package net.trajano.auth;

import java.io.IOException;
import java.net.URI;
import java.net.URLEncoder;
import java.security.Principal;
import java.util.Iterator;
import java.util.Map;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.message.AuthException;
import javax.security.auth.message.AuthStatus;
import javax.security.auth.message.MessageInfo;
import javax.security.auth.message.MessagePolicy;
import javax.security.auth.message.callback.CallerPrincipalCallback;
import javax.security.auth.message.callback.GroupPrincipalCallback;
import javax.security.auth.message.config.ServerAuthContext;
import javax.security.auth.message.module.ServerAuthModule;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.core.UriBuilder;

/* loaded from: input_file:net/trajano/auth/TestServerAuthModule.class */
public class TestServerAuthModule implements ServerAuthModule, ServerAuthContext {
    private static final String[] GROUPS = {"authenticated"};
    private static final Logger LOG = Logger.getLogger(TestServerAuthModule.class.getName());
    public static final String LOGIN_ENDPOINT = "/j_security_check";
    public static final String LOGOUT_ENDPOINT = "/j_logout";
    public static final String POST_LOGOUT_REDIRECT_URI = "post_logout_redirect_uri";
    public static final String STATE = "state";
    public static final String SUBJECT_COOKIE_KEY = "X-Subject";
    private CallbackHandler handler;
    private boolean mandatory;

    private static String getSubject(HttpServletRequest httpServletRequest) {
        String str = null;
        if (httpServletRequest.getCookies() != null) {
            for (Cookie cookie : httpServletRequest.getCookies()) {
                if ("X-Subject".equals(cookie.getName())) {
                    str = cookie.getValue();
                }
            }
        }
        return str;
    }

    private static AuthStatus handleLoginEndpoint(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, AuthException, IOException {
        if (!httpServletRequest.isSecure()) {
            throw new AuthException("Secure connection is required");
        }
        String parameter = httpServletRequest.getParameter("state");
        if (parameter == null) {
            throw new AuthException("missing 'state' parameter");
        }
        URI normalize = URI.create(parameter).normalize();
        validateStateUri(normalize);
        if ("GET".equals(httpServletRequest.getMethod())) {
            return handleLoginGet(httpServletRequest, httpServletResponse);
        }
        if ("POST".equals(httpServletRequest.getMethod())) {
            return handleLoginPost(httpServletRequest, httpServletResponse, normalize);
        }
        throw new AuthException("unsupported method");
    }

    private static AuthStatus handleLoginGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        httpServletRequest.getRequestDispatcher("/WEB-INF/login.jsp").forward(httpServletRequest, httpServletResponse);
        return AuthStatus.SEND_SUCCESS;
    }

    private static AuthStatus handleLoginPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, URI uri) throws ServletException, IOException, AuthException {
        Cookie cookie = new Cookie("X-Subject", UriBuilder.fromUri("https://test-server-auth-module").userInfo(httpServletRequest.getParameter("j_username")).build(new Object[0]).toASCIIString());
        cookie.setSecure(true);
        cookie.setHttpOnly(true);
        httpServletResponse.addCookie(cookie);
        httpServletResponse.sendRedirect(URI.create(httpServletRequest.getContextPath() + uri.toASCIIString()).normalize().toASCIIString());
        return AuthStatus.SEND_SUCCESS;
    }

    private static AuthStatus handleLogoutEndpoint(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthException, ServletException, IOException {
        String parameter = httpServletRequest.getParameter("post_logout_redirect_uri");
        if (parameter == null) {
            throw new AuthException("missing post_logout_redirect_uri");
        }
        String aSCIIString = URI.create(parameter).normalize().toASCIIString();
        if (!aSCIIString.startsWith(URI.create(httpServletRequest.getRequestURL().toString()).resolve(httpServletRequest.getContextPath()).toASCIIString())) {
            throw new AuthException("invalid post_logout_redirect_uri");
        }
        Cookie cookie = new Cookie("X-Subject", "");
        cookie.setMaxAge(0);
        cookie.setSecure(true);
        httpServletResponse.addCookie(cookie);
        httpServletResponse.sendRedirect(aSCIIString);
        return AuthStatus.SEND_SUCCESS;
    }

