package org.glassfish.soteria.cdi;

import java.io.Serializable;
import java.util.Optional;
import java.util.Set;
import javax.annotation.Priority;
import javax.enterprise.inject.Intercepted;
import javax.enterprise.inject.spi.Bean;
import javax.enterprise.inject.spi.BeanManager;
import javax.inject.Inject;
import javax.interceptor.AroundInvoke;
import javax.interceptor.Interceptor;
import javax.interceptor.InvocationContext;
import javax.security.auth.message.AuthException;
import javax.security.enterprise.AuthenticationStatus;
import javax.security.enterprise.authentication.mechanism.http.HttpMessageContext;
import javax.security.enterprise.authentication.mechanism.http.LoginToContinue;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.glassfish.soteria.Utils;
import org.glassfish.soteria.mechanisms.LoginToContinueHolder;
import org.glassfish.soteria.servlet.AuthenticationData;
import org.glassfish.soteria.servlet.HttpServletRequestDelegator;
import org.glassfish.soteria.servlet.RequestCopier;
import org.glassfish.soteria.servlet.RequestData;

@LoginToContinue
@Priority(220)
@Interceptor
/* loaded from: input_file:WEB-INF/lib/jakarta.security.enterprise-1.0.1-jbossorg-1.jar:org/glassfish/soteria/cdi/LoginToContinueInterceptor.class */
public class LoginToContinueInterceptor implements Serializable {
    private static final long serialVersionUID = 1;

    @Inject
    private BeanManager beanManager;

    @Inject
    @Intercepted
    private Bean<?> interceptedBean;
    private static final String ORIGINAL_REQUEST_DATA_SESSION_NAME = "org.glassfish.soteria.original.request";
    private static final String AUTHENTICATION_DATA_SESSION_NAME = "org.glassfish.soteria.authentication";
    private static final String CALLER_INITIATED_AUTHENTICATION_SESSION_NAME = "org.glassfish.soteria.caller_initiated_authentication";

    @AroundInvoke
    public Object intercept(InvocationContext invocationContext) throws Exception {
        return Utils.isImplementationOf(invocationContext.getMethod(), Utils.validateRequestMethod) ? validateRequest(invocationContext, (HttpServletRequest) Utils.getParam(invocationContext, 0), (HttpServletResponse) Utils.getParam(invocationContext, 1), (HttpMessageContext) Utils.getParam(invocationContext, 2)) : invocationContext.proceed();
    }

    private AuthenticationStatus validateRequest(InvocationContext invocationContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpMessageContext httpMessageContext) throws Exception {
        tryClean(httpMessageContext);
        return isCallerInitiatedAuthentication(httpServletRequest) ? processCallerInitiatedAuthentication(invocationContext, httpServletRequest, httpServletResponse, httpMessageContext) : processContainerInitiatedAuthentication(invocationContext, httpServletRequest, httpServletResponse, httpMessageContext);
    }

    private void tryClean(HttpMessageContext httpMessageContext) {
        if (isOnProtectedURLWithStaleData(httpMessageContext)) {
            removeSavedRequest(httpMessageContext.getRequest());
            removeCallerInitiatedAuthentication(httpMessageContext.getRequest());
        }
        if (httpMessageContext.getAuthParameters().isNewAuthentication()) {
            saveCallerInitiatedAuthentication(httpMessageContext.getRequest());
            removeSavedRequest(httpMessageContext.getRequest());
            removeSavedAuthentication(httpMessageContext.getRequest());
        }
    }

    private AuthenticationStatus processCallerInitiatedAuthentication(InvocationContext invocationContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpMessageContext httpMessageContext) throws Exception {
        AuthenticationStatus authenticationStatus;
        try {
            authenticationStatus = (AuthenticationStatus) invocationContext.proceed();
        } catch (AuthException e) {
            authenticationStatus = AuthenticationStatus.SEND_FAILURE;
        }
        if (authenticationStatus == AuthenticationStatus.SUCCESS) {
            if (httpMessageContext.getCallerPrincipal() == null) {
                return AuthenticationStatus.SUCCESS;
            }
            removeCallerInitiatedAuthentication(httpMessageContext.getRequest());
        }
        return authenticationStatus;
    }

