package com.sun.enterprise.security.auth.login;

import com.sun.enterprise.iiop.security.AnonCredential;
import com.sun.enterprise.iiop.security.GSSUPName;
import com.sun.enterprise.security.audit.AuditManager;
import com.sun.enterprise.security.auth.login.common.LoginException;
import com.sun.enterprise.security.auth.login.common.PasswordCredential;
import com.sun.enterprise.security.auth.login.common.ServerLoginCallbackHandler;
import com.sun.enterprise.security.auth.login.common.X509CertificateCredential;
import com.sun.enterprise.security.auth.realm.InvalidOperationException;
import com.sun.enterprise.security.auth.realm.NoSuchRealmException;
import com.sun.enterprise.security.auth.realm.NoSuchUserException;
import com.sun.enterprise.security.auth.realm.Realm;
import com.sun.enterprise.security.auth.realm.certificate.CertificateRealm;
import com.sun.enterprise.security.common.AppservAccessController;
import com.sun.enterprise.security.common.ClientSecurityContext;
import com.sun.enterprise.security.common.Util;
import com.sun.enterprise.security.integration.AppServSecurityContext;
import com.sun.logging.LogDomains;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginContext;
import javax.security.auth.x500.X500Principal;
import org.glassfish.security.common.Group;
import org.glassfish.security.common.PrincipalImpl;
import sun.security.x509.X500Name;

/* loaded from: input_file:glassfish-embedded-all-3.0-nx.jar:com/sun/enterprise/security/auth/login/LoginContextDriver.class */
public class LoginContextDriver {
    private static final Logger _logger;
    private static final ServerLoginCallbackHandler dummyCallback;
    private static final String CLIENT_JAAS_PASSWORD = "default";
    private static final String CLIENT_JAAS_CERTIFICATE = "certificate";
    public static final String CERT_REALMNAME = "certificate";
    public static AuditManager AUDIT_MANAGER;
    static final /* synthetic */ boolean $assertionsDisabled;

    private LoginContextDriver() {
    }

    public static void login(String str, String str2, String str3) {
        if (str3 == null || !Realm.isValidRealm(str3)) {
            str3 = Realm.getDefaultRealm();
        }
        final Subject subject = new Subject();
        final PasswordCredential passwordCredential = new PasswordCredential(str, str2, str3);
        AppservAccessController.doPrivileged(new PrivilegedAction() { // from class: com.sun.enterprise.security.auth.login.LoginContextDriver.1
            @Override // java.security.PrivilegedAction
            public Object run() {
                subject.getPrivateCredentials().add(passwordCredential);
                return subject;
            }
        });
        login(subject, PasswordCredential.class);
    }

    public static void login(Subject subject, Class cls) throws LoginException {
        if (_logger.isLoggable(Level.FINEST)) {
            _logger.log(Level.FINEST, "Processing login with credentials of type: " + cls.toString());
        }
        if (cls.equals(PasswordCredential.class)) {
            doPasswordLogin(subject);
            return;
        }
        if (cls.equals(X509CertificateCredential.class)) {
            doCertificateLogin(subject);
            return;
        }
        if (cls.equals(AnonCredential.class)) {
            doAnonLogin();
            return;
        }
        if (cls.equals(GSSUPName.class)) {
            doGSSUPLogin(subject);
        } else if (cls.equals(X500Name.class)) {
            doX500Login(subject);
        } else {
            _logger.log(Level.INFO, "java_security.unknown_credential", cls.toString());
            throw new LoginException("Unknown credential type, cannot login.");
        }
    }

    public static void loginPrincipal(String str, String str2) throws LoginException {
        if (str2 == null || str2.length() == 0) {
            str2 = Realm.getDefaultRealm();
        }
        final Subject subject = new Subject();
        final PrincipalImpl principalImpl = new PrincipalImpl(str);
        final GSSUPName gSSUPName = new GSSUPName(str, str2);
        AppservAccessController.doPrivileged(new PrivilegedAction() { // from class: com.sun.enterprise.security.auth.login.LoginContextDriver.2
            @Override // java.security.PrivilegedAction
            public Object run() {
                subject.getPrincipals().add(principalImpl);
                subject.getPublicCredentials().add(gSSUPName);
                return null;
            }
        });
        try {
            Enumeration groupNames = Realm.getInstance(str2).getGroupNames(str);
            Set<Principal> principals = subject.getPrincipals();
            while (groupNames.hasMoreElements()) {
                principals.add(new Group((String) groupNames.nextElement()));
            }
        } catch (InvalidOperationException e) {
            _logger.warning("Realm " + str2 + ": " + e.toString());
        } catch (NoSuchRealmException e2) {
            LoginException loginException = new LoginException(e2.toString());
            loginException.initCause(e2);
            throw loginException;
        } catch (NoSuchUserException e3) {
            _logger.warning("Realm " + str2 + ": " + e3.toString());
        }
        setSecurityContext(str, subject, str2);
    }

