package org.glassfish.soteria.authorization.spi.impl;

import com.sun.messaging.jmq.jmsserver.auth.usermgr.UserInfo;
import jakarta.ejb.EJBContext;
import jakarta.security.enterprise.CallerPrincipal;
import jakarta.security.jacc.PolicyContext;
import jakarta.security.jacc.PolicyContextException;
import jakarta.servlet.http.HttpServletRequest;
import java.lang.reflect.InvocationHandler;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.lang.reflect.Proxy;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import javax.security.auth.Subject;
import org.glassfish.soteria.authorization.EJB;
import org.glassfish.soteria.authorization.JACC;

/* loaded from: input_file:org/glassfish/soteria/authorization/spi/impl/SubjectParser.class */
public class SubjectParser {
    private static Object geronimoPolicyConfigurationFactoryInstance;
    private static ConcurrentMap<String, Map<Principal, Set<String>>> geronimoContextToRoleMapping;
    private boolean isJboss;
    private boolean isLiberty;
    private boolean oneToOneMapping;
    private Map<String, List<String>> groupToRoles = new HashMap();
    private boolean anyAuthenticatedUserRoleMapped = false;

    public static void onFactoryCreated() {
        tryInitGeronimo();
    }

    private static void tryInitGeronimo() {
        try {
            geronimoPolicyConfigurationFactoryInstance = Class.forName(className("org.apache.geronimo.security.jacc.mappingprovider.GeronimoPolicyConfiguration")).newInstance();
            geronimoContextToRoleMapping = new ConcurrentHashMap();
        } catch (Exception e) {
        }
    }

    public static void onPolicyConfigurationCreated(final String str) {
        if (geronimoPolicyConfigurationFactoryInstance != null) {
            try {
                Class<?> cls = Class.forName(className("org.apache.geronimo.security.jacc.mappingprovider.GeronimoPolicyConfiguration"));
                Class.forName(className("org.apache.geronimo.security.jacc.mappingprovider.GeronimoPolicyConfigurationFactory")).getMethod("setPolicyConfiguration", String.class, cls).invoke(geronimoPolicyConfigurationFactoryInstance, str, Proxy.newProxyInstance(SubjectParser.class.getClassLoader(), new Class[]{cls}, new InvocationHandler() { // from class: org.glassfish.soteria.authorization.spi.impl.SubjectParser.1
                    @Override // java.lang.reflect.InvocationHandler
                    public Object invoke(Object obj, Method method, Object[] objArr) throws Throwable {
                        if (!method.getName().equals("setPrincipalRoleMapping")) {
                            return null;
                        }
                        SubjectParser.geronimoContextToRoleMapping.put(str, (Map) objArr[0]);
                        return null;
                    }
                }));
            } catch (ClassNotFoundException | IllegalAccessException | IllegalArgumentException | NoSuchMethodException | SecurityException | InvocationTargetException e) {
            }
        }
    }

    public SubjectParser(String str, Collection<String> collection) {
        if (tryGlassFish(str, collection) || tryJBoss() || tryLiberty() || tryWebLogic(str, collection) || tryGeronimo(str, collection)) {
            return;
        }
        this.oneToOneMapping = true;
    }

    public List<String> getMappedRolesFromPrincipals(Principal[] principalArr) {
        return getMappedRolesFromPrincipals(Arrays.asList(principalArr));
    }

    public boolean isAnyAuthenticatedUserRoleMapped() {
        return this.anyAuthenticatedUserRoleMapped;
    }

    public Principal getCallerPrincipalFromPrincipals(Iterable<Principal> iterable) {
        if (!this.isJboss) {
            return doGetCallerPrincipalFromPrincipals(iterable);
        }
        try {
            Subject subject = (Subject) PolicyContext.getContext(JACC.SUBJECT_CONTAINER_KEY);
            if (subject == null) {
                return null;
            }
            return doGetCallerPrincipalFromPrincipals(subject.getPrincipals());
        } catch (PolicyContextException e) {
            return null;
        }
    }

