package org.gatein.sso.agent.login;

import java.security.Principal;
import java.security.acl.Group;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import org.exoplatform.container.ExoContainer;
import org.exoplatform.container.ExoContainerContext;
import org.exoplatform.container.PortalContainer;
import org.exoplatform.container.RootContainer;
import org.exoplatform.services.security.Authenticator;
import org.exoplatform.services.security.UsernameCredential;
import org.picketlink.identity.federation.bindings.jboss.auth.SAML2LoginModule;

/* loaded from: input_file:org/gatein/sso/agent/login/SAML2IntegrationLoginModule.class */
public class SAML2IntegrationLoginModule extends SAML2LoginModule {
    private static final String OPTION_PORTAL_CONTAINER_NAME = "portalContainerName";
    private static final String OPTION_USE_SAML_ROLES = "useSAMLRoles";
    private String portalContainerName;
    private boolean useSAMLRoles;

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        super.initialize(subject, callbackHandler, map, map2);
        this.portalContainerName = getPortalContainerName(map2);
        String str = (String) map2.get(OPTION_USE_SAML_ROLES);
        this.useSAMLRoles = str != null && "true".equals(str);
        if (this.log.isTraceEnabled()) {
            this.log.trace("Using options: portalContainerName=" + this.portalContainerName + ", " + OPTION_USE_SAML_ROLES + "=" + this.useSAMLRoles);
        }
    }

    public boolean login() throws LoginException {
        if (!super.login()) {
            return false;
        }
        String usernameFromSharedState = getUsernameFromSharedState();
        if (this.log.isTraceEnabled()) {
            this.log.trace("Found user " + usernameFromSharedState + " in shared state.");
        }
        try {
            this.sharedState.put("exo.security.identity", ((Authenticator) getContainer().getComponentInstanceOfType(Authenticator.class)).createIdentity(usernameFromSharedState));
            this.subject.getPublicCredentials().add(new UsernameCredential(usernameFromSharedState));
            return true;
        } catch (Exception e) {
            this.log.debug("Exception during login process: " + e.getMessage(), e);
            throw new LoginException(e.getMessage());
        }
    }

    protected String getUsernameFromSharedState() {
        Object obj = this.sharedState.get("javax.security.auth.login.name");
        if (obj == null) {
            return null;
        }
        return obj instanceof Principal ? ((Principal) obj).getName() : (String) obj;
    }

    protected Group[] getRoleSets() throws LoginException {
        return this.useSAMLRoles ? super.getRoleSets() : new Group[0];
    }

    private String getPortalContainerName(Map map) {
        String str;
        return (map == null || (str = (String) map.get(OPTION_PORTAL_CONTAINER_NAME)) == null || str.length() <= 0) ? PortalContainer.DEFAULT_PORTAL_CONTAINER_NAME : str;
    }

    private ExoContainer getContainer() throws Exception {
        PortalContainer currentContainer = ExoContainerContext.getCurrentContainer();
        if (currentContainer instanceof RootContainer) {
            currentContainer = RootContainer.getInstance().getPortalContainer(this.portalContainerName);
        }
        return currentContainer;
    }
}
