package org.glassfish.soteria.mechanisms.jaspic;

import java.lang.annotation.Annotation;
import java.util.HashMap;
import java.util.Map;
import java.util.logging.Logger;
import javax.enterprise.inject.spi.CDI;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.message.AuthException;
import javax.security.auth.message.AuthStatus;
import javax.security.auth.message.MessageInfo;
import javax.security.auth.message.MessagePolicy;
import javax.security.auth.message.module.ServerAuthModule;
import javax.security.enterprise.AuthenticationException;
import javax.security.enterprise.AuthenticationStatus;
import javax.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.glassfish.soteria.cdi.spi.CDIPerRequestInitializer;
import org.glassfish.soteria.mechanisms.BasicAuthenticationMechanism;
import org.glassfish.soteria.mechanisms.CustomFormAuthenticationMechanism;
import org.glassfish.soteria.mechanisms.FormAuthenticationMechanism;
import org.glassfish.soteria.mechanisms.HttpMessageContextImpl;

/* loaded from: input_file:org/glassfish/soteria/mechanisms/jaspic/HttpBridgeServerAuthModule.class */
public class HttpBridgeServerAuthModule implements ServerAuthModule {
    private static final Logger LOGGER = Logger.getLogger(HttpBridgeServerAuthModule.class.getName());
    private CallbackHandler handler;
    private final CDIPerRequestInitializer cdiPerRequestInitializer;
    private final Class<?>[] supportedMessageTypes = {HttpServletRequest.class, HttpServletResponse.class};
    private final Map<String, Class<?>> mappings = new HashMap();

    public HttpBridgeServerAuthModule(CDIPerRequestInitializer cDIPerRequestInitializer) {
        this.cdiPerRequestInitializer = cDIPerRequestInitializer;
        try {
            initMappings();
        } catch (ClassNotFoundException e) {
            LOGGER.warning(e.getMessage());
        }
    }

    private void initMappings() throws ClassNotFoundException {
        this.mappings.put("Basic", BasicAuthenticationMechanism.class);
        this.mappings.put("Form", FormAuthenticationMechanism.class);
        this.mappings.put("CustomForm", CustomFormAuthenticationMechanism.class);
        this.mappings.put("JWT", Thread.currentThread().getContextClassLoader().loadClass("fish.payara.microprofile.jwtauth.eesecurity.JWTAuthenticationMechanism"));
        this.mappings.put("Certificate", Thread.currentThread().getContextClassLoader().loadClass("fish.payara.security.realm.mechanisms.CertificateAuthenticationMechanism"));
        this.mappings.put("Azure", Thread.currentThread().getContextClassLoader().loadClass("fish.payara.security.openid.azure.AzureOpenIdAuthenticationMechanism"));
        this.mappings.put("Google", Thread.currentThread().getContextClassLoader().loadClass("fish.payara.security.openid.google.GoogleOpenIdAuthenticationMechanism"));
        this.mappings.put("OAuth2", Thread.currentThread().getContextClassLoader().loadClass("fish.payara.security.oauth2.OAuth2AuthenticationMechanism"));
        this.mappings.put("OIDC", Thread.currentThread().getContextClassLoader().loadClass("fish.payara.security.openid.OpenIdAuthenticationMechanism"));
        this.mappings.put("TwoIdentityStore", Thread.currentThread().getContextClassLoader().loadClass("fish.payara.security.authentication.twoIdentityStore.TwoIdentityStoreAuthenticationMechanism"));
    }

    @Override // javax.security.auth.message.module.ServerAuthModule
    public void initialize(MessagePolicy messagePolicy, MessagePolicy messagePolicy2, CallbackHandler callbackHandler, Map map) throws AuthException {
        this.handler = callbackHandler;
    }

    @Override // javax.security.auth.message.module.ServerAuthModule
    public Class<?>[] getSupportedMessageTypes() {
        return this.supportedMessageTypes;
    }

