package com.sun.enterprise.security.auth.login;

import com.sun.enterprise.common.iiop.security.AnonCredential;
import com.sun.enterprise.common.iiop.security.GSSUPName;
import com.sun.enterprise.security.SecurityContext;
import com.sun.enterprise.security.SecurityLoggerInfo;
import com.sun.enterprise.security.SecurityServicesUtil;
import com.sun.enterprise.security.audit.AuditManager;
import com.sun.enterprise.security.auth.login.common.PasswordCredential;
import com.sun.enterprise.security.auth.login.common.ServerLoginCallbackHandler;
import com.sun.enterprise.security.auth.login.common.X509CertificateCredential;
import com.sun.enterprise.security.auth.realm.Realm;
import com.sun.enterprise.security.auth.realm.certificate.CertificateRealm;
import com.sun.enterprise.security.auth.realm.exceptions.InvalidOperationException;
import com.sun.enterprise.security.auth.realm.exceptions.NoSuchRealmException;
import com.sun.enterprise.security.auth.realm.exceptions.NoSuchUserException;
import com.sun.enterprise.security.common.AppservAccessController;
import com.sun.enterprise.security.common.ClientSecurityContext;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.security.auth.x500.X500Principal;
import org.glassfish.internal.api.Globals;
import org.glassfish.security.common.Group;
import org.glassfish.security.common.UserNameAndPassword;

/* loaded from: input_file:com/sun/enterprise/security/auth/login/LoginContextDriver.class */
public class LoginContextDriver {
    private static final Logger LOG;
    private static final ServerLoginCallbackHandler dummyCallback;
    public static final String CERT_REALMNAME = "certificate";
    private static volatile AuditManager AUDIT_MANAGER;
    static final /* synthetic */ boolean $assertionsDisabled;

    private LoginContextDriver() {
    }

    private static AuditManager getAuditManager() {
        return AUDIT_MANAGER != null ? AUDIT_MANAGER : _getAuditManager();
    }

    private static synchronized AuditManager _getAuditManager() {
        if (AUDIT_MANAGER == null) {
            AUDIT_MANAGER = ((SecurityServicesUtil) Globals.get(SecurityServicesUtil.class)).getAuditManager();
        }
        return AUDIT_MANAGER;
    }

    public static void login(String str, char[] cArr, String str2) {
        if (str2 == null || !Realm.isValidRealm(str2)) {
            str2 = Realm.getDefaultRealm();
        }
        final Subject subject = new Subject();
        final PasswordCredential passwordCredential = new PasswordCredential(str, cArr, str2);
        AppservAccessController.doPrivileged(new PrivilegedAction() { // from class: com.sun.enterprise.security.auth.login.LoginContextDriver.1
            @Override // java.security.PrivilegedAction
            public Object run() {
                subject.getPrivateCredentials().add(passwordCredential);
                return subject;
            }
        });
        login(subject, PasswordCredential.class);
    }

    public static void login(AssertedCredentials assertedCredentials) throws LoginException {
        Subject subject = new Subject();
        subject.getPrivateCredentials().add(assertedCredentials);
        try {
            try {
                new LoginContext(Realm.getInstance(assertedCredentials.getRealmName()).getJAASContext(), subject, dummyCallback).login();
                setSecurityContext(assertedCredentials.getUserName(), subject, assertedCredentials.getRealmName());
            } catch (Exception e) {
                if (LOG.isLoggable(Level.INFO)) {
                    LOG.log(Level.INFO, SecurityLoggerInfo.auditAtnRefusedError, assertedCredentials.getUserName());
                }
                if (LOG.isLoggable(Level.FINEST)) {
                    LOG.log(Level.FINEST, "doPasswordLogin fails", (Throwable) e);
                }
                if (AUDIT_MANAGER.isAuditOn()) {
                    AUDIT_MANAGER.authentication(assertedCredentials.getUserName(), assertedCredentials.getRealmName(), false);
                }
                if (!(e instanceof com.sun.enterprise.security.auth.login.common.LoginException)) {
                    throw new com.sun.enterprise.security.auth.login.common.LoginException("Login failed: " + e.getMessage(), e);
                }
                throw ((com.sun.enterprise.security.auth.login.common.LoginException) e);
            }
        } catch (Exception e2) {
            if (!(e2 instanceof com.sun.enterprise.security.auth.login.common.LoginException)) {
                throw new com.sun.enterprise.security.auth.login.common.LoginException("Failed obtaining the JAAS Context", e2);
            }
            throw ((com.sun.enterprise.security.auth.login.common.LoginException) e2);
        }
    }

