package org.jboss.aspects.security;

import java.security.GeneralSecurityException;
import java.security.Principal;
import javax.security.auth.Subject;
import org.jboss.aop.advice.Interceptor;
import org.jboss.aop.joinpoint.Invocation;
import org.jboss.logging.Logger;
import org.jboss.security.AuthenticationManager;

/* loaded from: input_file:org/jboss/aspects/security/AuthenticationInterceptor.class */
public class AuthenticationInterceptor implements Interceptor {
    protected Logger log = Logger.getLogger(getClass());
    protected AuthenticationManager authenticationManager;

    public AuthenticationInterceptor(AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
    }

    @Override // org.jboss.aop.advice.Interceptor
    public String getName() {
        return "AuthenticationInterceptor";
    }

    protected void handleGeneralSecurityException(GeneralSecurityException generalSecurityException) {
        throw new SecurityException(generalSecurityException.getMessage());
    }

    @Override // org.jboss.aop.advice.Interceptor
    public Object invoke(Invocation invocation) throws Throwable {
        org.jboss.security.SecurityContext securityContext = SecurityActions.getSecurityContext();
        try {
            authenticate(invocation);
        } catch (GeneralSecurityException e) {
            handleGeneralSecurityException(e);
        }
        Object obj = SecurityContext.currentDomain.get();
        try {
            SecurityContext.currentDomain.set(this.authenticationManager);
            Object invokeNext = invocation.invokeNext();
            SecurityContext.currentDomain.set(obj);
            org.jboss.security.RunAs peekRunAsIdentity = SecurityActions.peekRunAsIdentity();
            if (this.authenticationManager == null || peekRunAsIdentity == null) {
                SecurityActions.popSubjectContext();
            }
            if (invocation.getMetaData("security", "principal") != null) {
                SecurityActions.pushSubjectContext(null, null, null);
            }
            SecurityActions.setSecurityContext(securityContext);
            return invokeNext;
        } catch (Throwable th) {
            SecurityContext.currentDomain.set(obj);
            org.jboss.security.RunAs peekRunAsIdentity2 = SecurityActions.peekRunAsIdentity();
            if (this.authenticationManager == null || peekRunAsIdentity2 == null) {
                SecurityActions.popSubjectContext();
            }
            if (invocation.getMetaData("security", "principal") != null) {
                SecurityActions.pushSubjectContext(null, null, null);
            }
            SecurityActions.setSecurityContext(securityContext);
            throw th;
        }
    }

    protected void authenticate(Invocation invocation) throws Exception {
        Principal principal = (Principal) invocation.getMetaData("security", "principal");
        Object metaData = invocation.getMetaData("security", "credential");
        if (principal == null) {
            principal = SecurityActions.getPrincipal();
        }
        if (metaData == null) {
            metaData = SecurityActions.getCredential();
        }
        if (this.authenticationManager == null) {
            SecurityActions.pushSubjectContext(principal, metaData, null);
            return;
        }
        if (SecurityActions.peekRunAsIdentity() == null) {
            Subject subject = new Subject();
            if (!this.authenticationManager.isValid(principal, metaData, subject)) {
                Exception contextException = SecurityActions.getContextException();
                if (contextException == null) {
                    throw new SecurityException("Authentication exception, principal=" + principal);
                }
                throw contextException;
            }
            SecurityActions.pushSubjectContext(principal, metaData, subject);
            SecurityActions.establishSecurityContext(this.authenticationManager.getSecurityDomain(), principal, metaData, subject);
            if (this.log.isTraceEnabled()) {
                this.log.trace("Authenticated  principal=" + principal);
            }
        }
    }
}
