package org.picketlink.identity.federation.core.wstrust.auth;

import java.io.IOException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import org.apache.log4j.Logger;
import org.picketlink.identity.federation.core.wstrust.STSClient;
import org.picketlink.identity.federation.core.wstrust.WSTrustException;
import org.w3c.dom.Element;

/* loaded from: input_file:WEB-INF/lib/picketlink-fed-core-1.0.1.jar:org/picketlink/identity/federation/core/wstrust/auth/STSValidatingLoginModule.class */
public class STSValidatingLoginModule extends AbstractSTSLoginModule {
    private Logger log = Logger.getLogger(STSValidatingLoginModule.class);

    @Override // org.picketlink.identity.federation.core.wstrust.auth.AbstractSTSLoginModule
    public Element invokeSTS(STSClient sTSClient) throws WSTrustException, LoginException {
        try {
            Element element = (Element) getSharedToken();
            if (element == null) {
                element = getSamlTokenFromCaller();
            }
            boolean validateToken = sTSClient.validateToken(element);
            this.log.debug("Validation result: " + validateToken);
            if (validateToken) {
                return element;
            }
            throw new LoginException("Could not validate the SAML Security Token :" + element);
        } catch (IOException e) {
            throw new LoginException("IOException : " + e.getMessage());
        } catch (UnsupportedCallbackException e2) {
            throw new LoginException("UnsupportedCallbackException : " + e2.getMessage());
        }
    }

    private Element getSamlTokenFromCaller() throws UnsupportedCallbackException, LoginException, IOException {
        TokenCallback tokenCallback = new TokenCallback();
        getCallbackHandler().handle(new Callback[]{tokenCallback});
        Element element = (Element) tokenCallback.getToken();
        if (element == null) {
            throw new LoginException("Could not locate a Security Token from the callback.");
        }
        return element;
    }
}
