package jrun.security;

import java.io.File;
import java.security.AccessController;
import java.security.Principal;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.Properties;
import java.util.Random;
import javax.management.ObjectName;
import javax.naming.Context;
import javax.naming.NamingException;
import javax.security.auth.Subject;
import javax.security.auth.login.AccountExpiredException;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.CredentialExpiredException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import jrun.naming.JndiSecurityHelper;
import jrun.naming.NamingConstants;
import jrun.security.metadata.AuthConfigMetaData;
import jrun.security.metadata.DomainMetaData;
import jrun.security.metadata.LoginModuleMetaData;
import jrunx.kernel.NetAccessController;
import jrunx.kernel.ServiceAdapter;
import jrunx.kernel.security.JRunIdentityService;
import jrunx.kernel.security.SecurityIdentityItfc;
import jrunx.kernel.security.SimpleServerIdentity;
import jrunx.logger.Logger;
import jrunx.util.RB;
import jrunx.util.Trace;

/* loaded from: input_file:jrun/security/JRunSecurityManagerService.class */
public class JRunSecurityManagerService extends ServiceAdapter implements JRunSecurityManager {
    private SecurityContextCache userCache;
    private String securityDomain;
    private String roleMappingDomain;
    private String authConfig = null;
    AuthConfigMetaData authConfigMetaData = null;
    public boolean checkForSharedPrincipals = false;
    public ArrayList hostNames = null;
    public boolean guestAccessAllowed = true;
    private int userTimeout = 7200;
    JRunUserManager userManager = null;
    public static final String DEFAULT_USER_PRINCIPAL = "anonymus-guest";
    public static final String DEFAULT_SECURITY_ID = "Anonymous";
    public static final String GLOBAL_SERVER_ADMIN_ROLE = "server-admin";
    public static final String SECURITY_CONTEXT_CACHE_PREFIX = "jrun:service/";
    public static final String SECURITY_CONTEXT_CACHE_NAME = "SecurityContextCache";

    @Override // jrun.security.JRunSecurityManagerServiceMBean
    public void setSecurityDomain(String str) {
        this.securityDomain = str;
    }

    @Override // jrun.security.JRunSecurityManagerServiceMBean
    public String getSecurityDomain() {
        return this.securityDomain;
    }

    @Override // jrun.security.JRunSecurityManagerServiceMBean
    public void setRoleMappingDomain(String str) {
        this.roleMappingDomain = str;
    }

    @Override // jrun.security.JRunSecurityManagerServiceMBean
    public String getRoleMappingDomain() {
        return this.roleMappingDomain;
    }

    @Override // jrun.security.JRunSecurityManagerServiceMBean
    public void setAuthConfig(String str) {
        this.authConfig = str;
    }

    @Override // jrun.security.JRunSecurityManagerServiceMBean
    public String getAuthConfig() {
        return this.authConfig;
    }

    @Override // jrun.security.JRunSecurityManagerServiceMBean
    public boolean getCheckForSharedPrincipals() {
        return this.checkForSharedPrincipals;
    }

    @Override // jrun.security.JRunSecurityManagerServiceMBean
    public void setCheckForSharedPrincipals(boolean z) {
        this.checkForSharedPrincipals = z;
    }

    @Override // jrun.security.JRunSecurityManagerServiceMBean
    public void setTrustedHost(String str) {
        if (this.hostNames == null) {
            this.hostNames = new ArrayList();
        }
        this.hostNames.add(str);
    }

    @Override // jrun.security.JRunSecurityManagerServiceMBean
    public boolean isGuestAccessAllowed() {
        return this.guestAccessAllowed;
    }

    @Override // jrun.security.JRunSecurityManagerServiceMBean
    public void setGuestAccessAllowed(boolean z) {
        this.guestAccessAllowed = z;
    }

    @Override // jrunx.kernel.ServiceAdapter, jrunx.kernel.Service
    public void init() throws Exception {
        try {
            String property = System.getProperty("java.security.auth.login.config");
            if (property != null) {
                this.authConfig = property;
            } else if (this.authConfig != null) {
                property = this.authConfig;
            } else {
                property = new StringBuffer().append(getServerProperties().get("jrun.server.rootdir")).append("/SERVER-INF/auth.config").toString();
            }
            this.authConfigMetaData = new AuthConfigMetaData(new File(this.authConfig));
            this.authConfigMetaData.importDocument();
            System.setProperty("java.security.auth.login.config", property);
        } catch (SecurityException e) {
            System.out.println(RB.getString(this, "JRunSecurityManagerService.NoConfigFileProperty"));
        }
    }

