package org.apache.cxf.fediz.jetty9;

import java.util.Collections;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import javax.security.auth.Subject;
import javax.servlet.ServletRequest;
import org.apache.cxf.fediz.core.FedizPrincipal;
import org.apache.cxf.fediz.core.config.FedizContext;
import org.apache.cxf.fediz.core.exception.ProcessingException;
import org.apache.cxf.fediz.core.processor.FedizProcessorFactory;
import org.apache.cxf.fediz.core.processor.FedizRequest;
import org.apache.cxf.fediz.core.processor.FedizResponse;
import org.eclipse.jetty.security.IdentityService;
import org.eclipse.jetty.security.LoginService;
import org.eclipse.jetty.server.UserIdentity;
import org.eclipse.jetty.util.component.AbstractLifeCycle;
import org.eclipse.jetty.util.log.Log;
import org.eclipse.jetty.util.log.Logger;

/* loaded from: input_file:org/apache/cxf/fediz/jetty9/FederationLoginService.class */
public class FederationLoginService extends AbstractLifeCycle implements LoginService {
    private static final Logger LOG = Log.getLogger(FederationLoginService.class);
    protected IdentityService identityService = new FederationIdentityService();
    protected String name;

    public FederationLoginService() {
    }

    public FederationLoginService(String str) {
        this.name = str;
    }

    public String getName() {
        return this.name;
    }

    public void setName(String str) {
        if (isRunning()) {
            throw new IllegalStateException("Running");
        }
        this.name = str;
    }

    protected void doStart() throws Exception {
        LOG.debug("doStart", new Object[0]);
        super.doStart();
    }

    public UserIdentity login(String str, Object obj, FedizContext fedizContext) {
        try {
            FedizRequest fedizRequest = (FedizRequest) obj;
            if (LOG.isDebugEnabled()) {
                LOG.debug("Process SignIn request", new Object[0]);
                LOG.debug("token=\n" + fedizRequest.getResponseToken(), new Object[0]);
            }
            try {
                FedizResponse processRequest = FedizProcessorFactory.newFedizProcessor(fedizContext.getProtocol()).processRequest(fedizRequest, fedizContext);
                if (processRequest.getAudience() != null) {
                    boolean z = false;
                    Iterator it = fedizContext.getAudienceUris().iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        if (processRequest.getAudience().startsWith((String) it.next())) {
                            z = true;
                            break;
                        }
                    }
                    if (!z) {
                        LOG.warn("Token AudienceRestriction [" + processRequest.getAudience() + "] doesn't match with specified list of URIs.", new Object[0]);
                        return null;
                    }
                }
                List roles = processRequest.getRoles();
                if (roles == null || roles.size() == 0) {
                    roles = Collections.singletonList("Authenticated");
                }
                FedizPrincipal federationUserPrincipal = new FederationUserPrincipal(processRequest.getUsername(), processRequest);
                Subject subject = new Subject();
                subject.getPrincipals().add(federationUserPrincipal);
                String[] strArr = new String[roles.size()];
                roles.toArray(strArr);
                return this.identityService.newUserIdentity(subject, federationUserPrincipal, strArr);
            } catch (ProcessingException e) {
                LOG.warn("Federation processing failed: " + e.getMessage(), new Object[0]);
                return null;
            }
        } catch (Exception e2) {
            LOG.warn(e2);
            return null;
        }
    }

    public boolean validate(UserIdentity userIdentity) {
        try {
            return ((FederationUserIdentity) userIdentity).getExpiryDate().after(new Date());
        } catch (ClassCastException e) {
            LOG.warn("UserIdentity must be instance of FederationUserIdentity", new Object[0]);
            throw new IllegalStateException("UserIdentity must be instance of FederationUserIdentity");
        }
    }

    public IdentityService getIdentityService() {
        return this.identityService;
    }

    public void setIdentityService(IdentityService identityService) {
        this.identityService = identityService;
    }

    public void logout(UserIdentity userIdentity) {
    }

    public UserIdentity login(String str, Object obj, ServletRequest servletRequest) {
        return null;
    }
}
