package cloud.piranha.extension.security.servlet;

import cloud.piranha.core.api.AuthenticatedIdentity;
import cloud.piranha.core.api.SecurityManager;
import cloud.piranha.core.api.WebApplication;
import cloud.piranha.core.api.WebApplicationRequest;
import cloud.piranha.core.impl.DefaultAuthenticatedIdentity;
import cloud.piranha.core.impl.DefaultServletEnvironment;
import cloud.piranha.extension.eleos.AuthenticationInitializer;
import cloud.piranha.extension.exousia.AuthorizationPreInitializer;
import jakarta.servlet.ServletConfig;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpSession;
import java.io.IOException;
import java.security.Principal;
import java.util.Arrays;
import java.util.Collection;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import org.glassfish.exousia.AuthorizationService;
import org.omnifaces.eleos.config.helper.Caller;
import org.omnifaces.eleos.services.DefaultAuthenticationService;

/* loaded from: input_file:cloud/piranha/extension/security/servlet/ServletSecurityManager.class */
public class ServletSecurityManager implements SecurityManager {
    protected String authMethod;
    protected boolean denyUncoveredHttpMethods;
    protected String formErrorPage;
    protected String formLoginPage;
    protected String realmName;
    protected final Set<String> roles = ConcurrentHashMap.newKeySet();
    protected SecurityManager.UsernamePasswordLoginHandler usernamePasswordLoginHandler;
    protected WebApplication webApplication;

    @Override // cloud.piranha.core.api.SecurityManager
    public boolean authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        return authenticate(httpServletRequest, httpServletResponse, SecurityManager.AuthenticateSource.MID_REQUEST_USER);
    }

    @Override // cloud.piranha.core.api.SecurityManager
    public boolean authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SecurityManager.AuthenticateSource authenticateSource) throws IOException, ServletException {
        DefaultAuthenticationService defaultAuthenticationService = (DefaultAuthenticationService) httpServletRequest.getServletContext().getAttribute(AuthenticationInitializer.AUTH_SERVICE);
        Caller caller = null;
        HttpSession session = httpServletRequest.getSession(false);
        if (session != null) {
            caller = (Caller) session.getAttribute(".caller");
            if (caller != null) {
                ((WebApplicationRequest) httpServletRequest).setUserPrincipal(new ServletSecurityPrincipal(caller.getName()));
            }
        }
        boolean z = true;
        if (authenticateSource != SecurityManager.AuthenticateSource.MID_REQUEST_USER) {
            z = !isRequestedResourcePublic(httpServletRequest);
        }
        Caller validateRequest = defaultAuthenticationService.validateRequest(httpServletRequest, httpServletResponse, authenticateSource == SecurityManager.AuthenticateSource.MID_REQUEST_USER, z);
        if (validateRequest == null) {
            return false;
        }
        if (validateRequest.getCallerPrincipal() instanceof ServletSecurityPrincipal) {
            validateRequest = caller;
        }
        if (defaultAuthenticationService.mustRegisterSession(httpServletRequest, httpServletResponse)) {
            httpServletRequest.getSession().setAttribute(".caller", validateRequest);
        }
        if (validateRequest != null && validateRequest.getCallerPrincipal() != null) {
            setIdentityForCurrentRequest(httpServletRequest, validateRequest.getCallerPrincipal(), validateRequest.getGroups(), "authenticate");
        }
        return validateRequest != null;
    }

    @Override // cloud.piranha.core.api.SecurityManager
    public void declareRoles(String[] strArr) {
        this.roles.addAll(Arrays.asList(strArr));
    }

    @Override // cloud.piranha.core.api.SecurityManager
    public void declareRoles(Collection<String> collection) {
        if (collection == null) {
            return;
        }
        this.roles.addAll(collection);
    }

    @Override // cloud.piranha.core.api.SecurityManager
    public String getAuthMethod() {
        return this.authMethod;
    }

    @Override // cloud.piranha.core.api.SecurityManager
    public HttpServletRequest getAuthenticatedRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return getAuthenticationService(httpServletRequest).getWrappedRequestIfSet(httpServletRequest, httpServletResponse);
    }

    @Override // cloud.piranha.core.api.SecurityManager
    public HttpServletResponse getAuthenticatedResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return getAuthenticationService(httpServletRequest).getWrappedResponseIfSet(httpServletRequest, httpServletResponse);
    }

    protected DefaultAuthenticationService getAuthenticationService(HttpServletRequest httpServletRequest) {
        return (DefaultAuthenticationService) httpServletRequest.getServletContext().getAttribute(AuthenticationInitializer.AUTH_SERVICE);
    }

    protected AuthorizationService getAuthorizationService(HttpServletRequest httpServletRequest) {
        return (AuthorizationService) httpServletRequest.getServletContext().getAttribute(AuthorizationPreInitializer.AUTHZ_SERVICE);
    }

