package org.jboss.security.javaee;

import java.security.Principal;
import java.util.Map;
import javax.security.auth.Subject;
import org.apache.tika.metadata.Metadata;
import org.jboss.security.PicketBoxMessages;
import org.jboss.security.SecurityContext;
import org.jboss.security.audit.AuditLevel;
import org.jboss.security.auth.callback.RFC2617Digest;
import org.jboss.security.identitytrust.IdentityTrustException;
import org.jboss.security.identitytrust.IdentityTrustManager;

/* loaded from: input_file:WEB-INF/lib/picketbox-4.0.19.SP4.jar:org/jboss/security/javaee/EJBAuthenticationHelper.class */
public class EJBAuthenticationHelper extends AbstractJavaEEHelper {
    public EJBAuthenticationHelper(SecurityContext securityContext) {
        if (securityContext == null) {
            throw PicketBoxMessages.MESSAGES.invalidNullArgument("security context");
        }
        this.securityContext = securityContext;
    }

    public boolean isTrusted() throws IdentityTrustException {
        IdentityTrustManager.TrustDecision trustDecision = IdentityTrustManager.TrustDecision.NotApplicable;
        IdentityTrustManager identityTrustManager = this.securityContext.getIdentityTrustManager();
        if (identityTrustManager != null) {
            trustDecision = identityTrustManager.isTrusted(this.securityContext);
            if (trustDecision == IdentityTrustManager.TrustDecision.Deny) {
                throw new IdentityTrustException(PicketBoxMessages.MESSAGES.deniedByIdentityTrustMessage());
            }
        }
        return trustDecision == IdentityTrustManager.TrustDecision.Permit;
    }

    public boolean isValid(Subject subject, String str) {
        if (subject == null) {
            throw PicketBoxMessages.MESSAGES.invalidNullArgument(Metadata.SUBJECT);
        }
        if (str == null) {
            throw PicketBoxMessages.MESSAGES.invalidNullArgument(RFC2617Digest.METHOD);
        }
        Principal userPrincipal = this.securityContext.getUtil().getUserPrincipal();
        Object credential = this.securityContext.getUtil().getCredential();
        Map<String, Object> contextMap = getContextMap(userPrincipal, str);
        boolean isValid = this.securityContext.getAuthenticationManager().isValid(userPrincipal, credential, subject);
        if (isValid) {
            authenticationAudit(AuditLevel.SUCCESS, contextMap, null);
        } else {
            Exception exc = (Exception) this.securityContext.getData().get("org.jboss.security.exception");
            if (exc == null) {
                authenticationAudit(AuditLevel.FAILURE, contextMap, null);
            } else {
                authenticationAudit(AuditLevel.ERROR, contextMap, exc);
            }
        }
        return isValid;
    }

    public void pushSubjectContext(Subject subject) {
        this.securityContext.getSubjectInfo().setAuthenticatedSubject(subject);
    }
}
