package org.apache.geronimo.derby;

import java.sql.SQLException;
import java.util.Properties;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.derby.authentication.UserAuthenticator;
import org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal;

/* loaded from: input_file:org/apache/geronimo/derby/DerbyUserAuthenticator.class */
public class DerbyUserAuthenticator implements UserAuthenticator {
    private static final Log log = LogFactory.getLog("DerbyUserAuthenticator");
    private static final String configName = "geronimo-admin";

    public boolean authenticateUser(String str, String str2, String str3, Properties properties) throws SQLException {
        Thread currentThread = Thread.currentThread();
        ClassLoader contextClassLoader = currentThread.getContextClassLoader();
        Credentials credentials = new Credentials(str, str2);
        try {
            try {
                currentThread.setContextClassLoader(DerbyUserAuthenticator.class.getClassLoader());
                LoginContext loginContext = new LoginContext(configName, credentials);
                loginContext.login();
                boolean z = false;
                for (GeronimoGroupPrincipal geronimoGroupPrincipal : loginContext.getSubject().getPrincipals(GeronimoGroupPrincipal.class)) {
                    if (geronimoGroupPrincipal.getName().equalsIgnoreCase("derbyadmin")) {
                        credentials.clear();
                        currentThread.setContextClassLoader(contextClassLoader);
                        return true;
                    }
                    if (str3 != null) {
                        z = geronimoGroupPrincipal.getName().equalsIgnoreCase("derby_" + str3);
                    }
                }
                if (!z) {
                    logAuthenticationFailure(str, str2, str3);
                }
                boolean z2 = z;
                credentials.clear();
                currentThread.setContextClassLoader(contextClassLoader);
                return z2;
            } catch (LoginException e) {
                logAuthenticationFailure(str, str2, str3);
                credentials.clear();
                currentThread.setContextClassLoader(contextClassLoader);
                return false;
            }
        } catch (Throwable th) {
            credentials.clear();
            currentThread.setContextClassLoader(contextClassLoader);
            throw th;
        }
    }

    private void logAuthenticationFailure(String str, String str2, String str3) {
        log.warn("User authentication failure (userName userPassword databaseName): " + str + " " + str2 + " " + str3);
    }
}
