package com.ibm.ws.security.javaeesec;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.TraceOptions;
import com.ibm.websphere.ras.annotation.Trivial;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.javaeesec.properties.ModulePropertiesUtils;
import jakarta.security.auth.message.AuthException;
import jakarta.security.auth.message.AuthStatus;
import jakarta.security.auth.message.MessageInfo;
import jakarta.security.auth.message.MessagePolicy;
import jakarta.security.auth.message.module.ServerAuthModule;
import jakarta.security.enterprise.AuthenticationException;
import jakarta.security.enterprise.AuthenticationStatus;
import jakarta.security.enterprise.authentication.mechanism.http.AuthenticationParameters;
import jakarta.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism;
import jakarta.security.enterprise.authentication.mechanism.http.HttpMessageContext;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
@TraceOptions
/* loaded from: input_file:com/ibm/ws/security/javaeesec/AuthModule.class */
public class AuthModule implements ServerAuthModule {
    private static final TraceComponent tc = Tr.register(AuthModule.class, "security", "com.ibm.ws.security.javaeesec.internal.resources.JavaEESecMessages");
    private static Class[] supportedMessageTypes = {HttpServletRequest.class, HttpServletResponse.class};
    private MessagePolicy requestPolicy;
    private CallbackHandler handler;
    private Map<String, String> options;
    static final long serialVersionUID = -5126565670194755750L;

    public Class[] getSupportedMessageTypes() {
        return supportedMessageTypes;
    }

    public void initialize(MessagePolicy messagePolicy, MessagePolicy messagePolicy2, CallbackHandler callbackHandler, Map map) throws AuthException {
        this.requestPolicy = messagePolicy;
        this.handler = callbackHandler;
        this.options = new HashMap();
        if (map != null) {
            this.options.putAll(map);
        }
        if (!tc.isDebugEnabled() || messagePolicy == null || messagePolicy.getTargetPolicies() == null) {
            return;
        }
        for (MessagePolicy.TargetPolicy targetPolicy : messagePolicy.getTargetPolicies()) {
            MessagePolicy.ProtectionPolicy protectionPolicy = targetPolicy.getProtectionPolicy();
            if (protectionPolicy != null) {
                Tr.debug(tc, "Target request ProtectionPolicy=" + protectionPolicy.getID(), new Object[0]);
            }
        }
    }

    public AuthStatus validateRequest(MessageInfo messageInfo, Subject subject, Subject subject2) throws AuthException {
        AuthStatus authStatus = AuthStatus.SEND_FAILURE;
        try {
            HttpAuthenticationMechanism httpAuthenticationMechanism = getModulePropertiesUtils().getHttpAuthenticationMechanism();
            HttpMessageContext createHttpMessageContext = createHttpMessageContext(messageInfo, subject);
            AuthStatus translateValidateRequestStatus = translateValidateRequestStatus(httpAuthenticationMechanism.validateRequest(createHttpMessageContext.getRequest(), createHttpMessageContext.getResponse(), createHttpMessageContext));
            registerSession(createHttpMessageContext);
            return translateValidateRequestStatus;
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.javaeesec.AuthModule", "92", this, new Object[]{messageInfo, subject, subject2});
            e.printStackTrace();
            AuthException authException = new AuthException(e.getMessage());
            authException.initCause(e);
            throw authException;
        }
    }

    public AuthStatus secureResponse(MessageInfo messageInfo, Subject subject) throws AuthException {
        AuthStatus authStatus = AuthStatus.SEND_FAILURE;
        try {
            HttpAuthenticationMechanism httpAuthenticationMechanism = getModulePropertiesUtils().getHttpAuthenticationMechanism();
            HttpMessageContext createHttpMessageContext = createHttpMessageContext(messageInfo, null);
            return translateSecureResponseStatus(httpAuthenticationMechanism.secureResponse(createHttpMessageContext.getRequest(), createHttpMessageContext.getResponse(), createHttpMessageContext));
        } catch (AuthenticationException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.javaeesec.AuthModule", "114", this, new Object[]{messageInfo, subject});
            e.printStackTrace();
            AuthException authException = new AuthException();
            authException.initCause(e);
            throw authException;
        }
    }

    public void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthException {
        HttpAuthenticationMechanism httpAuthenticationMechanism = getModulePropertiesUtils().getHttpAuthenticationMechanism();
        HttpMessageContext createHttpMessageContext = createHttpMessageContext(messageInfo, null);
        httpAuthenticationMechanism.cleanSubject(createHttpMessageContext.getRequest(), createHttpMessageContext.getResponse(), createHttpMessageContext);
    }

    protected HttpMessageContext createHttpMessageContext(MessageInfo messageInfo, Subject subject) {
        HttpMessageContextImpl httpMessageContextImpl;
        HttpServletRequest httpServletRequest = (HttpServletRequest) messageInfo.getRequestMessage();
        AuthenticationParameters authenticationParameters = (AuthenticationParameters) httpServletRequest.getAttribute(JavaEESecConstants.SECURITY_CONTEXT_AUTH_PARAMS);
        if (authenticationParameters != null) {
            httpServletRequest.removeAttribute(JavaEESecConstants.SECURITY_CONTEXT_AUTH_PARAMS);
            httpMessageContextImpl = new HttpMessageContextImpl(messageInfo, subject, this.handler, authenticationParameters);
        } else {
            httpMessageContextImpl = new HttpMessageContextImpl(messageInfo, subject, this.handler);
        }
        return httpMessageContextImpl;
    }

    protected ModulePropertiesUtils getModulePropertiesUtils() {
        return ModulePropertiesUtils.getInstance();
    }

    private AuthStatus translateValidateRequestStatus(AuthenticationStatus authenticationStatus) {
        AuthStatus authStatus = AuthStatus.SEND_FAILURE;
        return AuthenticationStatus.SUCCESS.equals(authenticationStatus) ? AuthStatus.SUCCESS : translateCommon(authenticationStatus);
    }

    private void registerSession(HttpMessageContext httpMessageContext) {
        if (httpMessageContext.isRegisterSession()) {
            httpMessageContext.getMessageInfo().getMap().put("jakarta.servlet.http.registerSession", Boolean.TRUE.toString());
        }
    }

    private AuthStatus translateSecureResponseStatus(AuthenticationStatus authenticationStatus) {
        AuthStatus authStatus = AuthStatus.SEND_FAILURE;
        return AuthenticationStatus.SUCCESS.equals(authenticationStatus) ? AuthStatus.SEND_SUCCESS : translateCommon(authenticationStatus);
    }

    @Trivial
    private AuthStatus translateCommon(AuthenticationStatus authenticationStatus) {
        AuthStatus authStatus = AuthStatus.SEND_FAILURE;
        if (AuthenticationStatus.SEND_FAILURE.equals(authenticationStatus)) {
            authStatus = AuthStatus.SEND_FAILURE;
        } else if (AuthenticationStatus.SEND_CONTINUE.equals(authenticationStatus)) {
            authStatus = AuthStatus.SEND_CONTINUE;
        } else if (AuthenticationStatus.NOT_DONE.equals(authenticationStatus)) {
            authStatus = AuthStatus.SUCCESS;
        }
        return authStatus;
    }
}
