package org.jboss.as.security.service;

import java.security.AccessController;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.security.acl.Group;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.security.auth.Subject;
import org.jboss.security.RunAs;
import org.jboss.security.RunAsIdentity;
import org.jboss.security.SecurityContext;
import org.jboss.security.SecurityContextAssociation;
import org.jboss.security.SecurityContextFactory;
import org.jboss.security.SecurityContextUtil;
import org.jboss.security.SubjectInfo;
import org.jboss.security.callbacks.SecurityContextCallbackHandler;
import org.jboss.security.identity.Identity;
import org.jboss.security.identity.Role;
import org.jboss.security.identity.plugins.SimpleIdentity;

/* loaded from: input_file:org/jboss/as/security/service/SimpleSecurityManager.class */
public class SimpleSecurityManager {
    private ThreadLocalStack<SecurityContext> contexts = new ThreadLocalStack<>();

    private static PrivilegedAction<SecurityContext> securityContext() {
        return new PrivilegedAction<SecurityContext>() { // from class: org.jboss.as.security.service.SimpleSecurityManager.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public SecurityContext run() {
                return SecurityContextAssociation.getSecurityContext();
            }
        };
    }

    private static SecurityContext establishSecurityContext(String str) {
        try {
            SecurityContext createSecurityContext = SecurityContextFactory.createSecurityContext(str);
            SecurityContextAssociation.setSecurityContext(createSecurityContext);
            return createSecurityContext;
        } catch (Exception e) {
            throw new SecurityException(e);
        }
    }

    public Principal getCallerPrincipal() {
        SecurityContext securityContext = (SecurityContext) AccessController.doPrivileged(securityContext());
        if (securityContext == null) {
            throw new IllegalStateException("No security context established");
        }
        Principal incomingRunAs = securityContext.getIncomingRunAs();
        if (incomingRunAs == null) {
            incomingRunAs = getPrincipal(securityContext.getSubjectInfo().getAuthenticatedSubject());
        }
        if (incomingRunAs == null) {
            throw new IllegalStateException("No principal available");
        }
        return incomingRunAs;
    }

    private Principal getPrincipal(Subject subject) {
        Set<Principal> principals;
        Principal principal = null;
        Principal principal2 = null;
        if (subject != null && (principals = subject.getPrincipals()) != null && !principals.isEmpty()) {
            for (Principal principal3 : principals) {
                if (!(principal3 instanceof Group) && principal == null) {
                    principal = principal3;
                }
                if (principal3 instanceof Group) {
                    Group group = (Group) Group.class.cast(principal3);
                    if (group.getName().equals("CallerPrincipal") && principal2 == null) {
                        Enumeration<? extends Principal> members = group.members();
                        if (members.hasMoreElements()) {
                            principal2 = members.nextElement();
                        }
                    }
                }
            }
        }
        return principal2 == null ? principal : principal2;
    }

    public boolean isCallerInRole(String... strArr) {
        SecurityContext securityContext = (SecurityContext) AccessController.doPrivileged(securityContext());
        if (securityContext == null) {
            throw new IllegalStateException("No security context established");
        }
        RunAsIdentity incomingRunAs = securityContext.getIncomingRunAs();
        List roles = ((incomingRunAs == null || !(incomingRunAs instanceof RunAsIdentity)) ? securityContext.getAuthorizationManager().getSubjectRoles(securityContext.getSubjectInfo().getAuthenticatedSubject(), new SecurityContextCallbackHandler(securityContext)) : incomingRunAs.getRunAsRolesAsRoleGroup()).getRoles();
        HashSet hashSet = new HashSet();
        for (String str : strArr) {
            hashSet.add(str);
        }
        HashSet hashSet2 = new HashSet();
        Iterator it = roles.iterator();
        while (it.hasNext()) {
            hashSet2.add(((Role) it.next()).getRoleName());
        }
        return !Collections.disjoint(hashSet, hashSet2);
    }

    public void push(String str, String str2, String str3) {
        SecurityContext securityContext = SecurityContextAssociation.getSecurityContext();
        this.contexts.push(securityContext);
        SecurityContext establishSecurityContext = establishSecurityContext(str);
        if (securityContext != null) {
            establishSecurityContext.setSubjectInfo(securityContext.getSubjectInfo());
            establishSecurityContext.setIncomingRunAs(securityContext.getOutgoingRunAs());
        }
        RunAs incomingRunAs = establishSecurityContext.getIncomingRunAs();
        if (!(incomingRunAs != null && (incomingRunAs instanceof RunAsIdentity)) && !authenticate(establishSecurityContext)) {
            throw new SecurityException("Invalid User");
        }
        if (str2 != null) {
            establishSecurityContext.setOutgoingRunAs(new RunAsIdentity(str2, str3));
        } else {
            if (securityContext == null || securityContext.getOutgoingRunAs() == null) {
                return;
            }
            establishSecurityContext.setOutgoingRunAs(securityContext.getOutgoingRunAs());
        }
    }

    private boolean authenticate(SecurityContext securityContext) {
        SecurityContextUtil util = securityContext.getUtil();
        SubjectInfo subjectInfo = securityContext.getSubjectInfo();
        Subject subject = new Subject();
        Principal userPrincipal = util.getUserPrincipal();
        Object credential = util.getCredential();
        boolean z = false;
        if (userPrincipal == null) {
            Identity unauthenticatedIdentity = getUnauthenticatedIdentity();
            subjectInfo.addIdentity(unauthenticatedIdentity);
            subject.getPrincipals().add(unauthenticatedIdentity.asPrincipal());
            z = true;
        }
        if (!z) {
            z = securityContext.getAuthenticationManager().isValid(userPrincipal, credential, subject);
        }
        if (z) {
            subjectInfo.setAuthenticatedSubject(subject);
        }
        return z;
    }

    private Identity getUnauthenticatedIdentity() {
        return new SimpleIdentity("anonymous");
    }

    public void pop() {
        SecurityContextAssociation.setSecurityContext(this.contexts.pop());
    }
}
