package com.sun.management.services.authentication;

import com.iplanet.sso.SSOTokenEvent;
import com.sun.management.services.audit.ConsoleAuditEvent;
import com.sun.management.services.common.Debug;
import java.util.Map;
import java.util.Vector;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;

/* loaded from: input_file:116251-01/SUNWesmcm/reloc/$ESM_BASE/lib/solaris_impl.jar:com/sun/management/services/authentication/PamLoginModule.class */
public class PamLoginModule implements LoginModule {
    private Subject subject;
    private Map sharedState;
    private boolean succeeded;
    private boolean commitSucceeded;
    private CallbackHandler ccbh;
    private String user;
    private String host;
    private PasswordCredential cred;
    private UserRolePrincipal up;
    private UserRoleCredential pc;
    private String commandPath;
    private String className;
    private boolean try_first_pass;
    private boolean try_mapped_pass;
    private boolean use_first_pass;
    private boolean use_mapped_pass;
    private boolean debug = false;
    private static final String DEFAULT_CLASS_NAME = "com.sun.web.console.login.LoginViewBean";

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        this.subject = subject;
        this.ccbh = callbackHandler;
        this.sharedState = map;
        this.commandPath = null;
        this.className = null;
        this.use_first_pass = true;
        this.try_first_pass = false;
        this.use_mapped_pass = false;
        this.try_mapped_pass = false;
        if (map2 != null) {
            this.className = (String) map2.get("presentation_class");
            this.commandPath = (String) map2.get("commandPath");
        }
        if (this.commandPath == null) {
            this.commandPath = "/usr/lib/webconsole";
        }
        if (this.className == null) {
            this.className = DEFAULT_CLASS_NAME;
        }
        this.user = null;
        this.host = null;
        this.cred = null;
        this.succeeded = false;
        this.commitSucceeded = false;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public boolean login() throws LoginException {
        this.succeeded = false;
        if (this.sharedState != null) {
            this.user = (String) this.sharedState.get("javax.security.auth.login.name");
            this.cred = (PasswordCredential) this.sharedState.get("javax.security.auth.login.password");
            this.host = (String) this.sharedState.get("console.login.host");
        }
        int i = -1;
        if (this.user != null && this.user.trim().length() > 0) {
            try {
                i = attemptLogin(this.user, this.cred, this.host);
            } catch (Exception e) {
                throw new LoginException(new StringBuffer().append("PamLogin: login failed: ").append(e.getMessage()).toString());
            }
        }
        switch (i) {
            case ConsoleAuditEvent.SUCCESS /* 0 */:
                Debug.trace1(new StringBuffer().append("PamLogin: login succeeded: ").append(this.user).toString());
                setAuthValues(this.user, this.cred, this.host);
                this.succeeded = true;
                this.sharedState.put("pam.login.success", "true");
                return true;
            case 1:
                Debug.trace1(new StringBuffer().append("PamLogin: unknown user: ").append(this.user).toString());
                throw new LoginException("PamLogin: login failed");
            case SSOTokenEvent.SSO_TOKEN_MAX_TIMEOUT /* 2 */:
                if (this.use_first_pass || this.use_mapped_pass) {
                    Debug.trace1(new StringBuffer().append("PamLogin: login failed: ").append(this.user).toString());
                    throw new FailedLoginException("PamLogin: login failed");
                }
                break;
        }
        Callback[] callbackArr = new Callback[1];
        try {
            PamCallback pamCallback = new PamCallback();
            callbackArr[0] = pamCallback;
            ((PamCallback) callbackArr[0]).setPresentationClassName(this.className);
            if (this.user != null) {
                pamCallback.setUser(this.user);
            }
            this.ccbh.handle(callbackArr);
            this.user = pamCallback.getUser();
            this.cred = pamCallback.getUserCredential();
            this.host = pamCallback.getHost();
            int attemptLogin = attemptLogin(this.user, this.cred, this.host);
            try {
                if (this.sharedState != null) {
                    this.sharedState.put("javax.security.auth.login.name", this.user);
                    this.sharedState.put("javax.security.auth.login.password", this.cred);
                    this.sharedState.put("console.login.host", this.host);
                }
            } catch (Exception e2) {
                Debug.trace1(new StringBuffer().append("PamLogin: error setting shared state: ").append(e2.getMessage()).toString());
            }
            this.succeeded = false;
            switch (attemptLogin) {
                case ConsoleAuditEvent.SUCCESS /* 0 */:
                    Debug.trace1(new StringBuffer().append("PamLogin: login succeeded: ").append(this.user).toString());
                    setAuthValues(this.user, this.cred, this.host);
                    this.sharedState.put("pam.login.success", "true");
                    this.succeeded = true;
                    return this.succeeded;
                case 1:
                    Debug.trace1(new StringBuffer().append("PamLogin: unknown user: ").append(this.user).toString());
                    throw new LoginException("PamLogin: login failed");
                case SSOTokenEvent.SSO_TOKEN_MAX_TIMEOUT /* 2 */:
                default:
                    Debug.trace1("PamLogin: login failed: pamverifier");
                    throw new LoginException("PamLogin: login failed");
            }
        } catch (Exception e3) {
            Debug.trace1(new StringBuffer().append("PamLogin: login failed: ").append(e3.getMessage()).toString());
            throw new LoginException("PamLogin: login failed");
        }
    }

