package com.worklight.core.auth.impl;

import com.ibm.json.java.JSONObject;
import com.worklight.common.log.WorklightLogger;
import com.worklight.common.log.WorklightServerLogger;
import com.worklight.common.type.Environment;
import com.worklight.console.application.Services;
import com.worklight.core.auth.api.AuthenticationService;
import com.worklight.core.auth.api.ProtectedResource;
import com.worklight.core.auth.ext.Device;
import com.worklight.core.bundle.CoreServiceManager;
import com.worklight.core.util.RssBrokerUtils;
import com.worklight.gadgets.api.GadgetAPIRequestCoder;
import com.worklight.gadgets.resource.Resource;
import com.worklight.server.auth.api.AuthenticationResult;
import com.worklight.server.auth.api.AuthenticationStatus;
import com.worklight.server.auth.api.UserIdentity;
import com.worklight.server.auth.impl.WorkLightAuthenticationException;
import com.worklight.server.report.api.GadgetReportsService;
import java.io.IOException;
import java.text.MessageFormat;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.Stack;
import java.util.StringTokenizer;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpSessionBindingEvent;
import javax.servlet.http.HttpSessionBindingListener;
import org.mozilla.javascript.Scriptable;

/* loaded from: input_file:com/worklight/core/auth/impl/AuthenticationContext.class */
public class AuthenticationContext implements HttpSessionBindingListener {
    private static final String WL_AUTHENTICATION_FAILURE = "WL-Authentication-Failure";
    private static final String ERROR_UNAUTHENTICATED_REALM = "The resource ''{0}'' should only be accessed when authenticated in realm ''{1}''.";
    private static final String WL_AUTHENTICATION_CONTEXT_ATTRIBUTE = "wl-authentication-context";
    private final LoginConfigurationService loginConfigService;
    private HttpSession session;
    private String applicationId;
    private Map<String, LoginContext> loginContexts = new HashMap();
    private final Map<Class, AuthenticationContextPlugin> plugins = new HashMap();
    private static final JSONObject LOGIN_FAILED_MESSAGE = new JSONObject();
    private static final WorklightServerLogger logger = new WorklightServerLogger(AuthenticationContext.class, WorklightLogger.MessagesBundles.CORE);
    private static ThreadLocal<AuthenticationContext> currentContext = new ThreadLocal<>();
    private static ThreadLocal<Stack<ProtectedResource>> resourceStack = new ThreadLocal<>();
    private static ThreadLocal<HttpServletRequest> currentRequest = new ThreadLocal<>();
    private static ThreadLocal<HttpServletResponse> currentResponse = new ThreadLocal<>();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.worklight.core.auth.impl.AuthenticationContext$1, reason: invalid class name */
    /* loaded from: input_file:com/worklight/core/auth/impl/AuthenticationContext$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$worklight$server$auth$api$AuthenticationStatus = new int[AuthenticationStatus.values().length];

        static {
            try {
                $SwitchMap$com$worklight$server$auth$api$AuthenticationStatus[AuthenticationStatus.SUCCESS.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$worklight$server$auth$api$AuthenticationStatus[AuthenticationStatus.FAILURE.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$com$worklight$server$auth$api$AuthenticationStatus[AuthenticationStatus.CLIENT_INTERACTION_REQUIRED.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$com$worklight$server$auth$api$AuthenticationStatus[AuthenticationStatus.REQUEST_NOT_RECOGNIZED.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
        }
    }

    public String getApplicationId() {
        return this.applicationId;
    }

    public void setApplicationId(String str) {
        this.applicationId = str;
    }

