package org.dcache.gplazma.plugins;

import com.google.common.base.Preconditions;
import com.google.common.collect.Iterables;
import java.security.Principal;
import java.util.Properties;
import java.util.Set;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.TextOutputCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.dcache.auth.PasswordCredential;
import org.dcache.gplazma.AuthenticationException;

/* loaded from: input_file:org/dcache/gplazma/plugins/JaasPlugin.class */
public class JaasPlugin implements GPlazmaAuthenticationPlugin {
    private static final String NAME = "gplazma.jaas.name";
    private final String _name;

    /* loaded from: input_file:org/dcache/gplazma/plugins/JaasPlugin$PasswordCallbackHandler.class */
    private static class PasswordCallbackHandler implements CallbackHandler {
        private final String _userName;
        private final char[] _password;

        public PasswordCallbackHandler(PasswordCredential passwordCredential) {
            this._userName = passwordCredential.getUsername();
            this._password = passwordCredential.getPassword().toCharArray();
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws UnsupportedCallbackException {
            for (Callback callback : callbackArr) {
                if (callback instanceof NameCallback) {
                    ((NameCallback) callback).setName(this._userName);
                } else if (callback instanceof PasswordCallback) {
                    ((PasswordCallback) callback).setPassword(this._password);
                } else if (!(callback instanceof TextOutputCallback)) {
                    throw new UnsupportedCallbackException(callback, "Unrecognized Callback");
                }
            }
        }
    }

    public JaasPlugin(Properties properties) {
        String property = properties.getProperty(NAME);
        Preconditions.checkArgument(property != null, "Undefined property: gplazma.jaas.name");
        this._name = property;
    }

    public void authenticate(Set<Object> set, Set<Object> set2, Set<Principal> set3) throws AuthenticationException {
        PasswordCredential passwordCredential = (PasswordCredential) Iterables.getFirst(Iterables.filter(set2, PasswordCredential.class), (Object) null);
        org.dcache.gplazma.util.Preconditions.checkAuthentication(passwordCredential != null, "no login name");
        try {
            LoginContext loginContext = new LoginContext(this._name, new PasswordCallbackHandler(passwordCredential));
            loginContext.login();
            set3.addAll(loginContext.getSubject().getPrincipals());
            tryToLogout(loginContext);
        } catch (LoginException e) {
            throw new AuthenticationException(e.getMessage(), e);
        }
    }

    private static void tryToLogout(LoginContext loginContext) {
        if (loginContext == null) {
            return;
        }
        try {
            loginContext.logout();
        } catch (LoginException e) {
        }
    }
}
