package org.wildfly.security.auth.jaspi.impl;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.message.AuthException;
import javax.security.auth.message.AuthStatus;
import javax.security.auth.message.MessageInfo;
import javax.security.auth.message.MessagePolicy;
import javax.security.auth.message.config.ServerAuthContext;
import javax.security.auth.message.module.ServerAuthModule;
import org.wildfly.common.Assert;
import org.wildfly.security.auth.jaspi.Flag;
import org.wildfly.security.auth.jaspi._private.ElytronMessages;
import org.wildfly.security.auth.jaspi.impl.ElytronMessageInfo;

/* loaded from: input_file:WEB-INF/lib/wildfly-elytron-1.15.5.Final.jar:org/wildfly/security/auth/jaspi/impl/ElytronServerAuthContext.class */
class ElytronServerAuthContext implements ServerAuthContext {
    private final List<AuthModuleWrapper> authModules;
    private boolean initialised = false;
    private Subject serviceSubject;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* loaded from: input_file:WEB-INF/lib/wildfly-elytron-1.15.5.Final.jar:org/wildfly/security/auth/jaspi/impl/ElytronServerAuthContext$AuthModuleWrapper.class */
    class AuthModuleWrapper {
        private final Flag flag;
        private final Map options;
        private final ServerAuthModule module;

        AuthModuleWrapper(Flag flag, Map map, ServerAuthModule serverAuthModule) {
            this.flag = flag;
            this.options = map;
            this.module = serverAuthModule;
        }

        Flag getFlag() {
            return this.flag;
        }

        Map getOptions() {
            return this.options;
        }

        ServerAuthModule getModule() {
            return this.module;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ElytronServerAuthContext(List<AuthenticationModuleDefinition> list) {
        ArrayList arrayList = new ArrayList(list.size());
        for (AuthenticationModuleDefinition authenticationModuleDefinition : list) {
            arrayList.add(new AuthModuleWrapper(authenticationModuleDefinition.getFlag(), authenticationModuleDefinition.getOptions(), authenticationModuleDefinition.getServerAuthModuleFactory().get()));
        }
        this.authModules = arrayList;
    }

    public AuthStatus validateRequest(MessageInfo messageInfo, Subject subject, Subject subject2) throws AuthException {
        if (!$assertionsDisabled && !this.initialised) {
            throw new AssertionError("Not initialised");
        }
        if (messageInfo instanceof ElytronMessageInfo) {
            ((ElytronMessageInfo) messageInfo).setState(ElytronMessageInfo.State.VALIDATE);
        }
        AuthStatus authStatus = null;
        AuthStatus authStatus2 = null;
        Iterator<AuthModuleWrapper> it = this.authModules.iterator();
        while (it.hasNext()) {
            ServerAuthModule module = it.next().getModule();
            Object requestMessage = messageInfo.getRequestMessage();
            Object responseMessage = messageInfo.getResponseMessage();
            AuthStatus validateRequest = module.validateRequest(messageInfo, subject, subject2);
            if (validateRequest == null || validateRequest == AuthStatus.FAILURE) {
                throw ElytronMessages.log.invalidAuthStatus(validateRequest, module.getClass().getName());
            }
            if (validateRequest != AuthStatus.SUCCESS && (requestMessage != messageInfo.getRequestMessage() || responseMessage != messageInfo.getResponseMessage())) {
                throw ElytronMessages.log.messageWrappedWithoutSuccess(module.getClass().getName());
            }
            switch (r0.getFlag()) {
                case REQUIRED:
                    if (authStatus != null && toIndex(validateRequest) <= toIndex(authStatus)) {
                        break;
                    } else {
                        authStatus = validateRequest;
                        break;
                    }
                case REQUISITE:
                    if (validateRequest == AuthStatus.SUCCESS) {
                        if (authStatus != null) {
                            break;
                        } else {
                            authStatus = validateRequest;
                            break;
                        }
                    } else {
                        return validateRequest;
                    }
                case SUFFICIENT:
                    if (validateRequest != AuthStatus.SUCCESS) {
                        if (authStatus2 != null && toIndex(validateRequest) >= toIndex(authStatus2)) {
                            break;
                        } else {
                            authStatus2 = validateRequest;
                            break;
                        }
                    } else {
                        return authStatus == null ? validateRequest : authStatus;
                    }
                    break;
                case OPTIONAL:
                    if (authStatus2 != null && toIndex(validateRequest) >= toIndex(authStatus2)) {
                        break;
                    } else {
                        authStatus2 = validateRequest;
                        break;
                    }
            }
        }
        AuthStatus authStatus3 = authStatus != null ? authStatus : authStatus2;
        if ($assertionsDisabled || authStatus3 != null) {
            return authStatus3;
        }
        throw new AssertionError("Resulting AuthStatus can not be null.");
    }

