package com.adventnet.authentication.internal;

import com.adventnet.authentication.NoSuchUserAccountException;
import com.adventnet.authentication.callback.ServiceCallback;
import com.adventnet.authentication.callback.ServletCallback;
import com.adventnet.authentication.util.AuthDBUtil;
import com.adventnet.authentication.util.AuthUtil;
import com.adventnet.authentication.util.AuthenticationUtil;
import com.adventnet.logging.util.FormatterUtil;
import com.adventnet.persistence.DataAccessException;
import com.adventnet.persistence.DataObject;
import com.adventnet.persistence.Row;
import java.rmi.RemoteException;
import java.security.InvalidParameterException;
import java.security.MessageDigest;
import java.security.Principal;
import java.util.Map;
import java.util.Properties;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.TextOutputCallback;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import javax.servlet.http.HttpServletRequest;
import org.jboss.security.SimplePrincipal;

/* loaded from: input_file:com/adventnet/authentication/internal/RelationalLoginModule.class */
public class RelationalLoginModule implements LoginModule {
    private static Logger logger;
    protected Subject subject = null;
    protected CallbackHandler callbackHandler = null;
    private Map sharedState = null;
    private Map options = null;
    protected String loginName = null;
    protected String service = null;
    private HttpServletRequest request = null;
    private long aid = -1;
    private byte[] pass = null;
    private boolean allowAnonymousLogin = false;
    protected String hostName = null;
    protected Properties prop = new Properties();
    protected DataObject accountDO = null;
    static Class class$com$adventnet$authentication$internal$RelationalLoginModule;

    public RelationalLoginModule() {
        logger.log(Level.FINEST, "initializing RelationLoginModule");
    }

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        logger.log(Level.FINEST, "RelationalLoginModule.initialize called with subject : {0}, callbackhandler : {1}, sharedstate map : {2} & options map : {3}", new Object[]{subject, callbackHandler, map, map2});
        this.subject = subject;
        this.callbackHandler = callbackHandler;
        this.sharedState = map;
        this.options = map2;
        if (map2.get("ALLOW_ANONYMOUS_LOGIN") != null) {
            this.allowAnonymousLogin = new Boolean((String) map2.get("ALLOW_ANONYMOUS_LOGIN")).booleanValue();
            logger.log(Level.FINEST, "allowAnonymousLogin value obtained from options is : {0}", new Boolean(this.allowAnonymousLogin));
        }
    }

