package org.picketlink.trust.jbossws.jaas;

import java.io.ByteArrayInputStream;
import java.security.Principal;
import java.security.acl.Group;
import java.util.Iterator;
import java.util.List;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.login.LoginException;
import org.jboss.security.SimpleGroup;
import org.jboss.security.SimplePrincipal;
import org.jboss.security.auth.spi.AbstractServerLoginModule;
import org.picketlink.common.PicketLinkLogger;
import org.picketlink.common.PicketLinkLoggerFactory;
import org.picketlink.common.util.StringUtil;
import org.picketlink.identity.federation.core.parsers.saml.SAMLParser;
import org.picketlink.identity.federation.core.saml.v2.util.AssertionUtil;
import org.picketlink.identity.federation.core.wstrust.SamlCredential;
import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;

/* loaded from: input_file:eap7/api-jars/picketlink-wildfly8-2.5.5.SP1.jar:org/picketlink/trust/jbossws/jaas/SAMLRoleLoginModule.class */
public class SAMLRoleLoginModule extends AbstractServerLoginModule {
    private static final PicketLinkLogger logger = PicketLinkLoggerFactory.getLogger();

    @Override // org.jboss.security.auth.spi.AbstractServerLoginModule
    public boolean commit() throws LoginException {
        this.loginOk = true;
        return super.commit();
    }

    @Override // org.jboss.security.auth.spi.AbstractServerLoginModule
    protected Principal getIdentity() {
        Object obj = this.sharedState.get("javax.security.auth.login.name");
        if (obj != null && (obj instanceof String)) {
            return new SimplePrincipal((String) obj);
        }
        Principal principal = (Principal) obj;
        if (principal != null) {
            return principal;
        }
        Callback nameCallback = new NameCallback("UserName:");
        try {
            this.callbackHandler.handle(new Callback[]{nameCallback});
            String name = nameCallback.getName();
            if (StringUtil.isNotNull(name)) {
                return new SimplePrincipal(name);
            }
            for (Principal principal2 : this.subject.getPrincipals()) {
                if (!(principal2 instanceof Group)) {
                    return principal2;
                }
            }
            throw logger.authUnableToGetIdentityFromSubject();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    @Override // org.jboss.security.auth.spi.AbstractServerLoginModule
    protected Group[] getRoleSets() throws LoginException {
        SamlCredential samlCredential = null;
        Iterator<Object> it = this.subject.getPublicCredentials().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Object next = it.next();
            if (next instanceof SamlCredential) {
                samlCredential = (SamlCredential) next;
                break;
            }
        }
        if (samlCredential == null) {
            throw logger.authSAMLCredentialNotAvailable();
        }
        try {
            String assertionAsString = samlCredential.getAssertionAsString();
            if (StringUtil.isNullOrEmpty(assertionAsString)) {
                throw logger.authSAMLAssertionNullOrEmpty();
            }
            List<String> roles = AssertionUtil.getRoles((AssertionType) new SAMLParser().parse(new ByteArrayInputStream(assertionAsString.getBytes())), (List<String>) null);
            SimpleGroup simpleGroup = new SimpleGroup("Roles");
            Iterator<String> it2 = roles.iterator();
            while (it2.hasNext()) {
                simpleGroup.addMember(new SimplePrincipal(it2.next()));
            }
            return new Group[]{simpleGroup};
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }
}
