package org.jboss.as.web.security;

import java.security.Principal;
import java.security.acl.Group;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import org.apache.catalina.realm.GenericPrincipal;
import org.apache.catalina.realm.RealmBase;
import org.jboss.logging.Logger;
import org.jboss.security.AuthenticationManager;
import org.jboss.security.AuthorizationManager;
import org.jboss.security.CacheableManager;
import org.jboss.security.CertificatePrincipal;
import org.jboss.security.SecurityContext;
import org.jboss.security.SecurityRolesAssociation;
import org.jboss.security.SimplePrincipal;
import org.jboss.security.auth.certs.SubjectDNMapping;
import org.jboss.security.callbacks.SecurityContextCallbackHandler;
import org.jboss.security.identity.Role;
import org.jboss.security.mapping.MappingContext;
import org.jboss.security.mapping.MappingManager;
import org.jboss.security.mapping.MappingType;

/* loaded from: input_file:org/jboss/as/web/security/JBossWebRealm.class */
public class JBossWebRealm extends RealmBase {
    private static Logger log = Logger.getLogger(JBossWebRealm.class);
    protected static final String name = "JBossWebRealm";
    protected AuthenticationManager authenticationManager = null;
    protected AuthorizationManager authorizationManager = null;
    protected MappingManager mappingManager = null;
    protected CertificatePrincipal certMapping = new SubjectDNMapping();
    protected Map<String, Set<String>> principalVersusRolesMap;

    public void setAuthenticationManager(AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
    }

    public void setAuthorizationManager(AuthorizationManager authorizationManager) {
        this.authorizationManager = authorizationManager;
    }

    public void setMappingManager(MappingManager mappingManager) {
        this.mappingManager = mappingManager;
    }

    public Principal authenticate(String str, String str2) {
        MappingContext mappingContext;
        if (str == null && str2 == null) {
            return null;
        }
        if (this.authenticationManager == null) {
            throw new IllegalStateException("Authentication Manager has not been set");
        }
        if (this.authorizationManager == null) {
            throw new IllegalStateException("Authorization Manager has not been set");
        }
        Principal principal = getPrincipal(str);
        Subject subject = new Subject();
        if (!this.authenticationManager.isValid(principal, str2, subject)) {
            return super.authenticate(str, str2);
        }
        if (log.isTraceEnabled()) {
            log.trace("User: " + principal + " is authenticated");
        }
        SecurityContext createSecurityContext = SecurityActions.createSecurityContext(this.authenticationManager.getSecurityDomain());
        Principal principal2 = getPrincipal(subject);
        createSecurityContext.getUtil().createSubjectInfo(principal2, str2, subject);
        SecurityActions.setSecurityContextOnAssociation(createSecurityContext);
        SecurityContextCallbackHandler securityContextCallbackHandler = new SecurityContextCallbackHandler(createSecurityContext);
        if (this.mappingManager != null && (mappingContext = this.mappingManager.getMappingContext(MappingType.ROLE.name())) != null && mappingContext.hasModules()) {
            SecurityRolesAssociation.setSecurityRoles(this.principalVersusRolesMap);
        }
        List roles = this.authorizationManager.getSubjectRoles(subject, securityContextCallbackHandler).getRoles();
        List<String> arrayList = new ArrayList();
        Iterator it = roles.iterator();
        while (it.hasNext()) {
            arrayList.add(((Role) it.next()).getRoleName());
        }
        if (this.mappingManager != null) {
            MappingContext mappingContext2 = this.mappingManager.getMappingContext(MappingType.ROLE.name());
            if (mappingContext2 == null || !mappingContext2.hasModules()) {
                arrayList = mapUserRoles(arrayList);
            }
        } else {
            arrayList = mapUserRoles(arrayList);
        }
        return this.authenticationManager instanceof CacheableManager ? new JBossGenericPrincipal(this, principal2.getName(), null, arrayList, principal2, null, str2, this.authenticationManager, subject) : new JBossGenericPrincipal(this, principal2.getName(), null, arrayList, principal2, null, str2, null, subject);
    }

