package org.apache.tomee.security.itest;

import jakarta.enterprise.context.ApplicationScoped;
import jakarta.security.enterprise.AuthenticationException;
import jakarta.security.enterprise.AuthenticationStatus;
import jakarta.security.enterprise.authentication.mechanism.http.AutoApplySession;
import jakarta.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism;
import jakarta.security.enterprise.authentication.mechanism.http.HttpMessageContext;
import jakarta.security.enterprise.authentication.mechanism.http.LoginToContinue;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.util.Collections;

@ApplicationScoped
@AutoApplySession
@LoginToContinue(loginPage = "/login-app", errorPage = "/login-error-app")
/* loaded from: input_file:org/apache/tomee/security/itest/AuthMechanism.class */
public class AuthMechanism implements HttpAuthenticationMechanism {
    public AuthenticationStatus validateRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpMessageContext httpMessageContext) throws AuthenticationException {
        String parameter = httpServletRequest.getParameter("token");
        return validateForm(httpMessageContext.getRequest(), parameter) ? !"1234ABCD".equals(parameter) ? httpMessageContext.responseUnauthorized() : httpMessageContext.notifyContainerAboutLogin("jwt-token", Collections.singleton("tomcat")) : httpMessageContext.doNothing();
    }

    private boolean validateForm(HttpServletRequest httpServletRequest, String str) {
        return httpServletRequest.getMethod().equals("POST") && httpServletRequest.getRequestURI().endsWith("/login-jwt") && str != null && !str.isEmpty();
    }
}
