package org.uberfire.ext.security.server;

import java.security.Principal;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.ServiceLoader;
import java.util.Set;
import javax.enterprise.context.ApplicationScoped;
import javax.security.auth.Subject;
import javax.security.jacc.PolicyContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.jboss.errai.bus.server.annotations.Service;
import org.jboss.errai.security.shared.api.Group;
import org.jboss.errai.security.shared.api.GroupImpl;
import org.jboss.errai.security.shared.api.Role;
import org.jboss.errai.security.shared.api.identity.User;
import org.jboss.errai.security.shared.api.identity.UserImpl;
import org.jboss.errai.security.shared.exception.FailedAuthenticationException;
import org.jboss.errai.security.shared.service.AuthenticationService;
import org.uberfire.ext.security.server.adapter.GroupsAdapter;

@Service
@ApplicationScoped
/* loaded from: input_file:org/uberfire/ext/security/server/ServletSecurityAuthenticationService.class */
public class ServletSecurityAuthenticationService implements AuthenticationService {
    private static final String USER_SESSION_ATTR_NAME = "uf.security.user";
    private static final String DEFAULT_ROLE_PRINCIPLE_NAME = "Roles";
    private final ServiceLoader<GroupsAdapter> groupsAdapterServiceLoader = ServiceLoader.load(GroupsAdapter.class);
    private String[] rolePrincipleNames;

    public ServletSecurityAuthenticationService() {
        this.rolePrincipleNames = new String[]{DEFAULT_ROLE_PRINCIPLE_NAME};
        String property = System.getProperty("org.uberfire.security.principal.names", "");
        if (property == null || property.trim().isEmpty()) {
            return;
        }
        this.rolePrincipleNames = property.split(",");
    }

    public User login(String str, String str2) {
        try {
            getRequestForThread().login(str, str2);
            return getUser();
        } catch (ServletException e) {
            throw new FailedAuthenticationException();
        }
    }

    public boolean isLoggedIn() {
        return getRequestForThread().getUserPrincipal() != null;
    }

    public void logout() {
        HttpServletRequest requestForThread = getRequestForThread();
        try {
            requestForThread.logout();
        } catch (Exception e) {
        }
        HttpSession session = requestForThread.getSession(false);
        if (session != null) {
            session.invalidate();
        }
    }

    public User getUser() {
        HttpServletRequest requestForThread = getRequestForThread();
        if (requestForThread.getUserPrincipal() == null) {
            return null;
        }
        UserImpl userImpl = null;
        HttpSession session = requestForThread.getSession(false);
        if (session != null) {
            userImpl = (User) session.getAttribute(USER_SESSION_ATTR_NAME);
            if (userImpl == null) {
                HashSet hashSet = new HashSet();
                for (Role role : RolesRegistry.get().getRegisteredRoles()) {
                    if (requestForThread.isUserInRole(role.getName())) {
                        hashSet.add(role);
                    }
                }
                String name = requestForThread.getUserPrincipal().getName();
                HashSet hashSet2 = new HashSet(loadGroups());
                Iterator<GroupsAdapter> it = this.groupsAdapterServiceLoader.iterator();
                while (it.hasNext()) {
                    List<Group> groups = it.next().getGroups(name);
                    if (groups != null) {
                        hashSet2.addAll(groups);
                    }
                }
                userImpl = new UserImpl(name, hashSet, hashSet2);
                session.setAttribute(USER_SESSION_ATTR_NAME, userImpl);
            }
        }
        return userImpl;
    }

    private Set<Group> loadGroups() {
        Subject subject;
        try {
            subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container");
        } catch (Exception e) {
            subject = null;
        }
        if (subject == null) {
            return Collections.emptySet();
        }
        HashSet hashSet = new HashSet();
        Set<Principal> principals = subject.getPrincipals();
        if (principals != null && !principals.isEmpty()) {
            for (Principal principal : principals) {
                if (principal instanceof java.security.acl.Group) {
                    for (String str : this.rolePrincipleNames) {
                        if (str.equalsIgnoreCase(principal.getName())) {
                            Enumeration<? extends Principal> members = ((java.security.acl.Group) principal).members();
                            while (members.hasMoreElements()) {
                                hashSet.add(new GroupImpl(members.nextElement().getName()));
                            }
                        }
                    }
                }
            }
        }
        return hashSet;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static HttpServletRequest getRequestForThread() {
        HttpServletRequest request = SecurityIntegrationFilter.getRequest();
        if (request == null) {
            throw new IllegalStateException("This service only works from threads that are handling HTTP servlet requests");
        }
        return request;
    }
}
