package org.apache.geronimo.security.jaas.server;

import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.util.Collection;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.Map;
import java.util.Set;
import java.util.Timer;
import java.util.TimerTask;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.geronimo.common.GeronimoSecurityException;
import org.apache.geronimo.gbean.GBeanInfo;
import org.apache.geronimo.gbean.GBeanInfoBuilder;
import org.apache.geronimo.gbean.GBeanLifecycle;
import org.apache.geronimo.security.ContextManager;
import org.apache.geronimo.security.IdentificationPrincipal;
import org.apache.geronimo.security.jaas.LoginUtils;
import org.apache.geronimo.security.realm.SecurityRealm;

/* loaded from: input_file:WEB-INF/lib/geronimo-security-1.2-20061201.203908-11.jar:org/apache/geronimo/security/jaas/server/JaasLoginService.class */
public class JaasLoginService implements GBeanLifecycle, JaasLoginServiceMBean {
    public static final Log log;
    private static final int DEFAULT_EXPIRED_LOGIN_SCAN_INTERVAL = 300000;
    private static final int DEFAULT_MAX_LOGIN_DURATION = 86400000;
    private static final Timer clockDaemon;
    private static long nextLoginModuleId;
    private Collection realms;
    private final String objectName;
    private final SecretKey key;
    private final String algorithm;
    private final ClassLoader classLoader;
    private final Map activeLogins = new Hashtable();
    private int expiredLoginScanIntervalMillis = 300000;
    private int maxLoginDurationMillis = 86400000;
    private ExpirationMonitor expirationMonitor;
    public static final GBeanInfo GBEAN_INFO;
    static Class class$org$apache$geronimo$security$jaas$server$JaasLoginService;
    static final boolean $assertionsDisabled;
    static Class class$java$lang$String;
    static Class class$java$lang$ClassLoader;
    static Class class$org$apache$geronimo$security$jaas$server$JaasSessionId;
    static Class array$Ljavax$security$auth$callback$Callback;
    static Class class$java$util$Map;
    static Class class$java$util$Set;
    static Class class$org$apache$geronimo$security$realm$SecurityRealm;
    static Class class$org$apache$geronimo$security$jaas$server$JaasLoginServiceMBean;

    /* renamed from: org.apache.geronimo.security.jaas.server.JaasLoginService$1, reason: invalid class name */
    /* loaded from: input_file:WEB-INF/lib/geronimo-security-1.2-20061201.203908-11.jar:org/apache/geronimo/security/jaas/server/JaasLoginService$1.class */
    static class AnonymousClass1 {
    }

    /* loaded from: input_file:WEB-INF/lib/geronimo-security-1.2-20061201.203908-11.jar:org/apache/geronimo/security/jaas/server/JaasLoginService$ExpirationMonitor.class */
    private class ExpirationMonitor extends TimerTask {
        private final JaasLoginService this$0;

        private ExpirationMonitor(JaasLoginService jaasLoginService) {
            this.this$0 = jaasLoginService;
        }

        @Override // java.util.TimerTask, java.lang.Runnable
        public void run() {
            long currentTimeMillis = System.currentTimeMillis();
            LinkedList linkedList = new LinkedList();
            synchronized (this.this$0.activeLogins) {
                Iterator it = this.this$0.activeLogins.keySet().iterator();
                while (it.hasNext()) {
                    JaasSecuritySession jaasSecuritySession = (JaasSecuritySession) this.this$0.activeLogins.get((JaasSessionId) it.next());
                    int created = (int) (currentTimeMillis - jaasSecuritySession.getCreated());
                    if (jaasSecuritySession.isDone() || created > this.this$0.maxLoginDurationMillis) {
                        linkedList.add(jaasSecuritySession);
                        jaasSecuritySession.setDone(true);
                        it.remove();
                    }
                }
            }
            Iterator it2 = linkedList.iterator();
            while (it2.hasNext()) {
                ContextManager.unregisterSubject(((JaasSecuritySession) it2.next()).getSubject());
            }
        }