    public boolean login() throws LoginException {
        byte[] bytes;
        logger.log(Level.FINEST, "RelationalLoginModule.login called");
        if (this.callbackHandler == null) {
            throw new FailedLoginException("No CallbackHandler available to garner authentication information from the user");
        }
        logger.log(Level.FINEST, "Callback Handler Name {0}", this.callbackHandler);
        Principal principal = null;
        char[] cArr = null;
        NameCallback[] nameCallbackArr = {new NameCallback("Enter the name : "), new PasswordCallback("Enter the password : ", true), new ServiceCallback(), new ServletCallback()};
        try {
            this.callbackHandler.handle(nameCallbackArr);
            int length = nameCallbackArr.length;
            for (int i = 0; i < length; i++) {
                logger.log(Level.FINEST, "callback : {0}/{1}", new Object[]{new Integer(i), new Integer(length)});
                NameCallback nameCallback = nameCallbackArr[i];
                if (nameCallback instanceof NameCallback) {
                    NameCallback nameCallback2 = nameCallback;
                    if (nameCallback2 == null || nameCallback2.getName() == null || nameCallback2.getName().equals(" ")) {
                        logger.finest("Cancel button clicked, hence quiting");
                        throw new InvalidParameterException("Parameters recieved via callback is null");
                    }
                    principal = new SimplePrincipal(nameCallback2.getName());
                    logger.log(Level.FINEST, "Principal obtained via NameCallback : {0}", principal);
                    this.loginName = principal != null ? principal.getName() : "unknown";
                } else if (nameCallback instanceof PasswordCallback) {
                    cArr = ((PasswordCallback) nameCallback).getPassword();
                    logger.log(Level.FINEST, "Password obtained via PasswordCallback");
                } else if (nameCallback instanceof ServiceCallback) {
                    this.service = ((ServiceCallback) nameCallback).getService();
                    logger.log(Level.FINEST, "service name obtained via ServiceCallback is : {0}", this.service);
                } else if (nameCallback instanceof ServletCallback) {
                    this.request = ((ServletCallback) nameCallback).getRequest();
                    logger.log(Level.FINEST, "Request obtained via ServletCallback : {0}", this.request);
                } else {
                    logger.log(Level.FINEST, "unknown callback received. ignoring this callback : {0}", nameCallback);
                }
            }
            logger.log(Level.FINEST, "details obtained from the callbacks are principal : {0}, credential : {1}, service : {2}, ServletRequest : {3}", new Object[]{principal, cArr, this.service, this.request});
            if (cArr instanceof byte[]) {
                logger.log(Level.FINEST, "password obtained via callback is instance of byte []");
                bytes = (byte[]) cArr;
            } else if (cArr instanceof char[]) {
                logger.log(Level.FINEST, "password obtained via callback is instance of char []");
                bytes = AuthUtil.getBytes(new String(cArr));
            } else {
                if (!(cArr instanceof String)) {
                    logger.log(Level.FINEST, "password obtained via callback is not instance of byte [] or char[] or string");
                    throw new FailedLoginException("Credential type obtained is not supported");
                }
                logger.log(Level.FINEST, "password obtained via callback is instance of string");
                bytes = AuthUtil.getBytes((String) cArr);
            }
            try {
                this.accountDO = AuthDBUtil.getAccountDO(this.loginName, this.service);
                this.service = (String) this.accountDO.getFirstValue("AaaService", "NAME");
                logger.log(Level.FINEST, "user data object loaded : {0}", this.accountDO);
                try {
                    if (!this.accountDO.containsTable("AaaAccount")) {
                        logger.log(Level.FINEST, "user dataobject fetched for login : {0} to access service : {1} do not contain AaaAccount row", new Object[]{this.loginName, this.service});
                        sendOutput(2, "Invalid Login Name or Password. Access denied !", this.callbackHandler);
                        throw new NoSuchUserAccountException(FormatterUtil.formatLogMsg("No account configured for login : {0} to access service : {1}", new Object[]{this.loginName, this.service}));
                    }
                    if (!this.accountDO.containsTable("AaaPassword")) {
                        logger.log(Level.FINEST, "user dataobject fetched do not contain Password row");
                        sendOutput(2, "Invalid Login Name or Password. Access denied !", this.callbackHandler);
                        throw new NoSuchUserAccountException(FormatterUtil.formatLogMsg("No password configured for login : {0} to access service : {1}", new Object[]{this.loginName, this.service}));
                    }
                    Row firstRow = this.accountDO.getFirstRow("AaaPassword");
                    logger.log(Level.FINEST, "password row fetched from user data object : {0}", firstRow);
                    String str = (String) firstRow.get("SALT");
                    String str2 = (String) firstRow.get("PASSWORD");
                    if (!((String) firstRow.get("ALGORITHM")).equals("MD5")) {
                        throw new LoginException("Unknown algorithm; only MD5 is supported");
                    }
                    byte[] bytes2 = AuthUtil.getBytes(str);
                    try {
                        MessageDigest messageDigest = MessageDigest.getInstance("MD5");
                        messageDigest.update(bytes);
                        messageDigest.update(bytes2);
                        boolean equals = AuthUtil.convertToString(messageDigest.digest()).equals(str2);
                        if (equals) {
                            return equals;
                        }
                        sendOutput(2, "Invalid Login Name or Password. Access denied !", this.callbackHandler);
                        throw new FailedLoginException("Invalid Password");
                    } catch (Exception e) {
                        LoginException loginException = new LoginException("Exception while obtained instance of MessageDigest");
                        loginException.initCause(e.fillInStackTrace());
                        throw loginException;
                    }
                } catch (DataAccessException e2) {
                    sendOutput(2, "Invalid Login Name or Password. Access denied !", this.callbackHandler);
                    NoSuchUserAccountException noSuchUserAccountException = new NoSuchUserAccountException(FormatterUtil.formatLogMsg("Exception occured while fetching account details for user : {0} to access service : {1} ", new Object[]{this.loginName, this.service}));
                    noSuchUserAccountException.initCause(e2.fillInStackTrace());
                    throw noSuchUserAccountException;
                }
            } catch (Exception e3) {
                FailedLoginException failedLoginException = new FailedLoginException("Exception while retrieving user account");
                failedLoginException.initCause(e3.fillInStackTrace());
                throw failedLoginException;
            }
        } catch (Exception e4) {
            FailedLoginException failedLoginException2 = new FailedLoginException("Exception while handling callbacks");
            failedLoginException2.initCause(e4.fillInStackTrace());
            throw failedLoginException2;
        }
    }