    private AuthenticationStatus processContainerInitiatedAuthentication(InvocationContext invocationContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpMessageContext httpMessageContext) throws Exception {
        AuthenticationStatus authenticationStatus;
        if (isOnInitialProtectedURL(httpMessageContext)) {
            saveRequest(httpServletRequest);
            LoginToContinue loginToContinueAnnotation = getLoginToContinueAnnotation(invocationContext);
            return loginToContinueAnnotation.useForwardToLogin() ? httpMessageContext.forward(loginToContinueAnnotation.loginPage()) : httpMessageContext.redirect(Utils.getBaseURL(httpServletRequest) + loginToContinueAnnotation.loginPage());
        }
        if (isOnLoginPostback(httpServletRequest)) {
            try {
                authenticationStatus = (AuthenticationStatus) invocationContext.proceed();
            } catch (AuthException e) {
                authenticationStatus = AuthenticationStatus.SEND_FAILURE;
            }
            if (authenticationStatus != AuthenticationStatus.SUCCESS) {
                if (authenticationStatus != AuthenticationStatus.SEND_FAILURE) {
                    return authenticationStatus;
                }
                String errorPage = getLoginToContinueAnnotation(invocationContext).errorPage();
                return Utils.isEmpty(errorPage) ? authenticationStatus : httpMessageContext.redirect(Utils.getBaseURL(httpServletRequest) + errorPage);
            }
            if (httpMessageContext.getCallerPrincipal() == null) {
                return AuthenticationStatus.SUCCESS;
            }
            RequestData savedRequest = getSavedRequest(httpServletRequest);
            if (!savedRequest.matchesRequest(httpServletRequest)) {
                saveAuthentication(httpServletRequest, new AuthenticationData(httpMessageContext.getCallerPrincipal(), httpMessageContext.getGroups()));
                return httpMessageContext.redirect(savedRequest.getFullRequestURL());
            }
        }
        if (!isOnOriginalURLAfterAuthenticate(httpServletRequest)) {
            return (AuthenticationStatus) invocationContext.proceed();
        }
        RequestData removeSavedRequest = removeSavedRequest(httpServletRequest);
        AuthenticationData removeSavedAuthentication = removeSavedAuthentication(httpServletRequest);
        return httpMessageContext.withRequest(new HttpServletRequestDelegator(httpServletRequest, removeSavedRequest)).notifyContainerAboutLogin(removeSavedAuthentication.getPrincipal(), removeSavedAuthentication.getGroups());
    }

    private boolean isCallerInitiatedAuthentication(HttpServletRequest httpServletRequest) {
        return Boolean.TRUE.equals(getCallerInitiatedAuthentication(httpServletRequest));
    }

    private boolean isOnProtectedURLWithStaleData(HttpMessageContext httpMessageContext) {
        return (!httpMessageContext.isProtected() || httpMessageContext.isAuthenticationRequest() || getSavedRequest(httpMessageContext.getRequest()) == null || getSavedAuthentication(httpMessageContext.getRequest()) != null || httpMessageContext.getRequest().getRequestURI().endsWith("j_security_check")) ? false : true;
    }

    private boolean isOnInitialProtectedURL(HttpMessageContext httpMessageContext) {
        return httpMessageContext.isProtected() && !httpMessageContext.isAuthenticationRequest() && getSavedRequest(httpMessageContext.getRequest()) == null && getSavedAuthentication(httpMessageContext.getRequest()) == null && !httpMessageContext.getRequest().getRequestURI().endsWith("j_security_check");
    }

    private boolean isOnLoginPostback(HttpServletRequest httpServletRequest) {
        return getSavedRequest(httpServletRequest) != null && getSavedAuthentication(httpServletRequest) == null;
    }

