package org.jboss.security.plugins;

import EDU.oswego.cs.dl.util.concurrent.ConcurrentReaderHashMap;
import java.beans.PropertyEditorManager;
import java.lang.reflect.InvocationHandler;
import java.lang.reflect.Method;
import java.lang.reflect.Proxy;
import java.security.Principal;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.naming.CommunicationException;
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.Name;
import javax.naming.NameClassPair;
import javax.naming.NameParser;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.OperationNotSupportedException;
import javax.naming.Reference;
import javax.naming.StringRefAddr;
import javax.naming.spi.ObjectFactory;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.jacc.PolicyContext;
import org.jboss.logging.Logger;
import org.jboss.security.AuthenticationManager;
import org.jboss.security.SecurityAssociation;
import org.jboss.security.SecurityConstants;
import org.jboss.security.SecurityDomain;
import org.jboss.security.SecurityProxyFactory;
import org.jboss.security.SubjectSecurityProxyFactory;
import org.jboss.security.auth.callback.CallbackHandlerPolicyContextHandler;
import org.jboss.security.auth.callback.SecurityAssociationHandler;
import org.jboss.security.jacc.SubjectPolicyContextHandler;
import org.jboss.security.propertyeditor.PrincipalEditor;
import org.jboss.security.propertyeditor.SecurityDomainEditor;
import org.jboss.system.ServiceMBeanSupport;
import org.jboss.util.CachePolicy;
import org.jboss.util.TimedCachePolicy;

/* loaded from: input_file:org/jboss/security/plugins/JaasSecurityManagerService.class */
public class JaasSecurityManagerService extends ServiceMBeanSupport implements JaasSecurityManagerServiceMBean {
    private static final String SECURITY_MGR_PATH = "java:/jaas";
    private static NameParser parser;
    private boolean serverMode = true;
    private static String securityMgrClassName = "org.jboss.security.plugins.JaasSecurityManager";
    private static Class securityMgrClass = JaasSecurityManager.class;
    private static String callbackHandlerClassName = "org.jboss.security.auth.callback.SecurityAssociationHandler";
    private static Class callbackHandlerClass = SecurityAssociationHandler.class;
    private static final String DEFAULT_CACHE_POLICY_PATH = "java:/timedCacheFactory";
    private static String cacheJndiName = DEFAULT_CACHE_POLICY_PATH;
    private static int defaultCacheTimeout = 1800;
    private static int defaultCacheResolution = 60;
    private static String securityProxyFactoryClassName = "org.jboss.security.SubjectSecurityProxyFactory";
    private static Class securityProxyFactoryClass = SubjectSecurityProxyFactory.class;
    private static ConcurrentReaderHashMap securityDomainCtxMap = new ConcurrentReaderHashMap();
    private static boolean deepCopySubjectMode = false;
    private static String defaultUnauthenticatedPrincipal = "Unauthenticated Principal";
    private static Logger log = Logger.getLogger(JaasSecurityManagerService.class);

    /* loaded from: input_file:org/jboss/security/plugins/JaasSecurityManagerService$DefaultCacheObjectFactory.class */
    public static class DefaultCacheObjectFactory implements InvocationHandler, ObjectFactory {
        public Object getObjectInstance(Object obj, Name name, Context context, Hashtable hashtable) throws Exception {
            return (Context) Proxy.newProxyInstance(Thread.currentThread().getContextClassLoader(), new Class[]{Context.class}, this);
        }

        @Override // java.lang.reflect.InvocationHandler
        public Object invoke(Object obj, Method method, Object[] objArr) throws Throwable {
            TimedCachePolicy timedCachePolicy = new TimedCachePolicy(JaasSecurityManagerService.defaultCacheTimeout, true, JaasSecurityManagerService.defaultCacheResolution);
            timedCachePolicy.create();
            timedCachePolicy.start();
            return timedCachePolicy;
        }
    }

    /* loaded from: input_file:org/jboss/security/plugins/JaasSecurityManagerService$DomainEnumeration.class */
    static class DomainEnumeration implements NamingEnumeration {
        Enumeration domains;
        Map ctxMap;

