package org.jboss.security.plugins;

import java.lang.reflect.Method;
import java.lang.reflect.UndeclaredThrowableException;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.Configuration;
import javax.security.auth.message.AuthException;
import javax.security.auth.message.AuthParam;
import javax.security.auth.message.AuthStatus;
import javax.security.auth.message.MessagePolicy;
import javax.security.auth.message.module.ServerAuthModule;
import org.jboss.logging.Logger;
import org.jboss.security.GeneralizedAuthenticationManager;
import org.jboss.security.SecurityAssociation;
import org.jboss.security.SecurityConstants;
import org.jboss.security.auth.callback.SecurityAssociationHandler;
import org.jboss.security.auth.container.config.AuthModuleEntry;
import org.jboss.security.auth.login.AuthenticationInfo;
import org.jboss.security.auth.login.BaseAuthenticationInfo;
import org.jboss.security.auth.login.JASPIAuthenticationInfo;
import org.jboss.security.auth.login.LoginModuleStackHolder;
import org.jboss.security.auth.login.XMLLoginConfigImpl;
import org.jboss.security.auth.message.GenericAuthParam;

/* loaded from: input_file:org/jboss/security/plugins/JASPISecurityManager.class */
public class JASPISecurityManager implements GeneralizedAuthenticationManager {
    protected String securityDomain;
    protected CallbackHandler handler;
    private Method setSecurityInfo;
    private ThreadLocal sharedStateLocal;
    private List serverAuthModules;
    protected Logger log;
    protected boolean trace;
    static Class class$java$security$Principal;
    static Class class$java$lang$Object;
    static Class class$org$jboss$security$auth$login$LoginModuleStackHolder;

    public JASPISecurityManager() {
        this(SecurityConstants.DEFAULT_APPLICATION_POLICY, new SecurityAssociationHandler());
    }

    public JASPISecurityManager(String str, CallbackHandler callbackHandler) {
        Class<?> cls;
        Class<?> cls2;
        this.sharedStateLocal = new ThreadLocal();
        this.serverAuthModules = new ArrayList();
        this.securityDomain = str;
        this.handler = callbackHandler;
        this.log = Logger.getLogger(new StringBuffer().append(getClass().getName()).append('.').append(str).toString());
        this.trace = this.log.isTraceEnabled();
        Class<?>[] clsArr = new Class[2];
        if (class$java$security$Principal == null) {
            cls = class$("java.security.Principal");
            class$java$security$Principal = cls;
        } else {
            cls = class$java$security$Principal;
        }
        clsArr[0] = cls;
        if (class$java$lang$Object == null) {
            cls2 = class$("java.lang.Object");
            class$java$lang$Object = cls2;
        } else {
            cls2 = class$java$lang$Object;
        }
        clsArr[1] = cls2;
        try {
            this.setSecurityInfo = callbackHandler.getClass().getMethod("setSecurityInfo", clsArr);
            this.log.debug(new StringBuffer().append("CallbackHandler: ").append(callbackHandler).toString());
            configureServerAuthModules(callbackHandler);
        } catch (Exception e) {
            throw new UndeclaredThrowableException(e, "Failed to find setSecurityInfo(Princpal, Object) method in handler");
        }
    }

    @Override // org.jboss.security.AuthenticationManager
    public String getSecurityDomain() {
        return this.securityDomain;
    }

    @Override // org.jboss.security.AuthenticationManager
    public boolean isValid(Principal principal, Object obj) {
        return isValid(principal, obj, null);
    }

    @Override // org.jboss.security.AuthenticationManager
    public boolean isValid(Principal principal, Object obj, Subject subject) {
        boolean authenticate = authenticate(principal, obj, subject);
        if (this.trace) {
            this.log.trace(new StringBuffer().append("End isValid, ").append(authenticate).toString());
        }
        return authenticate;
    }

