package com.sun.web.security;

import com.iplanet.ias.security.auth.realm.certificate.CertificateRealm;
import com.iplanet.ias.security.auth.realm.webcore.NativeRealm;
import com.sun.enterprise.security.acl.RoleMapper;
import com.sun.enterprise.security.auth.LoginContextDriver;
import com.sun.enterprise.security.auth.realm.Realm;
import com.sun.logging.LogDomains;
import java.security.Principal;
import java.security.cert.X509Certificate;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.catalina.HttpRequest;
import org.apache.catalina.authenticator.Constants;
import org.apache.catalina.connector.HttpRequestBase;
import org.apache.catalina.realm.RealmBase;

/* loaded from: input_file:120981-02/SUNWproxy/reloc/bin/proxy/jar/webserv-rt.jar:com/sun/web/security/RealmAdapter.class */
public class RealmAdapter extends RealmBase {
    private static Logger _logger = LogDomains.getLogger(LogDomains.WEB_LOGGER);
    private static final String name = "S1WS-RealmAdapter";
    private RoleMapper mapper;
    private String realmName = null;
    private boolean isNative = false;

    public RealmAdapter(RoleMapper roleMapper) {
        this.mapper = null;
        this.mapper = roleMapper;
    }

    @Override // org.apache.catalina.realm.RealmBase, org.apache.catalina.Realm
    public boolean hasRole(Principal principal, String str) {
        if (_logger.isLoggable(Level.FINEST)) {
            _logger.log(Level.FINEST, new StringBuffer().append("Checking if principal:").append(principal).append(" has role:").append(str).append(" in realm: ").append(this.realmName).toString());
        }
        return this.mapper.hasRole(principal, str, this.realmName);
    }

    @Override // org.apache.catalina.realm.RealmBase, org.apache.catalina.Realm
    public Principal authenticate(String str, String str2) {
        try {
            LoginContextDriver.login(str, str2, this.realmName);
            return new WebPrincipal(str, str2);
        } catch (Exception e) {
            if (!_logger.isLoggable(Level.FINEST)) {
                return null;
            }
            _logger.finest(new StringBuffer().append("Web login failed: ").append(e.getMessage()).toString());
            return null;
        }
    }

    @Override // org.apache.catalina.realm.RealmBase, org.apache.catalina.Realm
    public Principal authenticate(X509Certificate[] x509CertificateArr) {
        if (x509CertificateArr == null) {
            if (!_logger.isLoggable(Level.FINE)) {
                return null;
            }
            _logger.finest("Web login failed: No client certificate available for client-cert authentication.");
            return null;
        }
        try {
            LoginContextDriver.login(x509CertificateArr, this.realmName);
            return new WebPrincipal(x509CertificateArr);
        } catch (Exception e) {
            if (!_logger.isLoggable(Level.FINEST)) {
                return null;
            }
            _logger.finest(new StringBuffer().append("Web login failed: ").append(e.getMessage()).toString());
            return null;
        }
    }

    @Override // org.apache.catalina.realm.RealmBase, org.apache.catalina.Realm
    public Principal getAlternatePrincipal(HttpRequest httpRequest) {
        if (validateAlternateRequest(httpRequest)) {
            return ((HttpRequestBase) httpRequest).getAlternatePrincipal();
        }
        return null;
    }

    @Override // org.apache.catalina.realm.RealmBase, org.apache.catalina.Realm
    public String getAlternateAuthType(HttpRequest httpRequest) {
        if (validateAlternateRequest(httpRequest)) {
            return ((HttpRequestBase) httpRequest).getAlternateAuthType();
        }
        return null;
    }

    private boolean validateAlternateRequest(HttpRequest httpRequest) {
        return this.isNative && httpRequest != null && (httpRequest instanceof HttpRequestBase);
    }

    @Override // org.apache.catalina.realm.RealmBase, org.apache.catalina.Realm
    public void setRealmName(String str, String str2) {
        Realm realm = Realm.getInstance(str);
        if (Constants.CERT_METHOD.equals(str2)) {
            if (realm == null || !(realm instanceof CertificateRealm)) {
                Realm defaultInstance = Realm.getDefaultInstance();
                if (defaultInstance instanceof CertificateRealm) {
                    this.realmName = defaultInstance.getName();
                } else {
                    this.realmName = Realm.INTERNAL_CERTREALM;
                }
            } else {
                this.realmName = str;
            }
        } else if (realm == null) {
            this.realmName = Realm.getDefaultRealm();
        } else {
            this.realmName = str;
        }
        _logger.finest(new StringBuffer().append("Realm name has been set to: ").append(this.realmName).toString());
        if (Realm.getInstance(this.realmName) instanceof NativeRealm) {
            this.isNative = true;
            _logger.finest(new StringBuffer().append("The realm ").append(this.realmName).append(" is a NativeRealm.").toString());
        }
    }

    @Override // org.apache.catalina.realm.RealmBase, org.apache.catalina.Realm
    public String getRealmName() {
        return this.realmName;
    }

    @Override // org.apache.catalina.realm.RealmBase
    protected String getPassword(String str) {
        throw new IllegalStateException("Should not reach here.");
    }

    @Override // org.apache.catalina.realm.RealmBase
    protected Principal getPrincipal(String str) {
        throw new IllegalStateException("Should not reach here.");
    }

    @Override // org.apache.catalina.realm.RealmBase
    protected String getName() {
        return name;
    }
}