    public static void logout() throws LoginException {
        unsetSecurityContext();
    }

    private static void doPasswordLogin(Subject subject) throws LoginException {
        Object privateCredentials = getPrivateCredentials(subject, PasswordCredential.class);
        if (!$assertionsDisabled && privateCredentials == null) {
            throw new AssertionError();
        }
        PasswordCredential passwordCredential = (PasswordCredential) privateCredentials;
        String user = passwordCredential.getUser();
        String password = passwordCredential.getPassword();
        String realm = passwordCredential.getRealm();
        try {
            String jAASContext = Realm.getInstance(realm).getJAASContext();
            if (!$assertionsDisabled && user == null) {
                throw new AssertionError();
            }
            if (!$assertionsDisabled && password == null) {
                throw new AssertionError();
            }
            if (!$assertionsDisabled && realm == null) {
                throw new AssertionError();
            }
            if (!$assertionsDisabled && jAASContext == null) {
                throw new AssertionError();
            }
            if (_logger.isLoggable(Level.FINE)) {
                _logger.fine("Logging in user [" + user + "] into realm: " + realm + " using JAAS module: " + jAASContext);
            }
            try {
                new LoginContext(jAASContext, subject, dummyCallback).login();
                if (AUDIT_MANAGER.isAuditOn()) {
                    AUDIT_MANAGER.authentication(user, realm, true);
                }
                if (_logger.isLoggable(Level.FINE)) {
                    _logger.fine("Password login succeeded for : " + user);
                }
                setSecurityContext(user, subject, realm);
                if (_logger.isLoggable(Level.FINE)) {
                    _logger.log(Level.FINE, "Set security context as user: " + user);
                }
            } catch (Exception e) {
                if (_logger.isLoggable(Level.INFO)) {
                    _logger.log(Level.INFO, "java_security.audit_auth_refused", user);
                }
                if (_logger.isLoggable(Level.FINEST)) {
                    _logger.log(Level.FINEST, "doPasswordLogin fails", (Throwable) e);
                }
                if (AUDIT_MANAGER.isAuditOn()) {
                    AUDIT_MANAGER.authentication(user, realm, false);
                }
                if (!(e instanceof LoginException)) {
                    throw ((LoginException) new LoginException("Login failed: " + e.toString()).initCause(e));
                }
                throw ((LoginException) e);
            }
        } catch (Exception e2) {
            if (!(e2 instanceof LoginException)) {
                throw ((LoginException) new LoginException(e2.toString()).initCause(e2));
            }
            throw ((LoginException) e2);
        }
    }

    public static Subject jmacLogin(Subject subject, String str, String str2, String str3) throws LoginException {
        if (str3 == null || !Realm.isValidRealm(str3)) {
            str3 = Realm.getDefaultRealm();
        }
        if (subject == null) {
            subject = new Subject();
        }
        final Subject subject2 = subject;
        final PasswordCredential passwordCredential = new PasswordCredential(str, str2, str3);
        AppservAccessController.doPrivileged(new PrivilegedAction() { // from class: com.sun.enterprise.security.auth.login.LoginContextDriver.3
            @Override // java.security.PrivilegedAction
            public Object run() {
                subject2.getPrivateCredentials().add(passwordCredential);
                return subject2;
            }
        });
        try {
            String jAASContext = Realm.getInstance(str3).getJAASContext();
            if (_logger.isLoggable(Level.FINE)) {
                _logger.fine("jmac login user [" + str + "] into realm: " + str3 + " using JAAS module: " + jAASContext);
            }
            try {
                new LoginContext(jAASContext, subject2, dummyCallback).login();
                if (AUDIT_MANAGER.isAuditOn()) {
                    AUDIT_MANAGER.authentication(str, str3, true);
                }
                if (_logger.isLoggable(Level.FINE)) {
                    _logger.fine("jmac Password login succeeded for : " + str);
                }
                return subject;
            } catch (Exception e) {
                if (_logger.isLoggable(Level.INFO)) {
                    _logger.log(Level.INFO, "java_security.audit_auth_refused", str);
                }
                if (AUDIT_MANAGER.isAuditOn()) {
                    AUDIT_MANAGER.authentication(str, str3, false);
                }
                if (e instanceof LoginException) {
                    throw ((LoginException) e);
                }
                throw ((LoginException) new LoginException("Login failed: " + e.toString()).initCause(e));
            }
        } catch (Exception e2) {
            if (e2 instanceof LoginException) {
                throw ((LoginException) e2);
            }
            throw ((LoginException) new LoginException(e2.toString()).initCause(e2));
        }
    }

