package com.ibm.ws.security.javaeesec.cdi.extensions;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.TraceOptions;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.authentication.principals.WSPrincipal;
import com.ibm.ws.security.authentication.utility.SubjectHelper;
import com.ibm.ws.security.authorization.AuthorizationService;
import com.ibm.ws.security.context.SubjectManager;
import com.ibm.ws.security.intfc.SubjectManagerService;
import com.ibm.ws.security.mp.jwt.proxy.MpJwtHelper;
import com.ibm.ws.threadContext.ComponentMetaDataAccessorImpl;
import com.ibm.ws.webcontainer.security.metadata.MatchResponse;
import com.ibm.ws.webcontainer.security.metadata.SecurityConstraintCollection;
import com.ibm.ws.webcontainer.security.metadata.SecurityMetadata;
import com.ibm.ws.webcontainer.security.util.WebConfigUtils;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.enterprise.AuthenticationStatus;
import javax.security.enterprise.SecurityContext;
import javax.security.enterprise.authentication.mechanism.http.AuthenticationParameters;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
@TraceOptions
/* loaded from: input_file:com/ibm/ws/security/javaeesec/cdi/extensions/SecurityContextImpl.class */
public class SecurityContextImpl implements SecurityContext {
    private static final TraceComponent tc = Tr.register(SecurityContextImpl.class, "security", "com.ibm.ws.security.javaeesec.cdi.internal.resources.JavaEESecMessages");
    private final SubjectManager subjectManager = null;
    static final long serialVersionUID = 4163187217859485298L;

    public AuthenticationStatus authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationParameters authenticationParameters) {
        AuthenticationStatus authenticationStatus = AuthenticationStatus.SEND_FAILURE;
        httpServletRequest.setAttribute("com.ibm.ws.security.javaeesec.auth.params", authenticationParameters);
        try {
            if (httpServletRequest.authenticate(httpServletResponse)) {
                authenticationStatus = AuthenticationStatus.SUCCESS;
            }
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.javaeesec.cdi.extensions.SecurityContextImpl", "68", this, new Object[]{httpServletRequest, httpServletResponse, authenticationParameters});
            e.printStackTrace();
        }
        return authenticationStatus;
    }

    public Principal getCallerPrincipal() {
        String str = null;
        Subject callerSubject = getCallerSubject();
        if (callerSubject == null || new SubjectHelper().isUnauthenticated(callerSubject)) {
            return null;
        }
        Principal jsonWebTokenPricipal = MpJwtHelper.getJsonWebTokenPricipal(callerSubject);
        if (jsonWebTokenPricipal != null) {
            return jsonWebTokenPricipal;
        }
        WSCredential wSCredential = getWSCredential(callerSubject);
        if (wSCredential == null) {
            return null;
        }
        try {
            Principal principal = (Principal) wSCredential.get("com.ibm.wsspi.security.cred.jaspi.principal");
            if (principal != null) {
                return principal;
            }
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.javaeesec.cdi.extensions.SecurityContextImpl", "117", this, new Object[0]);
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Internal error getting JASPIC Principal from credential", new Object[]{e});
            }
        }
        try {
            str = wSCredential.getSecurityName();
        } catch (Exception e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.javaeesec.cdi.extensions.SecurityContextImpl", "126", this, new Object[0]);
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Error getting securityName from WSCredential", new Object[]{e2});
            }
        }
        WSPrincipal wSPrincipal = null;
        if (str != null) {
            Set principals = callerSubject.getPrincipals(WSPrincipal.class);
            if (!principals.isEmpty()) {
                WSPrincipal wSPrincipal2 = (WSPrincipal) principals.iterator().next();
                wSPrincipal = new WSPrincipal(str, wSPrincipal2.getAccessId(), wSPrincipal2.getAuthenticationMethod());
            }
            if (wSPrincipal != null) {
                return wSPrincipal;
            }
        }
        Set<Principal> principals2 = callerSubject.getPrincipals();
        if (principals2.size() > 0) {
            for (Principal principal2 : principals2) {
                if (principal2 instanceof WSPrincipal) {
                    return principal2;
                }
            }
        }
        return principals2.iterator().next();
    }

    private WSCredential getWSCredential(Subject subject) {
        WSCredential wSCredential = null;
        Iterator it = subject.getPublicCredentials(WSCredential.class).iterator();
        if (it.hasNext()) {
            wSCredential = (WSCredential) it.next();
        }
        return wSCredential;
    }

    public <T extends Principal> Set<T> getPrincipalsByType(Class<T> cls) {
        Subject callerSubject = getCallerSubject();
        if (callerSubject != null) {
            return callerSubject.getPrincipals(cls);
        }
        return null;
    }

    public boolean hasAccessToWebResource(String str, String... strArr) {
        List roles;
        String applicationName = getApplicationName();
        SecurityMetadata securityMetadata = WebConfigUtils.getSecurityMetadata();
        SecurityConstraintCollection securityConstraintCollection = securityMetadata != null ? securityMetadata.getSecurityConstraintCollection() : null;
        if (null == securityConstraintCollection) {
            return false;
        }
        AuthorizationService authorizationService = SecurityContextHelper.getAuthorizationService();
        Subject callerSubject = getCallerSubject();
        for (MatchResponse matchResponse : securityConstraintCollection.getMatchResponses(str, strArr)) {
            if (matchResponse.equals(MatchResponse.NO_MATCH_RESPONSE)) {
                return true;
            }
            if (!matchResponse.isAccessPrecluded() && ((roles = matchResponse.getRoles()) == null || roles.isEmpty() || authorizationService.isAuthorized(applicationName, roles, callerSubject))) {
                return true;
            }
        }
        return false;
    }

    public boolean isCallerInRole(String str) {
        Subject callerSubject = getCallerSubject();
        AuthorizationService authorizationService = SecurityContextHelper.getAuthorizationService();
        if (authorizationService == null) {
            return false;
        }
        String applicationName = getApplicationName();
        ArrayList arrayList = new ArrayList();
        arrayList.add(str);
        return authorizationService.isAuthorized(applicationName, arrayList, callerSubject);
    }

    private Subject getCallerSubject() {
        SubjectManagerService subjectManagerService = SecurityContextHelper.getSubjectManagerService();
        if (subjectManagerService != null) {
            return subjectManagerService.getCallerSubject();
        }
        return null;
    }

    private String getApplicationName() {
        return ComponentMetaDataAccessorImpl.getComponentMetaDataAccessor().getComponentMetaData().getJ2EEName().getApplication();
    }
}
