package com.ibm.ws.kafka.security;

import com.ibm.websphere.crypto.InvalidPasswordDecodingException;
import com.ibm.websphere.crypto.PasswordUtil;
import com.ibm.websphere.crypto.UnsupportedCryptoAlgorithmException;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.TraceOptions;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;

@InjectedFFDC
@TraceObjectField(fieldName = "$$$tc$$$", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
@TraceOptions
/* loaded from: input_file:com/ibm/ws/kafka/security/LibertyLoginModule.class */
public class LibertyLoginModule implements LoginModule {
    private static final String USERNAME = "username";
    private static final String PASSWORD = "password";
    private Subject subject;
    private String username;
    private String encoded_password;
    private String decoded_password;
    static final long serialVersionUID = 8213089196406814571L;
    private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register("com.ibm.ws.kafka.security.LibertyLoginModule", LibertyLoginModule.class, "REACTIVEMESSAGE", "com.ibm.ws.microprofile.reactive.messaging.kafka.resources.ReactiveMessaging");

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        this.subject = subject;
        this.username = (String) map2.get(USERNAME);
        this.encoded_password = (String) map2.get(PASSWORD);
    }

    public boolean login() throws LoginException {
        if (this.encoded_password == null) {
            return true;
        }
        if (!PasswordUtil.isEncrypted(this.encoded_password)) {
            this.decoded_password = this.encoded_password;
            return true;
        }
        try {
            this.decoded_password = PasswordUtil.decode(this.encoded_password);
            return true;
        } catch (InvalidPasswordDecodingException e) {
            FFDCFilter.processException(e, "com.ibm.ws.kafka.security.LibertyLoginModule", "50", this, new Object[0]);
            throw new LoginException(e.getMessage());
        } catch (UnsupportedCryptoAlgorithmException e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.kafka.security.LibertyLoginModule", "52", this, new Object[0]);
            throw new LoginException(e2.getMessage());
        }
    }

    public boolean commit() throws LoginException {
        if (this.username != null) {
            this.subject.getPublicCredentials().add(this.username);
        }
        if (this.decoded_password == null) {
            return true;
        }
        this.subject.getPrivateCredentials().add(this.decoded_password);
        return true;
    }

    public boolean abort() throws LoginException {
        if (this.username != null) {
            this.subject.getPublicCredentials().remove(this.username);
        }
        if (this.decoded_password != null) {
            this.subject.getPrivateCredentials().remove(this.decoded_password);
        }
        this.username = null;
        this.encoded_password = null;
        this.decoded_password = null;
        this.subject = null;
        return true;
    }

    public boolean logout() throws LoginException {
        return abort();
    }
}
