package org.jboss.web.tomcat.security;

import java.io.IOException;
import java.security.Principal;
import java.security.acl.Group;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.management.JMException;
import javax.management.MBeanServer;
import javax.management.ObjectName;
import javax.security.auth.Subject;
import javax.security.auth.message.AuthStatus;
import javax.security.jacc.PolicyContext;
import org.apache.catalina.Context;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.deploy.LoginConfig;
import org.apache.catalina.deploy.SecurityConstraint;
import org.jboss.logging.Logger;
import org.jboss.mx.util.MBeanServerLocator;
import org.jboss.security.AuthorizationManager;
import org.jboss.security.GeneralizedAuthenticationManager;
import org.jboss.security.SimplePrincipal;
import org.jboss.security.auth.message.GenericMessageInfo;
import org.jboss.security.authorization.resources.WebResource;

/* loaded from: input_file:org/jboss/web/tomcat/security/JBossExtendedSecurityMgrRealm.class */
public class JBossExtendedSecurityMgrRealm extends JBossSecurityMgrRealm implements ExtendedRealm {
    private static Logger logger = Logger.getLogger(JBossExtendedSecurityMgrRealm.class);
    protected ObjectName authenticationManagerService;
    protected ObjectName authorizationManagerService;

    public JBossExtendedSecurityMgrRealm() {
        this.authenticationManagerService = null;
        this.authorizationManagerService = null;
        try {
            this.authenticationManagerService = new ObjectName("jboss.security:service=JASPISecurityManager");
            this.authorizationManagerService = new ObjectName("jboss.security:service=AuthorizationManager");
        } catch (JMException e) {
            log.error("Error in instantiating object names:", e);
        }
    }

    public void setAuthenticationManagerService(String str) {
        ObjectName objectName = null;
        try {
            objectName = new ObjectName(str);
        } catch (JMException e) {
            log.error("Error in setAuthenticationManagerService:", e);
        }
        if (objectName != null) {
            this.authenticationManagerService = objectName;
        }
    }

    public void setAuthorizationManagerService(String str) {
        ObjectName objectName = null;
        try {
            objectName = new ObjectName(str);
        } catch (JMException e) {
            log.error("Error in setAuthorizationManagerService:", e);
        }
        if (objectName != null) {
            this.authorizationManagerService = objectName;
        }
    }

    @Override // org.jboss.web.tomcat.security.ExtendedRealm
    public Principal authenticate(Request request, Response response, LoginConfig loginConfig) throws Exception {
        log.debug("ExtendedSecurityMgrRealm:authenticate");
        GenericMessageInfo genericMessageInfo = new GenericMessageInfo(request, response);
        GeneralizedAuthenticationManager authenticationManager = getAuthenticationManager();
        Subject subject = new Subject();
        Subject subject2 = new Subject();
        getSharedState(request, loginConfig);
        AuthStatus authStatus = AuthStatus.FAILURE;
        while (!authStatus.equals(AuthStatus.SEND_CONTINUE)) {
            authStatus = authenticationManager.validateRequest(genericMessageInfo, subject, subject2);
            if (authStatus.equals(AuthStatus.FAILURE)) {
                throw new SecurityException("Authentication failed");
            }
        }
        getAuthenticatedPrincipal(subject);
        return null;
    }

    @Override // org.jboss.web.tomcat.security.JBossSecurityMgrRealm
    public boolean hasResourcePermission(Request request, Response response, SecurityConstraint[] securityConstraintArr, Context context) throws IOException {
        boolean z;
        log.debug("Super class has authorized=" + super.hasResourcePermission(request, response, securityConstraintArr, context));
        AuthorizationManager authorizationManager = null;
        try {
            authorizationManager = getAuthorizationManager();
        } catch (Exception e) {
            log.error("Error obtaining Authorization Manager:", e);
        }
        HashMap hashMap = new HashMap();
        hashMap.put("catalina.request", request);
        hashMap.put("catalina.constraints", securityConstraintArr);
        hashMap.put("catalina.context", context);
        hashMap.put("authorizationManager", authorizationManager);
        try {
            z = authorizationManager.authorize(new WebResource(hashMap)) == 1;
        } catch (Exception e2) {
            z = false;
            log.error("Error in authorization:", e2);
        }
        log.debug("Final Authorization Result=" + z);
        if (!z) {
            response.setStatus(403);
        }
        return z;
    }

    private Map getSharedState(Request request, LoginConfig loginConfig) {
        HashMap hashMap = new HashMap();
        if (loginConfig.getAuthMethod().equals("FORM")) {
            hashMap.put("javax.security.auth.login.name", getPrincipal(request.getParameter("j_username")));
            hashMap.put("javax.security.auth.login.password", request.getParameter("j_password"));
        }
        return hashMap;
    }

    protected Principal getCachingPrincipal(AuthorizationManager authorizationManager, Principal principal, Principal principal2, Object obj, Subject subject) {
        Set userRoles = authorizationManager.getUserRoles(principal);
        ArrayList arrayList = new ArrayList();
        if (userRoles != null) {
            Iterator it = userRoles.iterator();
            while (it.hasNext()) {
                arrayList.add(((Principal) it.next()).getName());
            }
        }
        return new JBossGenericPrincipal(this, subject, principal, principal2, obj, arrayList, userRoles);
    }

    private Principal getAuthenticatedPrincipal(Subject subject) {
        if (subject == null) {
            throw new IllegalArgumentException("subject is null");
        }
        r6 = null;
        for (Principal principal : subject.getPrincipals(SimplePrincipal.class)) {
            if (!(principal instanceof Group)) {
                break;
            }
        }
        return principal;
    }

    private GeneralizedAuthenticationManager getAuthenticationManager() throws Exception {
        String contextID = PolicyContext.getContextID();
        MBeanServer locateJBoss = MBeanServerLocator.locateJBoss();
        return (GeneralizedAuthenticationManager) locateJBoss.invoke(this.authenticationManagerService, "getSecurityManager", new String[]{(String) locateJBoss.invoke(this.authenticationManagerService, "getSecurityDomain", new String[]{contextID}, new String[]{"java.lang.String"})}, new String[]{"java.lang.String"});
    }

    private AuthorizationManager getAuthorizationManager() throws Exception {
        return (AuthorizationManager) MBeanServerLocator.locateJBoss().invoke(this.authorizationManagerService, "getAuthorizationManager", new String[]{getAuthenticationManager().getSecurityDomain()}, new String[]{"java.lang.String"});
    }
}
