package org.omnifaces.security.jaspic.factory;

import java.util.Iterator;
import java.util.List;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.message.AuthException;
import javax.security.auth.message.AuthStatus;
import javax.security.auth.message.MessageInfo;
import javax.security.auth.message.MessagePolicy;
import javax.security.auth.message.config.ServerAuthContext;
import javax.servlet.http.HttpServletRequest;
import org.omnifaces.security.jaspic.config.AuthStacks;
import org.omnifaces.security.jaspic.config.Module;
import org.omnifaces.security.jaspic.core.AuthResult;
import org.omnifaces.security.jaspic.core.Jaspic;

/* loaded from: input_file:org/omnifaces/security/jaspic/factory/OmniServerAuthContext.class */
public class OmniServerAuthContext implements ServerAuthContext {
    private static final String AUTH_METHOD_SESSION_NAME = "org.omnifaces.security.jaspic.AuthMethod";
    private AuthStacks stacks;
    private boolean onlyOneModule;

    public OmniServerAuthContext(CallbackHandler callbackHandler, AuthStacks authStacks) throws AuthException {
        this.stacks = authStacks;
        if (authStacks.getModuleStacks().size() == 1) {
            this.onlyOneModule = true;
        }
        Iterator<List<Module>> it = authStacks.getModuleStacks().values().iterator();
        while (it.hasNext()) {
            for (Module module : it.next()) {
                module.getServerAuthModule().initialize((MessagePolicy) null, (MessagePolicy) null, callbackHandler, module.getOptions());
            }
        }
    }

    public AuthStatus validateRequest(MessageInfo messageInfo, Subject subject, Subject subject2) throws AuthException {
        AuthStatus doValidateRequest = doValidateRequest(messageInfo, subject, subject2);
        Jaspic.setLastStatus((HttpServletRequest) messageInfo.getRequestMessage(), doValidateRequest);
        return doValidateRequest;
    }

    public AuthStatus doValidateRequest(MessageInfo messageInfo, Subject subject, Subject subject2) throws AuthException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) messageInfo.getRequestMessage();
        boolean z = false;
        AuthResult authResult = new AuthResult();
        Iterator<Module> it = getModuleStack(httpServletRequest).iterator();
        while (it.hasNext()) {
            AuthResult validateRequest = Jaspic.validateRequest(it.next().getServerAuthModule(), messageInfo, subject, subject2);
            if (validateRequest.getAuthStatus() != AuthStatus.FAILURE) {
                authResult.add(validateRequest);
                switch (r0.getControlFlag()) {
                    case REQUIRED:
                        if (!validateRequest.isFailed()) {
                            break;
                        } else {
                            z = true;
                            break;
                        }
                    case REQUISITE:
                        if (!validateRequest.isFailed()) {
                            break;
                        } else {
                            return authResult.throwOrFail();
                        }
                    case SUFFICIENT:
                        if (!validateRequest.isFailed() && !z) {
                            return validateRequest.getAuthStatus();
                        }
                        break;
                }
            } else {
                throw new IllegalStateException("Servlet Container Profile SAM should not return status FAILURE. This is for CLIENT SAMs only");
            }
        }
        return authResult.throwOrReturnStatus();
    }

    public AuthStatus secureResponse(MessageInfo messageInfo, Subject subject) throws AuthException {
        AuthStatus authStatus = null;
        Iterator<Module> it = getModuleStack((HttpServletRequest) messageInfo.getRequestMessage()).iterator();
        while (it.hasNext()) {
            authStatus = it.next().getServerAuthModule().secureResponse(messageInfo, subject);
        }
        return authStatus;
    }

    public void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthException {
        Iterator<Module> it = getModuleStack((HttpServletRequest) messageInfo.getRequestMessage()).iterator();
        while (it.hasNext()) {
            it.next().getServerAuthModule().cleanSubject(messageInfo, subject);
        }
    }

    private List<Module> getModuleStack(HttpServletRequest httpServletRequest) {
        String authMethod = Jaspic.getAuthParameters(httpServletRequest).getAuthMethod();
        if (authMethod == null) {
            if (!this.onlyOneModule) {
                authMethod = (String) httpServletRequest.getSession().getAttribute(AUTH_METHOD_SESSION_NAME);
            }
            if (authMethod == null) {
                authMethod = this.stacks.getDefaultStackName();
            }
        }
        if (!this.onlyOneModule) {
            httpServletRequest.getSession().setAttribute(AUTH_METHOD_SESSION_NAME, authMethod);
        }
        return this.stacks.getModuleStacks().get(authMethod);
    }
}
