package org.granite.messaging.service.security;

import io.undertow.security.api.SecurityContext;
import io.undertow.server.HttpServerExchange;
import io.undertow.servlet.spec.HttpServletRequestImpl;
import java.lang.reflect.Field;
import java.lang.reflect.InvocationTargetException;
import java.security.Principal;
import java.util.Iterator;
import java.util.Map;
import javax.servlet.http.HttpSession;
import org.granite.context.GraniteContext;
import org.granite.messaging.service.security.SecurityService;
import org.granite.messaging.webapp.HttpGraniteContext;
import org.granite.messaging.webapp.ServletGraniteContext;

/* loaded from: input_file:org/granite/messaging/service/security/UndertowSecurityService.class */
public class UndertowSecurityService extends AbstractSecurityService {

    /* loaded from: input_file:org/granite/messaging/service/security/UndertowSecurityService$UndertowAuthenticationContext.class */
    public static class UndertowAuthenticationContext implements SecurityService.AuthenticationContext {
        private static final long serialVersionUID = 1;
        private final transient SecurityContext securityContext;
        private transient Principal principal = null;
        private String username = null;

        public UndertowAuthenticationContext(SecurityContext securityContext) {
            this.securityContext = securityContext;
        }

        @Override // org.granite.messaging.service.security.SecurityService.AuthenticationContext
        public Principal authenticate(String str, String str2) {
            if (this.securityContext == null) {
                throw SecurityServiceException.newAuthenticationFailedException("Invalid authentication");
            }
            if (str.equals(this.username) && this.principal != null) {
                return this.principal;
            }
            if (this.securityContext.login(str, str2)) {
                this.username = str;
                this.principal = this.securityContext.getAuthenticatedAccount().getPrincipal();
            }
            return this.principal;
        }

        @Override // org.granite.messaging.service.security.SecurityService.AuthenticationContext
        public Principal getPrincipal() {
            return this.principal;
        }

        @Override // org.granite.messaging.service.security.SecurityService.AuthenticationContext
        public boolean isUserInRole(String str) {
            return this.securityContext.getAuthenticatedAccount().getRoles().contains(str);
        }

        @Override // org.granite.messaging.service.security.SecurityService.AuthenticationContext
        public void logout() {
            this.securityContext.logout();
        }
    }

    @Override // org.granite.messaging.service.security.SecurityService
    public void configure(Map<String, String> map) {
    }

    @Override // org.granite.messaging.service.security.AbstractSecurityService, org.granite.messaging.service.security.SecurityService
    public void prelogin(HttpSession httpSession, Object obj, String str) {
        if (httpSession == null || (httpSession.getAttribute(SecurityService.AuthenticationContext.class.getName()) instanceof UndertowAuthenticationContext)) {
            return;
        }
        HttpServerExchange httpServerExchange = null;
        if (obj instanceof HttpServletRequestImpl) {
            httpServerExchange = ((HttpServletRequestImpl) obj).getExchange();
        } else if (obj.getClass().getSimpleName().equals("ExchangeHandshakeRequest")) {
            try {
                Field declaredField = obj.getClass().getDeclaredField("exchange");
                declaredField.setAccessible(true);
                Object obj2 = declaredField.get(obj);
                Field declaredField2 = obj2.getClass().getDeclaredField("exchange");
                declaredField2.setAccessible(true);
                httpServerExchange = (HttpServerExchange) declaredField2.get(obj2);
            } catch (Exception e) {
                throw new RuntimeException("Could not get internal undertow exchange", e);
            }
        }
        httpSession.setAttribute(SecurityService.AuthenticationContext.class.getName(), new UndertowAuthenticationContext(httpServerExchange.getSecurityContext()));
    }

