package org.jasig.cas.client.jaas;

import java.beans.BeanInfo;
import java.beans.IntrospectionException;
import java.beans.Introspector;
import java.beans.PropertyDescriptor;
import java.io.IOException;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.Executor;
import java.util.concurrent.Executors;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.jasig.cas.client.authentication.SimpleGroup;
import org.jasig.cas.client.authentication.SimplePrincipal;
import org.jasig.cas.client.util.CommonUtils;
import org.jasig.cas.client.util.ReflectUtils;
import org.jasig.cas.client.validation.Assertion;
import org.jasig.cas.client.validation.TicketValidator;
import org.springframework.security.cas.ServiceProperties;

/* loaded from: input_file:WEB-INF/lib/cas-client-core-3.1.12.jar:org/jasig/cas/client/jaas/CasLoginModule.class */
public class CasLoginModule implements LoginModule {
    public static final String LOGIN_NAME = "javax.security.auth.login.name";
    public static final String DEFAULT_PRINCIPAL_GROUP_NAME = "CallerPrincipal";
    public static final String DEFAULT_ROLE_GROUP_NAME = "Roles";
    public static final int DEFAULT_CACHE_TIMEOUT = 480;
    protected static final Map ASSERTION_CACHE = new HashMap();
    protected static Executor cacheCleanerExecutor = Executors.newSingleThreadExecutor();
    protected Subject subject;
    protected CallbackHandler callbackHandler;
    protected TicketValidator ticketValidator;
    protected String service;
    protected Assertion assertion;
    protected TicketCredential ticket;
    protected Map sharedState;
    protected String[] defaultRoles;
    protected boolean cacheAssertions;
    protected int cacheTimeout;
    static Class class$org$jasig$cas$client$jaas$AssertionPrincipal;
    static Class class$org$jasig$cas$client$authentication$SimplePrincipal;
    static Class class$org$jasig$cas$client$authentication$SimpleGroup;
    static Class class$org$jasig$cas$client$jaas$TicketCredential;
    static Class class$java$lang$String;
    protected final Log log = LogFactory.getLog(getClass());
    protected Set roleAttributeNames = new HashSet();
    protected String principalGroupName = DEFAULT_PRINCIPAL_GROUP_NAME;
    protected String roleGroupName = DEFAULT_ROLE_GROUP_NAME;

    /* renamed from: org.jasig.cas.client.jaas.CasLoginModule$1, reason: invalid class name */
    /* loaded from: input_file:WEB-INF/lib/cas-client-core-3.1.12.jar:org/jasig/cas/client/jaas/CasLoginModule$1.class */
    static class AnonymousClass1 {
    }

    /* loaded from: input_file:WEB-INF/lib/cas-client-core-3.1.12.jar:org/jasig/cas/client/jaas/CasLoginModule$CacheCleaner.class */
    private class CacheCleaner implements Runnable {
        private final CasLoginModule this$0;

        private CacheCleaner(CasLoginModule casLoginModule) {
            this.this$0 = casLoginModule;
        }

        @Override // java.lang.Runnable
        public void run() {
            if (this.this$0.log.isDebugEnabled()) {
                this.this$0.log.debug(new StringBuffer().append("Cleaning assertion cache of size ").append(CasLoginModule.ASSERTION_CACHE.size()).toString());
            }
            Iterator it = CasLoginModule.ASSERTION_CACHE.entrySet().iterator();
            Calendar calendar = Calendar.getInstance();
            calendar.add(12, -this.this$0.cacheTimeout);
            while (it.hasNext()) {
                Assertion assertion = (Assertion) ((Map.Entry) it.next()).getValue();
                Calendar calendar2 = Calendar.getInstance();
                calendar2.setTime(assertion.getValidFromDate());
                if (calendar2.before(calendar)) {
                    if (this.this$0.log.isDebugEnabled()) {
                        this.this$0.log.debug(new StringBuffer().append("Removing expired assertion for principal ").append(assertion.getPrincipal()).toString());
                    }
                    it.remove();
                }
            }
        }

        CacheCleaner(CasLoginModule casLoginModule, AnonymousClass1 anonymousClass1) {
            this(casLoginModule);
        }
    }

