package org.jboss.security.plugins;

import java.lang.reflect.Method;
import java.lang.reflect.UndeclaredThrowableException;
import java.security.Principal;
import java.security.acl.Group;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.jboss.logging.Logger;
import org.jboss.security.AnybodyPrincipal;
import org.jboss.security.NobodyPrincipal;
import org.jboss.security.RealmMapping;
import org.jboss.security.SecurityAssociation;
import org.jboss.security.SubjectSecurityManager;
import org.jboss.security.auth.callback.SecurityAssociationHandler;
import org.jboss.system.ServiceMBeanSupport;
import org.jboss.util.CachePolicy;
import org.jboss.util.TimedCachePolicy;

/* loaded from: input_file:org/jboss/security/plugins/JaasSecurityManager.class */
public class JaasSecurityManager extends ServiceMBeanSupport implements SubjectSecurityManager, RealmMapping {
    private String securityDomain;
    private CachePolicy domainCache;
    private CallbackHandler handler;
    private Method setSecurityInfo;
    protected Logger log;
    static Class class$org$jboss$security$plugins$JaasSecurityManager$DomainInfo;
    static Class class$java$security$Principal;
    static Class class$java$lang$Object;
    static Class class$java$security$acl$Group;

    /* loaded from: input_file:org/jboss/security/plugins/JaasSecurityManager$DomainInfo.class */
    public static class DomainInfo implements TimedCachePolicy.TimedEntry {
        private static Logger log;
        LoginContext loginCtx;
        Subject subject;
        Object credential;
        Principal callerPrincipal;
        Group roles;
        long expirationTime;

        public DomainInfo(int i) {
            this.expirationTime = 1000 * i;
        }

        public void init(long j) {
            this.expirationTime += j;
        }

        public boolean isCurrent(long j) {
            return this.expirationTime > j;
        }

        public boolean refresh() {
            return false;
        }

        public void destroy() {
            try {
                this.loginCtx.logout();
            } catch (Exception e) {
                if (log.isTraceEnabled()) {
                    log.trace("Cache entry logout failed", e);
                }
            }
        }

        public Object getValue() {
            return this;
        }

        static {
            Class cls;
            if (JaasSecurityManager.class$org$jboss$security$plugins$JaasSecurityManager$DomainInfo == null) {
                cls = JaasSecurityManager.class$("org.jboss.security.plugins.JaasSecurityManager$DomainInfo");
                JaasSecurityManager.class$org$jboss$security$plugins$JaasSecurityManager$DomainInfo = cls;
            } else {
                cls = JaasSecurityManager.class$org$jboss$security$plugins$JaasSecurityManager$DomainInfo;
            }
            log = Logger.getLogger(cls);
        }
    }

    public static Subject getActiveSubject(String str) {
        return null;
    }

    public static LoginContext getActiveSubjectLoginContext(String str, CallbackHandler callbackHandler) throws LoginException {
        Subject activeSubject = getActiveSubject(str);
        if (activeSubject == null) {
            throw new LoginException(new StringBuffer().append("No active subject found in securityDomain: ").append(str).toString());
        }
        return callbackHandler != null ? new LoginContext(str, activeSubject, callbackHandler) : new LoginContext(str, activeSubject);
    }

    public JaasSecurityManager() {
        this("other", new SecurityAssociationHandler());
    }

    public JaasSecurityManager(String str, CallbackHandler callbackHandler) {
        Class<?> cls;
        Class<?> cls2;
        this.securityDomain = str;
        this.handler = callbackHandler;
        this.log = Logger.getLogger(new StringBuffer().append(getClass().getName()).append('.').append(str).toString());
        Class<?>[] clsArr = new Class[2];
        if (class$java$security$Principal == null) {
            cls = class$("java.security.Principal");
            class$java$security$Principal = cls;
        } else {
            cls = class$java$security$Principal;
        }
        clsArr[0] = cls;
        if (class$java$lang$Object == null) {
            cls2 = class$("java.lang.Object");
            class$java$lang$Object = cls2;
        } else {
            cls2 = class$java$lang$Object;
        }
        clsArr[1] = cls2;
        try {
            this.setSecurityInfo = callbackHandler.getClass().getMethod("setSecurityInfo", clsArr);
        } catch (Exception e) {
            throw new UndeclaredThrowableException(e, "Failed to find setSecurityInfo(Princpal, Object) method in handler");
        }
    }

    public void setCachePolicy(CachePolicy cachePolicy) {
        this.domainCache = cachePolicy;
        this.log.debug(new StringBuffer().append("CachePolicy set to: ").append(cachePolicy).toString());
    }

    public void flushCache() {
        if (this.domainCache != null) {
            this.domainCache.flush();
        }
    }

