package org.switchyard.security.provider;

import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.Principal;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.acl.Group;
import java.util.Collections;
import java.util.Iterator;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.switchyard.ServiceSecurity;
import org.switchyard.common.type.reflect.Construction;
import org.switchyard.security.BaseSecurityLogger;
import org.switchyard.security.callback.handler.NamePasswordCallbackHandler;
import org.switchyard.security.callback.handler.SwitchYardCallbackHandler;
import org.switchyard.security.context.SecurityContext;
import org.switchyard.security.credential.SubjectCredential;
import org.switchyard.security.principal.GroupPrincipal;
import org.switchyard.security.principal.RolePrincipal;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-406.zip:modules/system/layers/soa/org/switchyard/security/main/switchyard-security-2.1.0.redhat-630406.jar:org/switchyard/security/provider/DefaultSecurityProvider.class */
public class DefaultSecurityProvider implements SecurityProvider {
    @Override // org.switchyard.security.provider.SecurityProvider
    public boolean authenticate(ServiceSecurity serviceSecurity, SecurityContext securityContext) {
        boolean z = false;
        Class<?> callbackHandler = serviceSecurity.getCallbackHandler();
        if (callbackHandler == null) {
            callbackHandler = NamePasswordCallbackHandler.class;
        }
        CallbackHandler callbackHandler2 = (CallbackHandler) Construction.construct(callbackHandler);
        if (callbackHandler2 instanceof SwitchYardCallbackHandler) {
            SwitchYardCallbackHandler switchYardCallbackHandler = (SwitchYardCallbackHandler) callbackHandler2;
            switchYardCallbackHandler.setProperties(serviceSecurity.getProperties());
            switchYardCallbackHandler.setCredentials(securityContext.getCredentials());
        }
        String securityDomain = serviceSecurity.getSecurityDomain();
        try {
            new LoginContext(securityDomain, securityContext.getSubject(securityDomain), callbackHandler2).login();
            z = true;
        } catch (LoginException e) {
            BaseSecurityLogger.ROOT_LOGGER.authenticateLoginException(e.getMessage(), e);
        }
        return z;
    }

    @Override // org.switchyard.security.provider.SecurityProvider
    public void populate(ServiceSecurity serviceSecurity, SecurityContext securityContext) {
        Subject subject = securityContext.getSubject(serviceSecurity.getSecurityDomain());
        Iterator it = securityContext.getCredentials(SubjectCredential.class).iterator();
        while (it.hasNext()) {
            transfer(((SubjectCredential) it.next()).getSubject(), subject);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void transfer(Subject subject, Subject subject2) {
        if (subject2 == null || subject == null || subject2 == subject || subject2.equals(subject)) {
            return;
        }
        Set<Principal> principals = subject2.getPrincipals();
        Group group = null;
        for (Principal principal : subject.getPrincipals()) {
            if ((principal instanceof Group) && "Roles".equals(principal.getName())) {
                Group group2 = (Group) principal;
                if (group == null) {
                    group = getRolesGroup(subject2);
                }
                if (group != group2) {
                    Iterator it = Collections.list(group2.members()).iterator();
                    while (it.hasNext()) {
                        Principal principal2 = (Principal) it.next();
                        group.addMember(principal2 instanceof RolePrincipal ? (RolePrincipal) principal2 : new RolePrincipal(principal2.getName()));
                    }
                }
            } else {
                principals.add(principal);
            }
        }
        subject2.getPrivateCredentials().addAll(subject.getPrivateCredentials());
        subject2.getPublicCredentials().addAll(subject.getPublicCredentials());
    }

    @Override // org.switchyard.security.provider.SecurityProvider
    public boolean checkRolesAllowed(ServiceSecurity serviceSecurity, SecurityContext securityContext) {
        Set<String> rolesAllowed = serviceSecurity.getRolesAllowed();
        if (rolesAllowed.isEmpty()) {
            return true;
        }
        String securityDomain = serviceSecurity.getSecurityDomain();
        Iterator<String> it = rolesAllowed.iterator();
        while (it.hasNext()) {
            if (securityContext.isCallerInRole(it.next(), securityDomain)) {
                return true;
            }
        }
        return false;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.switchyard.security.provider.SecurityProvider
    public <T> T runAs(ServiceSecurity serviceSecurity, SecurityContext securityContext, PrivilegedExceptionAction<T> privilegedExceptionAction) throws Exception {
        final String securityDomain = serviceSecurity.getSecurityDomain();
        final Subject subject = securityContext.getSubject(securityDomain);
        final Principal callerPrincipal = securityContext.getCallerPrincipal(securityDomain);
        final Group rolesGroup = getRolesGroup(subject);
        RolePrincipal rolePrincipal = null;
        boolean z = false;
        final String runAs = serviceSecurity.getRunAs();
        if (runAs != null) {
            rolePrincipal = new RolePrincipal(runAs);
            if (!rolesGroup.isMember(rolePrincipal)) {
                rolesGroup.addMember(rolePrincipal);
                z = true;
            }
        }
        final Object obj = null;
        try {
            obj = doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: org.switchyard.security.provider.DefaultSecurityProvider.1
                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws Exception {
                    return DefaultSecurityProvider.this.setContainerContext(securityDomain, subject, callerPrincipal, rolesGroup, runAs);
                }
            });
            T t = (T) Subject.doAsPrivileged(subject, privilegedExceptionAction, (AccessControlContext) null);
            if (z) {
                rolesGroup.removeMember(rolePrincipal);
            }
            doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: org.switchyard.security.provider.DefaultSecurityProvider.2
                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws Exception {
                    DefaultSecurityProvider.this.resetContainerContext(obj);
                    return null;
                }
            });
            return t;
        } catch (Throwable th) {
            if (z) {
                rolesGroup.removeMember(rolePrincipal);
            }
            final Object obj2 = obj;
            doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: org.switchyard.security.provider.DefaultSecurityProvider.2
                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws Exception {
                    DefaultSecurityProvider.this.resetContainerContext(obj2);
                    return null;
                }
            });
            throw th;
        }
    }

    private final <T> T doPrivileged(PrivilegedExceptionAction<T> privilegedExceptionAction) throws Exception {
        if (System.getSecurityManager() == null) {
            return privilegedExceptionAction.run();
        }
        try {
            return (T) AccessController.doPrivileged(privilegedExceptionAction);
        } catch (PrivilegedActionException e) {
            throw e.getException();
        }
    }

    protected Object setContainerContext(String str, Subject subject, Principal principal, Group group, String str2) throws Exception {
        return null;
    }

    protected void resetContainerContext(Object obj) throws Exception {
    }

    private Group getRolesGroup(Subject subject) {
        Group group = null;
        Iterator it = subject.getPrincipals(Group.class).iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Group group2 = (Group) it.next();
            if ("Roles".equals(group2.getName())) {
                group = group2;
                break;
            }
        }
        if (group == null) {
            group = new GroupPrincipal("Roles");
            subject.getPrincipals().add(group);
        }
        return group;
    }

    @Override // org.switchyard.security.provider.SecurityProvider
    public void clear(ServiceSecurity serviceSecurity, SecurityContext securityContext) {
        String securityDomain;
        if (serviceSecurity == null || (securityDomain = serviceSecurity.getSecurityDomain()) == null) {
            return;
        }
        securityContext.clearSubject(securityDomain);
    }
}
