package org.apache.geronimo.security;

import java.io.Serializable;
import java.security.AccessControlContext;
import java.security.AccessControlException;
import java.security.AccessController;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.util.Hashtable;
import java.util.IdentityHashMap;
import java.util.Map;
import java.util.Set;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.Subject;
import javax.security.jacc.EJBRoleRefPermission;

/* loaded from: input_file:org/apache/geronimo/security/ContextManager.class */
public class ContextManager {
    private static ThreadLocal currentCallerId;
    private static ThreadLocal currentCaller;
    private static ThreadLocal nextCaller;
    private static Map subjectContexts;
    private static Map subjectIds;
    private static long nextSubjectId;
    private static long nextPrincipalId;
    private static SecretKey key;
    private static String algorithm;
    private static String password;
    public static final GeronimoSecurityPermission GET_CONTEXT;
    public static final GeronimoSecurityPermission SET_CONTEXT;
    static Class class$org$apache$geronimo$security$IdentificationPrincipal;
    static final boolean $assertionsDisabled;
    static Class class$org$apache$geronimo$security$ContextManager;
    static Class class$org$apache$geronimo$security$realm$providers$GeronimoCallerPrincipal;
    static Class class$org$apache$geronimo$security$PrimaryRealmPrincipal;
    static Class class$org$apache$geronimo$security$RealmPrincipal;

    /* loaded from: input_file:org/apache/geronimo/security/ContextManager$Context.class */
    private static class Context {
        SubjectId id;
        AccessControlContext context;
        Subject subject;
        Principal principal;

        private Context() {
        }

        Context(AnonymousClass1 anonymousClass1) {
            this();
        }
    }

    public static Subject getServerSideSubject(Subject subject) {
        Class cls;
        if (class$org$apache$geronimo$security$IdentificationPrincipal == null) {
            cls = class$("org.apache.geronimo.security.IdentificationPrincipal");
            class$org$apache$geronimo$security$IdentificationPrincipal = cls;
        } else {
            cls = class$org$apache$geronimo$security$IdentificationPrincipal;
        }
        Set principals = subject.getPrincipals(cls);
        if (principals == null || principals.size() == 0) {
            return null;
        }
        return getRegisteredSubject(((IdentificationPrincipal) principals.iterator().next()).getId());
    }

    public static void setCurrentCallerId(Serializable serializable) {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(SET_CONTEXT);
        }
        currentCallerId.set(serializable);
    }

    public static Serializable getCurrentCallerId() {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(GET_CONTEXT);
        }
        return (Serializable) currentCallerId.get();
    }

    public static void setNextCaller(Subject subject) {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(SET_CONTEXT);
        }
        nextCaller.set(subject);
    }

    public static Subject getNextCaller() {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(GET_CONTEXT);
        }
        return (Subject) nextCaller.get();
    }

    public static void setCurrentCaller(Subject subject) {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(SET_CONTEXT);
        }
        currentCaller.set(subject);
    }

    public static Subject getCurrentCaller() {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(GET_CONTEXT);
        }
        return (Subject) currentCaller.get();
    }

    public static AccessControlContext getCurrentContext() {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(GET_CONTEXT);
        }
        Subject subject = (Subject) currentCaller.get();
        if (!$assertionsDisabled && subject == null) {
            throw new AssertionError("No current caller");
        }
        Context context = (Context) subjectContexts.get(subject);
        if ($assertionsDisabled || context != null) {
            return context.context;
        }
        throw new AssertionError("No registered context");
    }

    public static Principal getCurrentPrincipal(Subject subject) {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(GET_CONTEXT);
        }
        if (subject == null) {
            return new Principal() { // from class: org.apache.geronimo.security.ContextManager.1
                @Override // java.security.Principal
                public String getName() {
                    return "";
                }
            };
        }
        Context context = (Context) subjectContexts.get(subject);
        if ($assertionsDisabled || context != null) {
            return context.principal;
        }
        throw new AssertionError("No registered context");
    }

    public static SubjectId getCurrentId() {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(GET_CONTEXT);
        }
        Context context = (Context) subjectContexts.get(currentCaller.get());
        if ($assertionsDisabled || context != null) {
            return context.id;
        }
        throw new AssertionError("No registered context");
    }

    public static SubjectId getSubjectId(Subject subject) {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(GET_CONTEXT);
        }
        Context context = (Context) subjectContexts.get(subject);
        if (context != null) {
            return context.id;
        }
        return null;
    }

    public static boolean isCallerInRole(String str, String str2) {
        if (str == null) {
            throw new IllegalArgumentException("EJBName must not be null");
        }
        if (str2 == null) {
            throw new IllegalArgumentException("Role must not be null");
        }
        try {
            if (currentCaller.get() == null) {
                return false;
            }
            Context context = (Context) subjectContexts.get(currentCaller.get());
            if (!$assertionsDisabled && context == null) {
                throw new AssertionError("No registered context");
            }
            context.context.checkPermission(new EJBRoleRefPermission(str, str2));
            return true;
        } catch (AccessControlException e) {
            return false;
        }
    }

    public static Subject getRegisteredSubject(SubjectId subjectId) {
        return (Subject) subjectIds.get(subjectId);
    }