    public static void login(Subject subject, Class cls) throws com.sun.enterprise.security.auth.login.common.LoginException {
        LOG.log(Level.FINEST, "Processing login with credentials of type: {0}", cls);
        if (cls.equals(PasswordCredential.class)) {
            doPasswordLogin(subject);
            return;
        }
        if (cls.equals(X509CertificateCredential.class)) {
            doCertificateLogin(subject);
            return;
        }
        if (cls.equals(AnonCredential.class)) {
            doAnonLogin();
            return;
        }
        if (cls.equals(GSSUPName.class)) {
            doGSSUPLogin(subject);
        } else if (cls.equals(X500Principal.class)) {
            doX500Login(subject, null);
        } else {
            LOG.log(Level.INFO, SecurityLoggerInfo.unknownCredentialError, cls.toString());
            throw new com.sun.enterprise.security.auth.login.common.LoginException("Unknown credential type " + String.valueOf(cls) + ", cannot login.");
        }
    }

    public static void loginPrincipal(String str, String str2) throws com.sun.enterprise.security.auth.login.common.LoginException {
        if (str2 == null || str2.isEmpty()) {
            str2 = Realm.getDefaultRealm();
        }
        final Subject subject = new Subject();
        final UserNameAndPassword userNameAndPassword = new UserNameAndPassword(str);
        final GSSUPName gSSUPName = new GSSUPName(str, str2);
        AppservAccessController.doPrivileged(new PrivilegedAction<Void>() { // from class: com.sun.enterprise.security.auth.login.LoginContextDriver.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Void run() {
                subject.getPrincipals().add(userNameAndPassword);
                subject.getPublicCredentials().add(gSSUPName);
                return null;
            }
        });
        try {
            Enumeration<String> groupNames = Realm.getInstance(str2).getGroupNames(str);
            Set<Principal> principals = subject.getPrincipals();
            while (groupNames.hasMoreElements()) {
                principals.add(new Group(groupNames.nextElement()));
            }
        } catch (InvalidOperationException e) {
            LOG.log(Level.WARNING, SecurityLoggerInfo.invalidOperationForRealmError, new Object[]{str, str2, e.toString()});
        } catch (NoSuchRealmException e2) {
            throw new com.sun.enterprise.security.auth.login.common.LoginException(e2.toString(), e2);
        } catch (NoSuchUserException e3) {
            LOG.log(Level.WARNING, SecurityLoggerInfo.noSuchUserInRealmError, new Object[]{str, str2, e3.toString()});
        }
        setSecurityContext(str, subject, str2);
    }

    public static void logout() throws com.sun.enterprise.security.auth.login.common.LoginException {
        unsetSecurityContext();
    }

