package org.apache.geronimo.jetty8.security;

import java.security.AccessControlContext;
import java.security.Principal;
import java.util.List;
import javax.security.auth.Subject;
import org.apache.geronimo.gbean.annotation.GBean;
import org.apache.geronimo.gbean.annotation.ParamAttribute;
import org.apache.geronimo.gbean.annotation.ParamReference;
import org.apache.geronimo.jetty8.handler.EJBWebServiceSecurityHandler;
import org.apache.geronimo.jetty8.handler.JaccSecurityHandler;
import org.apache.geronimo.jetty8.security.auth.JAASLoginService;
import org.apache.geronimo.jetty8.security.auth.NoneAuthenticator;
import org.apache.geronimo.security.ContextManager;
import org.apache.geronimo.security.jaas.ConfigurationFactory;
import org.apache.geronimo.security.jacc.RunAsSource;
import org.eclipse.jetty.security.Authenticator;
import org.eclipse.jetty.security.SecurityHandler;
import org.eclipse.jetty.security.authentication.BasicAuthenticator;
import org.eclipse.jetty.security.authentication.ClientCertAuthenticator;
import org.eclipse.jetty.security.authentication.DigestAuthenticator;
import org.eclipse.jetty.security.authentication.FormAuthenticator;

@GBean
/* loaded from: input_file:org/apache/geronimo/jetty8/security/JettySecurityHandlerFactory.class */
public class JettySecurityHandlerFactory implements SecurityHandlerFactory {
    private final BuiltInAuthMethod authMethod;
    private final String loginPage;
    private final String errorPage;
    private final String realmName;
    private final ConfigurationFactory configurationFactory;

    public JettySecurityHandlerFactory(@ParamAttribute(name = "authMethod") BuiltInAuthMethod builtInAuthMethod, @ParamAttribute(name = "loginPage") String str, @ParamAttribute(name = "errorPage") String str2, @ParamAttribute(name = "realmName") String str3, @ParamReference(name = "ConfigurationFactory") ConfigurationFactory configurationFactory) {
        if (builtInAuthMethod == null) {
            throw new NullPointerException("authMethod required");
        }
        if (configurationFactory == null) {
            throw new NullPointerException("configurationFactory required");
        }
        this.authMethod = builtInAuthMethod;
        this.loginPage = str;
        this.errorPage = str2;
        this.realmName = str3;
        this.configurationFactory = configurationFactory;
    }

    @Override // org.apache.geronimo.jetty8.security.SecurityHandlerFactory
    public SecurityHandler buildSecurityHandler(String str, Subject subject, RunAsSource runAsSource, boolean z) {
        JAASLoginService jAASLoginService = new JAASLoginService(this.configurationFactory, this.realmName);
        Authenticator buildAuthenticator = buildAuthenticator();
        if (subject == null) {
            subject = ContextManager.EMPTY;
        }
        AccessControlContext registerSubjectShort = ContextManager.registerSubjectShort(subject, (Principal) null, (List) null);
        JettyIdentityService jettyIdentityService = new JettyIdentityService(registerSubjectShort, subject, runAsSource);
        return z ? new JaccSecurityHandler(str, buildAuthenticator, jAASLoginService, jettyIdentityService, registerSubjectShort) : new EJBWebServiceSecurityHandler(str, buildAuthenticator, jAASLoginService, jettyIdentityService, registerSubjectShort);
    }

    private Authenticator buildAuthenticator() {
        BasicAuthenticator noneAuthenticator;
        if (this.authMethod == BuiltInAuthMethod.BASIC) {
            noneAuthenticator = new BasicAuthenticator();
        } else if (this.authMethod == BuiltInAuthMethod.DIGEST) {
            noneAuthenticator = new DigestAuthenticator();
        } else if (this.authMethod == BuiltInAuthMethod.CLIENTCERT) {
            noneAuthenticator = new ClientCertAuthenticator();
        } else if (this.authMethod == BuiltInAuthMethod.FORM) {
            noneAuthenticator = new FormAuthenticator(this.loginPage, this.errorPage, true);
        } else {
            if (this.authMethod != BuiltInAuthMethod.NONE) {
                throw new IllegalStateException("someone added a new BuiltInAuthMethod without telling us");
            }
            noneAuthenticator = new NoneAuthenticator();
        }
        return noneAuthenticator;
    }
}
