package com.apusic.security;

import com.apusic.corba.ORBManager;
import com.apusic.corba.ORBService;
import com.apusic.corba.ee.spi.misc.ORBConstants;
import com.apusic.deploy.runtime.Tags;
import com.apusic.management.J2EEManagedObject;
import com.apusic.net.MuxProtocolHandler;
import com.apusic.net.Muxer;
import com.apusic.security.config.RealmConfig;
import com.apusic.security.config.SecurityConfig;
import com.apusic.security.jacc.PolicyContextHandlerImpl;
import com.apusic.security.realm.PasswordCredential2;
import com.apusic.security.realm.SecurityRealm;
import com.apusic.server.Config;
import com.apusic.service.Service;
import com.apusic.util.StringManager;
import com.apusic.util.Utils;
import com.apusic.xml.reader.ScanException;
import com.apusic.xml.writer.XmlWriter;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.net.Socket;
import java.security.Policy;
import java.util.concurrent.ConcurrentMap;
import javax.management.InstanceAlreadyExistsException;
import javax.management.MBeanException;
import javax.management.MBeanRegistrationException;
import javax.management.MBeanServer;
import javax.management.MalformedObjectNameException;
import javax.management.NotCompliantMBeanException;
import javax.management.ObjectName;
import javax.management.RuntimeErrorException;
import javax.management.RuntimeMBeanException;
import javax.rmi.CORBA.Util;
import javax.security.jacc.PolicyContext;
import javax.security.jacc.PolicyContextHandler;
import org.omg.CORBA.ORB;
import org.omg.PortableServer.IdAssignmentPolicyValue;
import org.omg.PortableServer.LifespanPolicyValue;
import org.omg.PortableServer.POA;
import org.omg.PortableServer.POAManager;
import org.omg.PortableServer.ServantRetentionPolicyValue;

/* loaded from: input_file:com/apusic/security/SecurityService.class */
public class SecurityService extends Service implements SecurityServiceMBean, MuxProtocolHandler {
    private MasterSecurityControllerImpl msc;
    private String clientRootCA;
    private boolean krb5Enabled;
    private String krb5Principal;
    private String krb5Password;
    private SecurityConfig config;
    private ConcurrentMap<String, SecurityRealm> contexts;
    private static final String LOGIN_CONFIG_PROP = "java.security.auth.login.config";
    private static final String POLICY_PROVIDER_PROP = "javax.security.jacc.policy.provider";
    private static final String POLICY_CONF_FACTORY_PROP = "javax.security.jacc.PolicyConfigurationFactory.provider";
    private static final String SECURITY_CONFIG_FILE = "config/security.xml";
    private static final String TMP_CONFIG_FILE = "config/security.tmp";
    public static final String SERVICE_NAME = "Security";
    public static final ObjectName OBJECT_NAME = createServiceName(SERVICE_NAME);
    private static StringManager sm = StringManager.getManager();

    public SecurityService() {
        super(SERVICE_NAME);
        this.msc = null;
        this.clientRootCA = null;
        this.krb5Enabled = false;
        this.krb5Principal = null;
        this.krb5Password = null;
        this.contexts = Utils.concurrentMap();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.apusic.service.Service, com.apusic.management.J2EEManagedObject
    public ObjectName getObjectName(MBeanServer mBeanServer, ObjectName objectName) {
        return OBJECT_NAME;
    }

    @Override // com.apusic.security.SecurityServiceMBean
    public String getClientRootCA() {
        return this.clientRootCA;
    }

    @Override // com.apusic.security.SecurityServiceMBean
    public void setClientRootCA(String str) {
        String str2 = this.clientRootCA;
        this.clientRootCA = str;
        sendAttributeChangeNotification("ClientRootCA", "java.lang.String", str2, str);
    }

    @Override // com.apusic.security.SecurityServiceMBean
    public boolean isKrb5Enabled() {
        return this.krb5Enabled;
    }

    @Override // com.apusic.security.SecurityServiceMBean
    public void setKrb5Enabled(boolean z) {
        boolean z2 = this.krb5Enabled;
        this.krb5Enabled = z;
        sendAttributeChangeNotification("KerberosEnabled", "java.lang.Boolean", new Boolean(z2), new Boolean(z));
    }

    @Override // com.apusic.security.SecurityServiceMBean
    public String getKrb5Principal() {
        return this.krb5Principal;
    }

    @Override // com.apusic.security.SecurityServiceMBean
    public void setKrb5Principal(String str) {
        String str2 = this.krb5Principal;
        this.krb5Principal = str;
        sendAttributeChangeNotification("Krb5Principal", "java.lang.String", str2, str);
    }

    @Override // com.apusic.security.SecurityServiceMBean
    public String getKrb5Password() {
        return this.krb5Password;
    }

