package com.sun.web.security;

import com.sun.enterprise.ComponentInvocation;
import com.sun.enterprise.deployment.RunAsIdentityDescriptor;
import com.sun.enterprise.deployment.WebBundleDescriptor;
import com.sun.enterprise.deployment.web.WebComponentDescriptor;
import com.sun.enterprise.security.SecurityContext;
import com.sun.enterprise.security.acl.RoleMapper;
import com.sun.enterprise.security.auth.LoginContextDriver;
import com.sun.logging.LogDomains;
import java.security.Principal;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import javax.servlet.http.HttpServlet;
import org.apache.catalina.realm.RealmBase;

/* loaded from: input_file:116287-19/SUNWascmo/reloc/$ASINSTDIR/lib/appserv-rt.jar:com/sun/web/security/RealmAdapter.class */
public class RealmAdapter extends RealmBase {
    static Logger _logger;
    public static final String SECURITY_CONTEXT = "SecurityContext";
    public static final String BASIC = "BASIC";
    public static final String FORM = "FORM";
    public static final String CERT = "certificate";
    private static final boolean debug = false;
    private static int MAX_COUNT;
    private static int SLEEP_TIME;
    private RoleMapper mapper;
    private WebBundleDescriptor webDesc;
    private HashMap runAsPrincipals;
    protected static final String name = "J2EE-RI-RealmAdapter";
    static final boolean $assertionsDisabled;
    static Class class$com$sun$web$security$RealmAdapter;
    static Class class$sun$security$x509$X500Name;

    public RealmAdapter(WebBundleDescriptor webBundleDescriptor) {
        this.mapper = null;
        this.webDesc = null;
        this.runAsPrincipals = null;
        this.webDesc = webBundleDescriptor;
        this.mapper = webBundleDescriptor.getApplication().getRoleMapper();
        webBundleDescriptor.getLoginConfiguration();
        this.runAsPrincipals = new HashMap();
        for (WebComponentDescriptor webComponentDescriptor : this.webDesc.getWebComponentDescriptorsSet()) {
            RunAsIdentityDescriptor runAsIdentity = webComponentDescriptor.getRunAsIdentity();
            if (runAsIdentity != null) {
                String principal = runAsIdentity.getPrincipal();
                String canonicalName = webComponentDescriptor.getCanonicalName();
                if (principal == null || canonicalName == null) {
                    _logger.warning("web.realmadapter.norunas");
                } else {
                    this.runAsPrincipals.put(canonicalName, principal);
                    _logger.fine(new StringBuffer().append("Servlet ").append(canonicalName).append(" will run-as: ").append(principal).toString());
                }
            }
        }
    }

    public WebBundleDescriptor getWebDescriptor() {
        return this.webDesc;
    }

    @Override // org.apache.catalina.realm.RealmBase, org.apache.catalina.Realm
    public boolean hasRole(Principal principal, String str) {
        return this.mapper.hasRole(principal, str);
    }

    public void logout() {
        setSecurityContext(null);
    }

    @Override // org.apache.catalina.realm.RealmBase, org.apache.catalina.Realm
    public Principal authenticate(String str, byte[] bArr) {
        return authenticate(str, new String(bArr));
    }

    @Override // org.apache.catalina.realm.RealmBase, org.apache.catalina.Realm
    public Principal authenticate(String str, String str2) {
        if (!authenticate(str, str2, null)) {
            return null;
        }
        SecurityContext current = SecurityContext.getCurrent();
        if ($assertionsDisabled || current != null) {
            return new WebPrincipal(str, str2, current);
        }
        throw new AssertionError();
    }

    @Override // org.apache.catalina.realm.RealmBase, org.apache.catalina.Realm
    public Principal authenticate(X509Certificate[] x509CertificateArr) {
        if (!authenticate(null, null, x509CertificateArr)) {
            return null;
        }
        SecurityContext current = SecurityContext.getCurrent();
        if ($assertionsDisabled || current != null) {
            return new WebPrincipal(x509CertificateArr, current);
        }
        throw new AssertionError();
    }

    protected boolean authenticate(String str, String str2, X509Certificate[] x509CertificateArr) {
        Class cls;
        SecurityContext.setCurrent(null);
        try {
            if (x509CertificateArr != null) {
                Subject subject = new Subject();
                subject.getPublicCredentials().add(x509CertificateArr[0].getSubjectDN());
                if (class$sun$security$x509$X500Name == null) {
                    cls = class$("sun.security.x509.X500Name");
                    class$sun$security$x509$X500Name = cls;
                } else {
                    cls = class$sun$security$x509$X500Name;
                }
                LoginContextDriver.login(subject, cls);
            } else {
                LoginContextDriver.login(str, str2);
            }
            return true;
        } catch (Exception e) {
            if (!_logger.isLoggable(Level.FINEST)) {
                return false;
            }
            _logger.finest(new StringBuffer().append("Web login failed: ").append(e.getMessage()).toString());
            return false;
        }
    }

    public void preSetRunAsIdentity(ComponentInvocation componentInvocation) {
        String str;
        String servletName = getServletName(componentInvocation);
        if (servletName == null || (str = (String) this.runAsPrincipals.get(servletName)) == null) {
            return;
        }
        componentInvocation.setOldSecurityContext(getSecurityContext());
        loginForRunAs(str);
        if (_logger.isLoggable(Level.FINE)) {
            _logger.fine(new StringBuffer().append("run-as principal for ").append(servletName).append(" set to: ").append(str).toString());
        }
    }

    private String getServletName(ComponentInvocation componentInvocation) {
        Object componentInvocation2 = componentInvocation.getInstance();
        if (!(componentInvocation2 instanceof HttpServlet)) {
            return null;
        }
        HttpServlet httpServlet = (HttpServlet) componentInvocation2;
        if (httpServlet.getServletConfig() != null) {
            return httpServlet.getServletName();
        }
        return null;
    }

    public void postSetRunAsIdentity(ComponentInvocation componentInvocation) {
        String servletName = getServletName(componentInvocation);
        if (servletName == null || ((String) this.runAsPrincipals.get(servletName)) == null) {
            return;
        }
        setSecurityContext(componentInvocation.getOldSecurityContext());
    }

    private void loginForRunAs(String str) {
        LoginContextDriver.loginPrincipal(str);
    }

    private SecurityContext getSecurityContext() {
        return SecurityContext.getCurrent();
    }

    private void setSecurityContext(SecurityContext securityContext) {
        SecurityContext.setCurrent(securityContext);
    }

    @Override // org.apache.catalina.realm.RealmBase
    protected String getPassword(String str) {
        throw new IllegalStateException("Should not reach here");
    }

    @Override // org.apache.catalina.realm.RealmBase
    protected Principal getPrincipal(String str) {
        throw new IllegalStateException("Should not reach here");
    }

    @Override // org.apache.catalina.realm.RealmBase
    protected String getName() {
        return name;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$com$sun$web$security$RealmAdapter == null) {
            cls = class$("com.sun.web.security.RealmAdapter");
            class$com$sun$web$security$RealmAdapter = cls;
        } else {
            cls = class$com$sun$web$security$RealmAdapter;
        }
        $assertionsDisabled = !cls.desiredAssertionStatus();
        _logger = LogDomains.getLogger(LogDomains.WEB_LOGGER);
        MAX_COUNT = 5;
        SLEEP_TIME = 5000;
    }
}
