package com.ibm.ws.webcontainer.security.internal;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.authentication.AuthenticationData;
import com.ibm.ws.security.authentication.AuthenticationException;
import com.ibm.ws.security.authentication.AuthenticationService;
import com.ibm.ws.security.authentication.WSAuthenticationData;
import com.ibm.ws.security.authentication.utility.JaasLoginConfigConstants;
import com.ibm.ws.webcontainer.security.AuthResult;
import com.ibm.ws.webcontainer.security.AuthenticateApi;
import com.ibm.ws.webcontainer.security.AuthenticationResult;
import com.ibm.ws.webcontainer.security.CookieHelper;
import com.ibm.ws.webcontainer.security.LoggedOutTokenCacheImpl;
import com.ibm.ws.webcontainer.security.SSOCookieHelper;
import com.ibm.ws.webcontainer.security.WebAppSecurityConfig;
import com.ibm.ws.webcontainer.security.WebAuthenticator;
import com.ibm.ws.webcontainer.security.WebRequest;
import com.ibm.ws.webcontainer.security.metadata.LoginConfiguration;
import com.ibm.ws.webcontainer.security.metadata.SecurityMetadata;
import java.util.HashMap;
import javax.security.auth.Subject;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:wlp/lib/com.ibm.ws.webcontainer.security_1.0.20.jar:com/ibm/ws/webcontainer/security/internal/SSOAuthenticator.class */
public class SSOAuthenticator implements WebAuthenticator {
    public static final String DEFAULT_SSO_COOKIE_NAME = "LtpaToken2";
    private static final TraceComponent tc = Tr.register(SSOAuthenticator.class);
    private final AuthenticationService authenticationService;
    private final WebAppSecurityConfig webAppSecurityConfig;
    private final SSOCookieHelper ssoCookieHelper;
    private final String challengeType;
    static final long serialVersionUID = 3133580111719027507L;

    public SSOAuthenticator(AuthenticationService authenticationService, SecurityMetadata securityMetadata, WebAppSecurityConfig webAppSecurityConfig, SSOCookieHelper sSOCookieHelper) {
        this.authenticationService = authenticationService;
        this.webAppSecurityConfig = webAppSecurityConfig;
        this.ssoCookieHelper = sSOCookieHelper;
        LoginConfiguration loginConfiguration = securityMetadata == null ? null : securityMetadata.getLoginConfiguration();
        this.challengeType = loginConfiguration == null ? null : loginConfiguration.getAuthenticationMethod();
    }

    @Override // com.ibm.ws.webcontainer.security.WebAuthenticator
    public AuthenticationResult authenticate(WebRequest webRequest) {
        return authenticate(webRequest, this.webAppSecurityConfig);
    }

    public AuthenticationResult authenticate(WebRequest webRequest, WebAppSecurityConfig webAppSecurityConfig) {
        return handleSSO(webRequest.getHttpServletRequest(), webRequest.getHttpServletResponse());
    }

    @FFDCIgnore({AuthenticationException.class})
    public AuthenticationResult handleSSO(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        AuthenticationResult authenticationResult = null;
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies == null) {
            return null;
        }
        if ((this.webAppSecurityConfig != null && this.webAppSecurityConfig.getLogoutOnHttpSessionExpire()) && httpServletRequest.getRequestedSessionId() != null && !httpServletRequest.isRequestedSessionIdValid() && this.challengeType != null && this.challengeType.equals("FORM")) {
            this.ssoCookieHelper.createLogoutCookies(httpServletRequest, httpServletResponse);
            return null;
        }
        String sSOCookiename = this.ssoCookieHelper.getSSOCookiename();
        String[] cookieValues = CookieHelper.getCookieValues(cookies, sSOCookiename);
        boolean z = this.webAppSecurityConfig != null && this.webAppSecurityConfig.isUseOnlyCustomCookieName();
        if (cookieValues == null && !"LtpaToken2".equalsIgnoreCase(sSOCookiename) && !z) {
            cookieValues = CookieHelper.getCookieValues(cookies, "LtpaToken2");
        }
        if (cookieValues != null) {
            for (String str : cookieValues) {
                if (str != null && str.length() > 0) {
                    if ((this.webAppSecurityConfig != null && this.webAppSecurityConfig.isTrackLoggedOutSSOCookiesEnabled()) && isTokenLoggedOut(str)) {
                        cleanupLoggedOutToken(httpServletRequest, httpServletResponse);
                        return authenticationResult;
                    }
                    try {
                        authenticationResult = new AuthenticationResult(AuthResult.SUCCESS, this.authenticationService.authenticate(JaasLoginConfigConstants.SYSTEM_WEB_INBOUND, createAuthenticationData(httpServletRequest, httpServletResponse, str), (Subject) null), this.ssoCookieHelper.getSSOCookiename(), (String) null, "success");
                        return authenticationResult;
                    } catch (AuthenticationException e) {
                        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                            Tr.debug(tc, "handleSSO Exception: ", e);
                        }
                    }
                }
            }
        }
        this.ssoCookieHelper.createLogoutCookies(httpServletRequest, httpServletResponse);
        return authenticationResult;
    }

    private boolean isTokenLoggedOut(String str) {
        boolean z = false;
        if (LoggedOutTokenCacheImpl.getInstance().getDistributedObjectLoggedOutToken(str) != null) {
            z = true;
        }
        return z;
    }

    private void cleanupLoggedOutToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        new AuthenticateApi(this.ssoCookieHelper, this.authenticationService).simpleLogout(httpServletRequest, httpServletResponse);
    }

    private AuthenticationData createAuthenticationData(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        WSAuthenticationData wSAuthenticationData = new WSAuthenticationData();
        wSAuthenticationData.set(AuthenticationData.HTTP_SERVLET_REQUEST, httpServletRequest);
        wSAuthenticationData.set(AuthenticationData.HTTP_SERVLET_RESPONSE, httpServletResponse);
        wSAuthenticationData.set(AuthenticationData.TOKEN64, str);
        return wSAuthenticationData;
    }

    @Override // com.ibm.ws.webcontainer.security.WebAuthenticator
    public AuthenticationResult authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HashMap hashMap) throws Exception {
        return null;
    }
}