    @Override // org.jboss.security.AuthenticationManager
    public Subject getActiveSubject() {
        return SecurityAssociation.getSubject();
    }

    public void cleanSubject(Subject subject, Map map) throws AuthException {
        updateSharedState(map);
        int size = this.serverAuthModules.size();
        for (int i = 0; i < size; i++) {
            ((ServerAuthModule) this.serverAuthModules.get(i)).cleanSubject(subject, (Map) this.sharedStateLocal.get());
        }
    }

    public AuthStatus secureResponse(AuthParam authParam, Subject subject, Map map) throws AuthException {
        throw new IllegalStateException("NotImplemented Yet");
    }

    public AuthStatus validateRequest(AuthParam authParam, Subject subject, Subject subject2, Map map) throws AuthException {
        AuthStatus authStatus = AuthStatus.FAIL;
        if (authParam == null) {
            throw new IllegalArgumentException("Illegal Null Argument:authParam");
        }
        if (subject == null) {
            subject = new Subject();
        }
        CallbackHandler populateCallbackHandler = populateCallbackHandler(map);
        updateSharedState(map);
        this.serverAuthModules.clear();
        configureServerAuthModules(populateCallbackHandler);
        int size = this.serverAuthModules.size();
        for (int i = 0; i < size; i++) {
            try {
                ServerAuthModule serverAuthModule = (ServerAuthModule) this.serverAuthModules.get(i);
                do {
                    authStatus = serverAuthModule.validateRequest(authParam, subject, subject2, (HashMap) this.sharedStateLocal.get());
                } while (authStatus.equals(AuthStatus.RETRY));
                if (authStatus.equals(AuthStatus.FAIL)) {
                    break;
                }
            } catch (AuthException e) {
                SubjectActions.setContextInfo("org.jboss.security.exception", e);
                throw e;
            }
        }
        if (authStatus.equals(AuthStatus.PROCEED)) {
            SubjectActions.setContextInfo("org.jboss.security.exception", null);
            SubjectActions.pushSubjectContext(null, null, subject);
        }
        return authStatus;
    }

    public void flushAuthenticationCache() {
    }

    public void flushAuthenticationCache(Principal principal) {
    }

    protected boolean authenticate(Principal principal, Object obj, Subject subject) {
        boolean z = false;
        Map map = (Map) this.sharedStateLocal.get();
        if (map == null) {
            map = new HashMap();
        }
        map.put("javax.security.auth.login.name", principal);
        map.put("javax.security.auth.login.password", obj);
        try {
            if (validateRequest(new GenericAuthParam(), subject, null, map).equals(AuthStatus.PROCEED)) {
                z = true;
            }
        } catch (AuthException e) {
        }
        return z;
    }

    private JASPIAuthenticationInfo getAuthenticationInfo() {
        BaseAuthenticationInfo baseAuthenticationInfo = getBaseAuthenticationInfo();
        if (baseAuthenticationInfo == null) {
            throw new IllegalStateException("authInfo is null");
        }
        if (baseAuthenticationInfo instanceof AuthenticationInfo) {
            return convertJaasConfigToJASPI(baseAuthenticationInfo);
        }
        if (baseAuthenticationInfo instanceof JASPIAuthenticationInfo) {
            return (JASPIAuthenticationInfo) baseAuthenticationInfo;
        }
        throw new IllegalStateException(new StringBuffer().append("AuthenticationInfo for securityDomain=").append(this.securityDomain).append(" not found").toString());
    }

    private BaseAuthenticationInfo getBaseAuthenticationInfo() {
        Configuration configuration = Configuration.getConfiguration();
        if (!(configuration instanceof XMLLoginConfigImpl)) {
            throw new IllegalStateException("Configuration not an instanceof XMLLoginConfigImpl");
        }
        XMLLoginConfigImpl xMLLoginConfigImpl = (XMLLoginConfigImpl) configuration;
        BaseAuthenticationInfo authenticationInfo = xMLLoginConfigImpl.getAuthenticationInfo(this.securityDomain);
        if (authenticationInfo == null) {
            if (this.trace) {
                this.log.trace(new StringBuffer().append("App Config for securityDomain=").append(this.securityDomain).append("not found. Defaulting to securityDomain=").append(SecurityConstants.DEFAULT_APPLICATION_POLICY).toString());
            }
            authenticationInfo = xMLLoginConfigImpl.getAuthenticationInfo(SecurityConstants.DEFAULT_APPLICATION_POLICY);
        }
        return authenticationInfo;
    }

