package org.jboss.web.tomcat.security;

import java.security.Principal;
import java.security.acl.Group;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.management.JMException;
import javax.management.MBeanServer;
import javax.management.ObjectName;
import javax.naming.InitialContext;
import javax.security.auth.Subject;
import javax.security.jacc.PolicyContext;
import javax.servlet.http.HttpSessionEvent;
import javax.servlet.http.HttpSessionListener;
import org.jboss.logging.Logger;
import org.jboss.mx.util.MBeanServerLocator;
import org.jboss.security.SubjectSecurityManager;

/* loaded from: input_file:org/jboss/web/tomcat/security/SecurityFlushSessionListener.class */
public class SecurityFlushSessionListener implements HttpSessionListener {
    private static Logger log = Logger.getLogger(SecurityFlushSessionListener.class);
    private boolean trace = log.isTraceEnabled();
    private String securityDomain = null;

    public void sessionCreated(HttpSessionEvent httpSessionEvent) {
        if (this.trace) {
            log.trace("Session Created with id=" + httpSessionEvent.getSession().getId());
        }
    }

    public void sessionDestroyed(HttpSessionEvent httpSessionEvent) {
        if (this.trace) {
            log.trace("Session Destroy with id=" + httpSessionEvent.getSession().getId());
        }
        try {
            Subject subjectAndSecurityDomain = getSubjectAndSecurityDomain();
            if (this.trace) {
                log.trace("securityDomain=" + this.securityDomain);
            }
            if (this.securityDomain == null) {
                log.debug("Unable to obtain SecurityDomain");
            }
            Principal principal = getPrincipal(subjectAndSecurityDomain);
            if (principal != null && this.securityDomain != null) {
                flushAuthenticationCache(principal);
            }
        } catch (Exception e) {
            log.error("Exception in sessionDestroyed:", e);
        }
    }

    private void flushAuthenticationCache(Principal principal) throws JMException {
        MBeanServer locateJBoss = MBeanServerLocator.locateJBoss();
        ObjectName objectName = new ObjectName("jboss.security:service=JaasSecurityManager");
        Object[] objArr = {this.securityDomain, principal};
        String[] strArr = {"java.lang.String", "java.security.Principal"};
        if (this.trace) {
            logAuthenticatedPrincipals(objectName, true);
        }
        locateJBoss.invoke(objectName, "flushAuthenticationCache", objArr, strArr);
        if (this.trace) {
            logAuthenticatedPrincipals(objectName, false);
        }
    }

    private Principal getPrincipal(Subject subject) {
        Set<Principal> principals;
        Principal principal = null;
        if (subject != null && ((principals = subject.getPrincipals()) != null || !principals.isEmpty())) {
            Iterator<Principal> it = principals.iterator();
            while (it.hasNext()) {
                principal = it.next();
                if (!(principal instanceof Group)) {
                    break;
                }
            }
        }
        if (this.trace) {
            log.trace("Authenticated Principal=" + principal);
        }
        return principal;
    }

    private Subject getSubjectAndSecurityDomain() throws Exception {
        SubjectSecurityManager subjectSecurityManager = null;
        try {
            subjectSecurityManager = getSecurityManagerService();
        } catch (Exception e) {
            log.debug("Obtaining SecurityManagerService failed::", e);
        }
        Subject subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container");
        if (this.trace) {
            log.trace("Jacc Subject = " + subject);
        }
        if (subjectSecurityManager != null) {
            this.securityDomain = subjectSecurityManager.getSecurityDomain();
        }
        if (subject == null && subjectSecurityManager != null) {
            subject = subjectSecurityManager.getActiveSubject();
            if (this.trace) {
                log.trace("Active Subject from security mgr service = " + subject);
            }
        }
        return subject;
    }

    private SubjectSecurityManager getSecurityManagerService() throws Exception {
        return (SubjectSecurityManager) new InitialContext().lookup("java:comp/env/security/securityMgr");
    }

    private void logAuthenticatedPrincipals(ObjectName objectName, boolean z) throws JMException {
        if (z) {
            log.trace("Before flush of authentication cache::");
        } else {
            log.trace("After flush of authentication cache::");
        }
        List list = (List) MBeanServerLocator.locateJBoss().invoke(objectName, "getAuthenticationCachePrincipals", new Object[]{this.securityDomain}, new String[]{"java.lang.String"});
        int size = list != null ? list.size() : 0;
        log.trace("Number of authenticated principals remaining in cache=" + size);
        for (int i = 0; i < size; i++) {
            log.trace("Authenticated principal in cache=" + list.get(i));
        }
    }
}
