package org.wildfly.extension.undertow.security.jaspi;

import io.undertow.security.api.AuthenticationMode;
import io.undertow.security.idm.Account;
import io.undertow.security.idm.IdentityManager;
import io.undertow.security.impl.SecurityContextImpl;
import io.undertow.server.HttpServerExchange;
import io.undertow.servlet.handlers.ServletRequestContext;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.message.MessageInfo;
import javax.security.auth.message.config.RegistrationListener;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import org.jboss.security.SecurityContext;
import org.jboss.security.auth.callback.JASPICallbackHandler;
import org.jboss.security.auth.callback.JBossCallbackHandler;
import org.jboss.security.auth.message.GenericMessageInfo;
import org.jboss.security.plugins.auth.JASPIServerAuthenticationManager;

/* loaded from: input_file:org/wildfly/extension/undertow/security/jaspi/JASPICSecurityContext.class */
class JASPICSecurityContext extends SecurityContextImpl {
    private static final String layer = "HttpServlet";
    private static final CallbackHandler handler = new JASPICallbackHandler();
    private final HttpServerExchange exchange;
    private final JASPIServerAuthenticationManager manager;
    private Account cachedAuthenticatedAccount;

    public JASPICSecurityContext(HttpServerExchange httpServerExchange, AuthenticationMode authenticationMode, IdentityManager identityManager, String str) {
        super(httpServerExchange, authenticationMode, identityManager);
        this.exchange = httpServerExchange;
        this.manager = new JASPIServerAuthenticationManager(str, new JBossCallbackHandler());
    }

    public boolean login(String str, String str2) {
        if (SecurityActions.getAuthConfigFactory().getConfigProvider(layer, buildAppContext(), (RegistrationListener) null) != null) {
            throw new SecurityException((Throwable) new ServletException("login is not supported by the Jakarta Authentication mechanism"));
        }
        return super.login(str, str2);
    }

    public void logout() {
        if (isAuthenticated()) {
            String buildAppContext = buildAppContext();
            if (SecurityActions.getAuthConfigFactory().getConfigProvider(layer, buildAppContext, (RegistrationListener) null) != null) {
                Subject authenticatedSubject = getAuthenticatedSubject();
                this.manager.cleanSubject(buildMessageInfo(), authenticatedSubject, layer, buildAppContext, handler);
            }
            super.logout();
        }
    }

    public Account getAuthenticatedAccount() {
        Account authenticatedAccount = super.getAuthenticatedAccount();
        if (authenticatedAccount == null) {
            authenticatedAccount = this.cachedAuthenticatedAccount;
        }
        return authenticatedAccount;
    }

    public void setCachedAuthenticatedAccount(Account account) {
        this.cachedAuthenticatedAccount = account;
    }

    private String buildAppContext() {
        ServletRequest servletRequest = ((ServletRequestContext) this.exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY)).getServletRequest();
        return servletRequest.getServletContext().getVirtualServerName() + " " + servletRequest.getServletContext().getContextPath();
    }

    private MessageInfo buildMessageInfo() {
        ServletRequestContext servletRequestContext = (ServletRequestContext) this.exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
        GenericMessageInfo genericMessageInfo = new GenericMessageInfo();
        genericMessageInfo.setRequestMessage(servletRequestContext.getServletRequest());
        genericMessageInfo.setResponseMessage(servletRequestContext.getServletResponse());
        genericMessageInfo.getMap().put("javax.security.auth.message.MessagePolicy.isMandatory", "true");
        return genericMessageInfo;
    }

    private Subject getAuthenticatedSubject() {
        Subject subject = null;
        SecurityContext securityContext = SecurityActions.getSecurityContext();
        if (securityContext != null && securityContext.getSubjectInfo() != null) {
            subject = securityContext.getSubjectInfo().getAuthenticatedSubject();
        }
        return subject != null ? subject : new Subject();
    }
}
