package org.jboss.as.security.plugins;

import java.security.Principal;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import javax.naming.InitialContext;
import javax.security.auth.callback.CallbackHandler;
import org.jboss.as.security.logging.SecurityLogger;
import org.jboss.modules.ModuleLoader;
import org.jboss.security.AuthenticationManager;
import org.jboss.security.AuthorizationManager;
import org.jboss.security.CacheableManager;
import org.jboss.security.ISecurityManagement;
import org.jboss.security.JSSESecurityDomain;
import org.jboss.security.SecurityConstants;
import org.jboss.security.audit.AuditManager;
import org.jboss.security.authentication.JBossCachedAuthenticationManager;
import org.jboss.security.identitytrust.IdentityTrustManager;
import org.jboss.security.mapping.MappingManager;

/* loaded from: input_file:m2repo/org/wildfly/wildfly-security/10.1.0.Final/wildfly-security-10.1.0.Final.jar:org/jboss/as/security/plugins/JNDIBasedSecurityManagement.class */
public class JNDIBasedSecurityManagement implements ISecurityManagement {
    private static final long serialVersionUID = 1924631329555621041L;
    private transient ConcurrentHashMap<String, SecurityDomainContext> securityMgrMap = new ConcurrentHashMap<>();
    private transient ConcurrentHashMap<String, AuthenticationManager> authMgrMap = new ConcurrentHashMap<>();
    private transient ConcurrentHashMap<String, AuthorizationManager> authzMgrMap = new ConcurrentHashMap<>();
    private transient ConcurrentHashMap<String, AuditManager> auditMgrMap = new ConcurrentHashMap<>();
    private transient ConcurrentHashMap<String, IdentityTrustManager> idmMgrMap = new ConcurrentHashMap<>();
    private transient ConcurrentHashMap<String, MappingManager> mappingMgrMap = new ConcurrentHashMap<>();
    private transient ConcurrentHashMap<String, JSSESecurityDomain> jsseMap = new ConcurrentHashMap<>();
    private String authenticationManagerClassName;
    private boolean deepCopySubjectMode;
    private String callbackHandlerClassName;
    private String authorizationManagerClassName;
    private String auditManagerClassName;
    private String identityTrustManagerClassName;
    private String mappingManagerClassName;
    private ModuleLoader loader;

    public JNDIBasedSecurityManagement(ModuleLoader moduleLoader) {
        this.loader = moduleLoader;
    }

    public ConcurrentHashMap<String, SecurityDomainContext> getSecurityManagerMap() {
        return this.securityMgrMap;
    }

    @Override // org.jboss.security.ISecurityManagement
    public AuditManager getAuditManager(String str) {
        AuditManager auditManager = null;
        try {
            auditManager = this.auditMgrMap.get(str);
            if (auditManager == null) {
                auditManager = (AuditManager) lookUpJNDI(str + "/auditMgr");
                this.auditMgrMap.put(str, auditManager);
            }
        } catch (Exception e) {
            SecurityLogger.ROOT_LOGGER.tracef(e, "Exception getting AuditManager for domain=%s", str);
        }
        return auditManager;
    }

    @Override // org.jboss.security.ISecurityManagement
    public AuthenticationManager getAuthenticationManager(String str) {
        AuthenticationManager authenticationManager = null;
        try {
            authenticationManager = this.authMgrMap.get(str);
            if (authenticationManager == null) {
                authenticationManager = (AuthenticationManager) lookUpJNDI(str + "/authenticationMgr");
                this.authMgrMap.put(str, authenticationManager);
            }
        } catch (Exception e) {
            SecurityLogger.ROOT_LOGGER.tracef(e, "Exception getting AuthenticationManager for domain=%s", str);
        }
        return authenticationManager;
    }

    @Override // org.jboss.security.ISecurityManagement
    public AuthorizationManager getAuthorizationManager(String str) {
        AuthorizationManager authorizationManager = null;
        try {
            authorizationManager = this.authzMgrMap.get(str);
            if (authorizationManager == null) {
                authorizationManager = (AuthorizationManager) lookUpJNDI(str + "/authorizationMgr");
                this.authzMgrMap.put(str, authorizationManager);
            }
        } catch (Exception e) {
            SecurityLogger.ROOT_LOGGER.tracef(e, "Exception getting AuthorizationManager for domain=%s", str);
        }
        return authorizationManager;
    }

