package org.granite.messaging.service.security;

import com.sun.web.security.RealmAdapter;
import java.lang.reflect.Field;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.security.Principal;
import java.util.Iterator;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpSession;
import org.apache.catalina.Engine;
import org.apache.catalina.Realm;
import org.apache.catalina.Server;
import org.apache.catalina.ServerFactory;
import org.apache.catalina.Service;
import org.apache.catalina.Session;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.RequestFacade;
import org.apache.catalina.core.StandardContext;
import org.granite.context.GraniteContext;
import org.granite.logging.Logger;
import org.granite.messaging.service.security.SecurityService;
import org.granite.messaging.webapp.HttpGraniteContext;
import org.granite.messaging.webapp.ServletGraniteContext;

/* loaded from: input_file:org/granite/messaging/service/security/GlassFishV3SecurityService.class */
public class GlassFishV3SecurityService extends AbstractSecurityService {
    private static final Logger log = Logger.getLogger(GlassFishV3SecurityService.class);
    private static Method authenticate;
    private final Field requestField;
    private Engine engine = null;

    /* loaded from: input_file:org/granite/messaging/service/security/GlassFishV3SecurityService$GlassFishV3AuthenticationContext.class */
    public static class GlassFishV3AuthenticationContext implements SecurityService.AuthenticationContext {
        private static final long serialVersionUID = 1;
        private final String securityServletName;
        private final transient RealmAdapter realm;
        private transient Principal principal;

        public GlassFishV3AuthenticationContext(String str, RealmAdapter realmAdapter) {
            this.securityServletName = str;
            this.realm = realmAdapter;
        }

        public Principal authenticate(String str, String str2) {
            if (this.realm == null) {
                throw SecurityServiceException.newAuthenticationFailedException("Invalid authentication");
            }
            this.principal = GlassFishV3SecurityService.authenticate(this.realm, str, str2);
            return this.principal;
        }

        public Principal getPrincipal() {
            return this.principal;
        }

        public boolean isUserInRole(String str) {
            return this.realm.hasRole(this.securityServletName, this.principal, str);
        }

        public void logout() {
            this.realm.logout();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Principal authenticate(Realm realm, String str, String str2) {
        try {
            return authenticate.getParameterTypes()[1].equals(String.class) ? (Principal) authenticate.invoke(realm, str, str2) : (Principal) authenticate.invoke(realm, str, str2.toCharArray());
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public GlassFishV3SecurityService() {
        try {
            this.requestField = RequestFacade.class.getDeclaredField("request");
            this.requestField.setAccessible(true);
        } catch (Exception e) {
            throw new RuntimeException("Could not get 'request' field in GlassFish V3 RequestFacade", e);
        }
    }

    protected Field getRequestField() {
        return this.requestField;
    }

    protected Engine getEngine() {
        return this.engine;
    }

    public void configure(Map<String, String> map) {
        String str = map.get("service");
        Server server = ServerFactory.getServer();
        if (server == null) {
            throw new NullPointerException("Could not get GlassFish V3 server");
        }
        Service service = null;
        if (str != null) {
            service = server.findService(str);
        } else {
            Service[] findServices = server.findServices();
            if (findServices != null && findServices.length > 0) {
                service = findServices[0];
            }
        }
        if (service == null) {
            throw new NullPointerException("Could not find GlassFish V3 service for: " + (str != null ? str : "(default)"));
        }
        this.engine = service.getContainer();
        if (this.engine == null) {
            throw new NullPointerException("Could not find GlassFish V3 container for: " + (str != null ? str : "(default)"));
        }
    }

