package org.jboss.web.tomcat.security.jaspi;

import java.io.IOException;
import java.security.Principal;
import javax.security.auth.Subject;
import javax.security.auth.message.callback.PasswordValidationCallback;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletResponse;
import org.apache.catalina.Session;
import org.apache.catalina.authenticator.AuthenticatorBase;
import org.apache.catalina.authenticator.Constants;
import org.apache.catalina.connector.Request;
import org.apache.catalina.deploy.LoginConfig;
import org.jboss.logging.Logger;
import org.jboss.security.ServerAuthenticationManager;
import org.jboss.security.auth.message.GenericMessageInfo;
import org.jboss.security.plugins.auth.JASPIServerAuthenticationManager;

/* loaded from: input_file:org/jboss/web/tomcat/security/jaspi/TomcatJASPIAuthenticator.class */
public class TomcatJASPIAuthenticator extends AuthenticatorBase {
    private static Logger log = Logger.getLogger(TomcatJASPIAuthenticator.class);
    private String messageLayer = "HttpServlet";
    protected String serverAuthenticationManagerClass = JASPIServerAuthenticationManager.class.getName();

    protected boolean authenticate(Request request, HttpServletResponse httpServletResponse, LoginConfig loginConfig) throws IOException {
        boolean z = false;
        String authMethod = loginConfig.getAuthMethod();
        Principal userPrincipal = request.getUserPrincipal();
        String str = (String) request.getNote("org.apache.catalina.request.SSOID");
        if (userPrincipal != null) {
            log.trace("Already authenticated '" + userPrincipal.getName() + "'");
            if (str == null) {
                return true;
            }
            associate(str, request.getSessionInternal(true));
            return true;
        }
        if (("BASIC".equalsIgnoreCase(authMethod) || "FORM".equalsIgnoreCase(authMethod)) && str != null) {
            log.trace("SSO Id " + str + " set; attempting reauthentication");
            if (reauthenticateFromSSO(str, request)) {
                return true;
            }
        }
        GenericMessageInfo genericMessageInfo = new GenericMessageInfo();
        genericMessageInfo.setRequestMessage(request);
        genericMessageInfo.setResponseMessage(request.getResponse());
        genericMessageInfo.getMap().put("CACHE", Boolean.valueOf(this.cache));
        TomcatJASPICallbackHandler tomcatJASPICallbackHandler = new TomcatJASPICallbackHandler();
        ServerAuthenticationManager serverAuthenticationManager = getServerAuthenticationManager();
        if (serverAuthenticationManager != null) {
            z = serverAuthenticationManager.isValid(genericMessageInfo, new Subject(), this.messageLayer, tomcatJASPICallbackHandler);
        }
        if (z) {
            PasswordValidationCallback passwordValidationCallback = tomcatJASPICallbackHandler.getPasswordValidationCallback();
            register(request, httpServletResponse, tomcatJASPICallbackHandler.getCallerPrincipalCallback().getPrincipal(), authMethod, passwordValidationCallback.getUsername(), new String(passwordValidationCallback.getPassword()));
        }
        return z;
    }

    public String getServerAuthenticationManagerClass() {
        return this.serverAuthenticationManagerClass;
    }

    public void setServerAuthenticationManagerClass(String str) {
        this.serverAuthenticationManagerClass = str;
    }

    protected ServerAuthenticationManager getServerAuthenticationManager() {
        ServerAuthenticationManager serverAuthenticationManager = null;
        try {
            serverAuthenticationManager = (ServerAuthenticationManager) SecurityActions.loadClass(this.serverAuthenticationManagerClass).newInstance();
        } catch (Exception e) {
            log.error("Exception in obtaining ServerAuthenticationManager:", e);
        }
        return serverAuthenticationManager;
    }

    protected void register(Request request, HttpServletResponse httpServletResponse, Principal principal, String str, String str2, String str3) {
        if (log.isTraceEnabled()) {
            log.trace("Authenticated '" + (principal == null ? "none" : principal.getName()) + "' with type '" + str + "'");
        }
        request.setAuthType(str);
        request.setUserPrincipal(principal);
        Session sessionInternal = request.getSessionInternal(false);
        if (this.cache && sessionInternal != null) {
            sessionInternal.setAuthType(str);
            sessionInternal.setPrincipal(principal);
            if (str2 != null) {
                sessionInternal.setNote("org.apache.catalina.session.USERNAME", str2);
            } else {
                sessionInternal.removeNote("org.apache.catalina.session.USERNAME");
            }
            if (str3 != null) {
                sessionInternal.setNote("org.apache.catalina.session.PASSWORD", str3);
            } else {
                sessionInternal.removeNote("org.apache.catalina.session.PASSWORD");
            }
        }
        if (this.sso == null) {
            return;
        }
        String str4 = (String) request.getNote("org.apache.catalina.request.SSOID");
        if (str4 == null) {
            str4 = generateSessionId();
            Cookie cookie = new Cookie(Constants.SINGLE_SIGN_ON_COOKIE, str4);
            cookie.setMaxAge(-1);
            cookie.setPath("/");
            cookie.setSecure(request.isSecure());
            String cookieDomain = this.sso.getCookieDomain();
            if (cookieDomain != null) {
                cookie.setDomain(cookieDomain);
            }
            httpServletResponse.addCookie(cookie);
            this.sso.register(str4, principal, str, str2, str3);
            request.setNote("org.apache.catalina.request.SSOID", str4);
        } else {
            this.sso.update(str4, principal, str, str2, str3);
        }
        if (sessionInternal == null) {
            sessionInternal = request.getSessionInternal(true);
        }
        this.sso.associate(str4, sessionInternal);
    }
}
