package org.glassfish.admingui.common.security;

import com.sun.enterprise.config.serverbeans.Domain;
import com.sun.enterprise.config.serverbeans.SecureAdmin;
import com.sun.enterprise.security.SecurityServicesUtil;
import com.sun.logging.LogCleanerUtil;
import java.lang.annotation.Annotation;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Arrays;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.message.AuthException;
import javax.security.auth.message.AuthStatus;
import javax.security.auth.message.MessageInfo;
import javax.security.auth.message.MessagePolicy;
import javax.security.auth.message.callback.CallerPrincipalCallback;
import javax.security.auth.message.module.ServerAuthModule;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.ws.rs.client.ClientBuilder;
import javax.ws.rs.client.Entity;
import javax.ws.rs.client.WebTarget;
import javax.ws.rs.core.MultivaluedHashMap;
import javax.ws.rs.core.Response;
import org.glassfish.admingui.common.util.GuiUtil;
import org.glassfish.admingui.common.util.RestResponse;
import org.glassfish.admingui.common.util.RestUtil;
import org.glassfish.common.util.InputValidationUtil;
import org.glassfish.grizzly.config.dom.NetworkListener;
import org.glassfish.hk2.api.ServiceLocator;
import org.glassfish.jersey.client.authentication.HttpAuthenticationFeature;

/* loaded from: input_file:org/glassfish/admingui/common/security/AdminConsoleAuthModule.class */
public class AdminConsoleAuthModule implements ServerAuthModule {
    private CallbackHandler handler = null;
    private String restURL = null;
    private String loginPage = null;
    private String loginErrorPage = null;
    private static final String SAVED_SUBJECT = "Saved_Subject";
    private static final String USER_NAME = "userName";
    private static final String ORIG_REQUEST_PATH = "origRequestPath";
    private static final String RESPONSE_TYPE = "application/json";
    public static final String REST_SERVER_NAME = "serverName";
    public static final String REST_SERVER_PORT = "serverPort";
    public static final String REST_TOKEN = "__rTkn__";
    private static final Class[] SUPPORTED_MESSAGE_TYPES = {HttpServletRequest.class, HttpServletResponse.class};
    private static final Logger logger = GuiUtil.getLogger();

    public void initialize(MessagePolicy messagePolicy, MessagePolicy messagePolicy2, CallbackHandler callbackHandler, Map map) throws AuthException {
        this.handler = callbackHandler;
        if (map != null) {
            this.loginPage = (String) map.get("loginPage");
            if (this.loginPage == null) {
                throw new AuthException("'loginPage' must be supplied as a property in the provider-config in the domain.xml file!");
            }
            this.loginErrorPage = (String) map.get("loginErrorPage");
            if (this.loginErrorPage == null) {
                throw new AuthException("'loginErrorPage' must be supplied as a property in the provider-config in the domain.xml file!");
            }
            ServiceLocator habitat = SecurityServicesUtil.getInstance().getHabitat();
            NetworkListener networkListener = ((Domain) habitat.getService(Domain.class, new Annotation[0])).getServerNamed("server").getConfig().getNetworkConfig().getNetworkListener("admin-listener");
            SecureAdmin secureAdmin = (SecureAdmin) habitat.getService(SecureAdmin.class, new Annotation[0]);
            String address = networkListener.getAddress();
            this.restURL = (SecureAdmin.Util.isEnabled(secureAdmin) ? "https://" : "http://") + (address.equals("0.0.0.0") ? "localhost" : address) + ":" + networkListener.getPort() + "/management/sessions";
        }
    }

    public Class[] getSupportedMessageTypes() {
        return SUPPORTED_MESSAGE_TYPES;
    }

