package cloud.piranha.security.jakarta;

import cloud.piranha.DefaultAuthenticatedIdentity;
import cloud.piranha.DefaultWebApplicationRequest;
import cloud.piranha.api.AuthenticatedIdentity;
import cloud.piranha.api.SecurityManager;
import cloud.piranha.api.WebApplication;
import cloud.piranha.security.elios.AuthenticationInitializer;
import cloud.piranha.security.exousia.AuthorizationPreInitializer;
import java.io.IOException;
import java.security.Principal;
import java.util.Set;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.omnifaces.eleos.config.helper.Caller;
import org.omnifaces.eleos.services.DefaultAuthenticationService;
import org.omnifaces.exousia.AuthorizationService;

/* loaded from: input_file:cloud/piranha/security/jakarta/JakartaSecurityManager.class */
public class JakartaSecurityManager implements SecurityManager {
    private SecurityManager.UsernamePasswordLoginHandler usernamePasswordLoginHandler;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:cloud/piranha/security/jakarta/JakartaSecurityManager$MarkerPrincipal.class */
    public class MarkerPrincipal implements Principal {
        private final String name;

        public MarkerPrincipal(String str) {
            this.name = str;
        }

        @Override // java.security.Principal
        public String getName() {
            return this.name;
        }
    }

    public void declareRoles(String[] strArr) {
    }

    public boolean isRequestSecurityAsRequired(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        return getAuthorizationService(httpServletRequest).checkWebUserDataPermission(httpServletRequest);
    }

    public boolean isRequestedResourcePublic(HttpServletRequest httpServletRequest) {
        return getAuthorizationService(httpServletRequest).checkPublicWebResourcePermission(httpServletRequest);
    }

    public boolean isCallerAuthorizedForResource(HttpServletRequest httpServletRequest) {
        return getAuthorizationService(httpServletRequest).checkWebResourcePermission(httpServletRequest);
    }

    public boolean authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        return authenticate(httpServletRequest, httpServletResponse, SecurityManager.AuthenticateSource.MID_REQUEST_USER);
    }

    public boolean authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SecurityManager.AuthenticateSource authenticateSource) throws IOException, ServletException {
        DefaultAuthenticationService defaultAuthenticationService = (DefaultAuthenticationService) httpServletRequest.getServletContext().getAttribute(AuthenticationInitializer.AUTH_SERVICE);
        Caller caller = null;
        HttpSession session = httpServletRequest.getSession(false);
        if (session != null) {
            caller = (Caller) session.getAttribute(".caller");
            if (caller != null) {
                ((DefaultWebApplicationRequest) httpServletRequest).setUserPrincipal(new MarkerPrincipal(caller.getName()));
            }
        }
        Caller validateRequest = defaultAuthenticationService.validateRequest(httpServletRequest, httpServletResponse, authenticateSource == SecurityManager.AuthenticateSource.MID_REQUEST_USER, authenticateSource == SecurityManager.AuthenticateSource.MID_REQUEST_USER ? true : !isRequestedResourcePublic(httpServletRequest));
        if (validateRequest == null) {
            return false;
        }
        if (validateRequest.getCallerPrincipal() instanceof MarkerPrincipal) {
            validateRequest = caller;
        }
        if (defaultAuthenticationService.mustRegisterSession(httpServletRequest, httpServletResponse)) {
            httpServletRequest.getSession().setAttribute(".caller", validateRequest);
        }
        setIdentityForCurrentRequest(httpServletRequest, validateRequest.getCallerPrincipal(), validateRequest.getGroups());
        return true;
    }

    public void login(HttpServletRequest httpServletRequest, String str, String str2) throws ServletException {
        AuthenticatedIdentity login = this.usernamePasswordLoginHandler.login(httpServletRequest, str, str2);
        if (login == null) {
            throw new ServletException();
        }
        setIdentityForCurrentRequest(httpServletRequest, login.getCallerPrincipal(), login.getGroups());
    }

    private void setIdentityForCurrentRequest(HttpServletRequest httpServletRequest, Principal principal, Set<String> set) {
        Principal principal2 = principal == null ? null : principal.getName() == null ? null : principal;
        ((DefaultWebApplicationRequest) httpServletRequest).setUserPrincipal(principal2);
        DefaultAuthenticatedIdentity.setCurrentIdentity(principal2, set);
    }

    public HttpServletRequest getAuthenticatedRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return getAuthenticationService(httpServletRequest).getWrappedRequestIfSet(httpServletRequest, httpServletResponse);
    }

    public HttpServletResponse getAuthenticatedResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return getAuthenticationService(httpServletRequest).getWrappedResponseIfSet(httpServletRequest, httpServletResponse);
    }

    public void postRequestProcess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        getAuthenticationService(httpServletRequest).secureResponse(httpServletRequest, httpServletResponse);
    }

    public boolean isUserInRole(HttpServletRequest httpServletRequest, String str) {
        return DefaultAuthenticatedIdentity.getCurrentIdentity().getGroups().stream().anyMatch(str2 -> {
            return str2.equals(str);
        });
    }

    public void logout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException {
        getAuthenticationService(httpServletRequest).clearSubject(httpServletRequest, httpServletResponse, DefaultAuthenticatedIdentity.getCurrentSubject());
        DefaultAuthenticatedIdentity.clear();
    }

    public WebApplication getWebApplication() {
        return null;
    }

    public void setWebApplication(WebApplication webApplication) {
    }

    public void setUsernamePasswordLoginHandler(SecurityManager.UsernamePasswordLoginHandler usernamePasswordLoginHandler) {
        this.usernamePasswordLoginHandler = usernamePasswordLoginHandler;
    }

    protected DefaultAuthenticationService getAuthenticationService(HttpServletRequest httpServletRequest) {
        return (DefaultAuthenticationService) httpServletRequest.getServletContext().getAttribute(AuthenticationInitializer.AUTH_SERVICE);
    }

    protected AuthorizationService getAuthorizationService(HttpServletRequest httpServletRequest) {
        return (AuthorizationService) httpServletRequest.getServletContext().getAttribute(AuthorizationPreInitializer.AUTHZ_SERVICE);
    }

    public boolean getDenyUncoveredHttpMethods() {
        throw new UnsupportedOperationException("Not supported yet.");
    }

    public void setDenyUncoveredHttpMethods(boolean z) {
        throw new UnsupportedOperationException("Not supported yet.");
    }
}
