package org.n52.security.service.authentication.token;

import java.security.Principal;
import java.util.Iterator;
import javax.security.auth.callback.Callback;
import javax.security.auth.login.CredentialExpiredException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.n52.security.authentication.callbacks.CredentialCallback;
import org.n52.security.authentication.loginmodule.AbstractLoginModule;
import org.n52.security.common.crypto.KeyPair;

/* loaded from: input_file:org/n52/security/service/authentication/token/TokenLoginModule.class */
public class TokenLoginModule extends AbstractLoginModule {
    private static final long serialVersionUID = 2438533501978875997L;
    private static final Log LOG;
    private KeyPair m_tokenValidationKeypair;
    private Token m_token;
    static Class class$org$n52$security$service$authentication$token$TokenLoginModule;
    static Class class$org$n52$security$service$authentication$token$TokenCredential;

    protected boolean performLogin() throws LoginException {
        Class cls;
        if (class$org$n52$security$service$authentication$token$TokenCredential == null) {
            cls = class$("org.n52.security.service.authentication.token.TokenCredential");
            class$org$n52$security$service$authentication$token$TokenCredential = cls;
        } else {
            cls = class$org$n52$security$service$authentication$token$TokenCredential;
        }
        CredentialCallback credentialCallback = new CredentialCallback(cls);
        handleCallbacks(new Callback[]{credentialCallback});
        TokenCredential tokenCredential = (TokenCredential) credentialCallback.getCredential();
        if (tokenCredential == null) {
            if (!LOG.isInfoEnabled()) {
                return false;
            }
            LOG.info(new StringBuffer().append("No credentials for module <").append(getClass().getName()).append("> available, skip login.").toString());
            return false;
        }
        Token token = tokenCredential.getToken();
        if (!token.signatureValid(this.m_tokenValidationKeypair.getPublicKey())) {
            throw new FailedLoginException("Token signature could not be verfified");
        }
        if (token.expired()) {
            throw new CredentialExpiredException("Token expired");
        }
        this.m_token = token;
        return true;
    }

    protected void clearAuthenticationState() throws LoginException {
        this.m_token = null;
    }

    protected void prepareCommitState() throws LoginException {
        Iterator<Principal> it = this.m_token.toSubject().getPrincipals().iterator();
        while (it.hasNext()) {
            addPrincipal(it.next());
        }
    }

    protected void initialize() {
        this.m_tokenValidationKeypair = (KeyPair) getOptions().get("tokenValidationKeypair");
    }

    protected String getDescription() {
        return "TokenLoginModule";
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$org$n52$security$service$authentication$token$TokenLoginModule == null) {
            cls = class$("org.n52.security.service.authentication.token.TokenLoginModule");
            class$org$n52$security$service$authentication$token$TokenLoginModule = cls;
        } else {
            cls = class$org$n52$security$service$authentication$token$TokenLoginModule;
        }
        LOG = LogFactory.getLog(cls);
    }
}
