package org.glassfish.soteria.mechanisms.jaspic;

import java.lang.annotation.Annotation;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import javax.enterprise.inject.spi.CDI;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.message.AuthException;
import javax.security.auth.message.AuthStatus;
import javax.security.auth.message.MessageInfo;
import javax.security.auth.message.MessagePolicy;
import javax.security.auth.message.module.ServerAuthModule;
import javax.security.enterprise.AuthenticationException;
import javax.security.enterprise.AuthenticationStatus;
import javax.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism;
import javax.security.enterprise.authentication.mechanism.http.HttpMessageContext;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.glassfish.soteria.cdi.spi.CDIPerRequestInitializer;
import org.glassfish.soteria.mechanisms.BasicAuthenticationMechanism;
import org.glassfish.soteria.mechanisms.CustomFormAuthenticationMechanism;
import org.glassfish.soteria.mechanisms.FormAuthenticationMechanism;
import org.glassfish.soteria.mechanisms.HttpMessageContextImpl;

/* loaded from: input_file:org/glassfish/soteria/mechanisms/jaspic/HttpBridgeServerAuthModule.class */
public class HttpBridgeServerAuthModule implements ServerAuthModule {
    private static final Map<String, String> mappings = new HashMap();
    private final CDIPerRequestInitializer cdiPerRequestInitializer;
    private CallbackHandler handler;
    private final Class<?>[] supportedMessageTypes = {HttpServletRequest.class, HttpServletResponse.class};
    private final Map<String, Class<? extends HttpAuthenticationMechanism>> mechanismClassCache = new ConcurrentHashMap(3);

    public HttpBridgeServerAuthModule(CDIPerRequestInitializer cDIPerRequestInitializer) {
        this.cdiPerRequestInitializer = cDIPerRequestInitializer;
    }

    @Override // javax.security.auth.message.module.ServerAuthModule
    public void initialize(MessagePolicy messagePolicy, MessagePolicy messagePolicy2, CallbackHandler callbackHandler, Map map) throws AuthException {
        this.handler = callbackHandler;
    }

    @Override // javax.security.auth.message.module.ServerAuthModule
    public Class<?>[] getSupportedMessageTypes() {
        return this.supportedMessageTypes;
    }

    @Override // javax.security.auth.message.ServerAuth
    public AuthStatus validateRequest(MessageInfo messageInfo, Subject subject, Subject subject2) throws AuthException {
        HttpMessageContextImpl httpMessageContextImpl = new HttpMessageContextImpl(this.handler, messageInfo, subject);
        if (this.cdiPerRequestInitializer != null) {
            this.cdiPerRequestInitializer.init(httpMessageContextImpl.getRequest());
        }
        Jaspic.setLastAuthenticationStatus(httpMessageContextImpl.getRequest(), AuthenticationStatus.NOT_DONE);
        try {
            AuthenticationStatus validateRequest = getMechanism(httpMessageContextImpl).validateRequest(httpMessageContextImpl.getRequest(), httpMessageContextImpl.getResponse(), httpMessageContextImpl);
            Jaspic.setLastAuthenticationStatus(httpMessageContextImpl.getRequest(), validateRequest);
            return Jaspic.fromAuthenticationStatus(validateRequest);
        } catch (AuthenticationException e) {
            Jaspic.setLastAuthenticationStatus(httpMessageContextImpl.getRequest(), AuthenticationStatus.SEND_FAILURE);
            throw ((AuthException) new AuthException("Authentication failure in HttpAuthenticationMechanism").initCause(e));
        }
    }

    private HttpAuthenticationMechanism getMechanism(HttpMessageContext httpMessageContext) throws AuthException {
        return (HttpAuthenticationMechanism) CDI.current().select(findMechanismClass(getMechanismName(httpMessageContext.getRequest())), new Annotation[0]).get2();
    }

    private String getMechanismName(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getServletContext().getInitParameter("fish.payara.security.mechanism");
    }

    private Class<? extends HttpAuthenticationMechanism> findMechanismClass(String str) throws AuthException {
        if (str == null) {
            return HttpAuthenticationMechanism.class;
        }
        try {
            return this.mechanismClassCache.computeIfAbsent(mappings.getOrDefault(str, str), this::loadMechanismClass);
        } catch (RuntimeException e) {
            throw new AuthException(e.getMessage());
        }
    }

    private Class<? extends HttpAuthenticationMechanism> loadMechanismClass(String str) {
        try {
            Class loadClass = Thread.currentThread().getContextClassLoader().loadClass(str);
            if (HttpAuthenticationMechanism.class.isAssignableFrom(loadClass)) {
                return loadClass;
            }
            throw new IllegalArgumentException("Provided authentication class does not implement HttpAuthentication Mechanism: " + str);
        } catch (ClassNotFoundException e) {
            throw new RuntimeException("HTTP Authentication mechanism class not found " + e.getMessage());
        }
    }

    @Override // javax.security.auth.message.ServerAuth
    public AuthStatus secureResponse(MessageInfo messageInfo, Subject subject) throws AuthException {
        HttpMessageContextImpl httpMessageContextImpl = new HttpMessageContextImpl(this.handler, messageInfo, null);
        try {
            try {
                AuthStatus fromAuthenticationStatus = Jaspic.fromAuthenticationStatus(getMechanism(httpMessageContextImpl).secureResponse(httpMessageContextImpl.getRequest(), httpMessageContextImpl.getResponse(), httpMessageContextImpl));
                if (fromAuthenticationStatus != AuthStatus.SUCCESS) {
                    return fromAuthenticationStatus;
                }
                AuthStatus authStatus = AuthStatus.SEND_SUCCESS;
                if (this.cdiPerRequestInitializer != null) {
                    this.cdiPerRequestInitializer.destroy(httpMessageContextImpl.getRequest());
                }
                return authStatus;
            } catch (AuthenticationException e) {
                throw ((AuthException) new AuthException("Secure response failure in HttpAuthenticationMechanism").initCause(e));
            }
        } finally {
            if (this.cdiPerRequestInitializer != null) {
                this.cdiPerRequestInitializer.destroy(httpMessageContextImpl.getRequest());
            }
        }
    }

    @Override // javax.security.auth.message.ServerAuth
    public void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthException {
        HttpMessageContextImpl httpMessageContextImpl = new HttpMessageContextImpl(this.handler, messageInfo, subject);
        getMechanism(httpMessageContextImpl).cleanSubject(httpMessageContextImpl.getRequest(), httpMessageContextImpl.getResponse(), httpMessageContextImpl);
    }

    static {
        mappings.put("Basic", BasicAuthenticationMechanism.class.getName());
        mappings.put("Form", FormAuthenticationMechanism.class.getName());
        mappings.put("CustomForm", CustomFormAuthenticationMechanism.class.getName());
        mappings.put("JWT", "fish.payara.microprofile.jwtauth.eesecurity.JWTAuthenticationMechanism");
        mappings.put("Certificate", "fish.payara.security.realm.mechanisms.CertificateAuthenticationMechanism");
        mappings.put("OAuth2", "fish.payara.security.oauth2.OAuth2AuthenticationMechanism");
        mappings.put("OIDC", "fish.payara.security.openid.OpenIdAuthenticationMechanism");
        mappings.put("TwoIdentityStore", "fish.payara.security.authentication.twoIdentityStore.TwoIdentityStoreAuthenticationMechanism");
    }
}
