package org.n52.security.extensions.service.common.loginmodule;

import java.io.InputStream;
import java.net.URL;
import java.security.KeyStore;
import java.security.Principal;
import java.security.cert.Certificate;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.apache.log4j.Logger;
import org.n52.security.common.authentication.Credential;
import org.n52.security.common.authentication.SAMLCredential;
import org.n52.security.common.authentication.SAMLTicket;
import org.n52.security.util.StringUtils;
import org.opensaml.SAMLException;

/* loaded from: input_file:org/n52/security/extensions/service/common/loginmodule/SAMLTicketLoginModule.class */
public class SAMLTicketLoginModule implements LoginModule {
    private Subject subject;
    private CallbackHandler callbackHandler;
    private Map sharedState;
    private Map options;
    private Set principals;
    private static Logger sLogger;
    static Class class$org$n52$security$extensions$service$common$loginmodule$SAMLTicketLoginModule;
    private boolean debug = false;
    private Certificate mCert = null;
    private long mTimeoutTolerance = 0;

    public boolean abort() throws LoginException {
        this.subject = null;
        this.callbackHandler = null;
        this.sharedState = null;
        this.options = null;
        this.debug = false;
        this.principals.clear();
        return true;
    }

    public boolean commit() throws LoginException {
        this.subject.getPrincipals().addAll(this.principals);
        return true;
    }

    public boolean login() throws LoginException {
        SAMLCredential sAMLCredential = (Credential) this.subject.getPublicCredentials().iterator().next();
        if (!(sAMLCredential instanceof SAMLCredential)) {
            sLogger.warn(new StringBuffer().append("Cannot evaluate credentials of type ").append(sAMLCredential.getClass().getName()).toString());
            throw new LoginException("Authentication failed. Request did not contain a SAML response.");
        }
        try {
            SAMLTicket sAMLTicket = new SAMLTicket(StringUtils.decodeBase64(sAMLCredential.getSAMLTicket()));
            if (this.mCert != null) {
                sAMLTicket.verify(this.mCert);
            } else {
                sAMLTicket.verify();
            }
            if (sAMLTicket.isExpired(this.mTimeoutTolerance)) {
                throw new SAMLException("Ticket expired");
            }
            this.principals.addAll(sAMLTicket.asSubject().getPrincipals());
            return true;
        } catch (SAMLException e) {
            sLogger.error(e.getMessage(), e);
            throw new LoginException(new StringBuffer().append("Invalid Service Response. Authentication failed. Reason ").append(e.getMessage()).toString());
        }
    }

    public boolean logout() throws LoginException {
        Iterator<Principal> it = this.subject.getPrincipals().iterator();
        while (it.hasNext()) {
            this.subject.getPrincipals().remove(it.next());
        }
        return true;
    }

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        this.subject = subject;
        this.callbackHandler = callbackHandler;
        this.sharedState = map;
        this.options = map2;
        this.principals = new HashSet(8);
        this.debug = "true".equalsIgnoreCase((String) map2.get("debug"));
        String str = (String) map2.get("configfile.path");
        String str2 = str == null ? "" : str;
        this.mTimeoutTolerance = getConfigValue((String) map2.get("was.ticket.timeout.tolerance"), 0L) * 1000;
        try {
            if (this.mCert == null) {
                String str3 = (String) map2.get("was.cert.keystore.path");
                if (str3 == null) {
                    str3 = (String) map2.get("was.cert.keysore.path");
                }
                URL resource = (str3 == null || str3.equals("")) ? getClass().getResource(new StringBuffer().append(str2).append("/.keystore").toString()) : new URL(str3);
                String str4 = (String) map2.get("was.cert.keystore.password");
                if (str4 == null) {
                    str4 = (String) map2.get("was.cert.keysore.password");
                }
                String configValue = getConfigValue(str4, "52nwas");
                String configValue2 = getConfigValue((String) map2.get("was.cert.alias"), "was");
                this.mCert = null;
                KeyStore keyStore = KeyStore.getInstance("JKS");
                InputStream openStream = resource.openStream();
                if (openStream == null) {
                    sLogger.warn(new StringBuffer().append("No WAS certificate store could be found for ").append(map2.get("was.name")).append(". WSS will validate SAML responses by only using the self-contained certificate.").toString());
                } else {
                    keyStore.load(openStream, configValue.toCharArray());
                    this.mCert = keyStore.getCertificate(configValue2);
                }
            }
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private String getConfigValue(String str, String str2) {
        return (str == null || str.equals("")) ? str2 : str;
    }

    private long getConfigValue(String str, long j) {
        if (str == null || str.equals("")) {
            return j;
        }
        try {
            return Long.parseLong(str);
        } catch (NumberFormatException e) {
            sLogger.warn(new StringBuffer().append("Could not convert config value '").append(str).append("' to LONG. Seeting to default value: ").append(j).toString());
            return j;
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$org$n52$security$extensions$service$common$loginmodule$SAMLTicketLoginModule == null) {
            cls = class$("org.n52.security.extensions.service.common.loginmodule.SAMLTicketLoginModule");
            class$org$n52$security$extensions$service$common$loginmodule$SAMLTicketLoginModule = cls;
        } else {
            cls = class$org$n52$security$extensions$service$common$loginmodule$SAMLTicketLoginModule;
        }
        sLogger = Logger.getLogger(cls);
    }
}