    public static AuthenticationContext getOrCreateAuthenticationContext(HttpSession httpSession) {
        AuthenticationContext authenticationContext;
        AuthenticationServiceBean authenticationServiceBean = (AuthenticationServiceBean) RssBrokerUtils.getBeanFactory().getBean(AuthenticationService.BEAN_ID);
        if (httpSession != null) {
            authenticationContext = (AuthenticationContext) httpSession.getAttribute(WL_AUTHENTICATION_CONTEXT_ATTRIBUTE);
            if (authenticationContext == null) {
                authenticationContext = new AuthenticationContext(authenticationServiceBean.getLoginConfigurationService(), httpSession);
                httpSession.setAttribute(WL_AUTHENTICATION_CONTEXT_ATTRIBUTE, authenticationContext);
            }
        } else {
            authenticationContext = new AuthenticationContext(authenticationServiceBean.getLoginConfigurationService(), httpSession);
        }
        return authenticationContext;
    }

    private AuthenticationContext(LoginConfigurationService loginConfigurationService, HttpSession httpSession) {
        logger.debug("AuthenticationContext", "Create authentication context");
        this.loginConfigService = loginConfigurationService;
        this.session = httpSession;
        String str = null;
        Iterator<String> it = loginConfigurationService.getRealmKeys().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            String next = it.next();
            if (next.startsWith("facebook.")) {
                str = next;
                break;
            }
        }
        if (str != null) {
            String loginModuleName = loginConfigurationService.getLoginModuleName(str);
            HashMap hashMap = new HashMap();
            hashMap.put("wl.auth.standby", "");
            this.loginContexts.put(loginModuleName, loginConfigurationService.createLoginContext(str, hashMap));
            logger.debug("AuthenticationContext", "Added facebook login context for the realm " + str + " to the new authentication context.");
        }
    }

    public void valueBound(HttpSessionBindingEvent httpSessionBindingEvent) {
    }

    public void valueUnbound(HttpSessionBindingEvent httpSessionBindingEvent) {
        logger.debug("valueUnbound", "Destroy authentication context");
        for (LoginContext loginContext : this.loginContexts.values()) {
            try {
                loginContext.logout();
            } catch (Throwable th) {
                logger.error(th, "valueUnbound", "logger.logoutFailed", new Object[]{loginContext.getLoginModuleName()});
            }
        }
        this.loginContexts.clear();
        this.loginContexts = null;
        for (AuthenticationContextPlugin authenticationContextPlugin : this.plugins.values()) {
            try {
                authenticationContextPlugin.destroy();
            } catch (Throwable th2) {
                logger.error(th2, "valueUnbound", "logger.destroyOfPluginType", new Object[]{authenticationContextPlugin.getClass().getName()});
            }
        }
        this.plugins.clear();
    }

    public void destroy() {
        if (this.session != null) {
            this.session.removeAttribute(WL_AUTHENTICATION_CONTEXT_ATTRIBUTE);
        } else {
            valueUnbound(null);
        }
    }

    public static void setThreadContext(AuthenticationContext authenticationContext) {
        currentContext.set(authenticationContext);
        if (resourceStack.get() == null) {
            resourceStack.set(new Stack<>());
        }
    }

    public static void setInvocationThreadContext(AuthenticationContext authenticationContext, ProtectedResource protectedResource, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        setThreadContext(authenticationContext);
        resourceStack.get().push(protectedResource);
        currentRequest.set(httpServletRequest);
        currentResponse.set(httpServletResponse);
    }

    public static void clearThreadContext() {
        currentContext.remove();
        resourceStack.remove();
        currentRequest.remove();
        currentResponse.remove();
    }

    public static AuthenticationContext getCurrentContext() {
        return currentContext.get();
    }

    public static HttpServletRequest getCurrentRequest() {
        return currentRequest.get();
    }

