package org.forgerock.oauth2.core;

import com.iplanet.sso.SSOToken;
import com.sun.identity.authentication.AuthContext;
import com.sun.identity.authentication.service.LoginState;
import com.sun.identity.authentication.spi.AuthLoginException;
import com.sun.identity.idm.AMIdentity;
import com.sun.identity.idm.IdUtils;
import com.sun.identity.security.AdminTokenAction;
import com.sun.identity.shared.debug.Debug;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import javax.inject.Inject;
import javax.inject.Singleton;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.servlet.http.HttpServletRequest;
import org.forgerock.oauth2.core.exceptions.NotFoundException;
import org.forgerock.openam.utils.RealmNormaliser;
import org.forgerock.openam.utils.Time;
import org.restlet.Request;
import org.restlet.Response;
import org.restlet.data.Status;
import org.restlet.ext.servlet.ServletUtils;
import org.restlet.resource.ResourceException;

@Singleton
/* loaded from: input_file:org/forgerock/oauth2/core/ResourceOwnerAuthenticator.class */
public class ResourceOwnerAuthenticator {
    private final Debug logger = Debug.getInstance("amOpenAMResourceOwnerAuthenticator");
    private final RealmNormaliser realmNormaliser;

    @Inject
    public ResourceOwnerAuthenticator(RealmNormaliser realmNormaliser) {
        this.realmNormaliser = realmNormaliser;
    }

    public ResourceOwner authenticate(OAuth2Request oAuth2Request) throws NotFoundException {
        try {
            return authenticate(oAuth2Request.getRequest(), (String) oAuth2Request.getParameter("username"), oAuth2Request.getParameter("password") == null ? null : ((String) oAuth2Request.getParameter("password")).toCharArray(), this.realmNormaliser.normalise((String) oAuth2Request.getParameter("realm")), (String) oAuth2Request.getParameter("auth_chain"));
        } catch (org.forgerock.json.resource.NotFoundException e) {
            throw new NotFoundException(e.getMessage());
        }
    }

    private ResourceOwner authenticate(Request request, String str, char[] cArr, String str2, String str3) {
        ResourceOwner resourceOwner = null;
        try {
            AuthContext authContext = new AuthContext(str2);
            HttpServletRequest request2 = ServletUtils.getRequest(request);
            request2.setAttribute("org.forgerock.openam.auth.noSession", "true");
            if (str3 != null) {
                authContext.login(AuthContext.IndexType.SERVICE, str3, (String[]) null, request2, ServletUtils.getResponse(Response.getCurrent()));
            } else {
                authContext.login(request2, ServletUtils.getResponse(Response.getCurrent()));
            }
            while (authContext.hasMoreRequirements()) {
                NameCallback[] requirements = authContext.getRequirements();
                ArrayList arrayList = new ArrayList();
                for (int i = 0; i < requirements.length; i++) {
                    if (requirements[i] instanceof NameCallback) {
                        requirements[i].setName(str);
                    } else if (requirements[i] instanceof PasswordCallback) {
                        ((PasswordCallback) requirements[i]).setPassword(cArr);
                    } else {
                        arrayList.add(requirements[i]);
                    }
                }
                if (arrayList.size() > 0) {
                    throw new ResourceException(Status.SERVER_ERROR_INTERNAL, "Missing requirements");
                }
                authContext.submitRequirements(requirements);
            }
            if (authContext.getStatus() == AuthContext.Status.SUCCESS) {
                try {
                    LoginState loginState = authContext.getAuthContextLocal().getLoginState();
                    AMIdentity identity = IdUtils.getIdentity((SSOToken) AccessController.doPrivileged((PrivilegedAction) AdminTokenAction.getInstance()), loginState.getUserUniversalId(loginState.getUserDN()));
                    request.getAttributes().put("AMCtxId", loginState.getActivatedSessionTrackingId());
                    resourceOwner = new ResourceOwner(identity.getName(), identity, Time.currentTimeMillis());
                } catch (Exception e) {
                    this.logger.error("Unable to get SSOToken", e);
                    throw new ResourceException(Status.SERVER_ERROR_INTERNAL, e);
                }
            }
            return resourceOwner;
        } catch (AuthLoginException e2) {
            this.logger.error("AuthException", e2);
            throw new ResourceException(Status.SERVER_ERROR_INTERNAL, e2);
        }
    }
}
