package org.omnifaces.security.jaspic.factory;

import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.message.AuthException;
import javax.security.auth.message.AuthStatus;
import javax.security.auth.message.MessageInfo;
import javax.security.auth.message.MessagePolicy;
import javax.security.auth.message.config.ServerAuthContext;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.omnifaces.security.jaspic.AuthResult;
import org.omnifaces.security.jaspic.Jaspic;
import org.omnifaces.security.jaspic.Utils;
import org.omnifaces.security.jaspic.config.AuthStacks;
import org.omnifaces.security.jaspic.config.Module;
import org.omnifaces.security.jaspic.request.RequestDataDAO;

/* loaded from: input_file:org/omnifaces/security/jaspic/factory/OmniServerAuthContext.class */
public class OmniServerAuthContext implements ServerAuthContext {
    private static final String AUTHENTICATOR_SESSION_NAME = "org.omnifaces.security.jaspic.Authenticator";
    private static final String AUTH_METHOD_SESSION_NAME = "org.omnifaces.security.jaspic.AuthMethod";
    private AuthStacks stacks;
    private CallbackHandler handler;
    private final RequestDataDAO requestDAO = new RequestDataDAO();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/omnifaces/security/jaspic/factory/OmniServerAuthContext$AuthenticationData.class */
    public class AuthenticationData {
        private final String username;
        private final List<String> applicationRoles;

        public AuthenticationData(String str, List<String> list) {
            this.username = str;
            this.applicationRoles = Collections.unmodifiableList(new ArrayList(list));
        }

        public String getUserName() {
            return this.username;
        }

        public List<String> getApplicationRoles() {
            return this.applicationRoles;
        }
    }

    public OmniServerAuthContext(CallbackHandler callbackHandler, AuthStacks authStacks) throws AuthException {
        this.stacks = authStacks;
        this.handler = callbackHandler;
        Iterator<List<Module>> it = authStacks.getModuleStacks().values().iterator();
        while (it.hasNext()) {
            Iterator<Module> it2 = it.next().iterator();
            while (it2.hasNext()) {
                it2.next().getServerAuthModule().initialize((MessagePolicy) null, (MessagePolicy) null, callbackHandler, Collections.emptyMap());
            }
        }
    }

    public AuthStatus validateRequest(MessageInfo messageInfo, Subject subject, Subject subject2) throws AuthException {
        AuthStatus doValidateRequest = doValidateRequest(messageInfo, subject, subject2);
        Jaspic.setLastStatus((HttpServletRequest) messageInfo.getRequestMessage(), doValidateRequest);
        return doValidateRequest;
    }

    public AuthStatus doValidateRequest(MessageInfo messageInfo, Subject subject, Subject subject2) throws AuthException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) messageInfo.getRequestMessage();
        AuthStatus checkSpecialCases = checkSpecialCases(httpServletRequest, (HttpServletResponse) messageInfo.getResponseMessage(), messageInfo, subject);
        if (checkSpecialCases != null) {
            return checkSpecialCases;
        }
        boolean z = false;
        AuthResult authResult = new AuthResult();
        try {
            Iterator<Module> it = getModuleStack(httpServletRequest).iterator();
            while (it.hasNext()) {
                AuthResult validateRequest = Jaspic.validateRequest(it.next().getServerAuthModule(), messageInfo, subject, subject2);
                if (validateRequest.getAuthStatus() != AuthStatus.FAILURE) {
                    authResult.add(validateRequest);
                    switch (r0.getControlFlag()) {
                        case REQUIRED:
                            if (!validateRequest.isFailed()) {
                                break;
                            } else {
                                z = true;
                                break;
                            }
                        case REQUISITE:
                            if (!validateRequest.isFailed()) {
                                break;
                            } else {
                                AuthStatus throwOrFail = authResult.throwOrFail();
                                if (!authResult.isFailed() && Jaspic.isRegisterSession(messageInfo)) {
                                    saveAuthentication(httpServletRequest);
                                }
                                return throwOrFail;
                            }
                        case SUFFICIENT:
                            if (!validateRequest.isFailed() && !z) {
                                AuthStatus authStatus = validateRequest.getAuthStatus();
                                if (!authResult.isFailed() && Jaspic.isRegisterSession(messageInfo)) {
                                    saveAuthentication(httpServletRequest);
                                }
                                return authStatus;
                            }
                            break;
                    }
                } else {
                    throw new IllegalStateException("Servlet Container Profile SAM should not return status FAILURE. This is for CLIENT SAMs only");
                }
            }
            AuthStatus throwOrReturnStatus = authResult.throwOrReturnStatus();
            if (!authResult.isFailed() && Jaspic.isRegisterSession(messageInfo)) {
                saveAuthentication(httpServletRequest);
            }
            return throwOrReturnStatus;
        } catch (Throwable th) {
            if (!authResult.isFailed() && Jaspic.isRegisterSession(messageInfo)) {
                saveAuthentication(httpServletRequest);
            }
            throw th;
        }
    }

