package org.apache.qpid.server.management.plugin.auth;

import jakarta.servlet.http.HttpServletRequest;
import javax.security.auth.Subject;
import org.apache.qpid.server.management.plugin.HttpManagement;
import org.apache.qpid.server.management.plugin.HttpManagementConfiguration;
import org.apache.qpid.server.management.plugin.HttpManagementUtil;
import org.apache.qpid.server.management.plugin.HttpRequestInteractiveAuthenticator;
import org.apache.qpid.server.model.AuthenticationProvider;
import org.apache.qpid.server.plugin.PluggableService;
import org.apache.qpid.server.security.auth.manager.ExternalAuthenticationManager;

@PluggableService
/* loaded from: input_file:org/apache/qpid/server/management/plugin/auth/SSLClientCertInteractiveAuthenticator.class */
public class SSLClientCertInteractiveAuthenticator implements HttpRequestInteractiveAuthenticator {
    private static final HttpRequestInteractiveAuthenticator.LogoutHandler LOGOUT_HANDLER = httpServletResponse -> {
        httpServletResponse.sendRedirect(HttpManagement.DEFAULT_LOGOUT_URL);
    };
    private final SSLClientCertPreemptiveAuthenticator _preemptiveAuthenticator = new SSLClientCertPreemptiveAuthenticator();

    @Override // org.apache.qpid.server.management.plugin.HttpRequestInteractiveAuthenticator
    public HttpRequestInteractiveAuthenticator.AuthenticationHandler getAuthenticationHandler(HttpServletRequest httpServletRequest, HttpManagementConfiguration httpManagementConfiguration) {
        AuthenticationProvider authenticationProvider = httpManagementConfiguration.getAuthenticationProvider(httpServletRequest);
        if (authenticationProvider instanceof ExternalAuthenticationManager) {
            return httpServletResponse -> {
                Subject attemptAuthentication = this._preemptiveAuthenticator.attemptAuthentication(httpServletRequest, httpManagementConfiguration);
                if (attemptAuthentication == null) {
                    httpServletResponse.sendError(401);
                } else {
                    HttpManagementUtil.createServletConnectionSubjectAssertManagementAccessAndSave(authenticationProvider.getParent(), httpServletRequest, attemptAuthentication);
                    httpServletResponse.sendRedirect("/");
                }
            };
        }
        return null;
    }

    @Override // org.apache.qpid.server.management.plugin.HttpRequestInteractiveAuthenticator
    public HttpRequestInteractiveAuthenticator.LogoutHandler getLogoutHandler(HttpServletRequest httpServletRequest, HttpManagementConfiguration httpManagementConfiguration) {
        return LOGOUT_HANDLER;
    }

    public String getType() {
        return "SSLClientAuth";
    }
}
