package org.uberfire.security.server.auth.source;

import java.security.Principal;
import java.security.acl.Group;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.ServiceLoader;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.jacc.PolicyContext;
import javax.servlet.http.HttpServletRequest;
import org.uberfire.commons.validation.Preconditions;
import org.uberfire.security.Role;
import org.uberfire.security.SecurityContext;
import org.uberfire.security.auth.AuthenticationSource;
import org.uberfire.security.auth.Credential;
import org.uberfire.security.auth.RoleProvider;
import org.uberfire.security.auth.RolesMode;
import org.uberfire.security.impl.RoleImpl;
import org.uberfire.security.impl.auth.UserNameCredential;
import org.uberfire.security.server.HttpSecurityContext;
import org.uberfire.security.server.RolesRegistry;
import org.uberfire.security.server.SecurityConstants;
import org.uberfire.security.server.auth.source.adapter.RolesAdapter;

/* loaded from: input_file:org/uberfire/security/server/auth/source/JACCAuthenticationSource.class */
public class JACCAuthenticationSource implements AuthenticationSource, RoleProvider {
    public static final String DEFAULT_ROLE_PRINCIPLE_NAME = "Roles";
    private String rolePrincipleName = "Roles";
    private ServiceLoader<RolesAdapter> rolesAdapterServiceLoader = ServiceLoader.load(RolesAdapter.class);
    private RolesMode mode = RolesMode.GROUP;

    public void initialize(Map<String, ?> map) {
        if (map.containsKey(SecurityConstants.ROLES_IN_CONTEXT_KEY)) {
            this.rolePrincipleName = (String) map.get(SecurityConstants.ROLES_IN_CONTEXT_KEY);
        }
        try {
            if (map.containsKey(SecurityConstants.ROLE_MODE_KEY)) {
                this.mode = RolesMode.valueOf((String) map.get(SecurityConstants.ROLE_MODE_KEY));
            }
        } catch (Exception e) {
            this.mode = RolesMode.GROUP;
        }
    }

    public boolean supportsCredential(Credential credential) {
        return credential != null && (credential instanceof UserNameCredential);
    }

    public boolean authenticate(Credential credential, SecurityContext securityContext) {
        Set<Principal> principals;
        UserNameCredential userNameCredential = (UserNameCredential) Preconditions.checkInstanceOf("credential", credential, UserNameCredential.class);
        try {
            Subject subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container");
            if (subject != null && (principals = subject.getPrincipals()) != null) {
                Iterator<Principal> it = principals.iterator();
                while (it.hasNext()) {
                    if (it.next().getName().equals(userNameCredential.getUserName())) {
                        return true;
                    }
                }
            }
            return false;
        } catch (Exception e) {
            return false;
        }
    }

    public List<Role> loadRoles(org.uberfire.security.auth.Principal principal, SecurityContext securityContext) {
        ArrayList arrayList = new ArrayList();
        try {
            Subject subjectFromContainer = getSubjectFromContainer();
            if (subjectFromContainer != null) {
                if (this.mode.equals(RolesMode.ROLE) || this.mode.equals(RolesMode.BOTH)) {
                    arrayList.addAll(loadRoles(subjectFromContainer, securityContext));
                }
                if (this.mode.equals(RolesMode.GROUP) || this.mode.equals(RolesMode.BOTH)) {
                    arrayList.addAll(loadGroups(subjectFromContainer));
                }
            } else {
                Iterator<RolesAdapter> it = this.rolesAdapterServiceLoader.iterator();
                while (it.hasNext()) {
                    List<Role> roles = it.next().getRoles(principal, securityContext, this.mode);
                    if (roles != null) {
                        arrayList.addAll(roles);
                    }
                }
            }
        } catch (Exception e) {
        }
        return arrayList;
    }

    private List<Role> loadGroups(Subject subject) {
        ArrayList arrayList = new ArrayList();
        Set<Principal> principals = subject.getPrincipals();
        if (principals != null) {
            Iterator<Principal> it = principals.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Principal next = it.next();
                if ((next instanceof Group) && this.rolePrincipleName.equalsIgnoreCase(next.getName())) {
                    Enumeration<? extends Principal> members = ((Group) next).members();
                    while (members.hasMoreElements()) {
                        arrayList.add(new RoleImpl(members.nextElement().getName()));
                    }
                }
            }
        }
        return arrayList;
    }

    private List<Role> loadRoles(Subject subject, SecurityContext securityContext) {
        ArrayList arrayList = new ArrayList();
        if (securityContext instanceof HttpSecurityContext) {
            HttpServletRequest request = ((HttpSecurityContext) securityContext).getRequest();
            for (Role role : RolesRegistry.get().getRegisteredRoles()) {
                if (request.isUserInRole(role.getName())) {
                    arrayList.add(new RoleImpl(role.getName()));
                }
            }
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Subject getSubjectFromContainer() {
        try {
            return (Subject) PolicyContext.getContext("javax.security.auth.Subject.container");
        } catch (Exception e) {
            return null;
        }
    }
}
