package cloud.piranha.extension.eleos;

import cloud.piranha.core.api.AuthenticatedIdentity;
import cloud.piranha.core.api.SecurityManager;
import cloud.piranha.core.api.WebApplication;
import cloud.piranha.core.impl.DefaultAuthenticatedIdentity;
import cloud.piranha.extension.webxml.WebXml;
import cloud.piranha.extension.webxml.WebXmlLoginConfig;
import cloud.piranha.extension.webxml.WebXmlManager;
import jakarta.security.auth.message.config.AuthConfigFactory;
import jakarta.servlet.Filter;
import jakarta.servlet.ServletContainerInitializer;
import jakarta.servlet.ServletContext;
import jakarta.servlet.ServletException;
import java.io.IOException;
import java.io.InputStream;
import java.lang.System;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.Security;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.function.Supplier;
import org.omnifaces.eleos.config.factory.DefaultConfigFactory;
import org.omnifaces.eleos.config.factory.DefaultConfigParser;
import org.omnifaces.eleos.config.helper.Caller;
import org.omnifaces.eleos.services.DefaultAuthenticationService;
import org.omnifaces.eleos.services.InMemoryStore;

/* loaded from: input_file:cloud/piranha/extension/eleos/AuthenticationInitializer.class */
public class AuthenticationInitializer implements ServletContainerInitializer {
    public static final String AUTH_MODULE_CLASS = AuthenticationInitializer.class.getName() + ".auth.module.class";
    public static final String AUTH_SERVICE = AuthenticationInitializer.class.getName() + ".auth.service";
    public static final System.Logger LOGGER = System.getLogger(AuthenticationInitializer.class.getName());

    @Override // jakarta.servlet.ServletContainerInitializer
    public void onStartup(Set<Class<?>> set, ServletContext servletContext) throws ServletException {
        LOGGER.log(System.Logger.Level.DEBUG, "Initializing Eleos");
        String str = servletContext.getVirtualServerName() + " " + servletContext.getContextPath();
        Security.setProperty(AuthConfigFactory.DEFAULT_FACTORY_SECURITY_PROPERTY, DefaultConfigFactory.class.getName());
        HashMap hashMap = new HashMap();
        Class<?> authModuleClass = getAuthModuleClass(servletContext, hashMap);
        DefaultConfigParser defaultConfigParser = new DefaultConfigParser(authModuleClass);
        hashMap.put("authModuleId", authModuleClass.getSimpleName());
        DefaultAuthenticationService defaultAuthenticationService = new DefaultAuthenticationService(str, hashMap, defaultConfigParser, null);
        servletContext.setAttribute(AUTH_SERVICE, defaultAuthenticationService);
        initIdentityStore(servletContext);
        setUsernamePasswordLoginHandler(servletContext, defaultAuthenticationService);
        addFilter(servletContext, AuthenticationFilter.class);
    }

    private void setUsernamePasswordLoginHandler(ServletContext servletContext, DefaultAuthenticationService defaultAuthenticationService) {
        ((SecurityManager) ((WebApplication) servletContext).getManager(SecurityManager.class)).setUsernamePasswordLoginHandler((httpServletRequest, str, str2) -> {
            return callerToIdentity(defaultAuthenticationService.login(str, str2));
        });
    }

    private AuthenticatedIdentity callerToIdentity(Caller caller) {
        if (caller == null) {
            return null;
        }
        return new DefaultAuthenticatedIdentity(caller.getCallerPrincipal(), caller.getGroups());
    }

    private Class<?> getAuthModuleClass(ServletContext servletContext, Map<String, Object> map) {
        Class<?> cls = (Class) servletContext.getAttribute(AUTH_MODULE_CLASS);
        if (cls == null) {
            cls = DoNothingServerAuthModule.class;
            WebXmlLoginConfig loginConfig = getLoginConfig(servletContext);
            if (loginConfig != null) {
                map.put("authMethod", loginConfig.authMethod());
                map.put("realmName", loginConfig.realmName());
                map.put("formLoginPage", loginConfig.formLoginPage());
                map.put("formErrorPage", loginConfig.formErrorPage());
            }
        }
        return cls;
    }

    private WebXmlLoginConfig getLoginConfig(ServletContext servletContext) {
        WebXml webXml = ((WebXmlManager) servletContext.getAttribute(WebXmlManager.KEY)).getWebXml();
        Objects.requireNonNull(webXml);
        if (isAnyNull(() -> {
            return webXml;
        }, webXml::getLoginConfig, () -> {
            return webXml.getLoginConfig().authMethod();
        })) {
            return null;
        }
        return webXml.getLoginConfig();
    }

    void initIdentityStore(ServletContext servletContext) throws ServletException {
        try {
            String property = System.getProperty("io.piranha.identitystore.callers");
            if (property == null) {
                InputStream resourceAsStream = servletContext.getResourceAsStream("WEB-INF/piranha-callers.xml");
                if (resourceAsStream != null) {
                    property = new String(resourceAsStream.readAllBytes(), StandardCharsets.UTF_8);
                }
                if (property == null) {
                    Path path = Paths.get("etc/piranha-callers.xml", new String[0]);
                    if (Files.exists(path, new LinkOption[0])) {
                        property = Files.readString(path);
                    }
                }
            }
            InMemoryStore.initFromString(property);
        } catch (IOException e) {
            throw new ServletException(e);
        }
    }

    @SafeVarargs
    private boolean isAnyNull(Supplier<Object>... supplierArr) {
        return Arrays.stream(supplierArr).anyMatch(supplier -> {
            return supplier.get() == null;
        });
    }

    private void addFilter(ServletContext servletContext, Class<?> cls) {
        servletContext.addFilter(cls.getSimpleName(), (Class<? extends Filter>) cls).setAsyncSupported(true);
        ((WebApplication) servletContext).addFilterMapping(cls.getSimpleName(), "/*");
    }
}
