package com.adventnet.authentication.internal;

import com.adventnet.authentication.Credential;
import com.adventnet.authentication.NoSuchUserAccountException;
import com.adventnet.authentication.PAM;
import com.adventnet.authentication.PAMException;
import com.adventnet.authentication.util.AuthDBUtil;
import com.adventnet.authentication.util.AuthUtil;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import javax.security.auth.login.AccountExpiredException;
import javax.security.auth.login.CredentialExpiredException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSessionEvent;
import javax.servlet.http.HttpSessionListener;
import org.jboss.security.RealmMapping;
import org.jboss.security.SecurityAssociation;
import org.jboss.security.SimplePrincipal;
import org.jboss.security.SubjectSecurityManager;
import org.jboss.util.TimedCachePolicy;

/* loaded from: input_file:com/adventnet/authentication/internal/WebClientAuthenticationManager.class */
public class WebClientAuthenticationManager implements SubjectSecurityManager, RealmMapping, HttpSessionListener {
    protected static Logger logger;
    public static String service;
    private TimedCachePolicy domainCache;
    private static ThreadLocal requestThread;
    static Class class$com$adventnet$authentication$internal$WebClientAuthenticationManager;
    static Class class$com$adventnet$authentication$internal$WebClientAuthenticationManager$DomainInfo;

    /* loaded from: input_file:com/adventnet/authentication/internal/WebClientAuthenticationManager$DomainInfo.class */
    public static class DomainInfo implements TimedCachePolicy.TimedEntry {
        private static Logger logger;
        Object password;
        Principal principal;
        Credential credential;
        long expirationTime;

        public DomainInfo(int i) {
            logger.log(Level.FINEST, "initialized with lifetime : {0} min", new Integer(i));
            this.expirationTime = 1000 * i;
        }

        public void init(long j) {
            logger.log(Level.FINEST, "init invoked with value : {0}", new Long(j));
            this.expirationTime += j;
            logger.log(Level.FINEST, "expiration time = {0}", new Long(this.expirationTime));
        }

        public boolean isCurrent(long j) {
            logger.log(Level.FINEST, "isCurrent invoked with time : {0}", new Long(j));
            logger.log(Level.FINEST, "System.currentTimeMillis : {0}", new Long(System.currentTimeMillis()));
            boolean z = this.expirationTime > j;
            logger.log(Level.FINEST, "isCurrent status : {0}", new Boolean(z));
            return z;
        }

        public boolean refresh() {
            logger.log(Level.FINEST, "refresh invoked");
            return false;
        }

        public void destroy() {
            logger.log(Level.FINEST, "destroy invoked");
        }

        public Object getValue() {
            logger.log(Level.FINEST, "getValue invoked");
            return this;
        }

        public String toString() {
            return new StringBuffer().append("[ DomainInfo : ").append(this.principal).append("\nCredential : ").append(this.credential).append("\nExpirationTime : ").append(this.expirationTime).append("]").toString();
        }

        static {
            Class cls;
            if (WebClientAuthenticationManager.class$com$adventnet$authentication$internal$WebClientAuthenticationManager$DomainInfo == null) {
                cls = WebClientAuthenticationManager.class$("com.adventnet.authentication.internal.WebClientAuthenticationManager$DomainInfo");
                WebClientAuthenticationManager.class$com$adventnet$authentication$internal$WebClientAuthenticationManager$DomainInfo = cls;
            } else {
                cls = WebClientAuthenticationManager.class$com$adventnet$authentication$internal$WebClientAuthenticationManager$DomainInfo;
            }
            logger = Logger.getLogger(cls.getName());
        }
    }

    public WebClientAuthenticationManager() {
        this.domainCache = new TimedCachePolicy();
        logger.log(Level.FINEST, "initializing WebClientAuthenticationManager");
        this.domainCache = new TimedCachePolicy(2, false, 1);
        this.domainCache.create();
        this.domainCache.start();
    }

