package org.gatein.sso.agent.login;

import java.security.Principal;
import java.security.acl.Group;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.management.MBeanServer;
import javax.management.ObjectName;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import javax.security.jacc.PolicyContext;
import javax.security.jacc.PolicyContextException;
import javax.servlet.http.HttpServletRequest;
import org.exoplatform.container.ExoContainer;
import org.exoplatform.container.ExoContainerContext;
import org.exoplatform.container.PortalContainer;
import org.exoplatform.container.RootContainer;
import org.exoplatform.container.monitor.jvm.J2EEServerInfo;
import org.exoplatform.services.security.Authenticator;
import org.exoplatform.services.security.Identity;
import org.exoplatform.services.security.IdentityRegistry;
import org.exoplatform.services.security.jaas.UserPrincipal;
import org.jboss.security.SimpleGroup;
import org.jboss.security.SimplePrincipal;
import org.jboss.security.auth.spi.AbstractServerLoginModule;

/* loaded from: input_file:org/gatein/sso/agent/login/SPNEGORolesModule.class */
public class SPNEGORolesModule extends AbstractServerLoginModule {
    private Identity identity = null;
    private static final String OPTION_PORTAL_CONTAINER_NAME = "portalContainerName";
    private static final String OPTION_REALM_NAME = "realmName";
    private String portalContainerName;
    private String realmName;

    private String getPortalContainerName(Map map) {
        String str;
        return (map == null || (str = (String) map.get(OPTION_PORTAL_CONTAINER_NAME)) == null || str.length() <= 0) ? PortalContainer.DEFAULT_PORTAL_CONTAINER_NAME : str;
    }

    private String getRealmName(Map map) {
        String str;
        return (map == null || (str = (String) map.get(OPTION_REALM_NAME)) == null || str.length() <= 0) ? PortalContainer.DEFAULT_REALM_NAME : str;
    }

    private ExoContainer getContainer() throws Exception {
        PortalContainer currentContainer = ExoContainerContext.getCurrentContainer();
        if (currentContainer instanceof RootContainer) {
            currentContainer = RootContainer.getInstance().getPortalContainer(this.portalContainerName);
        }
        return currentContainer;
    }

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        super.initialize(subject, callbackHandler, map, map2);
        this.portalContainerName = getPortalContainerName(map2);
        this.realmName = getRealmName(map2);
    }

    public boolean login() throws LoginException {
        try {
            if (!super.login()) {
                return false;
            }
            this.identity = ((Authenticator) getContainer().getComponentInstanceOfType(Authenticator.class)).createIdentity(getIdentity().getName());
            return true;
        } catch (Exception e) {
            throw new LoginException(e.getMessage());
        }
    }

    protected Principal getIdentity() {
        return (Principal) this.sharedState.get("javax.security.auth.login.name");
    }

    protected Group[] getRoleSets() throws LoginException {
        try {
            Group simpleGroup = new SimpleGroup("Roles");
            Iterator it = this.identity.getRoles().iterator();
            while (it.hasNext()) {
                simpleGroup.addMember(createIdentity((String) it.next()));
            }
            return new Group[]{simpleGroup};
        } catch (Exception e) {
            throw new LoginException(e.getMessage());
        }
    }

    public boolean commit() throws LoginException {
        try {
            if (!super.commit()) {
                return false;
            }
            IdentityRegistry identityRegistry = (IdentityRegistry) getContainer().getComponentInstanceOfType(IdentityRegistry.class);
            if (identityRegistry.getIdentity(this.identity.getUserId()) != null) {
                return true;
            }
            this.identity.setSubject(this.subject);
            identityRegistry.register(this.identity);
            return true;
        } catch (Exception e) {
            throw new LoginException(e.getMessage());
        }
    }

    public boolean logout() throws LoginException {
        MBeanServer mBeanServer = new J2EEServerInfo().getMBeanServer();
        if (mBeanServer == null) {
            this.log.warn("Could not find mbean server for performing JBoss security manager cache eviction");
            return true;
        }
        try {
            this.log.debug("Performing JBoss security manager cache eviction");
            ObjectName objectName = new ObjectName("jboss.security:service=JaasSecurityManager");
            String str = null;
            Principal principal = null;
            String str2 = null;
            Set principals = this.subject.getPrincipals(SimplePrincipal.class);
            if (!principals.isEmpty()) {
                Iterator it = principals.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    Principal principal2 = (Principal) it.next();
                    if (!(principal2 instanceof SimpleGroup)) {
                        principal = principal2;
                        str = principal.getName();
                        str2 = findSessionId();
                        break;
                    }
                }
            } else {
                Set principals2 = this.subject.getPrincipals(UserPrincipal.class);
                if (!principals2.isEmpty()) {
                    principal = (Principal) principals2.iterator().next();
                    str = principal.getName();
                }
            }
            if (principal == null) {
                return true;
            }
            this.log.debug("Going to perform JBoss security manager cache eviction for user " + str);
            Principal findKeyPrincipal = findKeyPrincipal(principal, new ArrayList((List) mBeanServer.invoke(objectName, "getAuthenticationCachePrincipals", new Object[]{this.realmName}, new String[]{String.class.getName()})), str2);
            if (findKeyPrincipal != null) {
                mBeanServer.invoke(objectName, "flushAuthenticationCache", new Object[]{this.realmName, findKeyPrincipal}, new String[]{String.class.getName(), Principal.class.getName()});
                this.log.debug("Performed JBoss security manager cache eviction for user " + str);
            } else {
                this.log.warn("No principal found when performing JBoss security manager cache eviction for user " + str);
            }
            return true;
        } catch (Exception e) {
            this.log.warn("Could not perform JBoss security manager cache eviction", e);
            return true;
        }
    }

    private String findSessionId() throws PolicyContextException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) PolicyContext.getContext("javax.servlet.http.HttpServletRequest");
        if (httpServletRequest == null) {
            return null;
        }
        return httpServletRequest.getSession(false).getId();
    }

    private Principal findKeyPrincipal(Principal principal, List<Principal> list, String str) {
        Principal principal2 = null;
        if ((principal instanceof SimplePrincipal) && str != null) {
            Iterator<Principal> it = list.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Principal next = it.next();
                if (next.getName().startsWith(str)) {
                    principal2 = next;
                    break;
                }
            }
        } else {
            String name = principal.getName();
            Iterator<Principal> it2 = list.iterator();
            while (true) {
                if (!it2.hasNext()) {
                    break;
                }
                Principal next2 = it2.next();
                if (next2.getName().equals(name)) {
                    principal2 = next2;
                    break;
                }
            }
        }
        return principal2;
    }
}
