package org.picketlink.identity.federation.bindings.tomcat;

import java.io.IOException;
import java.security.AccessController;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.util.UUID;
import javax.security.auth.Subject;
import org.apache.catalina.Realm;
import org.apache.catalina.Session;
import org.apache.catalina.authenticator.AuthenticatorBase;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.deploy.LoginConfig;
import org.picketlink.common.PicketLinkLogger;
import org.picketlink.common.PicketLinkLoggerFactory;

/* loaded from: input_file:wildfly-10.1.0.Final/modules/system/layers/base/org/picketlink/federation/bindings/main/picketlink-wildfly8-2.5.5.SP2.jar:org/picketlink/identity/federation/bindings/tomcat/AbstractPicketLinkAuthenticator.class */
public abstract class AbstractPicketLinkAuthenticator extends AuthenticatorBase {
    protected static final PicketLinkLogger logger = PicketLinkLoggerFactory.getLogger();
    protected String authMethod = "SECURITY_DOMAIN";
    protected boolean needSubjectPrincipalSubstitution = true;
    protected SubjectSecurityInteraction subjectInteraction = null;
    protected String subjectInteractionClassName = "org.picketlink.identity.federation.bindings.jboss.subject.PicketLinkJBossSubjectInteraction";

    public void setAuthMethod(String str) {
        this.authMethod = str;
    }

    public void setNeedSubjectPrincipalSubstitution(String str) {
        this.needSubjectPrincipalSubstitution = Boolean.valueOf(str).booleanValue();
    }

    public void setSubjectInteractionClassName(String str) {
        this.subjectInteractionClassName = str;
    }

    protected boolean performAuthentication(Request request, Response response, LoginConfig loginConfig) throws IOException {
        logger.trace("Authenticating user");
        Principal userPrincipal = request.getUserPrincipal();
        if (userPrincipal != null) {
            logger.trace("Already authenticated '" + userPrincipal.getName() + "'");
            return true;
        }
        Session sessionInternal = request.getSessionInternal(true);
        String uuid = UUID.randomUUID().toString();
        Realm realm = this.context.getRealm();
        Principal authenticate = realm.authenticate(uuid, uuid);
        if (authenticate == null) {
            return false;
        }
        if (this.needSubjectPrincipalSubstitution) {
            Principal subjectPrincipal = getSubjectPrincipal();
            if (subjectPrincipal == null) {
                throw new RuntimeException("Principal from subject is null");
            }
            authenticate = realm.authenticate(subjectPrincipal.getName(), uuid);
        }
        sessionInternal.setNote("org.apache.catalina.session.USERNAME", authenticate.getName());
        sessionInternal.setNote("org.apache.catalina.session.PASSWORD", uuid);
        request.setUserPrincipal(authenticate);
        doRegister(request, response, authenticate, uuid);
        if (authenticate == null || !this.needSubjectPrincipalSubstitution) {
            return true;
        }
        this.subjectInteraction.cleanup(authenticate);
        return true;
    }

    protected abstract void doRegister(Request request, Response response, Principal principal, String str);

    protected Principal getSubjectPrincipal() {
        if (this.subjectInteraction == null) {
            try {
                this.subjectInteraction = (SubjectSecurityInteraction) loadClass(getClass(), this.subjectInteractionClassName).newInstance();
                this.subjectInteraction.setSecurityDomain(this.context.getRealm().getContainer().getName());
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }
        Subject subject = this.subjectInteraction.get();
        if (subject == null || subject.getPrincipals().isEmpty()) {
            return null;
        }
        return subject.getPrincipals().iterator().next();
    }

    Class<?> loadClass(final Class<?> cls, final String str) {
        return (Class) AccessController.doPrivileged(new PrivilegedAction<Class<?>>() { // from class: org.picketlink.identity.federation.bindings.tomcat.AbstractPicketLinkAuthenticator.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Class<?> run() {
                Class<?> loadClass = AbstractPicketLinkAuthenticator.this.loadClass(cls.getClassLoader(), str);
                if (loadClass == null) {
                    loadClass = AbstractPicketLinkAuthenticator.this.loadClass(Thread.currentThread().getContextClassLoader(), str);
                }
                return loadClass;
            }
        });
    }

    Class<?> loadClass(final ClassLoader classLoader, final String str) {
        return (Class) AccessController.doPrivileged(new PrivilegedAction<Class<?>>() { // from class: org.picketlink.identity.federation.bindings.tomcat.AbstractPicketLinkAuthenticator.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Class<?> run() {
                try {
                    return classLoader.loadClass(str);
                } catch (ClassNotFoundException e) {
                    return null;
                }
            }
        });
    }
}
