package net.sf.jguard.core.authentication;

import java.security.Permission;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.login.Configuration;
import net.sf.jguard.core.authentication.callbackhandler.JGuardCallbackHandler;
import net.sf.jguard.core.authentication.credentials.JGuardCredential;
import net.sf.jguard.core.authentication.loginmodules.UserLoginModule;
import net.sf.jguard.core.authentication.schemes.AuthenticationSchemeHandler;
import net.sf.jguard.core.authentication.schemes.StatefulAuthenticationSchemeHandler;
import net.sf.jguard.core.technology.Scopes;
import net.sf.jguard.core.technology.StatefulScopes;
import net.sf.jguard.core.util.SubjectUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/sf/jguard/core/authentication/StatefulAuthenticationServicePoint.class */
public abstract class StatefulAuthenticationServicePoint<Req, Res> extends AbstractAuthenticationServicePoint<Req, Res> {
    protected StatefulScopes scopes;
    private static final Logger logger = LoggerFactory.getLogger(StatefulAuthenticationServicePoint.class.getName());
    public static final String LOGIN_CONTEXT_WRAPPER = "loginContextWrapper";

    public StatefulAuthenticationServicePoint(Configuration configuration, Configuration configuration2, Collection<AuthenticationSchemeHandler<Req, Res>> collection, String str, StatefulScopes statefulScopes, JGuardCallbackHandler jGuardCallbackHandler) {
        super(configuration, configuration2, collection, str, statefulScopes, jGuardCallbackHandler);
        this.scopes = statefulScopes;
    }

    @Override // net.sf.jguard.core.authentication.AbstractAuthenticationServicePoint
    protected void authenticationSucceed(LoginContextWrapper loginContextWrapper) {
        this.scopes.removeSessionAttribute(LOGIN_CONTEXT_WRAPPER);
        HashMap hashMap = new HashMap();
        Iterator<String> sessionAttributeNames = this.scopes.getSessionAttributeNames();
        while (sessionAttributeNames.hasNext()) {
            String next = sessionAttributeNames.next();
            hashMap.put(next, this.scopes.getSessionAttribute(next));
        }
        this.scopes.invalidateSession();
        this.scopes.setSessionAttribute(LOGIN_CONTEXT_WRAPPER, loginContextWrapper);
        for (Map.Entry entry : hashMap.entrySet()) {
            this.scopes.setSessionAttribute((String) entry.getKey(), entry.getValue());
        }
    }

    @Override // net.sf.jguard.core.authentication.AbstractAuthenticationServicePoint, net.sf.jguard.core.authentication.AuthenticationServicePoint
    public Subject getCurrentSubject() {
        Subject subjectInAccessControlContext = getSubjectInAccessControlContext();
        LoginContextWrapperImpl loginContextWrapperImpl = (LoginContextWrapperImpl) this.scopes.getSessionAttribute(LOGIN_CONTEXT_WRAPPER);
        if (loginContextWrapperImpl != null) {
            subjectInAccessControlContext = loginContextWrapperImpl.getSubject();
        }
        if (subjectInAccessControlContext == null) {
            subjectInAccessControlContext = (Subject) this.scopes.getApplicationAttribute(SubjectUtils.GUEST_SUBJECT);
        }
        return subjectInAccessControlContext;
    }

    public void logout() {
        logger.debug(" logout phase ");
        StatefulScopes statefulScopes = this.scopes;
        LoginContextWrapper loginContextWrapper = (LoginContextWrapper) statefulScopes.getSessionAttribute(LOGIN_CONTEXT_WRAPPER);
        if (loginContextWrapper != null) {
            loginContextWrapper.logout();
            logger.debug(" user logout ");
        }
        statefulScopes.removeSessionAttribute(LOGIN_CONTEXT_WRAPPER);
        logger.debug("doFilter() -  user logout ");
        try {
            statefulScopes.invalidateSession();
        } catch (IllegalStateException e) {
            logger.error(" session is already invalidated ", e);
        }
    }

    public boolean userTriesToLogout(Permission permission) {
        boolean z = false;
        AuthenticationSchemeHandler authenticationSchemeHandler = getAuthenticationSchemeHandler(getCurrentSubject(), getAuthenticationSchemeHandlers());
        if (authenticationSchemeHandler == null) {
            return false;
        }
        if (!StatefulAuthenticationSchemeHandler.class.isAssignableFrom(authenticationSchemeHandler.getClass())) {
            logger.debug(" no authenticationSchemeHandler is a StatefulAuthenticationSchemeHandler. we cannot logoff a stateless AuthenticationSchemeHandler");
        } else if (((StatefulAuthenticationSchemeHandler) authenticationSchemeHandler).getLogoffPermission().implies(permission)) {
            z = true;
        }
        return z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.sf.jguard.core.authentication.AbstractAuthenticationServicePoint
    public LoginContextWrapper getLoginContextWrapper(Scopes scopes) {
        LoginContextWrapper loginContextWrapper = (LoginContextWrapper) ((StatefulScopes) scopes).getSessionAttribute(LOGIN_CONTEXT_WRAPPER);
        if (loginContextWrapper == null) {
            loginContextWrapper = super.getLoginContextWrapper(scopes);
        }
        ((StatefulScopes) scopes).setSessionAttribute(LOGIN_CONTEXT_WRAPPER, loginContextWrapper);
        return loginContextWrapper;
    }

    private AuthenticationSchemeHandler getAuthenticationSchemeHandler(Subject subject, Collection<AuthenticationSchemeHandler<Req, Res>> collection) {
        String authenticationSchemeHandlerName = getAuthenticationSchemeHandlerName(subject);
        if (authenticationSchemeHandlerName == null) {
            throw new IllegalArgumentException(" Subject does not contains a JGuardCredential with a key='authSchemeHandlerName' and a value not null ");
        }
        AuthenticationSchemeHandler<Req, Res> authenticationSchemeHandler = null;
        Iterator<AuthenticationSchemeHandler<Req, Res>> it = collection.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            AuthenticationSchemeHandler<Req, Res> next = it.next();
            if (authenticationSchemeHandlerName.equals(next.getName())) {
                authenticationSchemeHandler = next;
                break;
            }
        }
        return authenticationSchemeHandler;
    }

    private static String getAuthenticationSchemeHandlerName(Subject subject) {
        for (JGuardCredential jGuardCredential : subject.getPublicCredentials(JGuardCredential.class)) {
            if (UserLoginModule.AUTHENTICATION_SCHEME_HANDLER_NAME.equals(jGuardCredential.getName())) {
                return (String) jGuardCredential.getValue();
            }
        }
        return null;
    }
}
