package org.jboss.soa.esb.services.security;

import java.io.Serializable;
import java.security.Principal;
import java.security.acl.Group;
import java.util.Collections;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.Set;
import javax.crypto.SealedObject;
import javax.security.auth.Subject;
import org.apache.log4j.Logger;
import org.jboss.internal.soa.esb.assertion.AssertArgument;
import org.jboss.internal.soa.esb.services.security.PrivateCryptoUtil;
import org.jboss.soa.esb.common.Configuration;
import org.jboss.soa.esb.helpers.Email;
import org.jboss.soa.esb.services.security.auth.AuthenticationRequest;

/* loaded from: input_file:org/jboss/soa/esb/services/security/SecurityContext.class */
public final class SecurityContext implements Serializable {
    private static final long serialVersionUID = 1;
    private static final long DEFAULT_TIMEOUT_VALUE = 30000;
    private final Subject subject;
    private final long timeout;
    private String domain;
    private long timeOfCreation;
    private static transient ThreadLocal<SealedObject> securityContextTl = new ThreadLocal<>();
    private static final Logger LOGGER = Logger.getLogger(SecurityConfig.class);
    private static final long globalConfiguredTimeout = getGlobalConfigurationTimeout();

    public SecurityContext() {
        this(new Subject());
    }

    public SecurityContext(Subject subject) {
        this(subject, globalConfiguredTimeout);
    }

    public SecurityContext(Subject subject, long j) {
        this(subject, j, null);
    }

    public SecurityContext(Subject subject, long j, String str) {
        this.timeOfCreation = System.currentTimeMillis();
        AssertArgument.isNotNull(subject, Email.SUBJECT);
        this.subject = subject;
        if (j < -1) {
            throw new IllegalArgumentException("'timeout' for SecurityContext must not be negative other then '-1' which indicates a SecurityContext that never expires.");
        }
        this.timeout = j;
        this.domain = str;
    }

    public boolean isCallerInRole(String str) {
        for (Principal principal : this.subject.getPrincipals()) {
            if (principal instanceof Group) {
                Group group = (Group) principal;
                if (group.getName().equalsIgnoreCase(org.jboss.soa.esb.services.security.principals.Group.ROLES_GROUP_NAME)) {
                    Enumeration<? extends Principal> members = group.members();
                    while (members.hasMoreElements()) {
                        if (members.nextElement().getName().equals(str)) {
                            return true;
                        }
                    }
                } else {
                    continue;
                }
            }
        }
        return false;
    }

    public boolean compareTo(AuthenticationRequest authenticationRequest) {
        if (authenticationRequest == null) {
            return false;
        }
        if (!this.subject.getPrincipals().contains(authenticationRequest.getPrincipal())) {
            return false;
        }
        Set<?> credentials = authenticationRequest.getCredentials();
        Set<Object> publicCredentials = this.subject.getPublicCredentials();
        Iterator<?> it = credentials.iterator();
        while (it.hasNext()) {
            if (publicCredentials.contains(it.next())) {
                return true;
            }
        }
        Set<Object> privateCredentials = this.subject.getPrivateCredentials();
        Iterator<?> it2 = credentials.iterator();
        while (it2.hasNext()) {
            if (privateCredentials.contains(it2.next())) {
                return true;
            }
        }
        return false;
    }

    public long getTimeOfCreation() {
        return this.timeOfCreation;
    }

    public long getTimeout() {
        return this.timeout;
    }

    public String getDomain() {
        return this.domain;
    }

    public boolean isValid() {
        if (this.timeout == -1) {
            return true;
        }
        return this.timeout != 0 && this.timeOfCreation + this.timeout > System.currentTimeMillis();
    }

    public Subject getSubject() {
        return this.subject;
    }

    public String toString() {
        return "SecurityContext [isValid " + isValid() + ", timeout :" + this.timeout + ", domain " + this.domain + ", timeOfCreation : " + this.timeOfCreation + "]";
    }

    final Set<? extends Principal> getPrincipals() {
        return Collections.unmodifiableSet(this.subject.getPrincipals());
    }

    public static SecurityContext decryptContext(SealedObject sealedObject) throws SecurityServiceException {
        if (sealedObject == null) {
            return null;
        }
        SecurityContext securityContext = null;
        Serializable unSealObject = PrivateCryptoUtil.INSTANCE.unSealObject(sealedObject);
        if (unSealObject instanceof SecurityContext) {
            securityContext = (SecurityContext) unSealObject;
        }
        return securityContext;
    }

    public static SealedObject encryptContext(SecurityContext securityContext) throws SecurityServiceException {
        return PrivateCryptoUtil.INSTANCE.sealObject(securityContext);
    }

    public static long getConfigurationTimeout() throws SecurityServiceException {
        return globalConfiguredTimeout;
    }

    public static void setSecurityContext(SealedObject sealedObject) {
        securityContextTl.set(sealedObject);
    }

    public static SealedObject getSecurityContext() {
        return securityContextTl.get();
    }

    private static long getGlobalConfigurationTimeout() {
        String securityServiceContextTimeout = Configuration.getSecurityServiceContextTimeout();
        if (securityServiceContextTimeout != null) {
            try {
                return Long.parseLong(securityServiceContextTimeout.trim());
            } catch (NumberFormatException e) {
                LOGGER.warn("The value of 'org.jboss.soa.esb.services.security.contextTimeout' is invalid, using default value");
                return DEFAULT_TIMEOUT_VALUE;
            }
        }
        if (!LOGGER.isDebugEnabled()) {
            return DEFAULT_TIMEOUT_VALUE;
        }
        LOGGER.debug("No timeout was configured for the security context, using the default value. Please set the value of 'org.jboss.soa.esb.services.security.contextTimeout' to the timeout you desire");
        return DEFAULT_TIMEOUT_VALUE;
    }
}
