package com.ibm.ws.webcontainer.security.internal;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.InjectedTrace;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.TraceOptions;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.SecurityService;
import com.ibm.ws.security.authentication.tai.TAIService;
import com.ibm.ws.security.registry.RegistryException;
import com.ibm.ws.webcontainer.security.internal.metadata.LoginConfiguration;
import com.ibm.wsspi.kernel.service.utils.AtomicServiceReference;
import org.apache.bcel.Constants;

/* JADX WARN: Classes with same name are omitted:
  input_file:resources/server_runtime/lib/com.ibm.ws.webcontainer.security.admin_1.0.jar:com/ibm/ws/webcontainer/security/internal/WebAuthenticatorProxy.class
 */
@TraceOptions(traceGroups = {TraceConstants.TRACE_GROUP}, traceGroup = "", messageBundle = TraceConstants.MESSAGE_BUNDLE, traceExceptionThrow = false, traceExceptionHandling = false)
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:resources/server_runtime/lib/com.ibm.ws.webcontainer.security.app_1.0.jar:com/ibm/ws/webcontainer/security/internal/WebAuthenticatorProxy.class */
public class WebAuthenticatorProxy implements WebAuthenticator {
    private static final TraceComponent tc = Tr.register(WebAuthenticatorProxy.class);
    private static final String AUTH_TYPE = "AUTH_TYPE";
    private final AtomicServiceReference<SecurityService> securityServiceRef;
    private final AtomicServiceReference<TAIService> taiServiceRef;
    private volatile WebAppSecurityConfig webAppSecurityConfig;
    private volatile PostParameterHelper postParameterHelper;
    static final long serialVersionUID = -4119306937576682527L;

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public WebAuthenticatorProxy(WebAppSecurityConfig webAppSecurityConfig, PostParameterHelper postParameterHelper, AtomicServiceReference<SecurityService> atomicServiceReference, AtomicServiceReference<TAIService> atomicServiceReference2) {
        this.webAppSecurityConfig = webAppSecurityConfig;
        this.postParameterHelper = postParameterHelper;
        this.securityServiceRef = atomicServiceReference;
        this.taiServiceRef = atomicServiceReference2;
    }

