package org.apache.tomee.catalina;

import java.security.Principal;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.Realm;
import org.apache.catalina.Wrapper;
import org.apache.catalina.connector.Request;
import org.apache.catalina.realm.CombinedRealm;
import org.apache.catalina.realm.GenericPrincipal;
import org.apache.openejb.loader.SystemInstance;
import org.apache.openejb.spi.SecurityService;
import org.apache.openejb.threads.task.CUTask;
import org.apache.openejb.util.LogCategory;
import org.apache.openejb.util.Logger;
import org.ietf.jgss.GSSContext;

/* loaded from: input_file:lib/tomee-catalina-9.1.0.jar:org/apache/tomee/catalina/TomEERealm.class */
public class TomEERealm extends CombinedRealm {
    public static final String SECURITY_NOTE = TomEERealm.class.getName() + ".securityContext";
    private TomcatSecurityService securityService;

    protected void startInternal() throws LifecycleException {
        super.startInternal();
        this.securityService = (TomcatSecurityService) SystemInstance.get().getComponent(SecurityService.class);
    }

    public Principal authenticate(String str, String str2) {
        return logInTomEE(super.authenticate(str, str2));
    }

    public Principal authenticate(X509Certificate[] x509CertificateArr) {
        return logInTomEE(super.authenticate(x509CertificateArr));
    }

    public Principal authenticate(String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8) {
        return logInTomEE(super.authenticate(str, str2, str3, str4, str5, str6, str7, str8));
    }

    public Principal authenticate(GSSContext gSSContext, boolean z) {
        return logInTomEE(super.authenticate(gSSContext, z));
    }

    public boolean hasRole(Wrapper wrapper, Principal principal, String str) {
        String findSecurityReference;
        String str2 = str;
        if (wrapper != null && (findSecurityReference = wrapper.findSecurityReference(str2)) != null) {
            str2 = findSecurityReference;
        }
        if (principal == null || str2 == null) {
            return false;
        }
        if (principal instanceof GenericPrincipal) {
            return ((GenericPrincipal) principal).hasRole(str2);
        }
        Iterator it = this.realms.iterator();
        while (it.hasNext()) {
            if (((Realm) it.next()).hasRole(wrapper, principal, str)) {
                return true;
            }
        }
        return false;
    }

    private Principal logInTomEE(Principal principal) {
        if (principal == null) {
            return null;
        }
        if (this.securityService == null) {
            this.securityService = (TomcatSecurityService) SystemInstance.get().getComponent(SecurityService.class);
        }
        Request request = OpenEJBSecurityListener.requests.get();
        if (request != null) {
            request.setNote(SECURITY_NOTE, this.securityService.enterWebApp(this, principal, OpenEJBSecurityListener.requests.get().getWrapper().getRunAs()));
        } else {
            CUTask.Context context = CUTask.Context.CURRENT.get();
            if (context != null) {
                final Object enterWebApp = this.securityService.enterWebApp(this, principal, null);
                context.pushExitTask(new Runnable() { // from class: org.apache.tomee.catalina.TomEERealm.1
                    @Override // java.lang.Runnable
                    public void run() {
                        TomEERealm.this.securityService.exitWebApp(enterWebApp);
                    }
                });
            } else {
                Logger logger = Logger.getInstance(LogCategory.OPENEJB_SECURITY, TomEERealm.class);
                if (logger.isDebugEnabled()) {
                    logger.debug("No request or concurrency-utilities context so skipping login context propagation, thread=" + Thread.currentThread().getName());
                }
            }
        }
        return principal;
    }
}
