package com.ibm.ws.webcontainer.security;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.SecurityService;
import com.ibm.ws.security.registry.RegistryException;
import com.ibm.ws.webcontainer.security.internal.BasicAuthAuthenticator;
import com.ibm.ws.webcontainer.security.internal.CertificateLoginAuthenticator;
import com.ibm.ws.webcontainer.security.internal.FormLoginAuthenticator;
import com.ibm.ws.webcontainer.security.internal.SRTServletRequestUtils;
import com.ibm.ws.webcontainer.security.metadata.LoginConfiguration;
import com.ibm.ws.webcontainer.security.openidconnect.OidcServer;
import com.ibm.wsspi.kernel.service.utils.AtomicServiceReference;
import java.util.HashMap;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:lib/com.ibm.ws.webcontainer.security_1.0.11.cl50820160805-0208.jar:com/ibm/ws/webcontainer/security/WebAuthenticatorProxy.class */
public class WebAuthenticatorProxy implements WebAuthenticator {
    private static final TraceComponent tc = Tr.register(WebAuthenticatorProxy.class);
    private static final String AUTH_TYPE = "AUTH_TYPE";
    private final AtomicServiceReference<SecurityService> securityServiceRef;
    private volatile WebAppSecurityConfig webAppSecurityConfig;
    private volatile PostParameterHelper postParameterHelper;
    private final WebProviderAuthenticatorProxy providerAuthenticatorProxy;
    private final AtomicServiceReference<OidcServer> oidcServerRef;
    static final long serialVersionUID = 7518189428144304128L;

    public WebAuthenticatorProxy(WebAppSecurityConfig webAppSecurityConfig, PostParameterHelper postParameterHelper, AtomicServiceReference<SecurityService> atomicServiceReference, WebProviderAuthenticatorProxy webProviderAuthenticatorProxy) {
        this(webAppSecurityConfig, postParameterHelper, atomicServiceReference, webProviderAuthenticatorProxy, (AtomicServiceReference) null);
    }

    public WebAuthenticatorProxy(WebAppSecurityConfig webAppSecurityConfig, PostParameterHelper postParameterHelper, AtomicServiceReference<SecurityService> atomicServiceReference, WebProviderAuthenticatorProxy webProviderAuthenticatorProxy, AtomicServiceReference<OidcServer> atomicServiceReference2) {
        this.webAppSecurityConfig = webAppSecurityConfig;
        this.postParameterHelper = postParameterHelper;
        this.securityServiceRef = atomicServiceReference;
        this.providerAuthenticatorProxy = webProviderAuthenticatorProxy;
        this.oidcServerRef = atomicServiceReference2;
    }

    @Override // com.ibm.ws.webcontainer.security.WebAuthenticator
    public AuthenticationResult authenticate(WebRequest webRequest) {
        AuthenticationResult authenticate = this.providerAuthenticatorProxy.authenticate(webRequest);
        String authenticationMethod = webRequest.getLoginConfig().getAuthenticationMethod();
        if (authenticate.getStatus() == AuthResult.CONTINUE) {
            WebAuthenticator webAuthenticator = getWebAuthenticator(webRequest);
            if (webAuthenticator == null) {
                return new AuthenticationResult(AuthResult.FAILURE, "Unable to get the appropriate WebAuthenticator. Unable to get the appropriate WebAuthenticator.");
            }
            authenticate = webAuthenticator.authenticate(webRequest);
            if ((webAuthenticator instanceof CertificateLoginAuthenticator) && authenticate != null && authenticate.getStatus() != AuthResult.SUCCESS && this.webAppSecurityConfig.allowFailOver()) {
                authenticationMethod = getFailOverToAuthType(webRequest);
                WebAuthenticator authenticatorForFailOver = getAuthenticatorForFailOver(authenticationMethod, webRequest);
                if (authenticatorForFailOver == null) {
                    return new AuthenticationResult(AuthResult.FAILURE, "Unable to get the failover WebAuthenticator. Unable to authenticate request.");
                }
                authenticate = authenticatorForFailOver.authenticate(webRequest);
            }
        }
        if (authenticate != null && authenticate.getStatus() == AuthResult.SUCCESS) {
            SRTServletRequestUtils.setPrivateAttribute(webRequest.getHttpServletRequest(), AUTH_TYPE, authenticationMethod);
            if (LoginConfiguration.FORM.equalsIgnoreCase(authenticationMethod)) {
                this.postParameterHelper.restore(webRequest.getHttpServletRequest(), webRequest.getHttpServletResponse());
            }
        }
        return authenticate;
    }

