package org.jboss.internal.soa.esb.services.security;

import java.security.Principal;
import java.security.acl.Group;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.jboss.internal.soa.esb.assertion.AssertArgument;
import org.jboss.soa.esb.ConfigurationException;
import org.jboss.soa.esb.common.Configuration;
import org.jboss.soa.esb.services.security.SecurityConfig;
import org.jboss.soa.esb.services.security.SecurityContext;
import org.jboss.soa.esb.services.security.SecurityService;
import org.jboss.soa.esb.services.security.SecurityServiceException;
import org.jboss.soa.esb.services.security.auth.AuthenticationRequest;
import org.jboss.soa.esb.services.security.principals.Role;
import org.jboss.soa.esb.util.ClassUtil;

/* loaded from: input_file:org/jboss/internal/soa/esb/services/security/JaasSecurityService.class */
public final class JaasSecurityService implements SecurityService {
    private String callbackHandlerClassName;

    @Override // org.jboss.soa.esb.services.security.SecurityService
    public void authenticate(SecurityConfig securityConfig, SecurityContext securityContext, AuthenticationRequest authenticationRequest) throws SecurityServiceException {
        AssertArgument.isNotNull(securityConfig, "config");
        try {
            EsbCallbackHandler createCallbackHandler = createCallbackHandler(securityConfig, authenticationRequest);
            (createCallbackHandler != null ? new LoginContext(securityConfig.getModuleName(), securityContext.getSubject(), createCallbackHandler) : new LoginContext(securityConfig.getModuleName(), securityContext.getSubject())).login();
            addRunAs(securityConfig.getRunAs(), securityContext.getSubject());
        } catch (LoginException e) {
            throw new SecurityServiceException("Exception while trying to login:", e);
        }
    }

    @Override // org.jboss.soa.esb.services.security.SecurityService
    public boolean checkRolesAllowed(List<String> list, SecurityContext securityContext) {
        if (list.isEmpty()) {
            return true;
        }
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            if (securityContext.isCallerInRole(it.next())) {
                return true;
            }
        }
        return false;
    }

    @Override // org.jboss.soa.esb.services.security.SecurityService
    public boolean isCallerInRole(Subject subject, Principal principal) {
        Iterator it = subject.getPrincipals(Group.class).iterator();
        while (it.hasNext()) {
            if (((Group) it.next()).isMember(principal)) {
                return true;
            }
        }
        return false;
    }

    @Override // org.jboss.soa.esb.services.security.SecurityService
    public void configure() throws ConfigurationException {
        this.callbackHandlerClassName = Configuration.getSecurityServiceCallbackHandlerImplClass();
    }

    @Override // org.jboss.soa.esb.services.security.SecurityService
    public void logout(SecurityConfig securityConfig) {
    }

    @Override // org.jboss.soa.esb.services.security.SecurityService
    public void refreshSecurityConfig() {
    }

    private EsbCallbackHandler createCallbackHandler(SecurityConfig securityConfig, AuthenticationRequest authenticationRequest) throws SecurityServiceException {
        EsbCallbackHandler esbCallbackHandler = null;
        String callbackHandler = securityConfig.getCallbackHandler();
        if (callbackHandler == null) {
            callbackHandler = this.callbackHandlerClassName;
        }
        if (callbackHandler != null) {
            esbCallbackHandler = createNewInstance(callbackHandler);
            esbCallbackHandler.setAuthenticationRequest(authenticationRequest);
            esbCallbackHandler.setSecurityConfig(securityConfig);
        }
        return esbCallbackHandler;
    }

    private void addRunAs(String str, Subject subject) {
        if (str != null) {
            Role role = new Role(str);
            Set<org.jboss.soa.esb.services.security.principals.Group> principals = subject.getPrincipals(org.jboss.soa.esb.services.security.principals.Group.class);
            if (principals.isEmpty()) {
                org.jboss.soa.esb.services.security.principals.Group group = new org.jboss.soa.esb.services.security.principals.Group(org.jboss.soa.esb.services.security.principals.Group.ROLES_GROUP_NAME);
                group.addMember(role);
                subject.getPrincipals().add(group);
            } else {
                for (org.jboss.soa.esb.services.security.principals.Group group2 : principals) {
                    if (org.jboss.soa.esb.services.security.principals.Group.ROLES_GROUP_NAME.equals(group2.getName())) {
                        group2.addMember(role);
                    }
                }
            }
        }
    }

    private <T extends EsbCallbackHandler> T createNewInstance(String str) throws SecurityServiceException {
        try {
            return (T) ClassUtil.forName(str, getClass()).newInstance();
        } catch (ClassNotFoundException e) {
            throw new SecurityServiceException("ClassNotFoundException while trying to create an impl of [" + str + "]", e);
        } catch (IllegalAccessException e2) {
            throw new SecurityServiceException("IllegalAccess while trying to create an impl of [" + str + "]", e2);
        } catch (InstantiationException e3) {
            throw new SecurityServiceException("InstantiationException while trying to create an impl of [" + str + "]", e3);
        }
    }
}
