package com.tangosol.coherence.component.net.security;

import com.tangosol.coherence.Component;
import com.tangosol.coherence.component.Util;
import com.tangosol.coherence.component.net.Cluster;
import com.tangosol.coherence.component.net.Member;
import com.tangosol.coherence.component.net.Security;
import com.tangosol.coherence.component.util.SafeCluster;
import com.tangosol.coherence.component.util.daemon.queueProcessor.service.Grid;
import com.tangosol.internal.net.security.DefaultStandardDependencies;
import com.tangosol.internal.net.security.StandardDependencies;
import com.tangosol.net.Cluster;
import com.tangosol.net.ClusterPermission;
import com.tangosol.net.Service;
import com.tangosol.net.cache.LocalCache;
import com.tangosol.net.security.PermissionInfo;
import com.tangosol.net.security.SecurityHelper;
import com.tangosol.util.Base;
import com.tangosol.util.ClassHelper;
import com.tangosol.util.ListMap;
import com.tangosol.util.SafeHashMap;
import com.tangosol.util.WrapperException;
import java.security.AccessControlException;
import java.security.AccessController;
import java.security.GeneralSecurityException;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.Iterator;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginContext;

/* loaded from: input_file:com/tangosol/coherence/component/net/security/Standard.class */
public class Standard extends Security {
    private StandardDependencies __m_Dependencies;
    private transient Map __m_ServiceContext;
    private transient ThreadLocal __m_ThreadContext;
    private Map __m_ValidSubjects;
    private static ListMap __mapChildren;

    /* loaded from: input_file:com/tangosol/coherence/component/net/security/Standard$CreateLoginCtxAction.class */
    public static class CreateLoginCtxAction extends Util implements PrivilegedAction {
        private StandardDependencies __m_Dependencies;
        private CallbackHandler __m_Handler;
        private Subject __m_Subject;

        public CreateLoginCtxAction() {
            this(null, null, true);
        }

        public CreateLoginCtxAction(String str, Component component, boolean z) {
            super(str, component, false);
            if (z) {
                __init();
            }
        }

        @Override // com.tangosol.coherence.Component
        public void __init() {
            __initPrivate();
            set_Constructed(true);
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // com.tangosol.coherence.component.Util, com.tangosol.coherence.Component
        public void __initPrivate() {
            super.__initPrivate();
        }

        public static Component get_Instance() {
            return new CreateLoginCtxAction();
        }

        public static Class get_CLASS() {
            try {
                return Class.forName("com.tangosol.coherence/component/net/security/Standard$CreateLoginCtxAction".replace('/', '.'));
            } catch (ClassNotFoundException e) {
                throw new NoClassDefFoundError(e.getMessage());
            }
        }

        private Component get_Module() {
            return get_Parent();
        }

        public StandardDependencies getDependencies() {
            return this.__m_Dependencies;
        }

        public CallbackHandler getHandler() {
            return this.__m_Handler;
        }

        public Subject getSubject() {
            return this.__m_Subject;
        }

        @Override // java.security.PrivilegedAction
        public Object run() {
            StandardDependencies dependencies = getDependencies();
            CallbackHandler handler = getHandler();
            Subject subject = getSubject();
            try {
                return handler == null ? subject == null ? new LoginContext(dependencies.getLoginModuleName()) : new LoginContext(dependencies.getLoginModuleName(), subject) : subject == null ? new LoginContext(dependencies.getLoginModuleName(), handler) : new LoginContext(dependencies.getLoginModuleName(), subject, handler);
            } catch (Exception e) {
                throw Base.ensureRuntimeException(e, "Failed to create LoginContext");
            }
        }

        public void setDependencies(StandardDependencies standardDependencies) {
            this.__m_Dependencies = standardDependencies;
        }

        public void setHandler(CallbackHandler callbackHandler) {
            this.__m_Handler = callbackHandler;
        }

        public void setSubject(Subject subject) {
            this.__m_Subject = subject;
        }
    }

    private static void __initStatic() {
        __mapChildren = new ListMap();
        __mapChildren.put("CheckPermissionAction", Security.CheckPermissionAction.get_CLASS());
        __mapChildren.put("ConfigAction", Security.ConfigAction.get_CLASS());
        __mapChildren.put("CreateLoginCtxAction", CreateLoginCtxAction.get_CLASS());
        __mapChildren.put("RefAction", Security.RefAction.get_CLASS());
    }

    public Standard() {
        this(null, null, true);
    }

    public Standard(String str, Component component, boolean z) {
        super(str, component, false);
        if (z) {
            __init();
        }
    }