    private WebAuthenticator getAuthenticatorForFailOver(String str, WebRequest webRequest) {
        FormLoginAuthenticator formLoginAuthenticator = null;
        if (LoginConfiguration.FORM.equals(str)) {
            formLoginAuthenticator = createFormLoginAuthenticator(webRequest);
        } else if (LoginConfiguration.BASIC.equals(str)) {
            formLoginAuthenticator = getBasicAuthAuthenticator();
        }
        return formLoginAuthenticator;
    }

    private boolean appHasWebXMLFormLogin(WebRequest webRequest) {
        return (webRequest.getFormLoginConfiguration() == null || webRequest.getFormLoginConfiguration().getLoginPage() == null || webRequest.getFormLoginConfiguration().getErrorPage() == null) ? false : true;
    }

    private boolean globalWebAppSecurityConfigHasFormLogin() {
        WebAppSecurityConfig globalWebAppSecurityConfig = WebAppSecurityCollaboratorImpl.getGlobalWebAppSecurityConfig();
        return (globalWebAppSecurityConfig == null || globalWebAppSecurityConfig.getLoginFormURL() == null) ? false : true;
    }

    private String getFailOverToAuthType(WebRequest webRequest) {
        String str = null;
        if (this.webAppSecurityConfig.getAllowFailOverToBasicAuth() && this.webAppSecurityConfig.getAllowFailOverToFormLogin()) {
            str = (appHasWebXMLFormLogin(webRequest) || globalWebAppSecurityConfigHasFormLogin()) ? LoginConfiguration.FORM : LoginConfiguration.BASIC;
        } else if (this.webAppSecurityConfig.getAllowFailOverToFormLogin()) {
            str = LoginConfiguration.FORM;
        } else if (this.webAppSecurityConfig.getAllowFailOverToBasicAuth()) {
            str = LoginConfiguration.BASIC;
        }
        return str;
    }

    public WebAuthenticator getWebAuthenticator(WebRequest webRequest) {
        LoginConfiguration loginConfiguration = webRequest.getSecurityMetadata().getLoginConfiguration();
        if (loginConfiguration != null) {
            String authenticationMethod = loginConfiguration.getAuthenticationMethod();
            if (LoginConfiguration.FORM.equalsIgnoreCase(authenticationMethod)) {
                return createFormLoginAuthenticator(webRequest);
            }
            if (LoginConfiguration.CLIENT_CERT.equalsIgnoreCase(authenticationMethod)) {
                return createCertificateLoginAuthenticator();
            }
        }
        return getBasicAuthAuthenticator();
    }

    public BasicAuthAuthenticator getBasicAuthAuthenticator() {
        try {
            return createBasicAuthenticator();
        } catch (RegistryException e) {
            FFDCFilter.processException(e, "com.ibm.ws.webcontainer.security.WebAuthenticatorProxy", "203", this, new Object[0]);
            if (!TraceComponent.isAnyTracingEnabled() || !tc.isDebugEnabled()) {
                return null;
            }
            Tr.debug(tc, "RegistryException while trying to create BasicAuthAuthenticator", e);
            return null;
        }
    }

    protected BasicAuthAuthenticator createBasicAuthenticator() throws RegistryException {
        SecurityService service = this.securityServiceRef.getService();
        return new BasicAuthAuthenticator(service.getAuthenticationService(), service.getUserRegistryService().getUserRegistry(), new SSOCookieHelperImpl(this.webAppSecurityConfig, this.oidcServerRef), this.webAppSecurityConfig);
    }

    protected FormLoginAuthenticator createFormLoginAuthenticator(WebRequest webRequest) {
        return new FormLoginAuthenticator(this.providerAuthenticatorProxy.getSSOAuthenticator(webRequest, null), this.webAppSecurityConfig, this.providerAuthenticatorProxy);
    }

    public CertificateLoginAuthenticator createCertificateLoginAuthenticator() {
        return new CertificateLoginAuthenticator(this.securityServiceRef.getService().getAuthenticationService(), new SSOCookieHelperImpl(this.webAppSecurityConfig, this.oidcServerRef));
    }

    @Override // com.ibm.ws.webcontainer.security.WebAuthenticator
    public AuthenticationResult authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HashMap hashMap) {
        return null;
    }
}
