package org.kie.integration.tomcat;

import java.io.IOException;
import java.security.Principal;
import java.security.acl.Group;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import javax.security.auth.Subject;
import javax.security.jacc.PolicyContext;
import javax.security.jacc.PolicyContextException;
import javax.security.jacc.PolicyContextHandler;
import javax.servlet.ServletException;
import javax.servlet.ServletRequestEvent;
import javax.servlet.ServletRequestListener;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.realm.GenericPrincipal;
import org.apache.catalina.users.AbstractRole;
import org.apache.catalina.users.AbstractUser;
import org.apache.catalina.valves.ValveBase;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/kie/integration/tomcat/JACCValve.class */
public class JACCValve extends ValveBase {
    private static final Logger logger = LoggerFactory.getLogger(JACCValve.class);
    private static ThreadLocal<Request> currentRequest = new ThreadLocal<>();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/kie/integration/tomcat/JACCValve$WrappedServletRequestListener.class */
    public static class WrappedServletRequestListener implements ServletRequestListener {
        private ServletRequestListener delegate;

        WrappedServletRequestListener(ServletRequestListener servletRequestListener) {
            this.delegate = servletRequestListener;
        }

        public void requestDestroyed(ServletRequestEvent servletRequestEvent) {
            try {
                this.delegate.requestDestroyed(servletRequestEvent);
            } catch (Exception e) {
                JACCValve.logger.debug("Exception at request destroy {}", e.getMessage(), e);
            }
        }

        public void requestInitialized(ServletRequestEvent servletRequestEvent) {
            try {
                this.delegate.requestInitialized(servletRequestEvent);
            } catch (Exception e) {
                JACCValve.logger.debug("Exception at request initialization {}", e.getMessage(), e);
            }
        }
    }

    public JACCValve() {
        try {
            PolicyContext.registerHandler("javax.security.auth.Subject.container", new PolicyContextHandler() { // from class: org.kie.integration.tomcat.JACCValve.1
                public boolean supports(String str) throws PolicyContextException {
                    return "javax.security.auth.Subject.container".equals(str);
                }

                public String[] getKeys() throws PolicyContextException {
                    return new String[]{"javax.security.auth.Subject.container"};
                }

                public Object getContext(String str, Object obj) throws PolicyContextException {
                    Request request = (Request) JACCValve.currentRequest.get();
                    if (request == null || request.getPrincipal() == null) {
                        return null;
                    }
                    HashSet hashSet = new HashSet();
                    hashSet.add(request.getPrincipal());
                    hashSet.add(JACCValve.this.getGroup(request.getPrincipal()));
                    return new Subject(false, hashSet, Collections.EMPTY_SET, Collections.EMPTY_SET);
                }
            }, false);
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    public void invoke(Request request, Response response) throws IOException, ServletException {
        currentRequest.set(request);
        wrapListeners(request);
        try {
            getNext().invoke(request, response);
            currentRequest.set(null);
        } catch (Throwable th) {
            currentRequest.set(null);
            throw th;
        }
    }

    protected Group getGroup(Principal principal) {
        Group group = new Group() { // from class: org.kie.integration.tomcat.JACCValve.2
            private List<Principal> members = new ArrayList();

            @Override // java.security.Principal
            public String getName() {
                return "Roles";
            }

            @Override // java.security.acl.Group
            public boolean removeMember(Principal principal2) {
                return this.members.remove(principal2);
            }

            @Override // java.security.acl.Group
            public Enumeration<? extends Principal> members() {
                return Collections.enumeration(this.members);
            }

            @Override // java.security.acl.Group
            public boolean isMember(Principal principal2) {
                return this.members.contains(principal2);
            }

            @Override // java.security.acl.Group
            public boolean addMember(Principal principal2) {
                return this.members.add(principal2);
            }
        };
        if (principal instanceof AbstractUser) {
            Iterator roles = ((AbstractUser) principal).getRoles();
            while (roles.hasNext()) {
                group.addMember((AbstractRole) roles.next());
            }
        } else if (principal instanceof GenericPrincipal) {
            for (final String str : ((GenericPrincipal) principal).getRoles()) {
                group.addMember(new Principal() { // from class: org.kie.integration.tomcat.JACCValve.3
                    @Override // java.security.Principal
                    public String getName() {
                        return str;
                    }
                });
            }
        }
        return group;
    }

    protected void wrapListeners(Request request) {
        Object[] applicationEventListeners = request.getContext().getApplicationEventListeners();
        for (int i = 0; i < applicationEventListeners.length; i++) {
            if ((applicationEventListeners[i] instanceof ServletRequestListener) && !(applicationEventListeners[i] instanceof WrappedServletRequestListener)) {
                applicationEventListeners[i] = new WrappedServletRequestListener((ServletRequestListener) applicationEventListeners[i]);
            }
        }
    }
}