        DomainEnumeration(Enumeration enumeration, Map map) {
            this.domains = enumeration;
            this.ctxMap = map;
        }

        public void close() {
        }

        public boolean hasMoreElements() {
            return this.domains.hasMoreElements();
        }

        public boolean hasMore() {
            return this.domains.hasMoreElements();
        }

        public Object next() {
            String str = (String) this.domains.nextElement();
            return new NameClassPair(str, this.ctxMap.get(str).getClass().getName());
        }

        public Object nextElement() {
            return this.domains.nextElement();
        }
    }

    /* loaded from: input_file:org/jboss/security/plugins/JaasSecurityManagerService$SecurityDomainObjectFactory.class */
    public static class SecurityDomainObjectFactory implements InvocationHandler, ObjectFactory {
        public Object getObjectInstance(Object obj, Name name, Context context, Hashtable hashtable) throws Exception {
            return (Context) Proxy.newProxyInstance(SubjectActions.getContextClassLoader(), new Class[]{Context.class}, this);
        }

        @Override // java.lang.reflect.InvocationHandler
        public Object invoke(Object obj, Method method, Object[] objArr) throws Throwable {
            String name = method.getName();
            if (name.equals("toString")) {
                return "java:/jaas Context proxy";
            }
            if (name.equals("list")) {
                return new DomainEnumeration(JaasSecurityManagerService.securityDomainCtxMap.keys(), JaasSecurityManagerService.securityDomainCtxMap);
            }
            if (!name.equals("lookup")) {
                throw new OperationNotSupportedException("Only lookup is supported, op=" + method);
            }
            Name parse = objArr[0] instanceof String ? JaasSecurityManagerService.parser.parse((String) objArr[0]) : (Name) objArr[0];
            SecurityDomainContext lookupSecurityDomain = JaasSecurityManagerService.lookupSecurityDomain(parse.get(0));
            AuthenticationManager securityManager = lookupSecurityDomain.getSecurityManager();
            if (parse.size() == 2) {
                securityManager = lookupSecurityDomain.lookup(parse.get(1));
            }
            return securityManager;
        }
    }

    @Override // org.jboss.security.plugins.JaasSecurityManagerServiceMBean
    public boolean getServerMode() {
        return this.serverMode;
    }

    @Override // org.jboss.security.plugins.JaasSecurityManagerServiceMBean
    public void setServerMode(boolean z) {
        this.serverMode = z;
    }

    @Override // org.jboss.security.plugins.JaasSecurityManagerServiceMBean
    public String getSecurityManagerClassName() {
        return securityMgrClassName;
    }

    @Override // org.jboss.security.plugins.JaasSecurityManagerServiceMBean
    public void setSecurityManagerClassName(String str) throws ClassNotFoundException, ClassCastException {
        securityMgrClassName = str;
        securityMgrClass = Thread.currentThread().getContextClassLoader().loadClass(securityMgrClassName);
        if (!AuthenticationManager.class.isAssignableFrom(securityMgrClass)) {
            throw new ClassCastException(securityMgrClass + " does not implement " + AuthenticationManager.class);
        }
    }

    @Override // org.jboss.security.plugins.JaasSecurityManagerServiceMBean
    public String getSecurityProxyFactoryClassName() {
        return securityProxyFactoryClassName;
    }

    @Override // org.jboss.security.plugins.JaasSecurityManagerServiceMBean
    public void setSecurityProxyFactoryClassName(String str) throws ClassNotFoundException {
        securityProxyFactoryClassName = str;
        securityProxyFactoryClass = Thread.currentThread().getContextClassLoader().loadClass(securityProxyFactoryClassName);
    }

    @Override // org.jboss.security.plugins.JaasSecurityManagerServiceMBean
    public String getCallbackHandlerClassName() {
        return callbackHandlerClassName;
    }

    @Override // org.jboss.security.plugins.JaasSecurityManagerServiceMBean
    public void setCallbackHandlerClassName(String str) throws ClassNotFoundException {
        callbackHandlerClassName = str;
        callbackHandlerClass = Thread.currentThread().getContextClassLoader().loadClass(callbackHandlerClassName);
    }

    @Override // org.jboss.security.plugins.JaasSecurityManagerServiceMBean
    public String getAuthenticationCacheJndiName() {
        return cacheJndiName;
    }

