package org.picketlink.identity.federation.core.wstrust.auth;

import java.io.IOException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import org.picketlink.identity.federation.core.wstrust.STSClient;
import org.picketlink.identity.federation.core.wstrust.WSTrustException;
import org.w3c.dom.Element;

/* loaded from: input_file:WEB-INF/lib/picketlink-core-2.1.6.Final.jar:org/picketlink/identity/federation/core/wstrust/auth/STSValidatingLoginModule.class */
public class STSValidatingLoginModule extends AbstractSTSLoginModule {
    @Override // org.picketlink.identity.federation.core.wstrust.auth.AbstractSTSLoginModule
    public Element invokeSTS(STSClient sTSClient) throws WSTrustException, LoginException {
        try {
            Element element = (Element) getSharedToken();
            if (element == null) {
                element = getSamlTokenFromCaller();
            }
            boolean validateToken = sTSClient.validateToken(element);
            logger.debug("SAML Token Validation result: " + validateToken);
            if (validateToken) {
                return element;
            }
            throw logger.authCouldNotValidateSAMLToken(element);
        } catch (IOException e) {
            throw logger.authLoginError(e);
        } catch (UnsupportedCallbackException e2) {
            throw logger.authLoginError(e2);
        }
    }

    private Element getSamlTokenFromCaller() throws UnsupportedCallbackException, LoginException, IOException {
        TokenCallback tokenCallback = new TokenCallback();
        getCallbackHandler().handle(new Callback[]{tokenCallback});
        Element element = (Element) tokenCallback.getToken();
        if (element == null) {
            throw logger.authCouldNotLocateSecurityToken();
        }
        return element;
    }
}
