package org.apache.catalina.authenticator.jaspic;

import java.io.IOException;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.message.AuthException;
import javax.security.auth.message.AuthStatus;
import javax.security.auth.message.config.AuthConfigFactory;
import javax.security.auth.message.config.AuthConfigProvider;
import javax.security.auth.message.config.RegistrationListener;
import javax.security.auth.message.config.ServerAuthConfig;
import javax.servlet.http.HttpServletResponse;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.authenticator.AuthenticatorBase;
import org.apache.catalina.connector.Request;
import org.apache.catalina.realm.GenericPrincipal;
import org.apache.catalina.servlets.WebdavStatus;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.res.StringManager;

/* loaded from: input_file:org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.class */
public class JaspicAuthenticator extends AuthenticatorBase {
    private static final Log log = LogFactory.getLog(JaspicAuthenticator.class);
    protected static final StringManager sm = StringManager.getManager(JaspicAuthenticator.class);
    private static final String AUTH_TYPE = "JASPIC";
    public static final String MESSAGE_LAYER = "HttpServlet";
    private Subject serviceSubject;
    private Map<String, String> authProperties = new HashMap();
    private JaspicCallbackHandler callbackHandler;

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.catalina.authenticator.AuthenticatorBase, org.apache.catalina.valves.ValveBase, org.apache.catalina.util.LifecycleBase
    public synchronized void startInternal() throws LifecycleException {
        super.startInternal();
        this.serviceSubject = new Subject();
        this.callbackHandler = getJaspicCallbackHandler();
    }

    @Override // org.apache.catalina.authenticator.AuthenticatorBase, org.apache.catalina.Authenticator
    public boolean authenticate(Request request, HttpServletResponse httpServletResponse) throws IOException {
        if (checkForCachedAuthentication(request, httpServletResponse, true)) {
            return true;
        }
        MessageInfoImpl messageInfoImpl = new MessageInfoImpl(request, httpServletResponse, true);
        AuthConfigFactory factory = AuthConfigFactory.getFactory();
        String appContextId = getAppContextId(request);
        AuthConfigProvider configProvider = factory.getConfigProvider(MESSAGE_LAYER, appContextId, (RegistrationListener) null);
        if (configProvider == null) {
            handleUnauthorizedRequest(httpServletResponse, null);
            return false;
        }
        Subject subject = new Subject();
        try {
            ServerAuthConfig serverAuthConfig = configProvider.getServerAuthConfig(MESSAGE_LAYER, appContextId, this.callbackHandler);
            if (serverAuthConfig.getAuthContext(serverAuthConfig.getAuthContextID(messageInfoImpl), this.serviceSubject, this.authProperties).validateRequest(messageInfoImpl, subject, this.serviceSubject) != AuthStatus.SUCCESS) {
                return false;
            }
            GenericPrincipal principal = getPrincipal(subject);
            if (principal == null) {
                return true;
            }
            register(request, httpServletResponse, principal, AUTH_TYPE, null, null);
            return true;
        } catch (AuthException e) {
            handleUnauthorizedRequest(httpServletResponse, e);
            return false;
        }
    }

    private GenericPrincipal getPrincipal(Subject subject) {
        if (subject == null) {
            return null;
        }
        Set privateCredentials = subject.getPrivateCredentials(GenericPrincipal.class);
        if (privateCredentials.isEmpty()) {
            return null;
        }
        return (GenericPrincipal) privateCredentials.iterator().next();
    }

    private void handleUnauthorizedRequest(HttpServletResponse httpServletResponse, AuthException authException) throws IOException {
        httpServletResponse.sendError(WebdavStatus.SC_UNAUTHORIZED);
        if (log.isDebugEnabled()) {
            log.debug(sm.getString("authenticator.jaspic.unauthorized"), authException);
        }
    }

    private String getAppContextId(Request request) {
        return request.getServletContext().getVirtualServerName() + " " + request.getContextPath();
    }

    private JaspicCallbackHandler getJaspicCallbackHandler() {
        return new JaspicCallbackHandler(this.container.getRealm());
    }

    @Override // org.apache.catalina.authenticator.AuthenticatorBase
    protected String getAuthMethod() {
        return this.context.getLoginConfig().getAuthMethod();
    }

    public void setProperty(String str, String str2) {
        this.authProperties.put(str, str2);
    }

    public Map<String, String> getAuthProperties() {
        return Collections.unmodifiableMap(this.authProperties);
    }
}