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        this.assertion = null;
        this.callbackHandler = callbackHandler;
        this.subject = subject;
        this.sharedState = map;
        String str = null;
        for (Object obj : map2.keySet()) {
            this.log.trace(new StringBuffer().append("Processing option ").append(obj).toString());
            if (ServiceProperties.DEFAULT_CAS_SERVICE_PARAMETER.equals(obj)) {
                this.service = (String) map2.get(obj);
                this.log.debug(new StringBuffer().append("Set service=").append(this.service).toString());
            } else if ("ticketValidatorClass".equals(obj)) {
                str = (String) map2.get(obj);
                this.log.debug(new StringBuffer().append("Set ticketValidatorClass=").append(str).toString());
            } else if ("defaultRoles".equals(obj)) {
                String str2 = (String) map2.get(obj);
                this.log.trace(new StringBuffer().append("Got defaultRoles value ").append(str2).toString());
                this.defaultRoles = str2.split(",\\s*");
                this.log.debug(new StringBuffer().append("Set defaultRoles=").append(Arrays.asList(this.defaultRoles)).toString());
            } else if ("roleAttributeNames".equals(obj)) {
                String str3 = (String) map2.get(obj);
                this.log.trace(new StringBuffer().append("Got roleAttributeNames value ").append(str3).toString());
                this.roleAttributeNames.addAll(Arrays.asList(str3.split(",\\s*")));
                this.log.debug(new StringBuffer().append("Set roleAttributeNames=").append(this.roleAttributeNames).toString());
            } else if ("principalGroupName".equals(obj)) {
                this.principalGroupName = (String) map2.get(obj);
                this.log.debug(new StringBuffer().append("Set principalGroupName=").append(this.principalGroupName).toString());
            } else if ("roleGroupName".equals(obj)) {
                this.roleGroupName = (String) map2.get(obj);
                this.log.debug(new StringBuffer().append("Set roleGroupName=").append(this.roleGroupName).toString());
            } else if ("cacheAssertions".equals(obj)) {
                this.cacheAssertions = Boolean.parseBoolean((String) map2.get(obj));
                this.log.debug(new StringBuffer().append("Set cacheAssertions=").append(this.cacheAssertions).toString());
            } else if ("cacheTimeout".equals(obj)) {
                this.cacheTimeout = Integer.parseInt((String) map2.get(obj));
                this.log.debug(new StringBuffer().append("Set cacheTimeout=").append(this.cacheTimeout).toString());
            }
        }
        if (this.cacheAssertions) {
            cacheCleanerExecutor.execute(new CacheCleaner(this, null));
        }
        CommonUtils.assertNotNull(str, "ticketValidatorClass is required.");
        this.ticketValidator = createTicketValidator(str, map2);
    }

    public boolean login() throws LoginException {
        this.log.debug("Performing login.");
        Callback nameCallback = new NameCallback(ServiceProperties.DEFAULT_CAS_SERVICE_PARAMETER);
        PasswordCallback passwordCallback = new PasswordCallback("ticket", false);
        try {
            this.callbackHandler.handle(new Callback[]{passwordCallback, nameCallback});
            if (passwordCallback.getPassword() == null) {
                this.log.info("Login failed because callback handler did not provide CAS ticket.");
                throw new LoginException("Callback handler did not provide CAS ticket.");
            }
            this.ticket = new TicketCredential(new String(passwordCallback.getPassword()));
            String name = CommonUtils.isNotBlank(nameCallback.getName()) ? nameCallback.getName() : this.service;
            if (this.cacheAssertions) {
                synchronized (ASSERTION_CACHE) {
                    if (ASSERTION_CACHE.get(this.ticket) != null) {
                        this.log.debug("Assertion found in cache.");
                        this.assertion = (Assertion) ASSERTION_CACHE.get(this.ticket);
                    }
                }
            }
            if (this.assertion == null) {
                this.log.debug("CAS assertion is null; ticket validation required.");
                if (CommonUtils.isBlank(name)) {
                    this.log.info("Login failed because required CAS service parameter not provided.");
                    throw new LoginException("Neither login module nor callback handler provided required service parameter.");
                }
                try {
                    if (this.log.isDebugEnabled()) {
                        this.log.debug(new StringBuffer().append("Attempting ticket validation with service=").append(name).append(" and ticket=").append(this.ticket).toString());
                    }
                    this.assertion = this.ticketValidator.validate(this.ticket.getTicket(), name);
                } catch (Exception e) {
                    this.log.info(new StringBuffer().append("Login failed due to CAS ticket validation failure: ").append(e).toString());
                    throw ((LoginException) new LoginException(new StringBuffer().append("CAS ticket validation failed: ").append(e).toString()).initCause(e));
                }
            }
            this.log.info("Login succeeded.");
            return true;
        } catch (IOException e2) {
            this.log.info(new StringBuffer().append("Login failed due to IO exception in callback handler: ").append(e2).toString());
            throw ((LoginException) new LoginException(new StringBuffer().append("IO exception in callback handler: ").append(e2).toString()).initCause(e2));
        } catch (UnsupportedCallbackException e3) {
            this.log.info(new StringBuffer().append("Login failed due to unsupported callback: ").append(e3).toString());
            throw ((LoginException) new LoginException("Callback handler does not support PasswordCallback and TextInputCallback.").initCause(e3));
        }
    }

