package flex.messaging.security;

import flex.messaging.FlexComponent;
import flex.messaging.FlexContext;
import flex.messaging.config.ConfigMap;
import flex.messaging.config.ConfigurationException;
import flex.messaging.config.SecurityConstraint;
import flex.messaging.log.Log;
import java.security.Principal;
import java.util.List;
import javax.ws.rs.core.HttpHeaders;

/* loaded from: input_file:WEB-INF/lib/blazeds-core-3.2.0.3978.jar:flex/messaging/security/LoginManager.class */
public class LoginManager implements FlexComponent {
    public static final String LOG_CATEGORY = "Security";
    private static final int INVALID_LOGIN = 10050;
    private static final int LOGIN_REQ = 10051;
    private static final int NO_LOGIN_COMMAND = 10053;
    private static final int CANNOT_REAUTH = 10054;
    private static final int ACCESS_DENIED = 10055;
    private static final int LOGIN_REQ_FOR_AUTH = 10056;
    private static final int RTMP_NO_BASIC_SECURITY = 10057;
    private static final int PER_CLIENT_ANT_APPSERVER = 10065;
    private LoginCommand loginCommand;
    private boolean perClientAuthentication = false;
    private boolean started;

    @Override // flex.messaging.FlexConfigurable
    public void initialize(String str, ConfigMap configMap) {
    }

    protected void validate() {
        if (this.perClientAuthentication && (this.loginCommand instanceof AppServerLoginCommand)) {
            ConfigurationException configurationException = new ConfigurationException();
            configurationException.setMessage(PER_CLIENT_ANT_APPSERVER);
            throw configurationException;
        }
    }

    @Override // flex.messaging.FlexComponent
    public void start() {
        if (this.started) {
            return;
        }
        validate();
        this.started = true;
    }

    @Override // flex.messaging.FlexComponent
    public void stop() {
        if (this.started) {
            this.started = false;
        }
    }

    public boolean isPerClientAuthentication() {
        return this.perClientAuthentication;
    }

    public void setPerClientAuthentication(boolean z) {
        this.perClientAuthentication = z;
    }

    @Override // flex.messaging.FlexComponent
    public boolean isStarted() {
        return this.started;
    }

    public LoginCommand getLoginCommand() {
        return this.loginCommand;
    }

    public void setLoginCommand(LoginCommand loginCommand) {
        this.loginCommand = loginCommand;
    }

    public void login(String str, Object obj) {
        if (getCurrentPrincipal() != null) {
            String principalNameFromCredentials = this.loginCommand instanceof LoginCommandExt ? ((LoginCommandExt) this.loginCommand).getPrincipalNameFromCredentials(str, obj) : str;
            if (principalNameFromCredentials == null || principalNameFromCredentials.equals(getCurrentPrincipal().getName())) {
                return;
            }
            SecurityException securityException = new SecurityException();
            securityException.setMessage(CANNOT_REAUTH);
            securityException.setCode(SecurityException.CLIENT_AUTHENTICATION_CODE);
            throw securityException;
        }
        if (this.loginCommand == null) {
            SecurityException securityException2 = new SecurityException();
            securityException2.setMessage(NO_LOGIN_COMMAND);
            securityException2.setCode(SecurityException.SERVER_AUTHENTICATION_CODE);
            throw securityException2;
        }
        if (str == null || obj == null) {
            SecurityException securityException3 = new SecurityException();
            securityException3.setMessage(LOGIN_REQ);
            securityException3.setCode(SecurityException.CLIENT_AUTHENTICATION_CODE);
            throw securityException3;
        }
        Principal doAuthentication = this.loginCommand.doAuthentication(str, obj);
        if (doAuthentication != null) {
            setCurrentPrincipal(doAuthentication);
            return;
        }
        SecurityException securityException4 = new SecurityException();
        securityException4.setMessage(INVALID_LOGIN);
        securityException4.setCode(SecurityException.CLIENT_AUTHENTICATION_CODE);
        throw securityException4;
    }

    public void logout() {
        if (this.loginCommand == null) {
            FlexContext.getFlexSession().invalidate();
            SecurityException securityException = new SecurityException();
            securityException.setMessage(NO_LOGIN_COMMAND);
            securityException.setCode(SecurityException.SERVER_AUTHORIZATION_CODE);
            throw securityException;
        }
        this.loginCommand.logout(getCurrentPrincipal());
        if (FlexContext.isPerClientAuthentication()) {
            FlexContext.setUserPrincipal(null);
        } else {
            FlexContext.getFlexSession().invalidate();
        }
    }

    public void checkConstraint(SecurityConstraint securityConstraint) {
        if (securityConstraint != null) {
            Principal currentPrincipal = getCurrentPrincipal();
            if (currentPrincipal != null) {
                List roles = securityConstraint.getRoles();
                if (roles == null || checkRoles(currentPrincipal, roles)) {
                    return;
                }
                SecurityException securityException = new SecurityException();
                securityException.setMessage(ACCESS_DENIED);
                securityException.setCode(SecurityException.CLIENT_AUTHORIZATION_CODE);
                throw securityException;
            }
            if (!isCustomAuth(securityConstraint)) {
                if (FlexContext.getHttpResponse() == null) {
                    SecurityException securityException2 = new SecurityException();
                    securityException2.setMessage(RTMP_NO_BASIC_SECURITY);
                    securityException2.setCode(SecurityException.CLIENT_AUTHORIZATION_CODE);
                    throw securityException2;
                }
                FlexContext.getHttpResponse().setStatus(401);
                FlexContext.getHttpResponse().addHeader(HttpHeaders.WWW_AUTHENTICATE, "Basic realm=\"default\"");
            }
            SecurityException securityException3 = new SecurityException();
            securityException3.setMessage(LOGIN_REQ_FOR_AUTH);
            securityException3.setCode(SecurityException.CLIENT_AUTHENTICATION_CODE);
            throw securityException3;
        }
    }

    public boolean checkRoles(Principal principal, List list) {
        if (this.loginCommand != null) {
            return this.loginCommand.doAuthorization(principal, list);
        }
        if (!Log.isWarn()) {
            return false;
        }
        Log.getLogger("Security").warn("Login command is null. Please ensure that the login-command tag has the correct server attribute value, or use 'all' to use the login command regardless of the server.");
        return false;
    }

    private Principal getCurrentPrincipal() {
        return FlexContext.getUserPrincipal();
    }

    private void setCurrentPrincipal(Principal principal) {
        FlexContext.setUserPrincipal(principal);
    }

    private boolean isCustomAuth(SecurityConstraint securityConstraint) {
        return SecurityConstraint.CUSTOM_AUTH_METHOD.equals(securityConstraint.getMethod());
    }
}
