package org.apache.karaf.jaas.modules.ldap;

import java.io.IOException;
import java.security.PublicKey;
import java.util.HashSet;
import java.util.Map;
import javax.naming.NamingException;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import org.apache.karaf.jaas.boot.principal.RolePrincipal;
import org.apache.karaf.jaas.boot.principal.UserPrincipal;
import org.apache.karaf.jaas.modules.AbstractKarafLoginModule;
import org.apache.karaf.jaas.modules.publickey.PublickeyCallback;
import org.apache.karaf.jaas.modules.publickey.PublickeyLoginModule;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/karaf/jaas/modules/ldap/LDAPPubkeyLoginModule.class */
public class LDAPPubkeyLoginModule extends AbstractKarafLoginModule {
    private static Logger logger = LoggerFactory.getLogger(LDAPPubkeyLoginModule.class);

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        super.initialize(subject, callbackHandler, map2);
        LDAPCache.clear();
    }

    public boolean login() throws LoginException {
        ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
        try {
            boolean doLogin = doLogin();
            ManagedSSLSocketFactory.setSocketFactory(null);
            Thread.currentThread().setContextClassLoader(contextClassLoader);
            return doLogin;
        } catch (Throwable th) {
            ManagedSSLSocketFactory.setSocketFactory(null);
            Thread.currentThread().setContextClassLoader(contextClassLoader);
            throw th;
        }
    }

    protected boolean doLogin() throws LoginException {
        NameCallback[] nameCallbackArr = {new NameCallback("Username: "), new PublickeyCallback()};
        try {
            this.callbackHandler.handle(nameCallbackArr);
            this.user = Util.doRFC2254Encoding(nameCallbackArr[0].getName());
            PublicKey publicKey = ((PublickeyCallback) nameCallbackArr[1]).getPublicKey();
            LDAPOptions lDAPOptions = new LDAPOptions(this.options);
            if (lDAPOptions.isUsernameTrim() && this.user != null) {
                this.user = this.user.trim();
            }
            this.principals = new HashSet();
            LDAPCache cache = LDAPCache.getCache(lDAPOptions);
            try {
                logger.debug("Get the user DN.");
                String[] userDnAndNamespace = cache.getUserDnAndNamespace(this.user);
                if (userDnAndNamespace == null) {
                    return false;
                }
                try {
                    authenticatePubkey(userDnAndNamespace[0] + "," + lDAPOptions.getUserBaseDn(), publicKey, cache);
                    this.principals.add(new UserPrincipal(this.user));
                    try {
                        for (String str : cache.getUserRoles(this.user, userDnAndNamespace[0], userDnAndNamespace[1])) {
                            this.principals.add(new RolePrincipal(str));
                        }
                        this.succeeded = true;
                        return true;
                    } catch (Exception e) {
                        throw new LoginException("Can't get user " + this.user + " roles: " + e.getMessage());
                    }
                } catch (NamingException e2) {
                    logger.warn("Can't connect to the LDAP server: {}", e2.getMessage(), e2);
                    throw new LoginException("Can't connect to the LDAP server: " + e2.getMessage());
                } catch (FailedLoginException e3) {
                    if (!this.detailedLoginExcepion) {
                        throw new LoginException("Authentication failed");
                    }
                    logger.warn("Public key authentication failed for user {}: {}", new Object[]{this.user, e3.getMessage(), e3});
                    throw new LoginException("Public key authentication failed for user " + this.user + ": " + e3.getMessage());
                }
            } catch (Exception e4) {
                logger.warn("Can't connect to the LDAP server: {}", e4.getMessage(), e4);
                throw new LoginException("Can't connect to the LDAP server: " + e4.getMessage());
            }
        } catch (IOException e5) {
            throw new LoginException(e5.getMessage());
        } catch (UnsupportedCallbackException e6) {
            throw new LoginException(e6.getMessage() + " not available to obtain information from user.");
        }
    }

    private void authenticatePubkey(String str, PublicKey publicKey, LDAPCache lDAPCache) throws FailedLoginException, NamingException {
        if (publicKey == null) {
            throw new FailedLoginException("no public key supplied by the client");
        }
        String[] userPubkeys = lDAPCache.getUserPubkeys(str);
        if (userPubkeys.length > 0) {
            String string = PublickeyLoginModule.getString(publicKey);
            for (String str2 : userPubkeys) {
                if (string.equals(str2)) {
                    return;
                }
            }
        }
        throw new FailedLoginException("no matching public key found");
    }
}
