package com.sun.enterprise.security;

import com.sun.enterprise.config.serverbeans.SecurityService;
import com.sun.enterprise.security.auth.login.DistinguishedPrincipalCredential;
import com.sun.enterprise.security.common.AbstractSecurityContext;
import com.sun.enterprise.security.common.AppservAccessController;
import com.sun.enterprise.security.integration.AppServSecurityContext;
import com.sun.enterprise.security.web.integration.PrincipalGroupFactory;
import com.sun.enterprise.security.web.integration.WebPrincipal;
import com.sun.logging.LogDomains;
import java.security.AccessController;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.security.PrivilegedExceptionAction;
import java.util.Iterator;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.AuthPermission;
import javax.security.auth.Subject;
import org.glassfish.security.common.PrincipalImpl;
import org.jvnet.hk2.annotations.Scoped;
import org.jvnet.hk2.annotations.Service;
import org.jvnet.hk2.component.PerLookup;

@Service
@Scoped(PerLookup.class)
/* loaded from: input_file:glassfish-embedded-all-3.0-b38.jar:com/sun/enterprise/security/SecurityContext.class */
public class SecurityContext extends AbstractSecurityContext {
    private static Logger _logger;
    private static InheritableThreadLocal<SecurityContext> currentSecCtx = new InheritableThreadLocal<>();
    private static SecurityContext defaultSecurityContext = generateDefaultSecurityContext();
    private static AuthPermission doAsPrivilegedPerm = new AuthPermission("doAsPrivileged");
    private boolean SERVER_GENERATED_SECURITY_CONTEXT = false;

    public SecurityContext(String str, Subject subject) {
        Subject subject2 = subject;
        if (subject2 == null) {
            subject2 = new Subject();
            if (_logger.isLoggable(Level.WARNING)) {
                _logger.warning("java_security.null_subject");
            }
        }
        this.initiator = new PrincipalImpl(str);
        final Subject subject3 = subject2;
        this.subject = (Subject) AppservAccessController.doPrivileged(new PrivilegedAction() { // from class: com.sun.enterprise.security.SecurityContext.1
            @Override // java.security.PrivilegedAction
            public Object run() {
                subject3.getPrincipals().add(SecurityContext.this.initiator);
                return subject3;
            }
        });
    }

    public SecurityContext(Subject subject) {
        if (subject == null) {
            subject = new Subject();
            if (_logger.isLoggable(Level.WARNING)) {
                _logger.warning("java_security.null_subject");
            }
        }
        final Subject subject2 = subject;
        this.subject = subject;
        this.initiator = (Principal) AppservAccessController.doPrivileged(new PrivilegedAction() { // from class: com.sun.enterprise.security.SecurityContext.2
            @Override // java.security.PrivilegedAction
            public Object run() {
                Principal principal = null;
                Iterator<Object> it = subject2.getPublicCredentials().iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    Object next = it.next();
                    if (next instanceof DistinguishedPrincipalCredential) {
                        principal = ((DistinguishedPrincipalCredential) next).getPrincipal();
                        break;
                    }
                }
                if (principal == null) {
                    Iterator<Principal> it2 = subject2.getPrincipals().iterator();
                    if (it2.hasNext()) {
                        principal = it2.next();
                    }
                }
                return principal;
            }
        });
        postConstruct();
    }

    private void initDefaultCallerPrincipal() {
        if (this.initiator == null) {
            this.initiator = getDefaultCallerPrincipal();
        }
    }

    public SecurityContext(String str, Subject subject, String str2) {
        Subject subject2 = subject;
        if (subject2 == null) {
            subject2 = new Subject();
            if (_logger.isLoggable(Level.WARNING)) {
                _logger.warning("java_security.null_subject");
            }
        }
        this.initiator = PrincipalGroupFactory.getPrincipalInstance(str, str2);
        final Subject subject3 = subject2;
        this.subject = (Subject) AppservAccessController.doPrivileged(new PrivilegedAction() { // from class: com.sun.enterprise.security.SecurityContext.3
            @Override // java.security.PrivilegedAction
            public Object run() {
                subject3.getPrincipals().add(SecurityContext.this.initiator);
                return subject3;
            }
        });
    }

