package org.apache.catalina.realm;

import java.lang.reflect.InvocationTargetException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.Principal;
import java.util.ArrayList;
import java.util.List;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.AccountExpiredException;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.CredentialExpiredException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.servlet.http.HttpServletRequest;
import org.apache.catalina.Container;
import org.apache.catalina.LifecycleException;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.ExceptionUtils;

/* loaded from: input_file:WEB-INF/lib/tomcat-embed-core-9.0.62.jar:org/apache/catalina/realm/JAASRealm.class */
public class JAASRealm extends RealmBase {
    private static final Log log = LogFactory.getLog((Class<?>) JAASRealm.class);
    protected String configFile;
    protected volatile Configuration jaasConfiguration;
    protected String appName = null;
    protected final List<String> roleClasses = new ArrayList();
    protected final List<String> userClasses = new ArrayList();
    protected boolean useContextClassLoader = true;
    protected volatile boolean jaasConfigurationLoaded = false;
    private volatile boolean invocationSuccess = true;
    protected String roleClassNames = null;
    protected String userClassNames = null;

    public String getConfigFile() {
        return this.configFile;
    }

    public void setConfigFile(String str) {
        this.configFile = str;
    }

    public void setAppName(String str) {
        this.appName = str;
    }

    public String getAppName() {
        return this.appName;
    }

    public void setUseContextClassLoader(boolean z) {
        this.useContextClassLoader = z;
    }

    public boolean isUseContextClassLoader() {
        return this.useContextClassLoader;
    }

    @Override // org.apache.catalina.realm.RealmBase, org.apache.catalina.Contained
    public void setContainer(Container container) {
        super.setContainer(container);
        if (this.appName == null) {
            this.appName = makeLegalForJAAS(container.getName());
            log.info(sm.getString("jaasRealm.appName", this.appName));
        }
    }

    public String getRoleClassNames() {
        return this.roleClassNames;
    }

    public void setRoleClassNames(String str) {
        this.roleClassNames = str;
    }

    protected void parseClassNames(String str, List<String> list) {
        list.clear();
        if (str == null) {
            return;
        }
        ClassLoader classLoader = getClass().getClassLoader();
        if (isUseContextClassLoader()) {
            classLoader = Thread.currentThread().getContextClassLoader();
        }
        for (String str2 : str.split("[ ]*,[ ]*")) {
            if (str2.length() != 0) {
                try {
                    if (Principal.class.isAssignableFrom(Class.forName(str2, false, classLoader))) {
                        list.add(str2);
                    } else {
                        log.error(sm.getString("jaasRealm.notPrincipal", str2));
                    }
                } catch (ClassNotFoundException e) {
                    log.error(sm.getString("jaasRealm.classNotFound", str2));
                }
            }
        }
    }

    public String getUserClassNames() {
        return this.userClassNames;
    }

    public void setUserClassNames(String str) {
        this.userClassNames = str;
    }

    @Override // org.apache.catalina.realm.RealmBase, org.apache.catalina.Realm
    public Principal authenticate(String str, String str2) {
        return authenticate(str, new JAASCallbackHandler(this, str, str2));
    }

    @Override // org.apache.catalina.realm.RealmBase, org.apache.catalina.Realm
    public Principal authenticate(String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8) {
        return authenticate(str, new JAASCallbackHandler(this, str, str2, str3, str4, str5, str6, str7, str8, "DIGEST"));
    }

