package com.ibm.ws.security.javaeesec;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.TraceOptions;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import jakarta.security.auth.message.MessageInfo;
import jakarta.security.auth.message.callback.CallerPrincipalCallback;
import jakarta.security.auth.message.callback.GroupPrincipalCallback;
import jakarta.security.enterprise.AuthenticationStatus;
import jakarta.security.enterprise.authentication.mechanism.http.AuthenticationParameters;
import jakarta.security.enterprise.authentication.mechanism.http.HttpMessageContext;
import jakarta.security.enterprise.identitystore.CredentialValidationResult;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.security.Principal;
import java.util.Collections;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
@TraceOptions
/* loaded from: input_file:com/ibm/ws/security/javaeesec/HttpMessageContextImpl.class */
public class HttpMessageContextImpl implements HttpMessageContext {
    private static final TraceComponent tc = Tr.register(HttpMessageContextImpl.class, "security", "com.ibm.ws.security.javaeesec.internal.resources.JavaEESecMessages");
    private final MessageInfo messageInfo;
    private final Subject clientSubject;
    private final CallbackHandler handler;
    private HttpServletRequest request;
    private HttpServletResponse response;
    private Principal principal;
    private Set<String> groups;
    private boolean isRegisterSession;
    private AuthenticationParameters authenticationParameters;
    private boolean isAuthenticationRequest;
    private CredentialValidationResult result;
    static final long serialVersionUID = -873230647639194221L;

    public HttpMessageContextImpl(MessageInfo messageInfo, Subject subject, CallbackHandler callbackHandler) {
        this.principal = null;
        this.groups = Collections.emptySet();
        this.isRegisterSession = false;
        this.authenticationParameters = new AuthenticationParameters();
        this.isAuthenticationRequest = false;
        this.messageInfo = messageInfo;
        this.clientSubject = subject;
        this.handler = callbackHandler;
        this.request = (HttpServletRequest) messageInfo.getRequestMessage();
        this.response = (HttpServletResponse) messageInfo.getResponseMessage();
    }

    public HttpMessageContextImpl(MessageInfo messageInfo, Subject subject, CallbackHandler callbackHandler, AuthenticationParameters authenticationParameters) {
        this(messageInfo, subject, callbackHandler);
        this.authenticationParameters = authenticationParameters;
        this.isAuthenticationRequest = true;
        this.request = (HttpServletRequest) messageInfo.getRequestMessage();
        this.response = (HttpServletResponse) messageInfo.getResponseMessage();
    }

    public void cleanClientSubject() {
    }

    public AuthenticationStatus doNothing() {
        return AuthenticationStatus.NOT_DONE;
    }

    public AuthenticationStatus forward(String str) {
        try {
            this.request.getRequestDispatcher(str).forward(this.request, this.response);
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.javaeesec.HttpMessageContextImpl", "117", this, new Object[]{str});
        }
        return AuthenticationStatus.SEND_CONTINUE;
    }

    public AuthenticationParameters getAuthParameters() {
        return this.authenticationParameters;
    }

    public Principal getCallerPrincipal() {
        return this.principal;
    }

    public Subject getClientSubject() {
        return this.clientSubject;
    }

    public Set<String> getGroups() {
        return this.groups;
    }

    public CallbackHandler getHandler() {
        return this.handler;
    }

    public MessageInfo getMessageInfo() {
        return this.messageInfo;
    }

    public HttpServletRequest getRequest() {
        return this.request;
    }

    public HttpServletResponse getResponse() {
        return this.response;
    }

    public boolean isAuthenticationRequest() {
        return this.isAuthenticationRequest;
    }

    public boolean isProtected() {
        return ((String) this.messageInfo.getMap().get("jakarta.security.auth.message.MessagePolicy.isMandatory")).equalsIgnoreCase("TRUE");
    }

    public boolean isRegisterSession() {
        return this.isRegisterSession;
    }

    public AuthenticationStatus notifyContainerAboutLogin(CredentialValidationResult credentialValidationResult) {
        if (!CredentialValidationResult.Status.VALID.equals(credentialValidationResult.getStatus())) {
            return AuthenticationStatus.SEND_FAILURE;
        }
        this.result = credentialValidationResult;
        return notifyContainerAboutLogin((Principal) credentialValidationResult.getCallerPrincipal(), credentialValidationResult.getCallerGroups());
    }

    public AuthenticationStatus notifyContainerAboutLogin(Principal principal, Set<String> set) {
        try {
            this.principal = principal;
            this.groups = Collections.unmodifiableSet(set);
            this.handler.handle(new Callback[]{getRealmNameCallback(), new CallerPrincipalCallback(this.clientSubject, principal), new GroupPrincipalCallback(this.clientSubject, (String[]) set.toArray(new String[0]))});
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.javaeesec.HttpMessageContextImpl", "263", this, new Object[]{principal, set});
        }
        return AuthenticationStatus.SUCCESS;
    }

    private NameCallback getRealmNameCallback() {
        NameCallback nameCallback = new NameCallback("com.ibm.wsspi.security.cred.realm");
        nameCallback.setName(getRealm());
        return nameCallback;
    }

    private String getRealm() {
        String str = JavaEESecConstants.DEFAULT_REALM;
        if (this.result != null) {
            String identityStoreId = this.result.getIdentityStoreId();
            if (identityStoreId != null && !identityStoreId.trim().isEmpty()) {
                str = identityStoreId;
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "The identity store id is not defined, \"defaultRealm\" is used.", new Object[0]);
            }
        }
        return str;
    }

    public AuthenticationStatus notifyContainerAboutLogin(String str, Set<String> set) {
        try {
            this.groups = Collections.unmodifiableSet(set);
            this.handler.handle(new Callback[]{new CallerPrincipalCallback(this.clientSubject, str), new GroupPrincipalCallback(this.clientSubject, (String[]) set.toArray(new String[0]))});
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.javaeesec.HttpMessageContextImpl", "303", this, new Object[]{str, set});
        }
        return AuthenticationStatus.SUCCESS;
    }

    public AuthenticationStatus redirect(String str) {
        try {
            this.response.setStatus(302);
            this.response.sendRedirect(this.response.encodeURL(str));
        } catch (IOException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.javaeesec.HttpMessageContextImpl", "319", this, new Object[]{str});
        }
        return AuthenticationStatus.SEND_CONTINUE;
    }

    public AuthenticationStatus responseNotFound() {
        this.response.setStatus(404);
        return AuthenticationStatus.SEND_FAILURE;
    }

    public AuthenticationStatus responseUnauthorized() {
        this.response.setStatus(401);
        return AuthenticationStatus.SEND_FAILURE;
    }

    public void setRegisterSession(String str, Set<String> set) {
        this.isRegisterSession = true;
    }

    public void setRequest(HttpServletRequest httpServletRequest) {
        this.request = httpServletRequest;
    }

    public void setResponse(HttpServletResponse httpServletResponse) {
        this.response = httpServletResponse;
    }

    public HttpMessageContext withRequest(HttpServletRequest httpServletRequest) {
        this.request = httpServletRequest;
        return this;
    }
}
