package org.josso.jb4.agent;

import java.security.Principal;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.LinkRef;
import javax.naming.NamingException;
import javax.security.auth.Subject;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.jboss.naming.Util;
import org.jboss.security.AuthenticationManager;
import org.jboss.security.RealmMapping;
import org.jboss.security.SimplePrincipal;
import org.jboss.security.SubjectSecurityManager;
import org.jboss.security.plugins.JaasSecurityManager;
import org.jboss.util.CachePolicy;
import org.jboss.web.tomcat.security.JBossSecurityMgrRealm;
import org.jboss.web.tomcat.security.SecurityAssociationValve;
import org.josso.gateway.identity.SSOUser;
import org.josso.tc55.agent.jaas.CatalinaSSOUser;

/* loaded from: input_file:org/josso/jb4/agent/JBossCatalinaRealm.class */
public class JBossCatalinaRealm extends JBossSecurityMgrRealm {
    private static final String JOSSO_SECURITY_DOMAIN = "java:/jaas/josso";
    private static final Log logger = LogFactory.getLog(JBossCatalinaRealm.class);
    private static final String DEFAULT_CACHE_POLICY_PATH = "java:/timedCacheFactory";
    private static String cacheJndiName = DEFAULT_CACHE_POLICY_PATH;

    protected boolean isSSODomain(String str) {
        boolean equals = "josso".equals(str);
        if (logger.isDebugEnabled()) {
            logger.debug(" JBoss Security Domain [" + str + "] is" + (equals ? "" : " not") + " under SSO Control");
        }
        return equals;
    }

    public Principal authenticate(String str, String str2) {
        Context prepareENC;
        logger.debug("Begin authenticate, username=" + str);
        SSOUser sSOUser = null;
        if (((Principal) SecurityAssociationValve.userPrincipal.get()) == null && str == null && str2 == null) {
            return null;
        }
        try {
            prepareENC = prepareENC();
        } catch (NamingException e) {
            logger.error("Error during authenticate", e);
        }
        if (prepareENC == null) {
            logger.error("No security context for authenticate(String, String)");
            return null;
        }
        SubjectSecurityManager subjectSecurityManager = (SubjectSecurityManager) prepareENC.lookup("securityMgr");
        if (!isSSODomain(subjectSecurityManager.getSecurityDomain())) {
            return super.authenticate(str, str2);
        }
        SimplePrincipal simplePrincipal = new SimplePrincipal(str);
        char[] cArr = null;
        if (str2 != null) {
            cArr = str2.toCharArray();
        }
        Subject subject = new Subject();
        if (subjectSecurityManager.isValid(simplePrincipal, str2, subject)) {
            logger.debug("User: " + str + " is authenticated");
            logger.debug("Authenticated Subject: " + subject);
            Iterator it = subject.getPrincipals(SSOUser.class).iterator();
            if (it.hasNext()) {
                sSOUser = (SSOUser) it.next();
            }
            JBossSecurityAssociationActions.setPrincipalInfo(sSOUser, cArr, subject);
            RealmMapping realmMapping = (RealmMapping) prepareENC.lookup("realmMapping");
            SSOUser sSOUser2 = sSOUser;
            Principal principal = realmMapping.getPrincipal(sSOUser2);
            logger.debug("Mapped from input principal: " + sSOUser2 + " to: " + principal);
            getCachingPrincpal(realmMapping, sSOUser2, principal, str2, subject);
        } else {
            logger.debug("User: " + str + " is NOT authenticated");
        }
        logger.debug("End authenticate, principal=" + sSOUser);
        return sSOUser;
    }

