package weblogic.connector.security.work;

import java.io.IOException;
import java.security.AccessController;
import java.security.Principal;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import javax.security.auth.message.callback.CallerPrincipalCallback;
import javax.security.auth.message.callback.GroupPrincipalCallback;
import javax.security.auth.message.callback.PasswordValidationCallback;
import weblogic.connector.common.Debug;
import weblogic.connector.security.SecurityHelper;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.service.PrivilegedActions;

/* loaded from: input_file:weblogic/connector/security/work/ConnectorCallbackHandler.class */
public class ConnectorCallbackHandler implements CallbackHandler {
    private static final AuthenticatedSubject kernelId = (AuthenticatedSubject) AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction());
    boolean callerPrincipalCallbackHandled = false;
    SecurityContextPrincipalMapper mapper;
    SecurityHelper securityHelper;

    public ConnectorCallbackHandler(SecurityContextPrincipalMapper securityContextPrincipalMapper, SecurityHelper securityHelper) {
        this.mapper = securityContextPrincipalMapper;
        this.securityHelper = securityHelper;
    }

    public boolean isCallerPrincipalCallbackHandled() {
        return this.callerPrincipalCallbackHandled;
    }

    @Override // javax.security.auth.callback.CallbackHandler
    public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
        if (callbackArr == null) {
            throw new IllegalStateException("callbacks must not be null");
        }
        if (callbackArr.length == 0) {
            throw new IllegalStateException("callbacks must not be empty array");
        }
        try {
            for (Callback callback : callbackArr) {
                if (callback instanceof CallerPrincipalCallback) {
                    processCallerPrincipalCallback(callback);
                } else if (callback instanceof PasswordValidationCallback) {
                    processPasswordValidationCallback(callback);
                } else {
                    if (!(callback instanceof GroupPrincipalCallback)) {
                        throw new UnsupportedCallbackException(callback);
                    }
                    processGroupPrincipalCallback(callback);
                }
            }
        } catch (LoginException e) {
            throw new RuntimeException("unable to handle callback", e);
        }
    }

    private void processCallerPrincipalCallback(Callback callback) throws LoginException {
        CallerPrincipalCallback callerPrincipalCallback = (CallerPrincipalCallback) callback;
        Subject subject = callerPrincipalCallback.getSubject();
        String str = null;
        Principal principal = callerPrincipalCallback.getPrincipal();
        if (Debug.isWorkEnabled()) {
            Debug.work("processCallerPrincipalCallback: executionSubject:" + subject + "; Principal:" + principal + "; naem:" + callerPrincipalCallback.getName());
        }
        if (principal != null) {
            str = principal.getName();
        }
        if (str == null) {
            str = callerPrincipalCallback.getName();
        }
        if (str == null) {
            setupAsAnonymous(subject);
        } else {
            if (this.mapper != null) {
                String str2 = str;
                str = this.mapper.mapEISCallerPrincipal(str);
                if (Debug.isWorkEnabled()) {
                    Debug.work("processCallerPrincipalCallback: map EIS username [" + str2 + "] to WLS caller principle: [" + str + "]");
                }
            }
            setupAsWLSUser(subject, str);
        }
        this.callerPrincipalCallbackHandled = true;
    }

    private void processGroupPrincipalCallback(Callback callback) {
    }

    private void processPasswordValidationCallback(Callback callback) {
        if (this.mapper != null) {
            Debug.work("processPasswordValidationCallback: error: PasswordValidationCallback is not allowed in CASE2");
            throw new IllegalStateException("PasswordValidationCallback is not allowed in CASE2");
        }
        PasswordValidationCallback passwordValidationCallback = (PasswordValidationCallback) callback;
        AuthenticatedSubject authenticatedSubject = null;
        if (passwordValidationCallback.getUsername() == null || passwordValidationCallback.getUsername().trim().length() == 0) {
            Debug.work("processPasswordValidationCallback: error: must have valid username: [" + passwordValidationCallback.getUsername() + "]");
        } else if (passwordValidationCallback.getPassword() == null || passwordValidationCallback.getPassword().length == 0) {
            Debug.work("processPasswordValidationCallback: error: must have valid password: [" + (passwordValidationCallback.getPassword() == null ? null : "len=" + passwordValidationCallback.getPassword().length) + "]");
        } else {
            if (Debug.isWorkEnabled()) {
                Debug.work("processPasswordValidationCallbackk: will authticate: username: " + passwordValidationCallback.getUsername() + "; password len: " + passwordValidationCallback.getPassword().length);
            }
            authenticatedSubject = this.securityHelper.authenticate(passwordValidationCallback.getUsername(), passwordValidationCallback.getPassword(), kernelId);
        }
        if (authenticatedSubject != null) {
            passwordValidationCallback.setResult(true);
            passwordValidationCallback.getSubject().getPrivateCredentials().add(authenticatedSubject);
            if (Debug.isWorkEnabled()) {
                Debug.work("processPasswordValidationCallbackk: ok: authenticated as " + authenticatedSubject);
            }
        }
    }

    public void setupAsWLSUser(Subject subject, String str) throws LoginException {
        if (Debug.isWorkEnabled()) {
            Debug.work("setupAsWLSUser: old executionSubject:" + subject + "; username:" + str);
        }
        subject.getPrivateCredentials().clear();
        subject.getPrivateCredentials().add(this.securityHelper.getAuthenticatedSubject(str, kernelId));
    }

    public void setupAsAnonymous(Subject subject) {
        if (Debug.isWorkEnabled()) {
            Debug.work("setupAsAnonymous: old executionSubject:" + subject);
        }
        subject.getPrivateCredentials().clear();
        subject.getPrivateCredentials().add(this.securityHelper.getAnonymousSubject());
    }
}
