package com.ibm.security.auth.module;

import com.ibm.security.auth.NTDomainPrincipal;
import com.ibm.security.auth.NTNumericCredential;
import com.ibm.security.auth.NTSidDomainPrincipal;
import com.ibm.security.auth.NTSidGroupPrincipal;
import com.ibm.security.auth.NTSidPrimaryGroupPrincipal;
import com.ibm.security.auth.NTSidUserPrincipal;
import com.ibm.security.auth.NTUserPrincipal;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.apache.xalan.xsltc.trax.TransformerFactoryImpl;
import org.apache.xerces.impl.xs.SchemaSymbols;

/* loaded from: input_file:efixes/PQ88973_express_win/components/prereq.jdk/update.jar:/java/jre/lib/security.jar:com/ibm/security/auth/module/NTLoginModule.class */
public class NTLoginModule implements LoginModule {
    private NTSystem ntSystem;
    private Subject subject;
    private CallbackHandler callbackHandler;
    private Map sharedState;
    private Map options;
    private boolean debug = false;
    private boolean succeeded = false;
    private boolean commitSucceeded = false;
    private NTUserPrincipal userPrincipal;
    private NTSidUserPrincipal userSID;
    private NTDomainPrincipal userDomain;
    private NTSidDomainPrincipal domainSID;
    private NTSidPrimaryGroupPrincipal primaryGroup;
    private NTSidGroupPrincipal[] groups;
    private NTNumericCredential numericCredential;

    @Override // javax.security.auth.spi.LoginModule
    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        this.subject = subject;
        this.callbackHandler = callbackHandler;
        this.sharedState = map;
        this.options = map2;
        this.debug = SchemaSymbols.ATTVAL_TRUE.equalsIgnoreCase((String) map2.get(TransformerFactoryImpl.DEBUG));
    }

    @Override // javax.security.auth.spi.LoginModule
    public boolean login() throws LoginException {
        this.succeeded = false;
        this.ntSystem = new NTSystem();
        if (this.ntSystem == null) {
            if (this.debug) {
                System.out.println("\t\t[NTLoginModule] Failed in NT login");
            }
            throw new FailedLoginException("Failed in attempt to import the underlying NT system identity information");
        }
        if (this.ntSystem.getName() == null) {
            throw new FailedLoginException("Failed in attempt to import the underlying NT system identity information");
        }
        this.userPrincipal = new NTUserPrincipal(this.ntSystem.getName());
        if (this.debug) {
            System.out.println("\t\t[NTLoginModule] succeeded importing info: ");
            System.out.println(new StringBuffer().append("\t\t\tuser name = ").append(this.userPrincipal.getName()).toString());
        }
        if (this.ntSystem.getUserSID() != null) {
            this.userSID = new NTSidUserPrincipal(this.ntSystem.getUserSID());
            if (this.debug) {
                System.out.println(new StringBuffer().append("\t\t\tuser SID = ").append(this.userSID.getName()).toString());
            }
        }
        if (this.ntSystem.getDomain() != null) {
            this.userDomain = new NTDomainPrincipal(this.ntSystem.getDomain());
            if (this.debug) {
                System.out.println(new StringBuffer().append("\t\t\tuser domain = ").append(this.userDomain.getName()).toString());
            }
        }
        if (this.ntSystem.getDomainSID() != null) {
            this.domainSID = new NTSidDomainPrincipal(this.ntSystem.getDomainSID());
            if (this.debug) {
                System.out.println(new StringBuffer().append("\t\t\tuser domain SID = ").append(this.domainSID.getName()).toString());
            }
        }
        if (this.ntSystem.getPrimaryGroupID() != null) {
            this.primaryGroup = new NTSidPrimaryGroupPrincipal(this.ntSystem.getPrimaryGroupID());
            if (this.debug) {
                System.out.println(new StringBuffer().append("\t\t\tuser primary group = ").append(this.primaryGroup.getName()).toString());
            }
        }
        if (this.ntSystem.getGroupIDs() != null && this.ntSystem.getGroupIDs().length > 0) {
            String[] groupIDs = this.ntSystem.getGroupIDs();
            this.groups = new NTSidGroupPrincipal[groupIDs.length];
            for (int i = 0; i < groupIDs.length; i++) {
                this.groups[i] = new NTSidGroupPrincipal(groupIDs[i]);
                if (this.debug) {
                    System.out.println(new StringBuffer().append("\t\t\tuser group = ").append(this.groups[i].getName()).toString());
                }
            }
        }
        if (this.ntSystem.getImpersonationToken() != 0) {
            this.numericCredential = new NTNumericCredential((int) this.ntSystem.getImpersonationToken());
            if (this.debug) {
                System.out.println(new StringBuffer().append("\t\t\tnumeric credential = ").append(this.numericCredential.getToken()).toString());
            }
        }
        this.succeeded = true;
        return this.succeeded;
    }

