package org.apache.tomee.security;

import java.security.Principal;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Map;
import java.util.Set;
import javax.annotation.PostConstruct;
import javax.security.auth.Subject;
import javax.security.auth.message.AuthException;
import javax.security.auth.message.AuthStatus;
import javax.security.auth.message.config.AuthConfigFactory;
import javax.security.auth.message.config.RegistrationListener;
import javax.security.auth.message.config.ServerAuthContext;
import javax.security.enterprise.AuthenticationStatus;
import javax.security.enterprise.SecurityContext;
import javax.security.enterprise.authentication.mechanism.http.AuthenticationParameters;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.catalina.authenticator.jaspic.CallbackHandlerImpl;
import org.apache.catalina.connector.Request;
import org.apache.catalina.realm.GenericPrincipal;
import org.apache.openejb.core.security.JaccProvider;
import org.apache.openejb.loader.SystemInstance;
import org.apache.openejb.spi.SecurityService;
import org.apache.openejb.util.JavaSecurityManagers;
import org.apache.tomee.catalina.Contexts;
import org.apache.tomee.catalina.OpenEJBSecurityListener;
import org.apache.tomee.catalina.TomcatSecurityService;
import org.apache.tomee.security.message.TomEEMessageInfo;

/* loaded from: input_file:lib/tomee-security-8.0.15.jar:org/apache/tomee/security/TomEESecurityContext.class */
public class TomEESecurityContext implements SecurityContext {
    private TomcatSecurityService securityService;
    private JaccProvider jaccProvider;

    @PostConstruct
    private void init() {
        SecurityService securityService = (SecurityService) SystemInstance.get().getComponent(SecurityService.class);
        if (securityService instanceof TomcatSecurityService) {
            this.securityService = (TomcatSecurityService) securityService;
        }
        this.jaccProvider = JaccProvider.get();
    }

    @Override // javax.security.enterprise.SecurityContext
    public Principal getCallerPrincipal() {
        return this.securityService.getCallerPrincipal();
    }

    @Override // javax.security.enterprise.SecurityContext
    public <T extends Principal> Set<T> getPrincipalsByType(Class<T> cls) {
        return this.securityService.getPrincipalsByType(cls);
    }

    @Override // javax.security.enterprise.SecurityContext
    public boolean isCallerInRole(String str) {
        return this.securityService.isCallerInRole(str);
    }

    @Override // javax.security.enterprise.SecurityContext
    public boolean hasAccessToWebResource(String str, String... strArr) {
        return this.jaccProvider.hasAccessToWebResource(str, strArr);
    }

    @Override // javax.security.enterprise.SecurityContext
    public AuthenticationStatus authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationParameters authenticationParameters) {
        try {
            return mapToAuthenticationStatus(getServerAuthContext(httpServletRequest).validateRequest(new TomEEMessageInfo(httpServletRequest, httpServletResponse, true, authenticationParameters), new Subject(), (Subject) null));
        } catch (AuthException e) {
            return AuthenticationStatus.SEND_FAILURE;
        }
    }

    private AuthenticationStatus mapToAuthenticationStatus(AuthStatus authStatus) {
        if (AuthStatus.SUCCESS.equals(authStatus)) {
            return AuthenticationStatus.SUCCESS;
        }
        if (AuthStatus.SEND_FAILURE.equals(authStatus)) {
            return AuthenticationStatus.SEND_FAILURE;
        }
        if (AuthStatus.SEND_CONTINUE.equals(authStatus)) {
            return AuthenticationStatus.SEND_CONTINUE;
        }
        throw new IllegalArgumentException();
    }

    private ServerAuthContext getServerAuthContext(HttpServletRequest httpServletRequest) throws AuthException {
        String appContext = Contexts.toAppContext(httpServletRequest.getServletContext(), httpServletRequest.getContextPath());
        return AuthConfigFactory.getFactory().getConfigProvider("HttpServlet", appContext, (RegistrationListener) null).getServerAuthConfig("HttpServlet", appContext, new CallbackHandlerImpl()).getAuthContext((String) null, (Subject) null, (Map) null);
    }

    public static void registerContainerAboutLogin(Principal principal, Set<String> set) {
        SecurityService securityService = (SecurityService) SystemInstance.get().getComponent(SecurityService.class);
        if (securityService instanceof TomcatSecurityService) {
            TomcatSecurityService tomcatSecurityService = (TomcatSecurityService) securityService;
            Request request = OpenEJBSecurityListener.requests.get();
            GenericPrincipal genericPrincipal = new GenericPrincipal(principal.getName(), (String) null, set == null ? Collections.emptyList() : new ArrayList(set), principal);
            JavaSecurityManagers.setContextID(Contexts.toAppContext(request.getServletContext(), request.getContextPath()));
            tomcatSecurityService.enterWebApp(request.getWrapper().getRealm(), genericPrincipal, request.getWrapper().getRunAs());
        }
    }
}
