package org.apache.geronimo.tomcat;

import java.security.AccessControlContext;
import java.security.Principal;
import java.util.HashMap;
import java.util.List;
import javax.security.auth.Subject;
import javax.security.auth.message.AuthException;
import javax.security.auth.message.config.AuthConfigFactory;
import javax.security.auth.message.config.AuthConfigProvider;
import javax.security.auth.message.config.RegistrationListener;
import javax.security.auth.message.config.ServerAuthConfig;
import org.apache.catalina.core.StandardContext;
import org.apache.catalina.startup.ContextConfig;
import org.apache.geronimo.security.ContextManager;
import org.apache.geronimo.security.jaas.ConfigurationFactory;
import org.apache.geronimo.tomcat.security.Authenticator;
import org.apache.geronimo.tomcat.security.Authorizer;
import org.apache.geronimo.tomcat.security.UserIdentity;
import org.apache.geronimo.tomcat.security.authentication.BasicAuthenticator;
import org.apache.geronimo.tomcat.security.authentication.ClientCertAuthenticator;
import org.apache.geronimo.tomcat.security.authentication.DigestAuthenticator;
import org.apache.geronimo.tomcat.security.authentication.FormAuthenticator;
import org.apache.geronimo.tomcat.security.authentication.NoneAuthenticator;
import org.apache.geronimo.tomcat.security.authentication.jaspic.JaspicAuthenticator;
import org.apache.geronimo.tomcat.security.authentication.jaspic.JaspicCallbackHandler;
import org.apache.geronimo.tomcat.security.impl.GeronimoIdentityService;
import org.apache.geronimo.tomcat.security.impl.GeronimoLoginService;
import org.apache.geronimo.tomcat.security.jacc.JACCAuthorizer;
import org.apache.geronimo.tomcat.security.jacc.JACCRealm;
import org.apache.geronimo.tomcat.security.jacc.JACCSecurityValve;

/* loaded from: input_file:org/apache/geronimo/tomcat/BaseGeronimoContextConfig.class */
public class BaseGeronimoContextConfig extends ContextConfig {
    private static final String MESSAGE_LAYER = "HttpServlet";
    private static final String POLICY_CONTEXT_ID_KEY = "javax.security.jacc.PolicyContext";

    /* JADX INFO: Access modifiers changed from: protected */
    public void configureSecurity(StandardContext standardContext, String str, ConfigurationFactory configurationFactory, Subject subject, String str2, String str3, String str4, String str5) {
        Authenticator basicAuthenticator;
        if (subject == null) {
            subject = ContextManager.EMPTY;
        }
        GeronimoIdentityService geronimoIdentityService = new GeronimoIdentityService(subject);
        UserIdentity newUserIdentity = geronimoIdentityService.newUserIdentity(subject, null, null);
        GeronimoLoginService geronimoLoginService = new GeronimoLoginService(configurationFactory, geronimoIdentityService);
        AuthConfigFactory factory = AuthConfigFactory.getFactory();
        RegistrationListener registrationListener = new RegistrationListener() { // from class: org.apache.geronimo.tomcat.BaseGeronimoContextConfig.1
            public void notify(String str6, String str7) {
            }
        };
        String str6 = "server " + standardContext.getPath();
        AuthConfigProvider configProvider = factory.getConfigProvider(MESSAGE_LAYER, str6, registrationListener);
        ServerAuthConfig serverAuthConfig = null;
        JaspicCallbackHandler jaspicCallbackHandler = null;
        if (configProvider != null) {
            jaspicCallbackHandler = new JaspicCallbackHandler(geronimoLoginService);
            try {
                serverAuthConfig = configProvider.getServerAuthConfig(MESSAGE_LAYER, str6, jaspicCallbackHandler);
            } catch (AuthException e) {
            }
        }
        if (serverAuthConfig != null) {
            HashMap hashMap = new HashMap();
            hashMap.put(POLICY_CONTEXT_ID_KEY, str);
            basicAuthenticator = new JaspicAuthenticator(serverAuthConfig, hashMap, new Subject(), jaspicCallbackHandler, geronimoIdentityService);
        } else {
            basicAuthenticator = "BASIC".equalsIgnoreCase(str2) ? new BasicAuthenticator(geronimoLoginService, str3, newUserIdentity) : "CLIENT-CERT".equalsIgnoreCase(str2) ? new ClientCertAuthenticator(geronimoLoginService, newUserIdentity) : "DIGEST".equalsIgnoreCase(str2) ? new DigestAuthenticator(geronimoLoginService, str3, newUserIdentity) : "FORM".equalsIgnoreCase(str2) ? new FormAuthenticator(geronimoLoginService, newUserIdentity, str4, str5) : new NoneAuthenticator(newUserIdentity);
        }
        standardContext.addValve(new JACCSecurityValve(basicAuthenticator, createAuthorizer(ContextManager.registerSubjectShort(subject, (Principal) null, (List) null)), geronimoIdentityService, str));
        if (log.isDebugEnabled()) {
            log.debug(sm.getString("contextConfig.authenticatorConfigured", str2));
        }
        standardContext.setRealm(new JACCRealm());
    }

    protected Authorizer createAuthorizer(AccessControlContext accessControlContext) {
        return new JACCAuthorizer(accessControlContext);
    }
}