        ExpirationMonitor(JaasLoginService jaasLoginService, AnonymousClass1 anonymousClass1) {
            this(jaasLoginService);
        }
    }

    public JaasLoginService(String str, String str2, ClassLoader classLoader, String str3) {
        this.classLoader = classLoader;
        this.algorithm = str;
        this.key = new SecretKeySpec(str2.getBytes(), str);
        this.objectName = str3;
    }

    @Override // org.apache.geronimo.management.geronimo.LoginService
    public String getObjectName() {
        return this.objectName;
    }

    @Override // org.apache.geronimo.management.geronimo.LoginService
    public Collection getRealms() {
        return this.realms;
    }

    @Override // org.apache.geronimo.management.geronimo.LoginService
    public void setRealms(Collection collection) {
        this.realms = collection;
    }

    @Override // org.apache.geronimo.management.geronimo.LoginService
    public int getMaxLoginDurationMillis() {
        return this.maxLoginDurationMillis;
    }

    @Override // org.apache.geronimo.management.geronimo.LoginService
    public void setMaxLoginDurationMillis(int i) {
        if (i == 0) {
            i = 86400000;
        }
        this.maxLoginDurationMillis = i;
    }

    @Override // org.apache.geronimo.management.geronimo.LoginService
    public int getExpiredLoginScanIntervalMillis() {
        return this.expiredLoginScanIntervalMillis;
    }

    @Override // org.apache.geronimo.management.geronimo.LoginService
    public void setExpiredLoginScanIntervalMillis(int i) {
        if (i == 0) {
            i = 300000;
        }
        this.expiredLoginScanIntervalMillis = i;
    }

    public void doStart() throws Exception {
        this.expirationMonitor = new ExpirationMonitor(this, null);
        clockDaemon.scheduleAtFixedRate(this.expirationMonitor, this.expiredLoginScanIntervalMillis, this.expiredLoginScanIntervalMillis);
    }

    public void doStop() throws Exception {
        if (this.expirationMonitor != null) {
            this.expirationMonitor.cancel();
            this.expirationMonitor = null;
        }
    }

    public void doFail() {
    }

    @Override // org.apache.geronimo.security.jaas.server.JaasLoginServiceMBean
    public JaasSessionId connectToRealm(String str) {
        SecurityRealm realm = getRealm(str);
        if (realm == null) {
            throw new GeronimoSecurityException(new StringBuffer().append("No such realm (").append(str).append(")").toString());
        }
        return initializeClient(realm);
    }

    @Override // org.apache.geronimo.security.jaas.server.JaasLoginServiceMBean
    public JaasLoginModuleConfiguration[] getLoginConfiguration(JaasSessionId jaasSessionId) throws LoginException {
        JaasSecuritySession jaasSecuritySession = (JaasSecuritySession) this.activeLogins.get(jaasSessionId);
        if (jaasSecuritySession == null) {
            throw new ExpiredLoginModuleException();
        }
        JaasLoginModuleConfiguration[] modules = jaasSecuritySession.getModules();
        JaasLoginModuleConfiguration[] jaasLoginModuleConfigurationArr = new JaasLoginModuleConfiguration[modules.length];
        for (int i = 0; i < modules.length; i++) {
            jaasLoginModuleConfigurationArr[i] = LoginUtils.getSerializableCopy(modules[i]);
        }
        return jaasLoginModuleConfigurationArr;
    }

    @Override // org.apache.geronimo.security.jaas.server.JaasLoginServiceMBean
    public Callback[] getServerLoginCallbacks(JaasSessionId jaasSessionId, int i) throws LoginException {
        JaasSecuritySession jaasSecuritySession = (JaasSecuritySession) this.activeLogins.get(jaasSessionId);
        checkContext(jaasSecuritySession, i);
        LoginModule loginModule = jaasSecuritySession.getLoginModule(i);
        jaasSecuritySession.getHandler().setExploring();
        try {
            loginModule.initialize(jaasSecuritySession.getSubject(), jaasSecuritySession.getHandler(), new HashMap(), jaasSecuritySession.getOptions(i));
        } catch (Exception e) {
            log.error("Failed to initialize module", e);
        }
        try {
            loginModule.login();
        } catch (LoginException e2) {
        }
        try {
            loginModule.abort();
        } catch (LoginException e3) {
        }
        return jaasSecuritySession.getHandler().finalizeCallbackList();
    }

