package org.switchyard.security.provider;

import java.util.Iterator;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.switchyard.ServiceSecurity;
import org.switchyard.common.lang.Strings;
import org.switchyard.common.type.reflect.Construction;
import org.switchyard.security.BaseSecurityLogger;
import org.switchyard.security.callback.handler.NamePasswordCallbackHandler;
import org.switchyard.security.callback.handler.SwitchYardCallbackHandler;
import org.switchyard.security.context.SecurityContext;
import org.switchyard.security.principal.Group;
import org.switchyard.security.principal.Role;

/* loaded from: input_file:WEB-INF/lib/switchyard-security-2.0.0-SNAPSHOT.jar:org/switchyard/security/provider/JaasSecurityProvider.class */
public class JaasSecurityProvider extends SecurityProvider {
    @Override // org.switchyard.security.provider.SecurityProvider
    public boolean authenticate(ServiceSecurity serviceSecurity, SecurityContext securityContext) {
        boolean z = false;
        Class<?> callbackHandler = serviceSecurity.getCallbackHandler();
        if (callbackHandler == null) {
            callbackHandler = NamePasswordCallbackHandler.class;
        }
        CallbackHandler callbackHandler2 = (CallbackHandler) Construction.construct(callbackHandler);
        if (callbackHandler2 instanceof SwitchYardCallbackHandler) {
            SwitchYardCallbackHandler switchYardCallbackHandler = (SwitchYardCallbackHandler) callbackHandler2;
            switchYardCallbackHandler.setProperties(serviceSecurity.getProperties());
            switchYardCallbackHandler.setCredentials(securityContext.getCredentials());
        }
        String securityDomain = serviceSecurity.getSecurityDomain();
        try {
            new LoginContext(securityDomain, securityContext.getSubject(securityDomain), callbackHandler2).login();
            z = true;
        } catch (LoginException e) {
            BaseSecurityLogger.ROOT_LOGGER.authenticateLoginException(e.getMessage(), e);
        }
        return z;
    }

    @Override // org.switchyard.security.provider.SecurityProvider
    public boolean propagate(ServiceSecurity serviceSecurity, SecurityContext securityContext) {
        return true;
    }

    @Override // org.switchyard.security.provider.SecurityProvider
    public boolean addRunAs(ServiceSecurity serviceSecurity, SecurityContext securityContext) {
        boolean z = true;
        String trimToNull = Strings.trimToNull(serviceSecurity.getRunAs());
        if (trimToNull != null) {
            z = false;
            Role role = new Role(trimToNull);
            Subject subject = securityContext.getSubject(serviceSecurity.getSecurityDomain());
            Set<Group> principals = subject.getPrincipals(Group.class);
            if (principals.isEmpty()) {
                Group group = new Group(Group.ROLES);
                group.addMember(role);
                subject.getPrincipals().add(group);
                z = true;
            } else {
                for (Group group2 : principals) {
                    if (Group.ROLES.equals(group2.getName())) {
                        group2.addMember(role);
                        z = true;
                    }
                }
            }
        }
        return z;
    }

    @Override // org.switchyard.security.provider.SecurityProvider
    public boolean checkRolesAllowed(ServiceSecurity serviceSecurity, SecurityContext securityContext) {
        Set<String> rolesAllowed = serviceSecurity.getRolesAllowed();
        if (rolesAllowed.isEmpty()) {
            return true;
        }
        String securityDomain = serviceSecurity.getSecurityDomain();
        Iterator<String> it = rolesAllowed.iterator();
        while (it.hasNext()) {
            if (securityContext.isCallerInRole(it.next(), securityDomain)) {
                return true;
            }
        }
        return false;
    }

    @Override // org.switchyard.security.provider.SecurityProvider
    public boolean clear(ServiceSecurity serviceSecurity, SecurityContext securityContext) {
        String securityDomain;
        if (serviceSecurity == null || (securityDomain = serviceSecurity.getSecurityDomain()) == null) {
            return true;
        }
        securityContext.clearSubject(securityDomain);
        return true;
    }
}