    @Override // jrunx.kernel.ServiceAdapter, jrunx.kernel.Service
    public void start() throws Exception {
        SecurityContextCache securityContextCache = new SecurityContextCache(this.userTimeout);
        securityContextCache.init();
        this.userCache = securityContextCache;
        this.server.registerMBean(securityContextCache, new ObjectName(securityContextCache.getDomainName(), "service", securityContextCache.getName()));
        this.userCache.start();
        this.userCache.put("Anonymous", new JRunSecurityContext("Anonymous", new SimplePrincipal(DEFAULT_USER_PRINCIPAL), NetAccessController.LOCAL_ONLY), SecurityContextCache.NO_TIMEOUT);
        System.setProperty("jrun.security.guestAcceccAllowed", isGuestAccessAllowed() ? "true" : "false");
    }

    @Override // jrunx.kernel.ServiceAdapter, jrunx.kernel.Service
    public void stop() throws Exception {
        super.stop();
        this.userCache.stop();
    }

    @Override // jrun.security.JRunSecurityManagerServiceMBean
    public synchronized Object authenticateSecurityContext(Object obj, Object obj2) throws JRunSecurityException {
        return authenticateSecurityContext(obj, obj2, (Integer) null);
    }

    @Override // jrun.security.JRunSecurityManagerServiceMBean
    public synchronized Object authenticateSecurityContext(Object obj, Object obj2, Integer num) throws JRunSecurityException {
        if (obj == null) {
            return authenticateSecurityContext((Principal) null, (Object) null);
        }
        if (!(obj instanceof SecurityIdentityItfc)) {
            return obj instanceof Principal ? authenticateSecurityContext((Principal) obj, obj2, num, false) : authenticateSecurityContext(new SimplePrincipal(obj.toString()), obj2, num, false);
        }
        Object authenticateServerIdentity = authenticateServerIdentity((SecurityIdentityItfc) obj);
        if (!(obj instanceof SimpleServerIdentity) && authenticateServerIdentity == null) {
            authenticateServerIdentity = createSecurityContext((SecurityIdentityItfc) obj, num);
        }
        return authenticateServerIdentity;
    }

    public Object authenticateServerIdentity(SecurityIdentityItfc securityIdentityItfc) throws JRunSecurityException {
        return JRunIdentityService.getLocalServerIdentity().verifyIdentity(securityIdentityItfc) ? securityIdentityItfc.getSecurityId() : NamingConstants.AUTHENTICATION_ERROR;
    }

    @Override // jrun.security.JRunSecurityManagerServiceMBean
    public Object authenticateSecurityContext(Object obj, Object obj2, String str) throws Exception {
        SimplePrincipal simplePrincipal = new SimplePrincipal(obj.toString());
        Object obj3 = null;
        if (str == null) {
            return null;
        }
        for (int i = 0; i < this.hostNames.size(); i++) {
            String str2 = (String) this.hostNames.get(i);
            if (str2.equals(NetAccessController.WIDE_OPEN) || str.equals(str2)) {
                obj3 = createSecurityContext(simplePrincipal, obj2, null);
                break;
            }
        }
        return obj3;
    }

    @Override // jrun.security.JRunSecurityManagerServiceMBean
    public Object authenticateSecurityContext(Principal principal) throws JRunSecurityException {
        return createSecurityContext(principal, null, null);
    }

    public Object authenticateSecurityContext(Principal principal, Object obj) throws JRunSecurityException {
        return authenticateSecurityContext(principal, obj, null, false);
    }

    public Object authenticateInternalSecurityContext(Principal principal, Object obj) throws JRunSecurityException {
        AccessController.checkPermission(new RuntimePermission("authenticateInternally"));
        return authenticateSecurityContext(principal, obj, null, true);
    }