    public boolean abort() throws LoginException {
        if (this.ticket != null) {
            this.ticket = null;
        }
        if (this.assertion == null) {
            return true;
        }
        this.assertion = null;
        return true;
    }

    public boolean commit() throws LoginException {
        if (this.assertion == null) {
            if (this.ticket == null) {
                return true;
            }
            this.ticket = null;
            return true;
        }
        if (this.ticket == null) {
            throw new LoginException("Ticket credential not found.");
        }
        this.subject.getPrivateCredentials().add(this.ticket);
        AssertionPrincipal assertionPrincipal = new AssertionPrincipal(this.assertion.getPrincipal().getName(), this.assertion);
        this.subject.getPrincipals().add(assertionPrincipal);
        SimpleGroup simpleGroup = new SimpleGroup(this.principalGroupName);
        simpleGroup.addMember(assertionPrincipal);
        this.subject.getPrincipals().add(simpleGroup);
        SimpleGroup simpleGroup2 = new SimpleGroup(this.roleGroupName);
        for (int i = 0; i < this.defaultRoles.length; i++) {
            simpleGroup2.addMember(new SimplePrincipal(this.defaultRoles[i]));
        }
        Map attributes = this.assertion.getPrincipal().getAttributes();
        for (Object obj : attributes.keySet()) {
            if (this.roleAttributeNames.contains(obj)) {
                Object obj2 = attributes.get(obj);
                if (obj2 instanceof Collection) {
                    Iterator it = ((Collection) obj2).iterator();
                    while (it.hasNext()) {
                        simpleGroup2.addMember(new SimplePrincipal(it.next().toString()));
                    }
                } else {
                    simpleGroup2.addMember(new SimplePrincipal(obj2.toString()));
                }
            }
        }
        this.subject.getPrincipals().add(simpleGroup2);
        this.sharedState.put(LOGIN_NAME, assertionPrincipal.getName());
        if (this.log.isDebugEnabled() && this.log.isDebugEnabled()) {
            this.log.debug(new StringBuffer().append("Created JAAS subject with principals: ").append(this.subject.getPrincipals()).toString());
        }
        if (!this.cacheAssertions) {
            return true;
        }
        if (this.log.isDebugEnabled()) {
            this.log.debug(new StringBuffer().append("Caching assertion for principal ").append(this.assertion.getPrincipal()).toString());
        }
        ASSERTION_CACHE.put(this.ticket, this.assertion);
        return true;
    }

