package org.wildfly.extension.undertow.security.jaspi;

import io.undertow.security.api.AuthenticatedSessionManager;
import io.undertow.security.idm.Account;
import io.undertow.server.ConduitWrapper;
import io.undertow.server.HttpHandler;
import io.undertow.server.HttpServerExchange;
import io.undertow.servlet.handlers.ServletRequestContext;
import io.undertow.util.AttachmentKey;
import io.undertow.util.ConduitFactory;
import javax.security.auth.Subject;
import javax.security.auth.message.AuthException;
import javax.servlet.ServletRequest;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.jboss.security.SecurityContext;
import org.jboss.security.auth.callback.JASPICallbackHandler;
import org.jboss.security.auth.callback.JBossCallbackHandler;
import org.jboss.security.auth.message.GenericMessageInfo;
import org.jboss.security.plugins.auth.JASPIServerAuthenticationManager;
import org.wildfly.extension.undertow.logging.UndertowLogger;
import org.wildfly.extension.undertow.security.UndertowSecurityAttachments;
import org.xnio.conduits.Conduit;
import org.xnio.conduits.StreamSinkConduit;

/* loaded from: input_file:org/wildfly/extension/undertow/security/jaspi/JASPICInitialHandler.class */
public class JASPICInitialHandler implements HttpHandler {
    private static final String JASPI_HTTP_SERVLET_LAYER = "HttpServlet";
    private static final AttachmentKey<Boolean> ALREADY_WRAPPED = AttachmentKey.create(Boolean.class);
    private final String securityDomain;
    private final HttpHandler next;

    public JASPICInitialHandler(String str, HttpHandler httpHandler) {
        this.securityDomain = str;
        this.next = httpHandler;
    }

    public void handleRequest(HttpServerExchange httpServerExchange) throws Exception {
        AuthenticatedSessionManager.AuthenticatedSession lookupSession;
        ServletRequestContext servletRequestContext = (ServletRequestContext) httpServerExchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
        JASPIServerAuthenticationManager createJASPIAuthenticationManager = createJASPIAuthenticationManager();
        GenericMessageInfo createMessageInfo = createMessageInfo(httpServerExchange, httpServerExchange.getSecurityContext());
        String buildApplicationIdentifier = buildApplicationIdentifier(servletRequestContext);
        JASPICallbackHandler jASPICallbackHandler = new JASPICallbackHandler();
        UndertowLogger.ROOT_LOGGER.debugf("validateRequest for layer [%s] and applicationContextIdentifier [%s]", JASPI_HTTP_SERVLET_LAYER, buildApplicationIdentifier);
        Account account = null;
        JASPICSecurityContext securityContext = httpServerExchange.getSecurityContext();
        AuthenticatedSessionManager authenticatedSessionManager = (AuthenticatedSessionManager) httpServerExchange.getAttachment(AuthenticatedSessionManager.ATTACHMENT_KEY);
        if (authenticatedSessionManager != null && (lookupSession = authenticatedSessionManager.lookupSession(httpServerExchange)) != null) {
            account = lookupSession.getAccount();
            if (account != null) {
                securityContext.setCachedAuthenticatedAccount(account);
            }
        }
        boolean isValid = createJASPIAuthenticationManager.isValid(createMessageInfo, new Subject(), JASPI_HTTP_SERVLET_LAYER, buildApplicationIdentifier, jASPICallbackHandler);
        securityContext.setCachedAuthenticatedAccount(null);
        httpServerExchange.putAttachment(JASPICAttachment.ATTACHMENT_KEY, new JASPICAttachment(isValid, servletRequestContext, createJASPIAuthenticationManager, createMessageInfo, buildApplicationIdentifier, jASPICallbackHandler, account));
        ServletRequestContext servletRequestContext2 = (ServletRequestContext) httpServerExchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
        servletRequestContext2.setServletRequest((HttpServletRequest) createMessageInfo.getRequestMessage());
        servletRequestContext2.setServletResponse((HttpServletResponse) createMessageInfo.getResponseMessage());
        secureResponse(httpServerExchange, createJASPIAuthenticationManager, createMessageInfo, jASPICallbackHandler);
        this.next.handleRequest(httpServerExchange);
    }

