package org.apache.geronimo.security;

import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.security.ProviderException;
import java.util.Collections;
import java.util.HashMap;
import java.util.IdentityHashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.security.jacc.PolicyContext;
import org.apache.geronimo.security.realm.providers.GeronimoCallerPrincipal;

/* loaded from: input_file:org/apache/geronimo/security/ContextManager.class */
public class ContextManager {
    private static final ThreadLocal<Callers> callers;
    private static final ThreadLocal<ThreadData> threadData;
    private static Map<Subject, Context> subjectContexts;
    private static Map<SubjectId, Subject> subjectIds;
    private static long nextSubjectId;
    private static SecretKey key;
    private static String algorithm;
    private static String password;
    public static final GeronimoSecurityPermission GET_CONTEXT;
    public static final GeronimoSecurityPermission SET_CONTEXT;
    public static final Subject EMPTY;
    static final /* synthetic */ boolean $assertionsDisabled;

    public static LoginContext login(String str, CallbackHandler callbackHandler, Configuration configuration) throws LoginException {
        Subject subject = new Subject();
        LoginContext loginContext = new LoginContext(str, subject, callbackHandler, configuration);
        loginContext.login();
        subject.getPrincipals().add(new IdentificationPrincipal(registerSubject(subject)));
        return loginContext;
    }

    public static LoginContext login(String str, CallbackHandler callbackHandler) throws LoginException {
        return login(str, callbackHandler, (Configuration) null);
    }

    public static LoginContext login(Subject subject, String str, CallbackHandler callbackHandler, Configuration configuration) throws LoginException {
        LoginContext loginContext = new LoginContext(str, subject, callbackHandler, configuration);
        loginContext.login();
        return loginContext;
    }

    public static LoginContext login(Subject subject, String str, CallbackHandler callbackHandler) throws LoginException {
        return login(subject, str, callbackHandler, null);
    }

    public static void logout(LoginContext loginContext) throws LoginException {
        unregisterSubject(loginContext.getSubject());
        loginContext.logout();
    }

    public static void setCallers(Subject subject, Subject subject2) {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(SET_CONTEXT);
        }
        if (!$assertionsDisabled && subject == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && subject2 == null) {
            throw new AssertionError();
        }
        callers.set(new Callers(subject, subject2));
    }

    public static void clearCallers() {
        callers.set(null);
    }

    public static Callers getCallers() {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(GET_CONTEXT);
        }
        return callers.get();
    }

    public static Callers setNextCaller(Subject subject) {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(SET_CONTEXT);
        }
        if (!$assertionsDisabled && subject == null) {
            throw new AssertionError();
        }
        Callers callers2 = callers.get();
        if (!$assertionsDisabled && callers2 == null) {
            throw new AssertionError();
        }
        callers.set(new Callers(callers2.getNextCaller(), subject));
        return callers2;
    }

    public static Callers pushNextCaller(Subject subject) {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(SET_CONTEXT);
        }
        Callers callers2 = callers.get();
        Subject nextCaller = callers2 == null ? null : callers2.getNextCaller();
        callers.set(new Callers(nextCaller, (subject == null || subject == EMPTY) ? nextCaller : subject));
        return callers2;
    }

    public static void popCallers(Callers callers2) {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(SET_CONTEXT);
        }
        callers.set(callers2);
    }

    public static Subject getCurrentCaller() {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(GET_CONTEXT);
        }
        Callers callers2 = callers.get();
        if (callers2 == null) {
            return null;
        }
        return callers2.getCurrentCaller();
    }

    public static Subject getNextCaller() {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(GET_CONTEXT);
        }
        Callers callers2 = callers.get();
        if (callers2 == null) {
            return null;
        }
        return callers2.getNextCaller();
    }

    public static AccessControlContext getCurrentContext() {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(GET_CONTEXT);
        }
        Callers callers2 = callers.get();
        if (!$assertionsDisabled && callers2 == null) {
            throw new AssertionError("No current callers");
        }
        Subject currentCaller = callers2.getCurrentCaller();
        if (!$assertionsDisabled && currentCaller == null) {
            throw new AssertionError("No current caller");
        }
        Context context = subjectContexts.get(currentCaller);
        if ($assertionsDisabled || context != null) {
            return context.getContext();
        }
        throw new AssertionError("No registered context");
    }

