package org.fabric3.security.authentication;

import java.io.IOException;
import java.io.InputStream;
import java.util.Collections;
import java.util.List;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.xml.namespace.QName;
import org.fabric3.api.annotation.monitor.Monitor;
import org.fabric3.model.type.contract.DataType;
import org.fabric3.spi.host.ServletHost;
import org.fabric3.spi.model.type.java.JavaClass;
import org.fabric3.spi.model.type.json.JsonType;
import org.fabric3.spi.model.type.xsd.XSDType;
import org.fabric3.spi.security.AuthenticationException;
import org.fabric3.spi.security.AuthenticationService;
import org.fabric3.spi.security.UsernamePasswordToken;
import org.fabric3.spi.transform.TransformationException;
import org.fabric3.spi.transform.Transformer;
import org.fabric3.spi.transform.TransformerRegistry;
import org.oasisopen.sca.annotation.EagerInit;
import org.oasisopen.sca.annotation.Init;
import org.oasisopen.sca.annotation.Property;
import org.oasisopen.sca.annotation.Reference;

@EagerInit
/* loaded from: input_file:org/fabric3/security/authentication/CachingAuthenticationService.class */
public class CachingAuthenticationService extends HttpServlet {
    private static final long serialVersionUID = -3247111411539759436L;
    private static final String FABRIC3_SUBJECT = "fabric3.subject";
    private static final String APPLICATION_FORM_URLENCODED = "application/x-www-form-urlencoded";
    private static final String APPLICATION_JSON = "application/json";
    private static final String APPLICATION_XML = "application/xml";
    private static final DataType<?> JSON_TYPE = new JsonType(InputStream.class, String.class);
    private static final DataType<?> XML_TYPE = new XSDType(String.class, new QName("http://www.w3.org/2001/XMLSchema", "string"));
    private static final JavaClass<UsernamePasswordToken> JAVA_TYPE = new JavaClass<>(UsernamePasswordToken.class);
    private AuthenticationService authService;
    private ServletHost host;
    private AuthMonitor monitor;
    private boolean allowHttp;
    private TransformerRegistry registry;
    private Transformer<InputStream, UsernamePasswordToken> jsonTransformer;
    private Transformer<InputStream, UsernamePasswordToken> xmlTransformer;
    private boolean enabled = true;
    private String mapping = "/fabric/security/token";

    public CachingAuthenticationService(@Reference AuthenticationService authenticationService, @Reference TransformerRegistry transformerRegistry, @Reference ServletHost servletHost, @Monitor AuthMonitor authMonitor) {
        this.authService = authenticationService;
        this.registry = transformerRegistry;
        this.host = servletHost;
        this.monitor = authMonitor;
    }

    @Property(required = false)
    public void setEnabled(boolean z) {
        this.enabled = z;
    }

    @Property(required = false)
    public void setAllowHttp(boolean z) {
        this.allowHttp = z;
    }

    @Init
    public void start() throws TransformationException {
        if (this.enabled) {
            this.host.registerMapping(this.mapping, this);
        }
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException {
        String scheme = httpServletRequest.getScheme();
        if (!this.allowHttp && !"https".equals(scheme)) {
            httpServletResponse.setStatus(403);
            return;
        }
        try {
            String contentType = httpServletRequest.getContentType();
            UsernamePasswordToken usernamePasswordToken = null;
            if (contentType != null && contentType.contains(APPLICATION_FORM_URLENCODED)) {
                usernamePasswordToken = new UsernamePasswordToken(httpServletRequest.getParameter("username"), httpServletRequest.getParameter("password"));
            } else if (contentType != null && contentType.contains(APPLICATION_JSON)) {
                usernamePasswordToken = (UsernamePasswordToken) getJsonTransformer().transform(httpServletRequest.getInputStream(), getClass().getClassLoader());
            } else if (contentType != null && contentType.contains(APPLICATION_XML)) {
                usernamePasswordToken = (UsernamePasswordToken) getXmlTransformer().transform(httpServletRequest.getInputStream(), getClass().getClassLoader());
            }
            httpServletRequest.getSession().setAttribute(FABRIC3_SUBJECT, this.authService.authenticate(usernamePasswordToken));
        } catch (TransformationException e) {
            this.monitor.error("Error authenticating", e);
        } catch (IOException e2) {
            this.monitor.error("Error authenticating", e2);
        } catch (AuthenticationException e3) {
            this.monitor.error("Error authenticating", e3);
        }
    }

    protected void doDelete(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        HttpSession session = httpServletRequest.getSession(false);
        if (session == null || session.getAttribute(FABRIC3_SUBJECT) == null) {
            return;
        }
        session.removeAttribute(FABRIC3_SUBJECT);
        session.invalidate();
    }

    private Transformer<InputStream, UsernamePasswordToken> getJsonTransformer() throws TransformationException {
        if (this.jsonTransformer == null) {
            List emptyList = Collections.emptyList();
            this.jsonTransformer = this.registry.getTransformer(JSON_TYPE, JAVA_TYPE, emptyList, emptyList);
            if (this.jsonTransformer == null) {
                throw new TransformationException("JSON databinding extension is not installed");
            }
        }
        return this.jsonTransformer;
    }

    private Transformer<InputStream, UsernamePasswordToken> getXmlTransformer() throws TransformationException {
        if (this.xmlTransformer == null) {
            List emptyList = Collections.emptyList();
            this.xmlTransformer = this.registry.getTransformer(XML_TYPE, JAVA_TYPE, emptyList, emptyList);
            if (this.xmlTransformer == null) {
                throw new TransformationException("JAXB databinding extension is not installed");
            }
        }
        return this.xmlTransformer;
    }
}
