package org.jboss.security.plugins.auth;

import java.lang.reflect.Method;
import java.lang.reflect.UndeclaredThrowableException;
import java.security.Principal;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.jboss.security.AuthorizationManager;
import org.jboss.security.PicketBoxLogger;
import org.jboss.security.PicketBoxMessages;
import org.jboss.security.RealmMapping;
import org.jboss.security.SecurityContext;
import org.jboss.security.SecurityContextAssociation;
import org.jboss.security.SecurityUtil;
import org.jboss.security.SubjectSecurityManager;
import org.jboss.security.auth.callback.JBossCallbackHandler;
import org.jboss.security.config.ApplicationPolicy;
import org.jboss.security.config.SecurityConfiguration;
import org.jboss.security.plugins.ClassLoaderLocator;
import org.jboss.security.plugins.ClassLoaderLocatorFactory;

/* loaded from: input_file:org/jboss/security/plugins/auth/JaasSecurityManagerBase.class */
public class JaasSecurityManagerBase implements SubjectSecurityManager, RealmMapping {
    private String securityDomain;
    private CallbackHandler handler;
    private transient Method setSecurityInfo;
    private boolean deepCopySubjectOption;
    private AuthorizationManager authorizationManager;

    public JaasSecurityManagerBase() {
        this("other", new JBossCallbackHandler());
    }

    public JaasSecurityManagerBase(String str, CallbackHandler callbackHandler) {
        this.deepCopySubjectOption = false;
        this.securityDomain = SecurityUtil.unprefixSecurityDomain(str);
        this.handler = callbackHandler;
        String str2 = getClass().getName() + '.' + str;
        try {
            this.setSecurityInfo = callbackHandler.getClass().getMethod("setSecurityInfo", Principal.class, Object.class);
        } catch (Exception e) {
            throw new UndeclaredThrowableException(e, PicketBoxMessages.MESSAGES.unableToFindSetSecurityInfoMessage());
        }
    }

    public void setDeepCopySubjectOption(Boolean bool) {
        this.deepCopySubjectOption = bool.booleanValue();
    }

    public void setAuthorizationManager(AuthorizationManager authorizationManager) {
        this.authorizationManager = authorizationManager;
    }

    public String getSecurityDomain() {
        return this.securityDomain;
    }

    public Subject getActiveSubject() {
        Subject subject = null;
        SecurityContext securityContext = SecurityContextAssociation.getSecurityContext();
        if (securityContext != null) {
            subject = securityContext.getUtil().getSubject();
        }
        return subject;
    }

    public boolean isValid(Principal principal, Object obj) {
        return isValid(principal, obj, null);
    }

    public boolean isValid(Principal principal, Object obj, Subject subject) {
        PicketBoxLogger.LOGGER.traceBeginIsValid(principal, (String) null);
        boolean z = false;
        if (0 == 0) {
            z = authenticate(principal, obj, subject);
        }
        PicketBoxLogger.LOGGER.traceEndIsValid(z);
        return z;
    }

    public Principal getPrincipal(Principal principal) {
        return principal;
    }

    public boolean doesUserHaveRole(Principal principal, Set<Principal> set) {
        if (this.authorizationManager == null) {
            this.authorizationManager = SecurityUtil.getAuthorizationManager(this.securityDomain, "java:jboss/jaas/");
        }
        if (this.authorizationManager != null) {
            return this.authorizationManager.doesUserHaveRole(principal, set);
        }
        PicketBoxLogger.LOGGER.debugNullAuthorizationManager(this.securityDomain);
        return false;
    }

    public Set<Principal> getUserRoles(Principal principal) {
        if (this.authorizationManager == null) {
            this.authorizationManager = SecurityUtil.getAuthorizationManager(this.securityDomain, "java:jboss/jaas/");
        }
        if (this.authorizationManager != null) {
            return this.authorizationManager.getUserRoles(principal);
        }
        PicketBoxLogger.LOGGER.debugNullAuthorizationManager(this.securityDomain);
        return null;
    }

    public Principal getTargetPrincipal(Principal principal, Map<String, Object> map) {
        throw new UnsupportedOperationException();
    }

    private boolean authenticate(Principal principal, Object obj, Subject subject) {
        String jBossModuleName;
        ClassLoader classLoader;
        ApplicationPolicy applicationPolicy = SecurityConfiguration.getApplicationPolicy(this.securityDomain);
        if (applicationPolicy != null && (jBossModuleName = applicationPolicy.getAuthenticationInfo().getJBossModuleName()) != null) {
            ClassLoader contextClassLoader = SubjectActions.getContextClassLoader();
            ClassLoaderLocator classLoaderLocator = ClassLoaderLocatorFactory.get();
            if (classLoaderLocator != null && (classLoader = classLoaderLocator.get(jBossModuleName)) != null) {
                try {
                    SubjectActions.setContextClassLoader(classLoader);
                    boolean proceedWithJaasLogin = proceedWithJaasLogin(principal, obj, subject);
                    SubjectActions.setContextClassLoader(contextClassLoader);
                    return proceedWithJaasLogin;
                } catch (Throwable th) {
                    SubjectActions.setContextClassLoader(contextClassLoader);
                    throw th;
                }
            }
        }
        return proceedWithJaasLogin(principal, obj, subject);
    }

    private boolean proceedWithJaasLogin(Principal principal, Object obj, Subject subject) {
        boolean z = false;
        LoginException loginException = null;
        try {
            Subject subject2 = defaultLogin(principal, obj).getSubject();
            if (subject2 != null) {
                if (subject != null) {
                    SubjectActions.copySubject(subject2, subject, false, this.deepCopySubjectOption);
                }
                z = true;
            }
        } catch (LoginException e) {
            if (principal != null && principal.getName() != null) {
                PicketBoxLogger.LOGGER.errorDuringLogin(e);
            }
            loginException = e;
        }
        SubjectActions.setContextInfo("org.jboss.security.exception", loginException);
        return z;
    }

    private LoginContext defaultLogin(Principal principal, Object obj) throws LoginException {
        Object[] objArr = {principal, obj};
        try {
            CallbackHandler callbackHandler = (CallbackHandler) this.handler.getClass().newInstance();
            this.setSecurityInfo.invoke(callbackHandler, objArr);
            Subject subject = new Subject();
            PicketBoxLogger.LOGGER.traceDefaultLoginPrincipal(principal);
            LoginContext createLoginContext = SubjectActions.createLoginContext(this.securityDomain, subject, callbackHandler);
            createLoginContext.login();
            PicketBoxLogger.LOGGER.traceDefaultLoginSubject(createLoginContext.toString(), SubjectActions.toString(subject));
            return createLoginContext;
        } catch (Throwable th) {
            LoginException loginException = new LoginException(PicketBoxMessages.MESSAGES.unableToFindSetSecurityInfoMessage());
            loginException.initCause(th);
            throw loginException;
        }
    }
}
