package org.n52.security.service.sso;

import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import org.n52.security.authentication.loginmodule.AbstractPasswordLoginModule;
import org.n52.security.authentication.loginmodule.Options;
import org.n52.security.common.subject.SubjectAttributeResolver;
import org.n52.security.common.subject.SubjectIdentifier;
import org.n52.security.support.net.client.HTTPClientFactory;
import org.n52.security.support.net.client.HTTPCode;
import org.n52.security.support.net.client.HTTPResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/n52/security/service/sso/SSOSessionIdLoginModule.class */
public class SSOSessionIdLoginModule extends AbstractPasswordLoginModule {
    private static final long serialVersionUID = 2087905303170084990L;
    private static final Logger LOG = LoggerFactory.getLogger(SSOSessionIdLoginModule.class);
    private HTTPClientFactory m_httpClientFactory;
    private String m_endpoint;
    private SSOSessionService m_ssoSessionService;
    private SubjectAttributeResolver m_subjectAttributeResolver;
    private String m_sessionId;

    protected boolean login(String str, char[] cArr) throws LoginException {
        LOG.debug("Requesting session ID for user <" + str + ">");
        this.m_sessionId = getSSOSessionId(str, cArr);
        try {
            resolveAttributes(this.m_ssoSessionService.getSession(this.m_sessionId));
            getSubject().getPublicCredentials().addAll(getPublicCredentials());
            getSharedState().put("org.n52.cacheEntryModifier", this.m_sessionId);
            return true;
        } catch (InvalidSessionIDException e) {
            LOG.warn("Resolution of previously successfully created session id (" + this.m_sessionId + ") failed", e);
            throw new FailedLoginException("The session id is invalid: " + e);
        }
    }

    private String getSSOSessionId(String str, char[] cArr) throws FailedLoginException {
        HTTPResponse start = this.m_httpClientFactory.create(this.m_endpoint).get().basicAuth(str, cArr).asString().start();
        if (!start.isError()) {
            return ((String) start.getContent()).trim();
        }
        if (start.getStatus() == HTTPCode.FORBIDDEN) {
            throw new FailedLoginException("Wrong credentials");
        }
        throw new FailedLoginException("Remote service connection failed: " + start.getError());
    }

    private void resolveAttributes(SSOSession sSOSession) {
        this.m_subjectAttributeResolver.resolve(getLocalSubject(), new SubjectIdentifier(sSOSession.getSubjectIdentifier()));
    }

    protected void clearAuthenticationState() throws LoginException {
        if (this.m_isLogout && this.m_sessionId != null) {
            this.m_ssoSessionService.invalidateSession(this.m_sessionId);
            this.m_sessionId = null;
        }
        this.m_subjectAttributeResolver = null;
        this.m_httpClientFactory = null;
    }

    protected void prepareCommitState() throws LoginException {
        addPrincipal(new SSOSessionIdPrincipal(this.m_sessionId));
        this.m_ssoSessionService.touchSession(this.m_sessionId);
    }

    protected void initialize() {
        Options options = getOptions();
        this.m_httpClientFactory = (HTTPClientFactory) options.getAs("httpClientFactory", HTTPClientFactory.class);
        this.m_ssoSessionService = (SSOSessionService) options.getAs("ssoSessionService", SSOSessionService.class);
        this.m_subjectAttributeResolver = (SubjectAttributeResolver) options.getAs("subjectAttributeResolver", SubjectAttributeResolver.class);
        this.m_endpoint = options.getAsString("endpoint", "");
        if (this.m_endpoint.isEmpty()) {
            throw new IllegalArgumentException("Login module has invalid configuration. Check the 'endpoint' property for a correct value.");
        }
    }

    protected String getDescription() {
        return getClass().getName();
    }
}
