package org.picketbox.plugins;

import com.sun.faces.context.UrlBuilder;
import java.security.Principal;
import java.security.PrivilegedActionException;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Properties;
import java.util.StringTokenizer;
import javax.security.auth.Subject;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginException;
import org.jboss.security.AuthenticationManager;
import org.jboss.security.AuthorizationManager;
import org.jboss.security.PicketBoxMessages;
import org.jboss.security.SecurityContext;
import org.jboss.security.SimplePrincipal;
import org.jboss.security.annotation.Authentication;
import org.jboss.security.annotation.Authorization;
import org.jboss.security.annotation.Module;
import org.jboss.security.annotation.ModuleOption;
import org.jboss.security.annotation.SecurityAudit;
import org.jboss.security.annotation.SecurityConfig;
import org.jboss.security.annotation.SecurityDomain;
import org.jboss.security.annotation.SecurityMapping;
import org.jboss.security.audit.config.AuditProviderEntry;
import org.jboss.security.auth.login.AuthenticationInfo;
import org.jboss.security.authorization.AuthorizationException;
import org.jboss.security.authorization.config.AuthorizationModuleEntry;
import org.jboss.security.callbacks.SecurityContextCallbackHandler;
import org.jboss.security.config.ApplicationPolicy;
import org.jboss.security.config.ApplicationPolicyRegistration;
import org.jboss.security.config.AuditInfo;
import org.jboss.security.config.AuthorizationInfo;
import org.jboss.security.config.ControlFlag;
import org.jboss.security.config.MappingInfo;
import org.jboss.security.identity.RoleGroup;
import org.jboss.security.mapping.config.MappingModuleEntry;
import org.picketbox.config.PicketBoxConfiguration;
import org.picketbox.core.authorization.resources.POJOResource;
import org.picketbox.exceptions.PicketBoxProcessingException;
import org.picketbox.factories.SecurityFactory;

/* JADX WARN: Classes with same name are omitted:
  input_file:eap6/api-jars/picketbox-4.0.7.Final.jar:org/picketbox/plugins/PicketBoxProcessor.class
 */
/* loaded from: input_file:eap7/api-jars/picketbox-4.9.4.Final.jar:org/picketbox/plugins/PicketBoxProcessor.class */
public class PicketBoxProcessor {
    private Principal principal = null;
    private Object credential = null;

    public void setSecurityInfo(String str, Object obj) {
        this.principal = new SimplePrincipal(str);
        this.credential = obj;
    }

    public Principal getCallerPrincipal() throws PicketBoxProcessingException {
        Principal principal = null;
        try {
            SecurityContext securityContext = SecurityActions.getSecurityContext();
            if (securityContext != null) {
                principal = securityContext.getUtil().getUserPrincipal();
            }
            return principal;
        } catch (PrivilegedActionException e) {
            throw new PicketBoxProcessingException(e.getCause());
        }
    }

    public RoleGroup getCallerRoles() throws PicketBoxProcessingException {
        RoleGroup roleGroup = null;
        try {
            SecurityContext securityContext = SecurityActions.getSecurityContext();
            if (securityContext != null) {
                roleGroup = securityContext.getUtil().getRoles();
            }
            return roleGroup;
        } catch (PrivilegedActionException e) {
            throw new PicketBoxProcessingException(e.getCause());
        }
    }

    public Subject getCallerSubject() throws PicketBoxProcessingException {
        Subject subject = new Subject();
        try {
            SecurityContext securityContext = SecurityActions.getSecurityContext();
            if (securityContext != null) {
                subject = securityContext.getUtil().getSubject();
            }
            return subject;
        } catch (PrivilegedActionException e) {
            throw new PicketBoxProcessingException(e.getCause());
        }
    }

