package org.josso.jb5.agent;

import java.io.IOException;
import java.security.Principal;
import javax.security.auth.Subject;
import javax.security.auth.message.callback.CallerPrincipalCallback;
import javax.security.auth.message.callback.PasswordValidationCallback;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import org.apache.catalina.Realm;
import org.apache.catalina.Session;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.deploy.LoginConfig;
import org.apache.catalina.deploy.SecurityConstraint;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.jboss.security.ServerAuthenticationManager;
import org.jboss.security.auth.message.GenericMessageInfo;
import org.jboss.web.tomcat.security.jaspi.TomcatJASPIAuthenticator;
import org.josso.agent.Lookup;
import org.josso.jaspi.agent.JASPICallbackHandler;

/* loaded from: input_file:org/josso/jb5/agent/JOSSOJASPIAuthenticator.class */
public class JOSSOJASPIAuthenticator extends TomcatJASPIAuthenticator {
    private static final Log log = LogFactory.getLog(JOSSOJASPIAuthenticator.class);
    private String messageLayer = "HttpServlet";

    public void invoke(Request request, Response response) throws IOException, ServletException {
        Session sessionInternal;
        if (log.isDebugEnabled()) {
            log.debug("Security checking request " + request.getMethod() + " " + request.getRequestURI());
        }
        LoginConfig loginConfig = this.context.getLoginConfig();
        if (request.getUserPrincipal() == null && (sessionInternal = request.getSessionInternal(false)) != null) {
            if (!jossoCookieExists(request)) {
                sessionInternal.setPrincipal((Principal) null);
            }
            Principal principal = sessionInternal.getPrincipal();
            if (principal != null) {
                if (log.isDebugEnabled()) {
                    log.debug("We have cached auth type " + sessionInternal.getAuthType() + " for principal " + sessionInternal.getPrincipal());
                }
                request.setAuthType(sessionInternal.getAuthType());
                request.setUserPrincipal(principal);
            }
        }
        Realm realm = this.context.getRealm();
        SecurityConstraint[] findSecurityConstraints = realm.findSecurityConstraints(request, this.context);
        if (log.isDebugEnabled()) {
            log.debug(" Calling hasUserDataPermission()");
        }
        if (!realm.hasUserDataPermission(request, response, findSecurityConstraints)) {
            if (log.isDebugEnabled()) {
                log.debug(" Failed hasUserDataPermission()");
                return;
            }
            return;
        }
        if (!authenticate(request, response, loginConfig)) {
            if (log.isDebugEnabled()) {
                log.debug(" Failed authenticate()");
                return;
            }
            return;
        }
        if (log.isDebugEnabled()) {
            log.debug(" Calling accessControl()");
        }
        if (realm.hasResourcePermission(request, response, findSecurityConstraints, this.context)) {
            if (log.isDebugEnabled()) {
                log.debug(" Successfully passed all security constraints");
            }
            getNext().invoke(request, response);
        } else if (log.isDebugEnabled()) {
            log.debug(" Failed accessControl()");
        }
    }

    protected boolean authenticate(Request request, Response response, LoginConfig loginConfig) throws IOException {
        String[] findAuthRoles;
        String authMethod = loginConfig.getAuthMethod();
        Principal userPrincipal = request.getUserPrincipal();
        if (userPrincipal != null) {
            log.trace("Already authenticated '" + userPrincipal.getName() + "'");
        }
        SecurityConstraint[] findSecurityConstraints = this.context.getRealm().findSecurityConstraints(request, this.context);
        if (!jossoCookieExists(request) && userPrincipal == null && findSecurityConstraints != null && findSecurityConstraints.length > 0) {
            boolean z = true;
            for (int i = 0; i < findSecurityConstraints.length && z; i++) {
                if (!findSecurityConstraints[i].getAuthConstraint()) {
                    z = false;
                } else if (!findSecurityConstraints[i].getAllRoles() && ((findAuthRoles = findSecurityConstraints[i].findAuthRoles()) == null || findAuthRoles.length == 0)) {
                    z = false;
                }
            }
            if (z) {
                forwardToLoginPage(request, response, loginConfig);
                return false;
            }
        }
        GenericMessageInfo genericMessageInfo = new GenericMessageInfo();
        genericMessageInfo.setRequestMessage(request);
        genericMessageInfo.setResponseMessage(response);
        genericMessageInfo.getMap().put("CACHE", Boolean.valueOf(this.cache));
        JASPICallbackHandler jASPICallbackHandler = new JASPICallbackHandler();
        Subject subject = new Subject();
        ServerAuthenticationManager serverAuthenticationManager = getServerAuthenticationManager();
        boolean isValid = serverAuthenticationManager != null ? serverAuthenticationManager.isValid(genericMessageInfo, subject, this.messageLayer, jASPICallbackHandler) : false;
        if (isValid) {
            PasswordValidationCallback passwordValidationCallback = jASPICallbackHandler.getPasswordValidationCallback();
            CallerPrincipalCallback callerPrincipalCallback = jASPICallbackHandler.getCallerPrincipalCallback();
            if (passwordValidationCallback != null && callerPrincipalCallback != null) {
                register(request, response, callerPrincipalCallback.getPrincipal(), authMethod, passwordValidationCallback.getUsername(), new String(passwordValidationCallback.getPassword()));
                JBossSecurityAssociationActions.setPrincipalInfo(callerPrincipalCallback.getPrincipal(), new String(passwordValidationCallback.getPassword()), subject);
            }
        }
        return isValid;
    }

    protected void register(Request request, Response response, Principal principal, String str, String str2, String str3) {
        if (log.isTraceEnabled()) {
            log.trace("Authenticated '" + (principal == null ? "none" : principal.getName()) + "' with type '" + str + "'");
        }
        request.setAuthType(str);
        request.setUserPrincipal(principal);
        Session sessionInternal = request.getSessionInternal(false);
        if (sessionInternal == null || !this.cache) {
            return;
        }
        sessionInternal.setAuthType(str);
        sessionInternal.setPrincipal(principal);
    }

    protected void forwardToLoginPage(Request request, Response response, LoginConfig loginConfig) {
        RequestDispatcher requestDispatcher = this.context.getServletContext().getRequestDispatcher(loginConfig.getLoginPage());
        try {
            Lookup lookup = Lookup.getInstance();
            lookup.init("josso-agent-config.xml");
            lookup.lookupSSOAgent().setAttribute(request.getRequest(), response.getResponse(), "JOSSO_SAVED_REQUEST", getRequestURI(request));
            requestDispatcher.forward(request.getRequest(), response.getResponse());
            response.finishResponse();
        } catch (Throwable th) {
            log.warn("Unexpected error forwarding to login page", th);
        }
    }

    protected String getRequestURI(Request request) {
        StringBuffer stringBuffer = new StringBuffer(request.getRequestURI());
        if (request.getQueryString() != null) {
            stringBuffer.append('?');
            stringBuffer.append(request.getQueryString());
        }
        return stringBuffer.toString();
    }

    protected boolean jossoCookieExists(Request request) {
        boolean z = false;
        Cookie[] cookies = request.getCookies();
        if (cookies != null) {
            int length = cookies.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                Cookie cookie = cookies[i];
                if (!"JOSSO_SESSIONID".equals(cookie.getName())) {
                    i++;
                } else if (cookie.getValue() != null && !cookie.getValue().equals("-")) {
                    z = true;
                }
            }
        }
        return z;
    }
}
