package org.n52.security.service.sso;

import javax.security.auth.callback.Callback;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import org.n52.security.authentication.IP4AddressCredential;
import org.n52.security.authentication.callbacks.CredentialCallback;
import org.n52.security.authentication.loginmodule.AbstractLoginModule;
import org.n52.security.common.subject.SubjectAttributeResolver;
import org.n52.security.common.subject.SubjectIdentifier;

/* loaded from: input_file:org/n52/security/service/sso/DomainCookieLoginModule.class */
public class DomainCookieLoginModule extends AbstractLoginModule {
    private static final long serialVersionUID = 8001622820402636731L;
    private SSOSessionService m_ssoSessionService;
    private SubjectAttributeResolver m_subjectAttributeResolver;
    private String m_sessionId;
    private DomainCookieCredential m_cookieCredential;

    protected boolean performLogin() throws LoginException {
        CredentialCallback credentialCallback = new CredentialCallback(DomainCookieCredential.class);
        CredentialCallback credentialCallback2 = new CredentialCallback(IP4AddressCredential.class);
        handleCallbacks(new Callback[]{credentialCallback, credentialCallback2});
        IP4AddressCredential credential = credentialCallback2.getCredential();
        DomainCookieCredential domainCookieCredential = (DomainCookieCredential) credentialCallback.getCredential();
        if (domainCookieCredential == null) {
            return false;
        }
        DomainCookie domainCookie = domainCookieCredential.getDomainCookie();
        try {
            SSOSession session = this.m_ssoSessionService.getSession(domainCookie.getSessionId());
            if (!domainCookie.isValid(session.getSessionSecret(), credential == null ? "" : credential.getIPAddress())) {
                throw new FailedLoginException("The session cookie is invalid.");
            }
            this.m_cookieCredential = domainCookieCredential;
            this.m_sessionId = session.getSessionId();
            resolveAttributes(session);
            getSubject().getPublicCredentials().addAll(getPublicCredentials());
            getSharedState().put("org.n52.cacheEntryModifier", this.m_sessionId);
            return true;
        } catch (InvalidSessionIDException e) {
            throw new FailedLoginException("The session cookie is invalid.");
        }
    }

    private void resolveAttributes(SSOSession sSOSession) {
        this.m_subjectAttributeResolver.resolve(getLocalSubject(), new SubjectIdentifier(sSOSession.getSubjectIdentifier()));
    }

    protected void clearAuthenticationState() throws LoginException {
        if (this.m_isLogout && this.m_sessionId != null) {
            this.m_ssoSessionService.invalidateSession(this.m_sessionId);
            this.m_sessionId = null;
        }
        this.m_subjectAttributeResolver = null;
        this.m_cookieCredential = null;
    }

    protected void prepareCommitState() throws LoginException {
        addPublicCredential(this.m_cookieCredential);
        addPrincipal(new SSOSessionIdPrincipal(this.m_sessionId));
        this.m_ssoSessionService.touchSession(this.m_sessionId);
    }

    protected void initialize() {
        this.m_ssoSessionService = (SSOSessionService) getOptions().getAs("ssoSessionService", SSOSessionService.class);
        this.m_subjectAttributeResolver = (SubjectAttributeResolver) getOptions().getAs("subjectAttributeResolver", SubjectAttributeResolver.class);
    }

    protected String getDescription() {
        return new StringBuilder(150).append("The authentication is performed through the '").append(DomainCookieLoginModule.class.getName()).append("' login module. It requires a domain cookie.").toString();
    }
}
