package org.picketlink.identity.federation.bindings.tomcat;

import java.io.IOException;
import java.security.AccessController;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.util.UUID;
import javax.security.auth.Subject;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.catalina.Realm;
import org.apache.catalina.Session;
import org.apache.catalina.authenticator.Constants;
import org.apache.catalina.authenticator.FormAuthenticator;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.deploy.LoginConfig;
import org.apache.log4j.Logger;

/* loaded from: input_file:jboss-as-7.1.1.Final/modules/org/picketlink/main/picketlink-bindings-2.0.2.Final.jar:org/picketlink/identity/federation/bindings/tomcat/PicketLinkAuthenticator.class */
public class PicketLinkAuthenticator extends FormAuthenticator {
    protected static Logger log = Logger.getLogger(PicketLinkAuthenticator.class);
    protected boolean trace = log.isTraceEnabled();
    protected String authMethod = "SECURITY_DOMAIN";
    protected boolean needSubjectPrincipalSubstitution = true;
    protected SubjectSecurityInteraction subjectInteraction = null;
    protected String subjectInteractionClassName = "org.picketlink.identity.federation.bindings.jboss.subject.PicketLinkJBossSubjectInteraction";

    public PicketLinkAuthenticator() {
        if (this.trace) {
            log.trace("PicketLinkAuthenticator Created");
        }
    }

    public void setAuthMethod(String str) {
        this.authMethod = str;
    }

    public void setNeedSubjectPrincipalSubstitution(String str) {
        this.needSubjectPrincipalSubstitution = Boolean.valueOf(str).booleanValue();
    }

    public void setSubjectInteractionClassName(String str) {
        this.subjectInteractionClassName = str;
    }

    public boolean authenticate(Request request, Response response, LoginConfig loginConfig) throws IOException {
        log.trace("Authenticating user");
        Principal userPrincipal = request.getUserPrincipal();
        if (userPrincipal != null) {
            if (!this.trace) {
                return true;
            }
            log.trace("Already authenticated '" + userPrincipal.getName() + "'");
            return true;
        }
        Session sessionInternal = request.getSessionInternal(true);
        String uuid = UUID.randomUUID().toString();
        Realm realm = this.context.getRealm();
        Principal authenticate = realm.authenticate(uuid, uuid);
        if (authenticate == null) {
            return false;
        }
        if (this.needSubjectPrincipalSubstitution) {
            Principal subjectPrincipal = getSubjectPrincipal();
            if (subjectPrincipal == null) {
                throw new RuntimeException("Principal from subject is null");
            }
            authenticate = realm.authenticate(subjectPrincipal.getName(), uuid);
        }
        sessionInternal.setNote(Constants.SESS_USERNAME_NOTE, authenticate.getName());
        sessionInternal.setNote(Constants.SESS_PASSWORD_NOTE, uuid);
        request.setUserPrincipal(authenticate);
        register(request, response, authenticate, this.authMethod, authenticate.getName(), uuid);
        if (authenticate == null || !this.needSubjectPrincipalSubstitution) {
            return true;
        }
        this.subjectInteraction.cleanup(authenticate);
        return true;
    }

    public boolean authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, LoginConfig loginConfig) throws IOException {
        return authenticate((Request) httpServletRequest, (Response) httpServletResponse, loginConfig);
    }

    protected Principal getSubjectPrincipal() {
        if (this.subjectInteraction == null) {
            try {
                this.subjectInteraction = (SubjectSecurityInteraction) loadClass(getClass(), this.subjectInteractionClassName).newInstance();
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }
        Subject subject = this.subjectInteraction.get();
        if (subject == null || subject.getPrincipals().isEmpty()) {
            return null;
        }
        return subject.getPrincipals().iterator().next();
    }

    Class<?> loadClass(final Class<?> cls, final String str) {
        return (Class) AccessController.doPrivileged(new PrivilegedAction<Class<?>>() { // from class: org.picketlink.identity.federation.bindings.tomcat.PicketLinkAuthenticator.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Class<?> run() {
                Class<?> loadClass = PicketLinkAuthenticator.this.loadClass(cls.getClassLoader(), str);
                if (loadClass == null) {
                    loadClass = PicketLinkAuthenticator.this.loadClass(Thread.currentThread().getContextClassLoader(), str);
                }
                return loadClass;
            }
        });
    }

    Class<?> loadClass(final ClassLoader classLoader, final String str) {
        return (Class) AccessController.doPrivileged(new PrivilegedAction<Class<?>>() { // from class: org.picketlink.identity.federation.bindings.tomcat.PicketLinkAuthenticator.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Class<?> run() {
                try {
                    return classLoader.loadClass(str);
                } catch (ClassNotFoundException e) {
                    return null;
                }
            }
        });
    }
}
