package com.sun.enterprise.security;

import com.sun.enterprise.config.serverbeans.SecurityService;
import com.sun.enterprise.security.auth.login.DistinguishedPrincipalCredential;
import com.sun.enterprise.security.common.AbstractSecurityContext;
import com.sun.enterprise.security.common.AppservAccessController;
import com.sun.enterprise.security.integration.AppServSecurityContext;
import java.lang.annotation.Annotation;
import java.security.AccessController;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.security.PrivilegedExceptionAction;
import java.util.Iterator;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.AuthPermission;
import javax.security.auth.Subject;
import org.glassfish.api.admin.ServerEnvironment;
import org.glassfish.hk2.api.PerLookup;
import org.glassfish.internal.api.Globals;
import org.glassfish.security.common.PrincipalImpl;
import org.jvnet.hk2.annotations.Service;

@Service
@PerLookup
/* loaded from: input_file:com/sun/enterprise/security/SecurityContext.class */
public class SecurityContext extends AbstractSecurityContext {
    private static final long serialVersionUID = -1061816185561416857L;
    private static final Logger LOGGER = SecurityLoggerInfo.getLogger();
    private static InheritableThreadLocal<SecurityContext> currentSecurityContext = new InheritableThreadLocal<>();
    private static SecurityContext defaultSecurityContext = generateDefaultSecurityContext();
    private static AuthPermission doAsPrivilegedPerm = new AuthPermission("doAsPrivileged");
    private boolean serverGeneratedCredentials;

    public static SecurityContext init() {
        SecurityContext securityContext = currentSecurityContext.get();
        if (securityContext == null) {
            securityContext = defaultSecurityContext;
        }
        return securityContext;
    }

    public static SecurityContext getDefaultSecurityContext() {
        return defaultSecurityContext;
    }

    public static Subject getDefaultSubject() {
        return defaultSecurityContext.subject;
    }

    /* JADX WARN: Finally extract failed */
    public static Principal getDefaultCallerPrincipal() {
        synchronized (SecurityContext.class) {
            if (defaultSecurityContext.callerPrincipal == null) {
                String str = null;
                try {
                    try {
                        str = (String) AppservAccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: com.sun.enterprise.security.SecurityContext.1
                            @Override // java.security.PrivilegedExceptionAction
                            public Object run() throws Exception {
                                SecurityService securityService = (SecurityService) SecurityServicesUtil.getInstance().getHabitat().getService(SecurityService.class, ServerEnvironment.DEFAULT_INSTANCE_NAME, new Annotation[0]);
                                if (securityService == null) {
                                    return null;
                                }
                                return securityService.getDefaultPrincipal();
                            }
                        });
                        if (str == null) {
                            str = "ANONYMOUS";
                        }
                    } catch (Exception e) {
                        LOGGER.log(Level.SEVERE, SecurityLoggerInfo.defaultUserLoginError, (Throwable) e);
                        if (str == null) {
                            str = "ANONYMOUS";
                        }
                    }
                    defaultSecurityContext.callerPrincipal = new PrincipalImpl(str);
                } catch (Throwable th) {
                    if (str == null) {
                    }
                    throw th;
                }
            }
        }
        return defaultSecurityContext.callerPrincipal;
    }

    public static void reset(SecurityContext securityContext) {
        setCurrent(securityContext);
    }

    public static SecurityContext getCurrent() {
        SecurityContext securityContext = currentSecurityContext.get();
        if (securityContext == null) {
            securityContext = defaultSecurityContext;
        }
        return securityContext;
    }

    public static void setCurrent(SecurityContext securityContext) {
        if (securityContext == null || securityContext == defaultSecurityContext) {
            currentSecurityContext.set(securityContext);
        } else {
            if (securityContext == currentSecurityContext.get()) {
                return;
            }
            if (isPermittedToSetContext()) {
                currentSecurityContext.set(securityContext);
            } else {
                LOGGER.severe(SecurityLoggerInfo.securityContextNotChangedError);
            }
        }
    }

    public static void setUnauthenticatedContext() {
        currentSecurityContext.set(defaultSecurityContext);
    }

    public SecurityContext(String str, Subject subject) {
        Subject nullSafeSubject = nullSafeSubject(subject);
        this.callerPrincipal = new PrincipalImpl(str);
        this.subject = (Subject) AppservAccessController.privileged(() -> {
            nullSafeSubject.getPrincipals().add(this.callerPrincipal);
            return nullSafeSubject;
        });
    }

    public SecurityContext(Subject subject) {
        Subject nullSafeSubject = nullSafeSubject(subject);
        this.subject = nullSafeSubject;
        this.callerPrincipal = (Principal) AppservAccessController.privileged(() -> {
            Principal principal = null;
            Iterator<Object> it = nullSafeSubject.getPublicCredentials().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Object next = it.next();
                if (next instanceof DistinguishedPrincipalCredential) {
                    principal = ((DistinguishedPrincipalCredential) next).getPrincipal();
                    break;
                }
            }
            if (principal == null) {
                Iterator<Principal> it2 = nullSafeSubject.getPrincipals().iterator();
                if (it2.hasNext()) {
                    principal = it2.next();
                }
            }
            return principal;
        });
        postConstruct();
    }

    public SecurityContext(String str, Subject subject, String str2) {
        Subject nullSafeSubject = nullSafeSubject(subject);
        PrincipalGroupFactory principalGroupFactory = (PrincipalGroupFactory) Globals.get(PrincipalGroupFactory.class);
        if (principalGroupFactory != null) {
            this.callerPrincipal = principalGroupFactory.getPrincipalInstance(str, str2);
        }
        this.subject = nullSafeSubject;
        AppservAccessController.privileged(() -> {
            return Boolean.valueOf(this.subject.getPrincipals().add(this.callerPrincipal));
        });
    }

    public SecurityContext() {
        LOGGER.fine("Default CTOR of SecurityContext called");
        this.subject = new Subject();
        this.callerPrincipal = null;
        setServerGeneratedCredentials();
        AppservAccessController.privileged(() -> {
            this.subject.setReadOnly();
        });
    }

    public boolean didServerGenerateCredentials() {
        return this.serverGeneratedCredentials;
    }

