package com.evasion.sam;

import com.evasion.sam.ejb.JNDIClient;
import com.evasion.sam.ejb.JaasEjb;
import com.evasion.sam.jaas.EvasionGroup;
import java.io.IOException;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.security.auth.message.AuthException;
import javax.security.auth.message.AuthStatus;
import javax.security.auth.message.MessageInfo;
import javax.security.auth.message.MessagePolicy;
import javax.security.auth.message.callback.CallerPrincipalCallback;
import javax.security.auth.message.callback.GroupPrincipalCallback;
import javax.security.auth.message.module.ServerAuthModule;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

/* loaded from: input_file:com/evasion/sam/SAM.class */
public class SAM implements ServerAuthModule {
    private static final String SAVED_SUBJECT = "Saved_Subject";
    private static final String USER_NAME = "userName";
    private static final String KEY_EVASION_SAVED_REQUEST_URL = "javax.security.evasion.SavedRequestURL";
    private CallbackHandler handler;
    private Config config = new Config();
    private String lcName = null;
    private JaasEjb loginEJB = null;
    private LoginContext lc = null;
    private MyCBH cbh = null;
    JNDIClient ejbClient = null;
    private String loginURI;
    private static final Logger LOGGER = Logger.getLogger(SAM.class.getName());
    protected static final Class[] SUPPORTED_MESSAGE_TYPES = {HttpServletRequest.class, HttpServletResponse.class};

    public void initialize(MessagePolicy messagePolicy, MessagePolicy messagePolicy2, CallbackHandler callbackHandler, Map map) throws AuthException {
        LOGGER.finer("Init SAM");
        if (map != null) {
            this.config.setJndi((String) map.get(Config.PARAM_EJB_JNDI));
            this.config.setProviderUrl((String) map.get(Config.PARAM_PROVIDER_URL));
            this.config.setDigestAlgorithm((String) map.get(Config.PARAM_DIGEST_ALGORITHM));
            LOGGER.log(Level.FINER, "SAM mandatory : {0}", Boolean.valueOf(messagePolicy.isMandatory()));
            this.loginURI = (String) map.get(Constants.LOGIN_URL);
            this.handler = callbackHandler;
            this.lcName = (String) map.get(Constants.LOGIN_CONTEXT_IMPL);
            LOGGER.log(Level.FINE, "Login Context Name:{0}", this.lcName);
        }
        try {
            getLc();
            this.ejbClient = new JNDIClient(this.config.getProviderUrl());
            this.loginEJB = (JaasEjb) this.ejbClient.lookup(this.config.getJndi());
        } catch (LoginException e) {
            LOGGER.log(Level.SEVERE, "Exception d''init SAM{0}", e.toString());
            AuthException authException = new AuthException();
            authException.initCause(e);
            throw authException;
        }
    }

    public Class[] getSupportedMessageTypes() {
        return (Class[]) SUPPORTED_MESSAGE_TYPES.clone();
    }

    public AuthStatus validateRequest(MessageInfo messageInfo, Subject subject, Subject subject2) throws AuthException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) messageInfo.getRequestMessage();
        HttpServletResponse httpServletResponse = (HttpServletResponse) messageInfo.getResponseMessage();
        LOGGER.log(Level.FINER, "ValidateRequest: {0}", httpServletRequest.getRequestURL().toString());
        HttpSession session = httpServletRequest.getSession(true);
        if (httpServletRequest.getRequestURI().contains(Constants.PATH_SECURITY_LOGOUT)) {
            LOGGER.finer("Logout request.");
            httpServletResponse.setHeader("Location", httpServletResponse.encodeRedirectURL(httpServletRequest.getContextPath() + "/"));
            httpServletResponse.setStatus(307);
            session.invalidate();
            return AuthStatus.SEND_SUCCESS;
        }
        Subject subject3 = (Subject) session.getAttribute(SAVED_SUBJECT);
        if (subject3 != null) {
            subject.getPrincipals().addAll(subject3.getPrincipals());
            subject.getPublicCredentials().addAll(subject3.getPublicCredentials());
            subject.getPrivateCredentials().addAll(subject3.getPrivateCredentials());
            return AuthStatus.SUCCESS;
        }
        if (!isMandatory(messageInfo) && !httpServletRequest.getRequestURI().contains(Constants.PATH_SECURITY_CHECK)) {
            return AuthStatus.SUCCESS;
        }
        String parameter = httpServletRequest.getParameter(Constants.USERNAME_PARAMETER);
        String parameter2 = httpServletRequest.getParameter(Constants.PASSWORD_PARAMETER);
        String parameter3 = httpServletRequest.getParameter("j_backward");
        LOGGER.log(Level.FINE, "Form param: {0} {1} {2}", new Object[]{parameter, parameter2, httpServletRequest.getMethod()});
        if (parameter == null || parameter2 == null) {
            try {
                httpServletResponse.setHeader("Location", httpServletResponse.encodeRedirectURL(httpServletRequest.getContextPath() + this.loginURI));
                httpServletResponse.setStatus(307);
                return AuthStatus.SEND_CONTINUE;
            } catch (Exception e) {
                AuthException authException = new AuthException();
                authException.initCause(e);
                throw authException;
            }
        }
        try {
            this.cbh.setRequest(httpServletRequest);
            this.lc.login();
            LOGGER.fine("Traitement du formulaire d'authentification");
            Subject subject4 = this.lc.getSubject();
            setCallerPrincipal(subject4);
            HashMap hashMap = new HashMap();
            Enumeration attributeNames = session.getAttributeNames();
            while (attributeNames.hasMoreElements()) {
                String str = (String) attributeNames.nextElement();
                hashMap.put(str, session.getAttribute(str));
            }
            session.invalidate();
            HttpSession session2 = httpServletRequest.getSession(true);
            for (Map.Entry entry : hashMap.entrySet()) {
                session2.setAttribute(((String) entry.getKey()).toString(), entry.getValue());
            }
            session2.setAttribute(SAVED_SUBJECT, subject4);
            session2.setAttribute(USER_NAME, parameter);
            try {
                if (getSavedRequestURL(session2) != null) {
                    httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(getSavedRequestURL(session2)));
                } else if (parameter3 != null) {
                    httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(parameter3));
                } else {
                    httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(httpServletRequest.getContextPath() + "/"));
                }
                saveLoginBackToURL(httpServletRequest, session2);
                return AuthStatus.SEND_CONTINUE;
            } catch (Exception e2) {
                AuthException authException2 = new AuthException();
                authException2.initCause(e2);
                throw authException2;
            }
        } catch (LoginException e3) {
            LOGGER.log(Level.SEVERE, "ERROR SAM!!!", (Throwable) e3);
            try {
                httpServletRequest.getRequestDispatcher(this.loginURI).forward(httpServletRequest, httpServletResponse);
                return AuthStatus.SEND_FAILURE;
            } catch (Exception e4) {
                AuthException authException3 = new AuthException();
                authException3.initCause(e4);
                throw authException3;
            }
        } catch (Exception e5) {
            LOGGER.log(Level.SEVERE, "ERROR SAM!!!", (Throwable) e5);
            try {
                httpServletResponse.sendError(500);
            } catch (IOException e6) {
                Logger.getLogger(SAM.class.getName()).log(Level.SEVERE, (String) null, (Throwable) e6);
            }
            return AuthStatus.SEND_FAILURE;
        }
    }