    @Override // com.apusic.security.SecurityServiceMBean
    public void setKrb5Password(String str) {
        this.krb5Password = str;
        sendAttributeChangeNotification("Krb5Password", "java.lang.String", null, null);
    }

    @Override // com.apusic.security.SecurityServiceMBean
    public void refresh() {
        Policy.getPolicy().refresh();
    }

    @Override // com.apusic.service.Service
    protected void initService() throws Exception {
        if (this.servicePriority == null) {
            this.servicePriority = Service.PRIORITY_LOW;
        }
    }

    @Override // com.apusic.service.Service
    protected void startService() throws Exception {
        initializeLoginConfig();
        initializePolicyConfigurationProvider();
        initializeSecurityController();
        loadConfig();
        MBeanServer mBeanServer = getMBeanServer();
        for (ObjectName objectName : getSecurityRealms()) {
            try {
                mBeanServer.invoke(objectName, Tags.START, new Object[0], new String[0]);
            } catch (RuntimeMBeanException e) {
                this.log.error(sm.get("START_SECURITY_REALM_FAILED", objectName), e.getTargetException());
            } catch (MBeanException e2) {
                this.log.error(sm.get("START_SECURITY_REALM_FAILED", objectName), e2.getTargetException());
            } catch (RuntimeErrorException e3) {
                this.log.error(sm.get("START_SECURITY_REALM_FAILED", objectName), e3.getTargetError());
            } catch (Exception e4) {
                this.log.error(sm.get("START_SECURITY_REALM_FAILED", objectName), e4);
            }
        }
    }

    private ObjectName[] getSecurityRealms() {
        return findObjectNames(J2EEManagedObject.J2EE_DOMAIN, "j2eeType=SecurityRealm");
    }

    public SecurityRealm getSecurityRealm(String str) {
        SecurityRealm securityRealm = this.contexts.get(str);
        if (securityRealm != null) {
            return securityRealm;
        }
        synchronized (SecurityService.class) {
            SecurityRealm securityRealm2 = this.contexts.get(str);
            if (securityRealm2 != null) {
                return securityRealm2;
            }
            reLoadConfig();
            return this.contexts.get(str);
        }
    }

    private void loadConfig() throws Exception {
        File file = Config.getFile(SECURITY_CONFIG_FILE);
        if (file.exists() && file.isFile()) {
            this.config = new SecurityConfig(file);
        } else {
            this.config = new SecurityConfig();
        }
        for (RealmConfig realmConfig : this.config.getRealmConfigs()) {
            SecurityRealm securityRealm = new SecurityRealm(this, realmConfig);
            this.contexts.put(securityRealm.getRealmName(), securityRealm);
            getMBeanServer().registerMBean(securityRealm, (ObjectName) null);
        }
    }

    private void reLoadConfig() {
        try {
            File file = Config.getFile(SECURITY_CONFIG_FILE);
            this.contexts = Utils.concurrentMap();
            if (file.exists() && file.isFile()) {
                this.config = new SecurityConfig(file);
            } else {
                this.config = new SecurityConfig();
            }
            for (RealmConfig realmConfig : this.config.getRealmConfigs()) {
                SecurityRealm securityRealm = new SecurityRealm(this, realmConfig);
                this.contexts.put(securityRealm.getRealmName(), securityRealm);
                if (!getMBeanServer().isRegistered(new ObjectName("j2ee:name=" + securityRealm.getRealmName() + ",j2eeType=SecurityRealm,Service=Security"))) {
                    getMBeanServer().registerMBean(securityRealm, (ObjectName) null);
                }
            }
        } catch (IOException e) {
            e.printStackTrace();
        } catch (NotCompliantMBeanException e2) {
            e2.printStackTrace();
        } catch (ScanException e3) {
            e3.printStackTrace();
        } catch (InstanceAlreadyExistsException e4) {
            e4.printStackTrace();
        } catch (MBeanRegistrationException e5) {
            e5.printStackTrace();
        } catch (MalformedObjectNameException e6) {
            e6.printStackTrace();
        }
    }

    private void saveConfig() throws IOException {
        File file = Config.getFile(TMP_CONFIG_FILE);
        XmlWriter xmlWriter = null;
        try {
            xmlWriter = new XmlWriter(new OutputStreamWriter(new FileOutputStream(file), "UTF-8"));
            xmlWriter.writeXmlDeclaration("UTF-8");
            this.config.writeXml(xmlWriter);
            xmlWriter.close();
            File file2 = Config.getFile(SECURITY_CONFIG_FILE);
            file2.delete();
            file.renameTo(file2);
        } catch (IOException e) {
            if (xmlWriter != null) {
                xmlWriter.close();
                file.delete();
            }
            throw e;
        }
    }

