package org.forgerock.openam.rest;

import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.session.util.RestrictedTokenAction;
import com.sun.identity.session.util.RestrictedTokenContext;
import java.io.IOException;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import java.util.Map;
import javax.inject.Inject;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.message.AuthStatus;
import javax.security.auth.message.MessagePolicy;
import javax.security.auth.message.callback.CallerPrincipalCallback;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang.StringUtils;
import org.forgerock.caf.authentication.api.AsyncServerAuthModule;
import org.forgerock.caf.authentication.api.AuthenticationException;
import org.forgerock.caf.authentication.api.MessageInfoContext;
import org.forgerock.guice.core.InjectorHolder;
import org.forgerock.http.protocol.Request;
import org.forgerock.http.protocol.Response;
import org.forgerock.openam.authentication.service.AuthUtilsWrapper;
import org.forgerock.services.context.AttributesContext;
import org.forgerock.util.promise.Promise;
import org.forgerock.util.promise.Promises;

/* loaded from: input_file:org/forgerock/openam/rest/LocalSSOTokenSessionModule.class */
public class LocalSSOTokenSessionModule implements AsyncServerAuthModule {
    private static final String REQUESTER_URL_PARAM = "requester";
    private final AuthUtilsWrapper authUtilsWrapper;
    private volatile AuthnRequestUtils requestUtils;
    private volatile SSOTokenFactory factory;
    private CallbackHandler handler;

    @Inject
    public LocalSSOTokenSessionModule(AuthUtilsWrapper authUtilsWrapper) {
        this.authUtilsWrapper = authUtilsWrapper;
    }

    public LocalSSOTokenSessionModule(AuthnRequestUtils authnRequestUtils, SSOTokenFactory sSOTokenFactory, AuthUtilsWrapper authUtilsWrapper) {
        this.requestUtils = authnRequestUtils;
        this.factory = sSOTokenFactory;
        this.authUtilsWrapper = authUtilsWrapper;
    }

    private boolean isInitialised() {
        return (getFactory() == null || getRequestUtils() == null) ? false : true;
    }

    private synchronized void initDependencies() {
        if (isInitialised()) {
            return;
        }
        this.factory = (SSOTokenFactory) InjectorHolder.getInstance(SSOTokenFactory.class);
        this.requestUtils = (AuthnRequestUtils) InjectorHolder.getInstance(AuthnRequestUtils.class);
    }

    public String getModuleId() {
        return "OpenAM SSO Token Session Module";
    }

    public Promise<Void, AuthenticationException> initialize(MessagePolicy messagePolicy, MessagePolicy messagePolicy2, CallbackHandler callbackHandler, Map map) {
        this.handler = callbackHandler;
        return Promises.newResultPromise((Object) null);
    }

    public Collection<Class<?>> getSupportedMessageTypes() {
        return new HashSet(Arrays.asList(Request.class, Response.class));
    }

    public Promise<AuthStatus, AuthenticationException> validateRequest(final MessageInfoContext messageInfoContext, final Subject subject, Subject subject2) {
        if (!isInitialised()) {
            initDependencies();
        }
        final HttpServletRequest httpServletRequest = (HttpServletRequest) messageInfoContext.asContext(AttributesContext.class).getAttributes().get(HttpServletRequest.class.getName());
        String parameter = httpServletRequest.getParameter(REQUESTER_URL_PARAM);
        if (parameter != null) {
            try {
                SSOToken tokenFromId = getFactory().getTokenFromId(parameter);
                if (getFactory().isTokenValid(tokenFromId)) {
                    Object doUsing = RestrictedTokenContext.doUsing(tokenFromId, new RestrictedTokenAction() { // from class: org.forgerock.openam.rest.LocalSSOTokenSessionModule.1
                        public Object run() throws Exception {
                            return LocalSSOTokenSessionModule.this.validate(httpServletRequest, messageInfoContext, subject);
                        }
                    });
                    return doUsing instanceof Promise ? (Promise) doUsing : Promises.newResultPromise((AuthStatus) doUsing);
                }
            } catch (Exception e) {
                return Promises.newExceptionPromise(new AuthenticationException("An error occurred whilst trying to use restricted token."));
            }
        }
        return validate(httpServletRequest, messageInfoContext, subject);
    }

    private String getCookieHeaderName() {
        return this.authUtilsWrapper.getCookieName();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Promise<AuthStatus, AuthenticationException> validate(HttpServletRequest httpServletRequest, MessageInfoContext messageInfoContext, Subject subject) {
        SSOToken tokenFromId;
        String tokenId = getRequestUtils().getTokenId(httpServletRequest);
        if (StringUtils.isEmpty(tokenId)) {
            tokenId = httpServletRequest.getHeader(getCookieHeaderName());
        }
        if (StringUtils.isEmpty(tokenId) || (tokenFromId = getFactory().getTokenFromId(tokenId)) == null) {
            return Promises.newResultPromise(getInvalidSSOTokenAuthStatus());
        }
        try {
            int authLevel = tokenFromId.getAuthLevel();
            this.handler.handle(new Callback[]{new CallerPrincipalCallback(subject, tokenFromId.getPrincipal().getName())});
            subject.getPrincipals().add(tokenFromId.getPrincipal());
            Map map = (Map) messageInfoContext.getRequestContextMap().get("org.forgerock.authentication.context");
            map.put("authLevel", Integer.valueOf(authLevel));
            map.put("tokenId", tokenFromId.getTokenID().toString());
            return Promises.newResultPromise(AuthStatus.SUCCESS);
        } catch (UnsupportedCallbackException e) {
            return Promises.newExceptionPromise(new AuthenticationException(e.getMessage()));
        } catch (SSOException e2) {
            return Promises.newExceptionPromise(new AuthenticationException(e2.getMessage()));
        } catch (IOException e3) {
            return Promises.newExceptionPromise(new AuthenticationException(e3.getMessage()));
        }
    }

    AuthStatus getInvalidSSOTokenAuthStatus() {
        return AuthStatus.SEND_FAILURE;
    }

    public Promise<AuthStatus, AuthenticationException> secureResponse(MessageInfoContext messageInfoContext, Subject subject) {
        return Promises.newResultPromise(AuthStatus.SEND_SUCCESS);
    }

    public Promise<Void, AuthenticationException> cleanSubject(MessageInfoContext messageInfoContext, Subject subject) {
        return Promises.newResultPromise((Object) null);
    }

    public AuthnRequestUtils getRequestUtils() {
        return this.requestUtils;
    }

    public SSOTokenFactory getFactory() {
        return this.factory;
    }
}
