package org.jboss.security.authentication;

import java.io.Serializable;
import java.lang.reflect.Method;
import java.security.AccessController;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.security.acl.Group;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentMap;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.jboss.security.AuthenticationManager;
import org.jboss.security.CacheableManager;
import org.jboss.security.PicketBoxLogger;
import org.jboss.security.PicketBoxMessages;
import org.jboss.security.SecurityContext;
import org.jboss.security.SecurityContextAssociation;
import org.jboss.security.SimplePrincipal;
import org.jboss.security.auth.callback.JBossCallbackHandler;
import org.jboss.security.config.ApplicationPolicy;
import org.jboss.security.config.SecurityConfiguration;
import org.jboss.security.plugins.ClassLoaderLocator;
import org.jboss.security.plugins.ClassLoaderLocatorFactory;

/* loaded from: input_file:org/jboss/security/authentication/JBossCachedAuthenticationManager.class */
public class JBossCachedAuthenticationManager implements AuthenticationManager, CacheableManager<ConcurrentMap<Principal, DomainInfo>, Principal> {
    private String securityDomain;
    private CallbackHandler callbackHandler;
    private transient Method setSecurityInfo;
    protected ConcurrentMap<Principal, DomainInfo> domainCache;
    private boolean deepCopySubjectOption;

    /* loaded from: input_file:org/jboss/security/authentication/JBossCachedAuthenticationManager$DomainInfo.class */
    public static class DomainInfo implements Serializable {
        private static final long serialVersionUID = 7402775370244483773L;
        protected LoginContext loginContext;
        protected Subject subject;
        protected Object credential;
        protected Principal callerPrincipal;
        protected ClassLoader contextClassLoader = null;

        public void logout() {
            if (this.loginContext != null) {
                try {
                    this.loginContext.logout();
                } catch (Exception e) {
                    PicketBoxLogger.LOGGER.traceCacheEntryLogoutFailure(e);
                }
            }
        }
    }

    public JBossCachedAuthenticationManager() {
        this("other", new JBossCallbackHandler());
    }

    public JBossCachedAuthenticationManager(String str, CallbackHandler callbackHandler) {
        this.deepCopySubjectOption = false;
        this.securityDomain = str;
        this.callbackHandler = callbackHandler;
        try {
            this.setSecurityInfo = callbackHandler.getClass().getMethod("setSecurityInfo", Principal.class, Object.class);
        } catch (Exception e) {
            throw new UnsupportedOperationException(PicketBoxMessages.MESSAGES.unableToFindSetSecurityInfoMessage());
        }
    }

    public Subject getActiveSubject() {
        Subject subject = null;
        SecurityContext securityContext = SecurityContextAssociation.getSecurityContext();
        if (securityContext != null) {
            subject = securityContext.getUtil().getSubject();
        }
        return subject;
    }

    public Principal getTargetPrincipal(Principal principal, Map<String, Object> map) {
        throw new UnsupportedOperationException();
    }

    public boolean isValid(Principal principal, Object obj) {
        return isValid(principal, obj, null);
    }

    public boolean isValid(Principal principal, Object obj, Subject subject) {
        DomainInfo cacheInfo = getCacheInfo(principal != null ? principal : new SimplePrincipal("null"));
        PicketBoxLogger.LOGGER.traceBeginIsValid(principal, cacheInfo != null ? cacheInfo.toString() : null);
        boolean z = false;
        if (cacheInfo != null) {
            z = validateCache(cacheInfo, obj, subject);
        }
        if (!z) {
            z = authenticate(principal, obj, subject);
        }
        PicketBoxLogger.LOGGER.traceEndIsValid(z);
        return z;
    }

    public String getSecurityDomain() {
        return this.securityDomain;
    }

    public void flushCache() {
        PicketBoxLogger.LOGGER.traceFlushWholeCache();
        if (this.domainCache != null) {
            this.domainCache.clear();
        }
    }

