package org.jboss.jmx.connector.invoker;

import java.security.Principal;
import javax.naming.InitialContext;
import javax.security.auth.Subject;
import org.jboss.mx.interceptor.AbstractInterceptor;
import org.jboss.mx.server.Invocation;
import org.jboss.security.SecurityContext;
import org.jboss.security.SubjectSecurityManager;

/* loaded from: input_file:org/jboss/jmx/connector/invoker/AuthenticationInterceptor.class */
public final class AuthenticationInterceptor extends AbstractInterceptor {
    private SubjectSecurityManager securityMgr;
    private String securityDomain;
    private boolean initialized = false;

    public void setSecurityDomain(String str) throws Exception {
        this.securityDomain = str;
    }

    public Object invoke(Invocation invocation) throws Throwable {
        SecurityContext securityContext = null;
        String type = invocation.getType();
        Subject subject = null;
        if (!this.initialized) {
            initialize();
        }
        if (type == "invoke" && this.securityMgr != null && invocation.getName().equals("invoke")) {
            org.jboss.invocation.Invocation invocation2 = (org.jboss.invocation.Invocation) invocation.getArgs()[0];
            Principal principal = invocation2.getPrincipal();
            Object credential = invocation2.getCredential();
            subject = new Subject();
            if (!this.securityMgr.isValid(principal, credential, subject)) {
                throw new SecurityException("Failed to authenticate principal=" + principal + ", securityDomain=" + this.securityMgr.getSecurityDomain());
            }
            String securityDomain = this.securityMgr != null ? this.securityMgr.getSecurityDomain() : "other";
            securityContext = SecurityActions.getSecurityContext();
            SecurityActions.setSecurityContext(SecurityActions.createSecurityContext(securityDomain));
            SecurityActions.pushSubjectContext(principal, credential, subject);
        }
        try {
            Object invoke = invocation.nextInterceptor().invoke(invocation);
            if (subject != null) {
                SecurityActions.setSecurityContext(securityContext);
            }
            return invoke;
        } catch (Throwable th) {
            if (subject != null) {
                SecurityActions.setSecurityContext(securityContext);
            }
            throw th;
        }
    }

    private void initialize() {
        try {
            this.securityMgr = (SubjectSecurityManager) new InitialContext().lookup(this.securityDomain);
        } catch (Exception e) {
        }
        if (this.securityMgr == null) {
            this.log.warn("Unable to locate security domain " + this.securityDomain + ". The AuthenticationInterceptor will have no effect");
        }
        this.initialized = true;
    }
}
