package org.apache.geronimo.security.jaas;

import EDU.oswego.cs.dl.util.concurrent.ClockDaemon;
import EDU.oswego.cs.dl.util.concurrent.ThreadFactory;
import java.io.IOException;
import java.security.AccessController;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Map;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.management.ObjectName;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.geronimo.gbean.GBeanInfo;
import org.apache.geronimo.gbean.GBeanInfoFactory;
import org.apache.geronimo.gbean.GBeanLifecycle;
import org.apache.geronimo.gbean.WaitingException;
import org.apache.geronimo.kernel.jmx.JMXUtil;
import org.apache.geronimo.security.ContextManager;
import org.apache.geronimo.security.GeronimoSecurityException;
import org.apache.geronimo.security.IdentificationPrincipal;
import org.apache.geronimo.security.RealmPrincipal;
import org.apache.geronimo.security.jaas.SerializableACE;
import org.apache.geronimo.security.realm.SecurityRealm;

/* loaded from: input_file:org/apache/geronimo/security/jaas/LoginService.class */
public class LoginService implements LoginServiceMBean, GBeanLifecycle {
    public static final ObjectName LOGIN_SERVICE;
    private static final Log log;
    protected static final ClockDaemon clockDaemon;
    private long reclaimPeriod;
    private static final ClassLoader classLoader;
    private SecretKey key;
    private String algorithm;
    private String password;
    private static long nextLoginModuleId;
    public static final GBeanInfo GBEAN_INFO;
    static Class class$org$apache$geronimo$security$jaas$LoginService;
    static Class class$org$apache$geronimo$security$RealmPrincipal;
    static final boolean $assertionsDisabled;
    static Class class$java$lang$String;
    static Class class$org$apache$geronimo$security$jaas$LoginModuleId;
    static Class class$java$util$Collection;
    static Class class$org$apache$geronimo$security$realm$SecurityRealm;
    private Map loginCache = new Hashtable();
    private Collection realms = Collections.EMPTY_SET;
    private Collection loginModules = Collections.EMPTY_SET;

    /* loaded from: input_file:org/apache/geronimo/security/jaas/LoginService$CallbackProxy.class */
    class CallbackProxy implements CallbackHandler {
        Callback[] callbacks;
        static final boolean $assertionsDisabled;
        private final LoginService this$0;

        CallbackProxy(LoginService loginService) {
            this.this$0 = loginService;
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
            if (this.callbacks == null) {
                this.callbacks = callbackArr;
                throw new UnsupportedCallbackException(callbackArr[0], "DO NOT PROCEED WITH THIS LOGIN");
            }
            if (!$assertionsDisabled && this.callbacks.length != callbackArr.length) {
                throw new AssertionError("Callback lengths should not have changed");
            }
            for (int i = 0; i < callbackArr.length; i++) {
                callbackArr[i] = this.callbacks[i];
            }
        }

        static {
            Class cls;
            if (LoginService.class$org$apache$geronimo$security$jaas$LoginService == null) {
                cls = LoginService.class$("org.apache.geronimo.security.jaas.LoginService");
                LoginService.class$org$apache$geronimo$security$jaas$LoginService = cls;
            } else {
                cls = LoginService.class$org$apache$geronimo$security$jaas$LoginService;
            }
            $assertionsDisabled = !cls.desiredAssertionStatus();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/geronimo/security/jaas/LoginService$LoginModuleCacheMonitor.class */
    public class LoginModuleCacheMonitor implements Runnable {
        final LoginModuleId key;
        final LoginModuleCacheObject loginModule;
        Object clockTicket;
        final long maxAge;
        private final LoginService this$0;

        LoginModuleCacheMonitor(LoginService loginService, LoginModuleId loginModuleId, LoginModuleCacheObject loginModuleCacheObject, long j) {
            this.this$0 = loginService;
            this.key = loginModuleId;
            this.loginModule = loginModuleCacheObject;
            this.maxAge = j;
        }

        @Override // java.lang.Runnable
        public void run() {
            long currentTimeMillis = System.currentTimeMillis();
            if (this.loginModule.isDone() || currentTimeMillis - this.loginModule.getCreated() > this.maxAge) {
                LoginService.log.trace(new StringBuffer().append("LoginModule [").append(this.loginModule.getLoginModuleId()).append("] reclaimed").toString());
                ClockDaemon.cancel(this.clockTicket);
                this.this$0.loginCache.remove(this.key);
                ContextManager.unregisterSubject(this.loginModule.getSubject());
            }
        }
    }

    public long getReclaimPeriod() {
        return this.reclaimPeriod;
    }

    public void setReclaimPeriod(long j) {
        this.reclaimPeriod = j;
    }

    @Override // org.apache.geronimo.security.jaas.LoginServiceMBean
    public Collection getRealms() throws GeronimoSecurityException {
        return this.realms;
    }

