package org.lamsfoundation.lams.integration.security;

import io.undertow.security.api.AuthenticationMechanism;
import io.undertow.security.api.SecurityContext;
import io.undertow.security.idm.Account;
import io.undertow.security.impl.SecurityContextImpl;
import io.undertow.server.HttpServerExchange;
import io.undertow.servlet.ServletExtension;
import io.undertow.servlet.api.DeploymentInfo;
import io.undertow.servlet.handlers.ServletRequestContext;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpSession;
import org.lamsfoundation.lams.web.session.SessionManager;

/* loaded from: input_file:org/lamsfoundation/lams/integration/security/SsoConsumer.class */
public class SsoConsumer implements ServletExtension {
    private static final String MECHANISM_NAME = "LAMS SSO";
    private static final String SSO_ATTRIBUTE_NAME = "ssoAccount";

    public void handleDeployment(DeploymentInfo deploymentInfo, ServletContext servletContext) {
        deploymentInfo.addFirstAuthenticationMechanism(MECHANISM_NAME, new AuthenticationMechanism() { // from class: org.lamsfoundation.lams.integration.security.SsoConsumer.1
            public AuthenticationMechanism.AuthenticationMechanismOutcome authenticate(HttpServerExchange httpServerExchange, SecurityContext securityContext) {
                ServletRequestContext servletRequestContext = (ServletRequestContext) httpServerExchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
                if (servletRequestContext == null || httpServerExchange.getRequestURI().endsWith("j_security_check")) {
                    return AuthenticationMechanism.AuthenticationMechanismOutcome.NOT_ATTEMPTED;
                }
                SessionManager.startSession(servletRequestContext.getServletRequest(), servletRequestContext.getServletResponse());
                HttpSession session = SessionManager.getSession();
                Account account = session == null ? null : (Account) session.getAttribute(SsoConsumer.SSO_ATTRIBUTE_NAME);
                SessionManager.endSession();
                if (account == null) {
                    return AuthenticationMechanism.AuthenticationMechanismOutcome.NOT_ATTEMPTED;
                }
                SecurityContextImpl securityContextImpl = (SecurityContextImpl) securityContext;
                if (securityContextImpl.getAuthenticatedAccount() == null) {
                    securityContextImpl.authenticationComplete(account, SsoConsumer.MECHANISM_NAME, false);
                }
                return AuthenticationMechanism.AuthenticationMechanismOutcome.AUTHENTICATED;
            }

            public AuthenticationMechanism.ChallengeResult sendChallenge(HttpServerExchange httpServerExchange, SecurityContext securityContext) {
                return new AuthenticationMechanism.ChallengeResult(false);
            }
        });
    }
}