    public String getSecurityDomain() {
        logger.log(Level.FINEST, "getSecurityDomain invoked. NOT KNOWN - WHY THIS IS INVOKED");
        Thread.dumpStack();
        return service;
    }

    public static void setRequestInThreadLocal(HttpServletRequest httpServletRequest) {
        requestThread.set(httpServletRequest);
    }

    public boolean isValid(Principal principal, Object obj) {
        logger.log(Level.FINEST, "isValid invoked for Principal : {0}", principal);
        HttpServletRequest httpServletRequest = (HttpServletRequest) requestThread.get();
        logger.log(Level.FINEST, "httpServletRequest obtained from threadLocal variable is : {0}", httpServletRequest);
        boolean isValid = isValid(principal, obj, httpServletRequest);
        logger.log(Level.FINEST, "authentication result for user : {0} is : {1}", new Object[]{principal.getName(), new Boolean(isValid)});
        return isValid;
    }

    public boolean isValid(Principal principal, Object obj, HttpServletRequest httpServletRequest) {
        String str;
        try {
            if (httpServletRequest == null) {
                logger.warning("Request obtained is null. return isValid as false");
                return false;
            }
            String name = principal.getName();
            if (name == null || name.equals("")) {
                logger.log(Level.WARNING, "Login name obtained is null");
                httpServletRequest.setAttribute("login_status", "loginname is null");
                return false;
            }
            String str2 = obj instanceof String ? (String) obj : obj instanceof char[] ? new String((char[]) obj) : null;
            if (str2 == null || str2.equals("")) {
                logger.log(Level.WARNING, "Password obtained is null");
                httpServletRequest.setAttribute("login_status", "password is null");
                return false;
            }
            logger.log(Level.INFO, "authenticating user : {0}", name);
            logger.log(Level.FINEST, "HttpSessionId obtained from HttpSession is : {0}", httpServletRequest.getSession().getId());
            String contextPath = httpServletRequest.getContextPath();
            if (contextPath != null) {
                str = AuthDBUtil.getServiceNameForContext(contextPath);
                logger.log(Level.FINEST, "service name obtained for contextPath : {0} is {1}", (Object[]) new String[]{contextPath, str});
                if (str == null) {
                    logger.log(Level.WARNING, "service name obtained for context is null, using System as service name");
                    str = "System";
                }
            } else {
                logger.log(Level.FINEST, "contextpath obtained from request is null. using default service System");
                str = "System";
            }
            SimplePrincipal simplePrincipal = new SimplePrincipal(new StringBuffer().append(name).append("@").append(httpServletRequest.getRemoteHost()).toString());
            DomainInfo cacheInfo = getCacheInfo(simplePrincipal);
            logger.log(Level.FINEST, "cacheInfo obtained for cachePrincipal : {0} is : {1}", new Object[]{simplePrincipal, cacheInfo});
            if (cacheInfo != null && validateCache(cacheInfo, obj)) {
                logger.log(Level.FINEST, "cacheInfo validated");
                Credential credential = cacheInfo.credential;
                AuthUtil.setUserCredential(credential);
                httpServletRequest.setAttribute("credential", credential);
                httpServletRequest.setAttribute("login_status", "SUCCESS");
                return true;
            }
            logger.log(Level.FINEST, "cache check failed");
            logger.log(Level.FINEST, "Going to authenticate principal : {0}, pass, service: {1}, request: {2}", new Object[]{name, str, httpServletRequest});
            long authenticate = PAM.authenticate(name, str2, str, httpServletRequest);
            logger.log(Level.FINEST, "sessionId obtained after authenticating : {0}", new Long(authenticate));
            Credential credential2 = PAM.getInstance(authenticate).getCredential();
            logger.log(Level.FINEST, "Credential object obtained after authenticating : {0}", credential2);
            String parameter = httpServletRequest.getParameter("j_profile");
            logger.log(Level.FINEST, "profile obtained from request is : {0}", parameter);
            if (parameter != null) {
                credential2.getProperties().setProperty("profile", parameter);
            }
            updateCache(simplePrincipal, obj, credential2);
            httpServletRequest.setAttribute("credential", credential2);
            httpServletRequest.setAttribute("login_status", "SUCCESS");
            return true;
        } catch (AccountExpiredException e) {
            httpServletRequest.setAttribute("login_status", e.getMessage());
            return false;
        } catch (FailedLoginException e2) {
            httpServletRequest.setAttribute("login_status", e2.getMessage());
            return false;
        } catch (NoSuchUserAccountException e3) {
            httpServletRequest.setAttribute("login_status", e3.getMessage());
            return false;
        } catch (CredentialExpiredException e4) {
            httpServletRequest.setAttribute("login_status", e4.getMessage());
            return false;
        } catch (PAMException e5) {
            httpServletRequest.setAttribute("login_status", e5.getMessage());
            logger.log(Level.WARNING, "PAM Exception caught while validating in WebClientAuthenticationManager : {0}", e5.getMessage());
            logger.log(Level.FINEST, "PAM Exception caught while validating in WebClientAuthenticationManager : {0}", (Throwable) e5);
            return false;
        } catch (Exception e6) {
            httpServletRequest.setAttribute("login_status", e6.getMessage());
            logger.log(Level.SEVERE, "Exception caught while authenticating : ", (Throwable) e6);
            return false;
        }
    }

