package cloud.piranha.webapp.impl;

import cloud.piranha.webapp.api.SecurityManager;
import cloud.piranha.webapp.api.WebApplication;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletRequestWrapper;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Set;

/* loaded from: input_file:cloud/piranha/webapp/impl/DefaultSecurityManager.class */
public class DefaultSecurityManager implements SecurityManager {
    protected boolean denyUncoveredHttpMethods = false;
    protected final HashMap<String, String> logins = new HashMap<>();
    protected ArrayList<String> roles = new ArrayList<>();
    protected final HashMap<String, String[]> userRoles = new HashMap<>();
    protected WebApplication webApplication;

    public void addUser(String str, String str2, String... strArr) {
        this.logins.put(str, str2);
        if (strArr != null) {
            this.userRoles.put(str, strArr);
        }
    }

    public void addUserRole(String str, String... strArr) {
        if (strArr != null) {
            this.userRoles.put(str, strArr);
        }
    }

    public boolean authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        boolean z = false;
        if (httpServletRequest.getAuthType() != null) {
            if (httpServletRequest.getAuthType().equals("BASIC")) {
                throw new ServletException("Basic auth is not supported");
            }
            if (httpServletRequest.getAuthType().equals("CLIENT_CERT")) {
                throw new ServletException("Client cert auth is not supported");
            }
            if (httpServletRequest.getAuthType().equals("DIGEST")) {
                throw new ServletException("Digest auth is not supported");
            }
            if (httpServletRequest.getAuthType().equals("FORM")) {
                login(httpServletRequest, httpServletRequest.getParameter("j_username"), httpServletRequest.getParameter("j_password"));
                if (httpServletRequest.getUserPrincipal() != null) {
                    z = true;
                }
            }
        }
        return z;
    }

    public void declareRoles(String[] strArr) {
        this.roles.addAll(Arrays.asList(strArr));
    }

    public Set<String> getRoles() {
        return new HashSet(this.roles);
    }

    public boolean getDenyUncoveredHttpMethods() {
        return this.denyUncoveredHttpMethods;
    }

    public WebApplication getWebApplication() {
        return this.webApplication;
    }

    public boolean isUserInRole(HttpServletRequest httpServletRequest, String str) {
        String[] strArr;
        boolean z = false;
        if (httpServletRequest.getRemoteUser() != null && (strArr = this.userRoles.get(httpServletRequest.getRemoteUser())) != null) {
            int length = strArr.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                if (strArr[i].equals(str)) {
                    z = true;
                    break;
                }
                i++;
            }
        }
        return z;
    }

    public void login(HttpServletRequest httpServletRequest, String str, String str2) throws ServletException {
        if (!this.logins.containsKey(str) || str2 == null || !str2.equals(this.logins.get(str))) {
            throw new ServletException("Unable to login using the given username and password");
        }
        while (true) {
            HttpServletRequest httpServletRequest2 = httpServletRequest;
            if (!(httpServletRequest2 instanceof HttpServletRequestWrapper)) {
                ((DefaultWebApplicationRequest) httpServletRequest).setUserPrincipal(new DefaultSecurityPrincipal(str));
                return;
            }
            httpServletRequest = (HttpServletRequest) ((HttpServletRequestWrapper) httpServletRequest2).getRequest();
        }
    }

    public void logout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException {
    }

    public void removeUser(String str) {
        this.logins.remove(str);
        this.userRoles.remove(str);
    }

    public void setDenyUncoveredHttpMethods(boolean z) {
        this.denyUncoveredHttpMethods = z;
    }

    public void setWebApplication(WebApplication webApplication) {
        this.webApplication = webApplication;
    }
}
