package org.jboss.jetty.security;

import java.io.Serializable;
import java.security.Principal;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.HashMap;
import java.util.Set;
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.security.auth.Subject;
import org.jboss.logging.Logger;
import org.jboss.security.AuthenticationManager;
import org.jboss.security.RealmMapping;
import org.jboss.security.SecurityAssociation;
import org.jboss.security.SimplePrincipal;
import org.jboss.security.SubjectSecurityManager;
import org.mortbay.http.HashSSORealm;
import org.mortbay.http.HttpRequest;
import org.mortbay.http.HttpResponse;
import org.mortbay.http.SSORealm;
import org.mortbay.http.UserRealm;
import org.mortbay.util.Credential;

/* loaded from: input_file:org/jboss/jetty/security/JBossUserRealm.class */
public class JBossUserRealm implements UserRealm, SSORealm {
    private final Logger _log;
    private final String _realmName;
    private final String _subjAttrName;
    private final boolean _useJAAS;
    private static final HashMap _sharedHashSSORealms = new HashMap();
    static Class class$org$jboss$jetty$security$JBossUserRealm;
    private final HashMap _users = new HashMap();
    private AuthenticationManager _authMgr = null;
    private RealmMapping _realmMapping = null;
    private SubjectSecurityManager _subjSecMgr = null;
    private String _ssoRealmName = null;
    private HashSSORealm _ssoRealm = null;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/jboss/jetty/security/JBossUserRealm$JBossCertificatePrincipal.class */
    public static class JBossCertificatePrincipal extends JBossUserPrincipal {
        private X509Certificate[] _certs;

        JBossCertificatePrincipal(String str, Logger logger, X509Certificate[] x509CertificateArr) {
            super(str, logger);
            this._certs = x509CertificateArr;
            if (this._logRef.isDebugEnabled()) {
                this._logRef.debug(new StringBuffer().append("created JBossUserRealm::JBossCertificatePrincipal: ").append(str).toString());
            }
        }

        @Override // org.jboss.jetty.security.JBossUserRealm.JBossUserPrincipal
        public boolean isAuthenticated() {
            this._logRef.debug("JBossUserRealm::isAuthenticated called");
            return true;
        }

        public boolean authenticate() {
            boolean z = false;
            if (this._logRef.isDebugEnabled()) {
                this._logRef.debug(new StringBuffer().append("authenticating: Name:").append(this._principal).toString());
            }
            if (this._subjSecMgrRef == null || !this._subjSecMgrRef.isValid(this._principal, this._certs)) {
                this._logRef.warn(new StringBuffer().append("authentication failure: ").append(this._principal).toString());
            } else {
                if (this._logRef.isDebugEnabled()) {
                    this._logRef.debug(new StringBuffer().append("authenticated: ").append(this._principal).toString());
                }
                SecurityAssociation.setPrincipal(this._principal);
                SecurityAssociation.setCredential(this._certs);
                z = true;
            }
            return z;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/jboss/jetty/security/JBossUserRealm$JBossUserPrincipal.class */
    public static class JBossUserPrincipal implements Principal, Serializable {
        protected transient Logger _logRef;
        protected transient RealmMapping _realmMappingRef;
        protected transient SubjectSecurityManager _subjSecMgrRef;
        protected transient JBossUserRealm _realm;
        final SimplePrincipal _principal;
        private String _password;

        JBossUserPrincipal(String str, Logger logger) {
            this._principal = new SimplePrincipal(str);
            this._logRef = logger;
            if (logger.isDebugEnabled()) {
                logger.debug(new StringBuffer().append("created JBossUserRealm::JBossUserPrincipal: ").append(str).toString());
            }
        }

        void associateWithRealm(RealmMapping realmMapping, SubjectSecurityManager subjectSecurityManager, JBossUserRealm jBossUserRealm) {
            this._realmMappingRef = realmMapping;
            this._subjSecMgrRef = subjectSecurityManager;
            this._realm = jBossUserRealm;
        }

        private boolean isAuthenticated(String str) {
            boolean z = false;
            if (str == null) {
                str = "";
            }
            char[] charArray = str.toCharArray();
            if (this._logRef.isDebugEnabled()) {
                this._logRef.debug(new StringBuffer().append("authenticating: Name:").append(this._principal).append(" Password:****").toString());
            }
            if (this._subjSecMgrRef == null || !this._subjSecMgrRef.isValid(this._principal, charArray)) {
                this._logRef.warn(new StringBuffer().append("authentication failure: ").append(this._principal).toString());
            } else {
                if (this._logRef.isDebugEnabled()) {
                    this._logRef.debug(new StringBuffer().append("authenticated: ").append(this._principal).toString());
                }
                SecurityAssociation.setPrincipal(this._principal);
                SecurityAssociation.setCredential(charArray);
                z = true;
            }
            return z;
        }

