package org.granite.messaging.service.security;

import java.lang.reflect.Field;
import java.lang.reflect.InvocationTargetException;
import java.security.Principal;
import java.util.Iterator;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpSession;
import org.apache.catalina.Engine;
import org.apache.catalina.Realm;
import org.apache.catalina.Server;
import org.apache.catalina.ServerFactory;
import org.apache.catalina.Service;
import org.apache.catalina.Session;
import org.apache.catalina.connector.RequestFacade;
import org.apache.coyote.tomcat5.CoyoteRequest;
import org.granite.context.GraniteContext;
import org.granite.messaging.webapp.HttpGraniteContext;

/* loaded from: input_file:WEB-INF/lib/granite-core-2.3.2.GA.jar:org/granite/messaging/service/security/GlassFishSecurityService.class */
public class GlassFishSecurityService extends AbstractSecurityService {
    private final Field requestField;
    private Engine engine = null;

    public GlassFishSecurityService() {
        try {
            this.requestField = RequestFacade.class.getDeclaredField("request");
            this.requestField.setAccessible(true);
        } catch (Exception e) {
            throw new RuntimeException("Could not get 'request' field in Tomcat RequestFacade", e);
        }
    }

    protected Field getRequestField() {
        return this.requestField;
    }

    protected Engine getEngine() {
        return this.engine;
    }

    @Override // org.granite.messaging.service.security.SecurityService
    public void configure(Map<String, String> map) {
        String str = map.get("service");
        Server server = ServerFactory.getServer();
        if (server == null) {
            throw new NullPointerException("Could not get Tomcat server");
        }
        Service service = null;
        if (str != null) {
            service = server.findService(str);
        } else {
            Service[] findServices = server.findServices();
            if (findServices != null && findServices.length > 0) {
                service = findServices[0];
            }
        }
        if (service == null) {
            throw new NullPointerException("Could not find Tomcat service for: " + (str != null ? str : "(default)"));
        }
        this.engine = service.getContainer();
        if (this.engine == null) {
            throw new NullPointerException("Could not find Tomcat container for: " + (str != null ? str : "(default)"));
        }
    }

    @Override // org.granite.messaging.service.security.SecurityService
    public void login(Object obj, String str) throws SecurityServiceException {
        String[] decodeBase64Credentials = decodeBase64Credentials(obj, str);
        CoyoteRequest request = getRequest(((HttpGraniteContext) GraniteContext.getCurrentInstance()).getRequest());
        Principal authenticate = request.getContext().getRealm().authenticate(decodeBase64Credentials[0], decodeBase64Credentials[1]);
        if (authenticate == null) {
            throw SecurityServiceException.newInvalidCredentialsException("Wrong username or password");
        }
        request.setAuthType(AbstractSecurityService.AUTH_TYPE);
        request.setUserPrincipal(authenticate);
        Session sessionInternal = request.getSessionInternal();
        sessionInternal.setAuthType(AbstractSecurityService.AUTH_TYPE);
        sessionInternal.setPrincipal(authenticate);
        sessionInternal.setNote("org.apache.catalina.session.USERNAME", decodeBase64Credentials[0]);
        sessionInternal.setNote("org.apache.catalina.session.PASSWORD", decodeBase64Credentials[1]);
        endLogin(obj, str);
    }

    @Override // org.granite.messaging.service.security.SecurityService
    public Object authorize(AbstractSecurityContext abstractSecurityContext) throws Exception {
        Throwable th;
        HttpSession session;
        startAuthorization(abstractSecurityContext);
        HttpServletRequest request = ((HttpGraniteContext) GraniteContext.getCurrentInstance()).getRequest();
        CoyoteRequest request2 = getRequest(request);
        Session sessionInternal = request2.getSessionInternal(false);
        Principal principal = null;
        if (sessionInternal != null) {
            request2.setAuthType(sessionInternal.getAuthType());
            principal = sessionInternal.getPrincipal();
            if (principal == null && tryRelogin()) {
                principal = sessionInternal.getPrincipal();
            }
        }
        request2.setUserPrincipal(principal);
        if (abstractSecurityContext.getDestination().isSecured()) {
            if (principal == null) {
                if (request.getRequestedSessionId() == null || !((session = request.getSession(false)) == null || request.getRequestedSessionId().equals(session.getId()))) {
                    throw SecurityServiceException.newNotLoggedInException("User not logged in");
                }
                throw SecurityServiceException.newSessionExpiredException("Session expired");
            }
            boolean z = true;
            Iterator<String> it = abstractSecurityContext.getDestination().getRoles().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (request.isUserInRole(it.next())) {
                    z = false;
                    break;
                }
            }
            if (z) {
                throw SecurityServiceException.newAccessDeniedException("User not in required role");
            }
        }
        try {
            return endAuthorization(abstractSecurityContext);
        } catch (InvocationTargetException e) {
            Throwable th2 = e;
            while (true) {
                th = th2;
                if (th == null) {
                    throw e;
                }
                if ((th instanceof SecurityException) || "javax.ejb.EJBAccessException".equals(th.getClass().getName())) {
                    break;
                }
                th2 = th.getCause();
            }
            throw SecurityServiceException.newAccessDeniedException(th.getMessage());
        }
    }

    @Override // org.granite.messaging.service.security.SecurityService
    public void logout() throws SecurityServiceException {
        Session session = getSession(((HttpGraniteContext) GraniteContext.getCurrentInstance()).getRequest(), false);
        if (session == null || session.getPrincipal() == null) {
            return;
        }
        session.setAuthType((String) null);
        session.setPrincipal((Principal) null);
        session.removeNote("org.apache.catalina.session.USERNAME");
        session.removeNote("org.apache.catalina.session.PASSWORD");
        endLogout();
        session.expire();
    }

    protected Principal getPrincipal(HttpServletRequest httpServletRequest) {
        Session sessionInternal = getRequest(httpServletRequest).getSessionInternal(false);
        if (sessionInternal != null) {
            return sessionInternal.getPrincipal();
        }
        return null;
    }

    protected Session getSession(HttpServletRequest httpServletRequest, boolean z) {
        return getRequest(httpServletRequest).getSessionInternal(z);
    }

    protected CoyoteRequest getRequest(HttpServletRequest httpServletRequest) {
        while (httpServletRequest instanceof HttpServletRequestWrapper) {
            httpServletRequest = (HttpServletRequest) ((HttpServletRequestWrapper) httpServletRequest).getRequest();
        }
        try {
            return (CoyoteRequest) this.requestField.get(httpServletRequest);
        } catch (Exception e) {
            throw new RuntimeException("Could not get tomcat request", e);
        }
    }

    protected Realm getRealm(HttpServletRequest httpServletRequest) {
        return getRequest(httpServletRequest).getContext().getRealm();
    }
}