    private static int toIndex(AuthStatus authStatus) {
        Assert.checkNotNullParam("authStatus", authStatus);
        if (AuthStatus.SUCCESS == authStatus) {
            return 1;
        }
        if (AuthStatus.SEND_SUCCESS == authStatus) {
            return 2;
        }
        if (AuthStatus.SEND_CONTINUE == authStatus) {
            return 3;
        }
        return AuthStatus.FAILURE == authStatus ? 4 : 5;
    }

    public AuthStatus secureResponse(MessageInfo messageInfo, Subject subject) throws AuthException {
        if (!$assertionsDisabled && !this.initialised) {
            throw new AssertionError("Not initialised");
        }
        if (messageInfo instanceof ElytronMessageInfo) {
            ((ElytronMessageInfo) messageInfo).setState(ElytronMessageInfo.State.SECURE);
        }
        AuthStatus authStatus = null;
        for (int size = this.authModules.size() - 1; size >= 0; size--) {
            ServerAuthModule module = this.authModules.get(size).getModule();
            AuthStatus secureResponse = module.secureResponse(messageInfo, subject);
            if (secureResponse == null || secureResponse == AuthStatus.SUCCESS || secureResponse == AuthStatus.FAILURE) {
                throw ElytronMessages.log.invalidAuthStatus(secureResponse, module.getClass().getName());
            }
            if (authStatus == null || toIndex(secureResponse) > toIndex(authStatus)) {
                authStatus = secureResponse;
            }
            if (secureResponse == AuthStatus.SEND_FAILURE) {
                break;
            }
        }
        return authStatus;
    }

    public void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthException {
        if (!$assertionsDisabled && !this.initialised) {
            throw new AssertionError("Not initialised");
        }
        if (messageInfo instanceof ElytronMessageInfo) {
            ((ElytronMessageInfo) messageInfo).setState(ElytronMessageInfo.State.CLEAN);
        }
        for (int size = this.authModules.size() - 1; size > 0; size--) {
            this.authModules.get(size).getModule().cleanSubject(messageInfo, subject);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void initialise(Subject subject, CallbackHandler callbackHandler, Map map) throws AuthException {
        if (!$assertionsDisabled && this.initialised) {
            throw new AssertionError("Already initialised");
        }
        this.serviceSubject = subject;
        for (AuthModuleWrapper authModuleWrapper : this.authModules) {
            ServerAuthModule module = authModuleWrapper.getModule();
            HashMap hashMap = new HashMap(map);
            hashMap.putAll(authModuleWrapper.getOptions());
            module.initialize((MessagePolicy) null, (MessagePolicy) null, callbackHandler, hashMap);
        }
        this.initialised = true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void testMessageInfo(MessageInfo messageInfo) throws IllegalArgumentException {
        Object requestMessage = messageInfo.getRequestMessage();
        Object responseMessage = messageInfo.getResponseMessage();
        Iterator<AuthModuleWrapper> it = this.authModules.iterator();
        while (it.hasNext()) {
            ServerAuthModule module = it.next().getModule();
            boolean z = false;
            boolean z2 = false;
            for (Class cls : module.getSupportedMessageTypes()) {
                if (cls.isInstance(requestMessage)) {
                    z = true;
                }
                if (cls.isInstance(responseMessage)) {
                    z2 = true;
                }
                if (z2 && z) {
                    break;
                }
            }
            if (!z) {
                throw ElytronMessages.log.unsupportedMessageType(requestMessage.getClass().getName(), module.getClass().getName());
            }
            if (!z2) {
                throw ElytronMessages.log.unsupportedMessageType(responseMessage.getClass().getName(), module.getClass().getName());
            }
        }
    }

    static {
        $assertionsDisabled = !ElytronServerAuthContext.class.desiredAssertionStatus();
    }
}
