package org.jboss.security.auth.spi;

import java.security.Principal;
import java.security.acl.Group;
import java.util.Map;
import java.util.Properties;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import org.jboss.security.PicketBoxLogger;
import org.jboss.security.SecurityConstants;
import org.jboss.security.SimpleGroup;

/* loaded from: classes2.dex */
public class LdapLoginModule extends UsernamePasswordLoginModule {
    private static final String BIND_CREDENTIAL = "bindCredential";
    private transient SimpleGroup userRoles = new SimpleGroup(SecurityConstants.ROLES_IDENTIFIER);
    private static final String PRINCIPAL_DN_PREFIX_OPT = "principalDNPrefix";
    private static final String PRINCIPAL_DN_SUFFIX_OPT = "principalDNSuffix";
    private static final String ROLES_CTX_DN_OPT = "rolesCtxDN";
    private static final String USER_ROLES_CTX_DN_ATTRIBUTE_ID_OPT = "userRolesCtxDNAttributeName";
    private static final String UID_ATTRIBUTE_ID_OPT = "uidAttributeID";
    private static final String ROLE_ATTRIBUTE_ID_OPT = "roleAttributeID";
    private static final String MATCH_ON_USER_DN_OPT = "matchOnUserDN";
    private static final String ROLE_ATTRIBUTE_IS_DN_OPT = "roleAttributeIsDN";
    private static final String ROLE_NAME_ATTRIBUTE_ID_OPT = "roleNameAttributeID";
    private static final String SEARCH_TIME_LIMIT_OPT = "searchTimeLimit";
    private static final String SEARCH_SCOPE_OPT = "searchScope";
    private static final String SECURITY_DOMAIN_OPT = "jaasSecurityDomain";
    private static final String ALLOW_EMPTY_PASSWORDS = "allowEmptyPasswords";
    private static final String[] ALL_VALID_OPTIONS = {PRINCIPAL_DN_PREFIX_OPT, PRINCIPAL_DN_SUFFIX_OPT, ROLES_CTX_DN_OPT, USER_ROLES_CTX_DN_ATTRIBUTE_ID_OPT, UID_ATTRIBUTE_ID_OPT, ROLE_ATTRIBUTE_ID_OPT, MATCH_ON_USER_DN_OPT, ROLE_ATTRIBUTE_IS_DN_OPT, ROLE_NAME_ATTRIBUTE_ID_OPT, SEARCH_TIME_LIMIT_OPT, SEARCH_SCOPE_OPT, SECURITY_DOMAIN_OPT, ALLOW_EMPTY_PASSWORDS, "java.naming.factory.initial", "java.naming.factory.object", "java.naming.factory.state", "java.naming.factory.url.pkgs", "java.naming.provider.url", "java.naming.dns.url", "java.naming.authoritative", "java.naming.batchsize", "java.naming.referral", "java.naming.security.protocol", "java.naming.security.authentication", "java.naming.security.principal", "java.naming.security.credentials", "java.naming.language", "java.naming.applet"};

    private void addRole(String str) {
        if (str != null) {
            try {
                Principal createIdentity = super.createIdentity(str);
                PicketBoxLogger.LOGGER.traceAssignUserToRole(str);
                this.userRoles.addMember(createIdentity);
            } catch (Exception e) {
                PicketBoxLogger.LOGGER.debugFailureToCreatePrincipal(str, e);
            }
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:133:0x02c5, code lost:
    
        if (r9 != null) goto L117;
     */
    /* JADX WARN: Code restructure failed: missing block: B:134:0x02c7, code lost:
    
        r9.close();
     */
    /* JADX WARN: Code restructure failed: missing block: B:145:0x02da, code lost:
    
        if (r9 == null) goto L133;
     */
    /* JADX WARN: Removed duplicated region for block: B:162:0x02e7  */
    /* JADX WARN: Removed duplicated region for block: B:164:0x02ec  */
    /* JADX WARN: Removed duplicated region for block: B:166:? A[RETURN, SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:42:0x02fc  */
    /* JADX WARN: Removed duplicated region for block: B:44:0x0301  */
    /* JADX WARN: Removed duplicated region for block: B:47:? A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:73:0x0185 A[Catch: all -> 0x02f0, TryCatch #1 {all -> 0x02f0, blocks: (B:55:0x0140, B:57:0x0158, B:59:0x015c, B:61:0x0166, B:64:0x0172, B:69:0x017d, B:73:0x0185, B:76:0x0193, B:79:0x01a1, B:82:0x01b7, B:85:0x01db, B:156:0x01e9, B:87:0x01f7, B:90:0x0217, B:134:0x02c7, B:139:0x02e1, B:140:0x02e4, B:151:0x020c, B:159:0x01ef), top: B:54:0x0140, inners: #7 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void createLdapInitContext(java.lang.String r23, java.lang.Object r24) throws java.lang.Exception {
        /*
            Method dump skipped, instructions count: 773
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.jboss.security.auth.spi.LdapLoginModule.createLdapInitContext(java.lang.String, java.lang.Object):void");
    }

    private void traceLDAPEnv(Properties properties) {
        Properties properties2 = new Properties();
        properties2.putAll(properties);
        if (properties2.containsKey("java.naming.security.credentials")) {
            properties2.setProperty("java.naming.security.credentials", "******");
        }
        if (properties2.containsKey(BIND_CREDENTIAL)) {
            properties2.setProperty(BIND_CREDENTIAL, "******");
        }
        PicketBoxLogger.LOGGER.traceLDAPConnectionEnv(properties2);
    }

    @Override // org.jboss.security.auth.spi.AbstractServerLoginModule
    protected Group[] getRoleSets() throws LoginException {
        return new Group[]{this.userRoles};
    }

    @Override // org.jboss.security.auth.spi.UsernamePasswordLoginModule
    protected String getUsersPassword() throws LoginException {
        return "";
    }

    @Override // org.jboss.security.auth.spi.UsernamePasswordLoginModule, org.jboss.security.auth.spi.AbstractServerLoginModule
    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        addValidOptions(ALL_VALID_OPTIONS);
        super.initialize(subject, callbackHandler, map, map2);
    }

    @Override // org.jboss.security.auth.spi.UsernamePasswordLoginModule
    protected boolean validatePassword(String str, String str2) {
        if (str == null) {
            return false;
        }
        if (str.length() == 0) {
            String str3 = (String) this.options.get(ALLOW_EMPTY_PASSWORDS);
            if (!(str3 != null ? Boolean.valueOf(str3).booleanValue() : false)) {
                PicketBoxLogger.LOGGER.traceRejectingEmptyPassword();
                return false;
            }
        }
        try {
            createLdapInitContext(getUsername(), str);
            return true;
        } catch (Throwable th) {
            super.setValidateError(th);
            return false;
        }
    }
}