    public SecurityContext() {
        if (_logger.isLoggable(Level.FINE)) {
            _logger.log(Level.FINE, "Default CTOR of SecurityContext called");
        }
        this.subject = new Subject();
        this.initiator = null;
        setServerGeneratedCredentials();
        this.subject.setReadOnly();
    }

    public static SecurityContext init() {
        SecurityContext securityContext = currentSecCtx.get();
        if (securityContext == null) {
            securityContext = defaultSecurityContext;
        }
        return securityContext;
    }

    public static SecurityContext getDefaultSecurityContext() {
        return defaultSecurityContext;
    }

    public static Subject getDefaultSubject() {
        return defaultSecurityContext.subject;
    }

    /* JADX WARN: Finally extract failed */
    public static Principal getDefaultCallerPrincipal() {
        synchronized (SecurityContext.class) {
            if (defaultSecurityContext.initiator == null) {
                String str = null;
                try {
                    try {
                        str = (String) AppservAccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.sun.enterprise.security.SecurityContext.4
                            @Override // java.security.PrivilegedExceptionAction
                            public Object run() throws Exception {
                                SecurityService securityService = (SecurityService) SecurityServicesUtil.getInstance().getHabitat().getComponent(SecurityService.class);
                                if (securityService == null) {
                                    return null;
                                }
                                return securityService.getDefaultPrincipal();
                            }
                        });
                        if (str == null) {
                            str = "ANONYMOUS";
                        }
                    } catch (Throwable th) {
                        if (str == null) {
                        }
                        throw th;
                    }
                } catch (Exception e) {
                    _logger.log(Level.SEVERE, "java_security.default_user_login_Exception", (Throwable) e);
                    if (str == null) {
                        str = "ANONYMOUS";
                    }
                }
                defaultSecurityContext.initiator = new PrincipalImpl(str);
            }
        }
        return defaultSecurityContext.initiator;
    }

    private static SecurityContext generateDefaultSecurityContext() {
        SecurityContext securityContext;
        synchronized (SecurityContext.class) {
            try {
                securityContext = (SecurityContext) AppservAccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.sun.enterprise.security.SecurityContext.5
                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws Exception {
                        return new SecurityContext();
                    }
                });
            } catch (Exception e) {
                _logger.log(Level.SEVERE, "java_security.security_context_exception", (Throwable) e);
                return null;
            }
        }
        return securityContext;
    }

    public static void reset(SecurityContext securityContext) {
        setCurrent(securityContext);
    }

    public static SecurityContext getCurrent() {
        SecurityContext securityContext = currentSecCtx.get();
        if (securityContext == null) {
            securityContext = defaultSecurityContext;
        }
        return securityContext;
    }

    public static void setCurrent(SecurityContext securityContext) {
        if (securityContext == null || securityContext == defaultSecurityContext) {
            currentSecCtx.set(securityContext);
            return;
        }
        if (securityContext != currentSecCtx.get()) {
            boolean z = false;
            try {
                java.lang.SecurityManager securityManager = System.getSecurityManager();
                if (securityManager != null) {
                    if (_logger.isLoggable(Level.FINE)) {
                        _logger.fine("permission check done to set SecurityContext");
                    }
                    securityManager.checkPermission(doAsPrivilegedPerm);
                }
                z = true;
            } catch (SecurityException e) {
                _logger.log(Level.SEVERE, "java_security.security_context_permission_exception", (Throwable) e);
            } catch (Throwable th) {
                _logger.log(Level.SEVERE, "java_security.security_context_unexpected_exception", th);
            }
            if (z) {
                currentSecCtx.set(securityContext);
            } else {
                _logger.severe("java_security.security_context_nochange");
            }
        }
    }

    public static void setUnauthenticatedContext() {
        currentSecCtx.set(defaultSecurityContext);
    }

    public boolean didServerGenerateCredentials() {
        return this.SERVER_GENERATED_SECURITY_CONTEXT;
    }

    private void setServerGeneratedCredentials() {
        this.SERVER_GENERATED_SECURITY_CONTEXT = true;
    }