    public AuthStatus secureResponse(MessageInfo messageInfo, Subject subject) throws AuthException {
        AuthStatus authStatus = null;
        Iterator<Module> it = getModuleStack((HttpServletRequest) messageInfo.getRequestMessage()).iterator();
        while (it.hasNext()) {
            authStatus = it.next().getServerAuthModule().secureResponse(messageInfo, subject);
        }
        return authStatus;
    }

    public void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthException {
        Iterator<Module> it = getModuleStack((HttpServletRequest) messageInfo.getRequestMessage()).iterator();
        while (it.hasNext()) {
            it.next().getServerAuthModule().cleanSubject(messageInfo, subject);
        }
    }

    private AuthStatus checkSpecialCases(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, MessageInfo messageInfo, Subject subject) throws AuthException {
        if (Jaspic.isLogoutRequest(httpServletRequest)) {
            cleanSubject(messageInfo, subject);
            return AuthStatus.SEND_CONTINUE;
        }
        if (!Jaspic.isAuthenticationRequest(httpServletRequest) && canReAuthenticate(httpServletRequest, subject, this.handler)) {
            return AuthStatus.SUCCESS;
        }
        if (Jaspic.isExplicitAuthCall(httpServletRequest)) {
            return null;
        }
        if (!Jaspic.isProtectedResource(messageInfo)) {
            return AuthStatus.SUCCESS;
        }
        this.requestDAO.save(httpServletRequest);
        Utils.redirect(httpServletResponse, Utils.getBaseURL(httpServletRequest) + "/login.xhtml");
        return AuthStatus.SEND_CONTINUE;
    }

    private List<Module> getModuleStack(HttpServletRequest httpServletRequest) {
        String authMethod = Jaspic.getAuthParameters(httpServletRequest).getAuthMethod();
        if (authMethod == null) {
            authMethod = (String) httpServletRequest.getSession().getAttribute(AUTH_METHOD_SESSION_NAME);
            if (authMethod == null) {
                authMethod = this.stacks.getDefaultStackName();
            }
        }
        httpServletRequest.getSession().setAttribute(AUTH_METHOD_SESSION_NAME, authMethod);
        return this.stacks.getModuleStacks().get(authMethod);
    }

    private void saveAuthentication(HttpServletRequest httpServletRequest) {
        httpServletRequest.getSession().setAttribute(AUTHENTICATOR_SESSION_NAME, new AuthenticationData((String) httpServletRequest.getAttribute(Jaspic.LOGGEDIN_USERNAME), (List) httpServletRequest.getAttribute(Jaspic.LOGGEDIN_ROLES)));
    }

    private boolean canReAuthenticate(HttpServletRequest httpServletRequest, Subject subject, CallbackHandler callbackHandler) {
        AuthenticationData authenticationData;
        HttpSession session = httpServletRequest.getSession(false);
        if (session == null || (authenticationData = (AuthenticationData) session.getAttribute(AUTHENTICATOR_SESSION_NAME)) == null) {
            return false;
        }
        Jaspic.notifyContainerAboutLogin(subject, callbackHandler, authenticationData.getUserName(), authenticationData.getApplicationRoles());
        return true;
    }
}
