package org.teiid.jboss;

import java.security.Principal;
import java.util.Iterator;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginException;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSException;
import org.jboss.as.security.plugins.SecurityDomainContext;
import org.jboss.as.server.CurrentServiceContainer;
import org.jboss.msc.service.ServiceController;
import org.jboss.msc.service.ServiceName;
import org.jboss.security.AuthenticationManager;
import org.jboss.security.SecurityContext;
import org.jboss.security.SimplePrincipal;
import org.jboss.security.negotiation.Constants;
import org.jboss.security.negotiation.common.NegotiationContext;
import org.jboss.security.negotiation.spnego.KerberosMessage;
import org.teiid.dqp.service.GSSResult;
import org.teiid.jboss.IntegrationPlugin;
import org.teiid.logging.LogManager;
import org.teiid.security.Credentials;
import org.teiid.services.SessionServiceImpl;
import org.teiid.services.TeiidLoginContext;

/* loaded from: input_file:org/teiid/jboss/JBossSessionService.class */
public class JBossSessionService extends SessionServiceImpl {
    protected TeiidLoginContext authenticate(String str, Credentials credentials, String str2, String str3) throws LoginException {
        AuthenticationManager authenticationManager;
        String baseUsername = getBaseUsername(str);
        SecurityDomainContext securityDomain = getSecurityDomain(str3);
        if (securityDomain != null && (authenticationManager = securityDomain.getAuthenticationManager()) != null) {
            SimplePrincipal simplePrincipal = new SimplePrincipal(str);
            Subject subject = new Subject();
            String str4 = credentials == null ? null : new String(credentials.getCredentialsAsCharArray());
            if (authenticationManager.isValid(simplePrincipal, str4, subject)) {
                String str5 = baseUsername + "@" + str3;
                Object createSecurityContext = this.securityHelper.createSecurityContext(str3, simplePrincipal, str4, subject);
                LogManager.logDetail("org.teiid.SECURITY", new Object[]{"Logon successful for \"", str, "\""});
                return new TeiidLoginContext(str5, subject, str3, createSecurityContext);
            }
        }
        throw new LoginException(IntegrationPlugin.Util.gs(IntegrationPlugin.Event.TEIID50072, new Object[]{str}));
    }

    public GSSResult neogitiateGssLogin(String str, byte[] bArr) throws LoginException {
        AuthenticationManager authenticationManager;
        SecurityDomainContext securityDomain = getSecurityDomain(str);
        if (securityDomain != null && (authenticationManager = securityDomain.getAuthenticationManager()) != null) {
            NegotiationContext negotiationContext = new NegotiationContext();
            negotiationContext.setRequestMessage(new KerberosMessage(Constants.KERBEROS_V5, bArr));
            try {
                negotiationContext.associate();
                SecurityContext securityContext = (SecurityContext) this.securityHelper.createSecurityContext(str, new SimplePrincipal("temp"), (Object) null, new Subject());
                Object associateSecurityContext = this.securityHelper.associateSecurityContext(securityContext);
                Subject subject = new Subject();
                if (authenticationManager.isValid((Principal) null, (Object) null, subject)) {
                    Principal principal = null;
                    Iterator<Principal> it = subject.getPrincipals().iterator();
                    if (it.hasNext()) {
                        principal = it.next();
                    }
                    Object createSecurityContext = this.securityHelper.createSecurityContext(str, principal, (Object) null, subject);
                    LogManager.logDetail("org.teiid.SECURITY", new Object[]{"Logon successful though GSS API"});
                    GSSResult buildGSSResult = buildGSSResult(negotiationContext, str);
                    buildGSSResult.setSecurityContext(createSecurityContext);
                    buildGSSResult.setUserName(principal.getName());
                    this.securityHelper.associateSecurityContext(associateSecurityContext);
                    negotiationContext.clear();
                    return buildGSSResult;
                }
                LoginException loginException = (LoginException) securityContext.getData().get("org.jboss.security.exception");
                if (loginException != null) {
                    if (!loginException.getMessage().equals("Continuation Required.")) {
                        throw loginException;
                    }
                    GSSResult buildGSSResult2 = buildGSSResult(negotiationContext, str);
                    this.securityHelper.associateSecurityContext(associateSecurityContext);
                    negotiationContext.clear();
                    return buildGSSResult2;
                }
                this.securityHelper.associateSecurityContext(associateSecurityContext);
                negotiationContext.clear();
            } catch (Throwable th) {
                this.securityHelper.associateSecurityContext((Object) null);
                negotiationContext.clear();
                throw th;
            }
        }
        throw new LoginException(IntegrationPlugin.Util.gs(IntegrationPlugin.Event.TEIID50072, new Object[]{"GSS Auth"}));
    }

    private GSSResult buildGSSResult(NegotiationContext negotiationContext, String str) throws LoginException {
        if (!(negotiationContext.getResponseMessage() instanceof KerberosMessage)) {
            throw new LoginException(IntegrationPlugin.Util.gs(IntegrationPlugin.Event.TEIID50103, new Object[]{str}));
        }
        try {
            KerberosMessage responseMessage = negotiationContext.getResponseMessage();
            GSSContext gSSContext = (GSSContext) negotiationContext.getSchemeContext();
            return new GSSResult(responseMessage.getToken(), negotiationContext.isAuthenticated(), gSSContext.getCredDelegState() ? gSSContext.getDelegCred() : null);
        } catch (GSSException e) {
            throw new LoginException(e.getMessage());
        }
    }

    public SecurityDomainContext getSecurityDomain(String str) {
        ServiceController service;
        if (str == null || str.isEmpty() || (service = CurrentServiceContainer.getServiceContainer().getService(ServiceName.JBOSS.append(new String[]{"security", "security-domain", str}))) == null) {
            return null;
        }
        return (SecurityDomainContext) service.getService().getValue();
    }
}
