package org.glassfish.soteria.mechanisms.jaspic;

import com.sun.enterprise.security.jmac.config.GFServerConfigProvider;
import java.io.IOException;
import java.security.AccessController;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.message.AuthStatus;
import javax.security.auth.message.MessageInfo;
import javax.security.auth.message.callback.CallerPrincipalCallback;
import javax.security.auth.message.callback.GroupPrincipalCallback;
import javax.security.auth.message.config.AuthConfigFactory;
import javax.security.auth.message.module.ServerAuthModule;
import javax.security.enterprise.AuthenticationStatus;
import javax.security.enterprise.authentication.mechanism.http.AuthenticationParameters;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.persistence.internal.helper.Helper;
import org.glassfish.soteria.Utils;

/* loaded from: input_file:MICRO-INF/runtime/javax.security.enterprise.jar:org/glassfish/soteria/mechanisms/jaspic/Jaspic.class */
public final class Jaspic {
    public static final String IS_AUTHENTICATION = "org.glassfish.soteria.security.message.request.authentication";
    public static final String IS_AUTHENTICATION_FROM_FILTER = "org.glassfish.soteria.security.message.request.authenticationFromFilter";
    public static final String IS_SECURE_RESPONSE = "org.glassfish.soteria.security.message.request.secureResponse";
    public static final String IS_REFRESH = "org.glassfish.soteria.security.message.request.isRefresh";
    public static final String DID_AUTHENTICATION = "org.glassfish.soteria.security.message.request.didAuthentication";
    public static final String AUTH_PARAMS = "org.glassfish.soteria.security.message.request.authParams";
    public static final String LOGGEDIN_USERNAME = "org.glassfish.soteria.security.message.loggedin.username";
    public static final String LOGGEDIN_ROLES = "org.glassfish.soteria.security.message.loggedin.roles";
    public static final String LAST_AUTH_STATUS = "org.glassfish.soteria.security.message.authStatus";
    public static final String CONTEXT_REGISTRATION_ID = "org.glassfish.soteria.security.message.registrationId";
    private static final String IS_MANDATORY = "javax.security.auth.message.MessagePolicy.isMandatory";
    private static final String REGISTER_SESSION = "javax.servlet.http.registerSession";

    private Jaspic() {
    }

    public static boolean authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationParameters authenticationParameters) {
        try {
            try {
                httpServletRequest.setAttribute(IS_AUTHENTICATION, true);
                if (authenticationParameters != null) {
                    httpServletRequest.setAttribute(AUTH_PARAMS, authenticationParameters);
                }
                boolean authenticate = httpServletRequest.authenticate(httpServletResponse);
                httpServletRequest.removeAttribute(IS_AUTHENTICATION);
                if (authenticationParameters != null) {
                    httpServletRequest.removeAttribute(AUTH_PARAMS);
                }
                return authenticate;
            } catch (IOException | ServletException e) {
                throw new IllegalArgumentException(e);
            }
        } catch (Throwable th) {
            httpServletRequest.removeAttribute(IS_AUTHENTICATION);
            if (authenticationParameters != null) {
                httpServletRequest.removeAttribute(AUTH_PARAMS);
            }
            throw th;
        }
    }

    public static AuthenticationParameters getAuthParameters(HttpServletRequest httpServletRequest) {
        AuthenticationParameters authenticationParameters = (AuthenticationParameters) httpServletRequest.getAttribute(AUTH_PARAMS);
        if (authenticationParameters == null) {
            authenticationParameters = new AuthenticationParameters();
        }
        return authenticationParameters;
    }

    public static void logout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            httpServletRequest.logout();
            httpServletRequest.getSession().invalidate();
        } catch (ServletException e) {
            throw new IllegalArgumentException(e);
        }
    }

    public static void cleanSubject(final Subject subject) {
        if (subject != null) {
            AccessController.doPrivileged(new PrivilegedAction<Void>() { // from class: org.glassfish.soteria.mechanisms.jaspic.Jaspic.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public Void run() {
                    subject.getPrincipals().clear();
                    return null;
                }
            });
        }
    }

    public static boolean isRegisterSession(MessageInfo messageInfo) {
        return Boolean.valueOf((String) messageInfo.getMap().get("javax.servlet.http.registerSession")).booleanValue();
    }

    public static boolean isProtectedResource(MessageInfo messageInfo) {
        return Boolean.valueOf((String) messageInfo.getMap().get("javax.security.auth.message.MessagePolicy.isMandatory")).booleanValue();
    }