    public boolean commit() throws LoginException {
        if (!this.succeeded) {
            return true;
        }
        if (this.subject == null) {
            throw new LoginException("PamLogin: commit failed");
        }
        if (this.up != null && !this.subject.getPrincipals().contains(this.up)) {
            this.subject.getPrincipals().add(this.up);
        }
        if (this.pc != null && !this.subject.getPrivateCredentials().contains(this.pc)) {
            this.subject.getPrivateCredentials().add(this.pc);
        }
        this.commitSucceeded = true;
        return true;
    }

    public boolean abort() throws LoginException {
        if (this.commitSucceeded) {
            logout();
        }
        this.up = null;
        if (this.pc != null) {
            this.pc.clearUserPassword();
            this.pc.clearRolePassword();
            this.pc = null;
        }
        this.succeeded = false;
        this.commitSucceeded = false;
        return true;
    }

    public boolean logout() throws LoginException {
        if (this.subject == null) {
            return true;
        }
        Object[] array = this.subject.getPrincipals().toArray();
        int i = 0;
        while (true) {
            if (i >= array.length) {
                break;
            }
            if (array[i] instanceof UserRolePrincipal) {
                this.subject.getPrincipals().remove(array[i]);
                break;
            }
            i++;
        }
        Object[] array2 = this.subject.getPrivateCredentials().toArray();
        for (int i2 = 0; i2 < array2.length; i2++) {
            if (array2[i2] instanceof UserRoleCredential) {
                UserRoleCredential userRoleCredential = (UserRoleCredential) array2[i2];
                this.subject.getPrivateCredentials().remove(this.pc);
                userRoleCredential.clearUserPassword();
                userRoleCredential.clearRolePassword();
                return true;
            }
        }
        return true;
    }

    private int attemptLogin(String str, PasswordCredential passwordCredential, String str2) {
        int i;
        String[] strArr;
        try {
            Vector vector = null;
            try {
                vector = new ExecProcess(new String[]{new StringBuffer().append(this.commandPath).append("/pamverifier").toString(), "authuser", str, "NULL", this.cred.getUserPassword()}).exec();
            } catch (Exception e) {
                Debug.trace1(new StringBuffer().append("PamLogin: login failed: ").append(e.getMessage()).toString());
            }
            i = 2;
            if (vector != null && vector.size() != 0 && (strArr = (String[]) vector.elementAt(0)) != null && strArr.length > 0) {
                i = Integer.parseInt(strArr[0].trim());
            }
        } catch (Exception e2) {
            Debug.trace1(new StringBuffer().append("PamLogin: PAM auth failed: ").append(e2.getMessage()).toString());
            i = 2;
        }
        return i;
    }

    private void setAuthValues(String str, PasswordCredential passwordCredential, String str2) {
        this.up = new UserRolePrincipal(str, null);
        this.up.setHostName(str2);
        this.pc = new UserRoleCredential(passwordCredential.getUserPassword(), null);
        this.pc.setHostName(str2);
    }
}
