package com.sshtools.server.jaas;

import com.sshtools.common.Connection;
import com.sshtools.common.ConnectionListenerAdapter;
import com.sshtools.server.PasswordAuthenticationProvider;
import com.sshtools.server.SshServerContext;
import com.sshtools.server.auth.PasswordChangeException;
import java.io.File;
import java.io.IOException;
import java.security.Principal;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.TextOutputCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/sshtools/server/jaas/AbstractJAASAuthenticationProvider.class */
public abstract class AbstractJAASAuthenticationProvider extends PasswordAuthenticationProvider {
    Logger log = LoggerFactory.getLogger(AbstractJAASAuthenticationProvider.class);
    protected final Map<String, LoginContext> logins = new HashMap();
    protected final List<Connection<SshServerContext>> connections = new ArrayList();
    protected File configDir = new File("conf");
    public static final String LOGIN_CONTEXT = "loginContext";

    /* loaded from: input_file:com/sshtools/server/jaas/AbstractJAASAuthenticationProvider$LoginCallbackHandler.class */
    class LoginCallbackHandler implements CallbackHandler {
        private String username;
        private char[] password;

        public LoginCallbackHandler(String str, char[] cArr) {
            this.username = str;
            this.password = cArr;
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
            for (int i = 0; i < callbackArr.length; i++) {
                if (callbackArr[i] instanceof TextOutputCallback) {
                    TextOutputCallback textOutputCallback = (TextOutputCallback) callbackArr[i];
                    switch (textOutputCallback.getMessageType()) {
                        case 0:
                            AbstractJAASAuthenticationProvider.this.log.info(textOutputCallback.getMessage());
                            break;
                        case 1:
                            AbstractJAASAuthenticationProvider.this.log.warn(textOutputCallback.getMessage());
                            break;
                        case 2:
                            AbstractJAASAuthenticationProvider.this.log.error(textOutputCallback.getMessage());
                            break;
                        default:
                            throw new IOException("Unsupported message type: " + textOutputCallback.getMessageType());
                    }
                } else if (callbackArr[i] instanceof NameCallback) {
                    ((NameCallback) callbackArr[i]).setName(this.username);
                } else if (callbackArr[i] instanceof PasswordCallback) {
                    ((PasswordCallback) callbackArr[i]).setPassword(this.password);
                } else if (callbackArr[i] != null) {
                    throw new UnsupportedCallbackException(callbackArr[i], "Unrecognized Callback");
                }
            }
        }
    }

    public LoginContext getLoginContext(String str) {
        return this.logins.get(str);
    }

    public void init(File file) {
        this.configDir = file;
    }

    public boolean changePassword(Connection<SshServerContext> connection, String str, String str2, String str3) {
        return false;
    }

    public abstract Configuration getJAASConfiguration();

    public boolean verifyPassword(Connection<SshServerContext> connection, String str, String str2) throws PasswordChangeException {
        if (this.log.isInfoEnabled()) {
            this.log.info("User " + str + " is attempting login from " + connection.getRemoteAddress().toString() + " on local address " + connection.getLocalAddress());
        }
        Configuration jAASConfiguration = getJAASConfiguration();
        Subject subject = new Subject();
        try {
            LoginContext loginContext = new LoginContext("Login", subject, new LoginCallbackHandler(str, str2.toCharArray()), jAASConfiguration);
            try {
                loginContext.login();
                this.logins.put(connection.getUUID(), loginContext);
                this.log.info("Subject " + subject + " logged in");
                String str3 = null;
                Iterator<Principal> it = loginContext.getSubject().getPrincipals().iterator();
                if (it.hasNext()) {
                    it.next();
                    if (it.hasNext()) {
                        str3 = it.next().getName();
                    }
                }
                if (str3 != null) {
                    connection.getIoSession().setAttribute("GROUP", str3);
                }
                connection.getIoSession().setAttribute(LOGIN_CONTEXT, loginContext);
                connection.addListener(new ConnectionListenerAdapter<SshServerContext>() { // from class: com.sshtools.server.jaas.AbstractJAASAuthenticationProvider.1
                    public void endSession(Connection<SshServerContext> connection2) {
                        AbstractJAASAuthenticationProvider.this.cleanupSession(connection2);
                    }
                });
                return true;
            } catch (LoginException e) {
                this.log.warn("Login failed.", e);
                return false;
            }
        } catch (LoginException e2) {
            this.log.error("Failed to initialise JAAS.", e2);
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void cleanupSession(Connection<SshServerContext> connection) {
        if (this.log.isInfoEnabled()) {
            this.log.info("Ending session for " + connection.getUUID());
        }
        this.connections.remove(connection);
        LoginContext loginContext = this.logins.get(connection.getUUID());
        if (loginContext == null) {
            if (this.log.isDebugEnabled()) {
                this.log.debug("No login context for session " + connection.getUUID() + ". Most likely due to timeout during authentication.");
            }
        } else {
            try {
                loginContext.logout();
            } catch (LoginException e) {
                this.log.error("Failed to logout.", e);
            } finally {
                this.logins.remove(connection.getUUID());
            }
        }
    }

    public List<Connection<SshServerContext>> getConnections() {
        return this.connections;
    }
}
