package org.eclipse.jetty.security.authentication;

import java.io.Serializable;
import java.util.Objects;
import org.eclipse.jetty.security.AuthenticationState;
import org.eclipse.jetty.security.Authenticator;
import org.eclipse.jetty.security.IdentityService;
import org.eclipse.jetty.security.LoginService;
import org.eclipse.jetty.security.SecurityHandler;
import org.eclipse.jetty.security.UserIdentity;
import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.server.Response;
import org.eclipse.jetty.server.Session;
import org.eclipse.jetty.util.Callback;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/jetty-security-12.0.5.jar:org/eclipse/jetty/security/authentication/LoginAuthenticator.class */
public abstract class LoginAuthenticator implements Authenticator {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) LoginAuthenticator.class);
    protected LoginService _loginService;
    protected IdentityService _identityService;
    private boolean _sessionRenewedOnAuthentication;
    private int _sessionMaxInactiveIntervalOnAuthentication;

    /* loaded from: input_file:BOOT-INF/lib/jetty-security-12.0.5.jar:org/eclipse/jetty/security/authentication/LoginAuthenticator$LoggedOutAuthentication.class */
    public static class LoggedOutAuthentication implements AuthenticationState.Deferred {
        private final AuthenticationState.Deferred _delegate;

        @Override // org.eclipse.jetty.security.AuthenticationState.Deferred
        public AuthenticationState.Succeeded login(String str, Object obj, Request request, Response response) {
            return this._delegate.login(str, obj, request, response);
        }

        @Override // org.eclipse.jetty.security.AuthenticationState.Deferred
        public void logout(Request request, Response response) {
            this._delegate.logout(request, response);
        }

        @Override // org.eclipse.jetty.security.AuthenticationState.Deferred
        public IdentityService.Association getAssociation() {
            return this._delegate.getAssociation();
        }

        public LoggedOutAuthentication(LoginAuthenticator loginAuthenticator) {
            this._delegate = AuthenticationState.defer(loginAuthenticator);
        }

        @Override // org.eclipse.jetty.security.AuthenticationState.Deferred
        public AuthenticationState.Succeeded authenticate(Request request) {
            return null;
        }

        @Override // org.eclipse.jetty.security.AuthenticationState.Deferred
        public AuthenticationState authenticate(Request request, Response response, Callback callback) {
            return null;
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/jetty-security-12.0.5.jar:org/eclipse/jetty/security/authentication/LoginAuthenticator$UserAuthenticationSent.class */
    public static class UserAuthenticationSent extends UserAuthenticationSucceeded implements AuthenticationState.ResponseSent {
        public UserAuthenticationSent(String str, UserIdentity userIdentity) {
            super(str, userIdentity);
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/jetty-security-12.0.5.jar:org/eclipse/jetty/security/authentication/LoginAuthenticator$UserAuthenticationSucceeded.class */
    public static class UserAuthenticationSucceeded implements AuthenticationState.Succeeded, Serializable {
        private static final long serialVersionUID = -6290411814232723403L;
        protected String _authenticationType;
        protected transient UserIdentity _userIdentity;

        public UserAuthenticationSucceeded(String str, UserIdentity userIdentity) {
            this._authenticationType = str;
            this._userIdentity = userIdentity;
        }

        @Override // org.eclipse.jetty.security.AuthenticationState.Succeeded
        public String getAuthenticationType() {
            return this._authenticationType;
        }

        @Override // org.eclipse.jetty.security.AuthenticationState.Succeeded
        public UserIdentity getUserIdentity() {
            return this._userIdentity;
        }

        @Override // org.eclipse.jetty.security.AuthenticationState.Succeeded
        public boolean isUserInRole(String str) {
            return this._userIdentity.isUserInRole(str);
        }

        @Override // org.eclipse.jetty.security.AuthenticationState.Succeeded
        public void logout(Request request, Response response) {
            SecurityHandler currentSecurityHandler = SecurityHandler.getCurrentSecurityHandler();
            if (currentSecurityHandler != null) {
                LoginService loginService = currentSecurityHandler.getLoginService();
                if (loginService != null) {
                    loginService.logout(getUserIdentity());
                }
                IdentityService identityService = currentSecurityHandler.getIdentityService();
                if (identityService != null) {
                    identityService.onLogout(getUserIdentity());
                }
                Authenticator authenticator = currentSecurityHandler.getAuthenticator();
                LoggedOutAuthentication loggedOutAuthentication = null;
                if (authenticator instanceof LoginAuthenticator) {
                    ((LoginAuthenticator) authenticator).logout(request, response);
                    loggedOutAuthentication = new LoggedOutAuthentication((LoginAuthenticator) authenticator);
                }
                AuthenticationState.setAuthenticationState(request, loggedOutAuthentication);
            }
        }

        public String toString() {
            return "%s@%x{%s,%s}".formatted(getClass().getSimpleName(), Integer.valueOf(hashCode()), getAuthenticationType(), getUserIdentity());
        }
    }

    public UserIdentity login(String str, Object obj, Request request, Response response) {
        LoginService loginService = this._loginService;
        Objects.requireNonNull(request);
        UserIdentity login = loginService.login(str, obj, request, (v1) -> {
            return r4.getSession(v1);
        });
        if (LOG.isDebugEnabled()) {
            LOG.debug("{}.login {}", this, login);
        }
        if (login == null) {
            return null;
        }
        updateSession(request, response);
        return login;
    }

    public void logout(Request request, Response response) {
        Session session = request.getSession(false);
        if (LOG.isDebugEnabled()) {
            LOG.debug("{}.logout {}", this, session);
        }
        if (session == null) {
            return;
        }
        session.removeAttribute(SecurityHandler.SESSION_AUTHENTICATED_ATTRIBUTE);
    }

    @Override // org.eclipse.jetty.security.Authenticator
    public void setConfiguration(Authenticator.Configuration configuration) {
        this._loginService = configuration.getLoginService();
        if (this._loginService == null) {
            throw new IllegalStateException("No LoginService for " + String.valueOf(this) + " in " + String.valueOf(configuration));
        }
        this._identityService = configuration.getIdentityService();
        if (this._identityService == null) {
            throw new IllegalStateException("No IdentityService for " + String.valueOf(this) + " in " + String.valueOf(configuration));
        }
        this._sessionRenewedOnAuthentication = configuration.isSessionRenewedOnAuthentication();
        this._sessionMaxInactiveIntervalOnAuthentication = configuration.getSessionMaxInactiveIntervalOnAuthentication();
    }

    public LoginService getLoginService() {
        return this._loginService;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void updateSession(Request request, Response response) {
        Session session = request.getSession(false);
        if (session != null) {
            if (this._sessionRenewedOnAuthentication || this._sessionMaxInactiveIntervalOnAuthentication != 0) {
                synchronized (session) {
                    if (this._sessionMaxInactiveIntervalOnAuthentication != 0) {
                        session.setMaxInactiveInterval(this._sessionMaxInactiveIntervalOnAuthentication < 0 ? -1 : this._sessionMaxInactiveIntervalOnAuthentication);
                    }
                    if (this._sessionRenewedOnAuthentication && session.getAttribute(SecurityHandler.SESSION_AUTHENTICATED_ATTRIBUTE) != Boolean.TRUE) {
                        session.setAttribute(SecurityHandler.SESSION_AUTHENTICATED_ATTRIBUTE, Boolean.TRUE);
                        session.renewId(request, response);
                    }
                }
            }
        }
    }
}