    @Override // org.apache.geronimo.security.jaas.server.JaasLoginServiceMBean
    public boolean performLogin(JaasSessionId jaasSessionId, int i, Callback[] callbackArr) throws LoginException {
        JaasSecuritySession jaasSecuritySession = (JaasSecuritySession) this.activeLogins.get(jaasSessionId);
        checkContext(jaasSecuritySession, i);
        try {
            jaasSecuritySession.getHandler().setClientResponse(callbackArr);
            return jaasSecuritySession.getLoginModule(i).login();
        } catch (IllegalArgumentException e) {
            throw new LoginException(e.toString());
        }
    }

    @Override // org.apache.geronimo.security.jaas.server.JaasLoginServiceMBean
    public boolean performCommit(JaasSessionId jaasSessionId, int i) throws LoginException {
        JaasSecuritySession jaasSecuritySession = (JaasSecuritySession) this.activeLogins.get(jaasSessionId);
        checkContext(jaasSecuritySession, i);
        return jaasSecuritySession.getLoginModule(i).commit();
    }

    @Override // org.apache.geronimo.security.jaas.server.JaasLoginServiceMBean
    public boolean performAbort(JaasSessionId jaasSessionId, int i) throws LoginException {
        JaasSecuritySession jaasSecuritySession = (JaasSecuritySession) this.activeLogins.get(jaasSessionId);
        checkContext(jaasSecuritySession, i);
        return jaasSecuritySession.getLoginModule(i).abort();
    }

    @Override // org.apache.geronimo.security.jaas.server.JaasLoginServiceMBean
    public Principal loginSucceeded(JaasSessionId jaasSessionId) throws LoginException {
        JaasSecuritySession jaasSecuritySession = (JaasSecuritySession) this.activeLogins.get(jaasSessionId);
        if (jaasSecuritySession == null) {
            throw new ExpiredLoginModuleException();
        }
        Subject subject = jaasSecuritySession.getSubject();
        ContextManager.registerSubject(subject);
        IdentificationPrincipal identificationPrincipal = new IdentificationPrincipal(ContextManager.getSubjectId(subject));
        subject.getPrincipals().add(identificationPrincipal);
        return identificationPrincipal;
    }

    @Override // org.apache.geronimo.security.jaas.server.JaasLoginServiceMBean
    public void loginFailed(JaasSessionId jaasSessionId) {
        this.activeLogins.remove(jaasSessionId);
    }

    @Override // org.apache.geronimo.security.jaas.server.JaasLoginServiceMBean
    public void logout(JaasSessionId jaasSessionId) throws LoginException {
        JaasSecuritySession jaasSecuritySession = (JaasSecuritySession) this.activeLogins.get(jaasSessionId);
        if (jaasSecuritySession == null) {
            throw new ExpiredLoginModuleException();
        }
        ContextManager.unregisterSubject(jaasSecuritySession.getSubject());
        this.activeLogins.remove(jaasSessionId);
        for (int i = 0; i < jaasSecuritySession.getModules().length; i++) {
            if (jaasSecuritySession.isServerSide(i)) {
                jaasSecuritySession.getLoginModule(i).logout();
            }
        }
    }

    @Override // org.apache.geronimo.security.jaas.server.JaasLoginServiceMBean
    public Map syncShareState(JaasSessionId jaasSessionId, Map map) throws LoginException {
        JaasSecuritySession jaasSecuritySession = (JaasSecuritySession) this.activeLogins.get(jaasSessionId);
        if (jaasSecuritySession == null) {
            throw new ExpiredLoginModuleException();
        }
        jaasSecuritySession.getSharedContext().putAll(map);
        return LoginUtils.getSerializableCopy(jaasSecuritySession.getSharedContext());
    }

