package com.sun.enterprise.security.auth;

import com.sun.enterprise.common.iiop.security.AnonCredential;
import com.sun.enterprise.common.iiop.security.GSSUPName;
import com.sun.enterprise.security.SecurityContext;
import com.sun.enterprise.security.SecurityLoggerInfo;
import com.sun.enterprise.security.auth.login.DigestCredentials;
import com.sun.enterprise.security.auth.login.LoginContextDriver;
import com.sun.enterprise.security.auth.login.common.LoginException;
import com.sun.enterprise.security.auth.login.common.PasswordCredential;
import com.sun.enterprise.security.auth.login.common.ServerLoginCallbackHandler;
import com.sun.enterprise.security.auth.login.common.X509CertificateCredential;
import com.sun.enterprise.security.auth.realm.InvalidOperationException;
import com.sun.enterprise.security.auth.realm.NoSuchRealmException;
import com.sun.enterprise.security.auth.realm.NoSuchUserException;
import com.sun.enterprise.security.auth.realm.Realm;
import com.sun.enterprise.security.auth.realm.certificate.CertificateRealm;
import com.sun.enterprise.security.auth.realm.certificate.OID;
import com.sun.enterprise.security.common.AppservAccessController;
import java.security.Principal;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import javax.security.auth.x500.X500Principal;
import org.glassfish.security.common.Group;
import org.glassfish.security.common.PrincipalImpl;

/* loaded from: input_file:com/sun/enterprise/security/auth/WebAndEjbToJaasBridge.class */
public final class WebAndEjbToJaasBridge {
    private static final Logger _logger = SecurityLoggerInfo.getLogger();

    private WebAndEjbToJaasBridge() {
    }

    public static void login(String str, char[] cArr, String str2) {
        Subject subject = new Subject();
        AppservAccessController.privileged(() -> {
            return Boolean.valueOf(subject.getPrivateCredentials().add(new PasswordCredential(str, cArr, LoginContextDriver.getValidRealm(str2))));
        });
        login(subject, PasswordCredential.class);
    }

    public static void login(Subject subject, Class<?> cls) {
        _logger.finest(() -> {
            return "Processing login with credentials of type: " + cls;
        });
        if (cls.equals(PasswordCredential.class)) {
            doPasswordLogin(subject);
            return;
        }
        if (cls.equals(X509CertificateCredential.class)) {
            doX509CertificateLogin(subject);
            return;
        }
        if (cls.equals(AnonCredential.class)) {
            doAnonymousLogin();
            return;
        }
        if (cls.equals(GSSUPName.class)) {
            doGSSUPLogin(subject);
        } else if (cls.equals(X500Principal.class)) {
            doX500Login(subject, null);
        } else {
            _logger.log(Level.INFO, SecurityLoggerInfo.unknownCredentialError, cls.toString());
            throw new LoginException("Unknown credential type, cannot login.");
        }
    }

    public static void doX500Login(Subject subject, String str) {
        doX500Login(subject, "certificate", str);
    }

    public static void doX500Login(Subject subject, String str, String str2) {
        _logger.finest(() -> {
            return String.format("doX500Login(subject=%s, realmName=%s, appModuleID=%s)", subject, str, str2);
        });
        String str3 = null;
        try {
            X500Principal x500Principal = (X500Principal) getPublicCredentials(subject, X500Principal.class);
            if (x500Principal == null) {
                return;
            }
            str3 = x500Principal.getName("RFC2253", OID.getOIDMap());
            Realm realm = Realm.getInstance(str);
            if (realm instanceof CertificateRealm) {
                CertificateRealm certificateRealm = (CertificateRealm) realm;
                String jAASContext = certificateRealm.getJAASContext();
                if (jAASContext != null) {
                    new LoginContext(jAASContext, subject, new ServerLoginCallbackHandler(str3, null, str2)).login();
                }
                str3 = certificateRealm.authenticate(subject, x500Principal);
                LoginContextDriver.auditAuthenticate(str3, str, true);
            } else {
                _logger.warning(SecurityLoggerInfo.certLoginBadRealmError);
                setSecurityContext(str3, subject, str);
            }
            if (_logger.isLoggable(Level.FINE)) {
                _logger.fine("X.500 name login succeeded for : " + str3);
            }
        } catch (LoginException e) {
            LoginContextDriver.auditAuthenticate(str3, str, false);
            throw e;
        } catch (Exception e2) {
            throw ((LoginException) new LoginException(e2.toString()).initCause(e2));
        }
    }

    public static void login(DigestCredentials digestCredentials) throws javax.security.auth.login.LoginException {
        Subject subject = new Subject();
        subject.getPrivateCredentials().add(digestCredentials);
        try {
            LoginContextDriver.tryJaasLogin(LoginContextDriver.getJaasContext(digestCredentials.getRealmName()), subject);
        } catch (Exception e) {
            _logger.log(Level.INFO, SecurityLoggerInfo.auditAtnRefusedError, digestCredentials.getUserName());
            _logger.log(Level.FINEST, "doPasswordLogin fails", (Throwable) e);
            LoginContextDriver.auditAuthenticate(digestCredentials.getUserName(), digestCredentials.getRealmName(), false);
            LoginContextDriver.throwLoginException(e);
        }
        setSecurityContext(digestCredentials.getUserName(), subject, digestCredentials.getRealmName());
    }