    public List<String> getMappedRolesFromPrincipals(Iterable<Principal> iterable) {
        List<String> list = null;
        if (this.isLiberty || this.isJboss) {
            try {
                Subject subject = (Subject) PolicyContext.getContext(JACC.SUBJECT_CONTAINER_KEY);
                if (subject == null) {
                    return Collections.emptyList();
                }
                if (this.isLiberty) {
                    Set privateCredentials = subject.getPrivateCredentials(Hashtable.class);
                    if (privateCredentials != null && !privateCredentials.isEmpty()) {
                        list = (List) ((Hashtable) privateCredentials.iterator().next()).get("com.ibm.wsspi.security.cred.groups");
                    }
                } else {
                    list = getGroupsFromPrincipals(subject.getPrincipals());
                }
            } catch (Exception e) {
                e.printStackTrace();
            }
        } else {
            list = getGroupsFromPrincipals(iterable);
        }
        return mapGroupsToRoles(list);
    }

    private List<String> mapGroupsToRoles(List<String> list) {
        if (this.oneToOneMapping) {
            return list;
        }
        ArrayList arrayList = new ArrayList();
        for (String str : list) {
            if (this.groupToRoles.containsKey(str)) {
                arrayList.addAll(this.groupToRoles.get(str));
            }
        }
        return arrayList;
    }

    private boolean tryJBoss() {
        try {
            Class.forName(className("org.jboss.as.security.service.JaccService"), false, Thread.currentThread().getContextClassLoader());
            this.isJboss = true;
            this.oneToOneMapping = true;
            return true;
        } catch (Exception e) {
            return false;
        }
    }

    private boolean tryLiberty() {
        this.isLiberty = System.getProperty("wlp.server.name") != null;
        this.oneToOneMapping = true;
        return this.isLiberty;
    }

    private boolean tryGlassFish(String str, Collection<String> collection) {
        try {
            Class<?> cls = Class.forName(className("org.glassfish.deployment.common.SecurityRoleMapperFactory"));
            Map map = (Map) Class.forName(className("org.glassfish.deployment.common.SecurityRoleMapper")).getMethod("getRoleToSubjectMapping", new Class[0]).invoke(cls.getMethod("getRoleMapper", String.class).invoke(Class.forName(className(className("org.glassfish.internal.api.Globals"))).getMethod("get", cls.getClass()).invoke(null, cls), str), new Object[0]);
            for (String str2 : collection) {
                if (map.containsKey(str2)) {
                    List<String> groupsFromPrincipals = getGroupsFromPrincipals(((Subject) map.get(str2)).getPrincipals());
                    for (String str3 : groupsFromPrincipals) {
                        if (!this.groupToRoles.containsKey(str3)) {
                            this.groupToRoles.put(str3, new ArrayList());
                        }
                        this.groupToRoles.get(str3).add(str2);
                    }
                    if ("**".equals(str2) && !groupsFromPrincipals.isEmpty()) {
                        this.anyAuthenticatedUserRoleMapped = true;
                    }
                }
            }
            return true;
        } catch (ClassNotFoundException | IllegalAccessException | IllegalArgumentException | NoSuchMethodException | SecurityException | InvocationTargetException e) {
            return false;
        }
    }

    private boolean tryWebLogic(String str, Collection<String> collection) {
        try {
            Class<?> cls = Class.forName(className("weblogic.security.jacc.RoleMapperFactory"));
            Map map = (Map) Class.forName(className("weblogic.security.jacc.simpleprovider.RoleMapperImpl")).getMethod("getRolesToPrincipalNames", new Class[0]).invoke(cls.getMethod("getRoleMapperForContextID", String.class).invoke(cls.getMethod("getRoleMapperFactory", new Class[0]).invoke(null, new Object[0]), str), new Object[0]);
            for (String str2 : collection) {
                if (map.containsKey(str2)) {
                    List asList = Arrays.asList((String[]) map.get(str2));
                    for (String str3 : (String[]) map.get(str2)) {
                        if (!this.groupToRoles.containsKey(str3)) {
                            this.groupToRoles.put(str3, new ArrayList());
                        }
                        this.groupToRoles.get(str3).add(str2);
                    }
                    if ("**".equals(str2) && !asList.isEmpty()) {
                        this.anyAuthenticatedUserRoleMapped = true;
                    }
                }
            }
            return true;
        } catch (ClassNotFoundException | IllegalAccessException | IllegalArgumentException | NoSuchMethodException | SecurityException | InvocationTargetException e) {
            return false;
        }
    }