    @Override // org.apache.geronimo.security.jaas.server.JaasLoginServiceMBean
    public Set syncPrincipals(JaasSessionId jaasSessionId, Set set) throws LoginException {
        JaasSecuritySession jaasSecuritySession = (JaasSecuritySession) this.activeLogins.get(jaasSessionId);
        if (jaasSecuritySession == null) {
            throw new ExpiredLoginModuleException();
        }
        jaasSecuritySession.getSubject().getPrincipals().addAll(set);
        return LoginUtils.getSerializableCopy(jaasSecuritySession.getSubject().getPrincipals());
    }

    private void checkContext(JaasSecuritySession jaasSecuritySession, int i) throws LoginException {
        if (jaasSecuritySession == null) {
            throw new ExpiredLoginModuleException();
        }
        if (i < 0 || i >= jaasSecuritySession.getModules().length || !jaasSecuritySession.isServerSide(i)) {
            throw new LoginException("Invalid login module specified");
        }
    }

    private JaasSessionId initializeClient(SecurityRealm securityRealm) {
        Class cls;
        if (class$org$apache$geronimo$security$jaas$server$JaasLoginService == null) {
            cls = class$("org.apache.geronimo.security.jaas.server.JaasLoginService");
            class$org$apache$geronimo$security$jaas$server$JaasLoginService = cls;
        } else {
            cls = class$org$apache$geronimo$security$jaas$server$JaasLoginService;
        }
        Class cls2 = cls;
        synchronized (cls) {
            long j = nextLoginModuleId + 1;
            nextLoginModuleId = j;
            JaasSessionId jaasSessionId = new JaasSessionId(j, hash(j));
            this.activeLogins.put(jaasSessionId, new JaasSecuritySession(securityRealm.getRealmName(), securityRealm.getAppConfigurationEntries(), new HashMap(), this.classLoader));
            return jaasSessionId;
        }
    }

    private SecurityRealm getRealm(String str) {
        for (SecurityRealm securityRealm : this.realms) {
            if (securityRealm.getRealmName().equals(str)) {
                return securityRealm;
            }
        }
        return null;
    }

    private byte[] hash(long j) {
        byte[] bArr = new byte[8];
        for (int i = 7; i >= 0; i--) {
            bArr[i] = (byte) j;
            j >>>= 8;
        }
        try {
            Mac mac = Mac.getInstance(this.algorithm);
            mac.init(this.key);
            mac.update(bArr);
            return mac.doFinal();
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            if ($assertionsDisabled) {
                return null;
            }
            throw new AssertionError("Should never have reached here");
        }
    }

