package org.modeshape.jcr.security;

import java.lang.reflect.Method;
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.HashMap;
import java.util.Map;
import javax.jcr.Credentials;
import javax.jcr.SimpleCredentials;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.modeshape.common.logging.Logger;
import org.modeshape.common.util.CheckArg;
import org.modeshape.jcr.ExecutionContext;
import org.modeshape.jcr.JcrI18n;
import org.modeshape.jcr.RepositoryConfiguration;
import org.modeshape.jcr.api.JaasCredentials;

/* loaded from: input_file:modeshape-jcr-5.1.0.Final.jar:org/modeshape/jcr/security/JaasProvider.class */
public class JaasProvider implements AuthenticationProvider {
    private final String policyName;
    private final SubjectResolver subjectResolver;

    /* loaded from: input_file:modeshape-jcr-5.1.0.Final.jar:org/modeshape/jcr/security/JaasProvider$SubjectResolver.class */
    public interface SubjectResolver {
        Subject resolveSubject();
    }

    public JaasProvider(String str) throws LoginException {
        CheckArg.isNotNull(str, RepositoryConfiguration.FieldName.JAAS_POLICY_NAME);
        this.policyName = str;
        new LoginContext(str);
        JaccSubjectResolver jaccSubjectResolver = null;
        try {
            getClass().getClassLoader().loadClass("javax.security.jacc.PolicyContext");
            jaccSubjectResolver = new JaccSubjectResolver();
            Logger.getLogger(getClass()).debug("Enabling optional JACC approach for resolving the JAAS Subject (typically in J2EE containers)", new Object[0]);
        } catch (ClassNotFoundException e) {
            Logger.getLogger(getClass()).debug("Failed to find 'javax.security.jacc.PolicyContext', so assuming not in a J2EE container.", new Object[0]);
        }
        this.subjectResolver = jaccSubjectResolver;
    }

    @Override // org.modeshape.jcr.security.AuthenticationProvider
    public ExecutionContext authenticate(final Credentials credentials, String str, String str2, ExecutionContext executionContext, Map<String, Object> map) {
        Subject resolveSubject;
        try {
            if (credentials == null) {
                Subject subject = Subject.getSubject(AccessController.getContext());
                if (subject != null) {
                    return executionContext.with(new JaasSecurityContext(subject));
                }
                if (this.subjectResolver == null || (resolveSubject = this.subjectResolver.resolveSubject()) == null) {
                    return null;
                }
                return executionContext.with(new JaasSecurityContext(resolveSubject));
            }
            if (credentials instanceof SimpleCredentials) {
                SimpleCredentials simpleCredentials = (SimpleCredentials) credentials;
                String[] attributeNames = simpleCredentials.getAttributeNames();
                if (attributeNames != null && attributeNames.length != 0) {
                    HashMap hashMap = new HashMap();
                    for (String str3 : simpleCredentials.getAttributeNames()) {
                        hashMap.put(str3, simpleCredentials.getAttribute(str3));
                    }
                }
                return executionContext.with(new JaasSecurityContext(this.policyName, simpleCredentials.getUserID(), simpleCredentials.getPassword()));
            }
            LoginContext loginContext = null;
            if (credentials instanceof JaasCredentials) {
                loginContext = ((JaasCredentials) credentials).getLoginContext();
            } else {
                try {
                    final Method method = credentials.getClass().getMethod("getLoginContext", new Class[0]);
                    Object doPrivileged = AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: org.modeshape.jcr.security.JaasProvider.1
                        @Override // java.security.PrivilegedExceptionAction
                        public Object run() throws Exception {
                            return method.invoke(credentials, new Object[0]);
                        }
                    });
                    if (doPrivileged instanceof LoginContext) {
                        loginContext = (LoginContext) doPrivileged;
                    } else {
                        Logger.getLogger((Class<?>) JaasProvider.class).error(JcrI18n.credentialsMustReturnLoginContext, credentials.getClass().getName());
                    }
                } catch (NoClassDefFoundError e) {
                } catch (NoSuchMethodException e2) {
                } catch (PrivilegedActionException e3) {
                    Logger.getLogger((Class<?>) JaasProvider.class).warn(JcrI18n.noPrivilegeToGetLoginContextFromCredentials, credentials.getClass().getName());
                }
            }
            if (loginContext == null) {
                return null;
            }
            if (loginContext.getSubject() == null) {
                loginContext.login();
                Subject subject2 = loginContext.getSubject();
                if (subject2 == null && this.subjectResolver != null) {
                    subject2 = this.subjectResolver.resolveSubject();
                    if (subject2 != null) {
                        return executionContext.with(new JaasSecurityContext(subject2));
                    }
                }
                if (subject2 == null) {
                    return null;
                }
            }
            return executionContext.with(new JaasSecurityContext(loginContext));
        } catch (LoginException e4) {
            return null;
        }
    }
}
