package org.glassfish.security.services.impl;

import com.sun.enterprise.config.serverbeans.Domain;
import com.sun.enterprise.security.auth.login.common.PasswordCredential;
import com.sun.enterprise.security.auth.realm.RealmsManager;
import com.sun.enterprise.security.common.AppservAccessController;
import jakarta.inject.Inject;
import jakarta.inject.Singleton;
import java.io.IOException;
import java.lang.annotation.Annotation;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.glassfish.hk2.api.PostConstruct;
import org.glassfish.hk2.api.ServiceLocator;
import org.glassfish.internal.api.Globals;
import org.glassfish.internal.api.ServerContext;
import org.glassfish.security.services.api.authentication.AuthenticationService;
import org.glassfish.security.services.api.authentication.ImpersonationService;
import org.glassfish.security.services.common.Secure;
import org.glassfish.security.services.config.LoginModuleConfig;
import org.glassfish.security.services.config.SecurityConfiguration;
import org.glassfish.security.services.config.SecurityProvider;
import org.glassfish.security.services.config.SecurityProviderConfig;
import org.jvnet.hk2.annotations.Service;

@Singleton
@Secure(accessPermissionName = "security/service/authentication")
@Service
/* loaded from: input_file:org/glassfish/security/services/impl/AuthenticationServiceImpl.class */
public class AuthenticationServiceImpl implements AuthenticationService, PostConstruct {

    @Inject
    private Domain domain;

    @Inject
    ServerContext serverContext;

    @Inject
    private ServiceLocator locator;

    @Inject
    private ImpersonationService impersonationService;
    private static final Logger LOG = Logger.getLogger(AuthenticationServiceImpl.class.getName());
    private String name = null;
    private String realmName = null;
    private Configuration configuration = null;
    private boolean usePasswordCredential = false;
    private org.glassfish.security.services.config.AuthenticationService config = null;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/glassfish/security/services/impl/AuthenticationServiceImpl$AuthenticationCallbackHandler.class */
    public static class AuthenticationCallbackHandler implements CallbackHandler {
        private String user;
        private char[] pass;

        public AuthenticationCallbackHandler(String str, char[] cArr) {
            this.user = str;
            this.pass = cArr;
        }

        protected String getUsername() {
            return this.user;
        }

        protected char[] getPassword() {
            return this.pass;
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws UnsupportedCallbackException {
            for (int i = 0; i < callbackArr.length; i++) {
                if (callbackArr[i] instanceof NameCallback) {
                    ((NameCallback) callbackArr[i]).setName(this.user);
                } else {
                    if (!(callbackArr[i] instanceof PasswordCallback)) {
                        throw new UnsupportedCallbackException(callbackArr[i], "AuthenticationCallbackHandler: Unrecognized Callback " + callbackArr[i].getClass().getName());
                    }
                    ((PasswordCallback) callbackArr[i]).setPassword(this.pass);
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/glassfish/security/services/impl/AuthenticationServiceImpl$AuthenticationJaasConfiguration.class */
    public static class AuthenticationJaasConfiguration extends Configuration {
        private String configurationName;
        private AppConfigurationEntry[] lmEntries;

        private AuthenticationJaasConfiguration(String str, ArrayList<AppConfigurationEntry> arrayList) {
            this.configurationName = str;
            this.lmEntries = (AppConfigurationEntry[]) arrayList.toArray(new AppConfigurationEntry[arrayList.size()]);
        }

        public AppConfigurationEntry[] getAppConfigurationEntry(String str) {
            if (this.configurationName.equals(str)) {
                return this.lmEntries;
            }
            return null;
        }
    }

    @Override // org.glassfish.security.services.api.SecurityService
    public void initialize(SecurityConfiguration securityConfiguration) {
        List<SecurityProviderConfig> securityProviderConfig;
        String str;
        this.config = (org.glassfish.security.services.config.AuthenticationService) securityConfiguration;
        if (this.config == null) {
            return;
        }
        this.name = this.config.getName();
        this.usePasswordCredential = this.config.getUsePasswordCredential();
        List<SecurityProvider> securityProviders = this.config.getSecurityProviders();
        if (securityProviders != null) {
            ArrayList arrayList = new ArrayList();
            for (SecurityProvider securityProvider : securityProviders) {
                if ("LoginModule".equalsIgnoreCase(securityProvider.getType()) && (securityProviderConfig = securityProvider.getSecurityProviderConfig()) != null && !securityProviderConfig.isEmpty()) {
                    LoginModuleConfig loginModuleConfig = (LoginModuleConfig) securityProviderConfig.get(0);
                    Map<String, ?> moduleOptions = loginModuleConfig.getModuleOptions();
                    arrayList.add(new AppConfigurationEntry(loginModuleConfig.getModuleClass(), getLoginModuleControlFlag(loginModuleConfig.getControlFlag()), moduleOptions));
                    if (this.usePasswordCredential && this.realmName == null && (str = (String) moduleOptions.get("auth-realm")) != null && !str.isEmpty()) {
                        this.realmName = str;
                    }
                }
            }
            if (!arrayList.isEmpty()) {
                this.configuration = new AuthenticationJaasConfiguration(this.name, arrayList);
            }
        }
        if (!this.usePasswordCredential || this.realmName == null) {
            return;
        }
        ((RealmsManager) this.locator.getService(RealmsManager.class, new Annotation[0])).createRealms();
    }

    @Override // org.glassfish.security.services.api.authentication.AuthenticationService
    public Subject login(String str, char[] cArr, Subject subject) throws LoginException {
        return loginEx(new AuthenticationCallbackHandler(str, cArr), subject);
    }