    public static GBeanInfo getGBeanInfo() {
        return GBEAN_INFO;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        Class cls2;
        Class cls3;
        Class cls4;
        Class cls5;
        Class cls6;
        Class cls7;
        Class cls8;
        Class cls9;
        Class cls10;
        Class cls11;
        Class cls12;
        Class cls13;
        Class cls14;
        Class cls15;
        Class cls16;
        Class cls17;
        Class cls18;
        Class cls19;
        Class cls20;
        Class cls21;
        Class cls22;
        if (class$org$apache$geronimo$security$jaas$server$JaasLoginService == null) {
            cls = class$("org.apache.geronimo.security.jaas.server.JaasLoginService");
            class$org$apache$geronimo$security$jaas$server$JaasLoginService = cls;
        } else {
            cls = class$org$apache$geronimo$security$jaas$server$JaasLoginService;
        }
        $assertionsDisabled = !cls.desiredAssertionStatus();
        if (class$org$apache$geronimo$security$jaas$server$JaasLoginService == null) {
            cls2 = class$("org.apache.geronimo.security.jaas.server.JaasLoginService");
            class$org$apache$geronimo$security$jaas$server$JaasLoginService = cls2;
        } else {
            cls2 = class$org$apache$geronimo$security$jaas$server$JaasLoginService;
        }
        log = LogFactory.getLog(cls2);
        clockDaemon = new Timer(true);
        nextLoginModuleId = System.currentTimeMillis();
        if (class$org$apache$geronimo$security$jaas$server$JaasLoginService == null) {
            cls3 = class$("org.apache.geronimo.security.jaas.server.JaasLoginService");
            class$org$apache$geronimo$security$jaas$server$JaasLoginService = cls3;
        } else {
            cls3 = class$org$apache$geronimo$security$jaas$server$JaasLoginService;
        }
        GBeanInfoBuilder createStatic = GBeanInfoBuilder.createStatic(cls3, "JaasLoginService");
        if (class$java$lang$String == null) {
            cls4 = class$("java.lang.String");
            class$java$lang$String = cls4;
        } else {
            cls4 = class$java$lang$String;
        }
        createStatic.addAttribute("algorithm", cls4, true);
        if (class$java$lang$String == null) {
            cls5 = class$("java.lang.String");
            class$java$lang$String = cls5;
        } else {
            cls5 = class$java$lang$String;
        }
        createStatic.addAttribute("password", cls5, true);
        if (class$java$lang$ClassLoader == null) {
            cls6 = class$("java.lang.ClassLoader");
            class$java$lang$ClassLoader = cls6;
        } else {
            cls6 = class$java$lang$ClassLoader;
        }
        createStatic.addAttribute("classLoader", cls6, false);
        createStatic.addAttribute("maxLoginDurationMillis", Integer.TYPE, true);
        createStatic.addAttribute("expiredLoginScanIntervalMillis", Integer.TYPE, true);
        if (class$java$lang$String == null) {
            cls7 = class$("java.lang.String");
            class$java$lang$String = cls7;
        } else {
            cls7 = class$java$lang$String;
        }
        createStatic.addAttribute("objectName", cls7, false);
        Class[] clsArr = new Class[1];
        if (class$java$lang$String == null) {
            cls8 = class$("java.lang.String");
            class$java$lang$String = cls8;
        } else {
            cls8 = class$java$lang$String;
        }
        clsArr[0] = cls8;
        createStatic.addOperation("connectToRealm", clsArr);
        Class[] clsArr2 = new Class[1];
        if (class$org$apache$geronimo$security$jaas$server$JaasSessionId == null) {
            cls9 = class$("org.apache.geronimo.security.jaas.server.JaasSessionId");
            class$org$apache$geronimo$security$jaas$server$JaasSessionId = cls9;
        } else {
            cls9 = class$org$apache$geronimo$security$jaas$server$JaasSessionId;
        }
        clsArr2[0] = cls9;
        createStatic.addOperation("getLoginConfiguration", clsArr2);
        Class[] clsArr3 = new Class[2];
        if (class$org$apache$geronimo$security$jaas$server$JaasSessionId == null) {
            cls10 = class$("org.apache.geronimo.security.jaas.server.JaasSessionId");
            class$org$apache$geronimo$security$jaas$server$JaasSessionId = cls10;
        } else {
            cls10 = class$org$apache$geronimo$security$jaas$server$JaasSessionId;
        }
        clsArr3[0] = cls10;
        clsArr3[1] = Integer.TYPE;
        createStatic.addOperation("getServerLoginCallbacks", clsArr3);
        Class[] clsArr4 = new Class[3];
        if (class$org$apache$geronimo$security$jaas$server$JaasSessionId == null) {
            cls11 = class$("org.apache.geronimo.security.jaas.server.JaasSessionId");
            class$org$apache$geronimo$security$jaas$server$JaasSessionId = cls11;
        } else {
            cls11 = class$org$apache$geronimo$security$jaas$server$JaasSessionId;