    public static Subject jmacLogin(Subject subject, X500Principal x500Principal) throws LoginException {
        if (subject == null) {
            subject = new Subject();
        }
        final Subject subject2 = subject;
        String str = "";
        try {
            final X500Name x500Name = new X500Name(x500Principal.getName("RFC1779"));
            str = x500Name.toString();
            AppservAccessController.doPrivileged(new PrivilegedAction() { // from class: com.sun.enterprise.security.auth.login.LoginContextDriver.4
                @Override // java.security.PrivilegedAction
                public Object run() {
                    subject2.getPublicCredentials().add(x500Name);
                    return subject2;
                }
            });
            ((CertificateRealm) Realm.getInstance("certificate")).authenticate(subject2, x500Name);
            if (_logger.isLoggable(Level.FINE)) {
                _logger.fine("jmac cert login succeeded for: " + str);
            }
            if (AUDIT_MANAGER.isAuditOn()) {
                AUDIT_MANAGER.authentication(str, "certificate", true);
            }
            return subject;
        } catch (Exception e) {
            if (_logger.isLoggable(Level.INFO)) {
                _logger.log(Level.INFO, "java_security.audit_auth_refused", str);
            }
            if (AUDIT_MANAGER.isAuditOn()) {
                AUDIT_MANAGER.authentication(str, "certificate", false);
            }
            if (e instanceof LoginException) {
                throw ((LoginException) e);
            }
            throw ((LoginException) new LoginException(e.toString()).initCause(e));
        }
    }

    private static void doCertificateLogin(Subject subject) throws LoginException {
        if (_logger.isLoggable(Level.FINE)) {
            _logger.log(Level.FINE, "Processing X509 certificate login.");
        }
        String str = null;
        try {
            str = ((X509CertificateCredential) getPublicCredentials(subject, X509CertificateCredential.class)).getAlias();
            if (_logger.isLoggable(Level.FINE)) {
                _logger.log(Level.FINE, "Set security context as user: " + str);
            }
            setSecurityContext(str, subject, "certificate");
            if (AUDIT_MANAGER.isAuditOn()) {
                AUDIT_MANAGER.authentication(str, "certificate", true);
            }
        } catch (LoginException e) {
            if (AUDIT_MANAGER.isAuditOn()) {
                AUDIT_MANAGER.authentication(str, "certificate", false);
            }
            throw e;
        }
    }

    private static void doAnonLogin() throws LoginException {
        ((AppServSecurityContext) Util.getDefaultHabitat().getByContract(AppServSecurityContext.class)).setUnauthenticatedSecurityContext();
        if (_logger.isLoggable(Level.FINE)) {
            _logger.log(Level.FINE, "Set anonymous security context.");
        }
    }

    private static void doGSSUPLogin(Subject subject) throws LoginException {
        if (_logger.isLoggable(Level.FINE)) {
            _logger.fine("Processing GSSUP login.");
        }
        String str = null;
        String defaultRealm = Realm.getDefaultRealm();
        try {
            str = ((GSSUPName) getPublicCredentials(subject, GSSUPName.class)).getUser();
            setSecurityContext(str, subject, defaultRealm);
            if (AUDIT_MANAGER.isAuditOn()) {
                AUDIT_MANAGER.authentication(str, defaultRealm, true);
            }
            if (_logger.isLoggable(Level.FINE)) {
                _logger.fine("GSSUP login succeeded for : " + str);
            }
        } catch (LoginException e) {
            if (AUDIT_MANAGER.isAuditOn()) {
                AUDIT_MANAGER.authentication(str, defaultRealm, false);
            }
            throw e;
        }
    }