    @Override // org.jboss.security.ISecurityManagement
    public IdentityTrustManager getIdentityTrustManager(String str) {
        IdentityTrustManager identityTrustManager = null;
        try {
            identityTrustManager = this.idmMgrMap.get(str);
            if (identityTrustManager == null) {
                identityTrustManager = (IdentityTrustManager) lookUpJNDI(str + "/identityTrustMgr");
                this.idmMgrMap.put(str, identityTrustManager);
            }
        } catch (Exception e) {
            SecurityLogger.ROOT_LOGGER.tracef((Throwable) e, "Exception getting IdentityTrustManager for domain=%s" + str, new Object[0]);
        }
        return identityTrustManager;
    }

    @Override // org.jboss.security.ISecurityManagement
    public MappingManager getMappingManager(String str) {
        MappingManager mappingManager = null;
        try {
            mappingManager = this.mappingMgrMap.get(str);
            if (mappingManager == null) {
                mappingManager = (MappingManager) lookUpJNDI(str + "/mappingMgr");
                this.mappingMgrMap.put(str, mappingManager);
            }
        } catch (Exception e) {
            SecurityLogger.ROOT_LOGGER.tracef(e, "Exception getting MappingManager for domain=%s", str);
        }
        return mappingManager;
    }

    @Override // org.jboss.security.ISecurityManagement
    public JSSESecurityDomain getJSSE(String str) {
        JSSESecurityDomain jSSESecurityDomain = null;
        try {
            jSSESecurityDomain = this.jsseMap.get(str);
            if (jSSESecurityDomain == null) {
                jSSESecurityDomain = (JSSESecurityDomain) lookUpJNDI(str + "/jsse");
                this.jsseMap.put(str, jSSESecurityDomain);
            }
        } catch (Exception e) {
            SecurityLogger.ROOT_LOGGER.tracef(e, "Exception getting JSSESecurityDomain for domain=%s", str);
        }
        return jSSESecurityDomain;
    }

    public String getAuthenticationManagerClassName() {
        return this.authenticationManagerClassName;
    }

    public void setAuthenticationManagerClassName(String str) {
        this.authenticationManagerClassName = str;
    }

    public boolean isDeepCopySubjectMode() {
        return this.deepCopySubjectMode;
    }

    public void setDeepCopySubjectMode(boolean z) {
        this.deepCopySubjectMode = z;
    }

    public String getCallbackHandlerClassName() {
        return this.callbackHandlerClassName;
    }

    public void setCallbackHandlerClassName(String str) {
        this.callbackHandlerClassName = str;
    }

    public String getAuthorizationManagerClassName() {
        return this.authorizationManagerClassName;
    }

    public void setAuthorizationManagerClassName(String str) {
        this.authorizationManagerClassName = str;
    }

    public String getAuditManagerClassName() {
        return this.auditManagerClassName;
    }

    public void setAuditManagerClassName(String str) {
        this.auditManagerClassName = str;
    }

    public String getIdentityTrustManagerClassName() {
        return this.identityTrustManagerClassName;
    }

    public void setIdentityTrustManagerClassName(String str) {
        this.identityTrustManagerClassName = str;
    }

    public String getMappingManagerClassName() {
        return this.mappingManagerClassName;
    }

    public void setMappingManagerClassName(String str) {
        this.mappingManagerClassName = str;
    }

    public void removeSecurityDomain(String str) {
        this.securityMgrMap.remove(str);
        this.auditMgrMap.remove(str);
        this.authMgrMap.remove(str);
        this.authzMgrMap.remove(str);
        this.idmMgrMap.remove(str);
        this.mappingMgrMap.remove(str);
        this.jsseMap.remove(str);
    }

    private Object lookUpJNDI(String str) {
        try {
            InitialContext initialContext = new InitialContext();
            return str.startsWith(SecurityConstants.JAAS_CONTEXT_ROOT) ? initialContext.lookup(str) : initialContext.lookup(SecurityConstants.JAAS_CONTEXT_ROOT + str);
        } catch (Exception e) {
            SecurityLogger.ROOT_LOGGER.tracef("Look up of JNDI for %s failed with %s", str, e.getLocalizedMessage());
            return null;
        }
    }