    @Override // javax.security.auth.spi.LoginModule
    public boolean commit() throws LoginException {
        if (!this.succeeded) {
            if (!this.debug) {
                return false;
            }
            System.out.println("\t\t[NTLoginModule]: did not add any Principals to Subject because own authentication failed.");
            return false;
        }
        if (this.subject.isReadOnly()) {
            throw new LoginException("Subject is ReadOnly");
        }
        Set principals = this.subject.getPrincipals();
        if (!principals.contains(this.userPrincipal)) {
            principals.add(this.userPrincipal);
        }
        if (this.userSID != null && !principals.contains(this.userSID)) {
            principals.add(this.userSID);
        }
        if (this.userDomain != null && !principals.contains(this.userDomain)) {
            principals.add(this.userDomain);
        }
        if (this.domainSID != null && !principals.contains(this.domainSID)) {
            principals.add(this.domainSID);
        }
        if (this.primaryGroup != null && !principals.contains(this.primaryGroup)) {
            principals.add(this.primaryGroup);
        }
        for (int i = 0; this.groups != null && i < this.groups.length; i++) {
            if (!principals.contains(this.groups[i])) {
                principals.add(this.groups[i]);
            }
        }
        if (this.numericCredential != null && !this.subject.getPublicCredentials().contains(this.numericCredential)) {
            this.subject.getPublicCredentials().add(this.numericCredential);
        }
        this.commitSucceeded = true;
        return true;
    }

    @Override // javax.security.auth.spi.LoginModule
    public boolean abort() throws LoginException {
        if (this.debug) {
            System.out.println("\t\t[NTLoginModule]: aborted authentication attempt");
        }
        if (!this.succeeded) {
            return false;
        }
        if (!this.succeeded || this.commitSucceeded) {
            logout();
        } else {
            this.ntSystem = null;
            this.userPrincipal = null;
            this.userSID = null;
            this.userDomain = null;
            this.domainSID = null;
            this.primaryGroup = null;
            this.groups = null;
            this.numericCredential = null;
            this.succeeded = false;
        }
        return this.succeeded;
    }

    @Override // javax.security.auth.spi.LoginModule
    public boolean logout() throws LoginException {
        if (this.subject.isReadOnly()) {
            throw new LoginException("Subject is ReadOnly");
        }
        Set principals = this.subject.getPrincipals();
        if (principals.contains(this.userPrincipal)) {
            principals.remove(this.userPrincipal);
        }
        if (principals.contains(this.userSID)) {
            principals.remove(this.userSID);
        }
        if (principals.contains(this.userDomain)) {
            principals.remove(this.userDomain);
        }
        if (principals.contains(this.domainSID)) {
            principals.remove(this.domainSID);
        }
        if (principals.contains(this.primaryGroup)) {
            principals.remove(this.primaryGroup);
        }
        for (int i = 0; this.groups != null && i < this.groups.length; i++) {
            if (principals.contains(this.groups[i])) {
                principals.remove(this.groups[i]);
            }
        }
        Set publicCredentials = this.subject.getPublicCredentials();
        if (publicCredentials.contains(this.numericCredential)) {
            publicCredentials.remove(this.numericCredential);
        }
        this.succeeded = false;
        this.commitSucceeded = false;
        this.userPrincipal = null;
        this.userDomain = null;
        this.userSID = null;
        this.domainSID = null;
        this.groups = null;
        this.primaryGroup = null;
        this.numericCredential = null;
        this.ntSystem = null;
        if (!this.debug) {
            return true;
        }
        System.out.println("\t\t[NTLoginModule] completed logout processing");
        return true;
    }
}
