package co.cask.cdap.security.server;

import co.cask.cdap.common.conf.CConfiguration;
import com.google.inject.Inject;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import org.apache.geronimo.components.jaspi.impl.ServerAuthConfigImpl;
import org.apache.geronimo.components.jaspi.impl.ServerAuthContextImpl;
import org.apache.geronimo.components.jaspi.model.AuthModuleType;
import org.apache.geronimo.components.jaspi.model.ServerAuthConfigType;
import org.apache.geronimo.components.jaspi.model.ServerAuthContextType;
import org.eclipse.jetty.security.Authenticator;
import org.eclipse.jetty.security.DefaultIdentityService;
import org.eclipse.jetty.security.IdentityService;
import org.eclipse.jetty.security.LoginService;
import org.eclipse.jetty.security.jaspi.JaspiAuthenticator;
import org.eclipse.jetty.security.jaspi.JaspiAuthenticatorFactory;
import org.eclipse.jetty.security.jaspi.ServletCallbackHandler;
import org.eclipse.jetty.security.jaspi.modules.BasicAuthModule;

/* loaded from: input_file:co/cask/cdap/security/server/JASPIAuthenticationHandler.class */
public class JASPIAuthenticationHandler extends AbstractAuthenticationHandler {
    private JAASLoginService loginService;
    private IdentityService identityService;

    @Inject
    public JASPIAuthenticationHandler(CConfiguration cConfiguration) throws Exception {
        super(cConfiguration);
    }

    @Override // co.cask.cdap.security.server.AbstractAuthenticationHandler
    protected LoginService getHandlerLoginService() {
        if (this.loginService == null) {
            this.loginService = new JAASLoginService();
            this.loginService.setLoginModuleName("JASPI");
            this.loginService.setConfiguration(getLoginModuleConfiguration());
            this.loginService.setIdentityService(getHandlerIdentityService());
        }
        return this.loginService;
    }

    @Override // co.cask.cdap.security.server.AbstractAuthenticationHandler
    protected Authenticator getHandlerAuthenticator() {
        new JaspiAuthenticatorFactory().setLoginService(getHandlerLoginService());
        HashMap hashMap = new HashMap();
        ServletCallbackHandler servletCallbackHandler = new ServletCallbackHandler(getHandlerLoginService());
        hashMap.put("authContextID", new ServerAuthContextImpl(Collections.singletonList(new BasicAuthModule(servletCallbackHandler, "JAASRealm"))));
        return new JaspiAuthenticator(new ServerAuthConfigImpl(new ServerAuthConfigType(new ServerAuthContextType("HTTP", "server *", "authContextID", new AuthModuleType()), true), hashMap), (Map) null, servletCallbackHandler, new Subject(), true, getHandlerIdentityService());
    }

    @Override // co.cask.cdap.security.server.AbstractAuthenticationHandler
    protected IdentityService getHandlerIdentityService() {
        if (this.identityService == null) {
            this.identityService = new DefaultIdentityService();
        }
        return this.identityService;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // co.cask.cdap.security.server.AbstractAuthenticationHandler
    public Configuration getLoginModuleConfiguration() {
        return new Configuration() { // from class: co.cask.cdap.security.server.JASPIAuthenticationHandler.1
            public AppConfigurationEntry[] getAppConfigurationEntry(String str) {
                HashMap hashMap = new HashMap();
                for (Map.Entry entry : ((HashMap) JASPIAuthenticationHandler.this.configuration.getValByRegex("security.authentication.handler.".replace(".", "\\.").concat("."))).entrySet()) {
                    String obj = entry.getKey().toString();
                    hashMap.put(obj.substring(obj.lastIndexOf(46) + 1).trim(), entry.getValue().toString());
                }
                return new AppConfigurationEntry[]{new AppConfigurationEntry(JASPIAuthenticationHandler.this.configuration.get("security.authentication.loginmodule.className"), AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, hashMap)};
            }
        };
    }
}