    public boolean logout() throws LoginException {
        Class cls;
        Class cls2;
        Class cls3;
        Class cls4;
        this.log.debug("Performing logout.");
        if (class$org$jasig$cas$client$jaas$AssertionPrincipal == null) {
            cls = class$("org.jasig.cas.client.jaas.AssertionPrincipal");
            class$org$jasig$cas$client$jaas$AssertionPrincipal = cls;
        } else {
            cls = class$org$jasig$cas$client$jaas$AssertionPrincipal;
        }
        removePrincipalsOfType(cls);
        if (class$org$jasig$cas$client$authentication$SimplePrincipal == null) {
            cls2 = class$("org.jasig.cas.client.authentication.SimplePrincipal");
            class$org$jasig$cas$client$authentication$SimplePrincipal = cls2;
        } else {
            cls2 = class$org$jasig$cas$client$authentication$SimplePrincipal;
        }
        removePrincipalsOfType(cls2);
        if (class$org$jasig$cas$client$authentication$SimpleGroup == null) {
            cls3 = class$("org.jasig.cas.client.authentication.SimpleGroup");
            class$org$jasig$cas$client$authentication$SimpleGroup = cls3;
        } else {
            cls3 = class$org$jasig$cas$client$authentication$SimpleGroup;
        }
        removePrincipalsOfType(cls3);
        if (class$org$jasig$cas$client$jaas$TicketCredential == null) {
            cls4 = class$("org.jasig.cas.client.jaas.TicketCredential");
            class$org$jasig$cas$client$jaas$TicketCredential = cls4;
        } else {
            cls4 = class$org$jasig$cas$client$jaas$TicketCredential;
        }
        removeCredentialsOfType(cls4);
        this.log.info("Logout succeeded.");
        return true;
    }

    private TicketValidator createTicketValidator(String str, Map map) {
        CommonUtils.assertTrue(map.containsKey("casServerUrlPrefix"), "Required property casServerUrlPrefix not found.");
        Class loadClass = ReflectUtils.loadClass(str);
        TicketValidator ticketValidator = (TicketValidator) ReflectUtils.newInstance(loadClass, new Object[]{map.get("casServerUrlPrefix")});
        try {
            BeanInfo beanInfo = Introspector.getBeanInfo(loadClass);
            for (String str2 : map.keySet()) {
                if (!"casServerUrlPrefix".equals(str2)) {
                    this.log.debug(new StringBuffer().append("Attempting to set TicketValidator property ").append(str2).toString());
                    String str3 = (String) map.get(str2);
                    PropertyDescriptor propertyDescriptor = ReflectUtils.getPropertyDescriptor(beanInfo, str2);
                    if (propertyDescriptor != null) {
                        ReflectUtils.setProperty(str2, convertIfNecessary(propertyDescriptor, str3), ticketValidator, beanInfo);
                        this.log.debug(new StringBuffer().append("Set ").append(str2).append("=").append(str3).toString());
                    } else {
                        this.log.warn(new StringBuffer().append("Cannot find property ").append(str2).append(" on ").append(str).toString());
                    }
                }
            }
            return ticketValidator;
        } catch (IntrospectionException e) {
            throw new RuntimeException(new StringBuffer().append("Error getting bean info for ").append(loadClass).toString(), e);
        }
    }

    private static Object convertIfNecessary(PropertyDescriptor propertyDescriptor, String str) {
        Class cls;
        if (class$java$lang$String == null) {
            cls = class$("java.lang.String");
            class$java$lang$String = cls;
        } else {
            cls = class$java$lang$String;
        }
        if (cls.equals(propertyDescriptor.getPropertyType())) {
            return str;
        }
        if (Boolean.TYPE.equals(propertyDescriptor.getPropertyType())) {
            return Boolean.valueOf(str);
        }
        if (Integer.TYPE.equals(propertyDescriptor.getPropertyType())) {
            return new Integer(str);
        }
        if (Long.TYPE.equals(propertyDescriptor.getPropertyType())) {
            return new Long(str);
        }
        throw new IllegalArgumentException(new StringBuffer().append("No conversion strategy exists for property ").append(propertyDescriptor.getName()).append(" of type ").append(propertyDescriptor.getPropertyType()).toString());
    }

    private void removePrincipalsOfType(Class cls) {
        Iterator it = this.subject.getPrincipals(cls).iterator();
        while (it.hasNext()) {
            this.subject.getPrincipals().remove(it.next());
        }
    }

    private void removeCredentialsOfType(Class cls) {
        Iterator it = this.subject.getPrivateCredentials(cls).iterator();
        while (it.hasNext()) {
            this.subject.getPrivateCredentials().remove(it.next());
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }
}
