package web.jar.mechanisms.applcustom;

import java.lang.annotation.Annotation;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.Hashtable;
import java.util.Set;
import java.util.logging.Logger;
import javax.enterprise.context.ApplicationScoped;
import javax.enterprise.inject.Default;
import javax.enterprise.inject.spi.CDI;
import javax.security.auth.Subject;
import javax.security.enterprise.AuthenticationException;
import javax.security.enterprise.AuthenticationStatus;
import javax.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism;
import javax.security.enterprise.authentication.mechanism.http.HttpMessageContext;
import javax.security.enterprise.credential.UsernamePasswordCredential;
import javax.security.enterprise.identitystore.CredentialValidationResult;
import javax.security.enterprise.identitystore.IdentityStoreHandler;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@Default
@ApplicationScoped
/* loaded from: input_file:web/jar/mechanisms/applcustom/CustomHeaderHAMforJar.class */
public class CustomHeaderHAMforJar implements HttpAuthenticationMechanism {
    private static Logger log = Logger.getLogger(CustomHeaderHAMforJar.class.getName());

    public AuthenticationStatus validateRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpMessageContext httpMessageContext) throws AuthenticationException {
        log.info("validateRequest");
        AuthenticationStatus authenticationStatus = AuthenticationStatus.SEND_FAILURE;
        Subject clientSubject = httpMessageContext.getClientSubject();
        String header = httpMessageContext.getRequest().getHeader("CustomHAM");
        if (httpMessageContext.isAuthenticationRequest()) {
            if (header != null) {
                authenticationStatus = handleAuthorizationHeader(header, clientSubject, httpMessageContext);
            }
        } else if (header != null) {
            authenticationStatus = handleAuthorizationHeader(header, clientSubject, httpMessageContext);
        } else if (!httpMessageContext.isProtected()) {
            log.info("isProtected returns false. returing NOT_DONE,");
            authenticationStatus = AuthenticationStatus.NOT_DONE;
        }
        return authenticationStatus;
    }

    public AuthenticationStatus secureResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpMessageContext httpMessageContext) throws AuthenticationException {
        log.info("secureResponse");
        return AuthenticationStatus.SUCCESS;
    }

    public void cleanSubject(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpMessageContext httpMessageContext) {
    }

    private AuthenticationStatus handleAuthorizationHeader(String str, Subject subject, HttpMessageContext httpMessageContext) throws AuthenticationException {
        AuthenticationStatus authenticationStatus = AuthenticationStatus.SEND_FAILURE;
        int i = 403;
        String[] split = str.split(":");
        if (split.length == 2) {
            CredentialValidationResult validateUserAndPassword = validateUserAndPassword(new UsernamePasswordCredential(split[0], split[1]));
            if (validateUserAndPassword.getStatus() == CredentialValidationResult.Status.VALID) {
                setLoginHashtable(subject, validateUserAndPassword);
                httpMessageContext.getMessageInfo().getMap().put("javax.servlet.http.authType", "JASPI_AUTH");
                i = 200;
                authenticationStatus = AuthenticationStatus.SUCCESS;
            } else if (validateUserAndPassword.getStatus() == CredentialValidationResult.Status.NOT_VALIDATED) {
                authenticationStatus = AuthenticationStatus.NOT_DONE;
            }
        }
        httpMessageContext.getResponse().setStatus(i);
        return authenticationStatus;
    }

    private CredentialValidationResult validateUserAndPassword(UsernamePasswordCredential usernamePasswordCredential) {
        CredentialValidationResult credentialValidationResult = CredentialValidationResult.NOT_VALIDATED_RESULT;
        IdentityStoreHandler identityStoreHandler = getIdentityStoreHandler();
        if (identityStoreHandler != null) {
            credentialValidationResult = identityStoreHandler.validate(usernamePasswordCredential);
        }
        return credentialValidationResult;
    }

    private IdentityStoreHandler getIdentityStoreHandler() {
        return (IdentityStoreHandler) CDI.current().select(IdentityStoreHandler.class, new Annotation[0]).get();
    }

    private void setLoginHashtable(Subject subject, CredentialValidationResult credentialValidationResult) {
        Hashtable<String, Object> subjectHashtable = getSubjectHashtable(subject);
        String name = credentialValidationResult.getCallerPrincipal().getName();
        String callerUniqueId = credentialValidationResult.getCallerUniqueId();
        String identityStoreId = credentialValidationResult.getIdentityStoreId();
        String str = identityStoreId != null ? identityStoreId : "customHAM";
        String str2 = callerUniqueId != null ? callerUniqueId : name;
        setCommonAttributes(subjectHashtable, str, name);
        setUniqueId(subjectHashtable, str, str2);
        setGroups(subjectHashtable, credentialValidationResult.getCallerGroups());
    }

    private void setCommonAttributes(Hashtable<String, Object> hashtable, String str, String str2) {
        hashtable.put("com.ibm.ws.authentication.internal.assertion", Boolean.TRUE);
        hashtable.put("com.ibm.wsspi.security.cred.realm", str);
        hashtable.put("com.ibm.wsspi.security.cred.userId", str2);
        hashtable.put("com.ibm.wsspi.security.cred.securityName", str2);
    }

    private void setUniqueId(Hashtable<String, Object> hashtable, String str, String str2) {
        hashtable.put("com.ibm.wsspi.security.cred.uniqueId", "user:" + str + "/" + str2);
    }

    private void setGroups(Hashtable<String, Object> hashtable, Set<String> set) {
        if (set == null || set.isEmpty()) {
            log.info("No group  found in an identitystore");
            hashtable.put("com.ibm.wsspi.security.cred.groups", new ArrayList());
        } else {
            log.info("Adding groups found in an identitystore : " + set);
            hashtable.put("com.ibm.wsspi.security.cred.groups", new ArrayList(set));
        }
    }

    private Hashtable<String, Object> getSubjectHashtable(Subject subject) {
        Hashtable<String, Object> subjectExistingHashtable = getSubjectExistingHashtable(subject);
        if (subjectExistingHashtable == null) {
            subjectExistingHashtable = createNewSubjectHashtable(subject);
        }
        return subjectExistingHashtable;
    }

    private Hashtable<String, Object> getSubjectExistingHashtable(final Subject subject) {
        if (subject == null) {
            return null;
        }
        return (Hashtable) AccessController.doPrivileged(new PrivilegedAction<Hashtable<String, Object>>() { // from class: web.jar.mechanisms.applcustom.CustomHeaderHAMforJar.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Hashtable<String, Object> run() {
                Set privateCredentials = subject.getPrivateCredentials(Hashtable.class);
                if (privateCredentials != null && !privateCredentials.isEmpty()) {
                    return (Hashtable) privateCredentials.iterator().next();
                }
                CustomHeaderHAMforJar.log.info("Subject has no Hashtable with custom credentials, return null.");
                return null;
            }
        });
    }

    private Hashtable<String, Object> createNewSubjectHashtable(final Subject subject) {
        return (Hashtable) AccessController.doPrivileged(new PrivilegedAction<Hashtable<String, Object>>() { // from class: web.jar.mechanisms.applcustom.CustomHeaderHAMforJar.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Hashtable<String, Object> run() {
                Hashtable<String, Object> hashtable = new Hashtable<>();
                subject.getPrivateCredentials().add(hashtable);
                return hashtable;
            }
        });
    }
}
