package org.picketlink.http.internal.authentication.schemes;

import java.io.PrintWriter;
import javax.enterprise.inject.Instance;
import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.picketlink.Identity;
import org.picketlink.authentication.AuthenticationException;
import org.picketlink.config.http.TokenAuthenticationConfiguration;
import org.picketlink.credential.DefaultLoginCredentials;
import org.picketlink.http.authentication.HttpAuthenticationScheme;
import org.picketlink.idm.credential.Token;
import org.picketlink.idm.credential.TokenCredential;

/* loaded from: input_file:WEB-INF/lib/picketlink-2.7.1.Final.jar:org/picketlink/http/internal/authentication/schemes/TokenAuthenticationScheme.class */
public class TokenAuthenticationScheme implements HttpAuthenticationScheme<TokenAuthenticationConfiguration> {
    public static final String AUTHORIZATION_TOKEN_HEADER_NAME = "Authorization";
    public static final String AUTHENTICATION_SCHEME_NAME = "Token";
    public static final String REQUIRES_AUTHENTICATION_HEADER_NAME = "WWW-Authenticate";

    @Inject
    private Instance<Identity> identityInstance;

    @Inject
    private Instance<DefaultLoginCredentials> credentialsInstance;

    @Inject
    private BasicAuthenticationScheme basicAuthenticationScheme;

    @Inject
    private Instance<Token.Provider<?>> tokenProvider;

    @Inject
    private Instance<Token.Consumer<?>> tokenConsumer;

    @Override // org.picketlink.http.authentication.HttpAuthenticationScheme
    public void initialize(TokenAuthenticationConfiguration tokenAuthenticationConfiguration) {
    }

    @Override // org.picketlink.http.authentication.HttpAuthenticationScheme
    public void extractCredential(HttpServletRequest httpServletRequest, DefaultLoginCredentials defaultLoginCredentials) {
        String extractTokenFromRequest;
        getPrimaryAuthenticationScheme().extractCredential(httpServletRequest, defaultLoginCredentials);
        if (defaultLoginCredentials.getCredential() != null || (extractTokenFromRequest = extractTokenFromRequest(httpServletRequest)) == null) {
            return;
        }
        defaultLoginCredentials.setCredential(createCredential(extractTokenFromRequest));
    }

    @Override // org.picketlink.http.authentication.HttpAuthenticationScheme
    public void challengeClient(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            if (isPrimaryAuthenticationRequest()) {
                getPrimaryAuthenticationScheme().challengeClient(httpServletRequest, httpServletResponse);
            } else {
                httpServletResponse.setHeader("WWW-Authenticate", AUTHENTICATION_SCHEME_NAME);
                httpServletResponse.sendError(401);
            }
        } catch (Exception e) {
            throw new RuntimeException("Could not challeng client credentials.", e);
        }
    }

    @Override // org.picketlink.http.authentication.HttpAuthenticationScheme
    public void onPostAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (isPrimaryAuthenticationRequest() && getIdentity().isLoggedIn()) {
            writeToken(issueToken(httpServletRequest, httpServletResponse), httpServletRequest, httpServletResponse);
        }
    }

    protected DefaultLoginCredentials getCredentials() {
        return this.credentialsInstance.get();
    }

    protected Identity getIdentity() {
        return this.identityInstance.get();
    }

    protected HttpAuthenticationScheme getPrimaryAuthenticationScheme() {
        return this.basicAuthenticationScheme;
    }

    protected String extractTokenFromRequest(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("Authorization");
        if (header == null || !header.contains(AUTHENTICATION_SCHEME_NAME)) {
            return null;
        }
        return header.substring(AUTHENTICATION_SCHEME_NAME.length() + 1);
    }

    protected TokenCredential createCredential(String str) {
        Token create;
        if (getTokenProvider() != null) {
            create = Token.Builder.create(getTokenProvider().getTokenType().getName(), str);
        } else {
            if (getTokenConsumer() == null) {
                throw new AuthenticationException("You must provide a " + Token.Provider.class.getName() + " or " + Token.Consumer.class.getName() + ".");
            }
            create = Token.Builder.create(getTokenConsumer().getTokenType().getName(), str);
        }
        return new TokenCredential(create);
    }

    protected String issueToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Token.Provider tokenProvider = getTokenProvider();
        if (tokenProvider == null) {
            throw new AuthenticationException("No " + Token.Provider.class.getName() + " was found.");
        }
        return tokenProvider.issue(getIdentity().getAccount()).getToken();
    }

    protected void writeToken(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            httpServletResponse.setStatus(200);
            PrintWriter writer = httpServletResponse.getWriter();
            writer.print("{\"authctoken\":\"" + str + "\"}");
            writer.flush();
        } catch (Exception e) {
            throw new AuthenticationException("Could not write token to response.", e);
        }
    }

    protected Token.Provider getTokenProvider() {
        if (this.tokenProvider.isAmbiguous()) {
            throw new AuthenticationException("You must provide exactly one " + Token.Provider.class.getName() + " implementation.");
        }
        if (this.tokenProvider.isUnsatisfied()) {
            return null;
        }
        return this.tokenProvider.get();
    }

    protected Token.Consumer getTokenConsumer() {
        if (this.tokenConsumer.isAmbiguous()) {
            throw new AuthenticationException("You must provide exactly one " + Token.Consumer.class.getName() + " implementation.");
        }
        if (this.tokenConsumer.isUnsatisfied()) {
            return null;
        }
        return this.tokenConsumer.get();
    }

    private boolean isPrimaryAuthenticationRequest() {
        return (getCredentials().getCredential() == null || TokenCredential.class.isInstance(getCredentials().getCredential())) ? false : true;
    }
}