    @Override // org.jboss.security.SubjectSecurityManager
    public String getSecurityDomain() {
        return this.securityDomain;
    }

    @Override // org.jboss.security.SubjectSecurityManager
    public Subject getActiveSubject() {
        return SecurityAssociation.getSubject();
    }

    @Override // org.jboss.security.AuthenticationManager
    public boolean isValid(Principal principal, Object obj) {
        return isValid(principal, obj, null);
    }

    @Override // org.jboss.security.SubjectSecurityManager
    public synchronized boolean isValid(Principal principal, Object obj, Subject subject) {
        Subject activeSubject;
        DomainInfo cacheInfo = getCacheInfo(principal, true);
        boolean z = false;
        if (cacheInfo != null) {
            z = validateCache(cacheInfo, obj);
        }
        if (!z) {
            z = authenticate(principal, obj);
        }
        if (z && subject != null && (activeSubject = getActiveSubject()) != null) {
            SubjectActions.copySubject(activeSubject, subject);
        }
        return z;
    }

    @Override // org.jboss.security.RealmMapping
    public Principal getPrincipal(Principal principal) {
        Principal principal2 = principal;
        synchronized (this.domainCache) {
            DomainInfo cacheInfo = getCacheInfo(principal, false);
            if (cacheInfo != null) {
                principal2 = cacheInfo.callerPrincipal;
                if (principal2 == null) {
                    principal2 = principal;
                }
            }
        }
        return principal2;
    }

    @Override // org.jboss.security.RealmMapping
    public boolean doesUserHaveRole(Principal principal, Set set) {
        boolean z = false;
        if (SubjectActions.getActiveSubject() != null) {
            synchronized (this.domainCache) {
                DomainInfo cacheInfo = getCacheInfo(principal, false);
                Group group = null;
                if (cacheInfo != null) {
                    group = cacheInfo.roles;
                }
                if (group != null) {
                    Iterator it = set.iterator();
                    while (!z && it.hasNext()) {
                        z = doesRoleGroupHaveRole((Principal) it.next(), group);
                    }
                }
            }
        }
        return z;
    }

    public boolean doesUserHaveRole(Principal principal, Principal principal2) {
        boolean z = false;
        if (SubjectActions.getActiveSubject() != null) {
            synchronized (this.domainCache) {
                DomainInfo cacheInfo = getCacheInfo(principal, false);
                Group group = null;
                if (cacheInfo != null) {
                    group = cacheInfo.roles;
                }
                if (group != null) {
                    z = doesRoleGroupHaveRole(principal2, group);
                }
            }
        }
        return z;
    }

    @Override // org.jboss.security.RealmMapping
    public Set getUserRoles(Principal principal) {
        HashSet hashSet = null;
        if (SubjectActions.getActiveSubject() != null) {
            synchronized (this.domainCache) {
                DomainInfo cacheInfo = getCacheInfo(principal, false);
                Group group = null;
                if (cacheInfo != null) {
                    group = cacheInfo.roles;
                }
                if (group != null) {
                    hashSet = new HashSet();
                    Enumeration<? extends Principal> members = group.members();
                    while (members.hasMoreElements()) {
                        hashSet.add(members.nextElement());
                    }
                }
            }
        }
        return hashSet;
    }

    protected boolean doesRoleGroupHaveRole(Principal principal, Group group) {
        if (principal instanceof NobodyPrincipal) {
            return false;
        }
        boolean isMember = group.isMember(principal);
        if (!isMember) {
            isMember = principal instanceof AnybodyPrincipal;
        }
        return isMember;
    }

