package com.sun.management.services.authentication;

import com.sun.management.services.common.Debug;
import java.util.Map;
import java.util.Vector;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;

/* loaded from: input_file:116251-01/SUNWesmcm/reloc/$ESM_BASE/lib/solaris_impl.jar:com/sun/management/services/authentication/RbacRoleLoginModule.class */
public class RbacRoleLoginModule implements LoginModule {
    private Subject subject;
    private Map sharedState;
    private CallbackHandler ccbh;
    private static final String DEFAULT_CLASS_NAME = "com.sun.web.console.login.LoginRolesViewBean";
    private boolean debug = false;
    private boolean force_role_check = false;
    private boolean succeeded = false;
    private boolean commitSucceeded = false;
    private UserRolePrincipal up = null;
    private UserRoleCredential pc = null;
    private boolean authenticated = false;
    String host = null;
    String user = null;
    String role = null;
    PasswordCredential roleCredential = null;
    private String commandPath = null;
    private String className = null;

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        this.subject = subject;
        this.ccbh = callbackHandler;
        this.sharedState = map;
        this.commandPath = null;
        this.className = null;
        this.force_role_check = false;
        if (map2 != null) {
            this.className = (String) map2.get("presentation_class");
            this.commandPath = (String) map2.get("commandPath");
            String str = (String) map2.get("force_role_check");
            if (str != null && str.equals("true")) {
                this.force_role_check = true;
            }
        }
        if (this.commandPath == null) {
            this.commandPath = "/usr/lib/webconsole";
        }
        if (this.className == null) {
            this.className = DEFAULT_CLASS_NAME;
        }
        this.authenticated = false;
        this.succeeded = false;
        this.commitSucceeded = false;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public boolean login() throws LoginException {
        String str = null;
        this.user = null;
        try {
            this.user = (String) this.sharedState.get("javax.security.auth.login.name");
            str = (String) this.sharedState.get("pam.login.success");
        } catch (Exception e) {
        }
        if (str != null && str.equals("true")) {
            this.authenticated = true;
        }
        if (!this.authenticated || this.user == null) {
            return false;
        }
        String[] roleList = getRoleList(this.user);
        if (!this.force_role_check && (roleList == null || roleList.length == 0)) {
            return false;
        }
        int i = -1;
        Callback[] callbackArr = new Callback[1];
        try {
            RbacRoleCallback rbacRoleCallback = new RbacRoleCallback();
            callbackArr[0] = rbacRoleCallback;
            rbacRoleCallback.setPresentationClassName(this.className);
            rbacRoleCallback.setUser(this.user);
            rbacRoleCallback.setRolelist(roleList);
            this.ccbh.handle(callbackArr);
            this.role = rbacRoleCallback.getRole();
            if (this.role == null || this.role.equals("**NOROLE**")) {
                return false;
            }
            if (roleList == null || roleList.length == 0) {
                Debug.trace1("RbacRoleLogin: bad role assumption");
                throw new Exception("bad role assumption");
            }
            this.host = rbacRoleCallback.getHost();
            this.role = rbacRoleCallback.getRole();
            this.roleCredential = rbacRoleCallback.getRoleCredential();
            try {
                new Vector();
                try {
                    Vector exec = new ExecProcess(new String[]{new StringBuffer().append(this.commandPath).append("/pamverifier").toString(), "authrole", this.role, this.user, this.roleCredential.getUserPassword()}).exec();
                    if (exec != null) {
                        i = Integer.parseInt(((String[]) exec.elementAt(0))[0].trim());
                    }
                    if (i != 0) {
                        Debug.trace1(new StringBuffer().append("RbacRoleLogin: invalid role: ").append(this.role).toString());
                        throw new Exception("invalid role or credential");
                    }
                    this.succeeded = true;
                    this.sharedState.put("rbac.role.name", this.role);
                    Debug.trace1(new StringBuffer().append("RbacRoleLogin: role assumed: ").append(this.role).toString());
                    return true;
                } catch (Exception e2) {
                    Debug.trace1(new StringBuffer().append("RbacRoleLogin: login failed: ").append(e2.getMessage()).toString());
                    throw new LoginException("RbacRoleLogin: login failure");
                }
            } catch (Exception e3) {
                Debug.trace1(new StringBuffer().append("RbacRoleLogin: role failed: ").append(e3.getMessage()).toString());
                throw new LoginException("RbacRoleLogin: role failed");
            }
        } catch (Exception e4) {
            Debug.trace1(new StringBuffer().append("RbacRoleLogin: login failed: ").append(e4.getMessage()).toString());
            throw new LoginException("RbacRoleLogin: login failure");
        }
    }

    public boolean commit() throws LoginException {
        UserRoleCredential userRoleCredential;
        UserRolePrincipal userRolePrincipal;
        if (!this.succeeded) {
            return true;
        }
        if (this.subject == null) {
            Debug.trace1("RbacRoleLogin: no subject in commit");
            throw new FailedLoginException("RbacRoleLogin: no subject");
        }
        Object[] array = this.subject.getPrincipals().toArray();
        Object[] array2 = this.subject.getPrivateCredentials().toArray();
        for (Object obj : array) {
            try {
                userRolePrincipal = (UserRolePrincipal) obj;
            } catch (Exception e) {
            }
            if (this.host.equals(userRolePrincipal.getHostName())) {
                userRolePrincipal.setRoleName(this.role);
                break;
            }
        }
        for (Object obj2 : array2) {
            try {
                userRoleCredential = (UserRoleCredential) obj2;
            } catch (Exception e2) {
            }
            if (this.host.equals(userRoleCredential.getHostName())) {
                userRoleCredential.setRolePassword(this.roleCredential.getUserPassword());
                break;
            }
        }
        this.commitSucceeded = true;
        return true;
    }

    public boolean abort() throws LoginException {
        if (this.commitSucceeded) {
            logout();
        }
        this.succeeded = false;
        this.commitSucceeded = false;
        this.role = null;
        this.up = null;
        this.pc = null;
        return true;
    }

    public boolean logout() throws LoginException {
        return true;
    }

    private String[] getRoleList(String str) {
        Vector vector;
        String[] strArr = null;
        Debug.trace3("RbacRoleLogin: getting roles");
        new Vector();
        try {
            vector = new ExecProcess(new String[]{new StringBuffer().append(this.commandPath).append("/pamverifier").toString(), "getUserRoles", str}).exec();
        } catch (Exception e) {
            Debug.trace1(new StringBuffer().append("PamLogin: exception getting roles: ").append(e.getMessage()).toString());
            vector = null;
        }
        if (vector != null && vector.size() != 0) {
            strArr = (String[]) vector.elementAt(0);
            if (strArr != null && strArr.length != 0) {
                for (int i = 0; i < strArr.length; i++) {
                    strArr[i] = strArr[i].trim();
                }
            }
            Debug.trace3(new StringBuffer().append("RbacRoleLogin: retrieved ").append(strArr.length).append(" roles").toString());
        }
        return strArr;
    }
}