    private void initializeLoginConfig() {
        if (System.getProperty(LOGIN_CONFIG_PROP) == null) {
            File file = Config.getFile("config/auth.cfg");
            if (file.exists()) {
                System.setProperty(LOGIN_CONFIG_PROP, file.getPath());
            }
        }
    }

    private void initializePolicyConfigurationProvider() throws Exception {
        String property = System.getProperty(POLICY_PROVIDER_PROP);
        if (property == null) {
            property = "com.apusic.security.jacc.ServerPolicy";
        }
        Policy policy = (Policy) Class.forName(property).newInstance();
        Policy.setPolicy(policy);
        policy.refresh();
        if (System.getProperty(POLICY_CONF_FACTORY_PROP) == null) {
            System.setProperty(POLICY_CONF_FACTORY_PROP, "com.apusic.security.jacc.PolicyConfigurationFactoryImpl");
        }
        PolicyContextHandler policyContextHandlerImpl = PolicyContextHandlerImpl.getInstance();
        PolicyContext.registerHandler(PolicyContextHandlerImpl.CONTAINER_SUBJECT, policyContextHandlerImpl, true);
        PolicyContext.registerHandler(PolicyContextHandlerImpl.SOAP_MESSAGE, policyContextHandlerImpl, true);
        PolicyContext.registerHandler(PolicyContextHandlerImpl.HTTP_SERVLET_REQUEST, policyContextHandlerImpl, true);
        PolicyContext.registerHandler(PolicyContextHandlerImpl.ENTERPRISE_BEAN, policyContextHandlerImpl, true);
        PolicyContext.registerHandler(PolicyContextHandlerImpl.EJB_ARGUMENTS, policyContextHandlerImpl, true);
    }

    private void initializeSecurityController() throws Exception {
        Muxer muxer = Muxer.getMuxer();
        String host = muxer.getHost();
        int port = muxer.getPort();
        ORB orb = ORBManager.getORB();
        POA resolve_initial_references = orb.resolve_initial_references(ORBConstants.ROOT_POA_NAME);
        POA create_POA = resolve_initial_references.create_POA("SecurityService", (POAManager) null, new org.omg.CORBA.Policy[]{resolve_initial_references.create_lifespan_policy(LifespanPolicyValue.TRANSIENT), resolve_initial_references.create_id_assignment_policy(IdAssignmentPolicyValue.SYSTEM_ID), resolve_initial_references.create_servant_retention_policy(ServantRetentionPolicyValue.RETAIN)});
        create_POA.the_POAManager().activate();
        this.msc = new MasterSecurityControllerImpl(this, host, port);
        ORBService.getInstance().registerInitialService("SecurityService", create_POA.id_to_reference(create_POA.activate_object(Util.getTie(this.msc))));
        ((SecurityControllerImpl) orb.resolve_initial_references("SecurityController")).postInit(this.msc);
        muxer.registerProtocolHandler("auth", this);
    }

    @Override // com.apusic.service.Service
    protected void stopService() throws Exception {
    }

    public Object localLogin(String str, String str2, String str3) throws AuthenticationException {
        if (str == null) {
            str = Security.getDefaultRealm();
        }
        PrincipalImpl principalImpl = new PrincipalImpl(str2, str);
        Object findUser = SecurityRealm.getRealm(str).findUser(str2);
        if (findUser == null) {
            this.log.notice(str2 + ": FAILED LOGON");
            throw new FailedAuthenticationException();
        }
        if (!(findUser instanceof User)) {
            this.log.notice("Not supported authentication provider.Realm[" + str + "]");
            throw new FailedAuthenticationException();
        }
        User user = (User) findUser;
        if (user.isDisabled()) {
            this.log.notice(str2 + ": LOGON DISABLED");
            throw new AccountDisabledException();
        }
        if (!user.getPassword().equals(new Password(str3))) {
            throw new FailedAuthenticationException();
        }
        if (user.getPassword().isExpired(Long.MAX_VALUE)) {
            this.log.notice(str2 + ": Credential expired");
            if (!user.getUserid().equals(Security.ADMIN.getName())) {
                throw new CredentialExpiredException();
            }
        }
        this.log.notice(str2 + "[realm:" + str + "] : LOGON FROM LOCAL");
        return new SecurityContext(this.msc.createAccessToken(str2, principalImpl, ""), new PasswordCredential2(user.getUserid(), str3.toCharArray()));
    }

    @Override // com.apusic.net.MuxProtocolHandler
    public void handleConnection(String str, Socket socket) {
        try {
            try {
                new ServerAuthenticator(this.msc, this.log, socket).service();
            } catch (Exception e) {
                this.log.error("Error processing authentication request", e);
                try {
                    socket.close();
                } catch (Exception e2) {
                }
            }
        } finally {
            try {
                socket.close();
            } catch (Exception e3) {
            }
        }
    }

    public String getDefaultRealm() {
        return this.config.getDefaultRealm();
    }
}