    public void flushCache(Principal principal) {
        if (this.domainCache == null || principal == null) {
            return;
        }
        PicketBoxLogger.LOGGER.traceFlushCacheEntry(principal.getName());
        this.domainCache.remove(principal);
    }

    public void setCache(ConcurrentMap<Principal, DomainInfo> concurrentMap) {
        this.domainCache = concurrentMap;
    }

    public boolean containsKey(Principal principal) {
        if (this.domainCache == null || principal == null) {
            return false;
        }
        return this.domainCache.containsKey(principal);
    }

    public Set<Principal> getCachedKeys() {
        if (this.domainCache != null) {
            return this.domainCache.keySet();
        }
        return null;
    }

    public void setDeepCopySubjectOption(Boolean bool) {
        this.deepCopySubjectOption = bool.booleanValue();
    }

    private DomainInfo getCacheInfo(Principal principal) {
        if (this.domainCache == null || principal == null) {
            return null;
        }
        return this.domainCache.get(principal);
    }

    private boolean validateCache(DomainInfo domainInfo, Object obj, Subject subject) {
        PicketBoxLogger.LOGGER.traceBeginValidateCache(domainInfo.toString(), obj != null ? obj.getClass() : null);
        Object obj2 = domainInfo.credential;
        boolean z = false;
        if (obj == null || obj2 == null) {
            z = obj == null && obj2 == null;
        } else if (obj2.getClass().isAssignableFrom(obj.getClass())) {
            if (obj2 instanceof Comparable) {
                z = ((Comparable) obj2).compareTo(obj) == 0;
            } else {
                z = obj2 instanceof char[] ? Arrays.equals((char[]) obj2, (char[]) obj) : obj2 instanceof byte[] ? Arrays.equals((byte[]) obj2, (byte[]) obj) : obj2.getClass().isArray() ? Arrays.equals((Object[]) obj2, (Object[]) obj) : obj2.equals(obj);
            }
        } else if ((obj2 instanceof char[]) && (obj instanceof String)) {
            z = Arrays.equals((char[]) obj2, ((String) obj).toCharArray());
        } else if ((obj2 instanceof String) && (obj instanceof char[])) {
            z = Arrays.equals(((String) obj2).toCharArray(), (char[]) obj);
        }
        if (z && subject != null) {
            SubjectActions.copySubject(domainInfo.subject, subject, false, this.deepCopySubjectOption);
        }
        PicketBoxLogger.LOGGER.traceEndValidteCache(z);
        return z;
    }

    private boolean authenticate(Principal principal, Object obj, Subject subject) {
        String jBossModuleName;
        ClassLoader classLoader;
        ApplicationPolicy applicationPolicy = SecurityConfiguration.getApplicationPolicy(this.securityDomain);
        if (applicationPolicy != null && (jBossModuleName = applicationPolicy.getAuthenticationInfo().getJBossModuleName()) != null) {
            ClassLoader contextClassLoader = SubjectActions.getContextClassLoader();
            ClassLoaderLocator classLoaderLocator = ClassLoaderLocatorFactory.get();
            if (classLoaderLocator != null && (classLoader = classLoaderLocator.get(jBossModuleName)) != null) {
                try {
                    SubjectActions.setContextClassLoader(classLoader);
                    boolean proceedWithJaasLogin = proceedWithJaasLogin(principal, obj, subject, classLoader);
                    SubjectActions.setContextClassLoader(contextClassLoader);
                    return proceedWithJaasLogin;
                } catch (Throwable th) {
                    SubjectActions.setContextClassLoader(contextClassLoader);
                    throw th;
                }
            }
        }
        return proceedWithJaasLogin(principal, obj, subject, null);
    }