    @Override // com.ibm.ws.webcontainer.security.internal.WebAuthenticator
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public AuthenticationResult authenticate(WebRequest webRequest) {
        AuthenticationResult handleTAIAndSSO = handleTAIAndSSO(webRequest);
        String authenticationMethod = webRequest.getLoginConfig().getAuthenticationMethod();
        if (handleTAIAndSSO.getStatus() == AuthResult.CONTINUE) {
            WebAuthenticator webAuthenticator = getWebAuthenticator(webRequest);
            if (webAuthenticator == null) {
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "Unable to get the appropriate WebAuthenticator, denying request", new Object[0]);
                }
                return new AuthenticationResult(AuthResult.FAILURE, "An internal error occured. Unable to authenticate request.");
            }
            handleTAIAndSSO = webAuthenticator.authenticate(webRequest);
            if ((webAuthenticator instanceof CertificateLoginAuthenticator) && handleTAIAndSSO != null && handleTAIAndSSO.getStatus() != AuthResult.SUCCESS && this.webAppSecurityConfig.getAllowFailOverToBasicAuth()) {
                authenticationMethod = "BASIC";
                BasicAuthAuthenticator basicAuthAuthenticator = getBasicAuthAuthenticator();
                if (basicAuthAuthenticator == null) {
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "Unable to get the BasicAuthAuthenticator, denying request", new Object[0]);
                    }
                    return new AuthenticationResult(AuthResult.FAILURE, "An internal error occured. Unable to authenticate request.");
                }
                handleTAIAndSSO = basicAuthAuthenticator.authenticate(webRequest);
            }
        }
        if (handleTAIAndSSO != null && handleTAIAndSSO.getStatus() == AuthResult.SUCCESS) {
            SRTServletRequestUtils.setPrivateAttribute(webRequest.getHttpServletRequest(), AUTH_TYPE, authenticationMethod);
            if ("FORM".equalsIgnoreCase(authenticationMethod)) {
                this.postParameterHelper.restore(webRequest.getHttpServletRequest(), webRequest.getHttpServletResponse());
            }
        }
        return handleTAIAndSSO;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private AuthenticationResult handleTAIAndSSO(WebRequest webRequest) {
        TAIService service = this.taiServiceRef.getService();
        if (service == null) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "TAI service is not available, skipping TAI...", new Object[0]);
            }
            return handleSSO(webRequest);
        }
        TrustAssociationManager trustAssociationManager = new TrustAssociationManager(service, this.securityServiceRef.getService().getAuthenticationService(), new SSOCookieHelperImpl(this.webAppSecurityConfig));
        AuthenticationResult handleTrustAssociation = trustAssociationManager.handleTrustAssociation(webRequest, true);
        if (handleTrustAssociation.getStatus() == AuthResult.CONTINUE) {
            handleTrustAssociation = handleSSO(webRequest);
            if (handleTrustAssociation.getStatus() == AuthResult.CONTINUE) {
                handleTrustAssociation = trustAssociationManager.handleTrustAssociation(webRequest, false);
            }
        }
        return handleTrustAssociation;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private AuthenticationResult handleSSO(WebRequest webRequest) {
        WebAuthenticator sSOAuthenticator = getSSOAuthenticator(webRequest);
        if (sSOAuthenticator != null) {
            AuthenticationResult authenticate = sSOAuthenticator.authenticate(webRequest);
            return (authenticate == null || authenticate.getStatus() != AuthResult.SUCCESS) ? new AuthenticationResult(AuthResult.CONTINUE, "SSO is not succeed, continue ...") : authenticate;
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "Unable to get the SSO authenticator, denying request", new Object[0]);
        }
        return new AuthenticationResult(AuthResult.FAILURE, "An internal error occured. Unable to authenticate request.");
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected WebAuthenticator getSSOAuthenticator(WebRequest webRequest) {
        return new SSOAuthenticator(this.securityServiceRef.getService().getAuthenticationService(), webRequest.getSecurityMetadata(), this.webAppSecurityConfig, new SSOCookieHelperImpl(this.webAppSecurityConfig));
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected WebAuthenticator getWebAuthenticator(WebRequest webRequest) {
        LoginConfiguration loginConfiguration = webRequest.getSecurityMetadata().getLoginConfiguration();
        if (loginConfiguration != null) {
            String authenticationMethod = loginConfiguration.getAuthenticationMethod();
            if ("FORM".equalsIgnoreCase(authenticationMethod)) {
                return createFormLoginAuthenticator(webRequest);
            }
            if ("CLIENT_CERT".equalsIgnoreCase(authenticationMethod)) {
                return new CertificateLoginAuthenticator(this.securityServiceRef.getService().getAuthenticationService(), new SSOCookieHelperImpl(this.webAppSecurityConfig));
            }
        }
        return getBasicAuthAuthenticator();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public BasicAuthAuthenticator getBasicAuthAuthenticator() {
        BasicAuthAuthenticator createBasicAuthenticator;
        try {
            createBasicAuthenticator = createBasicAuthenticator();
            return createBasicAuthenticator;
        } catch (RegistryException e) {
            FFDCFilter.processException(e, "com.ibm.ws.webcontainer.security.internal.WebAuthenticatorProxy", "185", this, new Object[0]);
            if (!TraceComponent.isAnyTracingEnabled() || !tc.isDebugEnabled()) {
                return null;
            }
            Tr.debug(tc, "RegistryException while trying to create BasicAuthAuthenticator", createBasicAuthenticator);
            return null;
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected BasicAuthAuthenticator createBasicAuthenticator() throws RegistryException {
        SecurityService service = this.securityServiceRef.getService();
        return new BasicAuthAuthenticator(service.getAuthenticationService(), service.getUserRegistryService().getUserRegistry(), new SSOCookieHelperImpl(this.webAppSecurityConfig), this.webAppSecurityConfig);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected FormLoginAuthenticator createFormLoginAuthenticator(WebRequest webRequest) {
        return new FormLoginAuthenticator(getSSOAuthenticator(webRequest), this.webAppSecurityConfig);
    }

    static {
        if (TraceComponent.isAnyTracingEnabled() && tc != null && tc.isEntryEnabled()) {
            Tr.entry(tc, Constants.STATIC_INITIALIZER_NAME, new Object[0]);
        }
        if (TraceComponent.isAnyTracingEnabled() && tc != null && tc.isEntryEnabled()) {
            Tr.exit(tc, Constants.STATIC_INITIALIZER_NAME);
        }
    }
}
