package com.ibm.ws.security.authentication.jaas.modules;

import com.ibm.ejs.ras.TraceNLS;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.AccessIdUtil;
import com.ibm.ws.security.authentication.AuthenticationException;
import com.ibm.ws.security.authentication.internal.jaas.modules.ServerCommonLoginModule;
import com.ibm.ws.security.registry.UserRegistry;
import java.io.IOException;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:wlp/lib/com.ibm.ws.security.authentication.builtin_1.0.9.jar:com/ibm/ws/security/authentication/jaas/modules/UsernameAndPasswordLoginModule.class */
public class UsernameAndPasswordLoginModule extends ServerCommonLoginModule implements LoginModule {
    private static final TraceComponent tc = Tr.register((Class<?>) UsernameAndPasswordLoginModule.class, "Authentication", "com.ibm.ws.security.authentication.internal.resources.AuthenticationMessages");
    private UserRegistry userRegistry;
    private String username = null;
    private String urAuthenticatedId = null;
    static final long serialVersionUID = -1034522143030294360L;

    @FFDCIgnore({AuthenticationException.class, IllegalArgumentException.class})
    public boolean login() throws LoginException {
        if (isAlreadyProcessed()) {
            if (!TraceComponent.isAnyTracingEnabled() || !tc.isDebugEnabled()) {
                return false;
            }
            Tr.debug(tc, "Already processed by other login module, abstaining.", new Object[0]);
            return false;
        }
        try {
            NameCallback[] requiredCallbacks = getRequiredCallbacks(this.callbackHandler);
            String name = requiredCallbacks[0].getName();
            char[] password = ((PasswordCallback) requiredCallbacks[1]).getPassword();
            if (name == null || password == null || name.trim().isEmpty()) {
                return false;
            }
            setAlreadyProcessed();
            this.userRegistry = getUserRegistry();
            this.urAuthenticatedId = this.userRegistry.checkPassword(name, String.valueOf(password));
            if (this.urAuthenticatedId == null) {
                Tr.audit(tc, "JAAS_AUTHENTICATION_FAILED_BADUSERPWD", name);
                throw new AuthenticationException(TraceNLS.getFormattedMessage(getClass(), "com.ibm.ws.security.authentication.internal.resources.AuthenticationMessages", "JAAS_AUTHENTICATION_FAILED_BADUSERPWD", new Object[]{name}, "CWWKS1100A: Authentication failed for the userid {0}. A bad userid and/or password was specified."));
            }
            this.username = getSecurityName(name, this.urAuthenticatedId);
            setUpTemporarySubject();
            updateSharedState();
            return true;
        } catch (AuthenticationException e) {
            throw e;
        } catch (IllegalArgumentException e2) {
            throw new AuthenticationException(e2.getLocalizedMessage(), e2);
        } catch (Exception e3) {
            FFDCFilter.processException(e3, "com.ibm.ws.security.authentication.jaas.modules.UsernameAndPasswordLoginModule", "93", this, new Object[0]);
            throw new AuthenticationException(e3.getLocalizedMessage(), e3);
        }
    }

    @Override // com.ibm.ws.security.authentication.internal.jaas.modules.ServerCommonLoginModule
    public Callback[] getRequiredCallbacks(CallbackHandler callbackHandler) throws IOException, UnsupportedCallbackException {
        Callback[] callbackArr = {new NameCallback("Username: "), new PasswordCallback("Password: ", false)};
        callbackHandler.handle(callbackArr);
        return callbackArr;
    }

    private void setUpTemporarySubject() throws Exception {
        this.temporarySubject = new Subject();
        setPrincipalAndCredentials(this.temporarySubject, this.username, this.urAuthenticatedId, AccessIdUtil.createAccessId("user", this.userRegistry.getRealm(), this.userRegistry.getUniqueUserId(this.urAuthenticatedId)), "password");
    }

    @Override // com.ibm.ws.security.jaas.common.modules.CommonLoginModule
    public boolean commit() throws LoginException {
        if (this.urAuthenticatedId != null) {
            setUpSubject();
            return true;
        }
        if (!TraceComponent.isAnyTracingEnabled() || !tc.isEventEnabled()) {
            return false;
        }
        Tr.event(tc, "Authentication did not occur for this login module, abstaining.", new Object[0]);
        return false;
    }

    @Override // com.ibm.ws.security.jaas.common.modules.CommonLoginModule
    public boolean abort() {
        cleanUpSubject();
        this.urAuthenticatedId = null;
        this.username = null;
        return true;
    }

    @Override // com.ibm.ws.security.jaas.common.modules.CommonLoginModule
    public boolean logout() {
        cleanUpSubject();
        this.urAuthenticatedId = null;
        this.username = null;
        return true;
    }
}
