package org.jboss.web.tomcat.security;

import java.io.IOException;
import java.security.Principal;
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpSession;
import org.apache.catalina.Manager;
import org.apache.catalina.Session;
import org.apache.catalina.Wrapper;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.valves.ValveBase;
import org.jboss.logging.Logger;
import org.jboss.metadata.javaee.jboss.RunAsIdentityMetaData;
import org.jboss.metadata.web.jboss.JBossWebMetaData;
import org.jboss.security.AuthenticationManager;
import org.jboss.security.RunAsIdentity;
import org.jboss.security.plugins.JaasSecurityManagerServiceMBean;
import org.jboss.servlet.http.HttpEvent;

/* loaded from: input_file:org/jboss/web/tomcat/security/SecurityAssociationValve.class */
public class SecurityAssociationValve extends ValveBase {
    private static Logger log = Logger.getLogger(SecurityAssociationValve.class);
    public static ThreadLocal<Principal> userPrincipal = new ThreadLocal<>();
    public static ThreadLocal<JBossWebMetaData> activeWebMetaData = new ThreadLocal<>();
    private JBossWebMetaData metaData;
    private JaasSecurityManagerServiceMBean secMgrService;
    private String subjectAttributeName = null;
    private boolean trace = log.isTraceEnabled();

    public SecurityAssociationValve(JBossWebMetaData jBossWebMetaData, JaasSecurityManagerServiceMBean jaasSecurityManagerServiceMBean) {
        this.metaData = jBossWebMetaData;
        this.secMgrService = jaasSecurityManagerServiceMBean;
    }

    public void setSubjectAttributeName(String str) {
        this.subjectAttributeName = str;
        if (str == null || str.length() != 0) {
            return;
        }
        this.subjectAttributeName = null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public void invoke(Request request, Response response) throws IOException, ServletException {
        Context securityNamingContext;
        Session session = null;
        Object principal = request.getPrincipal();
        JBossGenericPrincipal jBossGenericPrincipal = null;
        HttpSession session2 = request.getSession(false);
        if (this.trace) {
            log.trace("Begin invoke, caller=" + principal);
        }
        activeWebMetaData.set(this.metaData);
        Wrapper wrapper = null;
        try {
            try {
                wrapper = request.getWrapper();
                if (wrapper != null) {
                    String name = wrapper.getName();
                    RunAsIdentityMetaData runAsIdentity = this.metaData.getRunAsIdentity(name);
                    RunAsIdentity runAsIdentity2 = null;
                    if (runAsIdentity != null) {
                        if (this.trace) {
                            log.trace(name + ", runAs: " + runAsIdentity);
                        }
                        runAsIdentity2 = new RunAsIdentity(runAsIdentity.getRoleName(), runAsIdentity.getPrincipalName(), runAsIdentity.getRunAsRoles());
                    }
                    SecurityAssociationActions.pushRunAsIdentity(runAsIdentity2);
                }
                userPrincipal.set(principal);
                Manager manager = this.container.getManager();
                if (manager != null && session2 != null) {
                    try {
                        session = manager.findSession(session2.getId());
                    } catch (IOException e) {
                    }
                }
                if (principal != null && (principal instanceof JBossGenericPrincipal)) {
                    jBossGenericPrincipal = (JBossGenericPrincipal) principal;
                } else if (session != null) {
                    jBossGenericPrincipal = (JBossGenericPrincipal) session.getPrincipal();
                }
                if (jBossGenericPrincipal != null) {
                    if (this.trace) {
                        log.trace("Restoring principal info from cache");
                    }
                    SecurityAssociationActions.setPrincipalInfo(jBossGenericPrincipal.getAuthPrincipal(), jBossGenericPrincipal.getCredentials(), jBossGenericPrincipal.getSubject());
                }
                if (this.subjectAttributeName != null && (securityNamingContext = getSecurityNamingContext()) != null) {
                    request.getRequest().setAttribute(this.subjectAttributeName, ((AuthenticationManager) securityNamingContext.lookup("securityMgr")).getActiveSubject());
                }
            } catch (Throwable th) {
                log.debug("Failed to determine servlet", th);
            }
            getNext().invoke(request, response);
            if (wrapper != null) {
                SecurityAssociationActions.popRunAsIdentity();
            }
            if (this.secMgrService != null && session != null && !session.isValid() && this.metaData.isFlushOnSessionInvalidation() && jBossGenericPrincipal != null) {
                String securityDomain = this.metaData.getSecurityDomain();
                if (this.trace) {
                    log.trace("Session is invalid, security domain: " + securityDomain + ", user=" + jBossGenericPrincipal);
                }
                try {
                    this.secMgrService.flushAuthenticationCache(securityDomain, jBossGenericPrincipal.getAuthPrincipal());
                } catch (Exception e2) {
                    log.debug("Failed to flush auth cache", e2);
                }
            }
        } finally {
            if (this.trace) {
                log.trace("End invoke, caller=" + principal);
            }
            activeWebMetaData.set(null);
            userPrincipal.set(null);
        }
    }