    public boolean hasRole(Principal principal, String str) {
        Context prepareENC;
        SubjectSecurityManager subjectSecurityManager;
        boolean z = false;
        try {
            prepareENC = prepareENC();
        } catch (NamingException e) {
            logger.error("Error during authenticate", e);
        }
        if (prepareENC == null) {
            logger.error("No security context for authenticate(String, String)");
            return false;
        }
        logger.debug("hasRole(" + principal + "," + str + ")");
        try {
            subjectSecurityManager = (SubjectSecurityManager) prepareENC.lookup("securityMgr");
        } catch (NullPointerException e2) {
            if (logger.isDebugEnabled()) {
                logger.debug(e2);
            }
            z = super.hasRole(principal, str);
        }
        if (!isSSODomain(subjectSecurityManager.getSecurityDomain())) {
            return super.hasRole(principal, str);
        }
        Subject activeSubject = subjectSecurityManager.getActiveSubject();
        logger.debug("Authenticated Subject: " + activeSubject);
        z = super.hasRole(CatalinaSSOUser.newInstance(this, activeSubject), str);
        return z;
    }

    public Principal authenticate(X509Certificate[] x509CertificateArr) {
        logger.debug("authenticate(X509Certificate[]), Begin");
        try {
            prepareENC();
            return super.authenticate(x509CertificateArr);
        } catch (NamingException e) {
            logger.error("Cannot create ENC Context");
            logger.debug("authenticate(), Emd");
            return null;
        }
    }

    protected Context prepareENC() throws NamingException {
        Context context;
        ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
        InitialContext initialContext = new InitialContext();
        boolean z = false;
        boolean z2 = false;
        try {
            Context context2 = (Context) initialContext.lookup("java:comp/env");
            z = true;
            if (((AuthenticationManager) ((Context) context2.lookup("security")).lookup("securityMgr")) instanceof JaasSecurityManager) {
                z2 = true;
            } else {
                Util.unbind(context2, "security");
            }
        } catch (NamingException e) {
        }
        if (z) {
            context = (Context) initialContext.lookup("java:comp/env");
        } else {
            Thread.currentThread();
            logger.debug("Creating ENC using ClassLoader: " + contextClassLoader);
            ClassLoader parent = contextClassLoader.getParent();
            while (true) {
                ClassLoader classLoader = parent;
                if (classLoader == null) {
                    break;
                }
                logger.debug(".." + classLoader);
                parent = classLoader.getParent();
            }
            context = ((Context) initialContext.lookup("java:comp")).createSubcontext("env");
        }
        if (!z2) {
            logger.debug("Linking security/securityMgr to JNDI name: java:/jaas/josso");
            Util.bind(context, "security/securityMgr", new LinkRef(JOSSO_SECURITY_DOMAIN));
            Util.bind(context, "security/realmMapping", new LinkRef(JOSSO_SECURITY_DOMAIN));
            Util.bind(context, "security/security-domain", new LinkRef(JOSSO_SECURITY_DOMAIN));
            Util.bind(context, "security/subject", new LinkRef("java:/jaas/josso/subject"));
        }
        logger.debug("JBossCatalinaRealm.prepareENC, End");
        return (Context) initialContext.lookup("java:comp/env/security");
    }

    private static CachePolicy lookupCachePolicy(String str) {
        CachePolicy cachePolicy = null;
        try {
            cachePolicy = (CachePolicy) new InitialContext().lookup(cacheJndiName + '/' + str);
        } catch (Exception e) {
            try {
                cachePolicy = (CachePolicy) new InitialContext().lookup(cacheJndiName);
            } catch (Exception e2) {
                logger.warn("Failed to locate auth CachePolicy at: " + cacheJndiName + " for securityDomain=" + str);
            }
        }
        return cachePolicy;
    }

    private static void setSecurityDomainCache(AuthenticationManager authenticationManager, CachePolicy cachePolicy) {
        try {
            Object[] objArr = {cachePolicy};
            authenticationManager.getClass().getMethod("setCachePolicy", CachePolicy.class).invoke(authenticationManager, objArr);
            logger.debug("setCachePolicy, c=" + objArr[0]);
        } catch (Exception e) {
            logger.debug("setCachePolicy failed", e);
        }
    }
}
