package org.apereo.cas.authentication.handler.support.jaas;

import java.io.File;
import java.security.GeneralSecurityException;
import java.security.URIParameter;
import java.util.Arrays;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginContext;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.AuthenticationHandlerExecutionResult;
import org.apereo.cas.authentication.AuthenticationPasswordPolicyHandlingStrategy;
import org.apereo.cas.authentication.credential.UsernamePasswordCredential;
import org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.services.ServicesManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/cas-server-core-authentication-api-6.5.8.jar:org/apereo/cas/authentication/handler/support/jaas/JaasAuthenticationHandler.class */
public class JaasAuthenticationHandler extends AbstractUsernamePasswordAuthenticationHandler {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) JaasAuthenticationHandler.class);
    private static final String SYS_PROP_KRB5_REALM = "java.security.krb5.realm";
    private static final String SYS_PROP_KERB5_KDC = "java.security.krb5.kdc";
    private String realm;
    private String kerberosRealmSystemProperty;
    private String kerberosKdcSystemProperty;
    private String loginConfigType;
    private File loginConfigurationFile;

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:WEB-INF/lib/cas-server-core-authentication-api-6.5.8.jar:org/apereo/cas/authentication/handler/support/jaas/JaasAuthenticationHandler$UsernamePasswordCallbackHandler.class */
    public static class UsernamePasswordCallbackHandler implements CallbackHandler {
        private final String userName;
        private final String password;

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) {
            Arrays.stream(callbackArr).forEach(callback -> {
                if (callback.getClass().equals(NameCallback.class)) {
                    ((NameCallback) callback).setName(this.userName);
                } else if (callback.getClass().equals(PasswordCallback.class)) {
                    ((PasswordCallback) callback).setPassword(this.password.toCharArray());
                }
            });
        }

        @Generated
        public UsernamePasswordCallbackHandler(String str, String str2) {
            this.userName = str;
            this.password = str2;
        }
    }

    public JaasAuthenticationHandler(String str, ServicesManager servicesManager, PrincipalFactory principalFactory, Integer num) {
        super(str, servicesManager, principalFactory, num);
        this.realm = "CAS";
    }

    @Override // org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler
    protected AuthenticationHandlerExecutionResult authenticateUsernamePasswordInternal(UsernamePasswordCredential usernamePasswordCredential, String str) throws GeneralSecurityException {
        if (StringUtils.isNotBlank(this.kerberosKdcSystemProperty)) {
            LOGGER.debug("Configured kerberos system property [{}] to [{}]", SYS_PROP_KERB5_KDC, this.kerberosKdcSystemProperty);
            System.setProperty(SYS_PROP_KERB5_KDC, this.kerberosKdcSystemProperty);
        }
        if (StringUtils.isNotBlank(this.kerberosRealmSystemProperty)) {
            LOGGER.debug("Setting kerberos system property [{}] to [{}]", SYS_PROP_KRB5_REALM, this.kerberosRealmSystemProperty);
            System.setProperty(SYS_PROP_KRB5_REALM, this.kerberosRealmSystemProperty);
        }
        Principal authenticateAndGetPrincipal = authenticateAndGetPrincipal(usernamePasswordCredential);
        AuthenticationPasswordPolicyHandlingStrategy passwordPolicyHandlingStrategy = getPasswordPolicyHandlingStrategy();
        if (authenticateAndGetPrincipal == null || passwordPolicyHandlingStrategy == null) {
            throw new FailedLoginException("Unable to authenticate " + usernamePasswordCredential.getId());
        }
        LOGGER.debug("Attempting to examine and handle password policy via [{}]", passwordPolicyHandlingStrategy.getClass().getSimpleName());
        return createHandlerResult(usernamePasswordCredential, authenticateAndGetPrincipal, passwordPolicyHandlingStrategy.handle(authenticateAndGetPrincipal, getPasswordPolicyConfiguration()));
    }

    protected Principal authenticateAndGetPrincipal(UsernamePasswordCredential usernamePasswordCredential) throws GeneralSecurityException {
        LoginContext loginContext = getLoginContext(usernamePasswordCredential);
        try {
            loginContext.login();
            Set<java.security.Principal> principals = loginContext.getSubject().getPrincipals();
            LOGGER.debug("JAAS principals extracted from subject are [{}]", principals);
            if (principals == null || principals.isEmpty()) {
            }
            java.security.Principal next = principals.iterator().next();
            LOGGER.debug("JAAS principal detected from subject login context is [{}]", next.getName());
            Principal createPrincipal = this.principalFactory.createPrincipal(next.getName());
            if (loginContext != null) {
                loginContext.logout();
            }
            return createPrincipal;
        } finally {
            if (loginContext != null) {
                loginContext.logout();
            }
        }
    }

    protected LoginContext getLoginContext(UsernamePasswordCredential usernamePasswordCredential) throws GeneralSecurityException {
        UsernamePasswordCallbackHandler usernamePasswordCallbackHandler = new UsernamePasswordCallbackHandler(usernamePasswordCredential.getUsername(), usernamePasswordCredential.getPassword());
        if (this.loginConfigurationFile == null || !StringUtils.isNotBlank(this.loginConfigType) || !this.loginConfigurationFile.exists() || !this.loginConfigurationFile.canRead()) {
            return new LoginContext(this.realm, usernamePasswordCallbackHandler);
        }
        return new LoginContext(this.realm, (Subject) null, usernamePasswordCallbackHandler, Configuration.getInstance(this.loginConfigType, new URIParameter(this.loginConfigurationFile.toURI())));
    }

    @Generated
    public void setRealm(String str) {
        this.realm = str;
    }

    @Generated
    public void setKerberosRealmSystemProperty(String str) {
        this.kerberosRealmSystemProperty = str;
    }

    @Generated
    public void setKerberosKdcSystemProperty(String str) {
        this.kerberosKdcSystemProperty = str;
    }

    @Generated
    public void setLoginConfigType(String str) {
        this.loginConfigType = str;
    }

    @Generated
    public void setLoginConfigurationFile(File file) {
        this.loginConfigurationFile = file;
    }
}