    @Override // cloud.piranha.core.api.SecurityManager
    public boolean getDenyUncoveredHttpMethods() {
        return this.denyUncoveredHttpMethods;
    }

    @Override // cloud.piranha.core.api.SecurityManager
    public String getFormErrorPage() {
        return this.formErrorPage;
    }

    @Override // cloud.piranha.core.api.SecurityManager
    public String getFormLoginPage() {
        return this.formLoginPage;
    }

    @Override // cloud.piranha.core.api.SecurityManager
    public String getRealmName() {
        return this.realmName;
    }

    @Override // cloud.piranha.core.api.SecurityManager
    public Set<String> getRoles() {
        return this.roles;
    }

    private String getServletName(HttpServletRequest httpServletRequest) {
        ServletConfig servletConfig = (ServletConfig) httpServletRequest.getAttribute(DefaultServletEnvironment.class.getName());
        return (servletConfig == null || servletConfig.getServletName() == null) ? "" : servletConfig.getServletName();
    }

    @Override // cloud.piranha.core.api.SecurityManager
    public boolean isRequestSecurityAsRequired(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        return getAuthorizationService(httpServletRequest).checkWebUserDataPermission(httpServletRequest);
    }

    @Override // cloud.piranha.core.api.SecurityManager
    public boolean isRequestedResourcePublic(HttpServletRequest httpServletRequest) {
        return getAuthorizationService(httpServletRequest).checkPublicWebResourcePermission(httpServletRequest);
    }

    @Override // cloud.piranha.core.api.SecurityManager
    public boolean isCallerAuthorizedForResource(HttpServletRequest httpServletRequest) {
        return getAuthorizationService(httpServletRequest).checkWebResourcePermission(httpServletRequest);
    }

    @Override // cloud.piranha.core.api.SecurityManager
    public boolean isUserInRole(HttpServletRequest httpServletRequest, String str) {
        return getAuthorizationService(httpServletRequest).checkWebRoleRefPermission(getServletName(httpServletRequest), str);
    }

    @Override // cloud.piranha.core.api.SecurityManager
    public void login(HttpServletRequest httpServletRequest, String str, String str2) throws ServletException {
        AuthenticatedIdentity login = this.usernamePasswordLoginHandler.login(httpServletRequest, str, str2);
        if (login == null) {
            throw new ServletException();
        }
        setIdentityForCurrentRequest(httpServletRequest, login.getCallerPrincipal(), login.getGroups(), "login");
    }

    @Override // cloud.piranha.core.api.SecurityManager
    public void postRequestProcess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        getAuthenticationService(httpServletRequest).secureResponse(httpServletRequest, httpServletResponse);
    }

    @Override // cloud.piranha.core.api.SecurityManager
    public void logout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException {
        getAuthenticationService(httpServletRequest).clearSubject(httpServletRequest, httpServletResponse, DefaultAuthenticatedIdentity.getCurrentSubject());
        WebApplicationRequest webApplicationRequest = (WebApplicationRequest) httpServletRequest;
        webApplicationRequest.setUserPrincipal(null);
        webApplicationRequest.setAuthType(null);
        DefaultAuthenticatedIdentity.clear();
    }

    @Override // cloud.piranha.core.api.SecurityManager
    public WebApplication getWebApplication() {
        return this.webApplication;
    }

    @Override // cloud.piranha.core.api.SecurityManager
    public void setWebApplication(WebApplication webApplication) {
        this.webApplication = webApplication;
    }

    @Override // cloud.piranha.core.api.SecurityManager
    public void setUsernamePasswordLoginHandler(SecurityManager.UsernamePasswordLoginHandler usernamePasswordLoginHandler) {
        this.usernamePasswordLoginHandler = usernamePasswordLoginHandler;
    }

    @Override // cloud.piranha.core.api.SecurityManager
    public void setDenyUncoveredHttpMethods(boolean z) {
        this.denyUncoveredHttpMethods = z;
    }

    private void setIdentityForCurrentRequest(HttpServletRequest httpServletRequest, Principal principal, Set<String> set, String str) {
        Principal principal2 = principal == null ? null : principal.getName() == null ? null : principal;
        WebApplicationRequest webApplicationRequest = (WebApplicationRequest) httpServletRequest;
        webApplicationRequest.setUserPrincipal(principal2);
        if (principal2 != null) {
            webApplicationRequest.setAuthType(str);
        }
        DefaultAuthenticatedIdentity.setCurrentIdentity(principal2, set);
    }

    @Override // cloud.piranha.core.api.SecurityManager
    public void setAuthMethod(String str) {
        this.authMethod = str;
    }

    @Override // cloud.piranha.core.api.SecurityManager
    public void setFormErrorPage(String str) {
        this.formErrorPage = str;
    }

    @Override // cloud.piranha.core.api.SecurityManager
    public void setFormLoginPage(String str) {
        this.formLoginPage = str;
    }

    @Override // cloud.piranha.core.api.SecurityManager
    public void setRealmName(String str) {
        this.realmName = str;
    }
}
