.geronimo.security.jaas.server.JaasSessionId;
import org.apache.geronimo.security.remoting.jmx.JaasLoginServiceRemotingClient;

/* loaded from: input_file:zips/geronimo-jetty-j2ee-1.0.zip:geronimo-1.0/repository/geronimo/jars/geronimo-security-1.0.jar:org/apache/geronimo/security/jaas/client/JaasLoginCoordinator.class */
public class JaasLoginCoordinator implements LoginModule {
    public static final String OPTION_HOST = "host";
    public static final String OPTION_PORT = "port";
    public static final String OPTION_KERNEL = "kernel";
    public static final String OPTION_REALM = "realm";
    public static final String OPTION_SERVICENAME = "serviceName";
    private String serverHost;
    private int serverPort;
    private String realmName;
    private String kernelName;
    private ObjectName serviceName;
    private JaasLoginServiceMBean service;
    private CallbackHandler handler;
    private Subject subject;
    private JaasSessionId sessionHandle;
    private LoginModuleProxy[] proxies;
    private final Map sharedState = new HashMap();
    static Class class$org$apache$geronimo$security$jaas$client$JaasLoginCoordinator;
    static Class class$org$apache$geronimo$security$jaas$server$JaasLoginServiceMBean;

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        this.serverHost = (String) map2.get(OPTION_HOST);
        Object obj = map2.get("port");
        if (obj != null) {
            this.serverPort = Integer.parseInt((String) obj);
        }
        this.realmName = (String) map2.get(OPTION_REALM);
        this.kernelName = (String) map2.get(OPTION_KERNEL);
        try {
            String str = (String) map2.get(OPTION_SERVICENAME);
            this.serviceName = str != null ? new ObjectName(str) : null;
            this.service = connect();
            this.handler = callbackHandler;
            if (subject == null) {
                this.subject = new Subject();
            } else {
                this.subject = subject;
            }
        } catch (MalformedObjectNameException e) {
            throw new IllegalArgumentException(new StringBuffer().append("option serviceNameis not a valid ObjectName: ").append(map2.get(OPTION_SERVICENAME)).toString());
        }
    }

    public boolean login() throws LoginException {
        Class cls;
        this.sessionHandle = this.service.connectToRealm(this.realmName);
        JaasLoginModuleConfiguration[] loginConfiguration = this.service.getLoginConfiguration(this.sessionHandle);
        this.proxies = new LoginModuleProxy[loginConfiguration.length];
        for (int i = 0; i < this.proxies.length; i++) {
            if (loginConfiguration[i].isServerSide()) {
                this.proxies[i] = new ServerLoginProxy(loginConfiguration[i].getFlag(), this.subject, i, this.service, this.sessionHandle);
            } else {
                JaasLoginModuleConfiguration jaasLoginModuleConfiguration = loginConfiguration[i];
                if (class$org$apache$geronimo$security$jaas$client$JaasLoginCoordinator == null) {
                    cls = class$("org.apache.geronimo.security.jaas.client.JaasLoginCoordinator");
                    class$org$apache$geronimo$security$jaas$client$JaasLoginCoordinator = cls;
                } else {
                    cls = class$org$apache$geronimo$security$jaas$client$JaasLoginCoordinator;
                }
                LoginModule loginModule = jaasLoginModuleConfiguration.getLoginModule(cls.getClassLoader());
                if (loginConfiguration[i].isWrapPrincipals()) {
                    this.proxies[i] = new WrappingClientLoginModuleProxy(loginConfiguration[i].getFlag(), this.subject, loginModule, loginConfiguration[i].getLoginDomainName(), this.realmName);
                } else {
                    this.proxies[i] = new ClientLoginModuleProxy(loginConfiguration[i].getFlag(), this.subject, loginModule);
                }
            }
            this.proxies[i].initialize(this.subject, this.handler, this.sharedState, loginConfiguration[i].getOptions());
            syncSharedState();
        }
        return performLogin();
    }