    private boolean tryGeronimo(String str, Collection<String> collection) {
        if (geronimoContextToRoleMapping == null) {
            return false;
        }
        if (!geronimoContextToRoleMapping.containsKey(str)) {
            return true;
        }
        for (Map.Entry<Principal, Set<String>> entry : geronimoContextToRoleMapping.get(str).entrySet()) {
            for (String str2 : principalToGroups(entry.getKey())) {
                if (!this.groupToRoles.containsKey(str2)) {
                    this.groupToRoles.put(str2, new ArrayList());
                }
                this.groupToRoles.get(str2).addAll(entry.getValue());
                if (entry.getValue().contains("**")) {
                    this.anyAuthenticatedUserRoleMapped = true;
                }
            }
        }
        return true;
    }

    public List<String> getGroupsFromPrincipals(Iterable<Principal> iterable) {
        ArrayList arrayList = new ArrayList();
        Iterator<Principal> it = iterable.iterator();
        while (it.hasNext() && !principalToGroups(it.next(), arrayList)) {
        }
        return arrayList;
    }

    public List<String> principalToGroups(Principal principal) {
        ArrayList arrayList = new ArrayList();
        principalToGroups(principal, arrayList);
        return arrayList;
    }

    private Principal doGetCallerPrincipalFromPrincipals(Iterable<Principal> iterable) {
        try {
            return ((HttpServletRequest) JACC.getFromContext("jakarta.servlet.http.HttpServletRequest")).getUserPrincipal();
        } catch (Exception e) {
            EJBContext eJBContext = EJB.getEJBContext();
            if (eJBContext != null) {
                return getVendorCallerPrincipal(eJBContext.getCallerPrincipal(), true);
            }
            Iterator<Principal> it = iterable.iterator();
            while (it.hasNext()) {
                Principal vendorCallerPrincipal = getVendorCallerPrincipal(it.next(), false);
                if (vendorCallerPrincipal != null) {
                    return vendorCallerPrincipal;
                }
            }
            return null;
        }
    }