    @Override // org.granite.messaging.service.security.SecurityService
    public Principal login(Object obj, String str) throws SecurityServiceException {
        Principal authenticate;
        String[] decodeBase64Credentials = decodeBase64Credentials(obj, str);
        ServletGraniteContext servletGraniteContext = (ServletGraniteContext) GraniteContext.getCurrentInstance();
        if (servletGraniteContext instanceof HttpGraniteContext) {
            UndertowAuthenticationContext undertowAuthenticationContext = new UndertowAuthenticationContext(servletGraniteContext.getRequest().getExchange().getSecurityContext());
            authenticate = undertowAuthenticationContext.authenticate(decodeBase64Credentials[0], decodeBase64Credentials[1]);
            if (authenticate != null) {
                servletGraniteContext.getSession().setAttribute(SecurityService.AuthenticationContext.class.getName(), undertowAuthenticationContext);
            }
        } else {
            SecurityService.AuthenticationContext authenticationContext = (SecurityService.AuthenticationContext) servletGraniteContext.getSession().getAttribute(SecurityService.AuthenticationContext.class.getName());
            if (authenticationContext == null) {
                return null;
            }
            authenticate = authenticationContext.authenticate(decodeBase64Credentials[0], decodeBase64Credentials[1]);
        }
        if (authenticate == null) {
            throw SecurityServiceException.newInvalidCredentialsException("Wrong username or password");
        }
        servletGraniteContext.setPrincipal(authenticate);
        endLogin(obj, str);
        return authenticate;
    }

    @Override // org.granite.messaging.service.security.SecurityService
    public Object authorize(AbstractSecurityContext abstractSecurityContext) throws Exception {
        Throwable th;
        HttpSession session;
        startAuthorization(abstractSecurityContext);
        ServletGraniteContext servletGraniteContext = (ServletGraniteContext) GraniteContext.getCurrentInstance();
        HttpServletRequestImpl httpServletRequestImpl = null;
        SecurityService.AuthenticationContext authenticationContext = null;
        Principal principal = null;
        if (servletGraniteContext instanceof HttpGraniteContext) {
            httpServletRequestImpl = servletGraniteContext.getRequest();
            HttpServerExchange exchange = httpServletRequestImpl.getExchange();
            if (exchange.getSecurityContext() == null || exchange.getSecurityContext().getAuthenticatedAccount() == null) {
                tryRelogin();
            }
            if (exchange.getSecurityContext() != null && exchange.getSecurityContext().getAuthenticatedAccount() != null) {
                principal = exchange.getSecurityContext().getAuthenticatedAccount().getPrincipal();
            }
        } else {
            HttpSession session2 = servletGraniteContext.getSession(false);
            if (session2 != null) {
                authenticationContext = (SecurityService.AuthenticationContext) session2.getAttribute(SecurityService.AuthenticationContext.class.getName());
                if (authenticationContext != null) {
                    principal = authenticationContext.getPrincipal();
                }
            }
        }
        servletGraniteContext.setPrincipal(principal);
        if (abstractSecurityContext.getDestination().isSecured()) {
            if (principal == null) {
                if (httpServletRequestImpl == null || httpServletRequestImpl.getRequestedSessionId() == null || ((session = httpServletRequestImpl.getSession(false)) != null && httpServletRequestImpl.getRequestedSessionId().equals(session.getId()))) {
                    throw SecurityServiceException.newNotLoggedInException("User not logged in");
                }
                throw SecurityServiceException.newSessionExpiredException("Session expired");
            }
            if (httpServletRequestImpl == null && authenticationContext == null) {
                throw SecurityServiceException.newNotLoggedInException("No authorization context");
            }
            boolean z = true;
            Iterator<String> it = abstractSecurityContext.getDestination().getRoles().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                String next = it.next();
                if (httpServletRequestImpl != null && httpServletRequestImpl.isUserInRole(next)) {
                    z = false;
                    break;
                }
                if (authenticationContext != null && authenticationContext.isUserInRole(next)) {
                    z = false;
                    break;
                }
            }
            if (z) {
                throw SecurityServiceException.newAccessDeniedException("User not in required role");
            }
        }
        try {
            return endAuthorization(abstractSecurityContext);
        } catch (InvocationTargetException e) {
            Throwable th2 = e;
            while (true) {
                th = th2;
                if (th == null) {
                    throw e;
                }
                if ((th instanceof SecurityException) || "javax.ejb.EJBAccessException".equals(th.getClass().getName())) {
                    break;
                }
                th2 = th.getCause();
            }
            throw SecurityServiceException.newAccessDeniedException(th.getMessage());
        }
    }

    @Override // org.granite.messaging.service.security.SecurityService
    public void logout() throws SecurityServiceException {
        ServletGraniteContext servletGraniteContext = (ServletGraniteContext) GraniteContext.getCurrentInstance();
        if (servletGraniteContext instanceof HttpGraniteContext) {
            servletGraniteContext.getRequest().getExchange().getSecurityContext().logout();
        }
        HttpSession session = servletGraniteContext.getSession(false);
        if (session != null) {
            endLogout();
            session.invalidate();
        }
    }
}
