package com.sun.enterprise.security.auth.login;

import com.sun.enterprise.security.SecurityLoggerInfo;
import com.sun.enterprise.security.SecurityServicesUtil;
import com.sun.enterprise.security.audit.AuditManager;
import com.sun.enterprise.security.auth.login.common.LoginException;
import com.sun.enterprise.security.auth.login.common.PasswordCredential;
import com.sun.enterprise.security.auth.login.common.ServerLoginCallbackHandler;
import com.sun.enterprise.security.auth.login.common.X509CertificateCredential;
import com.sun.enterprise.security.auth.realm.NoSuchRealmException;
import com.sun.enterprise.security.auth.realm.Realm;
import com.sun.enterprise.security.common.AppservAccessController;
import com.sun.enterprise.security.common.ClientSecurityContext;
import java.security.PrivilegedAction;
import java.util.Iterator;
import java.util.Set;
import java.util.function.Function;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginContext;
import org.glassfish.internal.api.Globals;

/* loaded from: input_file:com/sun/enterprise/security/auth/login/LoginContextDriver.class */
public class LoginContextDriver {
    private static final Logger LOGGER = SecurityLoggerInfo.getLogger();
    public static final ServerLoginCallbackHandler dummyCallback = new ServerLoginCallbackHandler();
    public static final String CERT_REALMNAME = "certificate";
    private static volatile AuditManager AUDIT_MANAGER;

    private LoginContextDriver() {
    }

    public static Subject doClientLogin(int i, CallbackHandler callbackHandler) throws LoginException {
        Subject subject = new Subject();
        switch (i) {
            case 1:
                AppservAccessController.privileged(() -> {
                    addCredentialToSubject("default", subject, callbackHandler);
                });
                postClientAuth(subject, PasswordCredential.class);
                return subject;
            case 2:
                AppservAccessController.privileged(() -> {
                    addCredentialToSubject("certificate", subject, callbackHandler);
                });
                postClientAuth(subject, X509CertificateCredential.class);
                return subject;
            case 3:
                AppservAccessController.privileged(() -> {
                    addCredentialToSubject("default", subject, callbackHandler);
                });
                postClientAuth(subject, PasswordCredential.class);
                AppservAccessController.privileged(() -> {
                    addCredentialToSubject("default", subject, callbackHandler);
                });
                postClientAuth(subject, X509CertificateCredential.class);
                return subject;
            default:
                AppservAccessController.privileged(() -> {
                    addCredentialToSubject("default", subject, callbackHandler);
                });
                postClientAuth(subject, PasswordCredential.class);
                return subject;
        }
    }

    public static void doClientLogout() throws LoginException {
        unsetClientSecurityContext();
    }

    public static void validateJaasLogin(String str, String str2, String str3, Subject subject) {
        try {
            tryJaasLogin(str2, subject);
        } catch (Exception e) {
            LOGGER.log(Level.INFO, SecurityLoggerInfo.auditAtnRefusedError, str);
            auditAuthenticate(str, str3, false);
            throwLoginException(e);
        }
        auditAuthenticate(str, str3, true);
    }

    public static void tryJaasLogin(String str, Subject subject) throws javax.security.auth.login.LoginException {
        new LoginContext(str, subject, dummyCallback).login();
    }

    public static void addCredentialToSubject(String str, Subject subject, CallbackHandler callbackHandler) {
        try {
            new LoginContext(str, subject, callbackHandler).login();
        } catch (javax.security.auth.login.LoginException e) {
            throw ((LoginException) new LoginException(e.toString()).initCause(e));
        }
    }

    public static Subject getValidSubject(Subject subject) {
        return subject == null ? new Subject() : subject;
    }

    public static String getValidRealm(String str) {
        return (str == null || !Realm.isValidRealm(str)) ? Realm.getDefaultRealm() : str;
    }

    public static String getJaasContext(String str) {
        try {
            return Realm.getInstance(str).getJAASContext();
        } catch (Exception e) {
            if (e instanceof LoginException) {
                throw ((LoginException) e);
            }
            throw ((LoginException) new LoginException(e.toString()).initCause(e));
        }
    }

    public static Realm getRealmInstance(String str) throws NoSuchRealmException {
        String str2 = str;
        if (str == null || "".equals(str)) {
            str2 = Realm.getDefaultRealm();
        }
        return Realm.getInstance(str2);
    }

    public static void throwLoginException(Exception exc) {
        throwLoginException(exc, exc2 -> {
            return "Login failed: " + exc2.getMessage();
        });
    }

    public static void throwLoginException(Exception exc, Function<Exception, String> function) {
        if (!(exc instanceof LoginException)) {
            throw new LoginException(function.apply(exc), exc);
        }
        throw ((LoginException) exc);
    }

    private static void postClientAuth(Subject subject, Class<?> cls) {
        if (LOGGER.isLoggable(Level.FINEST)) {
            LOGGER.log(Level.FINEST, "LoginContextDriver post login subject :{0}", subject);
        }
        Iterator it = ((Set) AppservAccessController.privileged(() -> {
            return subject.getPrivateCredentials(cls);
        })).iterator();
        while (it.hasNext()) {
            Object obj = null;
            try {
                obj = AppservAccessController.privileged((PrivilegedAction<Object>) () -> {
                    return it.next();
                });
            } catch (Exception e) {
                LOGGER.log(Level.SEVERE, SecurityLoggerInfo.securityAccessControllerActionError, (Throwable) e);
            }
            if (obj instanceof PasswordCredential) {
                PasswordCredential passwordCredential = (PasswordCredential) obj;
                String user = passwordCredential.getUser();
                if (LOGGER.isLoggable(Level.FINEST)) {
                    LOGGER.log(Level.FINEST, "In LoginContextDriver user-pass login:{0} realm :{1}", new Object[]{user, passwordCredential.getRealm()});
                }
                setClientSecurityContext(user, subject);
                return;
            }
            if (obj instanceof X509CertificateCredential) {
                X509CertificateCredential x509CertificateCredential = (X509CertificateCredential) obj;
                String alias = x509CertificateCredential.getAlias();
                if (LOGGER.isLoggable(Level.FINEST)) {
                    LOGGER.log(Level.FINEST, "In LoginContextDriver cert-login::{0} realm :{1}", new Object[]{alias, x509CertificateCredential.getRealm()});
                }
                setClientSecurityContext(alias, subject);
                return;
            }
        }
    }

    private static void setClientSecurityContext(String str, Subject subject) {
        ClientSecurityContext.setCurrent(new ClientSecurityContext(str, subject));
    }

    private static void unsetClientSecurityContext() {
        ClientSecurityContext.setCurrent(null);
    }

    private static AuditManager getAuditManager() {
        return AUDIT_MANAGER != null ? AUDIT_MANAGER : _getAuditManager();
    }

    private static synchronized AuditManager _getAuditManager() {
        if (AUDIT_MANAGER == null) {
            AUDIT_MANAGER = ((SecurityServicesUtil) Globals.get(SecurityServicesUtil.class)).getAuditManager();
        }
        return AUDIT_MANAGER;
    }

    public static void auditAuthenticate(String str, String str2, boolean z) {
        if (getAuditManager().isAuditOn()) {
            getAuditManager().authentication(str, str2, z);
        }
    }
}