    public SecurityDomainContext createSecurityDomainContext(String str, AuthenticationCacheFactory authenticationCacheFactory) throws Exception {
        ConcurrentMap<Principal, JBossCachedAuthenticationManager.DomainInfo> cache;
        SecurityLogger.ROOT_LOGGER.debugf("Creating SDC for domain = %s", str);
        AuthenticationManager createAuthenticationManager = createAuthenticationManager(str);
        if (authenticationCacheFactory != null && (createAuthenticationManager instanceof CacheableManager) && (cache = authenticationCacheFactory.getCache()) != null) {
            ((CacheableManager) createAuthenticationManager).setCache(cache);
        }
        if (this.deepCopySubjectMode) {
            setDeepCopySubjectMode(createAuthenticationManager);
        }
        SecurityDomainContext securityDomainContext = new SecurityDomainContext(createAuthenticationManager);
        securityDomainContext.setAuthorizationManager(createAuthorizationManager(str));
        securityDomainContext.setAuditManager(createAuditManager(str));
        securityDomainContext.setIdentityTrustManager(createIdentityTrustManager(str));
        securityDomainContext.setMappingManager(createMappingManager(str));
        return securityDomainContext;
    }

    private AuthenticationManager createAuthenticationManager(String str) throws Exception {
        int lastIndexOf = this.callbackHandlerClassName.lastIndexOf(":");
        if (lastIndexOf == -1) {
            throw SecurityLogger.ROOT_LOGGER.missingModuleName("default-callback-handler-class-name attribute");
        }
        CallbackHandler callbackHandler = (CallbackHandler) SecurityActions.getModuleClassLoader(this.loader, this.callbackHandlerClassName.substring(0, lastIndexOf)).loadClass(this.callbackHandlerClassName.substring(lastIndexOf + 1)).newInstance();
        int lastIndexOf2 = this.authenticationManagerClassName.lastIndexOf(":");
        if (lastIndexOf2 == -1) {
            throw SecurityLogger.ROOT_LOGGER.missingModuleName("authentication-manager-class-name attribute");
        }
        return (AuthenticationManager) SecurityActions.getModuleClassLoader(this.loader, this.authenticationManagerClassName.substring(0, lastIndexOf2)).loadClass(this.authenticationManagerClassName.substring(lastIndexOf2 + 1)).getConstructor(String.class, CallbackHandler.class).newInstance(str, callbackHandler);
    }

    private AuthorizationManager createAuthorizationManager(String str) throws Exception {
        int lastIndexOf = this.authorizationManagerClassName.lastIndexOf(":");
        if (lastIndexOf == -1) {
            throw SecurityLogger.ROOT_LOGGER.missingModuleName("authorization manager class");
        }
        return (AuthorizationManager) SecurityActions.getModuleClassLoader(this.loader, this.authorizationManagerClassName.substring(0, lastIndexOf)).loadClass(this.authorizationManagerClassName.substring(lastIndexOf + 1)).getConstructor(String.class).newInstance(str);
    }

    private AuditManager createAuditManager(String str) throws Exception {
        int lastIndexOf = this.auditManagerClassName.lastIndexOf(":");
        if (lastIndexOf == -1) {
            throw SecurityLogger.ROOT_LOGGER.missingModuleName("audit manager class");
        }
        return (AuditManager) SecurityActions.getModuleClassLoader(this.loader, this.auditManagerClassName.substring(0, lastIndexOf)).loadClass(this.auditManagerClassName.substring(lastIndexOf + 1)).getConstructor(String.class).newInstance(str);
    }

    private IdentityTrustManager createIdentityTrustManager(String str) throws Exception {
        int lastIndexOf = this.identityTrustManagerClassName.lastIndexOf(":");
        if (lastIndexOf == -1) {
            throw SecurityLogger.ROOT_LOGGER.missingModuleName("identity trust manager class");
        }
        return (IdentityTrustManager) SecurityActions.getModuleClassLoader(this.loader, this.identityTrustManagerClassName.substring(0, lastIndexOf)).loadClass(this.identityTrustManagerClassName.substring(lastIndexOf + 1)).getConstructor(String.class).newInstance(str);
    }

    private MappingManager createMappingManager(String str) throws Exception {
        int lastIndexOf = this.mappingManagerClassName.lastIndexOf(":");
        if (lastIndexOf == -1) {
            throw SecurityLogger.ROOT_LOGGER.missingModuleName("mapping manager class");
        }
        return (MappingManager) SecurityActions.getModuleClassLoader(this.loader, this.mappingManagerClassName.substring(0, lastIndexOf)).loadClass(this.mappingManagerClassName.substring(lastIndexOf + 1)).getConstructor(String.class).newInstance(str);
    }

    private static void setDeepCopySubjectMode(AuthenticationManager authenticationManager) {
        try {
            authenticationManager.getClass().getMethod("setDeepCopySubjectOption", Boolean.class).invoke(authenticationManager, Boolean.TRUE);
        } catch (Exception e) {
            SecurityLogger.ROOT_LOGGER.tracef("Optional setDeepCopySubjectMode failed: %s", e.getLocalizedMessage());
        }
    }
}
