package org.modeshape.jboss.security;

import java.security.AccessController;
import java.util.Map;
import javax.jcr.Credentials;
import javax.jcr.SimpleCredentials;
import javax.security.auth.Subject;
import org.jboss.logging.Logger;
import org.jboss.security.AuthenticationManager;
import org.jboss.security.ISecurityManagement;
import org.modeshape.jboss.service.RepositoryService;
import org.modeshape.jcr.ExecutionContext;
import org.modeshape.jcr.api.JaasCredentials;
import org.modeshape.jcr.security.EnvironmentAuthenticationProvider;
import org.modeshape.jcr.security.JaasSecurityContext;
import org.modeshape.jcr.security.JaccSubjectResolver;
import org.modeshape.jcr.security.SecurityContext;
import org.modeshape.jcr.security.SimplePrincipal;

/* loaded from: input_file:org/modeshape/jboss/security/JBossDomainAuthenticationProvider.class */
public class JBossDomainAuthenticationProvider extends EnvironmentAuthenticationProvider {
    private static final Logger LOGGER;
    private AuthenticationManager authenticationManager;
    private JaccSubjectResolver jaccSubjectResolver;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/modeshape/jboss/security/JBossDomainAuthenticationProvider$JBossSecurityContext.class */
    public final class JBossSecurityContext implements SecurityContext {
        private final JaasSecurityContext jaasSecurityContext;
        static final /* synthetic */ boolean $assertionsDisabled;

        private JBossSecurityContext(JaasSecurityContext jaasSecurityContext) {
            if (!$assertionsDisabled && jaasSecurityContext == null) {
                throw new AssertionError();
            }
            this.jaasSecurityContext = jaasSecurityContext;
        }

        public boolean isAnonymous() {
            return this.jaasSecurityContext.isAnonymous();
        }

        public String getUserName() {
            return this.jaasSecurityContext.getUserName();
        }

        public boolean hasRole(String str) {
            return this.jaasSecurityContext.hasRole(str);
        }

        public void logout() {
            if (JBossDomainAuthenticationProvider.LOGGER.isDebugEnabled()) {
                JBossDomainAuthenticationProvider.LOGGER.debug("Logging out security context....");
            }
            JBossDomainAuthenticationProvider.this.authenticationManager.logout(SimplePrincipal.newInstance(this.jaasSecurityContext.getUserName()), (Subject) null);
            this.jaasSecurityContext.logout();
        }

        static {
            $assertionsDisabled = !JBossDomainAuthenticationProvider.class.desiredAssertionStatus();
        }
    }

    public void initialize() {
        this.authenticationManager = ((ISecurityManagement) m4environment().getSecurityManagementServiceInjector().getValue()).getAuthenticationManager(securityDomain());
        if (!$assertionsDisabled && this.authenticationManager == null) {
            throw new AssertionError();
        }
        this.jaccSubjectResolver = new JaccSubjectResolver();
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Initialized JBoss authentication provider using the container's authentication manager....");
        }
    }

    public ExecutionContext authenticate(Credentials credentials, String str, String str2, ExecutionContext executionContext, Map<String, Object> map) {
        if (credentials == null) {
            return getPreauthenticatedSubject(executionContext);
        }
        if (credentials instanceof SimpleCredentials) {
            return validateSimpleCredentials((SimpleCredentials) credentials, executionContext);
        }
        if (credentials instanceof JaasCredentials) {
            return getSubjectFromJaas((JaasCredentials) credentials, executionContext);
        }
        LOGGER.debugv("Unknown {0} implementation: {1}. Please user either {2} or {3}", new Object[]{Credentials.class.getName(), credentials.getClass().getName(), SimpleCredentials.class.getName(), JaasCredentials.class.getName()});
        return null;
    }

    private ExecutionContext getSubjectFromJaas(JaasCredentials jaasCredentials, ExecutionContext executionContext) {
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Looking for an active subject in the JaasCredentials instance...");
        }
        Subject subject = jaasCredentials.getLoginContext().getSubject();
        if (subject != null) {
            return executionContext.with(new JBossSecurityContext(new JaasSecurityContext(subject)));
        }
        LOGGER.warn("Cannot authenticate because the JassCredentials instance has a login context with a null subject...");
        return null;
    }

    private ExecutionContext validateSimpleCredentials(SimpleCredentials simpleCredentials, ExecutionContext executionContext) {
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debugv("Authenticating {0} in the {1} security domain using the JBoss Server security manager", simpleCredentials.getUserID(), securityDomain());
        }
        Subject subject = new Subject();
        if (this.authenticationManager.isValid(SimplePrincipal.newInstance(simpleCredentials.getUserID()), simpleCredentials.getPassword(), subject)) {
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("Authentication successful....");
            }
            return executionContext.with(new JBossSecurityContext(new JaasSecurityContext(subject)));
        }
        if (!LOGGER.isDebugEnabled()) {
            return null;
        }
        LOGGER.debugv("Credentials for {0} are not valid for the {1} security domain", simpleCredentials.getUserID(), securityDomain());
        return null;
    }

    private ExecutionContext getPreauthenticatedSubject(ExecutionContext executionContext) {
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Received null credentials, attempting to search for an active subject on the calling thread via JACC");
        }
        Subject subject = Subject.getSubject(AccessController.getContext());
        if (subject != null) {
            return executionContext.with(new JBossSecurityContext(new JaasSecurityContext(subject)));
        }
        Subject resolveSubject = this.jaccSubjectResolver.resolveSubject();
        if (resolveSubject != null) {
            return executionContext.with(new JBossSecurityContext(new JaasSecurityContext(resolveSubject)));
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* renamed from: environment, reason: merged with bridge method [inline-methods] */
    public RepositoryService m4environment() {
        return (RepositoryService) super.environment();
    }

    static {
        $assertionsDisabled = !JBossDomainAuthenticationProvider.class.desiredAssertionStatus();
        LOGGER = Logger.getLogger(JBossDomainAuthenticationProvider.class.getPackage().getName());
    }
}
