package net.trajano.auth;

import java.io.IOException;
import java.text.MessageFormat;
import java.util.Enumeration;
import java.util.LinkedList;
import java.util.Map;
import java.util.ResourceBundle;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.message.AuthException;
import javax.security.auth.message.AuthStatus;
import javax.security.auth.message.MessageInfo;
import javax.security.auth.message.MessagePolicy;
import javax.security.auth.message.callback.CallerPrincipalCallback;
import javax.security.auth.message.callback.GroupPrincipalCallback;
import javax.security.auth.message.config.ServerAuthContext;
import javax.security.auth.message.module.ServerAuthModule;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:net/trajano/auth/HttpHeaderAuthModule.class */
public class HttpHeaderAuthModule implements ServerAuthModule, ServerAuthContext {
    private static final String GROUP_HEADER_KEY = "group_header";
    public static final String USERNAME_HEADER_KEY = "username_header";
    private String groupHeader;
    private CallbackHandler handler;
    private boolean mandatory;
    private String userNameHeader;
    private static final String MESSAGES = "META-INF/Messages";
    private static final Logger LOG = Logger.getLogger("net.trajano.auth.httpheadersam", MESSAGES);
    private static final ResourceBundle R = ResourceBundle.getBundle(MESSAGES);

    public void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthException {
    }

    public Class[] getSupportedMessageTypes() {
        return new Class[]{HttpServletRequest.class, HttpServletResponse.class};
    }

    private String[] groups(HttpServletRequest httpServletRequest) {
        if (this.groupHeader == null) {
            return new String[]{"users"};
        }
        LinkedList linkedList = new LinkedList();
        Enumeration headers = httpServletRequest.getHeaders(this.groupHeader);
        while (headers.hasMoreElements()) {
            for (String str : ((String) headers.nextElement()).split(",")) {
                linkedList.add(str.trim());
            }
        }
        return (String[]) linkedList.toArray(new String[0]);
    }

    public void initialize(MessagePolicy messagePolicy, MessagePolicy messagePolicy2, CallbackHandler callbackHandler, Map map) throws AuthException {
        this.handler = callbackHandler;
        this.mandatory = messagePolicy.isMandatory();
        this.userNameHeader = (String) map.get(USERNAME_HEADER_KEY);
        if (this.userNameHeader == null) {
            LOG.log(Level.SEVERE, "missingOption", USERNAME_HEADER_KEY);
            throw new AuthException(MessageFormat.format(R.getString("missingOption"), USERNAME_HEADER_KEY));
        }
        this.groupHeader = (String) map.get(GROUP_HEADER_KEY);
    }

    public AuthStatus secureResponse(MessageInfo messageInfo, Subject subject) throws AuthException {
        return AuthStatus.SEND_SUCCESS;
    }

    public AuthStatus validateRequest(MessageInfo messageInfo, Subject subject, Subject subject2) throws AuthException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) messageInfo.getRequestMessage();
        HttpServletResponse httpServletResponse = (HttpServletResponse) messageInfo.getResponseMessage();
        try {
            if (!this.mandatory && !httpServletRequest.isSecure()) {
                return AuthStatus.SUCCESS;
            }
            if (!httpServletRequest.isSecure()) {
                httpServletResponse.sendError(403, R.getString("SSLReq"));
                return AuthStatus.SEND_FAILURE;
            }
            String header = httpServletRequest.getHeader(this.userNameHeader);
            if (header == null && this.mandatory) {
                return AuthStatus.FAILURE;
            }
            if (header == null && !this.mandatory) {
                return AuthStatus.SUCCESS;
            }
            this.handler.handle(new Callback[]{new CallerPrincipalCallback(subject, header), new GroupPrincipalCallback(subject, groups(httpServletRequest))});
            return AuthStatus.SUCCESS;
        } catch (IOException | UnsupportedCallbackException e) {
            LOG.throwing(getClass().getName(), "validateRequest", e);
            throw new AuthException(e.getMessage());
        }
    }
}