    public void prelogin(HttpSession httpSession, Object obj, String str) {
        RealmAdapter realm;
        if (httpSession == null || (httpSession.getAttribute(SecurityService.AuthenticationContext.class.getName()) instanceof GlassFishV3AuthenticationContext)) {
            return;
        }
        HttpServletRequest httpServletRequest = null;
        if (obj.getClass().getName().equals("com.sun.grizzly.websockets.ServerNetworkHandler$WSServletRequestImpl")) {
            try {
                Field declaredField = obj.getClass().getDeclaredField("glassfishSupport");
                declaredField.setAccessible(true);
                Object obj2 = declaredField.get(obj);
                Field declaredField2 = obj2.getClass().getDeclaredField("context");
                declaredField2.setAccessible(true);
                Object obj3 = declaredField2.get(obj2);
                Field declaredField3 = obj3.getClass().getDeclaredField("context");
                declaredField3.setAccessible(true);
                realm = (RealmAdapter) ((StandardContext) declaredField3.get(obj3)).getRealm();
            } catch (Exception e) {
                throw new RuntimeException("Could not get internal glassfish v3 request", e);
            }
        } else {
            if (obj instanceof HttpServletRequest) {
                httpServletRequest = (HttpServletRequest) obj;
            } else if (obj.getClass().getName().equals("org.glassfish.tyrus.core.RequestContext")) {
                try {
                    Field declaredField4 = obj.getClass().getDeclaredField("isUserInRoleDelegate");
                    declaredField4.setAccessible(true);
                    Object obj4 = declaredField4.get(obj);
                    Field declaredField5 = obj4.getClass().getDeclaredField("val$httpServletRequest");
                    declaredField5.setAccessible(true);
                    httpServletRequest = (HttpServletRequest) declaredField5.get(obj4);
                } catch (Exception e2) {
                    throw new RuntimeException("Could not get internal glassfish v3 / tyrus request", e2);
                }
            }
            str = getRequest(httpServletRequest).getWrapper().getServletName();
            realm = getRealm(httpServletRequest);
        }
        httpSession.setAttribute(SecurityService.AuthenticationContext.class.getName(), new GlassFishV3AuthenticationContext(str, realm));
    }

    public Principal login(Object obj, String str) throws SecurityServiceException {
        Principal authenticate2;
        String[] decodeBase64Credentials = decodeBase64Credentials(obj, str);
        ServletGraniteContext currentInstance = GraniteContext.getCurrentInstance();
        Request request = null;
        if (currentInstance instanceof HttpGraniteContext) {
            request = getRequest(GraniteContext.getCurrentInstance().getRequest());
            GlassFishV3AuthenticationContext glassFishV3AuthenticationContext = new GlassFishV3AuthenticationContext(request.getWrapper().getServletName(), request.getContext().getRealm());
            authenticate2 = glassFishV3AuthenticationContext.authenticate(decodeBase64Credentials[0], decodeBase64Credentials[1]);
            if (authenticate2 != null) {
                currentInstance.getSession().setAttribute(SecurityService.AuthenticationContext.class.getName(), glassFishV3AuthenticationContext);
            }
        } else {
            SecurityService.AuthenticationContext authenticationContext = (SecurityService.AuthenticationContext) currentInstance.getSession().getAttribute(SecurityService.AuthenticationContext.class.getName());
            if (authenticationContext == null) {
                return null;
            }
            authenticate2 = authenticationContext.authenticate(decodeBase64Credentials[0], decodeBase64Credentials[1]);
        }
        if (authenticate2 == null) {
            throw SecurityServiceException.newInvalidCredentialsException("Wrong username or password");
        }
        currentInstance.setPrincipal(authenticate2);
        if (currentInstance instanceof HttpGraniteContext) {
            request.setAuthType("granite-security");
            request.setUserPrincipal(authenticate2);
            Session sessionInternal = request.getSessionInternal();
            sessionInternal.setAuthType("granite-security");
            sessionInternal.setPrincipal(authenticate2);
            sessionInternal.setNote("org.apache.catalina.session.USERNAME", decodeBase64Credentials[0]);
            sessionInternal.setNote("org.apache.catalina.session.PASSWORD", decodeBase64Credentials[1]);
        }
        endLogin(obj, str);
        return authenticate2;
    }