    public void process(Object obj) throws LoginException, PicketBoxProcessingException {
        Class<?> cls = obj.getClass();
        SecurityDomain securityDomain = (SecurityDomain) cls.getAnnotation(SecurityDomain.class);
        String value = securityDomain != null ? securityDomain.value() : "other";
        SecurityFactory.prepare();
        try {
            try {
                try {
                    boolean z = false;
                    SecurityConfig securityConfig = (SecurityConfig) cls.getAnnotation(SecurityConfig.class);
                    Authentication authentication = (Authentication) cls.getAnnotation(Authentication.class);
                    if (securityConfig == null && authentication == null) {
                        throw PicketBoxMessages.MESSAGES.invalidSecurityAnnotationConfig();
                    }
                    if (securityConfig != null) {
                        new PicketBoxConfiguration().load(securityConfig.fileName());
                    } else {
                        ApplicationPolicyRegistration configuration = Configuration.getConfiguration();
                        ApplicationPolicy applicationPolicy = new ApplicationPolicy(value);
                        applicationPolicy.setAuthenticationInfo(getAuthenticationInfo(authentication, value));
                        Authorization authorization = (Authorization) cls.getAnnotation(Authorization.class);
                        SecurityAudit securityAudit = (SecurityAudit) cls.getAnnotation(SecurityAudit.class);
                        SecurityMapping securityMapping = (SecurityMapping) cls.getAnnotation(SecurityMapping.class);
                        if (authorization != null) {
                            applicationPolicy.setAuthorizationInfo(getAuthorizationInfo(authorization, value));
                            z = true;
                        }
                        if (securityAudit != null) {
                            applicationPolicy.setAuditInfo(getAuditInfo(securityAudit, value));
                        }
                        if (securityMapping != null) {
                            MappingInfo mappingInfo = getMappingInfo(securityMapping, value);
                            Iterator<MappingModuleEntry> it = mappingInfo.getModuleEntries().iterator();
                            while (it.hasNext()) {
                                applicationPolicy.setMappingInfo(it.next().getMappingModuleType(), mappingInfo);
                            }
                        }
                        configuration.addApplicationPolicy(value, applicationPolicy);
                    }
                    SecurityContext createSecurityContext = SecurityActions.createSecurityContext(value);
                    SecurityActions.setSecurityContext(createSecurityContext);
                    AuthenticationManager authenticationManager = SecurityFactory.getAuthenticationManager(value);
                    Subject subject = new Subject();
                    if (!authenticationManager.isValid(this.principal, this.credential, subject)) {
                        throw new LoginException(PicketBoxMessages.MESSAGES.authenticationFailedMessage());
                    }
                    SecurityActions.register(createSecurityContext, this.principal, this.credential, subject);
                    AuthorizationManager authorizationManager = SecurityFactory.getAuthorizationManager(value);
                    RoleGroup subjectRoles = authorizationManager.getSubjectRoles(subject, new SecurityContextCallbackHandler(createSecurityContext));
                    if (subjectRoles == null) {
                        throw new PicketBoxProcessingException(PicketBoxMessages.MESSAGES.nullRolesInSubjectMessage());
                    }
                    if (z && authorizationManager.authorize(new POJOResource(obj), subject, subjectRoles) != 1) {
                        throw new AuthorizationException(PicketBoxMessages.MESSAGES.authorizationFailedMessage());
                    }
                } catch (PrivilegedActionException e) {
                    throw new PicketBoxProcessingException(e.getCause());
                }
            } catch (AuthorizationException e2) {
                throw new PicketBoxProcessingException(e2);
            } catch (Exception e3) {
                throw new PicketBoxProcessingException(e3);
            }
        } finally {
            SecurityFactory.release();
        }
    }