    @Override // javax.security.auth.message.ServerAuth
    public AuthStatus validateRequest(MessageInfo messageInfo, Subject subject, Subject subject2) throws AuthException {
        HttpMessageContextImpl httpMessageContextImpl = new HttpMessageContextImpl(this.handler, messageInfo, subject);
        if (this.cdiPerRequestInitializer != null) {
            this.cdiPerRequestInitializer.init(httpMessageContextImpl.getRequest());
        }
        Jaspic.setLastAuthenticationStatus(httpMessageContextImpl.getRequest(), AuthenticationStatus.NOT_DONE);
        try {
            try {
                AuthenticationStatus validateRequest = ((HttpAuthenticationMechanism) CDI.current().select(defineMechanismClassName(ContextAuthenticationMechanismMapping.getInstance().getMechanism(httpMessageContextImpl.getRequest())), new Annotation[0]).get2()).validateRequest(httpMessageContextImpl.getRequest(), httpMessageContextImpl.getResponse(), httpMessageContextImpl);
                Jaspic.setLastAuthenticationStatus(httpMessageContextImpl.getRequest(), validateRequest);
                return Jaspic.fromAuthenticationStatus(validateRequest);
            } catch (AuthenticationException e) {
                Jaspic.setLastAuthenticationStatus(httpMessageContextImpl.getRequest(), AuthenticationStatus.SEND_FAILURE);
                throw ((AuthException) new AuthException("Authentication failure in HttpAuthenticationMechanism").initCause(e));
            }
        } catch (ClassNotFoundException e2) {
            throw new AuthException(e2.getMessage());
        }
    }

    @Override // javax.security.auth.message.ServerAuth
    public AuthStatus secureResponse(MessageInfo messageInfo, Subject subject) throws AuthException {
        HttpMessageContextImpl httpMessageContextImpl = new HttpMessageContextImpl(this.handler, messageInfo, null);
        try {
            try {
                try {
                    AuthStatus fromAuthenticationStatus = Jaspic.fromAuthenticationStatus(((HttpAuthenticationMechanism) CDI.current().select(defineMechanismClassName(ContextAuthenticationMechanismMapping.getInstance().getMechanism(httpMessageContextImpl.getRequest())), new Annotation[0]).get2()).secureResponse(httpMessageContextImpl.getRequest(), httpMessageContextImpl.getResponse(), httpMessageContextImpl));
                    if (fromAuthenticationStatus != AuthStatus.SUCCESS) {
                        return fromAuthenticationStatus;
                    }
                    AuthStatus authStatus = AuthStatus.SEND_SUCCESS;
                    if (this.cdiPerRequestInitializer != null) {
                        this.cdiPerRequestInitializer.destroy(httpMessageContextImpl.getRequest());
                    }
                    return authStatus;
                } catch (AuthenticationException e) {
                    throw ((AuthException) new AuthException("Secure response failure in HttpAuthenticationMechanism").initCause(e));
                }
            } finally {
                if (this.cdiPerRequestInitializer != null) {
                    this.cdiPerRequestInitializer.destroy(httpMessageContextImpl.getRequest());
                }
            }
        } catch (ClassNotFoundException e2) {
            throw new AuthException(e2.getMessage());
        }
    }

    @Override // javax.security.auth.message.ServerAuth
    public void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthException {
        HttpMessageContextImpl httpMessageContextImpl = new HttpMessageContextImpl(this.handler, messageInfo, subject);
        ((HttpAuthenticationMechanism) CDI.current().select(HttpAuthenticationMechanism.class, new Annotation[0]).get2()).cleanSubject(httpMessageContextImpl.getRequest(), httpMessageContextImpl.getResponse(), httpMessageContextImpl);
    }

    private Class<?> defineMechanismClassName(String str) throws ClassNotFoundException {
        Class<?> cls = this.mappings.get(str);
        if (cls == null) {
            if (str != null) {
                cls = Thread.currentThread().getContextClassLoader().loadClass(str);
                if (!HttpAuthenticationMechanism.class.isAssignableFrom(cls)) {
                    throw new IllegalArgumentException("The value for the 'fish.payara.security.mechanism' context parameter doesn't contain a reference to a HttpAuthenticationMechanism implementation.");
                }
                this.mappings.put(str, cls);
            } else {
                cls = HttpAuthenticationMechanism.class;
            }
        }
        return cls;
    }
}