    private boolean isOnOriginalURLAfterAuthenticate(HttpServletRequest httpServletRequest) {
        RequestData savedRequest = getSavedRequest(httpServletRequest);
        return Utils.notNull(savedRequest, getSavedAuthentication(httpServletRequest)) && savedRequest.matchesRequest(httpServletRequest);
    }

    private LoginToContinue getLoginToContinueAnnotation(InvocationContext invocationContext) {
        if (invocationContext.getTarget() instanceof LoginToContinueHolder) {
            return ((LoginToContinueHolder) invocationContext.getTarget()).getLoginToContinue();
        }
        Optional annotation = CdiUtils.getAnnotation(this.beanManager, (Class<?>) this.interceptedBean.getBeanClass(), LoginToContinue.class);
        if (annotation.isPresent()) {
            return (LoginToContinue) annotation.get();
        }
        Set set = (Set) invocationContext.getContextData().get("org.jboss.weld.interceptor.bindings");
        if (set != null) {
            Optional map = set.stream().filter(annotation2 -> {
                return annotation2.annotationType().equals(LoginToContinue.class);
            }).findAny().map(annotation3 -> {
                return (LoginToContinue) LoginToContinue.class.cast(annotation3);
            });
            if (map.isPresent()) {
                return (LoginToContinue) map.get();
            }
        }
        throw new IllegalStateException("@LoginToContinue not present on " + this.interceptedBean.getBeanClass());
    }

    private void saveCallerInitiatedAuthentication(HttpServletRequest httpServletRequest) {
        httpServletRequest.getSession().setAttribute(CALLER_INITIATED_AUTHENTICATION_SESSION_NAME, Boolean.TRUE);
    }

    private Boolean getCallerInitiatedAuthentication(HttpServletRequest httpServletRequest) {
        HttpSession session = httpServletRequest.getSession(false);
        if (session == null) {
            return null;
        }
        return (Boolean) session.getAttribute(CALLER_INITIATED_AUTHENTICATION_SESSION_NAME);
    }

    private void removeCallerInitiatedAuthentication(HttpServletRequest httpServletRequest) {
        httpServletRequest.getSession().removeAttribute(CALLER_INITIATED_AUTHENTICATION_SESSION_NAME);
    }

    private void saveRequest(HttpServletRequest httpServletRequest) {
        httpServletRequest.getSession().setAttribute(ORIGINAL_REQUEST_DATA_SESSION_NAME, RequestCopier.copy(httpServletRequest));
    }

    private RequestData getSavedRequest(HttpServletRequest httpServletRequest) {
        HttpSession session = httpServletRequest.getSession(false);
        if (session == null) {
            return null;
        }
        return (RequestData) session.getAttribute(ORIGINAL_REQUEST_DATA_SESSION_NAME);
    }

    private RequestData removeSavedRequest(HttpServletRequest httpServletRequest) {
        RequestData savedRequest = getSavedRequest(httpServletRequest);
        httpServletRequest.getSession().removeAttribute(ORIGINAL_REQUEST_DATA_SESSION_NAME);
        return savedRequest;
    }

    private void saveAuthentication(HttpServletRequest httpServletRequest, AuthenticationData authenticationData) {
        httpServletRequest.getSession().setAttribute(AUTHENTICATION_DATA_SESSION_NAME, authenticationData);
    }

    private AuthenticationData getSavedAuthentication(HttpServletRequest httpServletRequest) {
        HttpSession session = httpServletRequest.getSession(false);
        if (session == null) {
            return null;
        }
        return (AuthenticationData) session.getAttribute(AUTHENTICATION_DATA_SESSION_NAME);
    }

    private AuthenticationData removeSavedAuthentication(HttpServletRequest httpServletRequest) {
        AuthenticationData savedAuthentication = getSavedAuthentication(httpServletRequest);
        httpServletRequest.getSession().removeAttribute(AUTHENTICATION_DATA_SESSION_NAME);
        return savedAuthentication;
    }
}