    public static Principal getCurrentPrincipal(Subject subject) {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(GET_CONTEXT);
        }
        if (subject == null) {
            return new Principal() { // from class: org.apache.geronimo.security.ContextManager.2
                @Override // java.security.Principal
                public String getName() {
                    return "";
                }
            };
        }
        Context context = subjectContexts.get(subject);
        if ($assertionsDisabled || context != null) {
            return context.getPrincipal();
        }
        throw new AssertionError("No registered context");
    }

    public static SubjectId getCurrentId() {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(GET_CONTEXT);
        }
        Callers callers2 = callers.get();
        if (!$assertionsDisabled && callers2 == null) {
            throw new AssertionError("No current callers");
        }
        Subject currentCaller = callers2.getCurrentCaller();
        if (!$assertionsDisabled && currentCaller == null) {
            throw new AssertionError("No current caller");
        }
        Context context = subjectContexts.get(currentCaller);
        if ($assertionsDisabled || context != null) {
            return context.getId();
        }
        throw new AssertionError("No registered context");
    }

    public static SubjectId getSubjectId(Subject subject) {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(GET_CONTEXT);
        }
        Context context = subjectContexts.get(subject);
        if (context != null) {
            return context.getId();
        }
        return null;
    }

    public static Subject getRegisteredSubject(SubjectId subjectId) {
        return subjectIds.get(subjectId);
    }

    public static synchronized SubjectId registerSubject(Subject subject) {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(SET_CONTEXT);
        }
        if (subject == null) {
            throw new IllegalArgumentException("Subject must not be null");
        }
        AccessControlContext accessControlContext = (AccessControlContext) Subject.doAsPrivileged(subject, new PrivilegedAction() { // from class: org.apache.geronimo.security.ContextManager.3
            @Override // java.security.PrivilegedAction
            public Object run() {
                return AccessController.getContext();
            }
        }, (AccessControlContext) null);
        Set principals = subject.getPrincipals(GeronimoCallerPrincipal.class);
        Principal principal = null;
        if (principals.isEmpty()) {
            Set principals2 = subject.getPrincipals(PrimaryRealmPrincipal.class);
            if (principals2.isEmpty()) {
                Set principals3 = subject.getPrincipals(RealmPrincipal.class);
                if (principals3.isEmpty()) {
                    Set<Principal> principals4 = subject.getPrincipals();
                    if (!principals4.isEmpty()) {
                        principal = principals4.iterator().next();
                    }
                } else {
                    principal = (Principal) principals3.iterator().next();
                }
            } else {
                principal = (Principal) principals2.iterator().next();
            }
        } else {
            principal = (Principal) principals.iterator().next();
        }
        long j = nextSubjectId;
        nextSubjectId = j + 1;
        Long valueOf = Long.valueOf(j);
        try {
            Context context = new Context(new SubjectId(valueOf, hash(valueOf)), accessControlContext, subject, principal, Collections.emptyList());
            subjectIds.put(context.getId(), subject);
            subjectContexts.put(subject, context);
            return context.getId();
        } catch (InvalidKeyException e) {
            throw new ProviderException("Invalid key: " + key.toString());
        } catch (NoSuchAlgorithmException e2) {
            throw new ProviderException("No such algorithm: " + algorithm + ".  This can be caused by a misconfigured java.ext.dirs, JAVA_HOME or JRE_HOME environment variable");
        }
    }