    private synchronized Object authenticateSecurityContext(Principal principal, Object obj, Integer num, boolean z) throws JRunSecurityException {
        if (this.userCache == null) {
            return "Anonymous";
        }
        if (principal != null) {
            try {
                Subject authenticate = authenticate(SimplePrincipal.USER, principal, obj, this.securityDomain);
                if (authenticate != null) {
                    principal = authenticate.getPrincipals().iterator().next();
                }
                if (Trace.security) {
                    Trace.trace(new StringBuffer().append("Successfully Authenticated principal: ").append(principal).append(" Credential: ").append(obj).toString());
                }
            } catch (JRunSecurityException e) {
                throw e;
            } catch (Exception e2) {
                throw new JRunSecurityException(new StringBuffer().append(RB.getString(this, "JRunSecurityManagerService.SecurityContextNotAuthenticated")).append(" ").append(e2.getMessage()).toString());
            }
        } else {
            if (!z && !this.guestAccessAllowed) {
                throw new JRunSecurityException(RB.getString(this, "JRunSecurityManagerService.PrincipalNull"));
            }
            principal = new SimplePrincipal(DEFAULT_USER_PRINCIPAL);
            if (Trace.security) {
                Trace.trace("Null principal, setting to Default Principal without authentication");
            }
        }
        return createSecurityContext(principal, obj, num);
    }

    private Object createSecurityContext(SecurityIdentityItfc securityIdentityItfc, Integer num) throws JRunSecurityException {
        Object createSecurityId = createSecurityId();
        if (Trace.security) {
            Trace.trace(new StringBuffer().append("Generated ID is: ").append(createSecurityId).toString());
        }
        try {
            this.userCache.put(createSecurityId, new JRunSecurityContext(createSecurityId, securityIdentityItfc), true, num);
            return createSecurityId;
        } catch (Exception e) {
            throw new JRunSecurityException(new StringBuffer().append(RB.getString(this, "JRunSecurityManagerService.SecurityContextNotAuthenticated")).append(" ").append(e.getMessage()).toString());
        }
    }

    private Object createSecurityContext(Principal principal, Object obj, Integer num) throws JRunSecurityException {
        Object createSecurityId = createSecurityId();
        if (Trace.security) {
            Trace.trace(new StringBuffer().append("Generated ID is: ").append(createSecurityId).toString());
        }
        try {
            this.userCache.put(createSecurityId, new JRunSecurityContext(createSecurityId, principal, obj), true, num);
            return createSecurityId;
        } catch (Exception e) {
            throw new JRunSecurityException(new StringBuffer().append(RB.getString(this, "JRunSecurityManagerService.SecurityContextNotAuthenticated")).append(" ").append(e.getMessage()).toString());
        }
    }

    @Override // jrun.security.JRunSecurityManagerServiceMBean
    public SecurityContext getSecurityContext(Object obj) {
        SecurityContext securityContext;
        try {
            securityContext = this.userCache.get(obj);
        } catch (Exception e) {
            getLogger().logError(RB.getString(this, "JRunSecurityManagerService.SecurityContextError"), e);
            securityContext = null;
        }
        if (securityContext == null && getLogger().isDebugEnabled()) {
            getLogger().logDebug(RB.getString(this, "JRunSecurityManagerService.InvalidContextId"));
        }
        return securityContext;
    }

    @Override // jrun.security.JRunSecurityManagerServiceMBean
    public synchronized boolean isPrincipalValid(Principal principal, Object obj, String str) {
        Subject subject = null;
        if (str == null || str.length() == 0) {
            str = this.securityDomain;
        }
        try {
            subject = authenticate(SimplePrincipal.USER, principal, obj, str);
        } catch (Exception e) {
            Logger logger = getLogger();
            if (logger.isWarningEnabled()) {
                getLogger().logWarning(RB.getString(this, "JRunSecurityManagerService.UserAuthenticationFailure", principal, str), e);
            }
            if (logger.isDebugEnabled()) {
                getLogger().logError(e);
            }
        }
        return subject != null;
    }

    /* JADX WARN: Code restructure failed: missing block: B:26:0x000b, code lost:
    
