package org.apache.geronimo.tomcat.security.authentication.jaspic;

import java.io.IOException;
import java.security.Principal;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.message.AuthException;
import javax.security.auth.message.AuthStatus;
import javax.security.auth.message.callback.CallerPrincipalCallback;
import javax.security.auth.message.callback.GroupPrincipalCallback;
import javax.security.auth.message.callback.PasswordValidationCallback;
import javax.security.auth.message.config.ServerAuthConfig;
import javax.security.auth.message.config.ServerAuthContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletResponse;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.geronimo.security.ContextManager;
import org.apache.geronimo.tomcat.security.AuthResult;
import org.apache.geronimo.tomcat.security.Authenticator;
import org.apache.geronimo.tomcat.security.IdentityService;
import org.apache.geronimo.tomcat.security.SecurityValve;
import org.apache.geronimo.tomcat.security.ServerAuthException;
import org.apache.geronimo.tomcat.security.TomcatAuthStatus;
import org.apache.geronimo.tomcat.security.UserIdentity;

/* loaded from: input_file:org/apache/geronimo/tomcat/security/authentication/jaspic/JaspicAuthenticator.class */
public class JaspicAuthenticator implements Authenticator {
    private static final String MESSAGE_INFO_KEY = "org.apache.geronimo.tomcat.jaspic.message.info";
    public static final String CONTAINER_CACHING_KEY = "org.apache.geronimo.jaspic.servlet.containerCaching";
    private final ServerAuthConfig serverAuthConfig;
    private final Map authProperties;
    private final Subject serviceSubject;
    private final JaspicCallbackHandler callbackHandler;
    private final IdentityService identityService;
    private final boolean containerCaching;

    public JaspicAuthenticator(ServerAuthConfig serverAuthConfig, Map map, Subject subject, JaspicCallbackHandler jaspicCallbackHandler, IdentityService identityService) {
        this.serverAuthConfig = serverAuthConfig;
        this.authProperties = map;
        this.serviceSubject = subject;
        this.callbackHandler = jaspicCallbackHandler;
        this.identityService = identityService;
        this.containerCaching = (map == null || map.get(CONTAINER_CACHING_KEY) == null || !Boolean.valueOf((String) map.get(CONTAINER_CACHING_KEY)).booleanValue()) ? false : true;
    }

    @Override // org.apache.geronimo.tomcat.security.Authenticator
    public AuthResult validateRequest(Request request, HttpServletResponse httpServletResponse, boolean z, UserIdentity userIdentity) throws ServerAuthException {
        UserIdentity newUserIdentity;
        try {
            JaspicMessageInfo jaspicMessageInfo = new JaspicMessageInfo(request, httpServletResponse, z);
            if (userIdentity != null) {
                jaspicMessageInfo.getMap().put(SecurityValve.CACHED_IDENTITY_KEY, userIdentity);
            }
            request.setNote(MESSAGE_INFO_KEY, jaspicMessageInfo);
            ServerAuthContext authContext = this.serverAuthConfig.getAuthContext(this.serverAuthConfig.getAuthContextID(jaspicMessageInfo), this.serviceSubject, this.authProperties);
            Subject subject = new Subject();
            AuthStatus validateRequest = authContext.validateRequest(jaspicMessageInfo, subject, this.serviceSubject);
            if (validateRequest == AuthStatus.SEND_CONTINUE) {
                return new AuthResult(TomcatAuthStatus.SEND_CONTINUE, null, false);
            }
            if (validateRequest == AuthStatus.SEND_FAILURE) {
                return new AuthResult(TomcatAuthStatus.SEND_FAILURE, null, false);
            }
            if (validateRequest != AuthStatus.SUCCESS) {
                if (validateRequest == AuthStatus.SEND_SUCCESS) {
                    return new AuthResult(TomcatAuthStatus.SEND_SUCCESS, null, false);
                }
                throw new NullPointerException("No AuthStatus returned");
            }
            Set privateCredentials = subject.getPrivateCredentials(UserIdentity.class);
            if (privateCredentials.size() > 0) {
                newUserIdentity = (UserIdentity) privateCredentials.iterator().next();
            } else {
                CallerPrincipalCallback threadCallerPrincipalCallback = this.callbackHandler.getThreadCallerPrincipalCallback();
                if (threadCallerPrincipalCallback == null) {
                    throw new NullPointerException("No CallerPrincipalCallback");
                }
                Principal principal = threadCallerPrincipalCallback.getPrincipal();
                if (principal == null) {
                    String name = threadCallerPrincipalCallback.getName();
                    Iterator<Principal> it = threadCallerPrincipalCallback.getSubject().getPrincipals().iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        Principal next = it.next();
                        if (next.getName().equals(name)) {
                            principal = next;
                            break;
                        }
                    }
                    if (principal == null) {
                        return new AuthResult(TomcatAuthStatus.SUCCESS, null, false);
                    }
                }
                GroupPrincipalCallback threadGroupPrincipalCallback = this.callbackHandler.getThreadGroupPrincipalCallback();
                String[] groups = threadGroupPrincipalCallback == null ? null : threadGroupPrincipalCallback.getGroups();
                newUserIdentity = this.identityService.newUserIdentity(subject, principal, groups == null ? Collections.emptyList() : Arrays.asList(groups));
            }
            return new AuthResult(TomcatAuthStatus.SUCCESS, newUserIdentity, this.containerCaching);
        } catch (AuthException e) {
            throw new ServerAuthException((Throwable) e);
        }
    }

