package org.apache.geronimo.security.realm.providers;

import java.security.Principal;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;

/* loaded from: input_file:org/apache/geronimo/security/realm/providers/KerberosLoginModule.class */
public class KerberosLoginModule implements LoginModule {
    private Subject subject;
    private LoginModule krb5LoginModule;
    private Subject krb5Subject;
    private Principal addOnPrincipal;

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        this.subject = subject;
        try {
            this.krb5LoginModule = (LoginModule) Class.forName((String) map2.get("krb5LoginModuleClass")).newInstance();
            HashMap hashMap = new HashMap();
            for (String str : map2.keySet()) {
                if (str.startsWith("krb_")) {
                    hashMap.put(str.substring(4), map2.get(str));
                }
            }
            this.krb5Subject = new Subject();
            this.krb5LoginModule.initialize(this.krb5Subject, callbackHandler, map, hashMap);
            String str2 = (String) map2.get("addOnPrincipalClass");
            String str3 = (String) map2.get("addOnPrincipalName");
            if (str2 == null || str2.equals("")) {
                return;
            }
            try {
                this.addOnPrincipal = (Principal) Class.forName(str2).getConstructor(String.class).newInstance(str3);
            } catch (Exception e) {
                throw new IllegalArgumentException("Unable to configure kerberos login module: " + e.getMessage(), e);
            }
        } catch (Exception e2) {
            throw new IllegalArgumentException("Unable to configure kerberos login module: " + e2.getMessage(), e2);
        }
    }

    public boolean login() throws LoginException {
        return this.krb5LoginModule.login();
    }

    public boolean commit() throws LoginException {
        boolean commit = this.krb5LoginModule.commit();
        if (commit) {
            if (this.addOnPrincipal != null) {
                this.subject.getPrincipals().add(this.addOnPrincipal);
            }
            this.subject.getPrincipals().addAll(this.krb5Subject.getPrincipals());
            this.subject.getPublicCredentials().addAll(this.krb5Subject.getPublicCredentials());
            this.subject.getPrivateCredentials().addAll(this.krb5Subject.getPrivateCredentials());
        }
        return commit;
    }

    public boolean abort() throws LoginException {
        return this.krb5LoginModule.abort();
    }

    public boolean logout() throws LoginException {
        if (!this.subject.isReadOnly()) {
            if (this.addOnPrincipal != null) {
                this.subject.getPrincipals().remove(this.addOnPrincipal);
            }
            this.subject.getPrincipals().removeAll(this.krb5Subject.getPrincipals());
            this.subject.getPublicCredentials().removeAll(this.krb5Subject.getPublicCredentials());
            this.subject.getPrivateCredentials().removeAll(this.krb5Subject.getPrivateCredentials());
        }
        return this.krb5LoginModule.logout();
    }
}