    private static void doX500Login(Subject subject) throws LoginException {
        if (_logger.isLoggable(Level.FINE)) {
            _logger.fine("Processing X.500 name login.");
        }
        String str = null;
        String str2 = null;
        try {
            X500Name x500Name = (X500Name) getPublicCredentials(subject, X500Name.class);
            str = x500Name.getName();
            Realm realm = Realm.getInstance("certificate");
            if (realm instanceof CertificateRealm) {
                ((CertificateRealm) realm).authenticate(subject, x500Name);
                str2 = "certificate";
                if (AUDIT_MANAGER.isAuditOn()) {
                    AUDIT_MANAGER.authentication(str, str2, true);
                }
            } else {
                _logger.warning("certlogin.badrealm");
                setSecurityContext(str, subject, null);
                str2 = realm.getName();
            }
            if (_logger.isLoggable(Level.FINE)) {
                _logger.fine("X.500 name login succeeded for : " + str);
            }
        } catch (LoginException e) {
            if (AUDIT_MANAGER.isAuditOn()) {
                AUDIT_MANAGER.authentication(str, str2, false);
            }
            throw e;
        } catch (Exception e2) {
            throw ((LoginException) new LoginException(e2.toString()).initCause(e2));
        }
    }

    private static Object getPublicCredentials(Subject subject, Class cls) throws LoginException {
        final Iterator it = subject.getPublicCredentials(cls).iterator();
        if (!it.hasNext()) {
            String cls2 = cls.toString();
            if (_logger.isLoggable(Level.FINER)) {
                _logger.finer("Expected public credentials of type : " + cls2 + " but none found.");
            }
            throw new LoginException("Expected public credential of type: " + cls2 + " but none found.");
        }
        try {
            return AppservAccessController.doPrivileged(new PrivilegedAction() { // from class: com.sun.enterprise.security.auth.login.LoginContextDriver.5
                @Override // java.security.PrivilegedAction
                public Object run() {
                    return it.next();
                }
            });
        } catch (Exception e) {
            if (e instanceof LoginException) {
                throw ((LoginException) e);
            }
            throw ((LoginException) new LoginException("Failed to retrieve public credential: " + e.toString()).initCause(e));
        }
    }

    private static Object getPrivateCredentials(final Subject subject, final Class cls) throws LoginException {
        final Iterator it = ((Set) AppservAccessController.doPrivileged(new PrivilegedAction() { // from class: com.sun.enterprise.security.auth.login.LoginContextDriver.6
            @Override // java.security.PrivilegedAction
            public Object run() {
                return subject.getPrivateCredentials(cls);
            }
        })).iterator();
        if (!it.hasNext()) {
            String cls2 = cls.toString();
            if (_logger.isLoggable(Level.FINER)) {
                _logger.finer("Expected private credential of type: " + cls2 + " but none found.");
            }
            throw new LoginException("Expected private credential of type: " + cls2 + " but none found.");
        }
        try {
            return AppservAccessController.doPrivileged(new PrivilegedAction() { // from class: com.sun.enterprise.security.auth.login.LoginContextDriver.7
                @Override // java.security.PrivilegedAction
                public Object run() {
                    return it.next();
                }
            });
        } catch (Exception e) {
            if (e instanceof LoginException) {
                throw ((LoginException) e);
            }
            throw ((LoginException) new LoginException("Failed to retrieve private credential: " + e.toString()).initCause(e));
        }
    }

    private static void setSecurityContext(String str, Subject subject, String str2) {
        AppServSecurityContext newInstance = ((AppServSecurityContext) Util.getDefaultHabitat().getByContract(AppServSecurityContext.class)).newInstance(str, subject, str2);
        newInstance.setCurrentSecurityContext(newInstance);
    }

    private static void unsetSecurityContext() {
        ((AppServSecurityContext) Util.getDefaultHabitat().getByContract(AppServSecurityContext.class)).setCurrentSecurityContext(null);
    }

