package net.officefloor.web.security.scheme;

import net.officefloor.server.http.HttpException;
import net.officefloor.web.security.HttpAccessControl;
import net.officefloor.web.security.HttpAuthentication;
import net.officefloor.web.security.HttpCredentials;
import net.officefloor.web.security.store.CredentialStore;
import net.officefloor.web.security.store.CredentialStoreUtil;
import net.officefloor.web.session.HttpSession;
import net.officefloor.web.spi.security.AuthenticateContext;
import net.officefloor.web.spi.security.AuthenticationContext;
import net.officefloor.web.spi.security.ChallengeContext;
import net.officefloor.web.spi.security.HttpSecurity;
import net.officefloor.web.spi.security.HttpSecurityContext;
import net.officefloor.web.spi.security.LogoutContext;
import net.officefloor.web.spi.security.RatifyContext;
import net.officefloor.web.spi.security.impl.AbstractHttpSecuritySource;

/* loaded from: input_file:officeweb_security-3.15.0.jar:net/officefloor/web/security/scheme/FormHttpSecuritySource.class */
public class FormHttpSecuritySource extends AbstractHttpSecuritySource<HttpAuthentication<HttpCredentials>, HttpAccessControl, HttpCredentials, Dependencies, Flows> {
    public static final String PROPERTY_REALM = "realm";
    private static final String SESSION_ATTRIBUTE_HTTP_SECURITY = "http.security.form";
    private String realm;

    /* loaded from: input_file:officeweb_security-3.15.0.jar:net/officefloor/web/security/scheme/FormHttpSecuritySource$Dependencies.class */
    public enum Dependencies {
        CREDENTIAL_STORE
    }

    /* loaded from: input_file:officeweb_security-3.15.0.jar:net/officefloor/web/security/scheme/FormHttpSecuritySource$Flows.class */
    public enum Flows {
        FORM_LOGIN_PAGE
    }

    /* loaded from: input_file:officeweb_security-3.15.0.jar:net/officefloor/web/security/scheme/FormHttpSecuritySource$FormHttpSecurity.class */
    private class FormHttpSecurity implements HttpSecurity<HttpAuthentication<HttpCredentials>, HttpAccessControl, HttpCredentials, Dependencies, Flows> {
        private final String realm;

        private FormHttpSecurity(String str) {
            this.realm = str;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // net.officefloor.web.spi.security.HttpSecurity
        public HttpAuthentication<HttpCredentials> createAuthentication(AuthenticationContext<HttpAccessControl, HttpCredentials> authenticationContext) {
            HttpAuthenticationImpl httpAuthenticationImpl = new HttpAuthenticationImpl(authenticationContext, HttpCredentials.class);
            httpAuthenticationImpl.authenticate(null, null);
            return httpAuthenticationImpl;
        }

        @Override // net.officefloor.web.spi.security.HttpSecurity
        public boolean ratify(HttpCredentials httpCredentials, RatifyContext<HttpAccessControl> ratifyContext) {
            HttpAccessControl httpAccessControl = (HttpAccessControl) ratifyContext.getSession().getAttribute(ratifyContext.getQualifiedAttributeName(FormHttpSecuritySource.SESSION_ATTRIBUTE_HTTP_SECURITY));
            if (httpAccessControl == null) {
                return httpCredentials != null;
            }
            ratifyContext.accessControlChange(httpAccessControl, null);
            return false;
        }

        @Override // net.officefloor.web.spi.security.HttpSecurity
        public void authenticate(HttpCredentials httpCredentials, AuthenticateContext<HttpAccessControl, Dependencies, Flows> authenticateContext) throws HttpException {
            String username;
            byte[] password;
            HttpSession session = authenticateContext.getSession();
            if (httpCredentials == null || (username = httpCredentials.getUsername()) == null || (password = httpCredentials.getPassword()) == null) {
                return;
            }
            HttpAccessControl authenticate = FormHttpSecuritySource.this.authenticate(username, this.realm, password, (CredentialStore) authenticateContext.getObject(Dependencies.CREDENTIAL_STORE));
            if (authenticate == null) {
                return;
            }
            session.setAttribute(authenticateContext.getQualifiedAttributeName(FormHttpSecuritySource.SESSION_ATTRIBUTE_HTTP_SECURITY), authenticate);
            authenticateContext.accessControlChange(authenticate, null);
        }

        @Override // net.officefloor.web.spi.security.HttpSecurity
        public void challenge(ChallengeContext<Dependencies, Flows> challengeContext) throws HttpException {
            challengeContext.doFlow(Flows.FORM_LOGIN_PAGE, null, null);
        }

        @Override // net.officefloor.web.spi.security.HttpSecurity
        public void logout(LogoutContext<Dependencies, Flows> logoutContext) throws HttpException {
            logoutContext.getSession().removeAttribute(logoutContext.getQualifiedAttributeName(FormHttpSecuritySource.SESSION_ATTRIBUTE_HTTP_SECURITY));
        }
    }

    protected HttpAccessControl authenticate(String str, String str2, byte[] bArr, CredentialStore credentialStore) throws HttpException {
        return CredentialStoreUtil.authenticate(str, str2, bArr, "Form", credentialStore);
    }

    @Override // net.officefloor.web.spi.security.impl.AbstractHttpSecuritySource
    protected void loadSpecification(AbstractHttpSecuritySource.SpecificationContext specificationContext) {
        specificationContext.addProperty("realm", "Realm");
    }

    @Override // net.officefloor.web.spi.security.impl.AbstractHttpSecuritySource
    protected void loadMetaData(AbstractHttpSecuritySource.MetaDataContext<HttpAuthentication<HttpCredentials>, HttpAccessControl, HttpCredentials, Dependencies, Flows> metaDataContext) throws Exception {
        this.realm = metaDataContext.getHttpSecuritySourceContext().getProperty("realm");
        metaDataContext.setAuthenticationClass(HttpAuthentication.class);
        metaDataContext.setAccessControlClass(HttpAccessControl.class);
        metaDataContext.setCredentialsClass(HttpCredentials.class);
        metaDataContext.addDependency(Dependencies.CREDENTIAL_STORE, CredentialStore.class);
        metaDataContext.addFlow(Flows.FORM_LOGIN_PAGE, null).setLabel("form");
    }

    @Override // net.officefloor.web.spi.security.HttpSecuritySource
    public HttpSecurity<HttpAuthentication<HttpCredentials>, HttpAccessControl, HttpCredentials, Dependencies, Flows> sourceHttpSecurity(HttpSecurityContext httpSecurityContext) throws HttpException {
        return new FormHttpSecurity(this.realm);
    }
}