    private MappingInfo getMappingInfo(SecurityMapping securityMapping, String str) {
        MappingInfo mappingInfo = new MappingInfo(str);
        Module[] modules = securityMapping.modules();
        if (modules != null) {
            for (Module module : modules) {
                String canonicalName = module.code().getCanonicalName();
                String type = module.type();
                HashMap hashMap = new HashMap();
                ModuleOption[] options = module.options();
                if (options != null) {
                    for (ModuleOption moduleOption : options) {
                        String key = moduleOption.key();
                        String value = moduleOption.value();
                        ModuleOption.VALUE_TYPE valueType = moduleOption.valueType();
                        if (key != null && key.length() > 0 && valueType == ModuleOption.VALUE_TYPE.JAVA_PROPERTIES) {
                            StringTokenizer stringTokenizer = new StringTokenizer(value, UrlBuilder.PARAMETER_NAME_VALUE_SEPARATOR);
                            String nextToken = stringTokenizer.nextToken();
                            String nextToken2 = stringTokenizer.nextToken();
                            Properties properties = new Properties();
                            properties.put(nextToken, nextToken2);
                            hashMap.put(key, properties);
                        } else if (key != null && key.length() > 0) {
                            hashMap.put(key, value);
                        }
                    }
                }
                mappingInfo.add((MappingInfo) new MappingModuleEntry(canonicalName, hashMap, type));
            }
        }
        return mappingInfo;
    }

    private AuditInfo getAuditInfo(SecurityAudit securityAudit, String str) {
        AuditInfo auditInfo = new AuditInfo(str);
        Module[] modules = securityAudit.modules();
        if (modules != null) {
            for (Module module : modules) {
                String canonicalName = module.code().getCanonicalName();
                HashMap hashMap = new HashMap();
                ModuleOption[] options = module.options();
                if (options != null) {
                    for (ModuleOption moduleOption : options) {
                        String key = moduleOption.key();
                        String value = moduleOption.value();
                        if (key != null && key.length() > 0) {
                            hashMap.put(key, value);
                        }
                    }
                }
                auditInfo.add((AuditInfo) new AuditProviderEntry(canonicalName, hashMap));
            }
        }
        return auditInfo;
    }

    private AuthorizationInfo getAuthorizationInfo(Authorization authorization, String str) {
        AuthorizationInfo authorizationInfo = new AuthorizationInfo(str);
        Module[] modules = authorization.modules();
        if (modules != null) {
            for (Module module : modules) {
                String canonicalName = module.code().getCanonicalName();
                String flag = module.flag();
                HashMap hashMap = new HashMap();
                ModuleOption[] options = module.options();
                if (options != null) {
                    for (ModuleOption moduleOption : options) {
                        String key = moduleOption.key();
                        String value = moduleOption.value();
                        if (key != null && key.length() > 0) {
                            hashMap.put(key, value);
                        }
                    }
                }
                AuthorizationModuleEntry authorizationModuleEntry = new AuthorizationModuleEntry(canonicalName, hashMap);
                authorizationModuleEntry.setControlFlag(ControlFlag.valueOf(flag));
                authorizationInfo.add((AuthorizationInfo) authorizationModuleEntry);
            }
        }
        return authorizationInfo;
    }

    private AuthenticationInfo getAuthenticationInfo(Authentication authentication, String str) {
        AuthenticationInfo authenticationInfo = new AuthenticationInfo(str);
        Module[] modules = authentication.modules();
        if (modules != null) {
            for (Module module : modules) {
                String canonicalName = module.code().getCanonicalName();
                String flag = module.flag();
                HashMap hashMap = new HashMap();
                ModuleOption[] options = module.options();
                if (options != null) {
                    for (ModuleOption moduleOption : options) {
                        String key = moduleOption.key();
                        String value = moduleOption.value();
                        if (key != null && key.length() > 0) {
                            hashMap.put(key, value);
                        }
                    }
                }
                authenticationInfo.addAppConfigurationEntry(new AppConfigurationEntry(canonicalName, getFlag(flag), hashMap));
            }
        }
        return authenticationInfo;
    }

    private AppConfigurationEntry.LoginModuleControlFlag getFlag(String str) {
        return "REQUIRED".equalsIgnoreCase(str) ? AppConfigurationEntry.LoginModuleControlFlag.REQUIRED : "REQUISITE".equalsIgnoreCase(str) ? AppConfigurationEntry.LoginModuleControlFlag.REQUISITE : "SUFFICIENT".equalsIgnoreCase(str) ? AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT : AppConfigurationEntry.LoginModuleControlFlag.OPTIONAL;
    }
}
