package org.josso.servlet.agent;

import java.security.Principal;
import java.util.Collections;
import java.util.HashSet;
import javax.security.auth.Subject;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.josso.agent.Lookup;
import org.josso.agent.SSOAgent;
import org.josso.agent.SSOAgentRequest;
import org.josso.agent.SingleSignOnEntry;
import org.josso.agent.http.JOSSOSecurityContext;
import org.josso.agent.http.JaasHttpSSOAgent;
import org.josso.gateway.identity.SSORole;
import org.josso.gateway.identity.exceptions.SSOIdentityException;
import org.josso.gateway.identity.service.SSOIdentityManagerService;

/* loaded from: input_file:WEB-INF/lib/josso-servlet-agent-1.8.9.jar:org/josso/servlet/agent/GenericServletSSOAgent.class */
public class GenericServletSSOAgent extends JaasHttpSSOAgent {
    private static final Log log = LogFactory.getLog(GenericServletSSOAgent.class);
    private boolean _disableJaas = false;

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.josso.agent.AbstractSSOAgent
    public SingleSignOnEntry execute(SSOAgentRequest sSOAgentRequest) {
        GenericServletSSOAgentRequest genericServletSSOAgentRequest = (GenericServletSSOAgentRequest) sSOAgentRequest;
        GenericServletLocalSession genericServletLocalSession = (GenericServletLocalSession) genericServletSSOAgentRequest.getLocalSession();
        SingleSignOnEntry execute = super.execute(sSOAgentRequest);
        if (execute != null) {
            if (genericServletSSOAgentRequest.getSecurityContext() != null) {
                if (log.isDebugEnabled()) {
                    log.debug("Publishing JOSSO Security Context instance in session [" + (execute != null ? execute.ssoId : "<NO-SSO-ID>") + "]");
                }
                genericServletLocalSession.setSecurityContext(genericServletSSOAgentRequest.getSecurityContext());
            }
        } else if (genericServletLocalSession != null) {
            if (log.isDebugEnabled()) {
                log.debug("Clearing JOSSO Security Context for session [" + genericServletLocalSession.getId() + "]");
            }
            genericServletLocalSession.setSecurityContext(null);
            genericServletSSOAgentRequest.setSecurityContext(null);
        }
        return execute;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.josso.agent.http.JaasHttpSSOAgent, org.josso.agent.AbstractSSOAgent
    public Principal authenticate(SSOAgentRequest sSOAgentRequest) {
        String sessionId = sSOAgentRequest.getSessionId();
        Principal principal = null;
        if (this._disableJaas) {
            log.info("Requested authentication to gateway by " + sSOAgentRequest.getRequester() + " using sso session " + sessionId);
            try {
                if (sessionId == null) {
                    log.error("Session authentication failed : " + sessionId);
                    return null;
                }
                SSOAgent lookupSSOAgent = Lookup.getInstance().lookupSSOAgent();
                SSOIdentityManagerService sSOIdentityManager = lookupSSOAgent.getSSOIdentityManager();
                if (sSOAgentRequest.getNodeId() == null && !"".equals(sSOAgentRequest.getNodeId())) {
                    sSOIdentityManager = lookupSSOAgent.getSSOIdentityManager(sSOAgentRequest.getNodeId());
                }
                principal = sSOIdentityManager.findUserInSession(sSOAgentRequest.getRequester(), sessionId);
                log.info("Session authentication succeeded : " + sessionId);
            } catch (SSOIdentityException e) {
                if (log.isDebugEnabled()) {
                    log.debug(e.getMessage());
                }
            } catch (Exception e2) {
                log.error("Session authentication failed : " + sessionId, e2);
            }
        } else {
            principal = super.authenticate(sSOAgentRequest);
        }
        if (principal != null) {
            HashSet hashSet = new HashSet();
            hashSet.add(principal);
            SSORole[] roleSets = getRoleSets(sSOAgentRequest.getRequester(), sessionId, sSOAgentRequest.getNodeId());
            for (int i = 0; i < roleSets.length; i++) {
                hashSet.add(roleSets[i]);
                log.debug("Added SSORole Principal to the Subject : " + roleSets[i]);
            }
            JOSSOSecurityContext jOSSOSecurityContext = new JOSSOSecurityContext(new Subject(true, hashSet, Collections.emptySet(), Collections.emptySet()));
            jOSSOSecurityContext.setSSOSession(sessionId);
            ((GenericServletSSOAgentRequest) sSOAgentRequest).setSecurityContext(jOSSOSecurityContext);
        }
        return principal;
    }

    @Override // org.josso.agent.http.HttpSSOAgent, org.josso.agent.AbstractSSOAgent
    protected boolean isAuthenticationAlwaysRequired() {
        return true;
    }

    public boolean isDisableJaas() {
        return this._disableJaas;
    }

    public void setDisableJaas(boolean z) {
        this._disableJaas = z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.josso.agent.http.JaasHttpSSOAgent, org.josso.agent.AbstractSSOAgent
    public void log(String str) {
        log.info(str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.josso.agent.http.JaasHttpSSOAgent, org.josso.agent.AbstractSSOAgent
    public void log(String str, Throwable th) {
        log.info(str, th);
    }
}
