package org.apache.tuscany.sca.policy.security.geronimo;

import java.security.AccessControlContext;
import java.util.Iterator;
import java.util.List;
import javax.security.auth.Subject;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import javax.security.jacc.WebRoleRefPermission;
import org.apache.geronimo.security.ContextManager;
import org.apache.tuscany.sca.invocation.Message;
import org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy;
import org.apache.tuscany.sca.policy.security.http.LDAPRealmAuthenticationCallbackHandler;
import org.apache.tuscany.sca.policy.security.http.LDAPRealmAuthenticationPolicy;
import org.apache.tuscany.sca.policy.security.http.extensibility.LDAPSecurityHandler;
import org.apache.tuscany.sca.policy.security.http.util.HttpSecurityUtil;

/* JADX WARN: Classes with same name are omitted:
  input_file:runtime/apache-tuscany-sca-1.6.2/tuscany-sca-1.6.2/lib/tuscany-sca-all-1.6.2.jar:org/apache/tuscany/sca/policy/security/geronimo/GeronimoLDAPSecurityHandler.class
 */
/* loaded from: input_file:runtime/apache-tuscany-sca-1.6.2/tuscany-sca-1.6.2/modules/tuscany-policy-security-geronimo-1.6.2.jar:org/apache/tuscany/sca/policy/security/geronimo/GeronimoLDAPSecurityHandler.class */
public class GeronimoLDAPSecurityHandler implements LDAPSecurityHandler {
    @Override // org.apache.tuscany.sca.policy.security.http.extensibility.LDAPSecurityHandler
    public void handleSecurity(Message message, List<LDAPRealmAuthenticationPolicy> list, List<AuthorizationPolicy> list2) throws LoginException {
        LDAPRealmAuthenticationPolicy lDAPRealmAuthenticationPolicy = list.get(0);
        if (lDAPRealmAuthenticationPolicy != null) {
            try {
                Subject subject = ContextManager.login(lDAPRealmAuthenticationPolicy.getRealmConfigurationName(), new LDAPRealmAuthenticationCallbackHandler(HttpSecurityUtil.getSubject(message))).getSubject();
                ContextManager.setCallers(subject, subject);
                if (subject != null) {
                }
            } catch (LoginException e) {
                throw new FailedLoginException("Login failed: " + e.getMessage());
            }
        }
        AuthorizationPolicy authorizationPolicy = list2.get(0);
        if (authorizationPolicy == null || authorizationPolicy.getAccessControl() != AuthorizationPolicy.AcessControl.allow) {
            return;
        }
        AccessControlContext currentContext = ContextManager.getCurrentContext();
        boolean z = false;
        Iterator<String> it = authorizationPolicy.getRoleNames().iterator();
        while (it.hasNext()) {
            z = isUserInRole(currentContext, it.next());
            if (z) {
                break;
            }
        }
        if (!z) {
            throw new LoginException("Insufficient access rights !");
        }
    }

    public boolean isUserInRole(AccessControlContext accessControlContext, String str) {
        try {
            accessControlContext.checkPermission(new WebRoleRefPermission("", str));
            return true;
        } catch (Exception e) {
            return false;
        }
    }
}