    @Override // org.jboss.security.plugins.JaasSecurityManagerServiceMBean
    public void setAuthenticationCacheJndiName(String str) {
        cacheJndiName = str;
    }

    @Override // org.jboss.security.plugins.JaasSecurityManagerServiceMBean
    public int getDefaultCacheTimeout() {
        return defaultCacheTimeout;
    }

    @Override // org.jboss.security.plugins.JaasSecurityManagerServiceMBean
    public void setDefaultCacheTimeout(int i) {
        defaultCacheTimeout = i;
    }

    @Override // org.jboss.security.plugins.JaasSecurityManagerServiceMBean
    public int getDefaultCacheResolution() {
        return defaultCacheResolution;
    }

    @Override // org.jboss.security.plugins.JaasSecurityManagerServiceMBean
    public void setDefaultCacheResolution(int i) {
        defaultCacheResolution = i;
    }

    @Override // org.jboss.security.plugins.JaasSecurityManagerServiceMBean
    public boolean getDeepCopySubjectMode() {
        return deepCopySubjectMode;
    }

    @Override // org.jboss.security.plugins.JaasSecurityManagerServiceMBean
    public void setDeepCopySubjectMode(boolean z) {
        log.debug("setDeepCopySubjectMode=" + z);
        deepCopySubjectMode = z;
        if (securityDomainCtxMap.isEmpty()) {
            return;
        }
        Iterator it = securityDomainCtxMap.keySet().iterator();
        while (it.hasNext()) {
            setDeepCopySubjectOption(((SecurityDomainContext) securityDomainCtxMap.get((String) it.next())).securityMgr, z);
        }
    }

    @Override // org.jboss.security.plugins.JaasSecurityManagerServiceMBean
    public void setCacheTimeout(String str, int i, int i2) {
        TimedCachePolicy cachePolicy = getCachePolicy(str);
        if (cachePolicy == null || !(cachePolicy instanceof TimedCachePolicy)) {
            log.warn("Failed to find cache policy for securityDomain='" + str + "'");
            return;
        }
        TimedCachePolicy timedCachePolicy = cachePolicy;
        synchronized (timedCachePolicy) {
            timedCachePolicy.setDefaultLifetime(i);
            timedCachePolicy.setResolution(i2);
        }
    }

    @Override // org.jboss.security.plugins.JaasSecurityManagerServiceMBean
    public void flushAuthenticationCache(String str) {
        CachePolicy cachePolicy = getCachePolicy(str);
        if (cachePolicy != null) {
            cachePolicy.flush();
        } else {
            log.warn("Failed to find cache policy for securityDomain='" + str + "'");
        }
    }

    @Override // org.jboss.security.plugins.JaasSecurityManagerServiceMBean
    public void flushAuthenticationCache(String str, Principal principal) {
        CachePolicy cachePolicy = getCachePolicy(str);
        if (cachePolicy != null) {
            cachePolicy.remove(principal);
        } else {
            log.warn("Failed to find cache policy for securityDomain='" + str + "'");
        }
    }

    @Override // org.jboss.security.plugins.JaasSecurityManagerServiceMBean
    public List getAuthenticationCachePrincipals(String str) {
        TimedCachePolicy cachePolicy = getCachePolicy(str);
        List list = null;
        if (cachePolicy instanceof TimedCachePolicy) {
            list = cachePolicy.getValidKeys();
        }
        return list;
    }

    @Override // org.jboss.security.plugins.SecurityManagerMBean
    public boolean isValid(String str, Principal principal, Object obj) {
        boolean z = false;
        try {
            z = lookupSecurityDomain(str).getSecurityManager().isValid(principal, obj, (Subject) null);
        } catch (NamingException e) {
            log.debug("isValid(" + str + ") failed", e);
        }
        return z;
    }

    @Override // org.jboss.security.plugins.SecurityManagerMBean
    public Principal getPrincipal(String str, Principal principal) {
        Principal principal2 = null;
        try {
            principal2 = lookupSecurityDomain(str).getRealmMapping().getPrincipal(principal);
        } catch (NamingException e) {
            log.debug("getPrincipal(" + str + ") failed", e);
        }
        return principal2;
    }

