package org.picketlink.authentication.web;

import java.io.IOException;
import javassist.compiler.TokenId;
import javax.enterprise.context.ApplicationScoped;
import javax.enterprise.inject.Instance;
import javax.inject.Inject;
import javax.servlet.FilterConfig;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.picketlink.Identity;
import org.picketlink.authentication.AuthenticationException;
import org.picketlink.credential.DefaultLoginCredentials;
import org.picketlink.idm.credential.Token;
import org.picketlink.idm.credential.TokenCredential;

@ApplicationScoped
/* loaded from: input_file:WEB-INF/lib/picketlink-api-2.6.0.CR3.jar:org/picketlink/authentication/web/TokenAuthenticationScheme.class */
public class TokenAuthenticationScheme implements HTTPAuthenticationScheme {
    public static final String AUTHORIZATION_TOKEN_HEADER_NAME = "Authorization";
    public static final String AUTHENTICATION_SCHEME_NAME = "Token";
    public static final String REQUIRES_AUTHENTICATION_HEADER_NAME = "WWW-Authenticate";

    @Inject
    private Instance<Identity> identityInstance;

    @Inject
    private Instance<DefaultLoginCredentials> credentialsInstance;

    @Inject
    private BasicAuthenticationScheme basicAuthenticationScheme;

    @Inject
    private Instance<Token.Provider> tokenProvider;

    @Override // org.picketlink.authentication.web.HTTPAuthenticationScheme
    public void initialize(FilterConfig filterConfig) {
    }

    @Override // org.picketlink.authentication.web.HTTPAuthenticationScheme
    public void extractCredential(HttpServletRequest httpServletRequest, DefaultLoginCredentials defaultLoginCredentials) {
        getPrimaryAuthenticationScheme().extractCredential(httpServletRequest, defaultLoginCredentials);
        if (defaultLoginCredentials.getCredential() == null) {
            extractTokenFromRequest(httpServletRequest, defaultLoginCredentials);
        }
    }

    @Override // org.picketlink.authentication.web.HTTPAuthenticationScheme
    public void challengeClient(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (isPrimaryAuthenticationRequest()) {
            getPrimaryAuthenticationScheme().challengeClient(httpServletRequest, httpServletResponse);
        } else {
            httpServletResponse.setHeader("WWW-Authenticate", AUTHENTICATION_SCHEME_NAME);
            httpServletResponse.sendError(TokenId.CharConstant);
        }
    }

    @Override // org.picketlink.authentication.web.HTTPAuthenticationScheme
    public boolean postAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (!isPrimaryAuthenticationRequest() || !getIdentity().isLoggedIn()) {
            return true;
        }
        issueToken(httpServletRequest, httpServletResponse);
        return false;
    }

    @Override // org.picketlink.authentication.web.HTTPAuthenticationScheme
    public boolean isProtected(HttpServletRequest httpServletRequest) {
        return true;
    }

    protected DefaultLoginCredentials getCredentials() {
        return (DefaultLoginCredentials) this.credentialsInstance.get();
    }

    protected Identity getIdentity() {
        return (Identity) this.identityInstance.get();
    }

    protected HTTPAuthenticationScheme getPrimaryAuthenticationScheme() {
        return this.basicAuthenticationScheme;
    }

    protected void extractTokenFromRequest(HttpServletRequest httpServletRequest, DefaultLoginCredentials defaultLoginCredentials) {
        String substring;
        String header = httpServletRequest.getHeader("Authorization");
        if (header == null || !header.contains(AUTHENTICATION_SCHEME_NAME) || (substring = header.substring(AUTHENTICATION_SCHEME_NAME.length() + 1)) == null) {
            return;
        }
        defaultLoginCredentials.setCredential(new TokenCredential(getTokenProvider().create(substring)));
    }

    protected void issueToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            String token = getTokenProvider().issue(getIdentity().getAccount()).getToken();
            httpServletResponse.setStatus(200);
            httpServletResponse.getWriter().print("{\"authctoken\":\"" + token + "\"}");
        } catch (Exception e) {
            throw new AuthenticationException("Could not issue token.", e);
        }
    }

    private boolean isPrimaryAuthenticationRequest() {
        return (getCredentials().getCredential() == null || TokenCredential.class.isInstance(getCredentials().getCredential())) ? false : true;
    }

    private Token.Provider getTokenProvider() {
        if (this.tokenProvider.isAmbiguous() || this.tokenProvider.isUnsatisfied()) {
            throw new AuthenticationException("You must provide exactly one " + Token.Provider.class.getName() + " implementation.");
        }
        return (Token.Provider) this.tokenProvider.get();
    }
}