    @Override // org.glassfish.security.services.api.authentication.AuthenticationService
    public Subject login(CallbackHandler callbackHandler, Subject subject) throws LoginException {
        if (callbackHandler == null) {
            throw new LoginException("AuthenticationService: JAAS CallbackHandler not supplied");
        }
        return loginEx(callbackHandler, subject);
    }

    private Subject loginEx(CallbackHandler callbackHandler, Subject subject) throws LoginException {
        Subject subject2 = subject;
        if (subject2 == null) {
            subject2 = new Subject();
        }
        final ClassLoader classLoader = null;
        boolean z = false;
        try {
            try {
                if (this.configuration == null) {
                    throw new UnsupportedOperationException("JAAS Configuration setup incomplete, unable to perform login");
                }
                if (this.usePasswordCredential) {
                    setupPasswordCredential(subject2, callbackHandler);
                }
                final ClassLoader classLoader2 = (ClassLoader) AppservAccessController.doPrivileged(new PrivilegedAction<ClassLoader>() { // from class: org.glassfish.security.services.impl.AuthenticationServiceImpl.1
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.security.PrivilegedAction
                    public ClassLoader run() {
                        return Thread.currentThread().getContextClassLoader();
                    }
                });
                final ClassLoader commonClassLoader = this.serverContext.getCommonClassLoader();
                if (!commonClassLoader.equals(classLoader2)) {
                    AppservAccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: org.glassfish.security.services.impl.AuthenticationServiceImpl.2
                        @Override // java.security.PrivilegedAction
                        public Object run() {
                            Thread.currentThread().setContextClassLoader(commonClassLoader);
                            return null;
                        }
                    });
                    z = true;
                }
                new LoginContext(this.name, subject2, callbackHandler, this.configuration).login();
                if (z) {
                    AppservAccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: org.glassfish.security.services.impl.AuthenticationServiceImpl.3
                        @Override // java.security.PrivilegedAction
                        public Object run() {
                            Thread.currentThread().setContextClassLoader(classLoader2);
                            return null;
                        }
                    });
                }
                return subject2;
            } catch (Exception e) {
                if (e instanceof LoginException) {
                    throw ((LoginException) e);
                }
                throw ((LoginException) new LoginException("AuthenticationService: " + e.getMessage()).initCause(e));
            }
        } catch (Throwable th) {
            if (0 != 0) {
                AppservAccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: org.glassfish.security.services.impl.AuthenticationServiceImpl.3
                    @Override // java.security.PrivilegedAction
                    public Object run() {
                        Thread.currentThread().setContextClassLoader(classLoader);
                        return null;
                    }
                });
            }
            throw th;
        }
    }

    @Override // org.glassfish.security.services.api.authentication.AuthenticationService
    public Subject impersonate(String str, String[] strArr, Subject subject, boolean z) throws LoginException {
        return this.impersonationService.impersonate(str, strArr, subject, z);
    }

    public void postConstruct() {
        if (Globals.getDefaultBaseServiceLocator() == null) {
            Globals.setDefaultHabitat(this.locator);
        }
        initialize(AuthenticationServiceFactory.getAuthenticationServiceConfiguration(this.domain));
    }

    private void setupPasswordCredential(final Subject subject, CallbackHandler callbackHandler) throws LoginException {
        String name;
        char[] password;
        if (callbackHandler instanceof AuthenticationCallbackHandler) {
            name = ((AuthenticationCallbackHandler) callbackHandler).getUsername();
            password = ((AuthenticationCallbackHandler) callbackHandler).getPassword();
        } else {
            NameCallback[] nameCallbackArr = {new NameCallback("username: "), new PasswordCallback("password: ", false)};
            try {
                callbackHandler.handle(nameCallbackArr);
                name = nameCallbackArr[0].getName();
                password = ((PasswordCallback) nameCallbackArr[1]).getPassword();
            } catch (IOException e) {
                throw ((LoginException) new LoginException("AuthenticationService unable to create PasswordCredential: " + e.getMessage()).initCause(e));
            } catch (UnsupportedCallbackException e2) {
                throw ((LoginException) new LoginException("AuthenticationService unable to create PasswordCredential: " + e2.getMessage()).initCause(e2));
            }
        }
        final PasswordCredential passwordCredential = new PasswordCredential(name, password, this.realmName);
        AppservAccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: org.glassfish.security.services.impl.AuthenticationServiceImpl.4
            @Override // java.security.PrivilegedAction
            public Object run() {
                subject.getPrivateCredentials().add(passwordCredential);
                return null;
            }
        });
    }

    private AppConfigurationEntry.LoginModuleControlFlag getLoginModuleControlFlag(String str) {
        AppConfigurationEntry.LoginModuleControlFlag loginModuleControlFlag = AppConfigurationEntry.LoginModuleControlFlag.REQUIRED;
        if (str != null) {
            if ("required".equalsIgnoreCase(str)) {
                return loginModuleControlFlag;
            }
            if ("sufficient".equalsIgnoreCase(str)) {
                loginModuleControlFlag = AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT;
            } else if ("optional".equalsIgnoreCase(str)) {
                loginModuleControlFlag = AppConfigurationEntry.LoginModuleControlFlag.OPTIONAL;
            } else if ("requisite".equalsIgnoreCase(str)) {
                loginModuleControlFlag = AppConfigurationEntry.LoginModuleControlFlag.REQUISITE;
            }
        }
        return loginModuleControlFlag;
    }
}