    public boolean isValid(Principal principal, Object obj, Subject subject) {
        logger.log(Level.FINEST, "isValid called with principal, credential and Subject : {0}", subject);
        return isValid(principal, obj);
    }

    public Principal getPrincipal(Principal principal) {
        return principal;
    }

    public boolean doesUserHaveRole(Principal principal, Set set) {
        logger.log(Level.FINEST, "doesUserHaveRole invoked with Principal : {0} and rolePrincipals : {1}", new Object[]{principal, set});
        List roles = getRoles(principal);
        if (roles == null) {
            return false;
        }
        Iterator it = set.iterator();
        ArrayList arrayList = new ArrayList();
        while (it.hasNext()) {
            arrayList.add(((Principal) it.next()).getName());
        }
        return roles.containsAll(arrayList);
    }

    public boolean doesUserHaveRole(Principal principal, Principal principal2) {
        logger.log(Level.FINEST, "doesUserHaveRole invoked with Principal : {0} and RolePrincipal : {1}", new Object[]{principal, principal2});
        List roles = getRoles(principal);
        return roles != null && roles.contains(principal2.getName());
    }

    public Set getUserRoles(Principal principal) {
        logger.log(Level.FINEST, "getUserRoles invoked for Principal : {0}", principal);
        List roles = getRoles(principal);
        if (roles == null) {
            logger.log(Level.FINEST, "returning null");
            return null;
        }
        HashSet hashSet = new HashSet();
        int size = roles.size();
        for (int i = 0; i < size; i++) {
            hashSet.add(new SimplePrincipal((String) roles.get(i)));
        }
        logger.log(Level.FINEST, "returning : {0}", hashSet);
        return hashSet;
    }

    public Subject getActiveSubject() {
        logger.log(Level.FINEST, "getActiveSubject called");
        return SecurityAssociation.getSubject();
    }

    public void sessionCreated(HttpSessionEvent httpSessionEvent) {
        logger.log(Level.FINEST, "method sessionCreated invoked. doing  nothing");
    }

    public void sessionDestroyed(HttpSessionEvent httpSessionEvent) {
        logger.log(Level.FINEST, "method sessionDestroyed invoked.");
        try {
            String str = (String) httpSessionEvent.getSession().getAttribute("JSESSIONIDSSO");
            logger.log(Level.FINEST, "JSESSIONIDSSO obtained while destroying session : {0}", str);
            logout(str);
        } catch (Exception e) {
            logger.log(Level.SEVERE, "Exception thrown while closing session : {0}", (Throwable) e);
        }
    }

