package org.teiid.jboss;

import java.security.Principal;
import java.security.acl.Group;
import java.util.List;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginException;
import org.jboss.as.security.plugins.SecurityDomainContext;
import org.jboss.security.AuthenticationManager;
import org.jboss.security.SimplePrincipal;
import org.teiid.logging.LogManager;
import org.teiid.runtime.RuntimePlugin;
import org.teiid.security.Credentials;
import org.teiid.services.SessionServiceImpl;
import org.teiid.services.TeiidLoginContext;

/* loaded from: input_file:org/teiid/jboss/JBossSessionService.class */
public class JBossSessionService extends SessionServiceImpl {
    private Map<String, SecurityDomainContext> securityDomainMap;

    public JBossSessionService(Map<String, SecurityDomainContext> map) {
        this.securityDomainMap = map;
    }

    protected TeiidLoginContext authenticate(String str, Credentials credentials, String str2, List<String> list, boolean z) throws LoginException {
        return authenticateUser(str, credentials, str2, list, this.securityDomainMap, z);
    }

    private TeiidLoginContext authenticateUser(String str, Credentials credentials, String str2, List<String> list, Map<String, SecurityDomainContext> map, boolean z) throws LoginException {
        AuthenticationManager authenticationManager;
        LogManager.logDetail("org.teiid.SECURITY", new Object[]{"authenticateUser", str, str2});
        String baseUsername = getBaseUsername(str);
        if (z) {
            for (String str3 : getDomainsForUser(list, str)) {
                Subject subjectInContext = this.securityHelper.getSubjectInContext(str3);
                if (subjectInContext != null) {
                    return new TeiidLoginContext(getUserName(subjectInContext) + "@" + str3, subjectInContext, str3, this.securityHelper.getSecurityContext(str3));
                }
            }
            throw new LoginException(RuntimePlugin.Util.getString("no_passthrough_identity_found"));
        }
        for (String str4 : getDomainsForUser(list, str)) {
            SecurityDomainContext securityDomainContext = map.get(str4);
            if (securityDomainContext != null && (authenticationManager = securityDomainContext.getAuthenticationManager()) != null) {
                SimplePrincipal simplePrincipal = new SimplePrincipal(str);
                Subject subject = new Subject();
                if (authenticationManager.isValid(simplePrincipal, credentials == null ? null : new String(credentials.getCredentialsAsCharArray()), subject)) {
                    String str5 = baseUsername + "@" + str4;
                    Object createSecurityContext = this.securityHelper.createSecurityContext(str4, simplePrincipal, credentials == null ? null : new String(credentials.getCredentialsAsCharArray()), subject);
                    LogManager.logDetail("org.teiid.SECURITY", new Object[]{"Logon successful for \"", str, "\""});
                    return new TeiidLoginContext(str5, subject, str4, createSecurityContext);
                }
            }
        }
        throw new LoginException(RuntimePlugin.Util.getString("SessionServiceImpl.The_username_0_and/or_password_are_incorrect", new Object[]{str}));
    }

    private String getUserName(Subject subject) {
        for (Principal principal : subject.getPrincipals()) {
            if (!(principal instanceof Group)) {
                return principal.getName();
            }
        }
        return null;
    }
}
