package org.jboss.net.axis.server;

import java.security.Principal;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.security.auth.Subject;
import org.jboss.axis.AxisFault;
import org.jboss.axis.MessageContext;
import org.jboss.axis.handlers.BasicHandler;
import org.jboss.axis.utils.Messages;
import org.jboss.security.NobodyPrincipal;
import org.jboss.security.SecurityAssociation;
import org.jboss.security.SimplePrincipal;
import org.jboss.security.SubjectSecurityManager;
import org.w3c.dom.Element;

/* loaded from: input_file:org/jboss/net/axis/server/JBossAuthenticationHandler.class */
public class JBossAuthenticationHandler extends BasicHandler {
    protected boolean isInitialised;
    protected boolean shouldValidateUnauthenticatedCalls;
    protected SubjectSecurityManager authMgr;

    protected void initialise() throws AxisFault {
        this.isInitialised = true;
        this.authMgr = null;
        this.shouldValidateUnauthenticatedCalls = false;
        String str = (String) getOption(Constants.SECURITY_DOMAIN_OPTION);
        if (str != null) {
            try {
                this.authMgr = (SubjectSecurityManager) new InitialContext().lookup(str);
            } catch (NamingException e) {
                throw new AxisFault(new StringBuffer().append("Could not lookup associated security domain ").append(str).toString(), e);
            }
        }
        String str2 = (String) getOption(Constants.VALIDATE_UNAUTHENTICATED_CALLS_OPTION);
        if (str2 != null) {
            try {
                this.shouldValidateUnauthenticatedCalls = new Boolean(str2).booleanValue();
            } catch (Exception e2) {
                throw new AxisFault("Could not set validateUnauthenticatedCalls option.", e2);
            }
        }
    }

    protected Principal getPrincipal(String str) {
        return str == null ? NobodyPrincipal.NOBODY_PRINCIPAL : new SimplePrincipal(str);
    }

    protected Subject validate(Principal principal, String str) throws AxisFault {
        char[] charArray = str != null ? str.toCharArray() : null;
        Subject subject = null;
        if (this.shouldValidateUnauthenticatedCalls || principal != NobodyPrincipal.NOBODY_PRINCIPAL) {
            subject = new Subject();
            if (!this.authMgr.isValid(principal, charArray, subject)) {
                throw new AxisFault("Server.Unauthenticated", Messages.getMessage("cantAuth01", principal.getName()), (String) null, (Element[]) null);
            }
        }
        return subject;
    }

    protected void associate(Principal principal, String str, Subject subject) {
        if (this.shouldValidateUnauthenticatedCalls || principal != NobodyPrincipal.NOBODY_PRINCIPAL) {
            SecurityAssociation.pushSubjectContext(subject, principal, str != null ? str.toCharArray() : null);
        } else {
            SecurityAssociation.pushSubjectContext(null, null, null);
        }
    }

    public void invoke(MessageContext messageContext) throws AxisFault {
        if (!this.isInitialised) {
            synchronized (this) {
                if (!this.isInitialised) {
                    initialise();
                }
            }
        }
        if (this.authMgr == null) {
            throw new AxisFault("No security domain associated.");
        }
        Principal principal = getPrincipal(messageContext.getUsername());
        String password = messageContext.getPassword();
        Subject validate = validate(principal, password);
        associate(principal, password, validate);
        messageContext.setProperty("authenticatedUser", validate);
    }
}