    public static void loginPrincipal(String str, String str2) {
        if (str2 == null || str2.length() == 0) {
            str2 = Realm.getDefaultRealm();
        }
        Subject subject = new Subject();
        PrincipalImpl principalImpl = new PrincipalImpl(str);
        GSSUPName gSSUPName = new GSSUPName(str, str2);
        AppservAccessController.privileged(() -> {
            subject.getPrincipals().add(principalImpl);
            subject.getPublicCredentials().add(gSSUPName);
        });
        try {
            Enumeration<String> groupNames = Realm.getInstance(str2).getGroupNames(str);
            Set<Principal> principals = subject.getPrincipals();
            while (groupNames.hasMoreElements()) {
                principals.add(new Group(groupNames.nextElement()));
            }
        } catch (InvalidOperationException e) {
            _logger.log(Level.WARNING, SecurityLoggerInfo.invalidOperationForRealmError, new Object[]{str, str2, e.toString()});
        } catch (NoSuchRealmException e2) {
            throw ((LoginException) new LoginException(e2.toString()).initCause(e2));
        } catch (NoSuchUserException e3) {
            _logger.log(Level.WARNING, SecurityLoggerInfo.noSuchUserInRealmError, new Object[]{str, str2, e3.toString()});
        }
        setSecurityContext(str, subject, str2);
    }

    public static void logout() {
        unsetSecurityContext();
    }

    private static void doPasswordLogin(Subject subject) {
        PasswordCredential passwordCredential = (PasswordCredential) getPrivateCredentials(subject, PasswordCredential.class);
        String user = passwordCredential.getUser();
        String realm = passwordCredential.getRealm();
        String jaasContext = LoginContextDriver.getJaasContext(realm);
        if (_logger.isLoggable(Level.FINE)) {
            _logger.fine("Logging in user [" + user + "] into realm: " + realm + " using JAAS module: " + jaasContext);
        }
        try {
            LoginContextDriver.tryJaasLogin(jaasContext, subject);
        } catch (Exception e) {
            _logger.log(Level.FINEST, "doPasswordLogin fails", (Throwable) e);
            LoginContextDriver.auditAuthenticate(user, realm, false);
            LoginContextDriver.throwLoginException(e);
        }
        LoginContextDriver.auditAuthenticate(user, realm, true);
        if (_logger.isLoggable(Level.FINE)) {
            _logger.fine("Password login succeeded for : " + user);
        }
        setSecurityContext(user, subject, realm);
        if (_logger.isLoggable(Level.FINE)) {
            _logger.log(Level.FINE, "Set security context as user: " + user);
        }
    }

    private static void doX509CertificateLogin(Subject subject) {
        _logger.log(Level.FINE, "Processing X509 certificate login.");
        String str = null;
        try {
            str = ((X509CertificateCredential) getPublicCredentials(subject, X509CertificateCredential.class)).getAlias();
            if (_logger.isLoggable(Level.FINE)) {
                _logger.log(Level.FINE, "Set security context as user: " + str);
            }
            setSecurityContext(str, subject, "certificate");
            LoginContextDriver.auditAuthenticate(str, "certificate", true);
        } catch (LoginException e) {
            LoginContextDriver.auditAuthenticate(str, "certificate", false);
            throw e;
        }
    }

    private static void doAnonymousLogin() {
        SecurityContext.setUnauthenticatedContext();
        _logger.log(Level.FINE, "Set anonymous security context.");
    }

    private static void doGSSUPLogin(Subject subject) {
        _logger.fine("Processing GSSUP login.");
        String str = null;
        String defaultRealm = Realm.getDefaultRealm();
        try {
            str = ((GSSUPName) getPublicCredentials(subject, GSSUPName.class)).getUser();
            setSecurityContext(str, subject, defaultRealm);
            LoginContextDriver.auditAuthenticate(str, defaultRealm, true);
            if (_logger.isLoggable(Level.FINE)) {
                _logger.fine("GSSUP login succeeded for : " + str);
            }
        } catch (LoginException e) {
            LoginContextDriver.auditAuthenticate(str, defaultRealm, false);
            throw e;
        }
    }

    private static <T> T getPublicCredentials(Subject subject, Class<T> cls) {
        Iterator<T> it = subject.getPublicCredentials(cls).iterator();
        if (!it.hasNext()) {
            String cls2 = cls.toString();
            _logger.log(Level.FINER, () -> {
                return "Expected public credentials of type : " + cls2 + " but none found.";
            });
            throw new LoginException("Expected public credential of type: " + cls2 + " but none found.");
        }
        try {
            return (T) AppservAccessController.privileged(() -> {
                return it.next();
            });
        } catch (Exception e) {
            LoginContextDriver.throwLoginException(e, exc -> {
                return "Failed to retrieve public credential: " + exc.getMessage();
            });
            return null;
        }
    }

    private static <T> T getPrivateCredentials(Subject subject, Class<T> cls) {
        Iterator it = ((Set) AppservAccessController.privileged(() -> {
            return subject.getPrivateCredentials(cls);
        })).iterator();
        if (!it.hasNext()) {
            String cls2 = cls.toString();
            if (_logger.isLoggable(Level.FINER)) {
                _logger.finer("Expected private credential of type: " + cls2 + " but none found.");
            }
            throw new LoginException("Expected private credential of type: " + cls2 + " but none found.");
        }
        try {
            return (T) AppservAccessController.privileged(() -> {
                return it.next();
            });
        } catch (Exception e) {
            if (e instanceof LoginException) {
                throw ((LoginException) e);
            }
            throw new LoginException("Failed to retrieve private credential: " + e.getMessage(), e);
        }
    }

    private static void setSecurityContext(String str, Subject subject, String str2) {
        SecurityContext.setCurrent(new SecurityContext(str, subject, str2));
    }

    private static void unsetSecurityContext() {
        SecurityContext.setCurrent((SecurityContext) null);
    }
}
