package org.ow2.jonas.security.interceptors.jrmp.ctxcheck;

import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.util.Arrays;
import org.ow2.carol.rmi.interceptor.api.JServerRequestInfo;
import org.ow2.carol.rmi.interceptor.spi.JServerRequestInterceptor;
import org.ow2.jonas.lib.security.context.SecurityContext;
import org.ow2.jonas.lib.security.context.SecurityCurrent;
import org.ow2.jonas.lib.util.ConfigurationConstants;

/* loaded from: input_file:org/ow2/jonas/security/interceptors/jrmp/ctxcheck/ServerInterceptor.class */
public class ServerInterceptor implements JServerRequestInterceptor {
    private static final String JPROP_CLASSNAME = "org.ow2.jonas.lib.bootstrap.JProp";
    private static final String NAME = "CHECK_CTX_INTERCEPTOR";
    private static final SecurityContext ANON_CTX = new SecurityContext();
    private static SecurityContext alteredCtx = null;
    private static CtxCheckConfig config = null;

    public ServerInterceptor() {
        if (config == null) {
            boolean z = System.getProperty("jonas.base") != null;
            boolean z2 = System.getProperty(ConfigurationConstants.JONAS_ROOT_PROP) != null;
            boolean z3 = true;
            try {
                Thread.currentThread().getContextClassLoader().loadClass(JPROP_CLASSNAME);
            } catch (ClassNotFoundException e) {
                z3 = false;
            }
            if (z3 && z && z2) {
                config = new CtxCheckConfig();
            }
        }
        if (alteredCtx == null) {
            alteredCtx = new SecurityContext("JOnAS_ALTERED_IDENTITY");
        }
    }

    @Override // org.ow2.carol.rmi.interceptor.spi.JServerRequestInterceptor
    public void receiveRequest(JServerRequestInfo jServerRequestInfo) throws IOException {
        SecurityContext securityContext;
        SecurityCurrent current = SecurityCurrent.getCurrent();
        if (current == null || (securityContext = current.getSecurityContext()) == null) {
            return;
        }
        if (ANON_CTX.getPrincipalName().equals(securityContext.getPrincipalName()) && Arrays.equals(ANON_CTX.getRoles(), securityContext.getRoles())) {
            return;
        }
        if (securityContext.getSignature() == null) {
            current.setSecurityContext(alteredCtx);
            throw new IOException("The security context '" + securityContext + "' has no signature which is illegal with this configuration. Check that the SignLoginModule has been used.");
        }
        PublicKey publicKey = config.getPublicKey();
        try {
            Signature signature = Signature.getInstance("SHA1withDSA");
            try {
                signature.initVerify(publicKey);
                try {
                    signature.update(securityContext.getPrincipalName().getBytes());
                    String[] roles = securityContext.getRoles();
                    for (int i = 0; i < roles.length; i++) {
                        try {
                            signature.update(roles[i].getBytes());
                        } catch (SignatureException e) {
                            current.setSecurityContext(alteredCtx);
                            throw new IOException("Cannot add the bytes for the role '" + roles[i] + "' :" + e.getMessage());
                        }
                    }
                    try {
                        if (signature.verify(securityContext.getSignature())) {
                            return;
                        }
                        current.setSecurityContext(alteredCtx);
                        throw new IOException("The signature for the security context '" + securityContext + "' has been altered by an unknown source.");
                    } catch (SignatureException e2) {
                        current.setSecurityContext(alteredCtx);
                        throw new IOException("The signature found in the security context '" + securityContext + "' is invalid:" + e2.getMessage());
                    }
                } catch (SignatureException e3) {
                    current.setSecurityContext(alteredCtx);
                    throw new IOException("Cannot add the bytes for the principal name '" + securityContext.getPrincipalName() + "' :" + e3.getMessage());
                }
            } catch (InvalidKeyException e4) {
                current.setSecurityContext(alteredCtx);
                throw new IOException("Cannot initialize the signature with the given public key:" + e4.getMessage());
            }
        } catch (NoSuchAlgorithmException e5) {
            current.setSecurityContext(alteredCtx);
            throw new IOException("Error while getting the algorithm 'SHA1withDSA' :" + e5.getMessage());
        }
    }

    @Override // org.ow2.carol.rmi.interceptor.spi.JServerRequestInterceptor
    public void sendReply(JServerRequestInfo jServerRequestInfo) throws IOException {
    }

    @Override // org.ow2.carol.rmi.interceptor.spi.JServerRequestInterceptor
    public String name() {
        return NAME;
    }

    @Override // org.ow2.carol.rmi.interceptor.spi.JServerRequestInterceptor
    public void sendException(JServerRequestInfo jServerRequestInfo) throws IOException {
    }

    @Override // org.ow2.carol.rmi.interceptor.spi.JServerRequestInterceptor
    public void sendOther(JServerRequestInfo jServerRequestInfo) throws IOException {
    }
}