    public static void setRegisterSession(MessageInfo messageInfo, String str, Set<String> set) {
        messageInfo.getMap().put("javax.servlet.http.registerSession", Boolean.TRUE.toString());
        HttpServletRequest httpServletRequest = (HttpServletRequest) messageInfo.getRequestMessage();
        httpServletRequest.setAttribute(LOGGEDIN_USERNAME, str);
        httpServletRequest.setAttribute(LOGGEDIN_ROLES, set);
    }

    public static boolean isAuthenticationRequest(HttpServletRequest httpServletRequest) {
        return Boolean.TRUE.equals(httpServletRequest.getAttribute(IS_AUTHENTICATION));
    }

    public static void notifyContainerAboutLogin(Subject subject, CallbackHandler callbackHandler, Principal principal, Set<String> set) {
        handleCallbacks(subject, callbackHandler, new CallerPrincipalCallback(subject, principal), set);
    }

    public static void notifyContainerAboutLogin(Subject subject, CallbackHandler callbackHandler, String str, Set<String> set) {
        handleCallbacks(subject, callbackHandler, new CallerPrincipalCallback(subject, str), set);
    }

    private static void handleCallbacks(Subject subject, CallbackHandler callbackHandler, CallerPrincipalCallback callerPrincipalCallback, Set<String> set) {
        if (subject == null) {
            throw new IllegalArgumentException("Null clientSubject!");
        }
        if (callbackHandler == null) {
            throw new IllegalArgumentException("Null callback handler!");
        }
        if (set != null) {
            try {
                if (!Utils.isEmpty(set) && (callerPrincipalCallback.getPrincipal() != null || callerPrincipalCallback.getName() != null)) {
                    callbackHandler.handle(new Callback[]{callerPrincipalCallback, new GroupPrincipalCallback(subject, (String[]) set.toArray(new String[set.size()]))});
                }
            } catch (IOException | UnsupportedCallbackException e) {
                throw new IllegalStateException(e);
            }
        }
        callbackHandler.handle(new Callback[]{callerPrincipalCallback});
    }

    public static void setLastAuthenticationStatus(HttpServletRequest httpServletRequest, AuthenticationStatus authenticationStatus) {
        httpServletRequest.setAttribute(LAST_AUTH_STATUS, authenticationStatus);
    }

    public static AuthenticationStatus getLastAuthenticationStatus(HttpServletRequest httpServletRequest) {
        return (AuthenticationStatus) httpServletRequest.getAttribute(LAST_AUTH_STATUS);
    }

    public static AuthStatus fromAuthenticationStatus(AuthenticationStatus authenticationStatus) {
        switch (authenticationStatus) {
            case NOT_DONE:
            case SUCCESS:
                return AuthStatus.SUCCESS;
            case SEND_FAILURE:
                return AuthStatus.SEND_FAILURE;
            case SEND_CONTINUE:
                return AuthStatus.SEND_CONTINUE;
            default:
                throw new IllegalStateException("Unhandled status:" + authenticationStatus.name());
        }
    }

    public static void setDidAuthentication(HttpServletRequest httpServletRequest) {
        httpServletRequest.setAttribute(DID_AUTHENTICATION, Boolean.TRUE);
    }

    public static String getAppContextID(ServletContext servletContext) {
        return servletContext.getVirtualServerName() + Helper.SPACE + servletContext.getContextPath();
    }

    public static String registerServerAuthModule(final ServerAuthModule serverAuthModule, final ServletContext servletContext) {
        String str = (String) AccessController.doPrivileged(new PrivilegedAction<String>() { // from class: org.glassfish.soteria.mechanisms.jaspic.Jaspic.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public String run() {
                return AuthConfigFactory.getFactory().registerConfigProvider(new DefaultAuthConfigProvider(ServerAuthModule.this), GFServerConfigProvider.HTTPSERVLET, Jaspic.getAppContextID(servletContext), "Default single SAM authentication config provider");
            }
        });
        servletContext.setAttribute(CONTEXT_REGISTRATION_ID, str);
        return str;
    }

    public static void deregisterServerAuthModule(ServletContext servletContext) {
        final String str = (String) servletContext.getAttribute(CONTEXT_REGISTRATION_ID);
        if (Utils.isEmpty(str)) {
            return;
        }
        AccessController.doPrivileged(new PrivilegedAction<Boolean>() { // from class: org.glassfish.soteria.mechanisms.jaspic.Jaspic.3
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Boolean run() {
                return Boolean.valueOf(AuthConfigFactory.getFactory().removeRegistration(str));
            }
        });
    }
}