    public static HttpServletResponse getCurrentResponse() {
        return currentResponse.get();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public synchronized AuthenticationResult processRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        AuthenticationResult createFrom;
        currentRequest.set(httpServletRequest);
        currentResponse.set(httpServletResponse);
        JSONObject jSONObject = new JSONObject();
        Iterator<Map.Entry<String, LoginContext>> it = this.loginContexts.entrySet().iterator();
        while (it.hasNext()) {
            Map.Entry<String, LoginContext> next = it.next();
            String key = next.getKey();
            LoginContext value = next.getValue();
            if (!canUseSso(key) || Services.getAuthService().getSsoDao().getLoginContext(getSsoDeviceIdentity(key), key) != null || !value.isLoginSuccessfull()) {
                AuthenticationResult processRequest = value.processRequest(httpServletRequest, httpServletResponse, false);
                JSONObject json = processRequest.getJson();
                switch (AnonymousClass1.$SwitchMap$com$worklight$server$auth$api$AuthenticationStatus[processRequest.getStatus().ordinal()]) {
                    case 1:
                        logger.debug("processRequest", MessageFormat.format("Authentication succeeded: realm: {0}", key));
                        saveOrUpdateSsoLoginContext(key, value);
                        if (!value.handleCustomLoginOnSuccess(httpServletRequest, httpServletResponse)) {
                            break;
                        } else {
                            logLoginActivity(httpServletRequest, false, false);
                            throw new WorkLightAuthenticationException();
                        }
                    case 2:
                        this.loginContexts.remove(key);
                        logger.debug("processRequest", MessageFormat.format("Authentication failed: realm: {0}", key));
                        JSONObject jSONObject2 = new JSONObject();
                        jSONObject2.put(value.getRealmName(), json == null ? LOGIN_FAILED_MESSAGE : json);
                        JSONObject jSONObject3 = new JSONObject();
                        jSONObject3.put(WL_AUTHENTICATION_FAILURE, jSONObject2);
                        processRequest.setJson(jSONObject3);
                        return processRequest;
                    case 3:
                        logger.debug("processRequest", "Client interaction required, return the response to the client.");
                        AuthenticationResult createFrom2 = AuthenticationResult.createFrom(AuthenticationStatus.CLIENT_INTERACTION_REQUIRED);
                        if (json != null) {
                            value.addChallengeToComposite(json, jSONObject);
                            break;
                        } else {
                            return createFrom2;
                        }
                }
            } else {
                it.remove();
            }
        }
        if (jSONObject.isEmpty()) {
            createFrom = AuthenticationResult.createFrom(AuthenticationStatus.SUCCESS);
        } else {
            createFrom = AuthenticationResult.createFrom(AuthenticationStatus.CLIENT_INTERACTION_REQUIRED);
            JSONObject jSONObject4 = new JSONObject();
            jSONObject4.put("challenges", jSONObject);
            createFrom.setJson(jSONObject4);
        }
        return createFrom;
    }

    private void saveOrUpdateSsoLoginContext(String str, LoginContext loginContext) {
        if (canUseSso(str)) {
            Services.getAuthService().getSsoDao().saveOrUpdateLoginContext(getSsoDeviceIdentity(str), loginContext);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void addIdentitiesToResponse(HttpServletRequest httpServletRequest, JSONObject jSONObject, ProtectedResource protectedResource) {
        Iterator<LoginContext> it = this.loginContexts.values().iterator();
        while (it.hasNext()) {
            it.next().addIdentityToJSONResponse(httpServletRequest, jSONObject, protectedResource);
        }
    }

    private void logLoginActivity(HttpServletRequest httpServletRequest, boolean z, boolean z2) {
        String str;
        Environment environment;
        String pathInfo = httpServletRequest.getPathInfo();
        if (pathInfo == null || !pathInfo.contains(Resource.FILE_SEPARATOR)) {
            str = "UNKNOWN";
            environment = Environment.COMMON;
        } else {
            StringTokenizer stringTokenizer = new StringTokenizer(pathInfo, Resource.FILE_SEPARATOR);
            if (stringTokenizer.countTokens() >= 2) {
                str = stringTokenizer.nextToken();
                environment = Environment.get(stringTokenizer.nextToken());
            } else {
                str = "UNKNOWN";
                environment = Environment.COMMON;
            }
        }
        GadgetReportsService gadgetsReportService = CoreServiceManager.getGadgetsReportService();
        if (gadgetsReportService != null) {
            String header = httpServletRequest.getHeader("x-wl-app-version");
            if (header == null) {
                header = "-1";
            }
            String remoteAddr = httpServletRequest.getRemoteAddr();
            String header2 = httpServletRequest.getHeader("user-agent");
            Device device = null;
            if (z2) {
                device = MobileClientData.getContextDevice();
            }
            gadgetsReportService.logGadgetActivity(str, header, environment.getId(), z ? "login-sso" : GadgetAPIRequestCoder.REQ_PATH_LOGIN, (String) null, (String) null, (String) null, header2, httpServletRequest.getSession().getId(), remoteAddr, device == null ? null : device.getId(), device == null ? null : device.getOs(), device == null ? null : device.getModel());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void pushCurrentResource(ProtectedResource protectedResource) {
        resourceStack.get().push(protectedResource);
        if (protectedResource == null) {
            return;
        }
        JSONObject processRealms = processRealms(protectedResource);
        if (processRealms.isEmpty()) {
            return;
        }
        AuthenticationResult createFrom = AuthenticationResult.createFrom(AuthenticationStatus.CLIENT_INTERACTION_REQUIRED);
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("challenges", processRealms);
        createFrom.setJson(jSONObject);
        throw new WorkLightAuthenticationException(createFrom);
    }