    private JASPIAuthenticationInfo convertJaasConfigToJASPI(BaseAuthenticationInfo baseAuthenticationInfo) {
        if (!(baseAuthenticationInfo instanceof AuthenticationInfo)) {
            throw new IllegalArgumentException("authInfo not an instance of Jaas AuthenticationInfo");
        }
        LoginModuleStackHolder loginModuleStackHolder = new LoginModuleStackHolder(this.securityDomain, Arrays.asList(((AuthenticationInfo) baseAuthenticationInfo).getAppConfigurationEntry()));
        AuthModuleEntry authModuleEntry = new AuthModuleEntry(SecurityConstants.JASPI_DELEGATING_MODULE, null, null);
        authModuleEntry.setLoginModuleStackHolder(loginModuleStackHolder);
        JASPIAuthenticationInfo jASPIAuthenticationInfo = new JASPIAuthenticationInfo(this.securityDomain);
        jASPIAuthenticationInfo.add(authModuleEntry);
        return jASPIAuthenticationInfo;
    }

    private ServerAuthModule getServerAuthModule(AuthModuleEntry authModuleEntry, CallbackHandler callbackHandler) throws AuthException {
        ServerAuthModule serverAuthModule;
        Class<?> cls;
        String stringBuffer = new StringBuffer().append("Cannot instantiate ").append(authModuleEntry.getAuthModuleName()).append("::").toString();
        try {
            Class<?> loadClass = SubjectActions.getContextClassLoader().loadClass(authModuleEntry.getAuthModuleName());
            if (authModuleEntry.getAuthModuleName().equals(SecurityConstants.JASPI_DELEGATING_MODULE)) {
                Class<?>[] clsArr = new Class[1];
                if (class$org$jboss$security$auth$login$LoginModuleStackHolder == null) {
                    cls = class$("org.jboss.security.auth.login.LoginModuleStackHolder");
                    class$org$jboss$security$auth$login$LoginModuleStackHolder = cls;
                } else {
                    cls = class$org$jboss$security$auth$login$LoginModuleStackHolder;
                }
                clsArr[0] = cls;
                serverAuthModule = (ServerAuthModule) loadClass.getConstructor(clsArr).newInstance(authModuleEntry.getLoginModuleStackHolder());
            } else {
                serverAuthModule = (ServerAuthModule) loadClass.newInstance();
            }
            serverAuthModule.initialize((MessagePolicy) null, (MessagePolicy) null, callbackHandler, authModuleEntry.getOptions());
            return serverAuthModule;
        } catch (SecurityException e) {
            throw new IllegalStateException(new StringBuffer().append(stringBuffer).append(e.getLocalizedMessage()).toString());
        } catch (Exception e2) {
            throw new IllegalStateException(new StringBuffer().append(stringBuffer).append(e2.getLocalizedMessage()).toString());
        }
    }

    private void configureServerAuthModules(CallbackHandler callbackHandler) {
        AuthModuleEntry[] authModuleEntry = getAuthenticationInfo().getAuthModuleEntry();
        int length = authModuleEntry != null ? authModuleEntry.length : 0;
        for (int i = 0; i < length; i++) {
            try {
                this.serverAuthModules.add(getServerAuthModule(authModuleEntry[i], callbackHandler));
            } catch (AuthException e) {
                this.log.error(new StringBuffer().append("Configuration of server auth modules failed::").append(e.getLocalizedMessage()).toString());
            }
        }
    }

    private void updateSharedState(Map map) {
        HashMap hashMap = (HashMap) this.sharedStateLocal.get();
        if (map != null) {
            if (hashMap == null) {
                hashMap = new HashMap(map);
            } else {
                hashMap.putAll(map);
            }
            this.sharedStateLocal.set(hashMap);
        }
    }

    private CallbackHandler populateCallbackHandler(Map map) {
        CallbackHandler callbackHandler = this.handler;
        if (map != null) {
            Object[] objArr = {(Principal) map.get("javax.security.auth.login.name"), map.get("javax.security.auth.login.password")};
            try {
                callbackHandler = (CallbackHandler) this.handler.getClass().newInstance();
                this.setSecurityInfo.invoke(callbackHandler, objArr);
            } catch (Throwable th) {
                if (this.trace) {
                    this.log.trace("Failed to create/setSecurityInfo on handler", th);
                }
                throw new IllegalStateException("Failed to setSecurityInfo on handler");
            }
        }
        return callbackHandler;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }
}
