package org.apache.tomee.security.cdi;

import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject;
import jakarta.security.enterprise.AuthenticationException;
import jakarta.security.enterprise.AuthenticationStatus;
import jakarta.security.enterprise.authentication.mechanism.http.AutoApplySession;
import jakarta.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism;
import jakarta.security.enterprise.authentication.mechanism.http.HttpMessageContext;
import jakarta.security.enterprise.authentication.mechanism.http.LoginToContinue;
import jakarta.security.enterprise.credential.UsernamePasswordCredential;
import jakarta.security.enterprise.identitystore.IdentityStoreHandler;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.util.function.Supplier;
import org.apache.tomee.security.http.LoginToContinueMechanism;

@ApplicationScoped
@AutoApplySession
@LoginToContinue
/* loaded from: input_file:lib/tomee-security-8.0.7.jar:org/apache/tomee/security/cdi/FormAuthenticationMechanism.class */
public class FormAuthenticationMechanism implements HttpAuthenticationMechanism, LoginToContinueMechanism {

    @Inject
    private Supplier<LoginToContinue> loginToContinue;

    @Inject
    private IdentityStoreHandler identityStoreHandler;

    @Override // jakarta.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism
    public AuthenticationStatus validateRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpMessageContext httpMessageContext) throws AuthenticationException {
        String parameter = httpServletRequest.getParameter("j_username");
        String parameter2 = httpServletRequest.getParameter("j_password");
        if (!validateForm(httpMessageContext.getRequest(), parameter, parameter2)) {
            return httpMessageContext.doNothing();
        }
        return httpMessageContext.notifyContainerAboutLogin(this.identityStoreHandler.validate(new UsernamePasswordCredential(parameter, parameter2)));
    }

    @Override // org.apache.tomee.security.http.LoginToContinueMechanism
    public LoginToContinue getLoginToContinue() {
        return this.loginToContinue.get();
    }

    private boolean validateForm(HttpServletRequest httpServletRequest, String str, String str2) {
        return (!httpServletRequest.getMethod().equals("POST") || !httpServletRequest.getRequestURI().endsWith("/j_security_check") || str == null || str.isEmpty() || str2 == null || str2.isEmpty()) ? false : true;
    }
}