    public Object authorize(AbstractSecurityContext abstractSecurityContext) throws Exception {
        Throwable th;
        HttpSession session;
        startAuthorization(abstractSecurityContext);
        ServletGraniteContext currentInstance = GraniteContext.getCurrentInstance();
        HttpServletRequest httpServletRequest = null;
        SecurityService.AuthenticationContext authenticationContext = null;
        Principal principal = null;
        if (currentInstance instanceof HttpGraniteContext) {
            httpServletRequest = currentInstance.getRequest();
            Request request = getRequest(httpServletRequest);
            Session sessionInternal = request.getSessionInternal(false);
            if (sessionInternal != null) {
                request.setAuthType(sessionInternal.getAuthType());
                principal = sessionInternal.getPrincipal();
                if (principal == null && tryRelogin()) {
                    principal = sessionInternal.getPrincipal();
                }
            }
            request.setUserPrincipal(principal);
        } else {
            HttpSession session2 = currentInstance.getSession(false);
            if (session2 != null) {
                authenticationContext = (SecurityService.AuthenticationContext) session2.getAttribute(SecurityService.AuthenticationContext.class.getName());
                if (authenticationContext != null) {
                    principal = authenticationContext.getPrincipal();
                }
            }
        }
        currentInstance.setPrincipal(principal);
        if (abstractSecurityContext.getDestination().isSecured()) {
            if (principal == null) {
                if (httpServletRequest == null || httpServletRequest.getRequestedSessionId() == null || ((session = httpServletRequest.getSession(false)) != null && httpServletRequest.getRequestedSessionId().equals(session.getId()))) {
                    throw SecurityServiceException.newNotLoggedInException("User not logged in");
                }
                throw SecurityServiceException.newSessionExpiredException("Session expired");
            }
            if (httpServletRequest == null && authenticationContext == null) {
                throw SecurityServiceException.newNotLoggedInException("No authorization context");
            }
            boolean z = true;
            Iterator it = abstractSecurityContext.getDestination().getRoles().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                String str = (String) it.next();
                if (httpServletRequest != null && httpServletRequest.isUserInRole(str)) {
                    z = false;
                    break;
                }
                if (authenticationContext != null && authenticationContext.isUserInRole(str)) {
                    z = false;
                    break;
                }
            }
            if (z) {
                throw SecurityServiceException.newAccessDeniedException("User not in required role");
            }
        }
        try {
            return endAuthorization(abstractSecurityContext);
        } catch (InvocationTargetException e) {
            Throwable th2 = e;
            while (true) {
                th = th2;
                if (th == null) {
                    throw e;
                }
                if ((th instanceof SecurityException) || "javax.ejb.EJBAccessException".equals(th.getClass().getName())) {
                    break;
                }
                th2 = th.getCause();
            }
            throw SecurityServiceException.newAccessDeniedException(th.getMessage());
        }
    }

    public void logout() throws SecurityServiceException {
        ServletGraniteContext currentInstance = GraniteContext.getCurrentInstance();
        if (!(currentInstance instanceof HttpGraniteContext)) {
            HttpSession session = currentInstance.getSession();
            if (session != null) {
                session.removeAttribute(SecurityService.AuthenticationContext.class.getName());
                endLogout();
                session.invalidate();
                return;
            }
            return;
        }
        Session session2 = getSession(currentInstance.getRequest(), false);
        if (session2 == null || session2.getPrincipal() == null) {
            return;
        }
        session2.setAuthType((String) null);
        session2.setPrincipal((Principal) null);
        session2.removeNote("org.apache.catalina.session.USERNAME");
        session2.removeNote("org.apache.catalina.session.PASSWORD");
        endLogout();
        session2.expire();
    }

    protected Session getSession(HttpServletRequest httpServletRequest, boolean z) {
        return getRequest(httpServletRequest).getSessionInternal(z);
    }

    protected Request getRequest(HttpServletRequest httpServletRequest) {
        while (httpServletRequest instanceof HttpServletRequestWrapper) {
            httpServletRequest = (HttpServletRequest) ((HttpServletRequestWrapper) httpServletRequest).getRequest();
        }
        try {
            return (Request) this.requestField.get(httpServletRequest);
        } catch (Exception e) {
            throw new RuntimeException("Could not get GlassFish V3 request", e);
        }
    }

    protected RealmAdapter getRealm(HttpServletRequest httpServletRequest) {
        return getRequest(httpServletRequest).getContext().getRealm();
    }

    static {
        authenticate = null;
        try {
            authenticate = Realm.class.getMethod("authenticate", String.class, String.class);
            log.info("Detected GlassFish v3.0 authentication", new Object[0]);
        } catch (NoSuchMethodError e) {
        } catch (NoSuchMethodException e2) {
        }
        if (authenticate == null) {
            try {
                authenticate = Realm.class.getMethod("authenticate", String.class, char[].class);
                log.info("Detected GlassFish v3.1+ authentication", new Object[0]);
            } catch (NoSuchMethodError e3) {
            } catch (NoSuchMethodException e4) {
            }
        }
        if (authenticate == null) {
            throw new ExceptionInInitializerError("Could not find any supported Realm.authenticate method");
        }
    }
}