        }
        clsArr4[0] = cls11;
        clsArr4[1] = Integer.TYPE;
        if (array$Ljavax$security$auth$callback$Callback == null) {
            cls12 = class$("[Ljavax.security.auth.callback.Callback;");
            array$Ljavax$security$auth$callback$Callback = cls12;
        } else {
            cls12 = array$Ljavax$security$auth$callback$Callback;
        }
        clsArr4[2] = cls12;
        createStatic.addOperation("performLogin", clsArr4);
        Class[] clsArr5 = new Class[2];
        if (class$org$apache$geronimo$security$jaas$server$JaasSessionId == null) {
            cls13 = class$("org.apache.geronimo.security.jaas.server.JaasSessionId");
            class$org$apache$geronimo$security$jaas$server$JaasSessionId = cls13;
        } else {
            cls13 = class$org$apache$geronimo$security$jaas$server$JaasSessionId;
        }
        clsArr5[0] = cls13;
        clsArr5[1] = Integer.TYPE;
        createStatic.addOperation("performCommit", clsArr5);
        Class[] clsArr6 = new Class[1];
        if (class$org$apache$geronimo$security$jaas$server$JaasSessionId == null) {
            cls14 = class$("org.apache.geronimo.security.jaas.server.JaasSessionId");
            class$org$apache$geronimo$security$jaas$server$JaasSessionId = cls14;
        } else {
            cls14 = class$org$apache$geronimo$security$jaas$server$JaasSessionId;
        }
        clsArr6[0] = cls14;
        createStatic.addOperation("loginSucceeded", clsArr6);
        Class[] clsArr7 = new Class[1];
        if (class$org$apache$geronimo$security$jaas$server$JaasSessionId == null) {
            cls15 = class$("org.apache.geronimo.security.jaas.server.JaasSessionId");
            class$org$apache$geronimo$security$jaas$server$JaasSessionId = cls15;
        } else {
            cls15 = class$org$apache$geronimo$security$jaas$server$JaasSessionId;
        }
        clsArr7[0] = cls15;
        createStatic.addOperation("loginFailed", clsArr7);
        Class[] clsArr8 = new Class[1];
        if (class$org$apache$geronimo$security$jaas$server$JaasSessionId == null) {
            cls16 = class$("org.apache.geronimo.security.jaas.server.JaasSessionId");
            class$org$apache$geronimo$security$jaas$server$JaasSessionId = cls16;
        } else {
            cls16 = class$org$apache$geronimo$security$jaas$server$JaasSessionId;
        }
        clsArr8[0] = cls16;
        createStatic.addOperation("logout", clsArr8);
        Class[] clsArr9 = new Class[2];
        if (class$org$apache$geronimo$security$jaas$server$JaasSessionId == null) {
            cls17 = class$("org.apache.geronimo.security.jaas.server.JaasSessionId");
            class$org$apache$geronimo$security$jaas$server$JaasSessionId = cls17;
        } else {
            cls17 = class$org$apache$geronimo$security$jaas$server$JaasSessionId;
        }
        clsArr9[0] = cls17;
        if (class$java$util$Map == null) {
            cls18 = class$("java.util.Map");
            class$java$util$Map = cls18;
        } else {
            cls18 = class$java$util$Map;
        }
        clsArr9[1] = cls18;
        createStatic.addOperation("syncShareState", clsArr9);
        Class[] clsArr10 = new Class[2];
        if (class$org$apache$geronimo$security$jaas$server$JaasSessionId == null) {
            cls19 = class$("org.apache.geronimo.security.jaas.server.JaasSessionId");
            class$org$apache$geronimo$security$jaas$server$JaasSessionId = cls19;
        } else {
            cls19 = class$org$apache$geronimo$security$jaas$server$JaasSessionId;
        }
        clsArr10[0] = cls19;
        if (class$java$util$Set == null) {
            cls20 = class$("java.util.Set");
            class$java$util$Set = cls20;
        } else {
            cls20 = class$java$util$Set;
        }
        clsArr10[1] = cls20;
        createStatic.addOperation("syncPrincipals", clsArr10);
        if (class$org$apache$geronimo$security$realm$SecurityRealm == null) {
            cls21 = class$("org.apache.geronimo.security.realm.SecurityRealm");
            class$org$apache$geronimo$security$realm$SecurityRealm = cls21;
        } else {
            cls21 = class$org$apache$geronimo$security$realm$SecurityRealm;
        }
        createStatic.addReference("Realms", cls21, "SecurityRealm");
        if (class$org$apache$geronimo$security$jaas$server$JaasLoginServiceMBean == null) {
            cls22 = class$("org.apache.geronimo.security.jaas.server.JaasLoginServiceMBean");
            class$org$apache$geronimo$security$jaas$server$JaasLoginServiceMBean = cls22;
        } else {
            cls22 = class$org$apache$geronimo$security$jaas$server$JaasLoginServiceMBean;
        }
        createStatic.addInterface(cls22);
        createStatic.setConstructor(new String[]{"algorithm", "password", "classLoader", "objectName"});
        GBEAN_INFO = createStatic.getBeanInfo();
    }
}