    public Principal authenticate(X509Certificate[] x509CertificateArr) {
        MappingContext mappingContext;
        if (x509CertificateArr == null || x509CertificateArr.length < 1) {
            return null;
        }
        if (this.authenticationManager == null) {
            throw new IllegalStateException("Authentication Manager has not been set");
        }
        if (this.authorizationManager == null) {
            throw new IllegalStateException("Authorization Manager has not been set");
        }
        GenericPrincipal genericPrincipal = null;
        try {
            Principal principal = this.certMapping.toPrincipal(x509CertificateArr);
            Subject subject = new Subject();
            if (this.authenticationManager.isValid(principal, x509CertificateArr, subject)) {
                if (log.isTraceEnabled()) {
                    log.trace("User: " + principal + " is authenticated");
                }
                SecurityContext createSecurityContext = SecurityActions.createSecurityContext(this.authenticationManager.getSecurityDomain());
                Principal principal2 = getPrincipal(subject);
                createSecurityContext.getUtil().createSubjectInfo(principal2, x509CertificateArr, subject);
                SecurityActions.setSecurityContextOnAssociation(createSecurityContext);
                SecurityContextCallbackHandler securityContextCallbackHandler = new SecurityContextCallbackHandler(createSecurityContext);
                if (this.mappingManager != null && (mappingContext = this.mappingManager.getMappingContext(MappingType.ROLE.name())) != null && mappingContext.hasModules()) {
                    SecurityRolesAssociation.setSecurityRoles(this.principalVersusRolesMap);
                }
                List roles = this.authorizationManager.getSubjectRoles(subject, securityContextCallbackHandler).getRoles();
                List<String> arrayList = new ArrayList();
                Iterator it = roles.iterator();
                while (it.hasNext()) {
                    arrayList.add(((Role) it.next()).getRoleName());
                }
                if (this.mappingManager != null) {
                    MappingContext mappingContext2 = this.mappingManager.getMappingContext(MappingType.ROLE.name());
                    if (mappingContext2 == null || !mappingContext2.hasModules()) {
                        arrayList = mapUserRoles(arrayList);
                    }
                } else {
                    arrayList = mapUserRoles(arrayList);
                }
                genericPrincipal = this.authenticationManager instanceof CacheableManager ? new JBossGenericPrincipal(this, principal2.getName(), null, arrayList, principal2, null, x509CertificateArr, this.authenticationManager, subject) : new JBossGenericPrincipal(this, principal2.getName(), null, arrayList, principal2, null, x509CertificateArr, null, subject);
            } else {
                if (log.isTraceEnabled()) {
                    log.trace("User: " + principal + " is NOT authenticated");
                }
                genericPrincipal = null;
            }
        } catch (Exception e) {
            log.error("Error during authenticate(X509Certificate[])");
        }
        return genericPrincipal;
    }

    protected String getName() {
        return name;
    }

    protected String getPassword(String str) {
        return null;
    }

    protected Principal getPrincipal(String str) {
        return new SimplePrincipal(str);
    }

    public Map<String, Set<String>> getPrincipalVersusRolesMap() {
        return this.principalVersusRolesMap;
    }

    public void setPrincipalVersusRolesMap(Map<String, Set<String>> map) {
        this.principalVersusRolesMap = map;
    }

    protected List<String> mapUserRoles(List<String> list) {
        if (this.principalVersusRolesMap == null || this.principalVersusRolesMap.size() <= 0) {
            return list;
        }
        ArrayList arrayList = new ArrayList();
        for (String str : list) {
            Set<String> set = this.principalVersusRolesMap.get(str);
            if (set != null && set.size() > 0) {
                for (String str2 : set) {
                    if (!arrayList.contains(str2)) {
                        arrayList.add(str2);
                    }
                }
            } else if (!arrayList.contains(str)) {
                arrayList.add(str);
            }
        }
        return arrayList;
    }

    private Principal getPrincipal(Subject subject) {
        Set<Principal> principals;
        Principal principal = null;
        Principal principal2 = null;
        if (subject != null && (principals = subject.getPrincipals()) != null && !principals.isEmpty()) {
            for (Principal principal3 : principals) {
                if (!(principal3 instanceof Group) && principal == null) {
                    principal = principal3;
                }
                if (principal3 instanceof Group) {
                    Group group = (Group) Group.class.cast(principal3);
                    if (group.getName().equals("CallerPrincipal") && principal2 == null) {
                        Enumeration<? extends Principal> members = group.members();
                        if (members.hasMoreElements()) {
                            principal2 = members.nextElement();
                        }
                    }
                }
            }
        }
        return principal2 == null ? principal : principal2;
    }
}
