package org.apache.geronimo.jmxremoting;

import java.util.Iterator;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import javax.management.Notification;
import javax.management.NotificationListener;
import javax.management.remote.JMXAuthenticator;
import javax.management.remote.JMXConnectionNotification;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal;

/* loaded from: input_file:org/apache/geronimo/jmxremoting/Authenticator.class */
public class Authenticator implements JMXAuthenticator, NotificationListener {
    private final String configName;
    private final ClassLoader cl;
    private ThreadLocal<LoginContext> threadContext = new ThreadLocal<>();
    private Map<String, LoginContext> contextMap = new ConcurrentHashMap();

    public Authenticator(String str, ClassLoader classLoader) {
        this.configName = str;
        this.cl = classLoader;
    }

    public Subject authenticate(Object obj) throws SecurityException {
        if (!(obj instanceof String[])) {
            throw new IllegalArgumentException("Expected String[2], got " + (obj == null ? null : obj.getClass().getName()));
        }
        String[] strArr = (String[]) obj;
        if (strArr.length != 2) {
            throw new IllegalArgumentException("Expected String[2] but length was " + strArr.length);
        }
        Thread currentThread = Thread.currentThread();
        ClassLoader contextClassLoader = currentThread.getContextClassLoader();
        Credentials credentials = new Credentials(strArr[0], strArr[1]);
        try {
            try {
                currentThread.setContextClassLoader(this.cl);
                LoginContext loginContext = new LoginContext(this.configName, credentials);
                loginContext.login();
                this.threadContext.set(loginContext);
                boolean z = false;
                Iterator it = loginContext.getSubject().getPrincipals(GeronimoGroupPrincipal.class).iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    if (((GeronimoGroupPrincipal) it.next()).getName().equals("admin")) {
                        z = true;
                        break;
                    }
                }
                if (!z) {
                    throw new LoginException("Only users in admin group are allowed");
                }
                Subject subject = loginContext.getSubject();
                credentials.clear();
                currentThread.setContextClassLoader(contextClassLoader);
                return subject;
            } catch (LoginException e) {
                throw new SecurityException("Invalid login");
            }
        } catch (Throwable th) {
            credentials.clear();
            currentThread.setContextClassLoader(contextClassLoader);
            throw th;
        }
    }

    public void handleNotification(Notification notification, Object obj) {
        if (notification instanceof JMXConnectionNotification) {
            JMXConnectionNotification jMXConnectionNotification = (JMXConnectionNotification) notification;
            String type = jMXConnectionNotification.getType();
            String connectionId = jMXConnectionNotification.getConnectionId();
            if ("jmx.remote.connection.opened".equals(type)) {
                LoginContext loginContext = this.threadContext.get();
                this.threadContext.set(null);
                this.contextMap.put(connectionId, loginContext);
            } else {
                LoginContext remove = this.contextMap.remove(connectionId);
                if (remove != null) {
                    try {
                        remove.logout();
                    } catch (LoginException e) {
                    }
                }
            }
        }
    }
}
