package web.jar.mechanisms.appllogintocontinue.forward;

import java.lang.annotation.Annotation;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.Hashtable;
import java.util.Set;
import java.util.logging.Logger;
import javax.enterprise.context.ApplicationScoped;
import javax.enterprise.inject.Default;
import javax.enterprise.inject.Instance;
import javax.enterprise.inject.spi.CDI;
import javax.security.auth.Subject;
import javax.security.enterprise.AuthenticationException;
import javax.security.enterprise.AuthenticationStatus;
import javax.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism;
import javax.security.enterprise.authentication.mechanism.http.HttpMessageContext;
import javax.security.enterprise.authentication.mechanism.http.LoginToContinue;
import javax.security.enterprise.credential.Credential;
import javax.security.enterprise.credential.UsernamePasswordCredential;
import javax.security.enterprise.identitystore.CredentialValidationResult;
import javax.security.enterprise.identitystore.IdentityStoreHandler;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@LoginToContinue(errorPage = "/loginError.jsp", loginPage = "/login.jsp")
@Default
@ApplicationScoped
/* loaded from: input_file:web/jar/mechanisms/appllogintocontinue/forward/LoginToContinueMechanismForward.class */
public class LoginToContinueMechanismForward implements HttpAuthenticationMechanism {
    private static Logger log = Logger.getLogger(LoginToContinueMechanismForward.class.getName());

    public AuthenticationStatus validateRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpMessageContext httpMessageContext) throws AuthenticationException {
        AuthenticationStatus authenticationStatus;
        AuthenticationStatus authenticationStatus2 = AuthenticationStatus.SEND_FAILURE;
        Subject clientSubject = httpMessageContext.getClientSubject();
        HttpServletRequest request = httpMessageContext.getRequest();
        HttpServletResponse response = httpMessageContext.getResponse();
        String str = null;
        String str2 = null;
        String method = request.getMethod();
        String requestURI = request.getRequestURI();
        if ("POST".equalsIgnoreCase(method) && requestURI.contains("/j_security_check")) {
            str = request.getParameter("j_username");
            str2 = request.getParameter("j_password");
        }
        log.info("method : " + method + ", URI : " + requestURI + ", j_username : " + str);
        if (httpMessageContext.isAuthenticationRequest()) {
            authenticationStatus = (str == null || str2 == null) ? AuthenticationStatus.SEND_CONTINUE : handleFormLogin(str, str2, response, clientSubject, httpMessageContext);
        } else if (str != null && str2 != null) {
            authenticationStatus = handleFormLogin(str, str2, response, clientSubject, httpMessageContext);
        } else if (httpMessageContext.isProtected()) {
            authenticationStatus = AuthenticationStatus.SEND_CONTINUE;
        } else {
            log.info("both isAuthenticationRequest and isProtected returns false. returing NOT_DONE,");
            authenticationStatus = AuthenticationStatus.NOT_DONE;
        }
        log.info("validateRequest: status : " + authenticationStatus);
        return authenticationStatus;
    }

    public AuthenticationStatus secureResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpMessageContext httpMessageContext) throws AuthenticationException {
        log.info("secureResponse");
        return AuthenticationStatus.SUCCESS;
    }

    public void cleanSubject(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpMessageContext httpMessageContext) {
        log.info("cleanSubject");
    }

    private AuthenticationStatus handleFormLogin(String str, String str2, HttpServletResponse httpServletResponse, Subject subject, HttpMessageContext httpMessageContext) throws AuthenticationException {
        AuthenticationStatus authenticationStatus = AuthenticationStatus.SEND_FAILURE;
        int i = 403;
        AuthenticationStatus validateUserAndPassword = validateUserAndPassword(getCDI(), "defaultRealm", subject, new UsernamePasswordCredential(str, str2), httpMessageContext);
        if (validateUserAndPassword == AuthenticationStatus.SUCCESS) {
            httpMessageContext.getMessageInfo().getMap().put("javax.servlet.http.authType", "JASPI_AUTH");
            i = 200;
        }
        httpServletResponse.setStatus(i);
        return validateUserAndPassword;
    }

    protected CDI getCDI() {
        return CDI.current();
    }

    protected AuthenticationStatus validateUserAndPassword(CDI cdi, String str, Subject subject, UsernamePasswordCredential usernamePasswordCredential, HttpMessageContext httpMessageContext) throws AuthenticationException {
        return validateCredential(cdi, str, subject, usernamePasswordCredential, httpMessageContext);
    }