    private static AuthStatus handleRedirectToLoginEndpoint(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthException, ServletException, IOException {
        if (!"GET".equals(httpServletRequest.getMethod())) {
            throw new AuthException("Only 'GET' method is supported when redirecting to the endpoint");
        }
        StringBuilder sb = new StringBuilder(httpServletRequest.getRequestURI().substring(httpServletRequest.getContextPath().length()));
        if (httpServletRequest.getQueryString() != null) {
            sb.append('?');
            sb.append(httpServletRequest.getQueryString());
        }
        httpServletResponse.sendRedirect(URI.create(httpServletRequest.getContextPath() + "/j_security_check?state=" + URLEncoder.encode(sb.toString(), "US-ASCII")).normalize().toASCIIString());
        return AuthStatus.SEND_SUCCESS;
    }

    private static void validateStateUri(URI uri) throws AuthException {
        if (uri.isAbsolute()) {
            throw new AuthException("'state' must not be an absolute URI");
        }
        if (uri.getHost() != null) {
            throw new AuthException("'state' must not have a host component");
        }
        if (!uri.getPath().startsWith("/")) {
            throw new AuthException("'state' must start with '/'");
        }
        if (uri.getPath().contains("/..")) {
            throw new AuthException("'state' must not resolve to a parent path");
        }
    }

    public void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthException {
        String subject2 = getSubject((HttpServletRequest) messageInfo.getRequestMessage());
        Iterator<Principal> it = subject.getPrincipals().iterator();
        while (it.hasNext()) {
            Principal next = it.next();
            if ("authenticated".equals(next.getName())) {
                it.remove();
            }
            if (next.getName().equals(subject2)) {
                it.remove();
            }
        }
    }

    public Class[] getSupportedMessageTypes() {
        return new Class[]{HttpServletRequest.class, HttpServletResponse.class};
    }

    public void initialize(MessagePolicy messagePolicy, MessagePolicy messagePolicy2, CallbackHandler callbackHandler, Map map) throws AuthException {
        this.handler = callbackHandler;
        this.mandatory = messagePolicy.isMandatory();
    }

    public AuthStatus secureResponse(MessageInfo messageInfo, Subject subject) throws AuthException {
        return AuthStatus.SEND_SUCCESS;
    }

    public AuthStatus validateRequest(MessageInfo messageInfo, Subject subject, Subject subject2) throws AuthException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) messageInfo.getRequestMessage();
        HttpServletResponse httpServletResponse = (HttpServletResponse) messageInfo.getResponseMessage();
        try {
            String substring = httpServletRequest.getRequestURI().substring(httpServletRequest.getContextPath().length());
            if ("/j_security_check".equals(substring)) {
                return handleLoginEndpoint(httpServletRequest, httpServletResponse);
            }
            if ("/j_logout".equals(substring)) {
                return handleLogoutEndpoint(httpServletRequest, httpServletResponse);
            }
            if (!this.mandatory) {
                return AuthStatus.SUCCESS;
            }
            if (!httpServletRequest.isSecure()) {
                httpServletResponse.sendError(403, "SSL Required");
                return AuthStatus.SEND_FAILURE;
            }
            String subject3 = getSubject(httpServletRequest);
            if (subject3 == null) {
                return handleRedirectToLoginEndpoint(httpServletRequest, httpServletResponse);
            }
            this.handler.handle(new Callback[]{new CallerPrincipalCallback(subject, subject3), new GroupPrincipalCallback(subject, GROUPS)});
            return AuthStatus.SUCCESS;
        } catch (IOException | ServletException | UnsupportedCallbackException e) {
            LOG.throwing(TestServerAuthModule.class.getName(), "validateRequest", e);
            throw new AuthException(e.getMessage());
        }
    }
}