    @Override // com.sun.enterprise.security.common.AbstractSecurityContext, com.sun.enterprise.security.integration.AppServSecurityContext
    public Principal getCallerPrincipal() {
        return this == defaultSecurityContext ? getDefaultCallerPrincipal() : this.callerPrincipal;
    }

    @Override // com.sun.enterprise.security.common.AbstractSecurityContext, com.sun.enterprise.security.integration.AppServSecurityContext
    public Subject getSubject() {
        return this.subject;
    }

    public Set<Principal> getPrincipalSet() {
        return this.subject.getPrincipals();
    }

    public void postConstruct() {
        initDefaultCallerPrincipal();
    }

    @Override // com.sun.enterprise.security.integration.AppServSecurityContext
    public AppServSecurityContext newInstance(String str, Subject subject, String str2) {
        LOGGER.fine("SecurityContext: newInstance method called");
        return new SecurityContext(str, subject, str2);
    }

    @Override // com.sun.enterprise.security.integration.AppServSecurityContext
    public AppServSecurityContext newInstance(String str, Subject subject) {
        LOGGER.fine("SecurityContext: newInstance method called");
        return new SecurityContext(str, subject);
    }

    @Override // com.sun.enterprise.security.integration.AppServSecurityContext
    public void setCurrentSecurityContext(AppServSecurityContext appServSecurityContext) {
        LOGGER.fine("SecurityContext: setCurrentSecurityContext method called");
        if (appServSecurityContext == null) {
            setCurrent(null);
        } else {
            if (!(appServSecurityContext instanceof SecurityContext)) {
                throw new IllegalArgumentException("Expected SecurityContext, found " + appServSecurityContext);
            }
            setCurrent((SecurityContext) appServSecurityContext);
        }
    }

    @Override // com.sun.enterprise.security.integration.AppServSecurityContext
    public AppServSecurityContext getCurrentSecurityContext() {
        LOGGER.fine("SecurityContext: getCurrent() method called");
        return getCurrent();
    }

    @Override // com.sun.enterprise.security.integration.AppServSecurityContext
    public void setUnauthenticatedSecurityContext() {
        LOGGER.fine("SecurityContext: setUnauthenticatedSecurityContext method called");
        setUnauthenticatedContext();
    }

    @Override // com.sun.enterprise.security.integration.AppServSecurityContext
    public void setSecurityContextWithPrincipal(Principal principal) {
        setCurrent(getSecurityContextForPrincipal(principal));
    }

    public String toString() {
        return "SecurityContext[ Initiator: " + this.callerPrincipal + "Subject " + this.subject + " ]";
    }

    private static SecurityContext generateDefaultSecurityContext() {
        SecurityContext securityContext;
        synchronized (SecurityContext.class) {
            try {
                securityContext = (SecurityContext) AppservAccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: com.sun.enterprise.security.SecurityContext.2
                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws Exception {
                        return new SecurityContext();
                    }
                });
            } catch (Exception e) {
                LOGGER.log(Level.SEVERE, SecurityLoggerInfo.defaultSecurityContextError, (Throwable) e);
                return null;
            }
        }
        return securityContext;
    }

    private static boolean isPermittedToSetContext() {
        try {
            checkIsPriviledged();
            return true;
        } catch (SecurityException e) {
            LOGGER.log(Level.SEVERE, SecurityLoggerInfo.securityContextPermissionError, (Throwable) e);
            return false;
        } catch (Throwable th) {
            LOGGER.log(Level.SEVERE, SecurityLoggerInfo.securityContextUnexpectedError, th);
            return false;
        }
    }

    private static void checkIsPriviledged() {
        java.lang.SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            LOGGER.fine("permission check done to set SecurityContext");
            securityManager.checkPermission(doAsPrivilegedPerm);
        }
    }

    private Subject nullSafeSubject(Subject subject) {
        if (subject == null) {
            subject = new Subject();
            LOGGER.warning(SecurityLoggerInfo.nullSubjectWarning);
        }
        return subject;
    }

    private void setServerGeneratedCredentials() {
        this.serverGeneratedCredentials = true;
    }

    private void initDefaultCallerPrincipal() {
        if (this.callerPrincipal == null) {
            this.callerPrincipal = getDefaultCallerPrincipal();
        }
    }

    private SecurityContext getSecurityContextForPrincipal(final Principal principal) {
        if (principal == null) {
            return null;
        }
        return principal instanceof SecurityContextProxy ? ((SecurityContextProxy) principal).getSecurityContext() : (SecurityContext) AccessController.doPrivileged(new PrivilegedAction<SecurityContext>() { // from class: com.sun.enterprise.security.SecurityContext.3
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public SecurityContext run() {
                Subject subject = new Subject();
                subject.getPrincipals().add(principal);
                return new SecurityContext(principal.getName(), subject);
            }
        });
    }
}
