package com.apusic.security.jaspic.servlet;

import com.apusic.deploy.runtime.LoginConfig;
import com.apusic.security.AuthenticationException;
import com.apusic.security.GroupImpl;
import com.apusic.security.PrincipalImpl;
import com.apusic.security.Security;
import com.apusic.security.SecurityController;
import com.apusic.security.jaspic.AppservAccessController;
import com.apusic.web.container.WebContainer;
import java.io.IOException;
import java.rmi.RemoteException;
import java.security.Principal;
import java.security.PrivilegedAction;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.message.AuthException;
import javax.security.auth.message.callback.CallerPrincipalCallback;
import javax.security.auth.message.callback.GroupPrincipalCallback;
import javax.security.auth.message.callback.PasswordValidationCallback;
import javax.security.auth.x500.X500Principal;

/* loaded from: input_file:com/apusic/security/jaspic/servlet/ServletContainerProfileCallbackHandler.class */
public class ServletContainerProfileCallbackHandler implements CallbackHandler {
    private static final String CERTIFICATE = "certificate";
    private WebContainer webContainer;

    public ServletContainerProfileCallbackHandler(WebContainer webContainer) {
        this.webContainer = webContainer;
    }

    @Override // javax.security.auth.callback.CallbackHandler
    public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
        if (callbackArr == null) {
            return;
        }
        for (Callback callback : callbackArr) {
            if (!isSupportedCallback(callback)) {
                throw new UnsupportedCallbackException(callback);
            }
            processCallback(callback);
        }
    }

    private boolean isSupportedCallback(Callback callback) {
        boolean z = false;
        if ((callback instanceof PasswordValidationCallback) || (callback instanceof CallerPrincipalCallback) || (callback instanceof GroupPrincipalCallback)) {
            z = true;
        }
        return z;
    }

    protected void processCallback(Callback callback) throws UnsupportedCallbackException {
        if (callback instanceof CallerPrincipalCallback) {
            processCallerPrincipal((CallerPrincipalCallback) callback);
        } else if (callback instanceof GroupPrincipalCallback) {
            processGroupPrincipal((GroupPrincipalCallback) callback);
        } else {
            if (!(callback instanceof PasswordValidationCallback)) {
                throw new UnsupportedCallbackException(callback);
            }
            processPasswordValidation((PasswordValidationCallback) callback);
        }
    }

    private void processPasswordValidation(PasswordValidationCallback passwordValidationCallback) {
        String username = passwordValidationCallback.getUsername();
        char[] password = passwordValidationCallback.getPassword();
        try {
            Security.getSecurityController().logonUser(username, password);
            if (password != null) {
                for (int i = 0; i < password.length; i++) {
                    password[i] = ' ';
                }
            }
            passwordValidationCallback.setResult(true);
        } catch (Exception e) {
            passwordValidationCallback.setResult(false);
        }
    }

    private void processGroupPrincipal(GroupPrincipalCallback groupPrincipalCallback) {
        final Subject subject = groupPrincipalCallback.getSubject();
        final String[] groups = groupPrincipalCallback.getGroups();
        if (groups != null && groups.length > 0) {
            AppservAccessController.doPrivileged(new PrivilegedAction() { // from class: com.apusic.security.jaspic.servlet.ServletContainerProfileCallbackHandler.1
                @Override // java.security.PrivilegedAction
                public Object run() {
                    for (String str : groups) {
                        subject.getPrincipals().add(new GroupImpl(str));
                    }
                    return subject;
                }
            });
        } else if (groups == null) {
            AppservAccessController.doPrivileged(new PrivilegedAction() { // from class: com.apusic.security.jaspic.servlet.ServletContainerProfileCallbackHandler.2
                @Override // java.security.PrivilegedAction
                public Object run() {
                    subject.getPrincipals().removeAll(subject.getPrincipals(GroupImpl.class));
                    return subject;
                }
            });
        }
    }

    private void processCallerPrincipal(CallerPrincipalCallback callerPrincipalCallback) {
        Principal principal = callerPrincipalCallback.getPrincipal();
        final Subject subject = callerPrincipalCallback.getSubject();
        boolean z = false;
        LoginConfig loginConfig = this.webContainer.getWebModule().getLoginConfig();
        String str = null;
        if (loginConfig != null) {
            str = loginConfig.getAuthMethod();
        }
        if (str != null && str.equalsIgnoreCase(LoginConfig.CLIENT_CERT_AUTH)) {
            z = true;
        }
        if (principal == null) {
            principal = callerPrincipalCallback.getName() != null ? z ? new X500Principal(callerPrincipalCallback.getName()) : new PrincipalImpl(callerPrincipalCallback.getName()) : Security.ANONYMOUS;
        }
        if (principal instanceof X500Principal) {
            try {
                Security.getSecurityController().logonUser(null, principal);
            } catch (AuthenticationException e) {
                throw new RuntimeException((Throwable) new AuthException(e.getMessage()));
            } catch (RemoteException e2) {
                throw new RuntimeException((Throwable) new AuthException(e2.getMessage()));
            }
        } else {
            SecurityController securityController = Security.getSecurityController();
            Security.setCurrentUser(Security.SERVER);
            try {
                securityController.impersonate(securityController.getImpersonateToken(principal.getName()));
                Security.setCurrentUser(principal);
            } catch (RemoteException e3) {
                throw new RuntimeException((Throwable) new AuthException(e3.getMessage()));
            }
        }
        if (subject != null) {
            final Principal principal2 = principal;
            AppservAccessController.doPrivileged(new PrivilegedAction() { // from class: com.apusic.security.jaspic.servlet.ServletContainerProfileCallbackHandler.3
                @Override // java.security.PrivilegedAction
                public Object run() {
                    subject.getPrincipals().add(principal2);
                    return subject;
                }
            });
        }
    }
}
