package org.apache.jackrabbit.oak.security.authentication.token;

import java.util.Date;
import javax.annotation.Nonnull;
import javax.jcr.Credentials;
import javax.security.auth.login.LoginException;
import org.apache.jackrabbit.api.security.authentication.token.TokenCredentials;
import org.apache.jackrabbit.oak.spi.security.authentication.Authentication;
import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenInfo;
import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/oak-core-1.0.39.jar:org/apache/jackrabbit/oak/security/authentication/token/TokenAuthentication.class
 */
/* loaded from: input_file:WEB-INF/lib/oak-upgrade-1.0.39.jar:org/apache/jackrabbit/oak/security/authentication/token/TokenAuthentication.class */
class TokenAuthentication implements Authentication {
    private static final Logger log = LoggerFactory.getLogger(TokenAuthentication.class);
    private final TokenProvider tokenProvider;
    private TokenInfo tokenInfo;

    /* JADX INFO: Access modifiers changed from: package-private */
    public TokenAuthentication(TokenProvider tokenProvider) {
        this.tokenProvider = tokenProvider;
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authentication.Authentication
    public boolean authenticate(Credentials credentials) throws LoginException {
        if (this.tokenProvider == null || !(credentials instanceof TokenCredentials)) {
            return false;
        }
        if (validateCredentials((TokenCredentials) credentials)) {
            return true;
        }
        throw new LoginException("Invalid token credentials.");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Nonnull
    public TokenInfo getTokenInfo() {
        if (this.tokenInfo == null) {
            throw new IllegalStateException("Token info can only be retrieved after successful authentication.");
        }
        return this.tokenInfo;
    }

    private boolean validateCredentials(TokenCredentials tokenCredentials) {
        this.tokenInfo = this.tokenProvider.getTokenInfo(tokenCredentials.getToken());
        if (this.tokenInfo == null) {
            log.debug("No valid TokenInfo for token.");
            return false;
        }
        long time = new Date().getTime();
        if (this.tokenInfo.isExpired(time)) {
            log.debug("Token is expired");
            this.tokenInfo.remove();
            return false;
        }
        if (!this.tokenInfo.matches(tokenCredentials)) {
            return false;
        }
        this.tokenInfo.resetExpiration(time);
        return true;
    }
}
