package org.apache.tomee.security.cdi;

import java.util.Arrays;
import java.util.Optional;
import javax.annotation.Priority;
import javax.el.ELProcessor;
import javax.enterprise.inject.Instance;
import javax.enterprise.inject.Intercepted;
import javax.enterprise.inject.spi.Bean;
import javax.enterprise.inject.spi.BeanManager;
import javax.inject.Inject;
import javax.interceptor.AroundInvoke;
import javax.interceptor.Interceptor;
import javax.interceptor.InvocationContext;
import javax.security.enterprise.AuthenticationStatus;
import javax.security.enterprise.CallerPrincipal;
import javax.security.enterprise.authentication.mechanism.http.HttpMessageContext;
import javax.security.enterprise.authentication.mechanism.http.RememberMe;
import javax.security.enterprise.credential.RememberMeCredential;
import javax.security.enterprise.identitystore.CredentialValidationResult;
import javax.security.enterprise.identitystore.RememberMeIdentityStore;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.apache.tomee.security.TomEEELInvocationHandler;
import org.eclipse.persistence.jpa.rs.ReservedWords;

@RememberMe
@Priority(210)
@Interceptor
/* loaded from: input_file:lib/tomee-security-8.0.5.jar:org/apache/tomee/security/cdi/RememberMeInterceptor.class */
public class RememberMeInterceptor {

    @Inject
    @Intercepted
    private Bean<?> httpMechanismBean;

    @Inject
    private Instance<RememberMeIdentityStore> rememberMeIdentityStore;

    @Inject
    private BeanManager beanManager;

    @AroundInvoke
    public Object intercept(InvocationContext invocationContext) throws Exception {
        if (!invocationContext.getMethod().getName().equals("validateRequest") || !Arrays.equals(invocationContext.getMethod().getParameterTypes(), new Class[]{HttpServletRequest.class, HttpServletResponse.class, HttpMessageContext.class})) {
            if (invocationContext.getMethod().getName().equals("cleanSubject") && Arrays.equals(invocationContext.getMethod().getParameterTypes(), new Class[]{HttpServletRequest.class, HttpServletResponse.class, HttpMessageContext.class})) {
                cleanSubject(invocationContext);
            }
            return invocationContext.proceed();
        }
        if (this.rememberMeIdentityStore.isUnsatisfied()) {
            throw new IllegalStateException("RememberMe annotated AuthenticationMechanism  " + this.httpMechanismBean.getBeanClass() + " required an implementation of RememberMeIndentityStore");
        }
        if (this.rememberMeIdentityStore.isAmbiguous()) {
            throw new IllegalStateException("Multiple implementations of RememberMeIndentityStore found. Only one should be supplied.");
        }
        return validateRequest(invocationContext);
    }

    private AuthenticationStatus validateRequest(InvocationContext invocationContext) throws Exception {
        HttpMessageContext httpMessageContext = (HttpMessageContext) invocationContext.getParameters()[2];
        RememberMe rememberMe = (RememberMe) TomEEELInvocationHandler.of((Class<RememberMe>) RememberMe.class, getRememberMe(), getElProcessor(invocationContext, httpMessageContext));
        Optional<Cookie> cookie = getCookie(httpMessageContext.getRequest(), rememberMe.cookieName());
        if (cookie.isPresent() && !StringUtils.isEmpty(cookie.get().getValue())) {
            CredentialValidationResult validate = this.rememberMeIdentityStore.get().validate(new RememberMeCredential(cookie.get().getValue()));
            if (CredentialValidationResult.Status.VALID.equals(validate.getStatus())) {
                return httpMessageContext.notifyContainerAboutLogin(validate);
            }
            cookie.get().setMaxAge(0);
            httpMessageContext.getResponse().addCookie(cookie.get());
        }
        AuthenticationStatus authenticationStatus = (AuthenticationStatus) invocationContext.proceed();
        if (AuthenticationStatus.SUCCESS.equals(authenticationStatus) && httpMessageContext.getCallerPrincipal() != null && rememberMe.isRememberMe()) {
            Cookie cookie2 = new Cookie(rememberMe.cookieName(), this.rememberMeIdentityStore.get().generateLoginToken(new CallerPrincipal(httpMessageContext.getCallerPrincipal().getName()), httpMessageContext.getGroups()));
            cookie2.setPath(StringUtils.isEmpty(httpMessageContext.getRequest().getContextPath()) ? "/" : httpMessageContext.getRequest().getContextPath());
            cookie2.setMaxAge(rememberMe.cookieMaxAgeSeconds());
            cookie2.setHttpOnly(rememberMe.cookieHttpOnly());
            cookie2.setSecure(rememberMe.cookieSecureOnly());
            httpMessageContext.getResponse().addCookie(cookie2);
        }
        return authenticationStatus;
    }

    private void cleanSubject(InvocationContext invocationContext) throws Exception {
        HttpMessageContext httpMessageContext = (HttpMessageContext) invocationContext.getParameters()[2];
        Optional<Cookie> cookie = getCookie(httpMessageContext.getRequest(), ((RememberMe) TomEEELInvocationHandler.of((Class<RememberMe>) RememberMe.class, getRememberMe(), getElProcessor(invocationContext, httpMessageContext))).cookieName());
        if (cookie.isPresent() && !StringUtils.isEmpty(cookie.get().getValue())) {
            cookie.get().setValue((String) null);
            cookie.get().setMaxAge(0);
            cookie.get().setPath(StringUtils.isEmpty(httpMessageContext.getRequest().getContextPath()) ? "/" : httpMessageContext.getRequest().getContextPath());
            httpMessageContext.getResponse().addCookie(cookie.get());
            this.rememberMeIdentityStore.get().removeLoginToken(cookie.get().getValue());
        }
        invocationContext.proceed();
    }

    private Optional<Cookie> getCookie(HttpServletRequest httpServletRequest, String str) {
        Cookie[] cookies = httpServletRequest.getCookies();
        return cookies == null ? Optional.empty() : Arrays.stream(cookies).filter(cookie -> {
            return cookie.getName().equals(str);
        }).findFirst();
    }

    private RememberMe getRememberMe() {
        return (RememberMe) Optional.ofNullable(this.httpMechanismBean.getBeanClass().getAnnotation(RememberMe.class)).orElseThrow(IllegalStateException::new);
    }

    private ELProcessor getElProcessor(InvocationContext invocationContext, HttpMessageContext httpMessageContext) {
        ELProcessor eLProcessor = new ELProcessor();
        eLProcessor.getELManager().addELResolver(this.beanManager.getELResolver());
        eLProcessor.defineBean(ReservedWords.JPARS_REL_SELF, invocationContext.getTarget());
        eLProcessor.defineBean("this", invocationContext.getTarget());
        eLProcessor.defineBean("httpMessageContext", httpMessageContext);
        return eLProcessor;
    }
}