    @Override // org.apache.geronimo.security.jaas.LoginServiceMBean
    public void setRealms(Collection collection) {
        this.realms = collection;
    }

    public Collection getLoginModules() throws GeronimoSecurityException {
        return this.loginModules;
    }

    public String getAlgorithm() {
        return this.algorithm;
    }

    public void setAlgorithm(String str) {
        this.algorithm = str;
    }

    public String getPassword() {
        return this.password;
    }

    public void setPassword(String str) {
        this.password = str;
    }

    @Override // org.apache.geronimo.security.jaas.LoginServiceMBean
    public SerializableACE getAppConfigurationEntry(String str) {
        SerializableACE serializableACE;
        for (SecurityRealm securityRealm : getRealms()) {
            if (str.equals(securityRealm.getRealmName())) {
                AppConfigurationEntry appConfigurationEntry = securityRealm.getAppConfigurationEntry();
                HashMap hashMap = new HashMap();
                hashMap.put(LoginModuleConstants.REALM_NAME, str);
                hashMap.put(LoginModuleConstants.MODULE, appConfigurationEntry.getLoginModuleName());
                if (securityRealm.isLoginModuleLocal()) {
                    serializableACE = new SerializableACE("org.apache.geronimo.security.jaas.RemoteLoginModuleLocalWrapper", SerializableACE.LoginModuleControlFlag.REQUIRED, hashMap);
                } else {
                    hashMap.putAll(appConfigurationEntry.getOptions());
                    serializableACE = new SerializableACE("org.apache.geronimo.security.jaas.RemoteLoginModuleRemoteWrapper", SerializableACE.LoginModuleControlFlag.REQUIRED, hashMap);
                }
                return serializableACE;
            }
        }
        return null;
    }

    /* JADX WARN: Code restructure failed: missing block: B:14:0x0049, code lost:
    
        r0 = r0.getAppConfigurationEntry();
        r0 = (javax.security.auth.spi.LoginModule) java.security.AccessController.doPrivileged(new org.apache.geronimo.security.jaas.LoginService.AnonymousClass3(r6, r0.getLoginModuleName()));
        r0 = new javax.security.auth.Subject();
        r0 = new org.apache.geronimo.security.jaas.LoginService.CallbackProxy(r6);
        r0.initialize(r0, r0, new java.util.HashMap(), r0.getOptions());
        r8 = allocateLoginModuleCacheObject(r0.getMaxLoginModuleAge());
        r8.setRealmName(r7);
        r8.setLoginModule(r0);
        r8.setSubject(r0);
        r8.setCallbackHandler(r0);
        org.apache.geronimo.security.jaas.LoginService.log.trace(new java.lang.StringBuffer().append("LoginModule [").append(r8.getLoginModuleId()).append("] created for realm ").append(r7).toString());
     */
    @Override // org.apache.geronimo.security.jaas.LoginServiceMBean
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public org.apache.geronimo.security.jaas.LoginModuleId allocateLoginModule(java.lang.String r7) {
        /*
            Method dump skipped, instructions count: 255
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.apache.geronimo.security.jaas.LoginService.allocateLoginModule(java.lang.String):org.apache.geronimo.security.jaas.LoginModuleId");
    }

    @Override // org.apache.geronimo.security.jaas.LoginServiceMBean
    public void removeLoginModule(LoginModuleId loginModuleId) throws ExpiredLoginModuleException {
        LoginModuleCacheObject loginModuleCacheObject = (LoginModuleCacheObject) this.loginCache.get(loginModuleId);
        if (loginModuleCacheObject == null) {
            throw new ExpiredLoginModuleException();
        }
        loginModuleCacheObject.setDone(true);
        log.trace(new StringBuffer().append("LoginModule [").append(loginModuleCacheObject.getLoginModuleId()).append("] marked done").toString());
    }

    @Override // org.apache.geronimo.security.jaas.LoginServiceMBean
    public Collection getCallbacks(LoginModuleId loginModuleId) throws ExpiredLoginModuleException {
        LoginModuleCacheObject loginModuleCacheObject = (LoginModuleCacheObject) this.loginCache.get(loginModuleId);
        if (loginModuleCacheObject == null) {
            throw new ExpiredLoginModuleException();
        }
        LoginModule loginModule = loginModuleCacheObject.getLoginModule();
        CallbackProxy callbackProxy = (CallbackProxy) loginModuleCacheObject.getCallbackHandler();
        try {
            loginModule.login();
        } catch (LoginException e) {
        }
        try {
            loginModule.abort();
        } catch (LoginException e2) {
        }
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < callbackProxy.callbacks.length; i++) {
            arrayList.add(callbackProxy.callbacks[i]);
        }
        return arrayList;
    }