    private static void doPasswordLogin(Subject subject) throws com.sun.enterprise.security.auth.login.common.LoginException {
        Object privateCredentials = getPrivateCredentials(subject, PasswordCredential.class);
        if (!$assertionsDisabled && privateCredentials == null) {
            throw new AssertionError();
        }
        PasswordCredential passwordCredential = (PasswordCredential) privateCredentials;
        String user = passwordCredential.getUser();
        char[] password = passwordCredential.getPassword();
        String realm = passwordCredential.getRealm();
        try {
            String jAASContext = Realm.getInstance(realm).getJAASContext();
            if (!$assertionsDisabled && user == null) {
                throw new AssertionError();
            }
            if (!$assertionsDisabled && password == null) {
                throw new AssertionError();
            }
            if (!$assertionsDisabled && realm == null) {
                throw new AssertionError();
            }
            if (!$assertionsDisabled && jAASContext == null) {
                throw new AssertionError();
            }
            LOG.log(Level.FINE, "Logging in user {0} into realm {1} using JAAS module {2}", new Object[]{user, realm, jAASContext});
            try {
                new LoginContext(jAASContext, subject, dummyCallback).login();
                if (getAuditManager() != null && getAuditManager().isAuditOn()) {
                    getAuditManager().authentication(user, realm, true);
                }
                LOG.log(Level.FINE, "Password login succeeded for {0}", user);
                setSecurityContext(user, subject, realm);
                LOG.log(Level.FINE, "Set security context as user {0}", user);
            } catch (Exception e) {
                LOG.log(Level.FINEST, "doPasswordLogin fails", (Throwable) e);
                if (getAuditManager() != null && getAuditManager().isAuditOn()) {
                    getAuditManager().authentication(user, realm, false);
                }
                if (!(e instanceof com.sun.enterprise.security.auth.login.common.LoginException)) {
                    throw new com.sun.enterprise.security.auth.login.common.LoginException("Login failed: " + e.getMessage(), e);
                }
                throw ((com.sun.enterprise.security.auth.login.common.LoginException) e);
            }
        } catch (Exception e2) {
            if (!(e2 instanceof com.sun.enterprise.security.auth.login.common.LoginException)) {
                throw new com.sun.enterprise.security.auth.login.common.LoginException("Failed obtaining the JAAS Context", e2);
            }
            throw ((com.sun.enterprise.security.auth.login.common.LoginException) e2);
        }
    }

    public static void jmacLogin(Subject subject, Principal principal, String str) throws com.sun.enterprise.security.auth.login.common.LoginException {
        if ("certificate".equals(str)) {
            if (principal instanceof X500Principal) {
                jmacLogin(subject, (X500Principal) principal);
            }
        } else {
            if (principal.equals(SecurityContext.getDefaultCallerPrincipal())) {
                return;
            }
            jmacLogin(subject, principal.getName(), str);
        }
    }

    public static Subject jmacLogin(Subject subject, String str, char[] cArr, String str2) throws com.sun.enterprise.security.auth.login.common.LoginException {
        if (str2 == null || !Realm.isValidRealm(str2)) {
            str2 = Realm.getDefaultRealm();
        }
        if (subject == null) {
            subject = new Subject();
        }
        final Subject subject2 = subject;
        final PasswordCredential passwordCredential = new PasswordCredential(str, cArr, str2);
        AppservAccessController.doPrivileged(new PrivilegedAction() { // from class: com.sun.enterprise.security.auth.login.LoginContextDriver.3
            @Override // java.security.PrivilegedAction
            public Object run() {
                subject2.getPrivateCredentials().add(passwordCredential);
                return subject2;
            }
        });
        try {
            String jAASContext = Realm.getInstance(str2).getJAASContext();
            LOG.log(Level.FINE, "JMAC login user {0} into realm {1} using JAAS module {2}", new Object[]{str, str2, jAASContext});
            try {
                new LoginContext(jAASContext, subject2, dummyCallback).login();
                if (getAuditManager().isAuditOn()) {
                    getAuditManager().authentication(str, str2, true);
                }
                LOG.log(Level.FINE, "jmac Password login succeeded for {0}", str);
                return subject;
            } catch (Exception e) {
                LOG.log(Level.INFO, SecurityLoggerInfo.auditAtnRefusedError, str);
                if (getAuditManager().isAuditOn()) {
                    getAuditManager().authentication(str, str2, false);
                }
                if (e instanceof com.sun.enterprise.security.auth.login.common.LoginException) {
                    throw ((com.sun.enterprise.security.auth.login.common.LoginException) e);
                }
                throw new com.sun.enterprise.security.auth.login.common.LoginException("Login failed: " + e.getMessage(), e);
            }
        } catch (Exception e2) {
            if (e2 instanceof com.sun.enterprise.security.auth.login.common.LoginException) {
                throw ((com.sun.enterprise.security.auth.login.common.LoginException) e2);
            }
            throw new com.sun.enterprise.security.auth.login.common.LoginException("Failed obtaining the JAAS Context", e2);
        }
    }