    public AuthStatus validateRequest(MessageInfo messageInfo, Subject subject, Subject subject2) throws AuthException {
        Object obj;
        HttpServletRequest httpServletRequest = (HttpServletRequest) messageInfo.getRequestMessage();
        HttpServletResponse httpServletResponse = (HttpServletResponse) messageInfo.getResponseMessage();
        if (!isMandatory(messageInfo) && !httpServletRequest.getRequestURI().endsWith("/j_security_check")) {
            return AuthStatus.SUCCESS;
        }
        HttpSession session = httpServletRequest.getSession(true);
        if (session == null) {
            return AuthStatus.FAILURE;
        }
        Subject subject3 = (Subject) session.getValue(SAVED_SUBJECT);
        if (subject3 != null) {
            subject.getPrincipals().addAll(subject3.getPrincipals());
            subject.getPublicCredentials().addAll(subject3.getPublicCredentials());
            subject.getPrivateCredentials().addAll(subject3.getPrivateCredentials());
            return AuthStatus.SUCCESS;
        }
        if (session.getValue(REST_SERVER_NAME) == null) {
            try {
                URL url = new URL(this.restURL);
                session.putValue(REST_SERVER_NAME, url.getHost());
                session.putValue(REST_SERVER_PORT, Integer.valueOf(url.getPort()));
            } catch (MalformedURLException e) {
                throw new IllegalArgumentException("Unable to parse REST URL: (" + this.restURL + ")", e);
            }
        }
        String parameter = httpServletRequest.getParameter("j_username");
        char[] charArray = httpServletRequest.getParameter("j_password") != null ? httpServletRequest.getParameter("j_password").toCharArray() : null;
        if (parameter == null || charArray == null || !httpServletRequest.getMethod().equalsIgnoreCase("post")) {
            String requestURI = httpServletRequest.getRequestURI();
            String queryString = httpServletRequest.getQueryString();
            if (queryString != null && !queryString.isEmpty()) {
                requestURI = requestURI + "?" + queryString;
            }
            session.setAttribute(ORIG_REQUEST_PATH, requestURI);
            try {
                httpServletRequest.getRequestDispatcher(this.loginPage).forward(httpServletRequest, httpServletResponse);
                return AuthStatus.SEND_CONTINUE;
            } catch (Exception e2) {
                AuthException authException = new AuthException();
                authException.initCause(e2);
                throw authException;
            }
        }
        WebTarget target = RestUtil.initialize(ClientBuilder.newBuilder()).build().target(this.restURL);
        target.register(HttpAuthenticationFeature.basic(parameter, new String(charArray)));
        MultivaluedHashMap multivaluedHashMap = new MultivaluedHashMap();
        multivaluedHashMap.putSingle("remoteHostName", httpServletRequest.getRemoteHost());
        RestResponse restResponse = RestResponse.getRestResponse((Response) target.request(new String[]{"application/json"}).post(Entity.entity(multivaluedHashMap, RestUtil.FORM_ENCODING), Response.class));
        Arrays.fill(charArray, ' ');
        if (!restResponse.isSuccess()) {
            if (restResponse.getResponseCode() == 403) {
                httpServletRequest.setAttribute("errorText", GuiUtil.getMessage("alert.ConfigurationError"));
                httpServletRequest.setAttribute("messageText", GuiUtil.getMessage("alert.EnableSecureAdmin"));
            }
            try {
                httpServletRequest.getRequestDispatcher(this.loginErrorPage).forward(httpServletRequest, httpServletResponse);
                return AuthStatus.SEND_FAILURE;
            } catch (Exception e3) {
                AuthException authException2 = new AuthException();
                authException2.initCause(e3);
                throw authException2;
            }
        }
        try {
            this.handler.handle(new Callback[]{new CallerPrincipalCallback(subject, parameter)});
            httpServletRequest.changeSessionId();
            Object obj2 = restResponse.getResponse().get("data");
            Map map = null;
            if (obj2 != null && (obj2 instanceof Map) && (obj = ((Map) obj2).get("extraProperties")) != null && (obj instanceof Map)) {
                map = (Map) obj;
            }
            if (map != null) {
                session.putValue(REST_TOKEN, map.get("token"));
            }
            session.putValue(SAVED_SUBJECT, subject);
            session.putValue(USER_NAME, parameter);
            try {
                String str = (String) session.getAttribute(ORIG_REQUEST_PATH);
                if (str == null || "/favicon.ico".equals(str)) {
                    str = "/index.jsf";
                }
                logger.log(Level.INFO, "Redirecting to {0}", LogCleanerUtil.neutralizeForLog(str));
                if (InputValidationUtil.validateStringforCRLF(str)) {
                    httpServletResponse.sendError(403, "Forbidden");
                }
                httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(InputValidationUtil.removeLinearWhiteSpaces(str)));
                return AuthStatus.SEND_CONTINUE;
            } catch (Exception e4) {
                AuthException authException3 = new AuthException();
                authException3.initCause(e4);
                throw authException3;
            }
        } catch (Exception e5) {
            AuthException authException4 = new AuthException();
            authException4.initCause(e5);
            throw authException4;
        }
    }

    public AuthStatus secureResponse(MessageInfo messageInfo, Subject subject) throws AuthException {
        return AuthStatus.SUCCESS;
    }

    public void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthException {
    }

    private boolean isMandatory(MessageInfo messageInfo) {
        return Boolean.valueOf((String) messageInfo.getMap().get("javax.security.auth.message.MessagePolicy.isMandatory")).booleanValue();
    }
}
