package com.ibm.ws.security.javaeesec.cdi.extensions;

import com.ibm.websphere.ras.ProtectedString;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.javaeesec.CDIHelper;
import com.ibm.ws.webcontainer.security.CookieHelper;
import com.ibm.wsspi.webcontainer.servlet.IExtendedResponse;
import java.lang.reflect.Method;
import java.security.AccessController;
import java.security.PrivilegedAction;
import javax.annotation.Priority;
import javax.el.ELProcessor;
import javax.interceptor.AroundInvoke;
import javax.interceptor.Interceptor;
import javax.interceptor.InvocationContext;
import javax.security.enterprise.AuthenticationStatus;
import javax.security.enterprise.authentication.mechanism.http.AuthenticationParameters;
import javax.security.enterprise.authentication.mechanism.http.HttpMessageContext;
import javax.security.enterprise.authentication.mechanism.http.RememberMe;
import javax.security.enterprise.credential.RememberMeCredential;
import javax.security.enterprise.identitystore.CredentialValidationResult;
import javax.security.enterprise.identitystore.RememberMeIdentityStore;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@InjectedFFDC
@TraceObjectField(fieldName = "$$$tc$$$", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
@RememberMe
@Priority(210)
@Interceptor
/* loaded from: input_file:com/ibm/ws/security/javaeesec/cdi/extensions/RememberMeInterceptor.class */
public class RememberMeInterceptor {
    static final long serialVersionUID = 5584166352054868707L;
    private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(RememberMeInterceptor.class);

    /* JADX INFO: Access modifiers changed from: private */
    @InjectedFFDC
    @TraceObjectField(fieldName = "$$$tc$$$", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
    /* loaded from: input_file:com/ibm/ws/security/javaeesec/cdi/extensions/RememberMeInterceptor$RememberMeWrapper.class */
    public class RememberMeWrapper {
        private final InvocationContext invocationContext;
        private String cookieName;
        static final long serialVersionUID = -7106952636007392414L;
        private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(RememberMeWrapper.class);
        private Boolean isSecure = null;
        private final RememberMe rememberMe = getRememberMe();
        private final HttpMessageContext httpMessageContext = getHttpMessageContext();
        private final ELProcessor elProcessor = getELProcessorIfNeeded();

        public RememberMeWrapper(InvocationContext invocationContext) {
            this.cookieName = null;
            this.invocationContext = invocationContext;
            this.cookieName = getCookieName();
        }

        private RememberMe getRememberMe() {
            return this.invocationContext.getTarget().getClass().getAnnotation(RememberMe.class);
        }

        private HttpMessageContext getHttpMessageContext() {
            return (HttpMessageContext) this.invocationContext.getParameters()[2];
        }

        private ELProcessor getELProcessorIfNeeded() {
            ELProcessor eLProcessor = null;
            if (isAnyELExpressionSet()) {
                eLProcessor = RememberMeInterceptor.this.getELProcessorWithAppModuleBeanManagerELResolver();
                eLProcessor.defineBean("httpMessageContext", this.httpMessageContext);
                eLProcessor.defineBean("self", this.invocationContext.getTarget());
            }
            return eLProcessor;
        }

        private boolean isAnyELExpressionSet() {
            return (this.rememberMe.isRememberMeExpression().isEmpty() && this.rememberMe.cookieSecureOnlyExpression().isEmpty() && this.rememberMe.cookieMaxAgeSecondsExpression().isEmpty() && this.rememberMe.cookieHttpOnlyExpression().isEmpty() && !this.rememberMe.cookieName().startsWith("${") && !this.rememberMe.cookieName().startsWith("#{")) ? false : true;
        }

        private String getCookieName() {
            String cookieName = this.rememberMe.cookieName();
            if (cookieName.startsWith("${") || cookieName.startsWith("#{")) {
                cookieName = (String) processExpression(this.elProcessor, cookieName);
            }
            return cookieName;
        }

