package org.apache.tomee.catalina;

import java.io.Serializable;
import java.security.Principal;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.LinkedList;
import java.util.Set;
import java.util.UUID;
import javax.security.auth.Subject;
import javax.security.auth.login.CredentialNotFoundException;
import javax.security.auth.login.LoginException;
import org.apache.catalina.Engine;
import org.apache.catalina.Group;
import org.apache.catalina.Realm;
import org.apache.catalina.Role;
import org.apache.catalina.Service;
import org.apache.catalina.realm.GenericPrincipal;
import org.apache.openejb.BeanContext;
import org.apache.openejb.core.ThreadContext;
import org.apache.openejb.core.security.AbstractSecurityService;
import org.apache.openejb.spi.CallerPrincipal;
import org.apache.tomee.loader.TomcatHelper;

/* loaded from: input_file:org/apache/tomee/catalina/TomcatSecurityService.class */
public class TomcatSecurityService extends AbstractSecurityService {
    protected static final ThreadLocal<LinkedList<Subject>> runAsStack = new ThreadLocal<LinkedList<Subject>>() { // from class: org.apache.tomee.catalina.TomcatSecurityService.1
        /* JADX INFO: Access modifiers changed from: protected */
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.lang.ThreadLocal
        public LinkedList<Subject> initialValue() {
            return new LinkedList<>();
        }
    };
    private Realm defaultRealm;

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:org/apache/tomee/catalina/TomcatSecurityService$RunAsRole.class */
    public static class RunAsRole implements Principal {
        private final String name;

        public RunAsRole(String str) {
            if (str == null) {
                throw new NullPointerException("name is null");
            }
            this.name = str;
        }

        @Override // java.security.Principal
        public String getName() {
            return this.name;
        }

        @Override // java.security.Principal
        public String toString() {
            return "[RunAsRole: " + this.name + "]";
        }

        @Override // java.security.Principal
        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            return this.name.equals(((RunAsRole) obj).name);
        }

        @Override // java.security.Principal
        public int hashCode() {
            return this.name.hashCode();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @CallerPrincipal
    /* loaded from: input_file:org/apache/tomee/catalina/TomcatSecurityService$TomcatUser.class */
    public static class TomcatUser implements Principal {
        private final Realm realm;
        private final Principal tomcatPrincipal;

        public TomcatUser(Realm realm, Principal principal) {
            if (realm == null) {
                throw new NullPointerException("realm is null");
            }
            if (principal == null) {
                throw new NullPointerException("tomcatPrincipal is null");
            }
            this.realm = realm;
            this.tomcatPrincipal = principal;
        }

        public Realm getRealm() {
            return this.realm;
        }

        public Principal getTomcatPrincipal() {
            return this.tomcatPrincipal;
        }

        @Override // java.security.Principal
        public String getName() {
            return this.tomcatPrincipal.getName();
        }

        @Override // java.security.Principal
        public String toString() {
            return "[TomcatUser: " + this.tomcatPrincipal + "]";
        }

        @Override // java.security.Principal
        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            TomcatUser tomcatUser = (TomcatUser) obj;
            return this.realm.equals(tomcatUser.realm) && this.tomcatPrincipal.equals(tomcatUser.tomcatPrincipal);
        }

        @Override // java.security.Principal
        public int hashCode() {
            return (31 * this.realm.hashCode()) + this.tomcatPrincipal.hashCode();
        }
    }

    /* loaded from: input_file:org/apache/tomee/catalina/TomcatSecurityService$WebAppState.class */
    private static class WebAppState implements Serializable {
        private final AbstractSecurityService.Identity oldIdentity;
        private final boolean hadRunAs;

        public WebAppState(AbstractSecurityService.Identity identity, boolean z) {
            this.oldIdentity = identity;
            this.hadRunAs = z;
        }
    }

    public TomcatSecurityService() {
        for (Service service : TomcatHelper.getServer().findServices()) {
            if (service.getContainer() instanceof Engine) {
                Engine container = service.getContainer();
                if (container.getRealm() != null) {
                    this.defaultRealm = container.getRealm();
                    return;
                }
            }
        }
    }