    public static Subject jmacLogin(Subject subject, final X500Principal x500Principal) throws com.sun.enterprise.security.auth.login.common.LoginException {
        if (subject == null) {
            subject = new Subject();
        }
        final Subject subject2 = subject;
        String str = "";
        try {
            str = x500Principal.getName();
            AppservAccessController.doPrivileged(new PrivilegedAction() { // from class: com.sun.enterprise.security.auth.login.LoginContextDriver.4
                @Override // java.security.PrivilegedAction
                public Object run() {
                    subject2.getPublicCredentials().add(x500Principal);
                    return subject2;
                }
            });
            CertificateRealm certificateRealm = (CertificateRealm) Realm.getInstance("certificate");
            String jAASContext = certificateRealm.getJAASContext();
            if (jAASContext != null) {
                new LoginContext(jAASContext, subject2, dummyCallback).login();
            }
            certificateRealm.authenticate(subject2, x500Principal);
            LOG.log(Level.FINE, "JMAC cert login succeeded for {0}", str);
            if (getAuditManager().isAuditOn()) {
                getAuditManager().authentication(str, "certificate", true);
            }
            return subject;
        } catch (Exception e) {
            LOG.log(Level.INFO, SecurityLoggerInfo.auditAtnRefusedError, str);
            if (getAuditManager().isAuditOn()) {
                getAuditManager().authentication(str, "certificate", false);
            }
            if (e instanceof com.sun.enterprise.security.auth.login.common.LoginException) {
                throw ((com.sun.enterprise.security.auth.login.common.LoginException) e);
            }
            throw new com.sun.enterprise.security.auth.login.common.LoginException("Authentication failed.", e);
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:24:0x001c, code lost:
    
        if ("".equals(r7) != false) goto L10;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static javax.security.auth.Subject jmacLogin(javax.security.auth.Subject r5, java.lang.String r6, java.lang.String r7) throws com.sun.enterprise.security.auth.login.common.LoginException {
        /*
            r0 = r5
            if (r0 != 0) goto Lc
            javax.security.auth.Subject r0 = new javax.security.auth.Subject
            r1 = r0
            r1.<init>()
            r5 = r0
        Lc:
            r0 = r5
            r8 = r0
            r0 = r6
            r9 = r0
            r0 = r7
            if (r0 == 0) goto L1f
            java.lang.String r0 = ""
            r1 = r7
            boolean r0 = r0.equals(r1)     // Catch: java.lang.Exception -> L52
            if (r0 == 0) goto L23
        L1f:
            java.lang.String r0 = com.sun.enterprise.security.auth.realm.Realm.getDefaultRealm()     // Catch: java.lang.Exception -> L52
            r7 = r0
        L23:
            r0 = r7
            com.sun.enterprise.security.auth.realm.Realm r0 = com.sun.enterprise.security.auth.realm.Realm.getInstance(r0)     // Catch: java.lang.Exception -> L52
            r10 = r0
            r0 = r10
            r1 = r9
            java.util.Enumeration r0 = r0.getGroupNames(r1)     // Catch: java.lang.Exception -> L52
            r11 = r0
            r0 = r11
            if (r0 == 0) goto L4f
            r0 = r11
            boolean r0 = r0.hasMoreElements()     // Catch: java.lang.Exception -> L52
            if (r0 == 0) goto L4f
            com.sun.enterprise.security.auth.login.LoginContextDriver$5 r0 = new com.sun.enterprise.security.auth.login.LoginContextDriver$5     // Catch: java.lang.Exception -> L52
            r1 = r0
            r2 = r11
            r3 = r8
            r1.<init>()     // Catch: java.lang.Exception -> L52
            java.lang.Object r0 = com.sun.enterprise.security.common.AppservAccessController.doPrivileged(r0)     // Catch: java.lang.Exception -> L52
        L4f:
            goto L71
        L52:
            r10 = move-exception
            java.util.logging.Logger r0 = com.sun.enterprise.security.auth.login.LoginContextDriver.LOG
            java.util.logging.Level r1 = java.util.logging.Level.FINE
            boolean r0 = r0.isLoggable(r1)
            if (r0 == 0) goto L71
            java.util.logging.Logger r0 = com.sun.enterprise.security.auth.login.LoginContextDriver.LOG
            java.util.logging.Level r1 = java.util.logging.Level.FINE
            r2 = r6
            java.lang.String r2 = "Exception when trying to populate groups for CallerPrincipal " + r2
            r3 = r10
            r0.log(r1, r2, r3)
        L71:
            r0 = r5
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: com.sun.enterprise.security.auth.login.LoginContextDriver.jmacLogin(javax.security.auth.Subject, java.lang.String, java.lang.String):javax.security.auth.Subject");
    }