    @Override // org.apache.geronimo.tomcat.security.Authenticator
    public boolean secureResponse(Request request, Response response, AuthResult authResult) throws ServerAuthException {
        JaspicMessageInfo jaspicMessageInfo = (JaspicMessageInfo) request.getNote(MESSAGE_INFO_KEY);
        if (jaspicMessageInfo == null) {
            throw new NullPointerException("MessageInfo from request missing: " + request);
        }
        try {
            return AuthStatus.SEND_SUCCESS.equals(this.serverAuthConfig.getAuthContext(this.serverAuthConfig.getAuthContextID(jaspicMessageInfo), this.serviceSubject, this.authProperties).secureResponse(jaspicMessageInfo, this.serviceSubject));
        } catch (AuthException e) {
            throw new ServerAuthException((Throwable) e);
        }
    }

    @Override // org.apache.geronimo.tomcat.security.Authenticator
    public String getAuthType() {
        return "JASPIC";
    }

    @Override // org.apache.geronimo.tomcat.security.Authenticator
    public AuthResult login(String str, String str2, Request request) throws ServletException {
        Callback passwordValidationCallback = new PasswordValidationCallback(new Subject(), str, str2.toCharArray());
        try {
            this.callbackHandler.handle(new Callback[]{passwordValidationCallback});
            return passwordValidationCallback.getResult() ? new AuthResult(TomcatAuthStatus.SUCCESS, (UserIdentity) passwordValidationCallback.getSubject().getPrivateCredentials(UserIdentity.class).iterator().next(), this.containerCaching) : new AuthResult(TomcatAuthStatus.FAILURE, null, false);
        } catch (IOException e) {
            throw new ServletException("Unsuccessful login");
        } catch (UnsupportedCallbackException e2) {
            throw new ServletException("internal server error");
        }
    }

    @Override // org.apache.geronimo.tomcat.security.Authenticator
    public void logout(Request request) throws ServletException {
        JaspicMessageInfo jaspicMessageInfo = (JaspicMessageInfo) request.getNote(MESSAGE_INFO_KEY);
        if (jaspicMessageInfo == null) {
            throw new NullPointerException("MessageInfo from request missing: " + request);
        }
        Subject currentCaller = ContextManager.getCurrentCaller();
        if (currentCaller != null) {
            this.identityService.associate(null);
            try {
                this.serverAuthConfig.getAuthContext(this.serverAuthConfig.getAuthContextID(jaspicMessageInfo), this.serviceSubject, this.authProperties).cleanSubject(jaspicMessageInfo, currentCaller);
            } catch (AuthException e) {
                throw new ServletException(e);
            }
        }
    }
}
