package org.teiid.jboss;

import java.io.Serializable;
import java.security.Principal;
import java.util.Iterator;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginException;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSException;
import org.jboss.as.security.plugins.SecurityDomainContext;
import org.jboss.as.server.CurrentServiceContainer;
import org.jboss.msc.service.ServiceController;
import org.jboss.msc.service.ServiceName;
import org.jboss.security.AuthenticationManager;
import org.jboss.security.SecurityContext;
import org.jboss.security.SimplePrincipal;
import org.jboss.security.negotiation.Constants;
import org.jboss.security.negotiation.common.NegotiationContext;
import org.jboss.security.negotiation.spnego.KerberosMessage;
import org.teiid.jboss.IntegrationPlugin;
import org.teiid.logging.LogManager;
import org.teiid.security.Credentials;
import org.teiid.security.GSSResult;
import org.teiid.security.SecurityHelper;

/* loaded from: input_file:org/teiid/jboss/JBossSecurityHelper.class */
public class JBossSecurityHelper implements SecurityHelper, Serializable {
    private static final long serialVersionUID = 3598997061994110254L;
    public static final String AT = "@";

    /* renamed from: associateSecurityContext, reason: merged with bridge method [inline-methods] */
    public SecurityContext m10associateSecurityContext(Object obj) {
        SecurityContext securityContext = SecurityActions.getSecurityContext();
        if (obj != securityContext) {
            SecurityActions.setSecurityContext((SecurityContext) obj);
        }
        return securityContext;
    }

    public void clearSecurityContext() {
        SecurityActions.clearSecurityContext();
    }

    /* renamed from: getSecurityContext, reason: merged with bridge method [inline-methods] */
    public SecurityContext m9getSecurityContext() {
        return SecurityActions.getSecurityContext();
    }

    public SecurityContext createSecurityContext(String str, Principal principal, Object obj, Subject subject) {
        return SecurityActions.createSecurityContext(principal, obj, subject, str);
    }

    public Subject getSubjectInContext(String str) {
        SecurityContext securityContext = SecurityActions.getSecurityContext();
        if (securityContext == null || !securityContext.getSecurityDomain().equals(str)) {
            return null;
        }
        return securityContext.getSubjectInfo().getAuthenticatedSubject();
    }

    /* renamed from: authenticate, reason: merged with bridge method [inline-methods] */
    public SecurityContext m8authenticate(String str, String str2, Credentials credentials, String str3) throws LoginException {
        AuthenticationManager authenticationManager;
        SecurityDomainContext securityDomainContext = getSecurityDomainContext(str);
        if (securityDomainContext != null && (authenticationManager = securityDomainContext.getAuthenticationManager()) != null) {
            SimplePrincipal simplePrincipal = new SimplePrincipal(str2);
            Subject subject = new Subject();
            String str4 = credentials == null ? null : new String(credentials.getCredentialsAsCharArray());
            if (authenticationManager.isValid(simplePrincipal, str4, subject)) {
                SecurityContext createSecurityContext = createSecurityContext(str, simplePrincipal, str4, subject);
                LogManager.logDetail("org.teiid.SECURITY", new Object[]{"Logon successful for \"", str2, "\" in security domain", str});
                return createSecurityContext;
            }
        }
        throw new LoginException(IntegrationPlugin.Util.gs(IntegrationPlugin.Event.TEIID50072, new Object[]{str2, str}));
    }

    public GSSResult negotiateGssLogin(String str, byte[] bArr) throws LoginException {
        AuthenticationManager authenticationManager;
        SecurityDomainContext securityDomainContext = getSecurityDomainContext(str);
        if (securityDomainContext != null && (authenticationManager = securityDomainContext.getAuthenticationManager()) != null) {
            NegotiationContext negotiationContext = new NegotiationContext();
            negotiationContext.setRequestMessage(new KerberosMessage(Constants.KERBEROS_V5, bArr));
            try {
                negotiationContext.associate();
                SecurityContext createSecurityContext = createSecurityContext(str, new SimplePrincipal("temp"), null, new Subject());
                SecurityContext m10associateSecurityContext = m10associateSecurityContext((Object) createSecurityContext);
                Subject subject = new Subject();
                if (authenticationManager.isValid((Principal) null, (Object) null, subject)) {
                    Principal principal = null;
                    Iterator<Principal> it = subject.getPrincipals().iterator();
                    if (it.hasNext()) {
                        principal = it.next();
                    }
                    SecurityContext createSecurityContext2 = createSecurityContext(str, principal, null, subject);
                    LogManager.logDetail("org.teiid.SECURITY", new Object[]{"Logon successful though GSS API"});
                    GSSResult buildGSSResult = buildGSSResult(negotiationContext, str);
                    buildGSSResult.setSecurityContext(createSecurityContext2);
                    buildGSSResult.setUserName(principal.getName());
                    m10associateSecurityContext((Object) m10associateSecurityContext);
                    negotiationContext.clear();
                    return buildGSSResult;
                }
                LoginException loginException = (LoginException) createSecurityContext.getData().get("org.jboss.security.exception");
                if (loginException != null) {
                    if (!loginException.getMessage().equals("Continuation Required.")) {
                        throw loginException;
                    }
                    GSSResult buildGSSResult2 = buildGSSResult(negotiationContext, str);
                    m10associateSecurityContext((Object) m10associateSecurityContext);
                    negotiationContext.clear();
                    return buildGSSResult2;
                }
                m10associateSecurityContext((Object) m10associateSecurityContext);
                negotiationContext.clear();
            } catch (Throwable th) {
                m10associateSecurityContext((Object) null);
                negotiationContext.clear();
                throw th;
            }
        }
        throw new LoginException(IntegrationPlugin.Util.gs(IntegrationPlugin.Event.TEIID50072, new Object[]{"GSS Auth", str}));
    }

    private GSSResult buildGSSResult(NegotiationContext negotiationContext, String str) throws LoginException {
        if (!(negotiationContext.getResponseMessage() instanceof KerberosMessage)) {
            throw new LoginException(IntegrationPlugin.Util.gs(IntegrationPlugin.Event.TEIID50103, new Object[]{str}));
        }
        try {
            KerberosMessage responseMessage = negotiationContext.getResponseMessage();
            GSSContext gSSContext = (GSSContext) negotiationContext.getSchemeContext();
            return new GSSResult(responseMessage.getToken(), negotiationContext.isAuthenticated(), gSSContext.getCredDelegState() ? gSSContext.getDelegCred() : null);
        } catch (GSSException e) {
            throw new LoginException(e.getMessage());
        }
    }

    protected SecurityDomainContext getSecurityDomainContext(String str) {
        ServiceController service;
        if (str == null || str.isEmpty() || (service = CurrentServiceContainer.getServiceContainer().getService(ServiceName.JBOSS.append(new String[]{"security", "security-domain", str}))) == null) {
            return null;
        }
        return (SecurityDomainContext) service.getService().getValue();
    }
}
