package com.networknt.oauth.code.handler;

import com.networknt.config.Config;
import com.networknt.oauth.security.LightBasicAuthenticationMechanism;
import com.networknt.oauth.security.LightFormAuthenticationMechanism;
import com.networknt.oauth.security.LightGSSAPIAuthenticationMechanism;
import com.networknt.oauth.security.LightIdentityManager;
import com.networknt.oauth.spnego.KerberosKDCUtil;
import io.undertow.security.api.AuthenticationMode;
import io.undertow.security.api.GSSAPIServerSubjectFactory;
import io.undertow.security.handlers.AuthenticationCallHandler;
import io.undertow.security.handlers.AuthenticationConstraintHandler;
import io.undertow.security.handlers.AuthenticationMechanismsHandler;
import io.undertow.security.handlers.SecurityInitialHandler;
import io.undertow.security.idm.IdentityManager;
import io.undertow.security.impl.CachedAuthenticatedSessionMechanism;
import io.undertow.server.HttpHandler;
import io.undertow.server.session.InMemorySessionManager;
import io.undertow.server.session.SessionAttachmentHandler;
import io.undertow.server.session.SessionCookieConfig;
import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.Map;
import javax.security.auth.Subject;

/* loaded from: input_file:com/networknt/oauth/code/handler/BaseWrapper.class */
public class BaseWrapper {
    private static final String SECRET_CONFIG = "secret";
    private static final String SERVER_CONFIG = "server";
    final IdentityManager basicIdentityManager = new LightIdentityManager();
    private static final Map<String, Object> secret = Config.getInstance().getJsonMapConfig("secret");
    private static final Map<String, Object> server = Config.getInstance().getJsonMapConfigNoCache("server");
    private static final String SPNEGO_SERVICE_PASSWORD = "spnegoServicePassword";
    private static final String spnegoServicePassword = (String) secret.get(SPNEGO_SERVICE_PASSWORD);

    /* loaded from: input_file:com/networknt/oauth/code/handler/BaseWrapper$SubjectFactory.class */
    private class SubjectFactory implements GSSAPIServerSubjectFactory {
        private SubjectFactory() {
        }

        @Override // io.undertow.security.api.GSSAPIServerSubjectFactory
        public Subject getSubjectForHost(String str) throws GeneralSecurityException {
            return KerberosKDCUtil.login("HTTP/" + str, BaseWrapper.spnegoServicePassword.toCharArray());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public HttpHandler addGetSecurity(HttpHandler httpHandler, IdentityManager identityManager) {
        AuthenticationConstraintHandler authenticationConstraintHandler = new AuthenticationConstraintHandler(new AuthenticationCallHandler(httpHandler));
        ArrayList arrayList = new ArrayList();
        if (spnegoServicePassword != null) {
            arrayList.add(new LightGSSAPIAuthenticationMechanism(new SubjectFactory()));
        }
        arrayList.add(new LightBasicAuthenticationMechanism("OAuth"));
        return new SecurityInitialHandler(AuthenticationMode.PRO_ACTIVE, identityManager, new AuthenticationMechanismsHandler(authenticationConstraintHandler, arrayList));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public HttpHandler addFormSecurity(HttpHandler httpHandler, IdentityManager identityManager) {
        AuthenticationConstraintHandler authenticationConstraintHandler = new AuthenticationConstraintHandler(new AuthenticationCallHandler(httpHandler));
        ArrayList arrayList = new ArrayList();
        arrayList.add(new CachedAuthenticatedSessionMechanism());
        arrayList.add(new LightFormAuthenticationMechanism("oauth2", "/login", "/error", "/oauth2/code"));
        return new SessionAttachmentHandler(new SecurityInitialHandler(AuthenticationMode.PRO_ACTIVE, identityManager, new AuthenticationMechanismsHandler(authenticationConstraintHandler, arrayList)), new InMemorySessionManager("oauth2"), new SessionCookieConfig());
    }
}
