package com.sun.enterprise.iiop.security;

import com.sun.corba.ee.spi.ior.IOR;
import com.sun.corba.ee.spi.presentation.rmi.StubAdapter;
import com.sun.enterprise.common.iiop.security.SecurityContext;
import com.sun.enterprise.security.CORBAObjectPermission;
import com.sun.enterprise.security.auth.WebAndEjbToJaasBridge;
import com.sun.enterprise.security.common.AppservAccessController;
import com.sun.logging.LogDomains;
import java.net.MalformedURLException;
import java.net.Socket;
import java.net.URL;
import java.security.CodeSource;
import java.security.Policy;
import java.security.Principal;
import java.security.ProtectionDomain;
import java.security.cert.Certificate;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.inject.Inject;
import javax.inject.Singleton;
import javax.security.auth.Subject;
import org.glassfish.enterprise.iiop.api.GlassFishORBHelper;
import org.glassfish.enterprise.iiop.api.ProtocolManager;
import org.glassfish.hk2.api.PostConstruct;
import org.jvnet.hk2.annotations.Service;
import org.omg.CORBA.Object;

@Singleton
@Service
/* loaded from: input_file:MICRO-INF/runtime/ejb.security-5.2020.2.jar:com/sun/enterprise/iiop/security/SecurityContextUtil.class */
public class SecurityContextUtil implements PostConstruct {
    public static final int STATUS_PASSED = 0;
    public static final int STATUS_FAILED = 1;
    public static final int STATUS_RETRY = 2;
    private static Logger _logger = LogDomains.getLogger(SecurityContextUtil.class, "javax.enterprise.system.core.security");
    private static String IS_A = "_is_a";
    private Policy policy;

    @Inject
    private GlassFishORBHelper orbHelper;

    @Inject
    private SecurityMechanismSelector securityMechanismSelector;

    @Override // org.glassfish.hk2.api.PostConstruct
    public void postConstruct() {
        AppservAccessController.privilegedAlways(() -> {
            Policy policy = Policy.getPolicy();
            this.policy = policy;
            return policy;
        });
    }

    public SecurityContext getSecurityContext(Object object) throws InvalidMechanismException, InvalidIdentityTokenException {
        IOR ior = this.orbHelper.getORB().getIOR(object, false);
        if (StubAdapter.isStub(object) && StubAdapter.isLocal(object)) {
            ConnectionExecutionContext.setClientThreadID(Long.valueOf(Thread.currentThread().getId()));
            return null;
        }
        try {
            return this.securityMechanismSelector.selectSecurityContext(ior);
        } catch (InvalidIdentityTokenException e) {
            _logger.log(Level.SEVERE, "iiop.invalididtoken_exception", (Throwable) e);
            throw new InvalidIdentityTokenException(e.getMessage());
        } catch (InvalidMechanismException e2) {
            _logger.log(Level.SEVERE, "iiop.invalidmechanism_exception", (Throwable) e2);
            throw new InvalidMechanismException(e2.getMessage());
        } catch (SecurityMechanismException e3) {
            _logger.log(Level.SEVERE, "iiop.secmechanism_exception", (Throwable) e3);
            throw new RuntimeException(e3.getMessage());
        }
    }

    public static void receivedReply(int i, Object object) {
        if (i == 1) {
            _logger.log(Level.FINE, "Failed status");
            throw new RuntimeException("Target did not accept security context");
        }
        if (i == 2) {
            _logger.log(Level.FINE, "Retry status");
        } else {
            _logger.log(Level.FINE, "Passed status");
        }
    }

    public int setSecurityContext(SecurityContext securityContext, byte[] bArr, String str, Socket socket) {
        _logger.log(Level.FINE, "ABOUT TO EVALUATE TRUST");
        try {
            SecurityContext evaluateTrust = this.securityMechanismSelector.evaluateTrust(securityContext, bArr, socket);
            if (evaluateTrust == null) {
                return 0;
            }
            authenticate(evaluateTrust.getSubject(), evaluateTrust.getCredentialClass());
            return authorizeCORBA(bArr, str) ? 0 : 1;
        } catch (Exception e) {
            if (str.equals(IS_A)) {
                return 1;
            }
            if (_logger.isLoggable(Level.FINE)) {
                _logger.log(Level.FINE, "iiop.authenticate_exception", e.toString());
            }
            _logger.log(Level.FINE, "Authentication Exception", (Throwable) e);
            return 1;
        }
    }

    private void authenticate(Subject subject, Class<?> cls) throws SecurityMechanismException {
        try {
            AppservAccessController.privilegedAlways(() -> {
                WebAndEjbToJaasBridge.login(subject, cls);
            });
        } catch (Exception e) {
            if (_logger.isLoggable(Level.SEVERE)) {
                _logger.log(Level.SEVERE, "iiop.login_exception", e.toString());
            }
            _logger.log(Level.FINE, "Login Exception", (Throwable) e);
            throw new SecurityMechanismException("Cannot login user:" + e.getMessage());
        }
    }

    private boolean authorizeCORBA(byte[] bArr, String str) throws Exception {
        ProtocolManager protocolManager = this.orbHelper.getProtocolManager();
        if (protocolManager == null || protocolManager.getEjbDescriptor(bArr) != null) {
            return true;
        }
        boolean implies = this.policy.implies(createPrincipalDomain(getPrincipalArray(com.sun.enterprise.security.SecurityContext.getCurrent())), new CORBAObjectPermission("*", str));
        if (_logger.isLoggable(Level.FINE)) {
            _logger.log(Level.FINE, "CORBA Object permission evaluation result=" + implies + " for method=" + str);
        }
        return implies;
    }

    private ProtectionDomain createPrincipalDomain(Principal[] principalArr) throws MalformedURLException {
        return new ProtectionDomain(new CodeSource(new URL("file://"), (Certificate[]) null), null, null, principalArr);
    }

    private Principal[] getPrincipalArray(com.sun.enterprise.security.SecurityContext securityContext) {
        Set<Principal> principalSet = securityContext.getPrincipalSet();
        if (principalSet == null) {
            return null;
        }
        return (Principal[]) principalSet.toArray(new Principal[principalSet.size()]);
    }

    public void sendingReply(SecurityContext securityContext) {
    }

    public static void unsetSecurityContext(boolean z) {
        if (z) {
            return;
        }
        com.sun.enterprise.security.SecurityContext.setCurrent(null);
    }
}
