package org.wildfly.extension.undertow.security.jaspi;

import io.undertow.security.api.AuthenticationMechanism;
import io.undertow.security.api.SecurityContext;
import io.undertow.security.idm.Account;
import io.undertow.server.HttpServerExchange;
import io.undertow.servlet.handlers.ServletRequestContext;
import io.undertow.util.AttachmentKey;
import java.security.Principal;
import java.util.HashSet;
import java.util.Iterator;
import javax.security.auth.Subject;
import org.jboss.security.auth.callback.JBossCallbackHandler;
import org.jboss.security.auth.message.GenericMessageInfo;
import org.jboss.security.identity.Role;
import org.jboss.security.identity.RoleGroup;
import org.jboss.security.identity.plugins.SimpleRole;
import org.jboss.security.identity.plugins.SimpleRoleGroup;
import org.jboss.security.plugins.auth.JASPIServerAuthenticationManager;
import org.wildfly.extension.undertow.logging.UndertowLogger;
import org.wildfly.extension.undertow.security.AccountImpl;

/* loaded from: input_file:org/wildfly/extension/undertow/security/jaspi/JASPIAuthenticationMechanism.class */
public class JASPIAuthenticationMechanism implements AuthenticationMechanism {
    private static final String JASPI_HTTP_SERVLET_LAYER = "HttpServlet";
    private static final String MECHANISM_NAME = "JASPIC";
    private static final String JASPI_AUTH_TYPE = "javax.servlet.http.authType";
    private static final String JASPI_REGISTER_SESSION = "javax.servlet.http.registerSession";
    public static final AttachmentKey<HttpServerExchange> HTTP_SERVER_EXCHANGE_ATTACHMENT_KEY = AttachmentKey.create(HttpServerExchange.class);
    public static final AttachmentKey<SecurityContext> SECURITY_CONTEXT_ATTACHMENT_KEY = AttachmentKey.create(SecurityContext.class);
    private final String configuredAuthMethod;
    private final String securityDomain;

    public JASPIAuthenticationMechanism(String str, String str2) {
        this.configuredAuthMethod = str;
        this.securityDomain = str2;
    }

    public AuthenticationMechanism.AuthenticationMechanismOutcome authenticate(HttpServerExchange httpServerExchange, SecurityContext securityContext) {
        AuthenticationMechanism.AuthenticationMechanismOutcome authenticationMechanismOutcome;
        JASPICAttachment jASPICAttachment = (JASPICAttachment) httpServerExchange.getAttachment(JASPICAttachment.ATTACHMENT_KEY);
        Account account = null;
        Boolean valid = jASPICAttachment.getValid();
        jASPICAttachment.setValid(null);
        GenericMessageInfo messageInfo = jASPICAttachment.getMessageInfo();
        if (valid == null) {
            valid = Boolean.valueOf(createJASPIAuthenticationManager().isValid(messageInfo, new Subject(), JASPI_HTTP_SERVLET_LAYER, jASPICAttachment.getApplicationIdentifier(), new JBossCallbackHandler()));
        }
        ServletRequestContext requestContext = jASPICAttachment.getRequestContext();
        jASPICAttachment.getSam();
        jASPICAttachment.getCbh();
        if (valid.booleanValue()) {
            account = createAccount(jASPICAttachment.getCachedAccount(), SecurityActions.getSecurityContext());
        }
        String str = (String) messageInfo.getMap().get(JASPI_AUTH_TYPE);
        if (str == null) {
            str = this.configuredAuthMethod != null ? this.configuredAuthMethod : MECHANISM_NAME;
        }
        if (valid.booleanValue() && account != null) {
            authenticationMechanismOutcome = AuthenticationMechanism.AuthenticationMechanismOutcome.AUTHENTICATED;
            Object obj = messageInfo.getMap().get(JASPI_REGISTER_SESSION);
            boolean z = false;
            if (obj != null && (obj instanceof String)) {
                z = Boolean.valueOf((String) obj).booleanValue();
            }
            securityContext.authenticationComplete(account, str, z);
        } else if (valid.booleanValue() && account == null && !isMandatory(requestContext).booleanValue()) {
            authenticationMechanismOutcome = AuthenticationMechanism.AuthenticationMechanismOutcome.NOT_ATTEMPTED;
        } else {
            authenticationMechanismOutcome = AuthenticationMechanism.AuthenticationMechanismOutcome.NOT_AUTHENTICATED;
            securityContext.authenticationFailed("JASPIC authentication failed.", str);
        }
        return authenticationMechanismOutcome;
    }

    private JASPIServerAuthenticationManager createJASPIAuthenticationManager() {
        return new JASPIServerAuthenticationManager(this.securityDomain, new JBossCallbackHandler());
    }

    public AuthenticationMechanism.ChallengeResult sendChallenge(HttpServerExchange httpServerExchange, SecurityContext securityContext) {
        return new AuthenticationMechanism.ChallengeResult(true);
    }

    private Account createAccount(Account account, org.jboss.security.SecurityContext securityContext) {
        if (securityContext == null) {
            throw UndertowLogger.ROOT_LOGGER.nullParamter("org.jboss.security.SecurityContext");
        }
        Principal userPrincipal = securityContext.getUtil().getUserPrincipal();
        if (userPrincipal == null) {
            return null;
        }
        if (account != null && account.getPrincipal() == userPrincipal) {
            securityContext.getUtil().createSubjectInfo(userPrincipal, ((AccountImpl) account).getCredential(), (Subject) null);
            SimpleRoleGroup simpleRoleGroup = new SimpleRoleGroup("Roles");
            Iterator it = account.getRoles().iterator();
            while (it.hasNext()) {
                simpleRoleGroup.addRole(new SimpleRole((String) it.next()));
            }
            securityContext.getUtil().setRoles(simpleRoleGroup);
            return account;
        }
        HashSet hashSet = new HashSet();
        RoleGroup roles = securityContext.getUtil().getRoles();
        if (roles != null) {
            Iterator it2 = roles.getRoles().iterator();
            while (it2.hasNext()) {
                hashSet.add(((Role) it2.next()).getRoleName());
            }
        }
        Object credential = securityContext.getUtil().getCredential();
        Principal principal = null;
        if (account != null) {
            principal = account.getPrincipal();
        }
        return new AccountImpl(userPrincipal, hashSet, credential, principal);
    }

    private Boolean isMandatory(ServletRequestContext servletRequestContext) {
        return Boolean.valueOf(servletRequestContext.getExchange().getSecurityContext() != null && servletRequestContext.getExchange().getSecurityContext().isAuthenticationRequired());
    }
}