        public AuthenticationStatus interceptValidateRequest() throws Exception {
            AuthenticationStatus authenticationStatus = AuthenticationStatus.SUCCESS;
            HttpServletRequest request = this.httpMessageContext.getRequest();
            ProtectedString rememberMeCookieValue = getRememberMeCookieValue(request);
            CredentialValidationResult credentialValidationResult = CredentialValidationResult.INVALID_RESULT;
            RememberMeIdentityStore rememberMeIdentityStore = RememberMeInterceptor.this.getRememberMeIdentityStore();
            if (rememberMeCookieValue != null) {
                credentialValidationResult = authenticateWithRememberMeCookie(request, rememberMeCookieValue, rememberMeIdentityStore);
            }
            if (!CredentialValidationResult.Status.VALID.equals(credentialValidationResult.getStatus())) {
                authenticationStatus = authenticateAndRemember(rememberMeIdentityStore);
            }
            return authenticationStatus;
        }

        private CredentialValidationResult authenticateWithRememberMeCookie(HttpServletRequest httpServletRequest, ProtectedString protectedString, RememberMeIdentityStore rememberMeIdentityStore) {
            CredentialValidationResult validate = rememberMeIdentityStore.validate(new RememberMeCredential(new String(protectedString.getChars())));
            if (CredentialValidationResult.Status.VALID.equals(validate.getStatus())) {
                this.httpMessageContext.notifyContainerAboutLogin(validate.getCallerPrincipal(), validate.getCallerGroups());
            } else {
                removeCookie(httpServletRequest, this.httpMessageContext.getResponse());
            }
            return validate;
        }

        private AuthenticationStatus authenticateAndRemember(RememberMeIdentityStore rememberMeIdentityStore) throws Exception {
            AuthenticationStatus authenticationStatus = (AuthenticationStatus) this.invocationContext.proceed();
            if (AuthenticationStatus.SUCCESS.equals(authenticationStatus) && isRememberMe()) {
                setRememberMeCookieInResponse(new ProtectedString(rememberMeIdentityStore.generateLoginToken(this.httpMessageContext.getCallerPrincipal(), this.httpMessageContext.getGroups()).toCharArray()), this.httpMessageContext.getResponse());
            }
            return authenticationStatus;
        }

        public Void interceptCleanSubject() {
            HttpServletRequest request = this.httpMessageContext.getRequest();
            ProtectedString rememberMeCookieValue = getRememberMeCookieValue(request);
            if (rememberMeCookieValue == null) {
                return null;
            }
            removeCookie(request, this.httpMessageContext.getResponse());
            RememberMeInterceptor.this.getRememberMeIdentityStore().removeLoginToken(new String(rememberMeCookieValue.getChars()));
            return null;
        }

        private ProtectedString getRememberMeCookieValue(HttpServletRequest httpServletRequest) {
            ProtectedString protectedString = null;
            String[] cookieValues = CookieHelper.getCookieValues(httpServletRequest.getCookies(), this.cookieName);
            if (cookieValues != null) {
                protectedString = new ProtectedString(cookieValues[0].toCharArray());
            }
            return protectedString;
        }

        private void removeCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
            if (!httpServletResponse.isCommitted() && (httpServletResponse instanceof IExtendedResponse)) {
                ((IExtendedResponse) httpServletResponse).removeCookie(this.cookieName);
            }
            httpServletResponse.addCookie(createRemovalCookie("", 0));
        }

        private Cookie createRemovalCookie(@Sensitive final String str, int i) {
            Cookie cookie = (Cookie) AccessController.doPrivileged(new PrivilegedAction<Cookie>() { // from class: com.ibm.ws.security.javaeesec.cdi.extensions.RememberMeInterceptor.RememberMeWrapper.1
                static final long serialVersionUID = 2240727597913592142L;
                private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(AnonymousClass1.class);

