package org.switchyard.security.jboss.provider;

import java.security.Principal;
import java.util.HashMap;
import java.util.Iterator;
import javax.security.auth.Subject;
import org.jboss.security.SecurityContextAssociation;
import org.jboss.security.identity.Role;
import org.jboss.security.identity.RoleGroup;
import org.jboss.security.mapping.MappingResult;
import org.picketlink.identity.federation.bindings.jboss.auth.mapping.STSGroupMappingProvider;
import org.picketlink.identity.federation.bindings.jboss.auth.mapping.STSPrincipalMappingProvider;
import org.switchyard.ServiceSecurity;
import org.switchyard.security.context.SecurityContext;
import org.switchyard.security.credential.AssertionCredential;
import org.switchyard.security.jboss.JBossSecurityLogger;
import org.switchyard.security.principal.GroupPrincipal;
import org.switchyard.security.principal.RolePrincipal;
import org.switchyard.security.principal.UserPrincipal;
import org.switchyard.security.provider.JaasSecurityProvider;
import org.w3c.dom.Element;

/* loaded from: input_file:WEB-INF/lib/switchyard-security-jboss-2.0.0.Alpha1.jar:org/switchyard/security/jboss/provider/JBossJaasSecurityProvider.class */
public class JBossJaasSecurityProvider extends JaasSecurityProvider {
    @Override // org.switchyard.security.provider.JaasSecurityProvider, org.switchyard.security.provider.SecurityProvider
    public boolean propagate(ServiceSecurity serviceSecurity, SecurityContext securityContext) {
        String securityDomain = serviceSecurity.getSecurityDomain();
        Subject subject = securityContext.getSubject(securityDomain);
        org.jboss.security.SecurityContext securityContext2 = SecurityContextAssociation.getSecurityContext();
        if (securityContext2 == null) {
            Iterator it = securityContext.getCredentials(AssertionCredential.class).iterator();
            while (it.hasNext()) {
                Element assertion = ((AssertionCredential) it.next()).getAssertion();
                if (assertion != null) {
                    Subject subject2 = new Subject();
                    boolean z = false;
                    HashMap hashMap = new HashMap();
                    hashMap.put("org.picketlink.identity.federation.core.wstrust.lm.stsToken", assertion);
                    STSPrincipalMappingProvider sTSPrincipalMappingProvider = new STSPrincipalMappingProvider();
                    sTSPrincipalMappingProvider.init(hashMap);
                    MappingResult mappingResult = new MappingResult();
                    sTSPrincipalMappingProvider.setMappingResult(mappingResult);
                    sTSPrincipalMappingProvider.performMapping(hashMap, (Principal) null);
                    Principal principal = (Principal) mappingResult.getMappedObject();
                    if (principal != null) {
                        subject2.getPrincipals().add(new UserPrincipal(principal.getName()));
                        z = true;
                    }
                    STSGroupMappingProvider sTSGroupMappingProvider = new STSGroupMappingProvider();
                    sTSGroupMappingProvider.init(hashMap);
                    MappingResult mappingResult2 = new MappingResult();
                    sTSGroupMappingProvider.setMappingResult(mappingResult2);
                    sTSGroupMappingProvider.performMapping(hashMap, (RoleGroup) null);
                    RoleGroup roleGroup = (RoleGroup) mappingResult2.getMappedObject();
                    if (roleGroup != null) {
                        GroupPrincipal groupPrincipal = null;
                        for (Role role : roleGroup.getRoles()) {
                            if (groupPrincipal == null) {
                                groupPrincipal = new GroupPrincipal(GroupPrincipal.ROLES);
                            }
                            groupPrincipal.addMember(new RolePrincipal(role.getRoleName()));
                        }
                        if (groupPrincipal != null) {
                            subject2.getPrincipals().add(groupPrincipal);
                            z = true;
                        }
                    }
                    if (z) {
                        transfer(subject2, subject);
                        return true;
                    }
                }
            }
        } else if (securityDomain.equals(securityContext2.getSecurityDomain())) {
            transfer(securityContext2.getUtil().getSubject(), subject);
            return true;
        }
        return super.propagate(serviceSecurity, securityContext);
    }

    @Override // org.switchyard.security.provider.JaasSecurityProvider, org.switchyard.security.provider.SecurityProvider
    public boolean clear(ServiceSecurity serviceSecurity, SecurityContext securityContext) {
        boolean clear = super.clear(serviceSecurity, securityContext);
        try {
            org.jboss.security.SecurityContext securityContext2 = SecurityContextAssociation.getSecurityContext();
            if (securityContext2 != null && serviceSecurity.getSecurityDomain().equals(securityContext2.getSecurityDomain())) {
                SecurityContextAssociation.clearSecurityContext();
            }
        } catch (Throwable th) {
            JBossSecurityLogger.ROOT_LOGGER.clearSecurityContextAssociation(th);
            clear = false;
        }
        return clear;
    }

    static {
        SecurityContextAssociation.getSecurityContext();
    }
}
