package com.evasion.sam;

import com.evasion.sam.ejb.JNDIClient;
import com.evasion.sam.ejb.JaasEjb;
import com.evasion.sam.jaas.EvasionPrincipal;
import java.io.IOException;
import java.security.Principal;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.security.auth.message.AuthException;
import javax.security.auth.message.AuthStatus;
import javax.security.auth.message.MessageInfo;
import javax.security.auth.message.MessagePolicy;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

/* loaded from: input_file:com/evasion/sam/SAM.class */
public class SAM extends ServletAuthModule {
    private static final Logger LOGGER = Logger.getLogger(SAM.class.getName());
    private static final String PARAM_EJB_JNDI = "EJB-jndi";
    private static final String PARAM_PROVIDER_URL = "provider-url";
    private String lcName = null;
    private JaasEjb loginEJB = null;
    private LoginContext lc = null;
    private MyCBH cbh = null;

    @Override // com.evasion.sam.ServletAuthModule
    public void initialize(MessagePolicy messagePolicy, MessagePolicy messagePolicy2, CallbackHandler callbackHandler, Map map) throws AuthException {
        LOGGER.finer("Init SAM");
        super.initialize(messagePolicy, messagePolicy2, callbackHandler, map);
        String str = (String) map.get(PARAM_EJB_JNDI);
        String str2 = (String) map.get(PARAM_PROVIDER_URL);
        LOGGER.finer("SAM mandatory : " + messagePolicy.isMandatory());
        if (this.options != null) {
            this.lcName = (String) map.get("javax.security.auth.login.LoginContext");
            LOGGER.fine("Login Context Name:" + this.lcName);
        }
        try {
            getLc();
            this.loginEJB = (JaasEjb) new JNDIClient(str2).lookup(str);
        } catch (LoginException e) {
            LOGGER.severe("Exception d'init SAM" + e.toString());
            AuthException authException = new AuthException();
            authException.initCause(e);
            throw authException;
        }
    }

    public AuthStatus validateRequest(MessageInfo messageInfo, Subject subject, Subject subject2) throws AuthException {
        AuthStatus authStatus;
        AuthStatus authStatus2 = AuthStatus.FAILURE;
        HttpServletRequest httpServletRequest = (HttpServletRequest) messageInfo.getRequestMessage();
        HttpServletResponse httpServletResponse = (HttpServletResponse) messageInfo.getResponseMessage();
        String stringBuffer = httpServletRequest.getRequestURL().toString();
        String str = httpServletRequest.getContextPath() + "/login.xhtml";
        try {
            debugRequest(httpServletRequest);
            HttpSession session = httpServletRequest.getSession(false);
            debugSession(session);
            LOGGER.fine("Client Subject UserPrincipal " + subject.getPrincipals(EvasionPrincipal.class));
            if (stringBuffer.endsWith(Constants.PATH_SECURITY_CHECK)) {
                this.cbh.setRequest(httpServletRequest);
                this.lc.login();
                LOGGER.fine("Traitement du formulaire d'authentification");
                savePrincipals(httpServletRequest, this.lc.getSubject());
                saveTokenId(httpServletRequest, "success");
                String savedRequestURL = getSavedRequestURL(session);
                if (savedRequestURL == null) {
                    savedRequestURL = httpServletResponse.encodeRedirectURL(httpServletRequest.getContextPath() + "/");
                }
                redirect(savedRequestURL, httpServletResponse);
                authStatus = AuthStatus.SEND_SUCCESS;
            } else if (stringBuffer.endsWith(Constants.PATH_SECURITY_LOGOUT)) {
                LOGGER.fine("Traitement d'une demande de deconnexion");
                String encodeRedirectURL = httpServletResponse.encodeRedirectURL(httpServletRequest.getContextPath() + "/");
                if (session != null) {
                    session.invalidate();
                }
                redirect(encodeRedirectURL, httpServletResponse);
                authStatus = AuthStatus.SEND_SUCCESS;
            } else {
                String token = getToken(httpServletRequest);
                LOGGER.fine("Token map: " + token);
                if (this.isMandatory) {
                    clearSavedRequestURLs(httpServletRequest);
                    if (token == null || token.isEmpty()) {
                        LOGGER.fine("redirection vers la page de login");
                        saveLoginBackToURL(httpServletRequest, session);
                        redirect(str, httpServletResponse);
                        AuthStatus authStatus3 = AuthStatus.SEND_CONTINUE;
                    }
                }
                if (restorePrincipals(httpServletRequest, subject)) {
                    LOGGER.fine("acces page avec authentification");
                    Principal callerPrincipal = setCallerPrincipal(subject);
                    messageInfo.getMap().put("com.sun.web.RealmAdapter.register", true);
                    messageInfo.getMap().put("javax.servlet.http.authType", "EvasionSAM");
                    this.loginEJB.postLogin(callerPrincipal.getName());
                }
                authStatus = AuthStatus.SUCCESS;
            }
            if (authStatus == AuthStatus.SEND_FAILURE) {
                httpServletRequest.getSession().setAttribute("EVASION_AUTH", false);
                httpServletResponse.setStatus(403);
            }
        } catch (LoginException e) {
            LOGGER.severe("Login Exception!!! : " + e.getMessage());
            httpServletRequest.getSession().setAttribute(Constants.EVASION_LAST_EXCEPTION_KEY, Constants.BAD_CREDENTIAL_EXCEPTION);
            redirect(str, httpServletResponse);
            authStatus = AuthStatus.SEND_CONTINUE;
        } catch (Exception e2) {
            LOGGER.log(Level.SEVERE, "ERROR SAM!!!", (Throwable) e2);
            try {
                httpServletResponse.sendError(500);
            } catch (IOException e3) {
                Logger.getLogger(SAM.class.getName()).log(Level.SEVERE, (String) null, (Throwable) e3);
            }
            authStatus = AuthStatus.SEND_FAILURE;
        }
        LOGGER.finer("ValidateRequest result: " + authStatus);
        return authStatus;
    }

    void redirect(String str, HttpServletResponse httpServletResponse) throws AuthException {
        try {
            LOGGER.finer("redirecting_to " + str);
            httpServletResponse.setHeader("Location", str);
            httpServletResponse.setStatus(307);
        } catch (Exception e) {
            LOGGER.warning("error_redirecting_to " + str);
            AuthException authException = new AuthException();
            authException.initCause(e);
            throw authException;
        }
    }

    @Override // com.evasion.sam.ServletAuthModule
    public void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthException {
        super.cleanSubject(messageInfo, subject);
        try {
            this.lc.logout();
        } catch (LoginException e) {
            AuthException authException = new AuthException();
            authException.initCause(e);
            throw authException;
        }
    }

    private LoginContext getLc() throws LoginException {
        if (this.lc == null) {
            this.cbh = new MyCBH();
            this.lc = new LoginContext(this.lcName != null ? this.lcName : getClass().getName(), this.cbh);
        }
        return this.lc;
    }
}