    private static void doCertificateLogin(Subject subject) throws com.sun.enterprise.security.auth.login.common.LoginException {
        LOG.log(Level.FINE, "Processing X509 certificate login.");
        String str = null;
        try {
            str = ((X509CertificateCredential) getPublicCredentials(subject, X509CertificateCredential.class)).getAlias();
            LOG.log(Level.FINE, "Set security context as user {0}", str);
            setSecurityContext(str, subject, "certificate");
            if (getAuditManager().isAuditOn()) {
                getAuditManager().authentication(str, "certificate", true);
            }
        } catch (com.sun.enterprise.security.auth.login.common.LoginException e) {
            if (getAuditManager().isAuditOn()) {
                getAuditManager().authentication(str, "certificate", false);
            }
            throw e;
        }
    }

    private static void doAnonLogin() throws com.sun.enterprise.security.auth.login.common.LoginException {
        SecurityContext.setUnauthenticatedContext();
        LOG.log(Level.FINE, "Set anonymous security context.");
    }

    private static void doGSSUPLogin(Subject subject) throws com.sun.enterprise.security.auth.login.common.LoginException {
        LOG.fine("Processing GSSUP login.");
        String str = null;
        String defaultRealm = Realm.getDefaultRealm();
        try {
            str = ((GSSUPName) getPublicCredentials(subject, GSSUPName.class)).getUser();
            setSecurityContext(str, subject, defaultRealm);
            if (getAuditManager().isAuditOn()) {
                getAuditManager().authentication(str, defaultRealm, true);
            }
            LOG.log(Level.FINE, "GSSUP login succeeded for {0}", str);
        } catch (com.sun.enterprise.security.auth.login.common.LoginException e) {
            if (getAuditManager().isAuditOn()) {
                getAuditManager().authentication(str, defaultRealm, false);
            }
            throw e;
        }
    }

    public static void doX500Login(Subject subject, String str) throws com.sun.enterprise.security.auth.login.common.LoginException {
        LOG.log(Level.FINE, "Processing X.500 name login for appModuleID={0}.", str);
        String str2 = null;
        String str3 = null;
        try {
            X500Principal x500Principal = (X500Principal) getPublicCredentials(subject, X500Principal.class);
            str2 = x500Principal.getName();
            Realm realm = Realm.getInstance("certificate");
            if (realm instanceof CertificateRealm) {
                CertificateRealm certificateRealm = (CertificateRealm) realm;
                String jAASContext = certificateRealm.getJAASContext();
                if (jAASContext != null) {
                    new LoginContext(jAASContext, subject, new ServerLoginCallbackHandler(str2, null, str)).login();
                }
                certificateRealm.authenticate(subject, x500Principal);
                str3 = "certificate";
                if (getAuditManager().isAuditOn()) {
                    getAuditManager().authentication(str2, str3, true);
                }
            } else {
                LOG.warning(SecurityLoggerInfo.certLoginBadRealmError);
                str3 = realm.getName();
                setSecurityContext(str2, subject, str3);
            }
            LOG.log(Level.FINE, "X.500 name login succeeded for: {0}", str2);
        } catch (com.sun.enterprise.security.auth.login.common.LoginException e) {
            if (getAuditManager().isAuditOn()) {
                getAuditManager().authentication(str2, str3, false);
            }
            throw e;
        } catch (Exception e2) {
            throw new com.sun.enterprise.security.auth.login.common.LoginException("Login failed", e2);
        }
    }

