package org.apache.cxf.interceptor.security;

import ch.qos.logback.classic.ClassicConstants;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.interceptor.InterceptorChain;
import org.apache.cxf.interceptor.security.callback.CallbackHandlerProvider;
import org.apache.cxf.interceptor.security.callback.CallbackHandlerProviderAuthPol;
import org.apache.cxf.interceptor.security.callback.CallbackHandlerProviderUsernameToken;
import org.apache.cxf.message.Message;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.phase.Phase;
import org.apache.cxf.security.SecurityContext;

/* loaded from: input_file:BOOT-INF/lib/cxf-core-3.1.12.jar:org/apache/cxf/interceptor/security/JAASLoginInterceptor.class */
public class JAASLoginInterceptor extends AbstractPhaseInterceptor<Message> {
    public static final String ROLE_CLASSIFIER_PREFIX = "prefix";
    public static final String ROLE_CLASSIFIER_CLASS_NAME = "classname";
    private static final Logger LOG = LogUtils.getL7dLogger(JAASLoginInterceptor.class);
    private String contextName;
    private Configuration loginConfig;
    private String roleClassifier;
    private String roleClassifierType;
    private boolean reportFault;
    private boolean useDoAs;
    private List<CallbackHandlerProvider> callbackHandlerProviders;
    private boolean allowAnonymous;
    private boolean allowNamedPrincipals;

    public JAASLoginInterceptor() {
        this(Phase.UNMARSHAL);
    }

    public JAASLoginInterceptor(String str) {
        super(str);
        this.contextName = "";
        this.roleClassifierType = ROLE_CLASSIFIER_PREFIX;
        this.useDoAs = true;
        this.allowAnonymous = true;
        this.callbackHandlerProviders = new ArrayList();
        this.callbackHandlerProviders.add(new CallbackHandlerProviderAuthPol());
        this.callbackHandlerProviders.add(new CallbackHandlerProviderUsernameToken());
    }

    public void setContextName(String str) {
        this.contextName = str;
    }

    public String getContextName() {
        return this.contextName;
    }

    @Deprecated
    public void setRolePrefix(String str) {
        setRoleClassifier(str);
    }

    public void setRoleClassifier(String str) {
        this.roleClassifier = str;
    }

    public String getRoleClassifier() {
        return this.roleClassifier;
    }

    public void setRoleClassifierType(String str) {
        if (!ROLE_CLASSIFIER_PREFIX.equals(str) && !ROLE_CLASSIFIER_CLASS_NAME.equals(str)) {
            throw new IllegalArgumentException("Unsupported role classifier");
        }
        this.roleClassifierType = str;
    }

    public String getRoleClassifierType() {
        return this.roleClassifierType;
    }

    public void setReportFault(boolean z) {
        this.reportFault = z;
    }

    public void setUseDoAs(boolean z) {
        this.useDoAs = z;
    }

    private CallbackHandler getFirstCallbackHandler(Message message) {
        Iterator<CallbackHandlerProvider> it = this.callbackHandlerProviders.iterator();
        while (it.hasNext()) {
            CallbackHandler create = it.next().create(message);
            if (create != null) {
                return create;
            }
        }
        return null;
    }

    @Override // org.apache.cxf.interceptor.Interceptor
    public void handleMessage(final Message message) throws Fault {
        SecurityContext securityContext;
        if (!this.allowNamedPrincipals || (securityContext = (SecurityContext) message.get(SecurityContext.class)) == null || securityContext.getUserPrincipal() == null || securityContext.getUserPrincipal().getName() == null) {
            CallbackHandler firstCallbackHandler = getFirstCallbackHandler(message);
            if (firstCallbackHandler == null && !this.allowAnonymous) {
                throw new AuthenticationException("Authentication required but no authentication information was supplied");
            }
            try {
                LoginContext loginContext = new LoginContext(getContextName(), (Subject) null, firstCallbackHandler, this.loginConfig);
                loginContext.login();
                Subject subject = loginContext.getSubject();
                message.put((Class<Class>) SecurityContext.class, (Class) createSecurityContext(getUsername(firstCallbackHandler), subject));
                if (this.useDoAs) {
                    Subject.doAs(subject, new PrivilegedAction<Void>() { // from class: org.apache.cxf.interceptor.security.JAASLoginInterceptor.1
                        /* JADX WARN: Can't rename method to resolve collision */
                        @Override // java.security.PrivilegedAction
                        public Void run() {
                            InterceptorChain interceptorChain = message.getInterceptorChain();
                            if (interceptorChain == null) {
                                return null;
                            }
                            interceptorChain.doIntercept(message);
                            return null;
                        }
                    });
                }
            } catch (LoginException e) {
                String str = "Authentication failed: " + e.getMessage();
                LOG.log(Level.FINE, str, (Throwable) e);
                if (!this.reportFault) {
                    throw new AuthenticationException("Authentication failed (details can be found in server log)");
                }
                AuthenticationException authenticationException = new AuthenticationException(str);
                authenticationException.initCause(e);
                throw authenticationException;
            }
        }
    }

    private String getUsername(CallbackHandler callbackHandler) {
        if (callbackHandler == null) {
            return null;
        }
        try {
            NameCallback nameCallback = new NameCallback(ClassicConstants.USER_MDC_KEY);
            callbackHandler.handle(new Callback[]{nameCallback});
            return nameCallback.getName();
        } catch (Exception e) {
            return null;
        }
    }

    protected CallbackHandler getCallbackHandler(String str, String str2) {
        return new NamePasswordCallbackHandler(str, str2);
    }

    protected SecurityContext createSecurityContext(String str, Subject subject) {
        return getRoleClassifier() != null ? new RolePrefixSecurityContextImpl(subject, getRoleClassifier(), getRoleClassifierType()) : new DefaultSecurityContext(str, subject);
    }

    public Configuration getLoginConfig() {
        return this.loginConfig;
    }

    public void setLoginConfig(Configuration configuration) {
        this.loginConfig = configuration;
    }

    public List<CallbackHandlerProvider> getCallbackHandlerProviders() {
        return this.callbackHandlerProviders;
    }

    public void setCallbackHandlerProviders(List<CallbackHandlerProvider> list) {
        this.callbackHandlerProviders.clear();
        this.callbackHandlerProviders.addAll(list);
    }

    public void addCallbackHandlerProviders(List<CallbackHandlerProvider> list) {
        this.callbackHandlerProviders.addAll(list);
    }

    public void setAllowAnonymous(boolean z) {
        this.allowAnonymous = z;
    }

    public void setAllowNamedPrincipals(boolean z) {
        this.allowNamedPrincipals = z;
    }
}