        if (r10.length() == 0) goto L7;
     */
    @Override // jrun.security.JRunSecurityManagerServiceMBean
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public synchronized boolean isPrincipalInRole(java.security.Principal r8, java.util.Collection r9, java.lang.String r10) {
        /*
            r7 = this;
            r0 = 0
            r11 = r0
            r0 = r10
            if (r0 == 0) goto Le
            r0 = r10
            int r0 = r0.length()     // Catch: java.lang.Exception -> L64
            if (r0 != 0) goto L13
        Le:
            r0 = r7
            java.lang.String r0 = r0.roleMappingDomain     // Catch: java.lang.Exception -> L64
            r10 = r0
        L13:
            r0 = r8
            if (r0 == 0) goto L52
            r0 = r9
            java.util.Iterator r0 = r0.iterator()     // Catch: java.lang.Exception -> L64
            r12 = r0
            goto L3a
        L22:
            r0 = r12
            java.lang.Object r0 = r0.next()     // Catch: java.lang.Exception -> L64
            java.lang.String r0 = (java.lang.String) r0     // Catch: java.lang.Exception -> L64
            r13 = r0
            java.lang.String r0 = "*"
            r1 = r13
            boolean r0 = r0.equals(r1)     // Catch: java.lang.Exception -> L64
            if (r0 == 0) goto L3a
            r0 = 1
            return r0
        L3a:
            r0 = r12
            boolean r0 = r0.hasNext()     // Catch: java.lang.Exception -> L64
            if (r0 != 0) goto L22
            r0 = r7
            java.lang.String r1 = "ROLE"
            r2 = r8
            r3 = r9
            r4 = r10
            javax.security.auth.Subject r0 = r0.authenticate(r1, r2, r3, r4)     // Catch: java.lang.Exception -> L64
            r11 = r0
            goto L61
        L52:
            r0 = r7
            jrunx.logger.Logger r0 = r0.getLogger()     // Catch: java.lang.Exception -> L64
            r1 = r7
            java.lang.String r2 = "JRunSecurityManagerService.InvalidContextId"
            java.lang.String r1 = jrunx.util.RB.getString(r1, r2)     // Catch: java.lang.Exception -> L64
            r0.logError(r1)     // Catch: java.lang.Exception -> L64
        L61:
            goto L9d
        L64:
            r12 = move-exception
            r0 = r7
            jrunx.logger.Logger r0 = r0.getLogger()
            r13 = r0
            r0 = r13
            boolean r0 = r0.isWarningEnabled()
            if (r0 == 0) goto L88
            r0 = r7
            jrunx.logger.Logger r0 = r0.getLogger()
            r1 = r7
            java.lang.String r2 = "JRunSecurityManagerService.RoleAuthenticationFailure"
            r3 = r8
            r4 = r9
            r5 = r10
            java.lang.String r1 = jrunx.util.RB.getString(r1, r2, r3, r4, r5)
            r0.logWarning(r1)
        L88:
            r0 = r13
            boolean r0 = r0.isDebugEnabled()
            if (r0 == 0) goto L9d
            r0 = r7
            jrunx.logger.Logger r0 = r0.getLogger()
            r1 = r12
            r0.logError(r1)
        L9d:
            r0 = r11
            if (r0 == 0) goto La6
            r0 = 1
            goto La7
        La6:
            r0 = 0
        La7:
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: jrun.security.JRunSecurityManagerService.isPrincipalInRole(java.security.Principal, java.util.Collection, java.lang.String):boolean");
    }

    protected Subject authenticate(String str, Principal principal, Object obj, String str2) throws JRunSecurityException {
        if (principal == null) {
            throw new JRunSecurityException(RB.getString(this, "JRunSecurityManagerService.PrincipalNull"));
        }
        try {
            Logger logger = getLogger();
            if (logger != null && logger.isDebugEnabled() && Trace.security) {
                Trace.trace(new StringBuffer().append("JRunSecurityManagerService.authenticate: begin authenticate, mode = ").append(str).append(", principal = ").append(principal).append(", credential = ").append(obj).toString());
            }
            LoginContext loginContext = new LoginContext(str2, str.equals(SimplePrincipal.ROLE) ? new RolesCallbackHandler(principal, obj) : new DefaultCallbackHandler(principal, obj));
            loginContext.login();
            return loginContext.getSubject();
        } catch (LoginException e) {
            throw new JRunSecurityException(RB.getString(this, "JRunSecurityManagerService.AuthenticationFailed", e.getMessage()));
        } catch (CredentialExpiredException e2) {
            throw new JRunSecurityException(RB.getString(this, "JRunSecurityManagerService.CredentialsExpired", e2.getMessage()));
        } catch (AccountExpiredException e3) {
            throw new JRunSecurityException(RB.getString(this, "JRunSecurityManagerService.AccountExpired", e3.getMessage()));
        } catch (FailedLoginException e4) {
            throw new JRunSecurityException(RB.getString(this, "JRunSecurityManagerService.AuthenticationFailed", e4.getMessage()));
        }
    }

    @Override // jrun.security.JRunSecurityManagerServiceMBean
    public void closeSecurityContext(Object obj) {
        try {
            this.userCache.remove(obj, true);
        } catch (Exception e) {
        }
    }

    @Override // jrun.security.JRunSecurityManagerServiceMBean
    public JRunSecurityManager getJRunSecurityManager() {
        return this;
    }

    private static Object createSecurityId() {
        return new Long(System.currentTimeMillis() ^ new Random().nextLong());
    }