    public static Subject doClientLogin(int i, final CallbackHandler callbackHandler) throws LoginException {
        final Subject subject = new Subject();
        AppservAccessController.doPrivileged(new PrivilegedAction() { // from class: com.sun.enterprise.security.auth.login.LoginContextDriver.8
            @Override // java.security.PrivilegedAction
            public Object run() {
                try {
                    new LoginContext("default", subject, callbackHandler).login();
                    LoginContextDriver.postClientAuth(subject, PasswordCredential.class);
                    return null;
                } catch (javax.security.auth.login.LoginException e) {
                    throw ((LoginException) new LoginException(e.toString()).initCause(e));
                }
            }
        });
        return subject;
    }

    public static void doClientLogout() throws LoginException {
        unsetClientSecurityContext();
    }

    public static void login(DigestCredentials digestCredentials) throws javax.security.auth.login.LoginException {
        Subject subject = new Subject();
        subject.getPrivateCredentials().add(digestCredentials);
        try {
            try {
                new LoginContext(Realm.getInstance(digestCredentials.getRealmName()).getJAASContext(), subject, dummyCallback).login();
                setSecurityContext(digestCredentials.getUserName(), subject, digestCredentials.getRealmName());
            } catch (Exception e) {
                if (_logger.isLoggable(Level.INFO)) {
                    _logger.log(Level.INFO, "java_security.audit_auth_refused", digestCredentials.getUserName());
                }
                if (_logger.isLoggable(Level.FINEST)) {
                    _logger.log(Level.FINEST, "doPasswordLogin fails", (Throwable) e);
                }
                if (AUDIT_MANAGER.isAuditOn()) {
                    AUDIT_MANAGER.authentication(digestCredentials.getUserName(), digestCredentials.getRealmName(), false);
                }
                if (!(e instanceof LoginException)) {
                    throw ((LoginException) new LoginException("Login failed: " + e.toString()).initCause(e));
                }
                throw ((LoginException) e);
            }
        } catch (Exception e2) {
            if (!(e2 instanceof LoginException)) {
                throw ((LoginException) new LoginException(e2.toString()).initCause(e2));
            }
            throw ((LoginException) e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void postClientAuth(final Subject subject, final Class cls) {
        final Iterator it = ((Set) AppservAccessController.doPrivileged(new PrivilegedAction() { // from class: com.sun.enterprise.security.auth.login.LoginContextDriver.9
            @Override // java.security.PrivilegedAction
            public Object run() {
                if (LoginContextDriver._logger.isLoggable(Level.FINEST)) {
                    LoginContextDriver._logger.log(Level.FINEST, "LCD post login subject :" + subject);
                }
                return subject.getPrivateCredentials(cls);
            }
        })).iterator();
        while (it.hasNext()) {
            Object obj = null;
            try {
                obj = AppservAccessController.doPrivileged(new PrivilegedAction() { // from class: com.sun.enterprise.security.auth.login.LoginContextDriver.10
                    @Override // java.security.PrivilegedAction
                    public Object run() {
                        return it.next();
                    }
                });
            } catch (Exception e) {
                _logger.log(Level.SEVERE, "java_security.accesscontroller_action_exception", (Throwable) e);
            }
            if (obj instanceof PasswordCredential) {
                PasswordCredential passwordCredential = (PasswordCredential) obj;
                String user = passwordCredential.getUser();
                if (_logger.isLoggable(Level.FINEST)) {
                    _logger.log(Level.FINEST, "In LCD user-pass login:" + user + " realm :" + passwordCredential.getRealm());
                }
                setClientSecurityContext(user, subject);
                return;
            }
            if (obj instanceof X509CertificateCredential) {
                X509CertificateCredential x509CertificateCredential = (X509CertificateCredential) obj;
                String alias = x509CertificateCredential.getAlias();
                if (_logger.isLoggable(Level.FINEST)) {
                    _logger.log(Level.FINEST, "In LCD cert-login::" + alias + " realm :" + x509CertificateCredential.getRealm());
                }
                setClientSecurityContext(alias, subject);
                return;
            }
        }
    }

    private static void setClientSecurityContext(String str, Subject subject) {
        ClientSecurityContext.setCurrent(new ClientSecurityContext(str, subject));
    }

    private static void unsetClientSecurityContext() {
        ClientSecurityContext.setCurrent(null);
    }

    static {
        $assertionsDisabled = !LoginContextDriver.class.desiredAssertionStatus();
        _logger = LogDomains.getLogger(LoginContextDriver.class, LogDomains.SECURITY_LOGGER);
        dummyCallback = new ServerLoginCallbackHandler();
    }
}
