package org.jboss.as.web.security.jaspi;

import java.io.IOException;
import java.security.Principal;
import java.security.acl.Group;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Random;
import javax.security.auth.Subject;
import javax.security.auth.message.callback.CallerPrincipalCallback;
import javax.security.auth.message.callback.PasswordValidationCallback;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletResponse;
import org.apache.catalina.Session;
import org.apache.catalina.authenticator.AuthenticatorBase;
import org.apache.catalina.authenticator.Constants;
import org.apache.catalina.connector.Request;
import org.apache.catalina.deploy.LoginConfig;
import org.jboss.as.web.WebLogger;
import org.jboss.as.web.security.JBossGenericPrincipal;
import org.jboss.as.web.security.JBossWebRealm;
import org.jboss.security.SecurityConstants;
import org.jboss.security.SecurityContext;
import org.jboss.security.ServerAuthenticationManager;
import org.jboss.security.SimplePrincipal;
import org.jboss.security.auth.callback.JBossCallbackHandler;
import org.jboss.security.auth.message.GenericMessageInfo;
import org.jboss.security.plugins.auth.JASPIServerAuthenticationManager;

/* loaded from: input_file:eap6/api-jars/jboss-as-web-7.1.1.Final.jar:org/jboss/as/web/security/jaspi/WebJASPIAuthenticator.class */
public class WebJASPIAuthenticator extends AuthenticatorBase {
    protected final String messageLayer = SecurityConstants.SERVLET_LAYER;
    protected String serverAuthenticationManagerClass;
    protected boolean secureResponse;

    @Override // org.apache.catalina.authenticator.AuthenticatorBase
    protected boolean authenticate(Request request, HttpServletResponse httpServletResponse, LoginConfig loginConfig) throws IOException {
        boolean z = false;
        String authMethod = loginConfig.getAuthMethod();
        Principal userPrincipal = request.getUserPrincipal();
        String str = (String) request.getNote(Constants.REQ_SSOID_NOTE);
        if (userPrincipal != null) {
            WebLogger.WEB_SECURITY_LOGGER.tracef("Already authenticated '%s'", userPrincipal.getName());
            if (str == null) {
                return true;
            }
            associate(str, request.getSessionInternal(true));
            return true;
        }
        if (("BASIC".equalsIgnoreCase(authMethod) || "FORM".equalsIgnoreCase(authMethod)) && str != null) {
            WebLogger.WEB_SECURITY_LOGGER.tracef("SSO Id %s set; attempting reauthentication", str);
            if (reauthenticateFromSSO(str, request)) {
                return true;
            }
        }
        GenericMessageInfo genericMessageInfo = new GenericMessageInfo();
        genericMessageInfo.setRequestMessage(request);
        genericMessageInfo.setResponseMessage(request.getResponse());
        genericMessageInfo.getMap().put("CACHE", String.valueOf(this.cache));
        genericMessageInfo.getMap().put("javax.security.auth.message.MessagePolicy.isMandatory", "true");
        WebJASPICallbackHandler webJASPICallbackHandler = new WebJASPICallbackHandler();
        ServerAuthenticationManager serverAuthenticationManager = getServerAuthenticationManager();
        String str2 = request.getLocalName() + " " + request.getContextPath();
        Subject subject = new Subject();
        if (serverAuthenticationManager != null) {
            z = serverAuthenticationManager.isValid(genericMessageInfo, subject, SecurityConstants.SERVLET_LAYER, str2, webJASPICallbackHandler);
        }
        if (z) {
            PasswordValidationCallback passwordValidationCallback = webJASPICallbackHandler.getPasswordValidationCallback();
            CallerPrincipalCallback callerPrincipalCallback = webJASPICallbackHandler.getCallerPrincipalCallback();
            Principal principal = callerPrincipalCallback.getPrincipal();
            if (principal == null) {
                principal = new SimplePrincipal(callerPrincipalCallback.getName());
            }
            if (!(principal instanceof JBossGenericPrincipal)) {
                principal = buildJBossPrincipal(subject, principal);
            }
            register(request, httpServletResponse, principal, authMethod, passwordValidationCallback.getUsername(), new String(passwordValidationCallback.getPassword()));
            if (this.secureResponse) {
                serverAuthenticationManager.secureResponse(genericMessageInfo, new Subject(), SecurityConstants.SERVLET_LAYER, str2, webJASPICallbackHandler);
            }
        }
        return z;
    }

    public String getServerAuthenticationManagerClass() {
        return this.serverAuthenticationManagerClass;
    }