        @Override // java.security.Principal
        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            String name = getName();
            String name2 = ((JBossUserPrincipal) obj).getName();
            if (name == null && name2 == null) {
                return true;
            }
            return name != null && name.equals(name2);
        }

        @Override // java.security.Principal
        public String getName() {
            return this._realmMappingRef.getPrincipal(this._principal).getName();
        }

        public boolean authenticate(String str, HttpRequest httpRequest) {
            this._password = str;
            boolean isAuthenticated = isAuthenticated(this._password);
            if (isAuthenticated && this._subjSecMgrRef != null) {
                Subject activeSubject = this._subjSecMgrRef.getActiveSubject();
                if (this._logRef.isDebugEnabled()) {
                    this._logRef.debug(new StringBuffer().append("setting JAAS subjectAttributeName(j_subject) : ").append(activeSubject).toString());
                }
                httpRequest.setAttribute("j_subject", activeSubject);
            }
            return isAuthenticated;
        }

        public boolean isAuthenticated() {
            return isAuthenticated(this._password);
        }

        private UserRealm getUserRealm() {
            return this._realm;
        }

        public boolean isUserInRole(String str) {
            boolean z = false;
            Set singleton = Collections.singleton(new SimplePrincipal(str));
            if (this._realmMappingRef != null && this._realmMappingRef.doesUserHaveRole(this._principal, singleton)) {
                if (this._logRef.isDebugEnabled()) {
                    this._logRef.debug(new StringBuffer().append("JBossUserPrincipal: ").append(this._principal).append(" is in Role: ").append(str).toString());
                }
                z = true;
            } else if (this._logRef.isDebugEnabled()) {
                this._logRef.debug(new StringBuffer().append("JBossUserPrincipal: ").append(this._principal).append(" is NOT in Role: ").append(str).toString());
            }
            return z;
        }

        @Override // java.security.Principal
        public String toString() {
            return getName();
        }
    }

    public JBossUserRealm(String str, String str2) {
        Class cls;
        this._realmName = str;
        StringBuffer stringBuffer = new StringBuffer();
        if (class$org$jboss$jetty$security$JBossUserRealm == null) {
            cls = class$("org.jboss.jetty.security.JBossUserRealm");
            class$org$jboss$jetty$security$JBossUserRealm = cls;
        } else {
            cls = class$org$jboss$jetty$security$JBossUserRealm;
        }
        this._log = Logger.getLogger(stringBuffer.append(cls.getName()).append("#").append(this._realmName).toString());
        this._subjAttrName = str2;
        this._useJAAS = this._subjAttrName != null;
    }

    public void init() {
        this._log.debug("initialising...");
        try {
            Context context = (Context) new InitialContext().lookup("java:comp/env/security");
            this._authMgr = (AuthenticationManager) context.lookup("securityMgr");
            this._realmMapping = (RealmMapping) context.lookup("realmMapping");
            if (this._authMgr instanceof SubjectSecurityManager) {
                this._subjSecMgr = this._authMgr;
            }
        } catch (NamingException e) {
            this._log.error("java:comp/env/security does not appear to be correctly set up", e);
        }
        this._log.debug("...initialised");
    }

    private synchronized JBossUserPrincipal ensureUser(String str) {
        JBossUserPrincipal jBossUserPrincipal = (JBossUserPrincipal) this._users.get(str);
        if (jBossUserPrincipal == null) {
            jBossUserPrincipal = new JBossUserPrincipal(str, this._log);
            jBossUserPrincipal.associateWithRealm(this._realmMapping, this._subjSecMgr, this);
            this._users.put(str, jBossUserPrincipal);
        }
        return jBossUserPrincipal;
    }

    public Principal getPrincipal(String str) {
        return (Principal) this._users.get(str);
    }

    public Principal getUserPrincipal(String str) {
        return (Principal) this._users.get(str);
    }

    public Principal authenticate(String str, Object obj, HttpRequest httpRequest) {
        if (this._log.isDebugEnabled()) {
            this._log.debug(new StringBuffer().append("JBossUserPrincipal: ").append(str).toString());
        }
        JBossUserPrincipal jBossUserPrincipal = null;
        if (obj instanceof String) {
            jBossUserPrincipal = ensureUser(str);
            if (!jBossUserPrincipal.authenticate((String) obj, httpRequest)) {
                jBossUserPrincipal = null;
            }
        } else if (obj instanceof X509Certificate[]) {
            jBossUserPrincipal = authenticateFromCertificates((X509Certificate[]) obj);
        }
        if (jBossUserPrincipal != null) {
            httpRequest.setAuthType("CLIENT_CERT");
            httpRequest.setAuthUser(jBossUserPrincipal.getName());
            httpRequest.setUserPrincipal(jBossUserPrincipal);
        }
        return jBossUserPrincipal;
    }