                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public Cookie run() {
                    return new Cookie(RememberMeWrapper.this.cookieName, str);
                }
            });
            setCommonCookieAttributes(i, cookie);
            return cookie;
        }

        private Cookie createCookie(final ProtectedString protectedString, int i) {
            Cookie cookie = (Cookie) AccessController.doPrivileged(new PrivilegedAction<Cookie>() { // from class: com.ibm.ws.security.javaeesec.cdi.extensions.RememberMeInterceptor.RememberMeWrapper.2
                static final long serialVersionUID = 8403875955057585660L;
                private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(AnonymousClass2.class);

                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public Cookie run() {
                    return new Cookie(RememberMeWrapper.this.cookieName, new String(protectedString.getChars()));
                }
            });
            setCommonCookieAttributes(i, cookie);
            return cookie;
        }

        private void setCommonCookieAttributes(int i, Cookie cookie) {
            cookie.setMaxAge(i);
            cookie.setPath("/");
            cookie.setSecure(isSecure());
            cookie.setHttpOnly(isHttpOnly());
        }

        private boolean isSecure() {
            if (this.isSecure == null) {
                String cookieSecureOnlyExpression = this.rememberMe.cookieSecureOnlyExpression();
                if (cookieSecureOnlyExpression.isEmpty()) {
                    this.isSecure = Boolean.valueOf(this.rememberMe.cookieSecureOnly());
                } else {
                    this.isSecure = (Boolean) processExpression(this.elProcessor, cookieSecureOnlyExpression);
                }
            }
            return this.isSecure.booleanValue();
        }

        private boolean isHttpOnly() {
            String cookieHttpOnlyExpression = this.rememberMe.cookieHttpOnlyExpression();
            return cookieHttpOnlyExpression.isEmpty() ? this.rememberMe.cookieHttpOnly() : ((Boolean) processExpression(this.elProcessor, cookieHttpOnlyExpression)).booleanValue();
        }

        private void setRememberMeCookieInResponse(ProtectedString protectedString, HttpServletResponse httpServletResponse) {
            httpServletResponse.addCookie(createCookie(protectedString, getCookieMaxAgeInSeconds()));
        }

        private int getCookieMaxAgeInSeconds() {
            String cookieMaxAgeSecondsExpression = this.rememberMe.cookieMaxAgeSecondsExpression();
            return cookieMaxAgeSecondsExpression.isEmpty() ? this.rememberMe.cookieMaxAgeSeconds() : ((Integer) processExpression(this.elProcessor, cookieMaxAgeSecondsExpression)).intValue();
        }

        private boolean isRememberMe() {
            AuthenticationParameters authParameters;
            if (this.httpMessageContext.isAuthenticationRequest() && (authParameters = this.httpMessageContext.getAuthParameters()) != null) {
                return authParameters.isRememberMe();
            }
            String isRememberMeExpression = this.rememberMe.isRememberMeExpression();
            return isRememberMeExpression.isEmpty() ? this.rememberMe.isRememberMe() : ((Boolean) processExpression(this.elProcessor, isRememberMeExpression)).booleanValue();
        }

        private <T> T processExpression(ELProcessor eLProcessor, String str) {
            return (T) eLProcessor.eval(removeBrackets(str));
        }

        private String removeBrackets(String str) {
            if ((str.startsWith("${") || str.startsWith("#{")) && str.endsWith("}")) {
                str = str.substring(2, str.length() - 1);
            }
            return str;
        }
    }

    @AroundInvoke
    public Object intercept(InvocationContext invocationContext) throws Exception {
        Method method = invocationContext.getMethod();
        return "validateRequest".equals(method.getName()) ? new RememberMeWrapper(invocationContext).interceptValidateRequest() : "cleanSubject".equals(method.getName()) ? new RememberMeWrapper(invocationContext).interceptCleanSubject() : invocationContext.proceed();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public RememberMeIdentityStore getRememberMeIdentityStore() {
        return (RememberMeIdentityStore) CDIHelper.getBeanFromCurrentModule(RememberMeIdentityStore.class);
    }

    protected ELProcessor getELProcessorWithAppModuleBeanManagerELResolver() {
        return CDIHelper.getELProcessor();
    }
}