    private JSONObject processRealms(ProtectedResource protectedResource) {
        List<SecurityTestArray> securitySteps = protectedResource.getSecuritySteps();
        JSONObject jSONObject = new JSONObject();
        int i = 1;
        Iterator<SecurityTestArray> it = securitySteps.iterator();
        while (it.hasNext()) {
            boolean z = true;
            Iterator<SecurityEntry> it2 = it.next().iterator();
            while (it2.hasNext()) {
                SecurityEntry next = it2.next();
                String name = next.getName();
                logger.debug("processRealms", "Autheticating realm: " + name + " with step:" + i + " for resource: " + protectedResource.getResourceId());
                if (!checkAuthentication(name, jSONObject, protectedResource.getUserRealm() == next).isLoginSuccessfull()) {
                    z = false;
                }
            }
            if (!z) {
                break;
            }
            i++;
        }
        return jSONObject;
    }

    private void sendError(int i, String str) {
        try {
            currentResponse.get().sendError(i, str);
            throw new WorkLightAuthenticationException();
        } catch (IOException e) {
            throw new RuntimeException("Failed sending error code to the client.", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void popCurrentResource() {
        if (resourceStack == null || resourceStack.get() == null) {
            return;
        }
        resourceStack.get().pop();
    }

    public static ProtectedResource getCurrentResource() {
        return resourceStack.get().peek();
    }