    public boolean reauthenticate(Principal principal) {
        return ((JBossUserPrincipal) principal).isAuthenticated();
    }

    public boolean isAuthenticated(Principal principal) {
        return ((JBossUserPrincipal) principal).isAuthenticated();
    }

    public boolean isUserInRole(Principal principal, String str) {
        return ((JBossUserPrincipal) principal).isUserInRole(str);
    }

    public JBossUserPrincipal authenticateFromCertificates(X509Certificate[] x509CertificateArr) {
        JBossCertificatePrincipal jBossCertificatePrincipal = (JBossCertificatePrincipal) this._users.get(x509CertificateArr[0]);
        if (jBossCertificatePrincipal == null) {
            jBossCertificatePrincipal = new JBossCertificatePrincipal(getFilterFromCertificate(x509CertificateArr[0]), this._log, x509CertificateArr);
            jBossCertificatePrincipal.associateWithRealm(this._realmMapping, this._subjSecMgr, this);
            this._users.put(x509CertificateArr[0], jBossCertificatePrincipal);
        }
        if (jBossCertificatePrincipal.authenticate()) {
            this._log.debug("authenticateFromCertificates - authenticated");
            return jBossCertificatePrincipal;
        }
        this._log.debug("authenticateFromCertificates - returning NULL");
        return null;
    }

    private String getFilterFromCertificate(X509Certificate x509Certificate) {
        StringBuffer stringBuffer = new StringBuffer();
        String upperCase = x509Certificate.getSerialNumber().toString(16).toUpperCase();
        if (upperCase.length() % 2 != 0) {
            stringBuffer.append("0");
        }
        stringBuffer.append(upperCase);
        stringBuffer.append(" ");
        stringBuffer.append(x509Certificate.getIssuerDN().toString());
        return stringBuffer.toString();
    }

    public void disassociate(Principal principal) {
        SecurityAssociation.setPrincipal((Principal) null);
        SecurityAssociation.setCredential((Object) null);
    }

    public Principal pushRole(Principal principal, String str) {
        return principal;
    }

    public Principal popRole(Principal principal) {
        return principal;
    }

    public void logout(Principal principal) {
    }

    public void setSSORealmName(String str) {
        this._ssoRealmName = str;
        this._ssoRealm = null;
    }

    public String getSSORealmName() {
        return this._ssoRealmName;
    }

    public Credential getSingleSignOn(HttpRequest httpRequest, HttpResponse httpResponse) {
        if (!isSSORealm()) {
            return null;
        }
        Credential singleSignOn = this._ssoRealm.getSingleSignOn(httpRequest, httpResponse);
        if (this._log.isDebugEnabled()) {
            this._log.debug(new StringBuffer().append("getSingleSignOn principal=").append(httpRequest.getUserPrincipal()).append(" credential=").append(singleSignOn).toString());
        }
        return singleSignOn;
    }

    public void setSingleSignOn(HttpRequest httpRequest, HttpResponse httpResponse, Principal principal, Credential credential) {
        if (isSSORealm()) {
            if (this._log.isDebugEnabled()) {
                this._log.debug(new StringBuffer().append("setSingleSignOn called. principal=").append(principal).append(" credential=").append(credential).toString());
            }
            this._ssoRealm.setSingleSignOn(httpRequest, httpResponse, principal, credential);
        }
    }

    public void clearSingleSignOn(String str) {
        if (isSSORealm()) {
            if (this._log.isDebugEnabled()) {
                this._log.debug(new StringBuffer().append("clearSingleSignOn called. username=").append(str).toString());
            }
            this._ssoRealm.clearSingleSignOn(str);
            SecurityAssociation.setPrincipal((Principal) null);
            SecurityAssociation.setCredential((Object) null);
        }
    }

    private boolean isSSORealm() {
        if (this._ssoRealm == null && this._ssoRealmName != null) {
            synchronized (_sharedHashSSORealms) {
                this._ssoRealm = (HashSSORealm) _sharedHashSSORealms.get(this._ssoRealmName);
                if (this._ssoRealm == null) {
                    this._log.debug(new StringBuffer().append("created SSORealm for ").append(this._ssoRealmName).toString());
                    this._ssoRealm = new HashSSORealm();
                    _sharedHashSSORealms.put(this._ssoRealmName, this._ssoRealm);
                }
            }
        }
        return this._ssoRealm != null;
    }

    public String getName() {
        return this._realmName;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }
}