    protected Principal authenticate(String str, CallbackHandler callbackHandler) {
        try {
            if (this.appName == null) {
                this.appName = "Tomcat";
            }
            if (log.isDebugEnabled()) {
                log.debug(sm.getString("jaasRealm.beginLogin", str, this.appName));
            }
            ClassLoader classLoader = null;
            if (!isUseContextClassLoader()) {
                classLoader = Thread.currentThread().getContextClassLoader();
                Thread.currentThread().setContextClassLoader(getClass().getClassLoader());
            }
            try {
                try {
                    LoginContext loginContext = new LoginContext(this.appName, (Subject) null, callbackHandler, getConfig());
                    if (!isUseContextClassLoader()) {
                        Thread.currentThread().setContextClassLoader(classLoader);
                    }
                    if (log.isDebugEnabled()) {
                        log.debug("Login context created " + str);
                    }
                    try {
                        try {
                            try {
                                try {
                                    try {
                                        loginContext.login();
                                        Subject subject = loginContext.getSubject();
                                        this.invocationSuccess = true;
                                        if (subject == null) {
                                            if (!log.isDebugEnabled()) {
                                                return null;
                                            }
                                            log.debug(sm.getString("jaasRealm.failedLogin", str));
                                            return null;
                                        }
                                        if (log.isDebugEnabled()) {
                                            log.debug(sm.getString("jaasRealm.loginContextCreated", str));
                                        }
                                        Principal createPrincipal = createPrincipal(str, subject, loginContext);
                                        if (createPrincipal == null) {
                                            log.debug(sm.getString("jaasRealm.authenticateFailure", str));
                                            return null;
                                        }
                                        if (log.isDebugEnabled()) {
                                            log.debug(sm.getString("jaasRealm.authenticateSuccess", str, createPrincipal));
                                        }
                                        return createPrincipal;
                                    } catch (CredentialExpiredException e) {
                                        if (log.isDebugEnabled()) {
                                            log.debug(sm.getString("jaasRealm.credentialExpired", str));
                                        }
                                        this.invocationSuccess = true;
                                        return null;
                                    }
                                } catch (Throwable th) {
                                    ExceptionUtils.handleThrowable(th);
                                    log.error(sm.getString("jaasRealm.unexpectedError"), th);
                                    this.invocationSuccess = false;
                                    return null;
                                }
                            } catch (LoginException e2) {
                                log.warn(sm.getString("jaasRealm.loginException", str), e2);
                                this.invocationSuccess = true;
                                return null;
                            }
                        } catch (AccountExpiredException e3) {
                            if (log.isDebugEnabled()) {
                                log.debug(sm.getString("jaasRealm.accountExpired", str));
                            }
                            this.invocationSuccess = true;
                            return null;
                        }
                    } catch (FailedLoginException e4) {
                        if (log.isDebugEnabled()) {
                            log.debug(sm.getString("jaasRealm.failedLogin", str));
                        }
                        this.invocationSuccess = true;
                        return null;
                    }
                } catch (Throwable th2) {
                    if (!isUseContextClassLoader()) {
                        Thread.currentThread().setContextClassLoader(classLoader);
                    }
                    throw th2;
                }
            } catch (Throwable th3) {
                ExceptionUtils.handleThrowable(th3);
                log.error(sm.getString("jaasRealm.unexpectedError"), th3);
                this.invocationSuccess = false;
                if (!isUseContextClassLoader()) {
                    Thread.currentThread().setContextClassLoader(classLoader);
                }
                return null;
            }
        } catch (Throwable th4) {
            log.error("error ", th4);
            this.invocationSuccess = false;
            return null;
        }
    }

    @Override // org.apache.catalina.realm.RealmBase
    protected String getPassword(String str) {
        return null;
    }

    @Override // org.apache.catalina.realm.RealmBase
    protected Principal getPrincipal(String str) {
        return authenticate(str, new JAASCallbackHandler(this, str, null, null, null, null, null, null, null, HttpServletRequest.CLIENT_CERT_AUTH));
    }

    protected Principal createPrincipal(String str, Subject subject, LoginContext loginContext) {
        ArrayList arrayList = new ArrayList();
        Principal principal = null;
        for (Principal principal2 : subject.getPrincipals()) {
            String name = principal2.getClass().getName();
            if (log.isDebugEnabled()) {
                log.debug(sm.getString("jaasRealm.checkPrincipal", principal2, name));
            }
            if (principal == null && this.userClasses.contains(name)) {
                principal = principal2;
                if (log.isDebugEnabled()) {
                    log.debug(sm.getString("jaasRealm.userPrincipalSuccess", principal2.getName()));
                }
            }
            if (this.roleClasses.contains(name)) {
                arrayList.add(principal2.getName());
                if (log.isDebugEnabled()) {
                    log.debug(sm.getString("jaasRealm.rolePrincipalAdd", principal2.getName()));
                }
            }
        }
        if (principal != null) {
            if (arrayList.size() == 0 && log.isDebugEnabled()) {
                log.debug(sm.getString("jaasRealm.rolePrincipalFailure"));
            }
            return new GenericPrincipal(str, null, arrayList, principal, loginContext);
        }
        if (!log.isDebugEnabled()) {
            return null;
        }
        log.debug(sm.getString("jaasRealm.userPrincipalFailure"));
        log.debug(sm.getString("jaasRealm.rolePrincipalFailure"));
        return null;
    }

    protected String makeLegalForJAAS(String str) {
        String str2 = str;
        if (str2 == null) {
            str2 = "other";
        }
        if (str2.startsWith("/")) {
            str2 = str2.substring(1);
        }
        return str2;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.catalina.realm.RealmBase, org.apache.catalina.util.LifecycleBase
    public void startInternal() throws LifecycleException {
        parseClassNames(this.userClassNames, this.userClasses);
        parseClassNames(this.roleClassNames, this.roleClasses);
        super.startInternal();
    }

    protected Configuration getConfig() {
        String str = this.configFile;
        try {
            try {
                if (this.jaasConfigurationLoaded) {
                    return this.jaasConfiguration;
                }
                synchronized (this) {
                    if (str == null) {
                        this.jaasConfigurationLoaded = true;
                        return null;
                    }
                    this.jaasConfiguration = (Configuration) Class.forName("com.sun.security.auth.login.ConfigFile").getConstructor(URI.class).newInstance(Thread.currentThread().getContextClassLoader().getResource(str).toURI());
                    this.jaasConfigurationLoaded = true;
                    return this.jaasConfiguration;
                }
            } catch (InvocationTargetException e) {
                throw new RuntimeException(e.getCause());
            }
        } catch (IllegalArgumentException | ReflectiveOperationException | SecurityException | URISyntaxException e2) {
            throw new RuntimeException(e2);
        }
    }

    @Override // org.apache.catalina.Realm
    public boolean isAvailable() {
        return this.invocationSuccess;
    }
}