    @Override // org.jboss.security.plugins.SecurityManagerMBean
    public boolean doesUserHaveRole(String str, Principal principal, Object obj, Set set) {
        boolean z = false;
        try {
            SecurityDomainContext lookupSecurityDomain = lookupSecurityDomain(str);
            Subject subject = new Subject();
            if (lookupSecurityDomain.getSecurityManager().isValid(principal, obj, subject)) {
                SubjectActions.pushSubjectContext(principal, obj, subject, lookupSecurityDomain.getSecurityManager().getSecurityDomain());
                z = lookupSecurityDomain.getRealmMapping().doesUserHaveRole(principal, set);
                SubjectActions.popSubjectContext();
            }
        } catch (NamingException e) {
            log.debug("doesUserHaveRole(" + str + ") failed", e);
        }
        return z;
    }

    @Override // org.jboss.security.plugins.SecurityManagerMBean
    public Set getUserRoles(String str, Principal principal, Object obj) {
        Set set = null;
        try {
            SecurityDomainContext lookupSecurityDomain = lookupSecurityDomain(str);
            Subject subject = new Subject();
            if (lookupSecurityDomain.getSecurityManager().isValid(principal, obj, subject)) {
                SubjectActions.pushSubjectContext(principal, obj, subject, lookupSecurityDomain.getSecurityManager().getSecurityDomain());
                set = lookupSecurityDomain.getRealmMapping().getUserRoles(principal);
                SubjectActions.popSubjectContext();
            }
        } catch (NamingException e) {
            log.debug("getUserRoles(" + str + ") failed", e);
        }
        return set;
    }

    protected void startService() throws Exception {
        if (this.serverMode) {
            SecurityAssociation.setServer();
        }
        PolicyContext.registerHandler(SecurityConstants.SUBJECT_CONTEXT_KEY, new SubjectPolicyContextHandler(), true);
        PolicyContext.registerHandler("org.jboss.security.auth.spi.CallbackHandler", new CallbackHandlerPolicyContextHandler(), false);
        InitialContext initialContext = new InitialContext();
        parser = initialContext.getNameParser("");
        initialContext.rebind("java:/jaas", new Reference("javax.naming.Context", new StringRefAddr("nns", "JSM"), SecurityDomainObjectFactory.class.getName(), (String) null));
        log.debug("securityMgrCtxPath=java:/jaas");
        initialContext.rebind(DEFAULT_CACHE_POLICY_PATH, new Reference("javax.naming.Context", new StringRefAddr("nns", "JSMCachePolicy"), DefaultCacheObjectFactory.class.getName(), (String) null));
        log.debug("cachePolicyCtxPath=" + cacheJndiName);
        SecurityProxyFactory securityProxyFactory = (SecurityProxyFactory) securityProxyFactoryClass.newInstance();
        initialContext.bind("java:/SecurityProxyFactory", securityProxyFactory);
        log.debug("SecurityProxyFactory=" + securityProxyFactory);
        PropertyEditorManager.registerEditor(Principal.class, PrincipalEditor.class);
        PropertyEditorManager.registerEditor(SecurityDomain.class, SecurityDomainEditor.class);
        log.debug("Registered PrincipalEditor, SecurityDomainEditor");
        log.debug("ServerMode=" + this.serverMode);
        log.debug("SecurityMgrClass=" + securityMgrClass);
        log.debug("CallbackHandlerClass=" + callbackHandlerClass);
    }

    protected void stopService() throws Exception {
        InitialContext initialContext = new InitialContext();
        try {
            initialContext.unbind("java:/jaas");
            initialContext.close();
        } catch (CommunicationException e) {
            initialContext.close();
        } catch (Throwable th) {
            initialContext.close();
            throw th;
        }
    }

    @Override // org.jboss.security.plugins.JaasSecurityManagerServiceMBean
    public synchronized void registerSecurityDomain(String str, SecurityDomain securityDomain) {
        log.debug("Added " + str + ", " + securityDomain + " to map");
        CachePolicy lookupCachePolicy = lookupCachePolicy(str);
        SecurityDomainContext securityDomainContext = new SecurityDomainContext(securityDomain, lookupCachePolicy);
        securityDomainContext.setAuthorizationManager(AuthorizationManagerService.newAuthorizationManager(str));
        securityDomainCtxMap.put(str, securityDomainContext);
        setSecurityDomainCache(securityDomain, lookupCachePolicy);
    }