    @Override // jrun.security.JRunSecurityManagerServiceMBean
    public boolean checkSharedPrincipals(Collection collection, SimplePrincipal simplePrincipal) {
        if (!this.checkForSharedPrincipals) {
            return false;
        }
        try {
            Collection users = getUserManager().getUsers(simplePrincipal.getName());
            Iterator it = collection.iterator();
            while (it.hasNext()) {
                Iterator it2 = this.userManager.getUsers((String) it.next()).iterator();
                while (it2.hasNext()) {
                    Iterator it3 = users.iterator();
                    while (it3.hasNext()) {
                        if (((String) it3.next()).equals(it2.next())) {
                            return true;
                        }
                    }
                }
            }
            return false;
        } catch (NamingException e) {
            getLogger().logWarning("JRunSecurityManagerService.CheckSharedPrincipalsLookupError", e);
            return false;
        }
    }

    @Override // jrun.security.JRunSecurityManagerServiceMBean
    public SimplePrincipal getRunAsIdentityPrincipal(SimplePrincipal simplePrincipal) {
        Iterator it;
        if (!this.checkForSharedPrincipals) {
            return simplePrincipal;
        }
        try {
            it = getUserManager().getUsers(simplePrincipal.getName()).iterator();
        } catch (NamingException e) {
            getLogger().logWarning(RB.getString(this, "JRunSecurityManagerService.GetRunAsIdentityPrincipalLookupError"), e);
        }
        return !it.hasNext() ? simplePrincipal : new SimplePrincipal((String) it.next(), SimplePrincipal.USER);
    }

    @Override // jrun.security.JRunSecurityManagerServiceMBean
    public ArrayList getLoginModules(String str) {
        ArrayList arrayList = new ArrayList();
        Iterator loginModules = this.authConfigMetaData.getDomainByName(str).getLoginModules();
        while (loginModules.hasNext()) {
            arrayList.add(((LoginModuleMetaData) loginModules.next()).createLoginModuleProperties());
        }
        return arrayList;
    }

    @Override // jrun.security.JRunSecurityManagerServiceMBean
    public void addLoginModule(String str, Properties properties) throws JRunSecurityException {
        try {
            this.authConfigMetaData.getDomainByName(str).addLoginModule(LoginModuleMetaData.createLoginModuleMetaData(properties));
            this.authConfigMetaData.exportDocument();
            Configuration.getConfiguration().refresh();
        } catch (JRunSecurityException e) {
            getLogger().logError(e.getMessage());
            throw e;
        }
    }

    @Override // jrun.security.JRunSecurityManagerServiceMBean
    public void removeLoginModule(String str, Properties properties) throws JRunSecurityException {
        try {
            this.authConfigMetaData.getDomainByName(str).removeLoginModule(LoginModuleMetaData.createLoginModuleMetaData(properties));
            this.authConfigMetaData.exportDocument();
            Configuration.getConfiguration().refresh();
        } catch (JRunSecurityException e) {
            getLogger().logError(e.getMessage());
            throw e;
        }
    }

    @Override // jrun.security.JRunSecurityManagerServiceMBean
    public void modifyLoginModule(String str, Properties properties, Properties properties2) throws JRunSecurityException {
        try {
            DomainMetaData domainByName = this.authConfigMetaData.getDomainByName(str);
            domainByName.removeLoginModule(LoginModuleMetaData.createLoginModuleMetaData(properties));
            domainByName.addLoginModule(LoginModuleMetaData.createLoginModuleMetaData(properties2));
            this.authConfigMetaData.exportDocument();
            Configuration.getConfiguration().refresh();
        } catch (JRunSecurityException e) {
            getLogger().logError(e.getMessage());
            throw e;
        }
    }

    @Override // jrun.security.JRunSecurityManagerServiceMBean
    public void setUserTimeout(int i) {
        this.userTimeout = i;
    }

    private synchronized JRunUserManager getUserManager() throws NamingException {
        if (this.userManager == null) {
            try {
                this.userManager = (JRunUserManager) ((Context) AccessController.doPrivileged(new PrivilegedExceptionAction(this) { // from class: jrun.security.JRunSecurityManagerService.1
                    private final JRunSecurityManagerService this$0;

                    {
                        this.this$0 = this;
                    }

                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws Exception {
                        return JndiSecurityHelper.getInitialContext(null);
                    }
                })).lookup("jrun:service/JRunUserManager");
            } catch (PrivilegedActionException e) {
                throw e.getException();
            }
        }
        return this.userManager;
    }
}