    public void removeBadLoginStatusIfPresent() {
        try {
            if (this.accountDO.containsTable("AaaAccBadLoginStatus")) {
                this.accountDO.deleteRow(this.accountDO.getFirstRow("AaaAccBadLoginStatus"));
                AuthDBUtil.getPurePersistenceLite().update(this.accountDO);
            }
        } catch (DataAccessException e) {
            logger.log(Level.FINEST, "DataAccessException occured when trying to remove table AaaAccBadLoginStatus from DO", e);
        } catch (RemoteException e2) {
            logger.log(Level.FINEST, "RemoteException occured while trying to remove badLoginStatus", e2);
        }
    }

    public boolean commit() throws LoginException {
        logger.log(Level.FINEST, "RelationalLoginModule.commit called");
        logger.entering("RelationalLoginModule", "commit");
        try {
            removeBadLoginStatusIfPresent();
            if (this.request != null) {
                this.prop.put("request", this.request);
                this.hostName = this.request.getRemoteHost();
            } else {
                this.request = (HttpServletRequest) this.prop.get("request");
                if (this.request != null) {
                    this.hostName = this.request.getRemoteHost();
                }
            }
            if (this.hostName == null) {
                this.hostName = AuthUtil.getHostAddress();
            }
            this.subject.getPublicCredentials().add(AuthDBUtil.constructCredential(this.accountDO, this.hostName, this.prop));
            logger.log(Level.FINEST, "Credential added to Subject as public credential");
            return true;
        } catch (Exception e) {
            logger.log(Level.FINEST, "Exception occured while commit action : {0}", (Throwable) e);
            throw new RuntimeException("Unable to Commit : RelationalLoginModule", e);
        }
    }

    public boolean abort() throws LoginException {
        logger.log(Level.FINEST, "RelationLoginModule.abort called in state loginname : {0}, hostName : {1}, service : {2}, prop : {3}", new Object[]{this.loginName, this.hostName, this.service, this.prop});
        this.request = (HttpServletRequest) this.prop.get("request");
        if (this.request != null) {
            this.hostName = this.request.getRemoteHost();
        }
        try {
            logger.log(Level.FINEST, "creating audit record with operationname LOGIN_ABORTED.");
            AuthenticationUtil.createAuditRecord(AuthenticationUtil.constructAuditRecordDO(this.loginName, this.service, this.hostName, "FAILED", "LOGIN", this.prop), null);
            if (((Integer) this.accountDO.getFirstRow("AaaAccAdminProfile").get("ALLOWED_BADLOGIN")).intValue() != -1) {
                updateBadLoginCount();
            }
            return logout();
        } catch (Exception e) {
            logger.log(Level.FINEST, "Exception caught while creating audit record for abort action");
            LoginException loginException = new LoginException("Could not create audit record");
            loginException.initCause(e);
            throw loginException;
        }
    }

