package org.granite.messaging.service.security;

import java.lang.reflect.InvocationTargetException;
import java.security.Principal;
import java.util.Iterator;
import java.util.Map;
import javax.servlet.http.HttpSession;
import org.granite.context.GraniteContext;
import org.granite.messaging.webapp.HttpGraniteContext;
import org.mortbay.jetty.HttpConnection;
import org.mortbay.jetty.Request;
import org.mortbay.jetty.security.UserRealm;

/* loaded from: input_file:org/granite/messaging/service/security/Jetty6SecurityService.class */
public class Jetty6SecurityService extends AbstractSecurityService {
    private static final String JETTY6_AUTH = "org.granite.messaging.service.security.Jetty6Auth";

    @Override // org.granite.messaging.service.security.SecurityService
    public void configure(Map<String, String> map) {
    }

    @Override // org.granite.messaging.service.security.SecurityService
    public void login(Object obj) throws SecurityServiceException {
        String[] decodeBase64Credentials = decodeBase64Credentials(obj);
        Request request = ((HttpGraniteContext) GraniteContext.getCurrentInstance()).getRequest();
        Request request2 = request instanceof Request ? request : HttpConnection.getCurrentConnection().getRequest();
        Principal authenticate = request2.getUserRealm().authenticate(decodeBase64Credentials[0], decodeBase64Credentials[1], request2);
        if (authenticate == null) {
            if (request2.getSession(false) != null) {
                request2.getSession(false).removeAttribute(JETTY6_AUTH);
            }
            throw SecurityServiceException.newInvalidCredentialsException("Wrong username or password");
        }
        request2.setAuthType(AbstractSecurityService.AUTH_TYPE);
        request2.setUserPrincipal(authenticate);
        request2.getSession().setAttribute(JETTY6_AUTH, authenticate);
    }

    @Override // org.granite.messaging.service.security.SecurityService
    public Object authorize(AbstractSecurityContext abstractSecurityContext) throws Exception {
        HttpSession session;
        startAuthorization(abstractSecurityContext);
        Request request = ((HttpGraniteContext) GraniteContext.getCurrentInstance()).getRequest();
        boolean z = false;
        Principal userPrincipal = request.getUserPrincipal();
        if (userPrincipal == null) {
            HttpSession session2 = request.getSession(false);
            userPrincipal = session2 != null ? (Principal) session2.getAttribute(JETTY6_AUTH) : null;
            z = true;
        }
        if (userPrincipal == null) {
            if (request.getRequestedSessionId() == null || !((session = request.getSession(false)) == null || request.getRequestedSessionId().equals(session.getId()))) {
                throw SecurityServiceException.newNotLoggedInException("User not logged in");
            }
            throw SecurityServiceException.newSessionExpiredException("Session expired");
        }
        Request request2 = request instanceof Request ? request : HttpConnection.getCurrentConnection().getRequest();
        UserRealm userRealm = request2.getUserRealm();
        if (z) {
            userRealm.reauthenticate(userPrincipal);
        }
        if (abstractSecurityContext.getDestination().isSecured()) {
            boolean z2 = true;
            Iterator<String> it = abstractSecurityContext.getDestination().getRoles().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (userRealm.isUserInRole(userPrincipal, it.next())) {
                    z2 = false;
                    break;
                }
            }
            if (z2) {
                throw SecurityServiceException.newAccessDeniedException("User not in required role");
            }
            request2.setAuthType(AbstractSecurityService.AUTH_TYPE);
            request2.setUserPrincipal(userPrincipal);
        }
        try {
            return endAuthorization(abstractSecurityContext);
        } catch (InvocationTargetException e) {
            Throwable th = e;
            while (true) {
                Throwable th2 = th;
                if (th2 == null) {
                    throw e;
                }
                if (th2 instanceof SecurityException) {
                    throw SecurityServiceException.newAccessDeniedException(th2.getMessage());
                }
                th = th2.getCause();
            }
        }
    }

    @Override // org.granite.messaging.service.security.SecurityService
    public void logout() throws SecurityServiceException {
        Request request = ((HttpGraniteContext) GraniteContext.getCurrentInstance()).getRequest();
        (request instanceof Request ? request : HttpConnection.getCurrentConnection().getRequest()).getUserRealm().disassociate(request.getUserPrincipal());
    }
}
