package org.apache.tomee.security.cdi;

import java.util.function.Supplier;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import javax.security.enterprise.AuthenticationException;
import javax.security.enterprise.AuthenticationStatus;
import javax.security.enterprise.authentication.mechanism.http.AutoApplySession;
import javax.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism;
import javax.security.enterprise.authentication.mechanism.http.HttpMessageContext;
import javax.security.enterprise.authentication.mechanism.http.LoginToContinue;
import javax.security.enterprise.identitystore.IdentityStoreHandler;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.tomee.security.http.LoginToContinueMechanism;

@LoginToContinue
@ApplicationScoped
@AutoApplySession
/* loaded from: input_file:lib/tomee-security-8.0.8.jar:org/apache/tomee/security/cdi/CustomFormAuthenticationMechanism.class */
public class CustomFormAuthenticationMechanism implements HttpAuthenticationMechanism, LoginToContinueMechanism {

    @Inject
    private Supplier<LoginToContinue> loginToContinue;

    @Inject
    private IdentityStoreHandler identityStoreHandler;

    @Override // javax.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism
    public AuthenticationStatus validateRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpMessageContext httpMessageContext) throws AuthenticationException {
        return validateCredentials(httpMessageContext) ? httpMessageContext.notifyContainerAboutLogin(this.identityStoreHandler.validate(httpMessageContext.getAuthParameters().getCredential())) : httpMessageContext.doNothing();
    }

    @Override // org.apache.tomee.security.http.LoginToContinueMechanism
    public LoginToContinue getLoginToContinue() {
        return this.loginToContinue.get();
    }

    private boolean validateCredentials(HttpMessageContext httpMessageContext) {
        return httpMessageContext.getAuthParameters().getCredential() != null;
    }
}
