package org.jboss.web.tomcat.security;

import java.io.IOException;
import java.security.Principal;
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.catalina.Manager;
import org.apache.catalina.Request;
import org.apache.catalina.Response;
import org.apache.catalina.Session;
import org.apache.catalina.ValveContext;
import org.apache.catalina.Wrapper;
import org.apache.catalina.valves.ValveBase;
import org.jboss.logging.Logger;
import org.jboss.metadata.WebMetaData;
import org.jboss.security.SimplePrincipal;
import org.jboss.security.SubjectSecurityManager;
import org.jboss.security.plugins.JaasSecurityManagerServiceMBean;

/* loaded from: input_file:org/jboss/web/tomcat/security/SecurityAssociationValve.class */
public class SecurityAssociationValve extends ValveBase {
    private static Logger log;
    public static ThreadLocal userPrincipal;
    private WebMetaData metaData;
    private JaasSecurityManagerServiceMBean secMgrService;
    static Class class$org$jboss$web$tomcat$security$SecurityAssociationValve;
    private String subjectAttributeName = null;
    private boolean trace = log.isTraceEnabled();

    public SecurityAssociationValve(WebMetaData webMetaData, JaasSecurityManagerServiceMBean jaasSecurityManagerServiceMBean) {
        this.metaData = webMetaData;
        this.secMgrService = jaasSecurityManagerServiceMBean;
    }

    public void setSubjectAttributeName(String str) {
        this.subjectAttributeName = str;
        if (str == null || str.length() != 0) {
            return;
        }
        this.subjectAttributeName = null;
    }

    public void invoke(Request request, Response response, ValveContext valveContext) throws IOException, ServletException {
        Principal userPrincipal2;
        Context securityContext;
        Session session = null;
        HttpServletRequest request2 = request.getRequest();
        Object userPrincipal3 = request2.getUserPrincipal();
        String str = null;
        try {
            try {
                Wrapper wrapper = request.getWrapper();
                if (wrapper != null) {
                    str = wrapper.getRunAs();
                    if (this.trace) {
                        log.trace(new StringBuffer().append(wrapper.getName()).append(", runAs: ").append(str).toString());
                    }
                    if (str != null) {
                        SecurityAssociationActions.pushRunAsRole(new SimplePrincipal(str));
                    }
                }
                userPrincipal.set(userPrincipal3);
                JBossGenericPrincipal jBossGenericPrincipal = null;
                if (userPrincipal3 == null || !(userPrincipal3 instanceof JBossGenericPrincipal)) {
                    HttpSession session2 = request2.getSession(false);
                    Manager manager = this.container.getManager();
                    if (manager != null && session2 != null) {
                        try {
                            session = manager.findSession(session2.getId());
                        } catch (IOException e) {
                        }
                    }
                    if (session != null) {
                        jBossGenericPrincipal = (JBossGenericPrincipal) session.getPrincipal();
                    }
                } else {
                    jBossGenericPrincipal = (JBossGenericPrincipal) userPrincipal3;
                }
                if (jBossGenericPrincipal != null) {
                    if (this.trace) {
                        log.trace("Restoring principal info from cache");
                    }
                    SecurityAssociationActions.setPrincipalInfo(jBossGenericPrincipal.getPrincipal(), jBossGenericPrincipal.getCredentials(), jBossGenericPrincipal.getSubject());
                }
                if (this.subjectAttributeName != null && (securityContext = getSecurityContext()) != null) {
                    request2.setAttribute(this.subjectAttributeName, ((SubjectSecurityManager) securityContext.lookup("securityMgr")).getActiveSubject());
                }
            } catch (Throwable th) {
                log.debug("Failed to determine servlet", th);
            }
            valveContext.invokeNext(request, response);
            if (str != null) {
                SecurityAssociationActions.popRunAsRole();
            }
            if (this.secMgrService != null && session != null && !session.isValid() && this.metaData.isFlushOnSessionInvalidation() && (userPrincipal2 = request2.getUserPrincipal()) != null) {
                String securityDomain = this.metaData.getSecurityDomain();
                if (this.trace) {
                    log.trace(new StringBuffer().append("Session is invalid, security domain: ").append(securityDomain).append(", user=").append(userPrincipal2).toString());
                }
                try {
                    this.secMgrService.flushAuthenticationCache(securityDomain, userPrincipal2);
                } catch (Exception e2) {
                    log.debug("Failed to flush auth cache", e2);
                }
            }
            SecurityAssociationActions.clear();
            userPrincipal.set(null);
        } catch (Throwable th2) {
            SecurityAssociationActions.clear();
            userPrincipal.set(null);
            throw th2;
        }
    }

    private Context getSecurityContext() {
        Context context = null;
        try {
            context = (Context) new InitialContext().lookup("java:comp/env/security");
        } catch (NamingException e) {
        }
        return context;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$org$jboss$web$tomcat$security$SecurityAssociationValve == null) {
            cls = class$("org.jboss.web.tomcat.security.SecurityAssociationValve");
            class$org$jboss$web$tomcat$security$SecurityAssociationValve = cls;
        } else {
            cls = class$org$jboss$web$tomcat$security$SecurityAssociationValve;
        }
        log = Logger.getLogger(cls);
        userPrincipal = new ThreadLocal();
    }
}