    private Context getSecurityNamingContext() {
        Context context = null;
        try {
            context = (Context) new InitialContext().lookup("java:comp/env/security");
        } catch (NamingException e) {
        }
        return context;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public void event(Request request, Response response, HttpEvent httpEvent) throws IOException, ServletException {
        Context securityNamingContext;
        Session session = null;
        Object principal = request.getPrincipal();
        JBossGenericPrincipal jBossGenericPrincipal = null;
        HttpSession session2 = request.getSession(false);
        if (this.trace) {
            log.trace("Begin invoke, caller=" + principal);
        }
        activeWebMetaData.set(this.metaData);
        Wrapper wrapper = null;
        try {
            try {
                wrapper = request.getWrapper();
                if (wrapper != null) {
                    String name = wrapper.getName();
                    RunAsIdentityMetaData runAsIdentity = this.metaData.getRunAsIdentity(name);
                    RunAsIdentity runAsIdentity2 = null;
                    if (runAsIdentity != null) {
                        if (this.trace) {
                            log.trace(name + ", runAs: " + runAsIdentity);
                        }
                        runAsIdentity2 = new RunAsIdentity(runAsIdentity.getRoleName(), runAsIdentity.getPrincipalName(), runAsIdentity.getRunAsRoles());
                    }
                    SecurityAssociationActions.pushRunAsIdentity(runAsIdentity2);
                }
                userPrincipal.set(principal);
                Manager manager = this.container.getManager();
                if (manager != null && session2 != null) {
                    try {
                        session = manager.findSession(session2.getId());
                    } catch (IOException e) {
                    }
                }
                if (principal != null && (principal instanceof JBossGenericPrincipal)) {
                    jBossGenericPrincipal = (JBossGenericPrincipal) principal;
                } else if (session != null) {
                    jBossGenericPrincipal = (JBossGenericPrincipal) session.getPrincipal();
                }
                if (jBossGenericPrincipal != null) {
                    if (this.trace) {
                        log.trace("Restoring principal info from cache");
                    }
                    SecurityAssociationActions.setPrincipalInfo(jBossGenericPrincipal.getAuthPrincipal(), jBossGenericPrincipal.getCredentials(), jBossGenericPrincipal.getSubject());
                }
                if (this.subjectAttributeName != null && (securityNamingContext = getSecurityNamingContext()) != null) {
                    request.getRequest().setAttribute(this.subjectAttributeName, ((AuthenticationManager) securityNamingContext.lookup("securityMgr")).getActiveSubject());
                }
            } catch (Throwable th) {
                log.debug("Failed to determine servlet", th);
            }
            getNext().event(request, response, httpEvent);
            if (wrapper != null) {
                SecurityAssociationActions.popRunAsIdentity();
            }
            if (this.secMgrService != null && session != null && !session.isValid() && this.metaData.isFlushOnSessionInvalidation() && jBossGenericPrincipal != null) {
                String securityDomain = this.metaData.getSecurityDomain();
                if (this.trace) {
                    log.trace("Session is invalid, security domain: " + securityDomain + ", user=" + jBossGenericPrincipal);
                }
                try {
                    this.secMgrService.flushAuthenticationCache(securityDomain, jBossGenericPrincipal.getAuthPrincipal());
                } catch (Exception e2) {
                    log.debug("Failed to flush auth cache", e2);
                }
            }
        } finally {
            if (this.trace) {
                log.trace("End invoke, caller=" + principal);
            }
            activeWebMetaData.set(null);
            userPrincipal.set(null);
        }
    }
}