    @Override // org.apache.geronimo.security.jaas.LoginServiceMBean
    public boolean login(LoginModuleId loginModuleId, Collection collection) throws LoginException {
        LoginModuleCacheObject loginModuleCacheObject = (LoginModuleCacheObject) this.loginCache.get(loginModuleId);
        if (loginModuleCacheObject == null) {
            throw new ExpiredLoginModuleException();
        }
        LoginModule loginModule = loginModuleCacheObject.getLoginModule();
        ((CallbackProxy) loginModuleCacheObject.getCallbackHandler()).callbacks = (Callback[]) collection.toArray(new Callback[0]);
        return loginModule.login();
    }

    @Override // org.apache.geronimo.security.jaas.LoginServiceMBean
    public boolean commit(LoginModuleId loginModuleId) throws LoginException {
        LoginModuleCacheObject loginModuleCacheObject = (LoginModuleCacheObject) this.loginCache.get(loginModuleId);
        if (loginModuleCacheObject == null) {
            throw new ExpiredLoginModuleException();
        }
        if (!loginModuleCacheObject.getLoginModule().commit()) {
            return false;
        }
        Subject subject = loginModuleCacheObject.getSubject();
        HashSet hashSet = new HashSet();
        Iterator<Principal> it = subject.getPrincipals().iterator();
        while (it.hasNext()) {
            hashSet.add(ContextManager.registerPrincipal(new RealmPrincipal(loginModuleCacheObject.getRealmName(), it.next())));
        }
        subject.getPrincipals().addAll(hashSet);
        ContextManager.registerSubject(subject);
        subject.getPrincipals().add(new IdentificationPrincipal(ContextManager.getSubjectId(loginModuleCacheObject.getSubject())));
        return true;
    }

    @Override // org.apache.geronimo.security.jaas.LoginServiceMBean
    public boolean abort(LoginModuleId loginModuleId) throws LoginException {
        LoginModuleCacheObject loginModuleCacheObject = (LoginModuleCacheObject) this.loginCache.get(loginModuleId);
        if (loginModuleCacheObject == null) {
            throw new ExpiredLoginModuleException();
        }
        return loginModuleCacheObject.getLoginModule().abort();
    }

    @Override // org.apache.geronimo.security.jaas.LoginServiceMBean
    public boolean logout(LoginModuleId loginModuleId) throws LoginException {
        Class cls;
        LoginModuleCacheObject loginModuleCacheObject = (LoginModuleCacheObject) this.loginCache.get(loginModuleId);
        if (loginModuleCacheObject == null) {
            throw new ExpiredLoginModuleException();
        }
        Subject subject = loginModuleCacheObject.getSubject();
        if (class$org$apache$geronimo$security$RealmPrincipal == null) {
            cls = class$("org.apache.geronimo.security.RealmPrincipal");
            class$org$apache$geronimo$security$RealmPrincipal = cls;
        } else {
            cls = class$org$apache$geronimo$security$RealmPrincipal;
        }
        subject.getPrincipals(cls).clear();
        return loginModuleCacheObject.getLoginModule().logout();
    }

    @Override // org.apache.geronimo.security.jaas.LoginServiceMBean
    public Subject retrieveSubject(LoginModuleId loginModuleId) throws LoginException {
        LoginModuleCacheObject loginModuleCacheObject = (LoginModuleCacheObject) this.loginCache.get(loginModuleId);
        if (loginModuleCacheObject == null) {
            throw new ExpiredLoginModuleException();
        }
        return loginModuleCacheObject.getSubject();
    }

    private byte[] hash(Long l) {
        long longValue = l.longValue();
        byte[] bArr = new byte[8];
        for (int i = 7; i >= 0; i--) {
            bArr[i] = (byte) longValue;
            longValue >>>= 8;
        }
        try {
            Mac mac = Mac.getInstance(this.algorithm);
            mac.init(this.key);
            mac.update(bArr);
            return mac.doFinal();
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            if ($assertionsDisabled) {
                return null;
            }
            throw new AssertionError("Should never have reached here");
        }
    }

