package org.kie.server.services.impl.security;

import java.security.Principal;
import java.security.acl.Group;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import java.util.ServiceLoader;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.jacc.PolicyContext;
import org.hibernate.secure.internal.StandardJaccServiceImpl;
import org.kie.internal.identity.IdentityProvider;
import org.kie.server.api.security.SecurityAdapter;

/* loaded from: input_file:WEB-INF/lib/kie-server-services-common-7.1.0.Beta3.jar:org/kie/server/services/impl/security/JACCIdentityProvider.class */
public class JACCIdentityProvider implements IdentityProvider {
    private static final ServiceLoader<SecurityAdapter> securityAdapters = ServiceLoader.load(SecurityAdapter.class);
    private List<SecurityAdapter> adapters = new ArrayList();

    public JACCIdentityProvider() {
        Iterator<SecurityAdapter> it = securityAdapters.iterator();
        while (it.hasNext()) {
            this.adapters.add(it.next());
        }
    }

    @Override // org.kie.internal.identity.IdentityProvider
    public String getName() {
        Set<Principal> principals;
        Subject subjectFromContainer = getSubjectFromContainer();
        if (subjectFromContainer != null && (principals = subjectFromContainer.getPrincipals()) != null) {
            for (Principal principal : principals) {
                if (supportedPrincipal(principal)) {
                    return principal.getName();
                }
            }
        }
        return getNameFromAdapter();
    }

    @Override // org.kie.internal.identity.IdentityProvider
    public List<String> getRoles() {
        Set<Principal> principals;
        ArrayList arrayList = new ArrayList();
        Subject subjectFromContainer = getSubjectFromContainer();
        if (subjectFromContainer != null && (principals = subjectFromContainer.getPrincipals()) != null) {
            arrayList = new ArrayList();
            Iterator<Principal> it = principals.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Principal next = it.next();
                if (next instanceof Group) {
                    Enumeration<? extends Principal> members = ((Group) next).members();
                    while (members.hasMoreElements()) {
                        arrayList.add(members.nextElement().getName());
                    }
                }
            }
        }
        arrayList.addAll(getRolesFromAdapter());
        return arrayList;
    }

    @Override // org.kie.internal.identity.IdentityProvider
    public boolean hasRole(String str) {
        return false;
    }

    protected Subject getSubjectFromContainer() {
        try {
            return (Subject) PolicyContext.getContext(StandardJaccServiceImpl.ContextSubjectAccess.SUBJECT_CONTEXT_KEY);
        } catch (Exception e) {
            return null;
        }
    }

    protected String getNameFromAdapter() {
        Iterator<SecurityAdapter> it = this.adapters.iterator();
        while (it.hasNext()) {
            String user = it.next().getUser(new Object[0]);
            if (user != null && !user.isEmpty()) {
                return user;
            }
        }
        return "unknown";
    }

    protected List<String> getRolesFromAdapter() {
        ArrayList arrayList = new ArrayList();
        Iterator<SecurityAdapter> it = this.adapters.iterator();
        while (it.hasNext()) {
            List<String> roles = it.next().getRoles(new Object[0]);
            if (roles != null && !roles.isEmpty()) {
                arrayList.addAll(roles);
            }
        }
        return arrayList;
    }

    protected boolean supportedPrincipal(Principal principal) {
        return ((principal instanceof Group) || principal.getClass().getName().endsWith("BasicAuthorizationPrincipal")) ? false : true;
    }
}