    public boolean commit() throws LoginException {
        for (int i = 0; i < this.proxies.length; i++) {
            this.proxies[i].commit();
            syncSharedState();
            syncPrincipals();
        }
        this.subject.getPrincipals().add(this.service.loginSucceeded(this.sessionHandle));
        return true;
    }

    public boolean abort() throws LoginException {
        for (int i = 0; i < this.proxies.length; i++) {
            try {
                this.proxies[i].abort();
                syncSharedState();
            } finally {
                this.service.loginFailed(this.sessionHandle);
            }
        }
        clear();
        return true;
    }

    public boolean logout() throws LoginException {
        for (int i = 0; i < this.proxies.length; i++) {
            try {
                this.proxies[i].logout();
                syncSharedState();
            } finally {
                this.service.logout(this.sessionHandle);
            }
        }
        clear();
        return true;
    }

    private void clear() {
        Kernel kernel = KernelRegistry.getKernel(this.kernelName);
        if (kernel != null) {
            kernel.getProxyManager().destroyProxy(this.service);
        }
        this.serverHost = null;
        this.serverPort = 0;
        this.realmName = null;
        this.kernelName = null;
        this.service = null;
        this.handler = null;
        this.subject = null;
        this.sessionHandle = null;
        this.proxies = null;
    }

    private JaasLoginServiceMBean connect() {
        Class cls;
        if (this.serverHost != null && this.serverPort > 0) {
            return JaasLoginServiceRemotingClient.create(this.serverHost, this.serverPort);
        }
        ProxyManager proxyManager = KernelRegistry.getKernel(this.kernelName).getProxyManager();
        ObjectName objectName = this.serviceName;
        if (class$org$apache$geronimo$security$jaas$server$JaasLoginServiceMBean == null) {
            cls = class$("org.apache.geronimo.security.jaas.server.JaasLoginServiceMBean");
            class$org$apache$geronimo$security$jaas$server$JaasLoginServiceMBean = cls;
        } else {
            cls = class$org$apache$geronimo$security$jaas$server$JaasLoginServiceMBean;
        }
        return (JaasLoginServiceMBean) proxyManager.createProxy(objectName, cls);
    }

    private boolean performLogin() throws LoginException {
        Boolean bool = null;
        Boolean bool2 = null;
        for (int i = 0; i < this.proxies.length; i++) {
            LoginModuleProxy loginModuleProxy = this.proxies[i];
            boolean login = loginModuleProxy.login();
            syncSharedState();
            if (loginModuleProxy.getControlFlag() == LoginModuleControlFlag.REQUIRED) {
                if (bool == null || bool.booleanValue()) {
                    bool = login ? Boolean.TRUE : Boolean.FALSE;
                }
            } else if (loginModuleProxy.getControlFlag() == LoginModuleControlFlag.REQUISITE) {
                if (!login) {
                    return false;
                }
                if (bool == null) {
                    bool = Boolean.TRUE;
                }
            } else if (loginModuleProxy.getControlFlag() == LoginModuleControlFlag.SUFFICIENT) {
                if (login && (bool == null || bool.booleanValue())) {
                    return true;
                }
            } else if (loginModuleProxy.getControlFlag() == LoginModuleControlFlag.OPTIONAL && (bool2 == null || bool2.booleanValue())) {
                bool2 = login ? Boolean.TRUE : Boolean.FALSE;
            }
        }
        if (bool != null) {
            return bool.booleanValue();
        }
        if (bool2 != null) {
            return bool2.booleanValue();
        }
        return false;
    }

    private void syncSharedState() throws LoginException {
        this.sharedState.putAll(this.service.syncShareState(this.sessionHandle, LoginUtils.getSerializableCopy(this.sharedState)));
    }

    private void syncPrincipals() throws LoginException {
        this.subject.getPrincipals().addAll(this.service.syncPrincipals(this.sessionHandle, this.subject.getPrincipals()));
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }
}