    private static Object getPublicCredentials(Subject subject, Class<?> cls) throws com.sun.enterprise.security.auth.login.common.LoginException {
        final Iterator it = subject.getPublicCredentials(cls).iterator();
        if (!it.hasNext()) {
            throw new com.sun.enterprise.security.auth.login.common.LoginException("Expected public credential of type: " + String.valueOf(cls) + " but none found.");
        }
        try {
            return AppservAccessController.doPrivileged(new PrivilegedAction() { // from class: com.sun.enterprise.security.auth.login.LoginContextDriver.6
                @Override // java.security.PrivilegedAction
                public Object run() {
                    return it.next();
                }
            });
        } catch (Exception e) {
            if (e instanceof com.sun.enterprise.security.auth.login.common.LoginException) {
                throw ((com.sun.enterprise.security.auth.login.common.LoginException) e);
            }
            throw new com.sun.enterprise.security.auth.login.common.LoginException("Failed to retrieve public credential: " + e.getMessage(), e);
        }
    }

    private static Object getPrivateCredentials(final Subject subject, final Class<?> cls) throws com.sun.enterprise.security.auth.login.common.LoginException {
        final Iterator it = ((Set) AppservAccessController.doPrivileged(new PrivilegedAction() { // from class: com.sun.enterprise.security.auth.login.LoginContextDriver.7
            @Override // java.security.PrivilegedAction
            public Object run() {
                return subject.getPrivateCredentials(cls);
            }
        })).iterator();
        if (!it.hasNext()) {
            throw new com.sun.enterprise.security.auth.login.common.LoginException("Expected private credential of type: " + String.valueOf(cls) + " but none found.");
        }
        try {
            return AppservAccessController.doPrivileged(new PrivilegedAction() { // from class: com.sun.enterprise.security.auth.login.LoginContextDriver.8
                @Override // java.security.PrivilegedAction
                public Object run() {
                    return it.next();
                }
            });
        } catch (Exception e) {
            if (e instanceof com.sun.enterprise.security.auth.login.common.LoginException) {
                throw ((com.sun.enterprise.security.auth.login.common.LoginException) e);
            }
            throw new com.sun.enterprise.security.auth.login.common.LoginException("Failed to retrieve private credential: " + e.getMessage(), e);
        }
    }

    private static void setSecurityContext(String str, Subject subject, String str2) {
        SecurityContext.setCurrent(new SecurityContext(str, subject, str2));
    }

    private static void unsetSecurityContext() {
        SecurityContext.setCurrent((SecurityContext) null);
    }

    public static Subject doClientLogin(int i, final CallbackHandler callbackHandler) throws com.sun.enterprise.security.auth.login.common.LoginException {
        final Subject subject = new Subject();
        if (i == 1) {
            AppservAccessController.doPrivileged(new PrivilegedAction() { // from class: com.sun.enterprise.security.auth.login.LoginContextDriver.9
                @Override // java.security.PrivilegedAction
                public Object run() {
                    try {
                        new LoginContext("default", subject, callbackHandler).login();
                        return null;
                    } catch (LoginException e) {
                        throw new com.sun.enterprise.security.auth.login.common.LoginException(e.getMessage(), e);
                    }
                }
            });
            postClientAuth(subject, PasswordCredential.class);
            return subject;
        }
        if (i == 2) {
            AppservAccessController.doPrivileged(new PrivilegedAction() { // from class: com.sun.enterprise.security.auth.login.LoginContextDriver.10
                @Override // java.security.PrivilegedAction
                public Object run() {
                    try {
                        new LoginContext("certificate", subject, callbackHandler).login();
                        return null;
                    } catch (LoginException e) {
                        throw new com.sun.enterprise.security.auth.login.common.LoginException(e.getMessage(), e);
                    }
                }
            });
            postClientAuth(subject, X509CertificateCredential.class);
            return subject;
        }
        if (i == 3) {
            AppservAccessController.doPrivileged(new PrivilegedAction() { // from class: com.sun.enterprise.security.auth.login.LoginContextDriver.11
                @Override // java.security.PrivilegedAction
                public Object run() {
                    try {
                        LoginContext loginContext = new LoginContext("default", subject, callbackHandler);
                        LoginContext loginContext2 = new LoginContext("certificate", subject, callbackHandler);
                        loginContext.login();
                        LoginContextDriver.postClientAuth(subject, PasswordCredential.class);
                        loginContext2.login();
                        LoginContextDriver.postClientAuth(subject, X509CertificateCredential.class);
                        return null;
                    } catch (LoginException e) {
                        throw new com.sun.enterprise.security.auth.login.common.LoginException(e.getMessage(), e);
                    }
                }
            });
            return subject;
        }
        AppservAccessController.doPrivileged(new PrivilegedAction() { // from class: com.sun.enterprise.security.auth.login.LoginContextDriver.12
            @Override // java.security.PrivilegedAction
            public Object run() {
                try {
                    new LoginContext("default", subject, callbackHandler).login();
                    LoginContextDriver.postClientAuth(subject, PasswordCredential.class);
                    return null;
                } catch (LoginException e) {
                    throw new com.sun.enterprise.security.auth.login.common.LoginException(e.getMessage(), e);
                }
            }
        });
        return subject;
    }

