package org.gatein.security.oauth.jaas;

import java.lang.reflect.Method;
import javax.security.auth.login.LoginException;
import javax.servlet.http.HttpServletRequest;
import org.exoplatform.container.ExoContainer;
import org.exoplatform.services.log.ExoLogger;
import org.exoplatform.services.log.Log;
import org.exoplatform.services.organization.User;
import org.exoplatform.services.security.Authenticator;
import org.exoplatform.services.security.UsernameCredential;
import org.exoplatform.services.security.jaas.AbstractLoginModule;
import org.exoplatform.web.security.AuthenticationRegistry;
import org.gatein.security.oauth.common.OAuthConstants;
import org.gatein.security.oauth.spi.OAuthProviderTypeRegistry;

/* loaded from: input_file:org/gatein/security/oauth/jaas/OAuthLoginModule.class */
public class OAuthLoginModule extends AbstractLoginModule {
    private static final Log log = ExoLogger.getLogger(OAuthLoginModule.class);
    private static Method getContextMethod;

    protected Log getLogger() {
        return log;
    }

    public boolean login() throws LoginException {
        try {
            ExoContainer container = getContainer();
            if (!((OAuthProviderTypeRegistry) container.getComponentInstanceOfType(OAuthProviderTypeRegistry.class)).isOAuthEnabled()) {
                if (!log.isTraceEnabled()) {
                    return false;
                }
                log.trace("OAuth is disabled. Ignoring this login module");
                return false;
            }
            HttpServletRequest currentHttpServletRequest = getCurrentHttpServletRequest();
            if (currentHttpServletRequest == null) {
                log.debug("HttpServletRequest is null. OAuthLoginModule will be ignored.");
                return false;
            }
            User user = (User) ((AuthenticationRegistry) container.getComponentInstanceOfType(AuthenticationRegistry.class)).getAttributeOfClient(currentHttpServletRequest, OAuthConstants.ATTRIBUTE_AUTHENTICATED_PORTAL_USER_FOR_JAAS);
            if (user == null) {
                log.debug("OAuthLogin Failed. Credential Not Found!!");
                return false;
            }
            String userName = user.getUserName();
            establishSecurityContext(container, userName);
            if (!log.isTraceEnabled()) {
                return true;
            }
            log.trace("Successfully established security context for user " + userName);
            return true;
        } catch (Exception e) {
            if (log.isTraceEnabled()) {
                log.trace("Exception in login module", e);
            }
            throw new LoginException("OAuth login failed due to exception: " + e.getClass() + ": " + e.getMessage());
        }
    }

    public boolean commit() throws LoginException {
        return true;
    }

    public boolean abort() throws LoginException {
        return true;
    }

    public boolean logout() throws LoginException {
        return true;
    }

    protected void establishSecurityContext(ExoContainer exoContainer, String str) throws Exception {
        Authenticator authenticator = (Authenticator) exoContainer.getComponentInstanceOfType(Authenticator.class);
        if (authenticator == null) {
            throw new LoginException("No Authenticator component found, check your configuration");
        }
        this.sharedState.put("exo.security.identity", authenticator.createIdentity(str));
        this.sharedState.put("javax.security.auth.login.name", str);
        this.subject.getPublicCredentials().add(new UsernameCredential(str));
    }

    protected HttpServletRequest getCurrentHttpServletRequest() {
        HttpServletRequest httpServletRequest = null;
        if (getContextMethod != null) {
            try {
                httpServletRequest = (HttpServletRequest) getContextMethod.invoke(null, "javax.servlet.http.HttpServletRequest");
            } catch (Throwable th) {
                log.error("LoginModule error. Turn off session credentials checking with proper configuration option of LoginModule set to false");
                log.error(this, th);
            }
        } else {
            try {
                httpServletRequest = (HttpServletRequest) Thread.currentThread().getContextClassLoader().loadClass("org.gatein.sso.agent.tomcat.ServletAccess").getDeclaredMethod("getRequest", new Class[0]).invoke(null, new Object[0]);
            } catch (Exception e) {
                log.error("Unexpected exception when trying to obtain HttpServletRequest from ServletAccess thread-local", e);
            }
        }
        if (log.isTraceEnabled()) {
            log.trace("Returning HttpServletRequest " + httpServletRequest);
        }
        return httpServletRequest;
    }

    static {
        try {
            getContextMethod = Thread.currentThread().getContextClassLoader().loadClass("javax.security.jacc.PolicyContext").getDeclaredMethod("getContext", String.class);
        } catch (ClassNotFoundException e) {
            log.debug("JACC not found ignoring it", e);
        } catch (Exception e2) {
            log.error("Could not obtain JACC get context method", e2);
        }
    }
}
