package com.sun.identity.wss.security.handler;

import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.iplanet.sso.SSOTokenManager;
import com.sun.identity.common.SystemConfigurationUtil;
import com.sun.identity.shared.Constants;
import com.sun.identity.shared.debug.Debug;
import com.sun.identity.wss.provider.ProviderConfig;
import com.sun.identity.wss.provider.ProviderException;
import com.sun.identity.wss.security.SecurityMechanism;
import com.sun.identity.wss.security.SecurityPrincipal;
import com.sun.identity.wss.security.WSSUtils;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Map;
import java.util.ResourceBundle;
import javax.security.auth.Subject;
import javax.servlet.http.HttpServletRequest;

/* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.3.jar:com/sun/identity/wss/security/handler/HTTPRequestHandler.class */
public class HTTPRequestHandler implements HTTPRequestHandlerInterface {
    private static final String GOTO = "goto";
    private static final String AUTHENTICATED_USERS = "AUTHENTICATED_USERS";
    private static Debug debug = WSSUtils.debug;
    private static ResourceBundle bundle = WSSUtils.bundle;
    private static final String PROVIDER_NAME = "providername";
    private String providername = null;

    @Override // com.sun.identity.wss.security.handler.HTTPRequestHandlerInterface
    public void init(Map map) {
        this.providername = (String) map.get(PROVIDER_NAME);
    }

    @Override // com.sun.identity.wss.security.handler.HTTPRequestHandlerInterface
    public boolean shouldAuthenticate(Subject subject, HttpServletRequest httpServletRequest) {
        if (setTokenInSubject(subject, httpServletRequest)) {
            if (!debug.messageEnabled()) {
                return false;
            }
            debug.message("HTTPRequestHandler.shouldAuthenticate:: valid SSOToken exists");
            return false;
        }
        if (debug.messageEnabled()) {
            debug.message("HTTPRequestHandler.shouldAuthenticate:: providername : " + this.providername);
        }
        if (this.providername == null || this.providername.length() == 0) {
            return true;
        }
        try {
            ProviderConfig provider = ProviderConfig.getProvider(this.providername, ProviderConfig.WSC);
            if (provider == null || provider.getSecurityMechanisms().contains(SecurityMechanism.LIBERTY_DS_SECURITY_URI) || provider.forceUserAuthentication()) {
                return true;
            }
            setPrincipal(subject);
            return false;
        } catch (ProviderException e) {
            debug.error("HTTPProvider.shouldAuthenticate::  provider exception", e);
            return true;
        }
    }

    private boolean setTokenInSubject(Subject subject, HttpServletRequest httpServletRequest) {
        try {
            SSOTokenManager sSOTokenManager = SSOTokenManager.getInstance();
            SSOToken createSSOToken = sSOTokenManager.createSSOToken(httpServletRequest);
            if (!sSOTokenManager.isValidToken(createSSOToken)) {
                return false;
            }
            setPrincipal(subject);
            addSSOToken(createSSOToken, subject);
            if (!debug.messageEnabled()) {
                return true;
            }
            debug.message("HTTPRequestHandler.setTokenInSubject:  Valid SSOToken ");
            return true;
        } catch (SSOException e) {
            if (!debug.messageEnabled()) {
                return false;
            }
            debug.message("HTTPRequestHandler.setTokenInSubject: Invalid SSOToken ");
            return false;
        } catch (Exception e2) {
            if (!debug.messageEnabled()) {
                return false;
            }
            debug.message("HTTPRequestHandler.setTokenInSubject: Can not set SSOToken in Subject ", e2);
            return false;
        }
    }

    @Override // com.sun.identity.wss.security.handler.HTTPRequestHandlerInterface
    public String getLoginURL(HttpServletRequest httpServletRequest) {
        String str = SystemConfigurationUtil.getProperty(Constants.LOGIN_URL) + "?" + SystemConfigurationUtil.getProperty("com.sun.identity.loginurl.goto", "goto") + "=" + httpServletRequest.getRequestURL().toString();
        String queryString = httpServletRequest.getQueryString();
        if (queryString != null) {
            str = str + "&" + queryString;
        }
        return str;
    }

    private void addSSOToken(final SSOToken sSOToken, final Subject subject) throws Exception {
        AccessController.doPrivileged(new PrivilegedAction() { // from class: com.sun.identity.wss.security.handler.HTTPRequestHandler.1
            @Override // java.security.PrivilegedAction
            public Object run() {
                subject.getPrivateCredentials().add(sSOToken);
                return null;
            }
        });
    }

    private void setPrincipal(Subject subject) {
        subject.getPrincipals().add(new SecurityPrincipal(SystemConfigurationUtil.getProperty("com.sun.identity.jsr196.authenticated.user", AUTHENTICATED_USERS)));
    }
}