    public static void doClientLogout() throws com.sun.enterprise.security.auth.login.common.LoginException {
        unsetClientSecurityContext();
    }

    public static void login(DigestCredentials digestCredentials) {
        Subject subject = new Subject();
        subject.getPrivateCredentials().add(digestCredentials);
        try {
            try {
                new LoginContext(Realm.getInstance(digestCredentials.getRealmName()).getJAASContext(), subject, dummyCallback).login();
                setSecurityContext(digestCredentials.getUserName(), subject, digestCredentials.getRealmName());
            } catch (Exception e) {
                LOG.log(Level.INFO, SecurityLoggerInfo.auditAtnRefusedError, digestCredentials.getUserName());
                LOG.log(Level.FINEST, "doPasswordLogin failed", (Throwable) e);
                if (getAuditManager().isAuditOn()) {
                    getAuditManager().authentication(digestCredentials.getUserName(), digestCredentials.getRealmName(), false);
                }
                if (!(e instanceof com.sun.enterprise.security.auth.login.common.LoginException)) {
                    throw new com.sun.enterprise.security.auth.login.common.LoginException("Login failed: " + e.getMessage(), e);
                }
                throw ((com.sun.enterprise.security.auth.login.common.LoginException) e);
            }
        } catch (Exception e2) {
            if (!(e2 instanceof com.sun.enterprise.security.auth.login.common.LoginException)) {
                throw new com.sun.enterprise.security.auth.login.common.LoginException("Failed obtaining the JAAS context.", e2);
            }
            throw ((com.sun.enterprise.security.auth.login.common.LoginException) e2);
        }
    }

    private static void postClientAuth(Subject subject, Class<?> cls) {
        Object doPrivileged;
        Iterator it = ((Set) AppservAccessController.doPrivileged(() -> {
            LOG.log(Level.FINEST, "LCD post login subject: {0}", subject);
            return subject.getPrivateCredentials(cls);
        })).iterator();
        while (it.hasNext()) {
            try {
                doPrivileged = AppservAccessController.doPrivileged((PrivilegedAction<Object>) () -> {
                    return it.next();
                });
            } catch (Exception e) {
                LOG.log(Level.SEVERE, SecurityLoggerInfo.securityAccessControllerActionError, (Throwable) e);
            }
            if (doPrivileged instanceof PasswordCredential) {
                PasswordCredential passwordCredential = (PasswordCredential) doPrivileged;
                String user = passwordCredential.getUser();
                LOG.log(Level.FINEST, "In LCD user-pass login: {0}, realm: {1}", new Object[]{user, passwordCredential.getRealm()});
                setClientSecurityContext(user, subject);
                return;
            }
            if (doPrivileged instanceof X509CertificateCredential) {
                X509CertificateCredential x509CertificateCredential = (X509CertificateCredential) doPrivileged;
                String alias = x509CertificateCredential.getAlias();
                LOG.log(Level.FINEST, "In LCD cert-login: {0}, realm: {1}", new Object[]{alias, x509CertificateCredential.getRealm()});
                setClientSecurityContext(alias, subject);
                return;
            }
        }
    }

    private static void setClientSecurityContext(String str, Subject subject) {
        ClientSecurityContext.setCurrent(new ClientSecurityContext(str, subject));
    }

    private static void unsetClientSecurityContext() {
        ClientSecurityContext.setCurrent(null);
    }

    static {
        $assertionsDisabled = !LoginContextDriver.class.desiredAssertionStatus();
        LOG = SecurityLoggerInfo.getLogger();
        dummyCallback = new ServerLoginCallbackHandler();
    }
}