    public boolean isCallerInRole(String str) {
        if (super.isCallerInRole(str)) {
            return true;
        }
        AbstractSecurityService.SecurityContext securityContext = (AbstractSecurityService.SecurityContext) ThreadContext.getThreadContext().get(AbstractSecurityService.SecurityContext.class);
        Iterator it = securityContext.subject.getPrincipals(TomcatUser.class).iterator();
        while (it.hasNext()) {
            Role tomcatPrincipal = ((TomcatUser) it.next()).getTomcatPrincipal();
            if (tomcatPrincipal instanceof GenericPrincipal) {
                for (String str2 : ((GenericPrincipal) tomcatPrincipal).getRoles()) {
                    if (str2.equals(str)) {
                        return true;
                    }
                }
            } else if (tomcatPrincipal instanceof Group) {
                if (((Group) tomcatPrincipal).getGroupname().equals(str)) {
                    return true;
                }
            } else if ((tomcatPrincipal instanceof Role) && tomcatPrincipal.getRolename().equals(str)) {
                return true;
            }
        }
        Iterator it2 = securityContext.subject.getPrincipals(RunAsRole.class).iterator();
        while (it2.hasNext()) {
            if (str.equals(((RunAsRole) it2.next()).getName())) {
                return true;
            }
        }
        return false;
    }

    /* renamed from: login, reason: merged with bridge method [inline-methods] */
    public UUID m15login(String str, String str2, String str3) throws LoginException {
        if (this.defaultRealm == null) {
            throw new LoginException("No Tomcat realm available");
        }
        Principal authenticate = this.defaultRealm.authenticate(str2, str3);
        if (authenticate == null) {
            throw new CredentialNotFoundException(str2);
        }
        return registerSubject(createSubject(this.defaultRealm, authenticate));
    }

    private Subject createSubject(Realm realm, Principal principal) {
        HashSet hashSet = new HashSet();
        hashSet.add(new TomcatUser(realm, principal));
        return new Subject(true, hashSet, new HashSet(), new HashSet());
    }

    public Set<String> getLogicalRoles(Principal[] principalArr, Set<String> set) {
        LinkedHashSet linkedHashSet = new LinkedHashSet(set.size());
        for (String str : set) {
            int length = principalArr.length;
            int i = 0;
            while (true) {
                if (i < length) {
                    Principal principal = principalArr[i];
                    if (principal instanceof TomcatUser) {
                        TomcatUser tomcatUser = (TomcatUser) principal;
                        if (TomcatHelper.hasRole(tomcatUser.getRealm(), tomcatUser.getTomcatPrincipal(), str)) {
                            linkedHashSet.add(str);
                            break;
                        }
                    } else if (principal != null && str.equals(principal.getName())) {
                        linkedHashSet.add(str);
                    }
                    i++;
                }
            }
        }
        return linkedHashSet;
    }

    public Object enterWebApp(Realm realm, Principal principal, String str) {
        AbstractSecurityService.Identity identity = null;
        if (principal != null) {
            identity = new AbstractSecurityService.Identity(createSubject(realm, principal), (UUID) null);
        }
        WebAppState webAppState = new WebAppState((AbstractSecurityService.Identity) clientIdentity.get(), str != null);
        clientIdentity.set(identity);
        if (str != null) {
            runAsStack.get().addFirst(createRunAsSubject(str));
        }
        return webAppState;
    }

    public void exitWebApp(Object obj) {
        if (obj instanceof WebAppState) {
            WebAppState webAppState = (WebAppState) obj;
            clientIdentity.set(webAppState.oldIdentity);
            if (webAppState.hadRunAs) {
                runAsStack.get().removeFirst();
            }
        }
    }

    protected Subject getRunAsSubject(BeanContext beanContext) {
        Subject runAsSubject = super.getRunAsSubject(beanContext);
        if (runAsSubject != null) {
            return runAsSubject;
        }
        LinkedList<Subject> linkedList = runAsStack.get();
        if (linkedList.isEmpty()) {
            return null;
        }
        return linkedList.getFirst();
    }

    protected Subject createRunAsSubject(String str) {
        if (str == null) {
            return null;
        }
        HashSet hashSet = new HashSet();
        hashSet.add(new RunAsRole(str));
        return new Subject(true, hashSet, new HashSet(), new HashSet());
    }
}