    public boolean logout() throws LoginException {
        logger.log(Level.FINEST, "RelationalLoginModule.logout called");
        this.subject = null;
        this.callbackHandler = null;
        this.sharedState = null;
        this.options = null;
        this.service = null;
        this.loginName = null;
        this.pass = null;
        this.accountDO = null;
        return true;
    }

    private void updateBadLoginCount() throws Exception {
        logger.log(Level.FINEST, "updateBadLoginCount invoked.");
        try {
            Row firstRow = this.accountDO.getFirstRow("AaaPasswordStatus");
            if (((String) firstRow.get("STATUS")).equals("BADLOGIN")) {
                logger.log(Level.FINEST, "the status is already set as BADLOGIN");
                return;
            }
            int intValue = ((Integer) this.accountDO.getFirstRow("AaaAccAdminProfile").get("ALLOWED_BADLOGIN")).intValue();
            Row row = new Row("AaaAccBadLoginStatus");
            row.set("HOST", this.hostName);
            Long l = (Long) this.accountDO.getFirstValue("AaaAccount", "ACCOUNT_ID");
            row.set("ACCOUNT_ID", l);
            Row row2 = null;
            try {
                row2 = this.accountDO.getFirstRow("AaaAccBadLoginStatus", row);
            } catch (DataAccessException e) {
                logger.log(Level.FINEST, "AaaAccBadLoginStatus not present. create new entry");
                row.set("NUMOF_BADLOGIN", new Integer(1));
                row.set("UPDATEDTIME", new Long(System.currentTimeMillis()));
                this.accountDO.addRow(row);
                this.accountDO = AuthDBUtil.getPurePersistenceLite().update(this.accountDO);
                logger.log(Level.FINEST, "AccBadLoginStatus created for account id : {0}", l);
            }
            if (row2 != null) {
                int intValue2 = ((Integer) row2.get("NUMOF_BADLOGIN")).intValue();
                if (intValue2 >= intValue) {
                    logger.log(Level.FINEST, "attemptsmade > allowed bad logins");
                    firstRow.set("STATUS", "BADLOGIN");
                    firstRow.set("UPDATEDTIME", new Long(System.currentTimeMillis()));
                    this.accountDO.updateRow(firstRow);
                    this.accountDO = AuthDBUtil.getPurePersistenceLite().update(this.accountDO);
                    logger.log(Level.FINEST, "updated the password status as BADLOGIN");
                    throw new Exception("Maximum number of invalid attempts reached");
                }
                row2.set("NUMOF_BADLOGIN", new Integer(intValue2 + 1));
                row2.set("UPDATEDTIME", new Long(System.currentTimeMillis()));
                this.accountDO.updateRow(row2);
                this.accountDO = AuthDBUtil.getPurePersistenceLite().update(this.accountDO);
                logger.log(Level.FINEST, "incremented the number of bad login attempt to : {0}", new Integer(intValue2 + 1));
            }
        } catch (DataAccessException e2) {
            logger.log(Level.FINEST, "DataAccessException occured when processing to update badlogin count : {0}", e2.getMessage());
        }
    }

    private void sendOutput(int i, String str, CallbackHandler callbackHandler) throws LoginException {
        try {
            callbackHandler.handle(new Callback[]{new TextOutputCallback(i, str)});
        } catch (Exception e) {
            LoginException loginException = new LoginException("Could sent login result via callbacks");
            loginException.initCause(new Throwable(e));
            throw loginException;
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$com$adventnet$authentication$internal$RelationalLoginModule == null) {
            cls = class$("com.adventnet.authentication.internal.RelationalLoginModule");
            class$com$adventnet$authentication$internal$RelationalLoginModule = cls;
        } else {
            cls = class$com$adventnet$authentication$internal$RelationalLoginModule;
        }
        logger = Logger.getLogger(cls.getName());
    }
}