    @Override // com.sun.enterprise.security.common.AbstractSecurityContext, com.sun.enterprise.security.integration.AppServSecurityContext
    public Principal getCallerPrincipal() {
        return this == defaultSecurityContext ? getDefaultCallerPrincipal() : this.initiator;
    }

    @Override // com.sun.enterprise.security.common.AbstractSecurityContext, com.sun.enterprise.security.integration.AppServSecurityContext
    public Subject getSubject() {
        return this.subject;
    }

    public String toString() {
        return "SecurityContext[ Initiator: " + this.initiator + "Subject " + this.subject + " ]";
    }

    public Set getPrincipalSet() {
        return this.subject.getPrincipals();
    }

    public void postConstruct() {
        initDefaultCallerPrincipal();
    }

    @Override // com.sun.enterprise.security.integration.AppServSecurityContext
    public AppServSecurityContext newInstance(String str, Subject subject, String str2) {
        if (_logger.isLoggable(Level.FINE)) {
            _logger.log(Level.FINE, "SecurityContext: newInstance method called");
        }
        return new SecurityContext(str, subject, str2);
    }

    @Override // com.sun.enterprise.security.integration.AppServSecurityContext
    public AppServSecurityContext newInstance(String str, Subject subject) {
        if (_logger.isLoggable(Level.FINE)) {
            _logger.log(Level.FINE, "SecurityContext: newInstance method called");
        }
        return new SecurityContext(str, subject);
    }

    @Override // com.sun.enterprise.security.integration.AppServSecurityContext
    public void setCurrentSecurityContext(AppServSecurityContext appServSecurityContext) {
        if (_logger.isLoggable(Level.FINE)) {
            _logger.log(Level.FINE, "SecurityContext: setCurrentSecurityContext method called");
        }
        if (appServSecurityContext == null) {
            setCurrent(null);
        } else {
            if (!(appServSecurityContext instanceof SecurityContext)) {
                throw new IllegalArgumentException("Expected SecurityContext, found " + appServSecurityContext);
            }
            setCurrent((SecurityContext) appServSecurityContext);
        }
    }

    @Override // com.sun.enterprise.security.integration.AppServSecurityContext
    public AppServSecurityContext getCurrentSecurityContext() {
        if (_logger.isLoggable(Level.FINE)) {
            _logger.log(Level.FINE, "SecurityContext: getCurrent() method called");
        }
        return getCurrent();
    }

    @Override // com.sun.enterprise.security.integration.AppServSecurityContext
    public void setUnauthenticatedSecurityContext() {
        if (_logger.isLoggable(Level.FINE)) {
            _logger.log(Level.FINE, "SecurityContext: setUnauthenticatedSecurityContext method called");
        }
        setUnauthenticatedContext();
    }

    @Override // com.sun.enterprise.security.integration.AppServSecurityContext
    public void setSecurityContextWithPrincipal(Principal principal) {
        setCurrent(getSecurityContextForPrincipal(principal));
    }

    private SecurityContext getSecurityContextForPrincipal(final Principal principal) {
        if (principal == null) {
            return null;
        }
        return principal instanceof WebPrincipal ? ((WebPrincipal) principal).getSecurityContext() : (SecurityContext) AccessController.doPrivileged(new PrivilegedAction<SecurityContext>() { // from class: com.sun.enterprise.security.SecurityContext.6
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public SecurityContext run() {
                Subject subject = new Subject();
                subject.getPrincipals().add(principal);
                return new SecurityContext(principal.getName(), subject);
            }
        });
    }

    static {
        _logger = null;
        _logger = LogDomains.getLogger(SecurityContext.class, LogDomains.SECURITY_LOGGER);
    }
}