    @Override // com.tangosol.coherence.Component
    public void __init() {
        __initPrivate();
        set_Constructed(true);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.tangosol.coherence.component.net.Security, com.tangosol.coherence.component.Net, com.tangosol.coherence.Component
    public void __initPrivate() {
        super.__initPrivate();
        try {
            this.__m_ServiceContext = new SafeHashMap();
            this.__m_ThreadContext = new ThreadLocal();
        } catch (Exception e) {
            throw new WrapperException(e);
        }
    }

    public static Component get_Instance() {
        return new Standard();
    }

    public static Class get_CLASS() {
        try {
            return Class.forName("com.tangosol.coherence/component/net/security/Standard".replace('/', '.'));
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    private Component get_Module() {
        return this;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.tangosol.coherence.component.net.Security, com.tangosol.coherence.Component
    public Map get_ChildClasses() {
        return __mapChildren;
    }

    @Override // com.tangosol.coherence.component.net.Security
    public void checkPermission(Cluster cluster, ClusterPermission clusterPermission, Subject subject) {
        String serviceName = clusterPermission.getServiceName();
        _assert(serviceName != null);
        if (subject == null) {
            subject = (Subject) getThreadContext().get();
        }
        if (subject == null) {
            subject = SecurityHelper.getCurrentSubject();
        }
        boolean z = false;
        if (subject == null) {
            subject = loginSecure(getDependencies().getCallbackHandler(), null);
        } else {
            try {
                validateSubject(serviceName, subject);
                z = true;
            } catch (SecurityException e) {
                subject = loginSecure(getDependencies().getCallbackHandler(), subject);
            }
        }
        if (subject == null) {
            throw new SecurityException("Attempt to access a protected resource was made without credentials");
        }
        if (!z) {
            validateSubject(serviceName, subject);
        }
        getDependencies().getAccessController().checkPermission(clusterPermission, subject);
        if (cluster == null || !cluster.isRunning()) {
            return;
        }
        if (cluster instanceof SafeCluster) {
            cluster = ((SafeCluster) cluster).getCluster();
        }
        Cluster.ClusterService clusterService = ((com.tangosol.coherence.component.net.Cluster) cluster).getClusterService();
        Grid service = clusterService.getService(serviceName);
        if (service == null || !service.isRunning()) {
            clusterService.getServiceContext().put(serviceName, encryptPermissionInfo(clusterPermission, subject));
        }
    }

    protected PermissionInfo encryptPermissionInfo(ClusterPermission clusterPermission, Subject subject) {
        try {
            return new PermissionInfo(clusterPermission, clusterPermission.getServiceName(), getDependencies().getAccessController().encrypt(clusterPermission, subject), subject);
        } catch (Exception e) {
            throw new SecurityException("Invalid subject credentials: " + String.valueOf(e));
        }
    }

    public StandardDependencies getDependencies() {
        return this.__m_Dependencies;
    }

    private Map getServiceContext() {
        return this.__m_ServiceContext;
    }

    private ThreadLocal getThreadContext() {
        return this.__m_ThreadContext;
    }

    private Map getValidSubjects() {
        return this.__m_ValidSubjects;
    }

    @Override // com.tangosol.coherence.component.net.Security
    public Subject impersonate(Subject subject, String str, String str2) {
        Subject subject2 = new Subject();
        Iterator<Principal> it = subject.getPrincipals().iterator();
        while (it.hasNext()) {
            Principal next = it.next();
            String name = next.getName();
            if (name.indexOf(str) >= 0) {
                try {
                    next = (Principal) ClassHelper.newInstance(next.getClass(), new Object[]{Base.replace(name, str, str2)});
                    _trace("Successfully impersonated " + String.valueOf(next) + "@" + String.valueOf(next.getClass()));
                } catch (Exception e) {
                    _trace("Cannot impersonate " + String.valueOf(next) + "@" + String.valueOf(next.getClass()));
                }
            }
            subject2.getPrincipals().add(next);
        }
        subject2.getPublicCredentials().addAll(subject.getPublicCredentials());
        subject2.getPrivateCredentials().addAll(subject.getPrivateCredentials());
        return subject2;
    }

    @Override // com.tangosol.coherence.component.net.Security
    protected Subject loginSecure(CallbackHandler callbackHandler, Subject subject) {
        CreateLoginCtxAction createLoginCtxAction = new CreateLoginCtxAction();
        createLoginCtxAction.setDependencies(getDependencies());
        createLoginCtxAction.setHandler(callbackHandler);
        createLoginCtxAction.setSubject(subject);
        LoginContext loginContext = (LoginContext) AccessController.doPrivileged(createLoginCtxAction);
        try {
            loginContext.login();
            return loginContext.getSubject();
        } catch (Exception e) {
            throw new SecurityException("Authentication failed: " + e.getMessage());
        }
    }

    protected void onDependencies(StandardDependencies standardDependencies) {
        processDependencies(standardDependencies);
    }

