package org.jboss.security.srp.jaas;

import java.io.IOException;
import java.io.Serializable;
import java.rmi.Naming;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Hashtable;
import java.util.Map;
import java.util.Set;
import javax.naming.InitialContext;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.TextInputCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.jboss.logging.Logger;
import org.jboss.security.Util;
import org.jboss.security.auth.callback.ByteArrayCallback;
import org.jboss.security.srp.SRPClientSession;
import org.jboss.security.srp.SRPParameters;
import org.jboss.security.srp.SRPServerInterface;

/* loaded from: input_file:jbossall-client.jar:org/jboss/security/srp/jaas/SRPLoginModule.class */
public class SRPLoginModule implements LoginModule {
    private Subject subject;
    private CallbackHandler handler;
    private Map sharedState;
    private Hashtable jndiEnv;
    private String principalClassName;
    private String srpServerRmiUrl;
    private String srpServerJndiName;
    private String username;
    private char[] password;
    private SRPServerInterface srpServer;
    private SRPParameters params;
    private Principal userPrincipal;
    private Integer sessionID;
    private byte[] sessionKey;
    private byte[] abytes;
    private Object auxChallenge;
    private boolean externalRandomA;
    private boolean hasAuxChallenge;
    private boolean multipleSessions;
    private boolean loginFailed;
    private Logger log;

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        this.log = Logger.getLogger(getClass());
        this.jndiEnv = new Hashtable(map2);
        this.subject = subject;
        this.handler = callbackHandler;
        this.sharedState = map;
        this.principalClassName = (String) map2.get("principalClassName");
        if (this.principalClassName != null) {
            this.log.warn("The principalClassName is no longer used, its always SRPPrincipal");
        }
        this.srpServerJndiName = (String) map2.get("srpServerJndiName");
        this.srpServerRmiUrl = (String) map2.get("srpServerRmiUrl");
        String str = (String) map2.get("externalRandomA");
        if (str != null) {
            this.externalRandomA = Boolean.valueOf(str).booleanValue();
        }
        this.multipleSessions = false;
        String str2 = (String) map2.get("multipleSessions");
        if (str2 != null) {
            this.multipleSessions = Boolean.valueOf(str2).booleanValue();
        }
        String str3 = (String) map2.get("hasAuxChallenge");
        if (str3 != null) {
            this.hasAuxChallenge = Boolean.valueOf(str3).booleanValue();
        }
        this.jndiEnv.remove("principalClassName");
        this.jndiEnv.remove("srpServerJndiName");
        this.jndiEnv.remove("srpServerRmiUrl");
        this.jndiEnv.remove("externalRandomA");
        this.jndiEnv.remove("multipleSessions");
        this.jndiEnv.remove("hasAuxChallenge");
    }

