package com.apusic.security.auth.login;

import com.apusic.security.Security;
import com.apusic.security.SecurityController;
import java.security.Principal;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;

/* loaded from: input_file:com/apusic/security/auth/login/ServerLoginModule.class */
public class ServerLoginModule implements LoginModule {
    private Subject subject;
    private boolean succeeded = false;
    private boolean commitSucceeded = false;
    private Principal principal;
    private Object credential;

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        this.subject = subject;
    }

    public boolean login() throws LoginException {
        SecurityController securityController = Security.getSecurityController();
        if (securityController != null) {
            this.principal = securityController.getCurrentUser();
            this.credential = securityController.getAccessToken();
        }
        if (this.principal == null || this.credential == null) {
            throw new LoginException("No principal associated with current security context");
        }
        this.succeeded = true;
        return true;
    }

    public boolean commit() throws LoginException {
        if (!this.succeeded) {
            return false;
        }
        if (this.subject.isReadOnly()) {
            throw new LoginException("commit failed: Subject is read only");
        }
        if (!this.subject.getPrincipals().contains(this.principal)) {
            this.subject.getPrincipals().add(this.principal);
        }
        if (!this.subject.getPrivateCredentials().contains(this.credential)) {
            this.subject.getPrivateCredentials().add(this.credential);
        }
        this.commitSucceeded = true;
        return true;
    }

    public boolean abort() throws LoginException {
        if (!this.succeeded) {
            return false;
        }
        if (!this.succeeded || this.commitSucceeded) {
            logout();
            return true;
        }
        this.succeeded = false;
        this.principal = null;
        this.credential = null;
        return true;
    }

    public boolean logout() throws LoginException {
        if (this.subject.isReadOnly()) {
            throw new LoginException("logout failed: Subject is read only");
        }
        this.subject.getPrincipals().remove(this.principal);
        this.subject.getPrivateCredentials().remove(this.credential);
        this.succeeded = false;
        this.commitSucceeded = false;
        this.principal = null;
        this.credential = null;
        return true;
    }
}
