package org.omnifaces.security.jaspic.authmodules;

import javax.enterprise.inject.spi.BeanManager;
import javax.security.auth.message.AuthStatus;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.omnifaces.security.cdi.Beans;
import org.omnifaces.security.jaspic.Utils;
import org.omnifaces.security.jaspic.core.AuthParameters;
import org.omnifaces.security.jaspic.core.HttpMsgContext;
import org.omnifaces.security.jaspic.core.HttpServerAuthModule;
import org.omnifaces.security.jaspic.core.Jaspic;
import org.omnifaces.security.jaspic.core.SamServices;
import org.omnifaces.security.jaspic.core.ServiceType;
import org.omnifaces.security.jaspic.request.LoginTokenCookieDAO;
import org.omnifaces.security.jaspic.user.TokenAuthenticator;
import org.omnifaces.security.jaspic.user.UsernameOnlyAuthenticator;
import org.omnifaces.security.jaspic.user.UsernamePasswordAuthenticator;

@SamServices({ServiceType.AUTO_REGISTER_SESSION, ServiceType.SAVE_AND_REDIRECT})
/* loaded from: input_file:org/omnifaces/security/jaspic/authmodules/OmniServerAuthModule.class */
public class OmniServerAuthModule extends HttpServerAuthModule {
    private final LoginTokenCookieDAO cookieDAO = new LoginTokenCookieDAO();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/omnifaces/security/jaspic/authmodules/OmniServerAuthModule$Delegators.class */
    public static class Delegators {
        private final UsernamePasswordAuthenticator authenticator;
        private final TokenAuthenticator tokenAuthenticator;
        private final UsernameOnlyAuthenticator usernameOnlyAuthenticator;

        public Delegators(UsernamePasswordAuthenticator usernamePasswordAuthenticator, TokenAuthenticator tokenAuthenticator, UsernameOnlyAuthenticator usernameOnlyAuthenticator) {
            this.authenticator = usernamePasswordAuthenticator;
            this.tokenAuthenticator = tokenAuthenticator;
            this.usernameOnlyAuthenticator = usernameOnlyAuthenticator;
        }

        public UsernamePasswordAuthenticator getAuthenticator() {
            return this.authenticator;
        }

        public TokenAuthenticator getTokenAuthenticator() {
            return this.tokenAuthenticator;
        }

        public UsernameOnlyAuthenticator getUsernameOnlyAuthenticator() {
            return this.usernameOnlyAuthenticator;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/omnifaces/security/jaspic/authmodules/OmniServerAuthModule$LoginResult.class */
    public enum LoginResult {
        LOGIN_SUCCESS,
        LOGIN_FAILURE,
        NO_LOGIN
    }

    @Override // org.omnifaces.security.jaspic.core.HttpServerAuthModule
    public AuthStatus validateHttpRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpMsgContext httpMsgContext) {
        switch (isLoginRequest(httpServletRequest, httpServletResponse, httpMsgContext)) {
            case LOGIN_SUCCESS:
                return AuthStatus.SUCCESS;
            case LOGIN_FAILURE:
                return AuthStatus.SEND_FAILURE;
            case NO_LOGIN:
            default:
                return AuthStatus.SUCCESS;
        }
    }

    @Override // org.omnifaces.security.jaspic.core.HttpServerAuthModule
    public void cleanHttpSubject(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpMsgContext httpMsgContext) {
        if (Jaspic.isRefresh(httpServletRequest) || this.cookieDAO.get(httpServletRequest) == null) {
            return;
        }
        this.cookieDAO.remove(httpServletRequest, httpServletResponse);
        Delegators tryGetDelegators = tryGetDelegators();
        if (tryGetDelegators == null || tryGetDelegators.getTokenAuthenticator() == null) {
            return;
        }
        tryGetDelegators.getTokenAuthenticator().removeLoginToken();
    }

    private LoginResult isLoginRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpMsgContext httpMsgContext) {
        boolean authenticate;
        UsernamePasswordAuthenticator usernamePasswordAuthenticator;
        Delegators tryGetDelegators = tryGetDelegators();
        if (tryGetDelegators == null) {
            return LoginResult.NO_LOGIN;
        }
        UsernamePasswordAuthenticator authenticator = tryGetDelegators.getAuthenticator();
        TokenAuthenticator tokenAuthenticator = tryGetDelegators.getTokenAuthenticator();
        UsernameOnlyAuthenticator usernameOnlyAuthenticator = tryGetDelegators.getUsernameOnlyAuthenticator();
        Cookie cookie = this.cookieDAO.get(httpServletRequest);
        AuthParameters authParameters = httpMsgContext.getAuthParameters();
        if (Utils.notNull(authParameters.getUsername(), authParameters.getPassword())) {
            authenticate = authenticator.authenticate(authParameters.getUsername(), authParameters.getPassword());
            usernamePasswordAuthenticator = authenticator;
        } else if (Utils.notNull(usernameOnlyAuthenticator, authParameters.getUsername()) && authParameters.getNoPassword().booleanValue()) {
            authenticate = usernameOnlyAuthenticator.authenticateWithoutPassword(authParameters.getUsername());
            usernamePasswordAuthenticator = usernameOnlyAuthenticator;
        } else {
            if (!Utils.notNull(tokenAuthenticator, cookie)) {
                return LoginResult.NO_LOGIN;
            }
            authenticate = tokenAuthenticator.authenticate(cookie.getValue());
            if (!authenticate) {
                this.cookieDAO.remove(httpServletRequest, httpServletResponse);
                return LoginResult.NO_LOGIN;
            }
            usernamePasswordAuthenticator = tokenAuthenticator;
        }
        if (!authenticate) {
            return LoginResult.LOGIN_FAILURE;
        }
        httpMsgContext.registerWithContainer(usernamePasswordAuthenticator.getUserName(), usernamePasswordAuthenticator.getApplicationRoles());
        if (tokenAuthenticator != null && Boolean.TRUE.equals(authParameters.getRememberMe())) {
            this.cookieDAO.save(httpServletRequest, httpServletResponse, tokenAuthenticator.generateLoginToken());
        }
        return LoginResult.LOGIN_SUCCESS;
    }

    private Delegators tryGetDelegators() {
        try {
            BeanManager beanManager = Beans.getBeanManager();
            return new Delegators((UsernamePasswordAuthenticator) Beans.getReferenceOrNull(UsernamePasswordAuthenticator.class, beanManager), (TokenAuthenticator) Beans.getReferenceOrNull(TokenAuthenticator.class, beanManager), (UsernameOnlyAuthenticator) Beans.getReferenceOrNull(UsernameOnlyAuthenticator.class, beanManager));
        } catch (Exception e) {
            return null;
        }
    }
}