    private static CachePolicy getCachePolicy(String str) {
        if (str.startsWith("java:/jaas")) {
            str = str.substring("java:/jaas".length() + 1);
        }
        CachePolicy cachePolicy = null;
        try {
            SecurityDomainContext lookupSecurityDomain = lookupSecurityDomain(str);
            if (lookupSecurityDomain != null) {
                cachePolicy = lookupSecurityDomain.getAuthenticationCache();
            }
        } catch (NamingException e) {
            log.debug("getCachePolicy(" + str + ") failure", e);
        }
        return cachePolicy;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static CachePolicy lookupCachePolicy(String str) {
        CachePolicy cachePolicy = null;
        try {
            cachePolicy = (CachePolicy) new InitialContext().lookup(cacheJndiName + '/' + str);
        } catch (Exception e) {
            try {
                cachePolicy = (CachePolicy) new InitialContext().lookup(cacheJndiName);
            } catch (Exception e2) {
                log.warn("Failed to locate auth CachePolicy at: " + cacheJndiName + " for securityDomain=" + str);
            }
        }
        return cachePolicy;
    }

    private static void setSecurityDomainCache(AuthenticationManager authenticationManager, CachePolicy cachePolicy) {
        try {
            Object[] objArr = {cachePolicy};
            securityMgrClass.getMethod("setCachePolicy", CachePolicy.class).invoke(authenticationManager, objArr);
            log.debug("setCachePolicy, c=" + objArr[0]);
        } catch (Exception e) {
            if (log.isTraceEnabled()) {
                log.trace("Optional setCachePolicy failed" + e.getLocalizedMessage());
            }
        }
    }

    private static void setDeepCopySubjectOption(AuthenticationManager authenticationManager, boolean z) {
        try {
            Object[] objArr = {z ? Boolean.TRUE : Boolean.FALSE};
            securityMgrClass.getMethod("setDeepCopySubjectOption", Boolean.class).invoke(authenticationManager, objArr);
            log.debug("setDeepCopySubjectOption, c=" + objArr[0]);
        } catch (Exception e) {
            log.debug("setDeepCopySubjectOption failed", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static synchronized SecurityDomainContext lookupSecurityDomain(String str) throws NamingException {
        SecurityDomainContext securityDomainContext = (SecurityDomainContext) securityDomainCtxMap.get(str);
        if (securityDomainContext == null) {
            securityDomainContext = newSecurityDomainCtx(str);
            securityDomainCtxMap.put(str, securityDomainContext);
            log.debug("Added " + str + ", " + securityDomainContext + " to map");
        }
        return securityDomainContext;
    }

    private static synchronized SecurityDomainContext newSecurityDomainCtx(String str) throws NamingException {
        try {
            AuthenticationManager authenticationManager = (AuthenticationManager) securityMgrClass.getConstructor(String.class, CallbackHandler.class).newInstance(str, (CallbackHandler) callbackHandlerClass.newInstance());
            log.debug("Created securityMgr=" + authenticationManager);
            CachePolicy lookupCachePolicy = lookupCachePolicy(str);
            SecurityDomainContext securityDomainContext = new SecurityDomainContext(authenticationManager, lookupCachePolicy);
            setSecurityDomainCache(authenticationManager, lookupCachePolicy);
            if (deepCopySubjectMode) {
                setDeepCopySubjectOption(authenticationManager, true);
            }
            securityDomainContext.setAuthorizationManager(AuthorizationManagerService.newAuthorizationManager(str));
            return securityDomainContext;
        } catch (Exception e) {
            NamingException namingException = new NamingException("Failed to create sec mgr('" + str + "'), securityMgrClass=" + securityMgrClass + ", callbackHandlerClass=" + callbackHandlerClass);
            namingException.setRootCause(e);
            throw namingException;
        }
    }

    @Override // org.jboss.security.plugins.JaasSecurityManagerServiceMBean
    public String getDefaultUnauthenticatedPrincipal() {
        return defaultUnauthenticatedPrincipal;
    }

    @Override // org.jboss.security.plugins.JaasSecurityManagerServiceMBean
    public void setDefaultUnauthenticatedPrincipal(String str) {
        defaultUnauthenticatedPrincipal = str;
    }
}