    private LoginModuleCacheObject allocateLoginModuleCacheObject(long j) {
        LoginModuleCacheObject loginModuleCacheObject;
        synchronized (this.loginCache) {
            long j2 = nextLoginModuleId;
            nextLoginModuleId = j2 + 1;
            Long l = new Long(j2);
            LoginModuleId loginModuleId = new LoginModuleId(l, hash(l));
            LoginModuleCacheObject loginModuleCacheObject2 = (LoginModuleCacheObject) this.loginCache.get(loginModuleId);
            if (loginModuleCacheObject2 == null) {
                loginModuleCacheObject2 = new LoginModuleCacheObject(loginModuleId);
                this.loginCache.put(loginModuleId, loginModuleCacheObject2);
                LoginModuleCacheMonitor loginModuleCacheMonitor = new LoginModuleCacheMonitor(this, loginModuleId, loginModuleCacheObject2, j);
                loginModuleCacheMonitor.clockTicket = clockDaemon.executePeriodically(this.reclaimPeriod, loginModuleCacheMonitor, true);
            }
            loginModuleCacheObject = loginModuleCacheObject2;
        }
        return loginModuleCacheObject;
    }

    public void doStart() throws WaitingException, Exception {
        this.key = new SecretKeySpec(this.password.getBytes(), this.algorithm);
        Mac.getInstance(this.algorithm).init(this.key);
        log.info("Login server has been started");
    }

    public void doStop() throws WaitingException, Exception {
        clockDaemon.shutDown();
        Iterator it = this.loginCache.keySet().iterator();
        while (it.hasNext()) {
            LoginModuleCacheObject loginModuleCacheObject = (LoginModuleCacheObject) this.loginCache.get(it.next());
            log.trace(new StringBuffer().append("LoginModule [").append(loginModuleCacheObject.getLoginModuleId()).append("] reclaimed").toString());
            ContextManager.unregisterSubject(loginModuleCacheObject.getSubject());
        }
        this.loginCache.clear();
        log.info("Login server has been stopped");
    }