    public boolean login() throws LoginException {
        byte[] verify;
        boolean isTraceEnabled = this.log.isTraceEnabled();
        this.loginFailed = true;
        getUserInfo();
        if (this.srpServerJndiName != null) {
            this.srpServer = loadServerFromJndi(this.srpServerJndiName);
        } else {
            if (this.srpServerRmiUrl == null) {
                throw new LoginException("No option specified to access a SRPServerInterface instance");
            }
            this.srpServer = loadServer(this.srpServerRmiUrl);
        }
        if (this.srpServer == null) {
            throw new LoginException("Failed to access a SRPServerInterface instance");
        }
        if (isTraceEnabled) {
            try {
                this.log.trace(new StringBuffer().append("Getting SRP parameters for username: ").append(this.username).toString());
            } catch (Exception e) {
                this.log.warn("Failed to complete SRP login", e);
                throw new LoginException(new StringBuffer().append("Failed to complete SRP login, msg=").append(e.getMessage()).toString());
            }
        }
        Util.init();
        Object[] sRPParameters = this.srpServer.getSRPParameters(this.username, this.multipleSessions);
        this.params = (SRPParameters) sRPParameters[0];
        this.sessionID = (Integer) sRPParameters[1];
        if (this.sessionID == null) {
            this.sessionID = new Integer(0);
        }
        if (isTraceEnabled) {
            this.log.trace(new StringBuffer().append("SessionID: ").append(this.sessionID).toString());
            this.log.trace(new StringBuffer().append("N: ").append(Util.tob64(this.params.N)).toString());
            this.log.trace(new StringBuffer().append("g: ").append(Util.tob64(this.params.g)).toString());
            this.log.trace(new StringBuffer().append("s: ").append(Util.tob64(this.params.s)).toString());
            this.log.trace(new StringBuffer().append("cipherAlgorithm: ").append(this.params.cipherAlgorithm).toString());
            this.log.trace(new StringBuffer().append("hashAlgorithm: ").append(this.params.hashAlgorithm).toString());
        }
        byte[] digest = Util.newDigest().digest(this.params.N);
        if (isTraceEnabled) {
            this.log.trace(new StringBuffer().append("H(N): ").append(Util.tob64(digest)).toString());
        }
        byte[] digest2 = Util.newDigest().digest(this.params.g);
        if (isTraceEnabled) {
            this.log.trace(new StringBuffer().append("H(g): ").append(Util.tob64(digest2)).toString());
            this.log.trace("Creating SRPClientSession");
        }
        SRPClientSession sRPClientSession = this.abytes != null ? new SRPClientSession(this.username, this.password, this.params, this.abytes) : new SRPClientSession(this.username, this.password, this.params);
        if (isTraceEnabled) {
            this.log.trace("Generating client public key");
        }
        byte[] exponential = sRPClientSession.exponential();
        if (isTraceEnabled) {
            this.log.trace("Exchanging public keys");
        }
        byte[] init = this.srpServer.init(this.username, exponential, this.sessionID.intValue());
        if (isTraceEnabled) {
            this.log.trace("Generating server challenge");
        }
        byte[] response = sRPClientSession.response(init);
        if (isTraceEnabled) {
            this.log.trace("Exchanging challenges");
        }
        this.sessionKey = sRPClientSession.getSessionKey();
        if (this.auxChallenge != null) {
            this.auxChallenge = encryptAuxChallenge(this.auxChallenge, this.params.cipherAlgorithm, this.params.cipherIV, this.sessionKey);
            verify = this.srpServer.verify(this.username, response, this.auxChallenge, this.sessionID.intValue());
        } else {
            verify = this.srpServer.verify(this.username, response, this.sessionID.intValue());
        }
        if (isTraceEnabled) {
            this.log.trace("Verifying server response");
        }
        if (!sRPClientSession.verify(verify)) {
            throw new LoginException("Failed to validate server reply");
        }
        if (isTraceEnabled) {
            this.log.trace("Login succeeded");
        }
        this.userPrincipal = new SRPPrincipal(this.username, this.sessionID);
        this.sharedState.put("javax.security.auth.login.name", this.userPrincipal);
        this.sharedState.put("javax.security.auth.login.password", response);
        this.loginFailed = false;
        return true;
    }

    public boolean commit() throws LoginException {
        if (this.loginFailed) {
            return false;
        }
        this.subject.getPrincipals().add(this.userPrincipal);
        Set<Object> privateCredentials = this.subject.getPrivateCredentials();
        privateCredentials.add(this.sessionKey);
        if (this.sessionID != null) {
            privateCredentials.add(this.sessionID);
        }
        if (this.params.cipherAlgorithm != null) {
            privateCredentials.add(createSecretKey(this.params.cipherAlgorithm, this.sessionKey));
        }
        privateCredentials.add(this.params);
        return true;
    }

    public boolean abort() throws LoginException {
        this.username = null;
        this.password = null;
        return true;
    }