    public static synchronized AccessControlContext registerSubjectShort(Subject subject, Principal principal, List<String> list) {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(SET_CONTEXT);
        }
        if (subject == null) {
            throw new IllegalArgumentException("Subject must not be null");
        }
        Context context = subjectContexts.get(subject);
        if (context != null) {
            return context.getContext();
        }
        AccessControlContext accessControlContext = (AccessControlContext) Subject.doAsPrivileged(subject, new PrivilegedAction() { // from class: org.apache.geronimo.security.ContextManager.4
            @Override // java.security.PrivilegedAction
            public Object run() {
                return AccessController.getContext();
            }
        }, (AccessControlContext) null);
        long j = nextSubjectId;
        nextSubjectId = j + 1;
        Long valueOf = Long.valueOf(j);
        try {
            SubjectId subjectId = new SubjectId(valueOf, hash(valueOf));
            subject.getPrincipals().add(new IdentificationPrincipal(subjectId));
            Context context2 = new Context(subjectId, accessControlContext, subject, principal, list);
            subjectIds.put(context2.getId(), subject);
            subjectContexts.put(subject, context2);
            return accessControlContext;
        } catch (InvalidKeyException e) {
            throw new ProviderException("Invalid key: " + key.toString());
        } catch (NoSuchAlgorithmException e2) {
            throw new ProviderException("No such algorithm: " + algorithm + ".  This can be caused by a misconfigured java.ext.dirs, JAVA_HOME or JRE_HOME environment variable");
        }
    }

    public static synchronized void unregisterSubject(Subject subject) {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(SET_CONTEXT);
        }
        if (subject == null) {
            throw new IllegalArgumentException("Subject must not be null");
        }
        Context context = subjectContexts.get(subject);
        if (context == null) {
            return;
        }
        subjectIds.remove(context.getId());
        subjectContexts.remove(subject);
    }

    public static IdentificationPrincipal getThreadPrincipal() {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(GET_CONTEXT);
        }
        Subject subject = Subject.getSubject(AccessController.getContext());
        if (subject == null) {
            return null;
        }
        Set principals = subject.getPrincipals(IdentificationPrincipal.class);
        if (principals.isEmpty()) {
            return null;
        }
        return (IdentificationPrincipal) principals.iterator().next();
    }

    public static ThreadData getThreadData() {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(GET_CONTEXT);
        }
        return threadData.get();
    }

    public static String getAlgorithm() {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(GET_CONTEXT);
        }
        return algorithm;
    }

    public static void setAlgorithm(String str) {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(SET_CONTEXT);
        }
        algorithm = str;
        key = new SecretKeySpec(password.getBytes(), str);
        try {
            Mac.getInstance(str).init(key);
        } catch (InvalidKeyException e) {
            if (!$assertionsDisabled) {
                throw new AssertionError("Should never have reached here");
            }
            throw new ProviderException("Invalid key: " + key.toString());
        } catch (NoSuchAlgorithmException e2) {
            if (!$assertionsDisabled) {
                throw new AssertionError("Should never have reached here");
            }
            throw new ProviderException("No such algorithm: " + str + ".  This can be caused by a misconfigured java.ext.dirs, JAVA_HOME or JRE_HOME environment variable.");
        }
    }

    public static String getPassword() {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(GET_CONTEXT);
        }
        return password;
    }

    public static void setPassword(String str) {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(SET_CONTEXT);
        }
        password = str;
        key = new SecretKeySpec(str.getBytes(), algorithm);
    }

    private static byte[] hash(Long l) throws NoSuchAlgorithmException, InvalidKeyException {
        long longValue = l.longValue();
        byte[] bArr = new byte[8];
        for (int i = 7; i >= 0; i--) {
            bArr[i] = (byte) longValue;
            longValue >>>= 8;
        }
        Mac mac = Mac.getInstance(algorithm);
        mac.init(key);
        mac.update(bArr);
        return mac.doFinal();
    }

    static {
        $assertionsDisabled = !ContextManager.class.desiredAssertionStatus();
        callers = new ThreadLocal<>();
        threadData = new ThreadLocal<ThreadData>() { // from class: org.apache.geronimo.security.ContextManager.1
            /* JADX INFO: Access modifiers changed from: protected */
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.lang.ThreadLocal
            public ThreadData initialValue() {
                ThreadData threadData2 = new ThreadData();
                PolicyContext.setHandlerData(threadData2);
                return threadData2;
            }
        };
        subjectContexts = new IdentityHashMap();
        subjectIds = Collections.synchronizedMap(new HashMap());
        nextSubjectId = System.currentTimeMillis();
        GET_CONTEXT = new GeronimoSecurityPermission("getContext");
        SET_CONTEXT = new GeronimoSecurityPermission("setContext");
        password = "secret";
        setAlgorithm("HmacSHA1");
        EMPTY = new Subject();
        EMPTY.setReadOnly();
        registerSubject(EMPTY);
    }
}