    public void logout(String str) throws LoginException {
        logger.log(Level.FINEST, "logout called with JSESSIONIDSSO : {0}", str);
        if (str == null) {
            logger.log(Level.FINEST, "ssoId obtained is null. ignored call to close session");
            return;
        }
        for (Long l : AuthDBUtil.getSessionIds(str)) {
            logger.log(Level.FINEST, "invoking pam.close for sessionid : {0}", l);
            try {
                PAM.close(l.longValue());
            } catch (Exception e) {
                logger.log(Level.SEVERE, "Exception caught while trying to logout user : {0}", (Throwable) e);
            }
        }
    }

    private List getRoles(Principal principal) {
        Credential userCredential = AuthUtil.getUserCredential();
        logger.log(Level.FINEST, "Credential object obtained from AuthUtil : {0}", userCredential);
        if (userCredential == null) {
            logger.log(Level.FINEST, "Credential object obtained from AuthUtil is null. return null");
            return null;
        }
        if (!userCredential.getLoginName().equals(principal.getName())) {
            logger.log(Level.FINEST, "Credential obtained for an unknown principal : return null");
            return null;
        }
        List asList = Arrays.asList(userCredential.getRoles());
        if (asList != null) {
            return asList;
        }
        logger.log(Level.FINEST, "role list obtained from credential object is null. return null");
        return null;
    }

    private void updateCache(Principal principal, Object obj, Credential credential) {
        logger.log(Level.FINEST, "updateCace invoked for principal : {0} and credential : {1}", new Object[]{principal, credential});
        logger.log(Level.FINEST, "domainCache.size = {0}", new Integer(this.domainCache.size()));
        DomainInfo domainInfo = new DomainInfo(this.domainCache.getDefaultLifetime());
        domainInfo.principal = principal;
        domainInfo.password = obj;
        domainInfo.credential = credential;
        logger.log(Level.FINEST, "DomainInfo object : {0}", domainInfo);
        synchronized (this.domainCache) {
            if (this.domainCache.peek(principal) != null) {
                this.domainCache.remove(principal);
            }
            this.domainCache.insert(principal, domainInfo);
        }
    }

    private DomainInfo getCacheInfo(Principal principal) {
        DomainInfo domainInfo;
        synchronized (this.domainCache) {
            domainInfo = (DomainInfo) this.domainCache.get(principal);
        }
        return domainInfo;
    }

    private void removeCacheInfo(Principal principal) {
        logger.log(Level.FINEST, "removeCacheInfo invoked for principal : {0}", principal);
        synchronized (this.domainCache) {
            DomainInfo domainInfo = (DomainInfo) this.domainCache.peek(principal);
            logger.log(Level.FINEST, "domainInfo obtained from cache : {0}", domainInfo);
            if (domainInfo == null) {
                logger.log(Level.FINEST, "unable to remove domainInfo from cache");
            } else {
                this.domainCache.remove(principal);
                logger.log(Level.FINEST, "removed domainInfo from cache");
            }
        }
    }

    private boolean validateCache(DomainInfo domainInfo, Object obj) {
        Object obj2 = domainInfo.password;
        boolean z = false;
        if (obj == null && obj2 == null) {
            z = true;
        } else if (obj2.getClass().isAssignableFrom(obj.getClass())) {
            if (obj2 instanceof Comparable) {
                z = ((Comparable) obj2).compareTo(obj) == 0;
            } else {
                z = obj2 instanceof char[] ? Arrays.equals((char[]) obj2, (char[]) obj) : obj2 instanceof byte[] ? Arrays.equals((byte[]) obj2, (byte[]) obj) : obj2.equals(obj);
            }
        }
        logger.log(Level.FINEST, "validateCache result : {0}", new Boolean(z));
        return z;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$com$adventnet$authentication$internal$WebClientAuthenticationManager == null) {
            cls = class$("com.adventnet.authentication.internal.WebClientAuthenticationManager");
            class$com$adventnet$authentication$internal$WebClientAuthenticationManager = cls;
        } else {
            cls = class$com$adventnet$authentication$internal$WebClientAuthenticationManager;
        }
        logger = Logger.getLogger(cls.getName());
        service = null;
        requestThread = new ThreadLocal();
    }
}
