package com.sun.enterprise.security.auth;

import com.sun.enterprise.security.SecurityLoggerInfo;
import com.sun.enterprise.security.auth.login.LoginContextDriver;
import com.sun.enterprise.security.auth.login.common.LoginException;
import com.sun.enterprise.security.auth.login.common.PasswordCredential;
import com.sun.enterprise.security.auth.realm.Realm;
import com.sun.enterprise.security.auth.realm.certificate.CertificateRealm;
import com.sun.enterprise.security.auth.realm.certificate.OID;
import com.sun.enterprise.security.common.AppservAccessController;
import java.util.Collections;
import java.util.Enumeration;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import javax.security.auth.x500.X500Principal;
import org.glassfish.security.common.Group;

/* loaded from: input_file:com/sun/enterprise/security/auth/JaspicToJaasBridge.class */
public class JaspicToJaasBridge {
    private static final Logger LOGGER = SecurityLoggerInfo.getLogger();

    public static Subject validateUsernamePasswordByJaas(Subject subject, String str, char[] cArr, String str2) throws LoginException {
        String validRealm = LoginContextDriver.getValidRealm(str2);
        Subject validSubject = LoginContextDriver.getValidSubject(subject);
        PasswordCredential passwordCredential = new PasswordCredential(str, cArr, validRealm);
        AppservAccessController.privileged(() -> {
            return Boolean.valueOf(validSubject.getPrivateCredentials().add(passwordCredential));
        });
        String jaasContext = LoginContextDriver.getJaasContext(validRealm);
        if (LOGGER.isLoggable(Level.FINE)) {
            LOGGER.log(Level.FINE, "JASPIC login user [{0}] into realm: {1} using JAAS module: {2}", new Object[]{str, validRealm, jaasContext});
        }
        LoginContextDriver.validateJaasLogin(str, jaasContext, validRealm, validSubject);
        if (LOGGER.isLoggable(Level.FINE)) {
            LOGGER.log(Level.FINE, "JASPIC Password login succeeded for : {0}", str);
        }
        return subject;
    }

    public static Subject jaasX500Login(Subject subject, X500Principal x500Principal) throws LoginException {
        Subject validSubject = LoginContextDriver.getValidSubject(subject);
        String str = "";
        try {
            str = x500Principal.getName("RFC2253", OID.getOIDMap());
            AppservAccessController.privileged(() -> {
                return Boolean.valueOf(validSubject.getPublicCredentials().add(x500Principal));
            });
            CertificateRealm certificateRealm = (CertificateRealm) Realm.getInstance("certificate");
            String jAASContext = certificateRealm.getJAASContext();
            if (jAASContext != null) {
                new LoginContext(jAASContext, validSubject, LoginContextDriver.dummyCallback).login();
            }
            certificateRealm.authenticate(validSubject, x500Principal);
            if (LOGGER.isLoggable(Level.FINE)) {
                LOGGER.log(Level.FINE, "JASPIC certificate login succeeded for: {0}", str);
            }
            LoginContextDriver.auditAuthenticate(str, "certificate", true);
            return subject;
        } catch (Exception e) {
            LOGGER.log(Level.INFO, SecurityLoggerInfo.auditAtnRefusedError, str);
            LoginContextDriver.auditAuthenticate(str, "certificate", false);
            if (e instanceof LoginException) {
                throw ((LoginException) e);
            }
            throw ((LoginException) new LoginException(e.toString()).initCause(e));
        }
    }

    public static Subject addRealmGroupsToSubject(Subject subject, String str, String str2) throws LoginException {
        Subject validSubject = LoginContextDriver.getValidSubject(subject);
        try {
            Enumeration<String> groupNames = LoginContextDriver.getRealmInstance(str2).getGroupNames(str);
            if (groupNames != null) {
                AppservAccessController.privileged(() -> {
                    Collections.list(groupNames).stream().forEach(str3 -> {
                        validSubject.getPrincipals().add(new Group(str3));
                    });
                });
            }
        } catch (Exception e) {
            if (LOGGER.isLoggable(Level.FINE)) {
                LOGGER.log(Level.FINE, "Exception when trying to populate groups for CallerPrincipal " + str, (Throwable) e);
            }
        }
        return subject;
    }
}