    /* JADX WARN: Type inference failed for: r0v25, types: [long, java.lang.Long] */
    public static synchronized SubjectId registerSubject(Subject subject) {
        Class cls;
        Class cls2;
        Class cls3;
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(SET_CONTEXT);
        }
        if (subject == null) {
            throw new IllegalArgumentException("Subject must not be null");
        }
        AccessControlContext accessControlContext = (AccessControlContext) Subject.doAsPrivileged(subject, new PrivilegedAction() { // from class: org.apache.geronimo.security.ContextManager.2
            @Override // java.security.PrivilegedAction
            public Object run() {
                return AccessController.getContext();
            }
        }, (AccessControlContext) null);
        Context context = new Context(null);
        context.subject = subject;
        context.context = accessControlContext;
        if (class$org$apache$geronimo$security$realm$providers$GeronimoCallerPrincipal == null) {
            cls = class$("org.apache.geronimo.security.realm.providers.GeronimoCallerPrincipal");
            class$org$apache$geronimo$security$realm$providers$GeronimoCallerPrincipal = cls;
        } else {
            cls = class$org$apache$geronimo$security$realm$providers$GeronimoCallerPrincipal;
        }
        Set principals = subject.getPrincipals(cls);
        if (principals.isEmpty()) {
            if (class$org$apache$geronimo$security$PrimaryRealmPrincipal == null) {
                cls2 = class$("org.apache.geronimo.security.PrimaryRealmPrincipal");
                class$org$apache$geronimo$security$PrimaryRealmPrincipal = cls2;
            } else {
                cls2 = class$org$apache$geronimo$security$PrimaryRealmPrincipal;
            }
            Set principals2 = subject.getPrincipals(cls2);
            if (principals2.isEmpty()) {
                if (class$org$apache$geronimo$security$RealmPrincipal == null) {
                    cls3 = class$("org.apache.geronimo.security.RealmPrincipal");
                    class$org$apache$geronimo$security$RealmPrincipal = cls3;
                } else {
                    cls3 = class$org$apache$geronimo$security$RealmPrincipal;
                }
                Set principals3 = subject.getPrincipals(cls3);
                if (principals3.isEmpty()) {
                    Set<Principal> principals4 = subject.getPrincipals();
                    if (!principals4.isEmpty()) {
                        context.principal = principals4.iterator().next();
                    }
                } else {
                    context.principal = (RealmPrincipal) principals3.iterator().next();
                }
            } else {
                context.principal = (PrimaryRealmPrincipal) principals2.iterator().next();
            }
        } else {
            context.principal = (Principal) principals.iterator().next();
        }
        nextSubjectId++;
        ?? l = new Long((long) l);
        context.id = new SubjectId(l, hash(l));
        subjectIds.put(context.id, subject);
        subjectContexts.put(subject, context);
        return context.id;
    }

    public static synchronized void unregisterSubject(Subject subject) {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(SET_CONTEXT);
        }
        if (subject == null) {
            throw new IllegalArgumentException("Subject must not be null");
        }
        Context context = (Context) subjectContexts.get(subject);
        if (context == null) {
            return;
        }
        subjectIds.remove(context.id);
        subjectContexts.remove(subject);
    }

    public static IdentificationPrincipal getThreadPrincipal() {
        Class cls;
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(GET_CONTEXT);
        }
        Subject subject = Subject.getSubject(AccessController.getContext());
        if (subject == null) {
            return null;
        }
        if (class$org$apache$geronimo$security$IdentificationPrincipal == null) {
            cls = class$("org.apache.geronimo.security.IdentificationPrincipal");
            class$org$apache$geronimo$security$IdentificationPrincipal = cls;
        } else {
            cls = class$org$apache$geronimo$security$IdentificationPrincipal;
        }
        Set principals = subject.getPrincipals(cls);
        if (principals.isEmpty()) {
            return null;
        }
        return (IdentificationPrincipal) principals.iterator().next();
    }

    public static String getAlgorithm() {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(GET_CONTEXT);
        }
        return algorithm;
    }

    public static void setAlgorithm(String str) {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(SET_CONTEXT);
        }
        algorithm = str;
        key = new SecretKeySpec(password.getBytes(), str);
        try {
            Mac.getInstance(str).init(key);
        } catch (InvalidKeyException e) {
            if (!$assertionsDisabled) {
                throw new AssertionError("Should never have reached here");
            }
        } catch (NoSuchAlgorithmException e2) {
            if (!$assertionsDisabled) {
                throw new AssertionError("Should never have reached here");
            }
        }
    }

    public static String getPassword() {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(GET_CONTEXT);
        }
        return password;
    }

    public static void setPassword(String str) {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(SET_CONTEXT);
        }
        password = str;
        key = new SecretKeySpec(str.getBytes(), algorithm);
    }

    private static byte[] hash(Long l) {
        long longValue = l.longValue();
        byte[] bArr = new byte[8];
        for (int i = 7; i >= 0; i--) {
            bArr[i] = (byte) longValue;
            longValue >>>= 8;
        }
        try {
            Mac mac = Mac.getInstance(algorithm);
            mac.init(key);
            mac.update(bArr);
            return mac.doFinal();
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            if ($assertionsDisabled) {
                return null;
            }
            throw new AssertionError("Should never have reached here");
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$org$apache$geronimo$security$ContextManager == null) {
            cls = class$("org.apache.geronimo.security.ContextManager");
            class$org$apache$geronimo$security$ContextManager = cls;
        } else {
            cls = class$org$apache$geronimo$security$ContextManager;
        }
        $assertionsDisabled = !cls.desiredAssertionStatus();
        currentCallerId = new ThreadLocal();
        currentCaller = new ThreadLocal();
        nextCaller = new ThreadLocal();
        subjectContexts = new IdentityHashMap();
        subjectIds = new Hashtable();
        nextSubjectId = System.currentTimeMillis();
        nextPrincipalId = System.currentTimeMillis();
        GET_CONTEXT = new GeronimoSecurityPermission("getContext");
        SET_CONTEXT = new GeronimoSecurityPermission("setContext");
        password = "secret";
        setAlgorithm("HmacSHA1");
    }
}