    @Override // com.tangosol.coherence.Component
    public void onInit() {
        setValidSubjects(new LocalCache(Integer.MAX_VALUE, 300000));
        super.onInit();
    }

    @Override // com.tangosol.coherence.component.net.Security
    public Object processSecureRequest(Member member, Member member2, PermissionInfo permissionInfo) {
        com.tangosol.net.security.AccessController accessController = getDependencies().getAccessController();
        String serviceName = permissionInfo.getServiceName();
        Subject subject = permissionInfo.getSubject();
        try {
            Subject subject2 = (Subject) getServiceContext().get(serviceName);
            if (subject2 == null) {
                return new RuntimeException("No service context");
            }
            ClusterPermission permission = member2.equals(member) ? permissionInfo.getPermission() : (ClusterPermission) accessController.decrypt(permissionInfo.getSignedPermission(), subject, subject2);
            _trace("Remote permission request: " + String.valueOf(permission) + " by " + String.valueOf(member2), 3);
            accessController.checkPermission(permission, subject);
            try {
                return encryptPermissionInfo(permission, subject2);
            } catch (Exception e) {
                return Base.ensureRuntimeException(e, "Remote encryption failed");
            }
        } catch (Exception e2) {
            return Base.ensureRuntimeException(e2, "Remote permission check failed");
        }
    }

    @Override // com.tangosol.coherence.component.net.Security
    public void releaseSecureContext(String str) {
        getServiceContext().remove(str);
    }

    public static Object runAnonymously(Object obj) throws PrivilegedActionException {
        return Security.runAnonymously(obj);
    }

    @Override // com.tangosol.coherence.component.net.Security
    protected Object runSecure(Subject subject, Object obj) throws PrivilegedActionException {
        if (subject == null) {
            return runAnonymously(obj);
        }
        getThreadContext().set(subject);
        try {
            return obj instanceof PrivilegedAction ? Subject.doAs(subject, (PrivilegedAction) obj) : Subject.doAs(subject, (PrivilegedExceptionAction) obj);
        } finally {
            getThreadContext().set(false);
        }
    }

    public void setDependencies(StandardDependencies standardDependencies) {
        if (getDependencies() != null) {
            throw new IllegalStateException("Dependencies already set");
        }
        this.__m_Dependencies = new DefaultStandardDependencies(standardDependencies).validate();
        onDependencies(getDependencies());
    }

    private void setServiceContext(Map map) {
        this.__m_ServiceContext = map;
    }

    private void setThreadContext(ThreadLocal threadLocal) {
        this.__m_ThreadContext = threadLocal;
    }

    private void setValidSubjects(Map map) {
        this.__m_ValidSubjects = map;
    }

    protected void validateSubject(String str, Subject subject) {
        Map validSubjects = getValidSubjects();
        if (!validSubjects.containsKey(subject)) {
            com.tangosol.net.security.AccessController accessController = getDependencies().getAccessController();
            Double valueOf = Double.valueOf(Math.random());
            try {
                _assert(accessController.decrypt(accessController.encrypt(valueOf, subject), subject, null).equals(valueOf));
                validSubjects.put(subject, null);
            } catch (Exception e) {
                _trace("Failed to verify the subject: " + String.valueOf(subject) + " due to: " + e.getMessage(), 3);
                throw new SecurityException("Failed to verify the subject");
            }
        }
        Map serviceContext = getServiceContext();
        if (((Subject) serviceContext.get(str)) == null) {
            serviceContext.put(str, subject);
        }
    }

    @Override // com.tangosol.coherence.component.net.Security
    public void verifySecureResponse(Service service, PermissionInfo permissionInfo) {
        ClusterPermission clusterPermission = null;
        try {
            clusterPermission = (ClusterPermission) getDependencies().getAccessController().decrypt(permissionInfo.getSignedPermission(), permissionInfo.getSubject(), (Subject) getServiceContext().get(service.getInfo().getServiceName()));
        } catch (GeneralSecurityException e) {
            throw new AccessControlException("Security configuration mismatch or break-in attempt", clusterPermission);
        } catch (Exception e2) {
            throw Base.ensureRuntimeException(e2, "Security configuration mismatch");
        }
    }

    static {
        __initStatic();
    }
}