    private void setCallerPrincipal(Subject subject) throws AuthException {
        boolean z = true;
        ArrayList arrayList = new ArrayList();
        Principal principal = null;
        String[] strArr = null;
        for (Principal principal2 : subject.getPrincipals()) {
            String name = principal2.getName();
            LOGGER.log(Level.FINE, "Principal utilisé: {0}", name);
            if ((principal2 instanceof EvasionGroup) && "Roles".equals(name)) {
                Iterator it = Collections.list(((EvasionGroup) principal2).members()).iterator();
                while (it.hasNext()) {
                    Principal principal3 = (Principal) it.next();
                    arrayList.add(principal3.getName());
                    LOGGER.log(Level.FINE, "Groupe associe: {0}", principal3.getName());
                }
                strArr = (String[]) arrayList.toArray(new String[arrayList.size()]);
            } else {
                principal = principal2;
            }
        }
        Callback callerPrincipalCallback = new CallerPrincipalCallback(subject, principal);
        if (callerPrincipalCallback.getName() == null && callerPrincipalCallback.getPrincipal() == null) {
            z = false;
        }
        try {
            this.handler.handle(z ? new Callback[]{callerPrincipalCallback, new GroupPrincipalCallback(callerPrincipalCallback.getSubject(), strArr)} : new Callback[]{callerPrincipalCallback});
            LOGGER.log(Level.FINE, "jmac.caller_principal:{0} {1}", new Object[]{callerPrincipalCallback.getName(), callerPrincipalCallback.getPrincipal()});
        } catch (Exception e) {
            LOGGER.log(Level.SEVERE, "ERROR SAM!!!", (Throwable) e);
            AuthException authException = new AuthException();
            authException.initCause(e);
            throw authException;
        }
    }

    public void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) messageInfo.getRequestMessage();
        clearSavedRequestURLs(httpServletRequest);
        clearPrincipals(httpServletRequest);
        subject.getPrincipals().clear();
        subject.getPrivateCredentials().clear();
        subject.getPublicCredentials().clear();
        try {
            this.lc.logout();
        } catch (LoginException e) {
            AuthException authException = new AuthException();
            authException.initCause(e);
            throw authException;
        }
    }

    protected void clearSavedRequestURLs(HttpServletRequest httpServletRequest) {
        HttpSession session = httpServletRequest.getSession(false);
        if (session != null) {
            session.removeAttribute(KEY_EVASION_SAVED_REQUEST_URL);
        }
    }

    protected void clearPrincipals(HttpServletRequest httpServletRequest) {
        HttpSession session = httpServletRequest.getSession(false);
        if (session != null) {
            session.removeAttribute(SAVED_SUBJECT);
        }
    }

    protected boolean isMandatory(MessageInfo messageInfo) {
        return Boolean.valueOf((String) messageInfo.getMap().get("javax.security.auth.message.MessagePolicy.isMandatory")).booleanValue();
    }

    private LoginContext getLc() throws LoginException {
        if (this.lc == null) {
            this.cbh = new MyCBH();
            this.lc = new LoginContext(this.lcName != null ? this.lcName : getClass().getName(), (Subject) null, this.cbh, this.config);
        }
        return this.lc;
    }

    private void saveLoginBackToURL(HttpServletRequest httpServletRequest, HttpSession httpSession) {
        if (httpSession != null) {
            StringBuilder sb = new StringBuilder(httpServletRequest.getRequestURI());
            if (httpServletRequest.getQueryString() != null) {
                sb.append('?');
                sb.append(httpServletRequest.getQueryString());
            }
            httpSession.setAttribute(KEY_EVASION_SAVED_REQUEST_URL, sb.toString());
            LOGGER.log(Level.FINE, "Sauvegarde de la requête url={0}", sb.toString());
        }
    }

    private String getSavedRequestURL(HttpSession httpSession) {
        return (String) httpSession.getAttribute(KEY_EVASION_SAVED_REQUEST_URL);
    }

    public AuthStatus secureResponse(MessageInfo messageInfo, Subject subject) throws AuthException {
        return AuthStatus.SUCCESS;
    }
}