    private Principal getVendorCallerPrincipal(Principal principal, boolean z) {
        String name = principal.getClass().getName();
        boolean z2 = -1;
        switch (name.hashCode()) {
            case 1113935551:
                if (name.equals("weblogic.security.principal.WLSUserImpl")) {
                    z2 = true;
                    break;
                }
                break;
            case 1349982421:
                if (name.equals("org.glassfish.security.common.PrincipalImpl")) {
                    z2 = false;
                    break;
                }
                break;
            case 1534694223:
                if (name.equals("org.jboss.security.SimplePrincipal")) {
                    z2 = 3;
                    break;
                }
                break;
            case 1812212355:
                if (name.equals("org.apache.tomee.catalina.TomcatSecurityService$TomcatUser")) {
                    z2 = 5;
                    break;
                }
                break;
            case 1848903164:
                if (name.equals("com.ibm.ws.security.authentication.principals.WSPrincipal")) {
                    z2 = 2;
                    break;
                }
                break;
            case 1877266976:
                if (name.equals("org.jboss.security.SimpleGroup")) {
                    z2 = 4;
                    break;
                }
                break;
        }
        switch (z2) {
            case false:
                return getAuthenticatedPrincipal(principal, "ANONYMOUS", z);
            case true:
                return getAuthenticatedPrincipal(principal, "<anonymous>", z);
            case true:
                return getAuthenticatedPrincipal(principal, "UNAUTHENTICATED", z);
            case true:
                return getAuthenticatedPrincipal(principal, UserInfo.ROLE_ANON, z);
            case true:
                if (principal.getName().equals("CallerPrincipal") && principal.getClass().getName().equals("org.jboss.security.SimpleGroup")) {
                    Enumeration enumeration = null;
                    try {
                        enumeration = (Enumeration) Class.forName(className("org.jboss.security.SimpleGroup")).getMethod("members", new Class[0]).invoke(principal, new Object[0]);
                    } catch (Exception e) {
                    }
                    if (enumeration != null && enumeration.hasMoreElements()) {
                        return getAuthenticatedPrincipal((Principal) enumeration.nextElement(), UserInfo.ROLE_ANON, z);
                    }
                }
                break;
            case true:
                try {
                    return getAuthenticatedPrincipal((Principal) Class.forName(className("org.apache.catalina.realm.GenericPrincipal")).getMethod("getUserPrincipal", new Class[0]).invoke(Class.forName(className("org.apache.tomee.catalina.TomcatSecurityService$TomcatUser")).getMethod("getTomcatPrincipal", new Class[0]).invoke(principal, new Object[0]), new Object[0]), "guest", z);
                } catch (Exception e2) {
                    break;
                }
        }
        if (CallerPrincipal.class.isAssignableFrom(principal.getClass())) {
            return principal;
        }
        return null;
    }

    private Principal getAuthenticatedPrincipal(Principal principal, String str, boolean z) {
        if (z && str.equals(principal.getName())) {
            return null;
        }
        return principal;
    }

    public boolean principalToGroups(Principal principal, List<String> list) {
        String name = principal.getClass().getName();
        boolean z = -1;
        switch (name.hashCode()) {
            case -1630056053:
                if (name.equals("weblogic.security.principal.WLSGroupImpl")) {
                    z = 2;
                    break;
                }
                break;
            case -1597118746:
                if (name.equals("org.glassfish.security.common.Group")) {
                    z = false;
                    break;
                }
                break;
            case -848240842:
                if (name.equals("jeus.security.resource.GroupPrincipalImpl")) {
                    z = 3;
                    break;
                }
                break;
            case -290337664:
                if (name.equals("org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal")) {
                    z = true;
                    break;
                }
                break;
            case 1812212355:
                if (name.equals("org.apache.tomee.catalina.TomcatSecurityService$TomcatUser")) {
                    z = 5;
                    break;
                }
                break;
            case 1877266976:
                if (name.equals("org.jboss.security.SimpleGroup")) {
                    z = 4;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
            case true:
            case true:
            case true:
                list.add(principal.getName());
                return false;
            case true:
                if (principal.getName().equals("Roles") && principal.getClass().getName().equals("org.jboss.security.SimpleGroup")) {
                    try {
                        Iterator it = Collections.list((Enumeration) Class.forName(className("org.jboss.security.SimpleGroup")).getMethod("members", new Class[0]).invoke(principal, new Object[0])).iterator();
                        while (it.hasNext()) {
                            list.add(((Principal) it.next()).getName());
                        }
                        return true;
                    } catch (Exception e) {
                        return true;
                    }
                }
                break;
            case true:
                break;
            default:
                return false;
        }
        try {
            list.addAll(Arrays.asList((String[]) Class.forName(className("org.apache.catalina.realm.GenericPrincipal")).getMethod("getRoles", new Class[0]).invoke(Class.forName(className("org.apache.tomee.catalina.TomcatSecurityService$TomcatUser")).getMethod("getTomcatPrincipal", new Class[0]).invoke(principal, new Object[0]), new Object[0])));
            return false;
        } catch (Exception e2) {
            return false;
        }
    }

    private static String className(String str) {
        return geronimoPolicyConfigurationFactoryInstance == "cannotbetrue" ? "" : str;
    }
}