    public boolean logout() throws LoginException {
        try {
            if (!this.subject.isReadOnly()) {
                this.subject.getPrincipals(this.userPrincipal.getClass()).remove(this.userPrincipal);
                this.subject.getPrivateCredentials().remove(this.sessionKey);
            }
            if (this.srpServer != null) {
                this.srpServer.close(this.username, this.sessionID.intValue());
            }
            return true;
        } catch (Exception e) {
            throw new LoginException(new StringBuffer().append("Failed to remove user principal, ").append(e.getMessage()).toString());
        }
    }

    private void getUserInfo() throws LoginException {
        String str = (String) this.sharedState.get("javax.security.auth.login.name");
        char[] cArr = null;
        if (str != null) {
            Object obj = this.sharedState.get("javax.security.auth.login.password");
            if (obj instanceof char[]) {
                cArr = (char[]) obj;
            } else if (obj != null) {
                cArr = obj.toString().toCharArray();
            }
        }
        if (str != null && cArr != null) {
            this.username = str;
            this.password = cArr;
            return;
        }
        if (this.handler == null) {
            throw new LoginException("No CallbackHandler provied to SRPLoginModule");
        }
        NameCallback nameCallback = new NameCallback("Username: ", "guest");
        PasswordCallback passwordCallback = new PasswordCallback("Password: ", false);
        ByteArrayCallback byteArrayCallback = new ByteArrayCallback("Public key random number: ");
        TextInputCallback textInputCallback = new TextInputCallback("Auxillary challenge token: ");
        ArrayList arrayList = new ArrayList();
        arrayList.add(nameCallback);
        arrayList.add(passwordCallback);
        if (this.externalRandomA) {
            arrayList.add(byteArrayCallback);
        }
        if (this.hasAuxChallenge) {
            arrayList.add(textInputCallback);
        }
        Callback[] callbackArr = new Callback[arrayList.size()];
        arrayList.toArray(callbackArr);
        try {
            this.handler.handle(callbackArr);
            this.username = nameCallback.getName();
            char[] password = passwordCallback.getPassword();
            if (password != null) {
                this.password = password;
            }
            passwordCallback.clearPassword();
            if (this.externalRandomA) {
                this.abytes = byteArrayCallback.getByteArray();
            }
            if (this.hasAuxChallenge) {
                this.auxChallenge = textInputCallback.getText();
            }
        } catch (IOException e) {
            throw new LoginException(e.toString());
        } catch (UnsupportedCallbackException e2) {
            throw new LoginException(new StringBuffer().append("UnsupportedCallback: ").append(e2.getCallback().toString()).toString());
        }
    }

    private SRPServerInterface loadServerFromJndi(String str) {
        SRPServerInterface sRPServerInterface = null;
        try {
            sRPServerInterface = (SRPServerInterface) new InitialContext(this.jndiEnv).lookup(str);
        } catch (Exception e) {
            this.log.error(new StringBuffer().append("Failed to lookup(").append(str).append(")").toString(), e);
        }
        return sRPServerInterface;
    }

    private SRPServerInterface loadServer(String str) {
        SRPServerInterface sRPServerInterface = null;
        try {
            sRPServerInterface = (SRPServerInterface) Naming.lookup(str);
        } catch (Exception e) {
            this.log.error(new StringBuffer().append("Failed to lookup(").append(str).append(")").toString(), e);
        }
        return sRPServerInterface;
    }

    private Object encryptAuxChallenge(Object obj, String str, byte[] bArr, Object obj2) throws LoginException {
        if (str == null) {
            return obj;
        }
        try {
            return Util.createSealedObject(str, Util.createSecretKey(str, obj2), bArr, (Serializable) obj);
        } catch (Exception e) {
            this.log.error("Failed to encrypt aux challenge", e);
            throw new LoginException("Failed to encrypt aux challenge");
        }
    }

    private Object createSecretKey(String str, Object obj) throws LoginException {
        try {
            return Util.createSecretKey(str, obj);
        } catch (Exception e) {
            this.log.error("Failed to create SecretKey", e);
            throw new LoginException("Failed to create SecretKey");
        }
    }
}