    private JASPIServerAuthenticationManager createJASPIAuthenticationManager() {
        return new JASPIServerAuthenticationManager(this.securityDomain, new JBossCallbackHandler());
    }

    private void secureResponse(HttpServerExchange httpServerExchange, final JASPIServerAuthenticationManager jASPIServerAuthenticationManager, final GenericMessageInfo genericMessageInfo, final JASPICallbackHandler jASPICallbackHandler) {
        if (httpServerExchange.getAttachment(ALREADY_WRAPPED) != null || httpServerExchange.isResponseStarted()) {
            return;
        }
        httpServerExchange.putAttachment(ALREADY_WRAPPED, true);
        httpServerExchange.addResponseWrapper(new ConduitWrapper<StreamSinkConduit>() { // from class: org.wildfly.extension.undertow.security.jaspi.JASPICInitialHandler.1
            public StreamSinkConduit wrap(ConduitFactory<StreamSinkConduit> conduitFactory, HttpServerExchange httpServerExchange2) {
                String buildApplicationIdentifier = JASPICInitialHandler.this.buildApplicationIdentifier((ServletRequestContext) httpServerExchange2.getAttachment(ServletRequestContext.ATTACHMENT_KEY));
                if (!JASPICInitialHandler.this.wasAuthExceptionThrown(httpServerExchange2)) {
                    UndertowLogger.ROOT_LOGGER.debugf("secureResponse for layer [%s] and applicationContextIdentifier [%s].", JASPICInitialHandler.JASPI_HTTP_SERVLET_LAYER, buildApplicationIdentifier);
                    jASPIServerAuthenticationManager.secureResponse(genericMessageInfo, new Subject(), JASPICInitialHandler.JASPI_HTTP_SERVLET_LAYER, buildApplicationIdentifier, jASPICallbackHandler);
                    ServletRequestContext servletRequestContext = (ServletRequestContext) httpServerExchange2.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
                    servletRequestContext.setServletRequest((HttpServletRequest) genericMessageInfo.getRequestMessage());
                    servletRequestContext.setServletResponse((HttpServletResponse) genericMessageInfo.getResponseMessage());
                }
                return conduitFactory.create();
            }

            /* renamed from: wrap, reason: collision with other method in class */
            public /* bridge */ /* synthetic */ Conduit m118wrap(ConduitFactory conduitFactory, HttpServerExchange httpServerExchange2) {
                return wrap((ConduitFactory<StreamSinkConduit>) conduitFactory, httpServerExchange2);
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean wasAuthExceptionThrown(HttpServerExchange httpServerExchange) {
        return ((SecurityContext) httpServerExchange.getAttachment(UndertowSecurityAttachments.SECURITY_CONTEXT_ATTACHMENT)).getData().get(AuthException.class.getName()) != null;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String buildApplicationIdentifier(ServletRequestContext servletRequestContext) {
        ServletRequest servletRequest = servletRequestContext.getServletRequest();
        return servletRequest.getServletContext().getVirtualServerName() + " " + servletRequest.getServletContext().getContextPath();
    }

    private GenericMessageInfo createMessageInfo(HttpServerExchange httpServerExchange, io.undertow.security.api.SecurityContext securityContext) {
        ServletRequestContext servletRequestContext = (ServletRequestContext) httpServerExchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
        GenericMessageInfo genericMessageInfo = new GenericMessageInfo();
        genericMessageInfo.setRequestMessage(servletRequestContext.getServletRequest());
        genericMessageInfo.setResponseMessage(servletRequestContext.getServletResponse());
        genericMessageInfo.getMap().put("javax.security.auth.message.MessagePolicy.isMandatory", isMandatory(servletRequestContext).toString());
        genericMessageInfo.getMap().put(JASPIAuthenticationMechanism.SECURITY_CONTEXT_ATTACHMENT_KEY, securityContext);
        genericMessageInfo.getMap().put(JASPIAuthenticationMechanism.HTTP_SERVER_EXCHANGE_ATTACHMENT_KEY, httpServerExchange);
        return genericMessageInfo;
    }

    private Boolean isMandatory(ServletRequestContext servletRequestContext) {
        return Boolean.valueOf(servletRequestContext.getExchange().getSecurityContext() != null && servletRequestContext.getExchange().getSecurityContext().isAuthenticationRequired());
    }
}
