package org.apache.tomee.security.cdi;

import java.util.Arrays;
import javax.annotation.Priority;
import javax.interceptor.AroundInvoke;
import javax.interceptor.Interceptor;
import javax.interceptor.InvocationContext;
import javax.security.auth.message.AuthException;
import javax.security.enterprise.AuthenticationStatus;
import javax.security.enterprise.authentication.mechanism.http.HttpMessageContext;
import javax.security.enterprise.authentication.mechanism.http.LoginToContinue;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.tomee.security.http.LoginToContinueMechanism;
import org.apache.tomee.security.http.SavedAuthentication;
import org.apache.tomee.security.http.SavedHttpServletRequest;
import org.apache.tomee.security.http.SavedRequest;

@LoginToContinue
@Priority(220)
@Interceptor
/* loaded from: input_file:lib/tomee-security-8.0.10.jar:org/apache/tomee/security/cdi/LoginToContinueInterceptor.class */
public class LoginToContinueInterceptor {
    @AroundInvoke
    public Object intercept(InvocationContext invocationContext) throws Exception {
        return (invocationContext.getMethod().getName().equals("validateRequest") && Arrays.equals(invocationContext.getMethod().getParameterTypes(), new Class[]{HttpServletRequest.class, HttpServletResponse.class, HttpMessageContext.class})) ? validateRequest(invocationContext) : invocationContext.proceed();
    }

    private AuthenticationStatus validateRequest(InvocationContext invocationContext) throws Exception {
        HttpMessageContext httpMessageContext = (HttpMessageContext) invocationContext.getParameters()[2];
        clearStaleState(httpMessageContext);
        return httpMessageContext.getAuthParameters().isNewAuthentication() ? processCallerInitiatedAuthentication(invocationContext, httpMessageContext) : processContainerInitiatedAuthentication(invocationContext, httpMessageContext);
    }

    private void clearStaleState(HttpMessageContext httpMessageContext) {
        if (httpMessageContext.isProtected() && !httpMessageContext.isAuthenticationRequest() && LoginToContinueMechanism.hasRequest(httpMessageContext.getRequest()) && !LoginToContinueMechanism.hasAuthentication(httpMessageContext.getRequest()) && !httpMessageContext.getRequest().getRequestURI().endsWith("j_security_check")) {
            httpMessageContext.getRequest().getSession().removeAttribute(LoginToContinueMechanism.ORIGINAL_REQUEST);
            httpMessageContext.getRequest().getSession().removeAttribute(LoginToContinueMechanism.CALLER_AUTHENICATION);
        }
        if (httpMessageContext.getAuthParameters().isNewAuthentication()) {
            httpMessageContext.getRequest().getSession().setAttribute(LoginToContinueMechanism.CALLER_AUTHENICATION, true);
            httpMessageContext.getRequest().getSession().removeAttribute(LoginToContinueMechanism.ORIGINAL_REQUEST);
            httpMessageContext.getRequest().getSession().removeAttribute(LoginToContinueMechanism.AUTHENTICATION);
        }
    }

    private AuthenticationStatus processCallerInitiatedAuthentication(InvocationContext invocationContext, HttpMessageContext httpMessageContext) throws Exception {
        AuthenticationStatus authenticationStatus;
        try {
            authenticationStatus = (AuthenticationStatus) invocationContext.proceed();
        } catch (AuthException e) {
            authenticationStatus = AuthenticationStatus.SEND_FAILURE;
        }
        return (authenticationStatus == AuthenticationStatus.SUCCESS && httpMessageContext.getCallerPrincipal() == null) ? AuthenticationStatus.SUCCESS : authenticationStatus;
    }

    private AuthenticationStatus processContainerInitiatedAuthentication(InvocationContext invocationContext, HttpMessageContext httpMessageContext) throws Exception {
        if (isOnInitialProtectedURL(httpMessageContext)) {
            LoginToContinueMechanism.saveRequest(httpMessageContext.getRequest());
            LoginToContinue loginToContinue = getLoginToContinue(invocationContext);
            return loginToContinue.useForwardToLogin() ? httpMessageContext.forward(loginToContinue.loginPage()) : httpMessageContext.redirect(toAbsoluteUrl(httpMessageContext.getRequest(), loginToContinue.loginPage()));
        }
        if (!isOnLoginPostback(httpMessageContext)) {
            if (!isOnOriginalURLAfterAuthenticate(httpMessageContext)) {
                return (AuthenticationStatus) invocationContext.proceed();
            }
            SavedRequest request = LoginToContinueMechanism.getRequest(httpMessageContext.getRequest());
            SavedAuthentication authentication = LoginToContinueMechanism.getAuthentication(httpMessageContext.getRequest());
            LoginToContinueMechanism.clearRequestAndAuthentication(httpMessageContext.getRequest());
            return httpMessageContext.withRequest(new SavedHttpServletRequest(httpMessageContext.getRequest(), request)).notifyContainerAboutLogin(authentication.getPrincipal(), authentication.getGroups());
        }
        AuthenticationStatus authenticationStatus = (AuthenticationStatus) invocationContext.proceed();
        if (!authenticationStatus.equals(AuthenticationStatus.SUCCESS)) {
            if (!authenticationStatus.equals(AuthenticationStatus.SEND_FAILURE)) {
                return authenticationStatus;
            }
            LoginToContinue loginToContinue2 = getLoginToContinue(invocationContext);
            return !loginToContinue2.errorPage().isEmpty() ? httpMessageContext.redirect(toAbsoluteUrl(httpMessageContext.getRequest(), loginToContinue2.errorPage())) : authenticationStatus;
        }
        if (httpMessageContext.getCallerPrincipal() != null && !LoginToContinueMechanism.matchRequest(httpMessageContext.getRequest())) {
            LoginToContinueMechanism.saveAuthentication(httpMessageContext.getRequest(), httpMessageContext.getCallerPrincipal(), httpMessageContext.getGroups());
            return httpMessageContext.redirect(LoginToContinueMechanism.getRequest(httpMessageContext.getRequest()).getRequestURLWithQueryString());
        }
        return AuthenticationStatus.SUCCESS;
    }

    private String toAbsoluteUrl(HttpServletRequest httpServletRequest, String str) {
        String stringBuffer = httpServletRequest.getRequestURL().toString();
        String str2 = stringBuffer.substring(0, stringBuffer.length() - httpServletRequest.getRequestURI().length()) + httpServletRequest.getContextPath();
        return (str2.endsWith("/") && str.startsWith("/")) ? str2.substring(0, str2.length() - 2) + str : str2 + str;
    }

    private boolean isOnInitialProtectedURL(HttpMessageContext httpMessageContext) {
        return httpMessageContext.isProtected() && !LoginToContinueMechanism.hasRequest(httpMessageContext.getRequest());
    }

    private boolean isOnLoginPostback(HttpMessageContext httpMessageContext) {
        return LoginToContinueMechanism.hasRequest(httpMessageContext.getRequest()) && !LoginToContinueMechanism.hasAuthentication(httpMessageContext.getRequest());
    }

    private boolean isOnOriginalURLAfterAuthenticate(HttpMessageContext httpMessageContext) {
        return LoginToContinueMechanism.hasRequest(httpMessageContext.getRequest()) && LoginToContinueMechanism.hasAuthentication(httpMessageContext.getRequest());
    }

    private LoginToContinue getLoginToContinue(InvocationContext invocationContext) {
        if (invocationContext.getTarget() instanceof LoginToContinueMechanism) {
            return ((LoginToContinueMechanism) invocationContext.getTarget()).getLoginToContinue();
        }
        throw new IllegalArgumentException();
    }
}
