package org.gatein.security.sso.spnego;

import javax.security.auth.login.LoginException;
import javax.servlet.http.HttpServletRequest;
import org.exoplatform.container.ExoContainer;
import org.exoplatform.services.log.ExoLogger;
import org.exoplatform.services.log.Log;
import org.exoplatform.services.security.Authenticator;
import org.exoplatform.services.security.UsernameCredential;
import org.exoplatform.services.security.jaas.AbstractLoginModule;

/* loaded from: input_file:org/gatein/security/sso/spnego/SPNEGOSSOLoginModule.class */
public class SPNEGOSSOLoginModule extends AbstractLoginModule {
    private static final Log log = ExoLogger.getLogger(SPNEGOSSOLoginModule.class);
    public static final String OPTION_ENABLE_FALLBACK_FORM_AUTHENTICATION = "enableFormAuthentication";

    protected Log getLogger() {
        return log;
    }

    public boolean login() throws LoginException {
        ExoContainer container;
        HttpServletRequest currentRequest;
        try {
            container = getContainer();
            currentRequest = SPNEGOSSOContext.getCurrentRequest();
        } catch (Exception e) {
            log.error("Exception when trying to login with SPNEGO", e);
        }
        if (currentRequest == null) {
            log.debug("HttpServletRequest is null. SPNEGOLoginModule will be ignored.");
            return false;
        }
        String str = (String) currentRequest.getSession().getAttribute("SPNEGO_PRINCIPAL");
        if (str != null) {
            establishSecurityContext(container, str);
            if (!log.isTraceEnabled()) {
                return true;
            }
            log.trace("Successfully established security context for user " + str);
            return true;
        }
        if ("false".equalsIgnoreCase((String) this.options.get(OPTION_ENABLE_FALLBACK_FORM_AUTHENTICATION))) {
            throw new LoginException("FORM authentication was disabled by SPNEGO login module.");
        }
        return false;
    }

    public boolean commit() throws LoginException {
        return true;
    }

    public boolean abort() throws LoginException {
        return true;
    }

    public boolean logout() throws LoginException {
        return true;
    }

    protected void establishSecurityContext(ExoContainer exoContainer, String str) throws Exception {
        Authenticator authenticator = (Authenticator) exoContainer.getComponentInstanceOfType(Authenticator.class);
        if (authenticator == null) {
            throw new LoginException("No Authenticator component found, check your configuration");
        }
        this.sharedState.put("exo.security.identity", authenticator.createIdentity(str));
        this.sharedState.put("javax.security.auth.login.name", str);
        this.subject.getPublicCredentials().add(new UsernameCredential(str));
    }
}
