package org.apache.geronimo.jetty8.security.auth;

import java.security.Principal;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.message.AuthException;
import javax.security.auth.message.AuthStatus;
import javax.security.auth.message.config.ServerAuthConfig;
import javax.security.auth.message.config.ServerAuthContext;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import org.eclipse.jetty.security.Authenticator;
import org.eclipse.jetty.security.IdentityService;
import org.eclipse.jetty.security.ServerAuthException;
import org.eclipse.jetty.security.UserAuthentication;
import org.eclipse.jetty.security.authentication.DeferredAuthentication;
import org.eclipse.jetty.security.jaspi.JaspiMessageInfo;
import org.eclipse.jetty.server.Authentication;
import org.eclipse.jetty.server.UserIdentity;

/* loaded from: input_file:org/apache/geronimo/jetty8/security/auth/GeronimoJaspiAuthenticator.class */
public class GeronimoJaspiAuthenticator implements Authenticator {
    private final ServerAuthConfig _authConfig;
    private final Map _authProperties;
    private final CallbackHandler _callbackHandler;
    private final Subject _serviceSubject;
    private final boolean _allowLazyAuthentication;
    private final IdentityService _identityService;
    private final DeferredAuthentication _deferred;

    public GeronimoJaspiAuthenticator(ServerAuthConfig serverAuthConfig, Map map, CallbackHandler callbackHandler, Subject subject, boolean z, IdentityService identityService) {
        if (callbackHandler == null) {
            throw new NullPointerException("No CallbackHandler");
        }
        if (serverAuthConfig == null) {
            throw new NullPointerException("No AuthConfig");
        }
        this._authConfig = serverAuthConfig;
        this._authProperties = map;
        this._callbackHandler = callbackHandler;
        this._serviceSubject = subject;
        this._allowLazyAuthentication = z;
        this._identityService = identityService;
        this._deferred = new DeferredAuthentication(this);
    }

    public void setConfiguration(Authenticator.AuthConfiguration authConfiguration) {
    }

    public String getAuthMethod() {
        return "JASPI";
    }

    public Authentication validateRequest(ServletRequest servletRequest, ServletResponse servletResponse, boolean z) throws ServerAuthException {
        if (this._allowLazyAuthentication && !z) {
            return this._deferred;
        }
        JaspiMessageInfo jaspiMessageInfo = new JaspiMessageInfo(servletRequest, servletResponse, z);
        servletRequest.setAttribute("org.eclipse.jetty.security.jaspi.info", jaspiMessageInfo);
        return validateRequest(jaspiMessageInfo);
    }

    public boolean secureResponse(ServletRequest servletRequest, ServletResponse servletResponse, boolean z, Authentication.User user) throws ServerAuthException {
        JaspiMessageInfo jaspiMessageInfo = (JaspiMessageInfo) servletRequest.getAttribute("org.eclipse.jetty.security.jaspi.info");
        if (jaspiMessageInfo == null) {
            throw new NullPointerException("MeesageInfo from request missing: " + servletRequest);
        }
        return secureResponse(jaspiMessageInfo, user);
    }

    public Authentication validateRequest(JaspiMessageInfo jaspiMessageInfo) throws ServerAuthException {
        try {
            ServerAuthContext authContext = this._authConfig.getAuthContext(this._authConfig.getAuthContextID(jaspiMessageInfo), this._serviceSubject, this._authProperties);
            Subject subject = new Subject();
            AuthStatus validateRequest = authContext.validateRequest(jaspiMessageInfo, subject, this._serviceSubject);
            if (validateRequest == AuthStatus.SEND_CONTINUE) {
                return Authentication.SEND_CONTINUE;
            }
            if (validateRequest == AuthStatus.SEND_FAILURE) {
                return Authentication.SEND_FAILURE;
            }
            if (validateRequest == AuthStatus.SUCCESS) {
                Set privateCredentials = subject.getPrivateCredentials(UserIdentity.class);
                return new UserAuthentication(getAuthMethod(), privateCredentials.size() > 0 ? (UserIdentity) privateCredentials.iterator().next() : this._identityService.newUserIdentity(subject, (Principal) null, (String[]) null));
            }
            if (validateRequest == AuthStatus.SEND_SUCCESS) {
                return Authentication.SEND_SUCCESS;
            }
            throw new NullPointerException("No AuthStatus returned");
        } catch (AuthException e) {
            throw new ServerAuthException(e);
        }
    }

    public boolean secureResponse(JaspiMessageInfo jaspiMessageInfo, Authentication authentication) throws ServerAuthException {
        try {
            return AuthStatus.SEND_SUCCESS.equals(this._authConfig.getAuthContext(this._authConfig.getAuthContextID(jaspiMessageInfo), this._serviceSubject, this._authProperties).secureResponse(jaspiMessageInfo, this._serviceSubject));
        } catch (AuthException e) {
            throw new ServerAuthException(e);
        }
    }
}
