package org.rhq.enterprise.server.core;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;
import javax.management.MBeanRegistration;
import javax.management.MBeanServer;
import javax.management.ObjectName;
import javax.naming.NamingException;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.security.auth.login.AppConfigurationEntry;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.rhq.enterprise.server.RHQConstants;
import org.rhq.enterprise.server.core.jaas.JDBCLoginModule;
import org.rhq.enterprise.server.core.jaas.LdapLoginModule;
import org.rhq.enterprise.server.core.jaas.TempSessionLoginModule;
import org.rhq.enterprise.server.util.LookupUtil;
import org.rhq.enterprise.server.util.security.UntrustedSSLSocketFactory;

/* loaded from: input_file:lib/rhq-enterprise-server.jar:org/rhq/enterprise/server/core/CustomJaasDeploymentService.class */
public class CustomJaasDeploymentService implements CustomJaasDeploymentServiceMBean, MBeanRegistration {
    private static final String AUTH_METHOD = "addAppConfig";
    private static final String AUTH_OBJECTNAME = "jboss.security:service=XMLLoginConfig";
    private Log log = LogFactory.getLog(CustomJaasDeploymentService.class.getName());
    private MBeanServer mbeanServer = null;

    @Override // org.rhq.enterprise.server.core.CustomJaasDeploymentServiceMBean
    public void installJaasModules() {
        try {
            this.log.info("Installing RHQ Server's JAAS login modules");
            registerJaasModules(LookupUtil.getSystemManager().getSystemConfiguration());
        } catch (Exception e) {
            this.log.fatal("Error deploying JAAS login modules", e);
            throw new RuntimeException(e);
        }
    }

    @Override // javax.management.MBeanRegistration
    public ObjectName preRegister(MBeanServer mBeanServer, ObjectName objectName) throws Exception {
        this.mbeanServer = mBeanServer;
        return objectName;
    }

    @Override // javax.management.MBeanRegistration
    public void postRegister(Boolean bool) {
    }

    @Override // javax.management.MBeanRegistration
    public void preDeregister() {
    }

    @Override // javax.management.MBeanRegistration
    public void postDeregister() {
    }

    private void registerJaasModules(Properties properties) throws Exception {
        ArrayList arrayList = new ArrayList();
        try {
            AppConfigurationEntry appConfigurationEntry = new AppConfigurationEntry(JDBCLoginModule.class.getName(), AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT, getJdbcOptions(properties));
            this.log.info("Enabling RHQ JDBC JAAS Provider");
            arrayList.add(appConfigurationEntry);
            AppConfigurationEntry appConfigurationEntry2 = new AppConfigurationEntry(TempSessionLoginModule.class.getName(), AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT, new HashMap());
            this.log.info("Enabled the temporary session login module");
            arrayList.add(appConfigurationEntry2);
            String property = properties.getProperty(RHQConstants.JAASProvider);
            if (property != null && property.equals(RHQConstants.LDAPJAASProvider)) {
                Map<String, String> ldapOptions = getLdapOptions(properties);
                try {
                    validateLdapOptions(ldapOptions);
                    AppConfigurationEntry appConfigurationEntry3 = new AppConfigurationEntry(LdapLoginModule.class.getName(), AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT, ldapOptions);
                    this.log.info("Enabling RHQ LDAP JAAS Provider");
                    arrayList.add(appConfigurationEntry3);
                } catch (NamingException e) {
                    this.log.info("Disabling RHQ LDAP JAAS Provider: " + e.getMessage(), e);
                }
            }
            AppConfigurationEntry[] appConfigurationEntryArr = (AppConfigurationEntry[]) arrayList.toArray(new AppConfigurationEntry[0]);
            this.mbeanServer.invoke(new ObjectName(AUTH_OBJECTNAME), AUTH_METHOD, new Object[]{CustomJaasDeploymentServiceMBean.SECURITY_DOMAIN_NAME, appConfigurationEntryArr}, new String[]{"java.lang.String", appConfigurationEntryArr.getClass().getName()});
        } catch (Exception e2) {
            throw new Exception("Error registering RHQ JAAS Modules", e2);
        }
    }

    private Map<String, String> getJdbcOptions(Properties properties) {
        HashMap hashMap = new HashMap();
        hashMap.put("hashAlgorithm", "MD5");
        hashMap.put("hashEncoding", "base64");
        return hashMap;
    }

    private Map<String, String> getLdapOptions(Properties properties) {
        HashMap hashMap = new HashMap();
        hashMap.put("java.naming.factory.initial", properties.getProperty(RHQConstants.LDAPFactory));
        hashMap.put("java.naming.provider.url", properties.getProperty(RHQConstants.LDAPUrl));
        hashMap.put("java.naming.security.protocol", properties.getProperty(RHQConstants.LDAPProtocol));
        hashMap.put("LoginProperty", properties.getProperty(RHQConstants.LDAPLoginProperty));
        hashMap.put("Filter", properties.getProperty(RHQConstants.LDAPFilter));
        hashMap.put("BaseDN", properties.getProperty(RHQConstants.LDAPBaseDN));
        hashMap.put("BindDN", properties.getProperty(RHQConstants.LDAPBindDN));
        hashMap.put("BindPW", properties.getProperty(RHQConstants.LDAPBindPW));
        return hashMap;
    }

    private void validateLdapOptions(Map<String, String> map) throws NamingException {
        Properties properties = new Properties();
        String str = map.get("java.naming.factory.initial");
        if (str == null) {
            throw new NamingException("No initial context factory");
        }
        String str2 = map.get("java.naming.provider.url");
        if (str2 == null) {
            throw new NamingException("Naming provider url not set");
        }
        String str3 = map.get("java.naming.security.protocol");
        if (str3 != null && str3.equals("ssl")) {
            if (properties.getProperty("java.naming.ldap.factory.socket") == null) {
                properties.put("java.naming.ldap.factory.socket", UntrustedSSLSocketFactory.class.getName());
            }
            properties.put("java.naming.security.protocol", "ssl");
        }
        properties.setProperty("java.naming.factory.initial", str);
        properties.setProperty("java.naming.provider.url", str2);
        String str4 = map.get("BindDN");
        String str5 = map.get("BindPW");
        if (str4 != null && str4.length() != 0 && str5 != null && str5.length() != 0) {
            properties.setProperty("java.naming.security.principal", str4);
            properties.setProperty("java.naming.security.credentials", str5);
            properties.setProperty("java.naming.security.authentication", "simple");
        }
        this.log.debug("Validating LDAP with environment=" + properties);
        new InitialLdapContext(properties, (Control[]) null);
    }
}
