package org.eclipse.scout.jaxws.security;

import java.security.AccessController;
import javax.security.auth.Subject;
import javax.xml.ws.WebServiceException;
import org.eclipse.scout.commons.StringUtility;
import org.eclipse.scout.commons.logger.IScoutLogger;
import org.eclipse.scout.commons.logger.ScoutLogManager;
import org.eclipse.scout.commons.security.SimplePrincipal;
import org.eclipse.scout.jaxws.security.provider.ICredentialValidationStrategy;

/* loaded from: input_file:org/eclipse/scout/jaxws/security/Authenticator.class */
public class Authenticator {
    private static final IScoutLogger LOG = ScoutLogManager.getLogger(Authenticator.class);

    public static boolean isSubjectAuthenticated() {
        Subject subject = Subject.getSubject(AccessController.getContext());
        return subject != null && subject.getPrincipals().size() > 0;
    }

    public static boolean authenticateRequest(ICredentialValidationStrategy iCredentialValidationStrategy, String str, String str2) {
        Subject subject = Subject.getSubject(AccessController.getContext());
        if (subject == null) {
            throw new WebServiceException("Webservice request was blocked due to security reasons: request must run on behalf of a subject context.");
        }
        if (subject.getPrincipals().size() > 0) {
            return true;
        }
        if (subject.isReadOnly()) {
            throw new WebServiceException("Unexpected. Authenticated principal cannot be added to subject as it is readonly.");
        }
        if (iCredentialValidationStrategy == null) {
            LOG.warn("No credential validation strategy configured.");
            return false;
        }
        if (!StringUtility.hasText(str) || !StringUtility.hasText(str2)) {
            return false;
        }
        try {
            if (!iCredentialValidationStrategy.isValidUser(str, str2)) {
                return false;
            }
            subject.getPrincipals().add(new SimplePrincipal(str));
            subject.setReadOnly();
            return true;
        } catch (Exception e) {
            LOG.error("user credential validation failed", e);
            return false;
        }
    }
}