    private boolean proceedWithJaasLogin(Principal principal, Object obj, Subject subject, ClassLoader classLoader) {
        boolean z = false;
        LoginException loginException = null;
        try {
            LoginContext defaultLogin = defaultLogin(principal, obj);
            Subject subject2 = defaultLogin.getSubject();
            if (subject2 != null) {
                if (subject != null) {
                    SubjectActions.copySubject(subject2, subject, false, this.deepCopySubjectOption);
                }
                z = true;
                updateCache(defaultLogin, subject2, principal, obj, classLoader);
            }
        } catch (LoginException e) {
            PicketBoxLogger.LOGGER.debugFailedLogin(e);
            loginException = e;
        }
        SubjectActions.setContextInfo("org.jboss.security.exception", loginException);
        return z;
    }

    private LoginContext defaultLogin(Principal principal, Object obj) throws LoginException {
        Object[] objArr = {principal, obj};
        try {
            CallbackHandler callbackHandler = (CallbackHandler) this.callbackHandler.getClass().newInstance();
            this.setSecurityInfo.invoke(callbackHandler, objArr);
            Subject subject = new Subject();
            PicketBoxLogger.LOGGER.traceDefaultLoginPrincipal(principal);
            LoginContext createLoginContext = SubjectActions.createLoginContext(this.securityDomain, subject, callbackHandler);
            createLoginContext.login();
            PicketBoxLogger.LOGGER.traceDefaultLoginSubject(createLoginContext.toString(), SubjectActions.toString(subject));
            return createLoginContext;
        } catch (Throwable th) {
            LoginException loginException = new LoginException(PicketBoxMessages.MESSAGES.unableToFindSetSecurityInfoMessage());
            loginException.initCause(th);
            throw loginException;
        }
    }

    private Subject updateCache(LoginContext loginContext, Subject subject, Principal principal, Object obj, ClassLoader classLoader) {
        if (this.domainCache == null) {
            return subject;
        }
        DomainInfo domainInfo = new DomainInfo();
        domainInfo.loginContext = loginContext;
        domainInfo.subject = new Subject();
        SubjectActions.copySubject(subject, domainInfo.subject, true, this.deepCopySubjectOption);
        domainInfo.credential = obj;
        ClassLoader classLoader2 = classLoader;
        if (classLoader2 == null) {
            classLoader2 = (ClassLoader) AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() { // from class: org.jboss.security.authentication.JBossCachedAuthenticationManager.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public ClassLoader run() {
                    ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
                    if (contextClassLoader == null) {
                        contextClassLoader = ClassLoader.getSystemClassLoader();
                    }
                    return contextClassLoader;
                }
            });
        }
        domainInfo.contextClassLoader = classLoader2;
        PicketBoxLogger.LOGGER.traceUpdateCache(SubjectActions.toString(subject), SubjectActions.toString(domainInfo.subject));
        for (Group group : subject.getPrincipals(Group.class)) {
            if (group.getName().equals("CallerPrincipal")) {
                Enumeration<? extends Principal> members = group.members();
                if (members.hasMoreElements()) {
                    domainInfo.callerPrincipal = members.nextElement();
                }
            }
        }
        if (domainInfo.callerPrincipal == null) {
            Iterator it = subject.getPrincipals(Principal.class).iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Principal principal2 = (Principal) it.next();
                if (!(principal2 instanceof Group)) {
                    domainInfo.callerPrincipal = principal2;
                    break;
                }
            }
        }
        this.domainCache.put(principal != null ? principal : new SimplePrincipal("null"), domainInfo);
        PicketBoxLogger.LOGGER.traceInsertedCacheInfo(domainInfo.toString());
        return domainInfo.subject;
    }

    public void releaseModuleEntries(ClassLoader classLoader) {
        if (this.domainCache != null) {
            for (Map.Entry<Principal, DomainInfo> entry : this.domainCache.entrySet()) {
                if ((classLoader == null && entry.getValue().contextClassLoader == null) || classLoader.equals(entry.getValue().contextClassLoader)) {
                    flushCache(entry.getKey());
                }
            }
        }
    }
}