    public void setServerAuthenticationManagerClass(String str) {
        this.serverAuthenticationManagerClass = str;
    }

    public boolean getSecureResponse() {
        return this.secureResponse;
    }

    public void setSecureResponse(boolean z) {
        this.secureResponse = z;
    }

    protected ServerAuthenticationManager getServerAuthenticationManager() {
        ServerAuthenticationManager serverAuthenticationManager = null;
        if (this.serverAuthenticationManagerClass == null) {
            SecurityContext securityContext = SecurityActions.getSecurityContext();
            if (securityContext != null) {
                WebLogger.WEB_SECURITY_LOGGER.debugf("Instantiating JASPI authentication manager with security domain %s", securityContext.getSecurityDomain());
                serverAuthenticationManager = new JASPIServerAuthenticationManager(securityContext.getSecurityDomain(), new JBossCallbackHandler());
            } else {
                WebLogger.WEB_SECURITY_LOGGER.debugf("Security context is null, instantiating JASPI authentication manager with default domain", new Object[0]);
                serverAuthenticationManager = new JASPIServerAuthenticationManager();
            }
        } else {
            try {
                serverAuthenticationManager = (ServerAuthenticationManager) SecurityActions.loadClass(this.serverAuthenticationManagerClass).newInstance();
            } catch (Exception e) {
                WebLogger.WEB_SECURITY_LOGGER.noServerAuthenticationManager(e);
            }
        }
        return serverAuthenticationManager;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.catalina.authenticator.AuthenticatorBase
    public void register(Request request, HttpServletResponse httpServletResponse, Principal principal, String str, String str2, String str3) {
        if (WebLogger.WEB_SECURITY_LOGGER.isTraceEnabled()) {
            WebLogger.WEB_SECURITY_LOGGER.tracef("Authenticated '%s' with type '" + str + "'", principal == null ? "none" : principal.getName(), str);
        }
        request.setAuthType(str);
        request.setUserPrincipal(principal);
        Session sessionInternal = request.getSessionInternal(false);
        if (this.cache && sessionInternal != null) {
            sessionInternal.setAuthType(str);
            sessionInternal.setPrincipal(principal);
            if (str2 != null) {
                sessionInternal.setNote(Constants.SESS_USERNAME_NOTE, str2);
            } else {
                sessionInternal.removeNote(Constants.SESS_USERNAME_NOTE);
            }
            if (str3 != null) {
                sessionInternal.setNote(Constants.SESS_PASSWORD_NOTE, str3);
            } else {
                sessionInternal.removeNote(Constants.SESS_PASSWORD_NOTE);
            }
        }
        if (this.sso == null) {
            return;
        }
        String str4 = (String) request.getNote(Constants.REQ_SSOID_NOTE);
        if (str4 == null) {
            str4 = generateSessionId(new Random());
            Cookie cookie = new Cookie(Constants.SINGLE_SIGN_ON_COOKIE, str4);
            cookie.setMaxAge(-1);
            cookie.setPath("/");
            cookie.setSecure(request.isSecure());
            String cookieDomain = this.sso.getCookieDomain();
            if (cookieDomain != null) {
                cookie.setDomain(cookieDomain);
            }
            httpServletResponse.addCookie(cookie);
            this.sso.register(str4, principal, str, str2, str3);
            request.setNote(Constants.REQ_SSOID_NOTE, str4);
        } else {
            this.sso.update(str4, principal, str, str2, str3);
        }
        if (sessionInternal == null) {
            sessionInternal = request.getSessionInternal(true);
        }
        this.sso.associate(str4, sessionInternal);
    }

    protected Principal buildJBossPrincipal(Subject subject, Principal principal) {
        ArrayList arrayList = new ArrayList();
        for (Principal principal2 : subject.getPrincipals()) {
            if ((principal2 instanceof Group) && principal2.getName().equals("Roles")) {
                Enumeration<? extends Principal> members = ((Group) principal2).members();
                while (members.hasMoreElements()) {
                    arrayList.add(members.nextElement().getName());
                }
            }
        }
        JBossWebRealm jBossWebRealm = (JBossWebRealm) getContainer().getRealm();
        if (arrayList.isEmpty()) {
            arrayList.addAll(jBossWebRealm.getPrincipalVersusRolesMap().get(principal.getName()));
        }
        return new JBossGenericPrincipal(jBossWebRealm, principal.getName(), null, arrayList, principal, null, null, null, subject);
    }
}
