package org.pentaho.platform.osgi;

import java.io.IOException;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import org.apache.karaf.jaas.boot.principal.RolePrincipal;
import org.apache.karaf.jaas.boot.principal.UserPrincipal;
import org.apache.karaf.jaas.modules.AbstractKarafLoginModule;
import org.pentaho.platform.api.engine.IAuthorizationPolicy;
import org.pentaho.platform.engine.core.system.PentahoSessionHolder;
import org.pentaho.platform.engine.core.system.PentahoSystem;
import org.pentaho.platform.engine.core.system.StandaloneSession;
import org.pentaho.platform.engine.security.SecurityHelper;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;

/* loaded from: input_file:org/pentaho/platform/osgi/SpringSecurityLoginModule.class */
public class SpringSecurityLoginModule extends AbstractKarafLoginModule {
    public static final String KARAF_ADMIN = "karaf_admin";
    private AuthenticationManager authenticationManager = null;
    private IAuthorizationPolicy authorizationPolicy = null;

    public AuthenticationManager getAuthenticationManager() {
        if (this.authenticationManager == null) {
            this.authenticationManager = (AuthenticationManager) PentahoSystem.get(AuthenticationManager.class);
        }
        return this.authenticationManager;
    }

    public IAuthorizationPolicy getAuthorizationPolicy() {
        if (this.authorizationPolicy == null) {
            this.authorizationPolicy = (IAuthorizationPolicy) PentahoSystem.get(IAuthorizationPolicy.class);
        }
        return this.authorizationPolicy;
    }

    public void setAuthenticationManager(AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
    }

    public void setAuthorizationPolicy(IAuthorizationPolicy iAuthorizationPolicy) {
        this.authorizationPolicy = iAuthorizationPolicy;
    }

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        super.initialize(subject, callbackHandler, map2);
    }

    public boolean login() throws LoginException {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication != null) {
            NameCallback[] nameCallbackArr = {new NameCallback("User: ")};
            try {
                this.callbackHandler.handle(nameCallbackArr);
                String name = nameCallbackArr[0].getName();
                if (name == null) {
                    throw new LoginException("User name is null");
                }
                if (!name.equals(authentication.getName())) {
                    authentication = null;
                }
            } catch (IOException e) {
                throw new LoginException(e.getMessage());
            } catch (UnsupportedCallbackException e2) {
                throw new LoginException("Unable to interactively Authenticate with user: " + e2.getMessage());
            }
        }
        if (authentication == null) {
            NameCallback[] nameCallbackArr2 = {new NameCallback("User: "), new PasswordCallback("Password: ", false)};
            try {
                this.callbackHandler.handle(nameCallbackArr2);
                String name2 = nameCallbackArr2[0].getName();
                char[] password = ((PasswordCallback) nameCallbackArr2[1]).getPassword();
                if (password == null || name2 == null) {
                    throw new LoginException("User Name and Password cannot be null");
                }
                UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(name2, String.valueOf(new String(password)));
                StandaloneSession standaloneSession = new StandaloneSession(name2);
                PentahoSessionHolder.setSession(standaloneSession);
                try {
                    authentication = getAuthenticationManager().authenticate(usernamePasswordAuthenticationToken);
                    if (authentication != null && !authentication.isAuthenticated()) {
                        throw new IllegalStateException("Got a bad authentication");
                    }
                    if (authentication == null) {
                        throw new IllegalStateException("Not Authenticated");
                    }
                } catch (Exception e3) {
                    standaloneSession.destroy();
                    PentahoSessionHolder.removeSession();
                    throw new LoginException(e3.getMessage());
                }
            } catch (IOException e4) {
                throw new LoginException(e4.getMessage());
            } catch (UnsupportedCallbackException e5) {
                throw new LoginException("Unable to interactively Authenticate with user: " + e5.getMessage());
            }
        }
        this.principals = new HashSet();
        this.principals.add(new UserPrincipal(authentication.getName()));
        Collection authorities = authentication.getAuthorities();
        if (authorities != null) {
            Iterator it = authorities.iterator();
            while (it.hasNext()) {
                this.principals.add(new RolePrincipal(((GrantedAuthority) it.next()).getAuthority()));
            }
        }
        SecurityHelper.getInstance().becomeUser(authentication.getName());
        if (!getAuthorizationPolicy().isAllowed("org.pentaho.security.administerSecurity")) {
            return true;
        }
        this.principals.add(new RolePrincipal(KARAF_ADMIN));
        return true;
    }

    public boolean abort() throws LoginException {
        clear();
        return true;
    }

    public boolean logout() throws LoginException {
        this.subject.getPrincipals().removeAll(this.principals);
        this.principals.clear();
        return true;
    }
}
