package org.jboss.ejb.plugins;

import java.security.Principal;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import org.jboss.invocation.Invocation;
import org.jboss.security.CertificatePrincipal;
import org.jboss.security.SecurityContext;
import org.jboss.security.auth.certs.SubjectDNMapping;
import org.jboss.security.identity.Identity;
import org.jboss.security.identity.IdentityFactory;
import org.jboss.security.identity.IdentityType;
import org.jboss.security.identity.extensions.CertificateIdentityFactory;
import org.jboss.security.identity.extensions.CredentialIdentity;
import org.jboss.security.ssl.DomainServerSocketFactory;

/* loaded from: input_file:org/jboss/ejb/plugins/SSLSessionInterceptor.class */
public class SSLSessionInterceptor extends AbstractInterceptor {
    private CertificatePrincipal cpMapping = new SubjectDNMapping();
    private String sessionIDKey = "SESSION_ID";

    @Override // org.jboss.ejb.plugins.AbstractInterceptor, org.jboss.ejb.Interceptor
    public Object invokeHome(Invocation invocation) throws Exception {
        extractSessionPrincipal(invocation);
        return getNext().invokeHome(invocation);
    }

    public CertificatePrincipal getPrincialMapping() {
        return this.cpMapping;
    }

    public void setPrincialMapping(CertificatePrincipal certificatePrincipal) {
        this.cpMapping = certificatePrincipal;
    }

    public String getSessionIDKey() {
        return this.sessionIDKey;
    }

    public void setSessionIDKey(String str) {
        this.sessionIDKey = str;
    }

    @Override // org.jboss.ejb.plugins.AbstractInterceptor, org.jboss.ejb.Interceptor
    public Object invoke(Invocation invocation) throws Exception {
        extractSessionPrincipal(invocation);
        return getNext().invoke(invocation);
    }

    private void extractSessionPrincipal(Invocation invocation) throws SSLPeerUnverifiedException {
        SSLSession sSLSession;
        String str = (String) invocation.getValue(this.sessionIDKey);
        if (str == null || (sSLSession = DomainServerSocketFactory.getSSLSession(str)) == null) {
            return;
        }
        X509Certificate[] x509CertificateArr = (X509Certificate[]) sSLSession.getPeerCertificates();
        Principal prinicipal = this.cpMapping.toPrinicipal(x509CertificateArr);
        invocation.setPrincipal(prinicipal);
        invocation.setCredential(x509CertificateArr);
        SecurityContext securityContext = invocation.getSecurityContext();
        if (securityContext != null) {
            Identity createIdentity = ((CertificateIdentityFactory) IdentityFactory.getFactory(IdentityType.CERTIFICATE)).createIdentity(prinicipal, x509CertificateArr, null);
            securityContext.getUtil().clearIdentities(CredentialIdentity.class);
            securityContext.getUtil().addIdentity(createIdentity);
        }
    }
}