    protected AuthenticationStatus validateCredential(CDI cdi, String str, Subject subject, Credential credential, HttpMessageContext httpMessageContext) throws AuthenticationException {
        AuthenticationStatus authenticationStatus = AuthenticationStatus.SEND_FAILURE;
        IdentityStoreHandler identityStoreHandler = getIdentityStoreHandler(cdi);
        if (identityStoreHandler != null) {
            authenticationStatus = validateWithIdentityStore(str, subject, credential, identityStoreHandler, httpMessageContext);
        } else {
            log.severe("IdentityStoreHandler object is not found.");
        }
        if (identityStoreHandler == null || authenticationStatus == AuthenticationStatus.NOT_DONE) {
            log.severe("login is not completed.");
        }
        return authenticationStatus;
    }

    private AuthenticationStatus validateWithIdentityStore(String str, Subject subject, Credential credential, IdentityStoreHandler identityStoreHandler, HttpMessageContext httpMessageContext) {
        AuthenticationStatus authenticationStatus = AuthenticationStatus.SEND_FAILURE;
        CredentialValidationResult validate = identityStoreHandler.validate(credential);
        if (validate.getStatus() == CredentialValidationResult.Status.VALID) {
            setLoginHashtable(str, subject, validate);
            authenticationStatus = AuthenticationStatus.SUCCESS;
        } else if (validate.getStatus() == CredentialValidationResult.Status.NOT_VALIDATED) {
            authenticationStatus = AuthenticationStatus.NOT_DONE;
        }
        return authenticationStatus;
    }

    private void setLoginHashtable(String str, Subject subject, CredentialValidationResult credentialValidationResult) {
        Hashtable<String, Object> subjectHashtable = getSubjectHashtable(subject);
        String name = credentialValidationResult.getCallerPrincipal().getName();
        String callerUniqueId = credentialValidationResult.getCallerUniqueId();
        String identityStoreId = credentialValidationResult.getIdentityStoreId();
        String str2 = identityStoreId != null ? identityStoreId : str;
        String str3 = callerUniqueId != null ? callerUniqueId : name;
        setCommonAttributes(subjectHashtable, str2, name);
        setUniqueId(subjectHashtable, str2, str3);
        setGroups(subjectHashtable, credentialValidationResult.getCallerGroups());
    }

    private void setCommonAttributes(Hashtable<String, Object> hashtable, String str, String str2) {
        hashtable.put("com.ibm.ws.authentication.internal.assertion", Boolean.TRUE);
        hashtable.put("com.ibm.wsspi.security.cred.realm", str);
        hashtable.put("com.ibm.wsspi.security.cred.userId", str2);
        hashtable.put("com.ibm.wsspi.security.cred.securityName", str2);
    }

    private void setUniqueId(Hashtable<String, Object> hashtable, String str, String str2) {
        hashtable.put("com.ibm.wsspi.security.cred.uniqueId", "user:" + str + "/" + str2);
    }

    private void setGroups(Hashtable<String, Object> hashtable, Set<String> set) {
        if (set == null || set.isEmpty()) {
            hashtable.put("com.ibm.wsspi.security.cred.groups", new ArrayList());
        } else {
            hashtable.put("com.ibm.wsspi.security.cred.groups", new ArrayList(set));
        }
    }

    private Hashtable<String, Object> getSubjectHashtable(Subject subject) {
        Hashtable<String, Object> subjectExistingHashtable = getSubjectExistingHashtable(subject);
        if (subjectExistingHashtable == null) {
            subjectExistingHashtable = createNewSubjectHashtable(subject);
        }
        return subjectExistingHashtable;
    }

    private Hashtable<String, Object> getSubjectExistingHashtable(final Subject subject) {
        if (subject == null) {
            return null;
        }
        return (Hashtable) AccessController.doPrivileged(new PrivilegedAction<Hashtable<String, Object>>() { // from class: web.jar.mechanisms.appllogintocontinue.forward.LoginToContinueMechanismForward.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Hashtable<String, Object> run() {
                Set privateCredentials = subject.getPrivateCredentials(Hashtable.class);
                if (privateCredentials == null || privateCredentials.isEmpty()) {
                    return null;
                }
                return (Hashtable) privateCredentials.iterator().next();
            }
        });
    }

    private Hashtable<String, Object> createNewSubjectHashtable(final Subject subject) {
        return (Hashtable) AccessController.doPrivileged(new PrivilegedAction<Hashtable<String, Object>>() { // from class: web.jar.mechanisms.appllogintocontinue.forward.LoginToContinueMechanismForward.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Hashtable<String, Object> run() {
                Hashtable<String, Object> hashtable = new Hashtable<>();
                subject.getPrivateCredentials().add(hashtable);
                return hashtable;
            }
        });
    }

    private IdentityStoreHandler getIdentityStoreHandler(CDI cdi) {
        IdentityStoreHandler identityStoreHandler = null;
        Instance select = cdi.select(IdentityStoreHandler.class, new Annotation[0]);
        if (!select.isUnsatisfied() && !select.isAmbiguous()) {
            identityStoreHandler = (IdentityStoreHandler) select.get();
        }
        return identityStoreHandler;
    }
}