    private synchronized LoginContext checkAuthentication(String str, JSONObject jSONObject, boolean z) {
        LoginContext loginContext;
        String str2 = null;
        try {
            str2 = this.loginConfigService.getLoginModuleName(str);
        } catch (Exception e) {
            logger.errorNoExternalization("checkAuthentication", e.getLocalizedMessage());
            sendError(403, e.getMessage());
        }
        LoginContext loginContext2 = this.loginContexts.get(str2);
        HttpServletRequest httpServletRequest = currentRequest.get();
        if (httpServletRequest == null) {
            ProtectedResource peek = resourceStack.get().peek();
            throw new RuntimeException(peek == null ? "Attempt to authenticate in asynchronous context." : MessageFormat.format(ERROR_UNAUTHENTICATED_REALM, peek.getResourceId(), str));
        }
        HttpServletResponse httpServletResponse = currentResponse.get();
        if (z && canUseSso(str2)) {
            loginContext = Services.getAuthService().getSsoDao().getLoginContext(getSsoDeviceIdentity(str2), str2);
            if (loginContext2 != null && loginContext == null) {
                removeLoginContext(loginContext2);
                loginContext2 = null;
            }
        } else {
            loginContext = null;
        }
        if (loginContext2 == null) {
            if (z && canUseSso(str2) && loginContext != null) {
                this.loginContexts.put(str2, loginContext);
                logLoginActivity(httpServletRequest, true, true);
                return loginContext;
            }
            loginContext2 = this.loginConfigService.createLoginContext(str, null);
            logger.debug("checkAuthentication", "Start the authentication for realm " + str);
            this.loginContexts.put(str2, loginContext2);
        }
        AuthenticationResult processRequest = loginContext2.processRequest(httpServletRequest, httpServletResponse, true);
        switch (AnonymousClass1.$SwitchMap$com$worklight$server$auth$api$AuthenticationStatus[processRequest.getStatus().ordinal()]) {
            case 1:
                if (z) {
                    logLoginActivity(httpServletRequest, false, true);
                    saveOrUpdateSsoLoginContext(str2, loginContext);
                    break;
                }
                break;
            case 2:
                this.loginContexts.remove(str2);
                logger.debug("checkAuthentication", "Authentication failed without client interaction.");
                JSONObject jSONObject2 = new JSONObject();
                jSONObject2.put(str, processRequest.getJson() == null ? LOGIN_FAILED_MESSAGE : processRequest.getJson());
                JSONObject jSONObject3 = new JSONObject();
                jSONObject3.put(WL_AUTHENTICATION_FAILURE, jSONObject2);
                processRequest.setJson(jSONObject3);
                throw new WorkLightAuthenticationException(processRequest);
            case 3:
                logger.debug("checkAuthentication", "Client interaction required.");
                if (jSONObject != null && processRequest.getJson() != null) {
                    loginContext2.addChallengeToComposite(processRequest.getJson(), jSONObject);
                    break;
                } else {
                    throw new WorkLightAuthenticationException(processRequest);
                }
            case 4:
                if (!loginContext2.isLoginSuccessfull()) {
                    throw new IllegalStateException("realm " + str + " is not allowed to ignore request to a protected resouce in a non-success state");
                }
                break;
            default:
                throw new IllegalStateException("Login context has returned result " + processRequest + ". It is not expected on this phase.");
        }
        return loginContext2;
    }

    private boolean canUseSso(String str) {
        return getSsoDeviceIdentity(str) != null;
    }

    private UserIdentity getSsoDeviceIdentity(String str) {
        String deviceLoginModuleForSso = this.loginConfigService.getDeviceLoginModuleForSso(str);
        if (deviceLoginModuleForSso != null) {
            return getIdentityForLoginModule(deviceLoginModuleForSso);
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public UserIdentity getUserIdentityForCurrentResource() {
        ProtectedResource peek = resourceStack.get().peek();
        SecurityEntry userRealm = peek == null ? null : peek.getUserRealm();
        String name = userRealm == null ? null : userRealm.getName();
        if (name == null) {
            return null;
        }
        UserIdentity identityForRealm = getIdentityForRealm(name);
        if (identityForRealm == null) {
            throw new IllegalStateException("A bug: environment identity is null or not proven for realm " + name);
        }
        return identityForRealm;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public UserIdentity getIdentityForRealm(String str) {
        String loginModuleName = this.loginConfigService.getLoginModuleName(str);
        if (loginModuleName == null) {
            throw new IllegalArgumentException("The realm '" + str + "' not defined in the authentication configuration.");
        }
        return getIdentityForLoginModule(loginModuleName);
    }

    private UserIdentity getIdentityForLoginModule(String str) {
        LoginContext loginContext = this.loginContexts.get(str);
        if (loginContext == null || !loginContext.isLoginSuccessfull()) {
            return null;
        }
        return loginContext.getIdentity();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Map<String, UserIdentity> getAllIdentities() {
        HashMap hashMap = new HashMap();
        for (String str : this.loginConfigService.getRealmKeys()) {
            hashMap.put(str, getIdentityForRealm(str));
        }
        return hashMap;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void login(String str) {
        checkAuthentication(str, null, false);
    }

    public void logout() {
        ProtectedResource peek = resourceStack.get().peek();
        String name = peek == null ? null : peek.getUserRealm().getName();
        if (name == null) {
            logger.debug(GadgetAPIRequestCoder.REQ_PATH_LOGOUT, "logout request ignored because no resource realm defined for the resource.");
        } else {
            logout(name);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void logout(String str) {
        removeLoginModule(this.loginConfigService.getLoginModuleName(str), true);
    }

