package org.switchyard.security.karaf.provider;

import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.security.Principal;
import java.util.Iterator;
import java.util.Set;
import javax.security.auth.Subject;
import org.apache.karaf.jaas.boot.ProxyLoginModule;
import org.apache.karaf.jaas.boot.principal.GroupPrincipal;
import org.switchyard.ServiceSecurity;
import org.switchyard.security.context.SecurityContext;
import org.switchyard.security.credential.PrincipalCredential;
import org.switchyard.security.provider.DefaultSecurityProvider;

/* loaded from: input_file:org/switchyard/security/karaf/provider/KarafSecurityProvider.class */
public class KarafSecurityProvider extends DefaultSecurityProvider {
    public void populate(ServiceSecurity serviceSecurity, SecurityContext securityContext) {
        Subject subject = securityContext.getSubject(serviceSecurity.getSecurityDomain());
        Iterator it = securityContext.getCredentials(PrincipalCredential.class).iterator();
        while (it.hasNext()) {
            Principal principal = ((PrincipalCredential) it.next()).getPrincipal();
            Method method = null;
            try {
                method = principal.getClass().getMethod("getSubject", (Class[]) null);
            } catch (NoSuchMethodException e) {
            } catch (SecurityException e2) {
                e2.printStackTrace();
            }
            if (method != null) {
                Subject subject2 = null;
                try {
                    subject2 = (Subject) method.invoke(principal, (Object[]) null);
                } catch (IllegalAccessException e3) {
                    e3.printStackTrace();
                } catch (IllegalArgumentException e4) {
                    e4.printStackTrace();
                } catch (InvocationTargetException e5) {
                    e5.printStackTrace();
                }
                if (subject2 != null) {
                    transfer(subject2, subject);
                }
            }
        }
    }

    public void clear(ServiceSecurity serviceSecurity, SecurityContext securityContext) {
        super.clear(serviceSecurity, securityContext);
    }

    public boolean checkRolesAllowed(ServiceSecurity serviceSecurity, SecurityContext securityContext) {
        Set rolesAllowed = serviceSecurity.getRolesAllowed();
        if (rolesAllowed.isEmpty()) {
            return true;
        }
        String securityDomain = serviceSecurity.getSecurityDomain();
        Iterator it = rolesAllowed.iterator();
        while (it.hasNext()) {
            if (isCallerInRole(securityContext, (String) it.next(), securityDomain)) {
                return true;
            }
        }
        return super.checkRolesAllowed(serviceSecurity, securityContext);
    }

    public boolean isCallerInRole(SecurityContext securityContext, String str, String str2) {
        Subject subject = securityContext.getSubject(str2, false);
        if (subject == null) {
            return false;
        }
        for (Principal principal : subject.getPrincipals()) {
            if ((principal instanceof GroupPrincipal) && principal.getName().equalsIgnoreCase(str)) {
                return true;
            }
        }
        return false;
    }

    static {
        new ProxyLoginModule();
    }
}