    public void doFail() {
    }

    public static GBeanInfo getGBeanInfo() {
        return GBEAN_INFO;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        Class cls2;
        Class cls3;
        Class cls4;
        Class cls5;
        Class cls6;
        Class cls7;
        Class cls8;
        Class cls9;
        Class cls10;
        Class cls11;
        Class cls12;
        Class cls13;
        Class cls14;
        Class cls15;
        if (class$org$apache$geronimo$security$jaas$LoginService == null) {
            cls = class$("org.apache.geronimo.security.jaas.LoginService");
            class$org$apache$geronimo$security$jaas$LoginService = cls;
        } else {
            cls = class$org$apache$geronimo$security$jaas$LoginService;
        }
        $assertionsDisabled = !cls.desiredAssertionStatus();
        LOGIN_SERVICE = JMXUtil.getObjectName("geronimo.security:type=LoginService");
        if (class$org$apache$geronimo$security$jaas$LoginService == null) {
            cls2 = class$("org.apache.geronimo.security.jaas.LoginService");
            class$org$apache$geronimo$security$jaas$LoginService = cls2;
        } else {
            cls2 = class$org$apache$geronimo$security$jaas$LoginService;
        }
        log = LogFactory.getLog(cls2);
        classLoader = (ClassLoader) AccessController.doPrivileged(new PrivilegedAction() { // from class: org.apache.geronimo.security.jaas.LoginService.1
            @Override // java.security.PrivilegedAction
            public Object run() {
                return Thread.currentThread().getContextClassLoader();
            }
        });
        clockDaemon = new ClockDaemon();
        clockDaemon.setThreadFactory(new ThreadFactory() { // from class: org.apache.geronimo.security.jaas.LoginService.2
            public Thread newThread(Runnable runnable) {
                Thread thread = new Thread(runnable, "LoginService login modules monitor");
                thread.setDaemon(true);
                return thread;
            }
        });
        nextLoginModuleId = System.currentTimeMillis();
        if (class$org$apache$geronimo$security$jaas$LoginService == null) {
            cls3 = class$("org.apache.geronimo.security.jaas.LoginService");
            class$org$apache$geronimo$security$jaas$LoginService = cls3;
        } else {
            cls3 = class$org$apache$geronimo$security$jaas$LoginService;
        }
        GBeanInfoFactory gBeanInfoFactory = new GBeanInfoFactory(cls3);
        Class[] clsArr = new Class[1];
        if (class$java$lang$String == null) {
            cls4 = class$("java.lang.String");
            class$java$lang$String = cls4;
        } else {
            cls4 = class$java$lang$String;
        }
        clsArr[0] = cls4;
        gBeanInfoFactory.addOperation("getAppConfigurationEntry", clsArr);
        Class[] clsArr2 = new Class[1];
        if (class$java$lang$String == null) {
            cls5 = class$("java.lang.String");
            class$java$lang$String = cls5;
        } else {
            cls5 = class$java$lang$String;
        }
        clsArr2[0] = cls5;
        gBeanInfoFactory.addOperation("allocateLoginModule", clsArr2);
        Class[] clsArr3 = new Class[1];
        if (class$org$apache$geronimo$security$jaas$LoginModuleId == null) {
            cls6 = class$("org.apache.geronimo.security.jaas.LoginModuleId");
            class$org$apache$geronimo$security$jaas$LoginModuleId = cls6;
        } else {
            cls6 = class$org$apache$geronimo$security$jaas$LoginModuleId;
        }
        clsArr3[0] = cls6;
        gBeanInfoFactory.addOperation("getCallbacks", clsArr3);
        Class[] clsArr4 = new Class[2];
        if (class$org$apache$geronimo$security$jaas$LoginModuleId == null) {
            cls7 = class$("org.apache.geronimo.security.jaas.LoginModuleId");
            class$org$apache$geronimo$security$jaas$LoginModuleId = cls7;
        } else {
            cls7 = class$org$apache$geronimo$security$jaas$LoginModuleId;
        }
        clsArr4[0] = cls7;
        if (class$java$util$Collection == null) {
            cls8 = class$("java.util.Collection");
            class$java$util$Collection = cls8;
        } else {
            cls8 = class$java$util$Collection;
        }
        clsArr4[1] = cls8;
        gBeanInfoFactory.addOperation("login", clsArr4);
        Class[] clsArr5 = new Class[1];
        if (class$org$apache$geronimo$security$jaas$LoginModuleId == null) {
            cls9 = class$("org.apache.geronimo.security.jaas.LoginModuleId");
            class$org$apache$geronimo$security$jaas$LoginModuleId = cls9;
        } else {
            cls9 = class$org$apache$geronimo$security$jaas$LoginModuleId;
        }
        clsArr5[0] = cls9;
        gBeanInfoFactory.addOperation("commit", clsArr5);
        Class[] clsArr6 = new Class[1];
        if (class$org$apache$geronimo$security$jaas$LoginModuleId == null) {
            cls10 = class$("org.apache.geronimo.security.jaas.LoginModuleId");
            class$org$apache$geronimo$security$jaas$LoginModuleId = cls10;
        } else {
            cls10 = class$org$apache$geronimo$security$jaas$LoginModuleId;
        }
        clsArr6[0] = cls10;
        gBeanInfoFactory.addOperation("abort", clsArr6);
        Class[] clsArr7 = new Class[1];
        if (class$org$apache$geronimo$security$jaas$LoginModuleId == null) {
            cls11 = class$("org.apache.geronimo.security.jaas.LoginModuleId");
            class$org$apache$geronimo$security$jaas$LoginModuleId = cls11;
        } else {
            cls11 = class$org$apache$geronimo$security$jaas$LoginModuleId;
        }
        clsArr7[0] = cls11;
        gBeanInfoFactory.addOperation("logout", clsArr7);
        Class[] clsArr8 = new Class[1];
        if (class$org$apache$geronimo$security$jaas$LoginModuleId == null) {
            cls12 = class$("org.apache.geronimo.security.jaas.LoginModuleId");
            class$org$apache$geronimo$security$jaas$LoginModuleId = cls12;
        } else {
            cls12 = class$org$apache$geronimo$security$jaas$LoginModuleId;
        }
        clsArr8[0] = cls12;
        gBeanInfoFactory.addOperation("retrieveSubject", clsArr8);
        gBeanInfoFactory.addAttribute("reclaimPeriod", Long.TYPE, true);
        if (class$java$lang$String == null) {
            cls13 = class$("java.lang.String");
            class$java$lang$String = cls13;
        } else {
            cls13 = class$java$lang$String;
        }
        gBeanInfoFactory.addAttribute("algorithm", cls13, true);
        if (class$java$lang$String == null) {
            cls14 = class$("java.lang.String");
            class$java$lang$String = cls14;
        } else {
            cls14 = class$java$lang$String;
        }
        gBeanInfoFactory.addAttribute("password", cls14, true);
        if (class$org$apache$geronimo$security$realm$SecurityRealm == null) {
            cls15 = class$("org.apache.geronimo.security.realm.SecurityRealm");
            class$org$apache$geronimo$security$realm$SecurityRealm = cls15;
        } else {
            cls15 = class$org$apache$geronimo$security$realm$SecurityRealm;
        }
        gBeanInfoFactory.addReference("Realms", cls15);
        GBEAN_INFO = gBeanInfoFactory.getBeanInfo();
    }
}