    public void logoutAll() {
        Set<String> keySet = this.loginContexts.keySet();
        for (String str : (String[]) keySet.toArray(new String[keySet.size()])) {
            removeLoginModule(str, true);
        }
    }

    public JSONObject setUserIdentity(String str, Scriptable scriptable) {
        JSONObject jSONObject = new JSONObject();
        String loginModuleName = this.loginConfigService.getLoginModuleName(str);
        if (loginModuleName == null) {
            throw new IllegalArgumentException("Realm '" + str + "' not defined in the authentication configuration.");
        }
        LoginContext loginContext = this.loginContexts.get(loginModuleName);
        if (scriptable == null) {
            logger.debug("setUserIdentity", "Logout current user from realm " + str);
            if (loginContext != null) {
                if (loginContext.isLoginSuccessfull()) {
                    removeLoginModule(loginModuleName, true);
                } else {
                    removeLoginContext(loginContext);
                }
            }
        } else {
            if (loginContext != null && loginContext.isLoginSuccessfull()) {
                throw new IllegalStateException("Cannot change identity of an already logged in user in realm '" + str + "'. The application must logout first.");
            }
            if (loginContext == null) {
                loginContext = this.loginConfigService.createLoginContext(str, null);
                this.loginContexts.put(loginModuleName, loginContext);
            }
            if (!scriptable.has("isUserAuthenticated", scriptable)) {
                scriptable.put("isUserAuthenticated", scriptable, 1);
            }
            HashMap hashMap = new HashMap();
            hashMap.put("jsIdentity", scriptable);
            AuthenticationResult authenticationData = loginContext.setAuthenticationData(hashMap, currentRequest.get(), currentResponse.get());
            logger.debug("setUserIdentity", "Setting JS user identity for realm '" + str + "': " + authenticationData);
            if (authenticationData.getStatus() != AuthenticationStatus.SUCCESS) {
                throw new WorkLightAuthenticationException();
            }
            saveOrUpdateSsoLoginContext(loginModuleName, loginContext);
        }
        return jSONObject;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public synchronized void removeLoginModule(String str, boolean z) {
        LoginContext remove = this.loginContexts.remove(str);
        if (remove != null) {
            remove.logout();
        }
        if (z && canUseSso(str)) {
            Services.getAuthService().getSsoDao().deleteLoginContext(getSsoDeviceIdentity(str), str);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public synchronized void addLoginContext(LoginContext loginContext) {
        if (loginContext == null || !loginContext.isLoginSuccessfull()) {
            throw new IllegalArgumentException("the login context is either null or not finished.");
        }
        String loginModuleName = loginContext.getLoginModuleName();
        if (this.loginContexts.get(loginModuleName) != null) {
            throw new IllegalStateException("Attempt to replace login context for loginModule " + loginModuleName);
        }
        this.loginContexts.put(loginModuleName, loginContext);
    }

    synchronized void removeLoginContext(LoginContext loginContext) {
        String str = null;
        Iterator<Map.Entry<String, LoginContext>> it = this.loginContexts.entrySet().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Map.Entry<String, LoginContext> next = it.next();
            if (next.getValue() == loginContext) {
                str = next.getKey();
                break;
            }
        }
        if (str == null) {
            throw new IllegalStateException("Login context not found in the authentication context.");
        }
        this.loginContexts.remove(str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public <T extends AuthenticationContextPlugin> T getContextPlugin(Class<T> cls) {
        T cast;
        synchronized (this.plugins) {
            AuthenticationContextPlugin authenticationContextPlugin = this.plugins.get(cls);
            if (authenticationContextPlugin == null) {
                try {
                    authenticationContextPlugin = cls.newInstance();
                    authenticationContextPlugin.setAuthenticationContext(this);
                    this.plugins.put(cls, authenticationContextPlugin);
                } catch (Exception e) {
                    throw new RuntimeException(e);
                }
            }
            cast = cls.cast(authenticationContextPlugin);
        }
        return cast;
    }

    static {
        LOGIN_FAILED_MESSAGE.put("reason", "Login Failed");
    }
}