    private boolean authenticate(Principal principal, Object obj) {
        boolean z = false;
        LoginException loginException = null;
        try {
            SubjectActions.setActiveSubject(null);
            LoginContext defaultLogin = defaultLogin(principal, obj);
            Subject subject = defaultLogin.getSubject();
            if (subject != null) {
                SubjectActions.setActiveSubject(subject);
                z = true;
                updateCache(defaultLogin, subject, principal, obj);
            }
        } catch (LoginException e) {
            if ((principal != null && principal.getName() != null) || this.log.isTraceEnabled()) {
                this.log.trace("Login failure", e);
            }
            loginException = e;
        }
        SubjectActions.setContextInfo("org.jboss.security.exception", loginException);
        return z;
    }

    private LoginContext defaultLogin(Principal principal, Object obj) throws LoginException {
        try {
            this.setSecurityInfo.invoke(this.handler, principal, obj);
            LoginContext createLoginContext = SubjectActions.createLoginContext(this.securityDomain, new Subject(), this.handler);
            createLoginContext.login();
            return createLoginContext;
        } catch (Exception e) {
            if (this.log.isTraceEnabled()) {
                this.log.trace("Failed to setSecurityInfo on handler", e);
            }
            throw new LoginException(new StringBuffer().append("Failed to setSecurityInfo on handler, msg=").append(e.getMessage()).toString());
        }
    }

    private boolean validateCache(DomainInfo domainInfo, Object obj) {
        if (this.log.isTraceEnabled()) {
            this.log.trace(new StringBuffer().append("validateCache, info=").append(domainInfo).toString());
        }
        Object obj2 = domainInfo.credential;
        boolean z = false;
        if (obj == null || obj2 == null) {
            z = obj == null && obj2 == null;
        } else if (obj2.getClass().isAssignableFrom(obj.getClass())) {
            if (obj2 instanceof Comparable) {
                z = ((Comparable) obj2).compareTo(obj) == 0;
            } else {
                z = obj2 instanceof char[] ? Arrays.equals((char[]) obj2, (char[]) obj) : obj2 instanceof byte[] ? Arrays.equals((byte[]) obj2, (byte[]) obj) : obj2.getClass().isArray() ? Arrays.equals((Object[]) obj2, (Object[]) obj) : obj2.equals(obj);
            }
        }
        if (z) {
            SubjectActions.setActiveSubject(domainInfo.subject);
        }
        return z;
    }

    private DomainInfo getCacheInfo(Principal principal, boolean z) {
        DomainInfo domainInfo;
        if (this.domainCache == null) {
            return null;
        }
        synchronized (this.domainCache) {
            domainInfo = z ? (DomainInfo) this.domainCache.get(principal) : (DomainInfo) this.domainCache.peek(principal);
        }
        return domainInfo;
    }

    private void updateCache(LoginContext loginContext, Subject subject, Principal principal, Object obj) {
        Class cls;
        Class cls2;
        if (this.domainCache == null) {
            return;
        }
        DomainInfo domainInfo = new DomainInfo(this.domainCache instanceof TimedCachePolicy ? this.domainCache.getDefaultLifetime() : 0);
        domainInfo.loginCtx = loginContext;
        domainInfo.subject = subject;
        domainInfo.credential = obj;
        if (this.log.isTraceEnabled()) {
            this.log.trace(new StringBuffer().append("updateCache, subject=").append(subject).toString());
        }
        if (class$java$security$acl$Group == null) {
            cls = class$("java.security.acl.Group");
            class$java$security$acl$Group = cls;
        } else {
            cls = class$java$security$acl$Group;
        }
        for (Group group : subject.getPrincipals(cls)) {
            String name = group.getName();
            if (name.equals("CallerPrincipal")) {
                Enumeration<? extends Principal> members = group.members();
                if (members.hasMoreElements()) {
                    domainInfo.callerPrincipal = members.nextElement();
                }
            } else if (name.equals("Roles")) {
                domainInfo.roles = group;
            }
        }
        if (principal == null && domainInfo.callerPrincipal == null) {
            if (class$java$security$Principal == null) {
                cls2 = class$("java.security.Principal");
                class$java$security$Principal = cls2;
            } else {
                cls2 = class$java$security$Principal;
            }
            for (Principal principal2 : subject.getPrincipals(cls2)) {
                if (!(principal2 instanceof Group)) {
                    domainInfo.callerPrincipal = principal2;
                }
            }
        }
        synchronized (this.domainCache) {
            if (this.domainCache.peek(principal) != null) {
                this.domainCache.remove(principal);
            }
            this.domainCache.insert(principal, domainInfo);
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }
}
