package org.eclipse.jetty.security.openid;

import java.security.Principal;
import javax.security.auth.Subject;
import javax.servlet.ServletRequest;
import org.eclipse.jetty.security.IdentityService;
import org.eclipse.jetty.security.LoginService;
import org.eclipse.jetty.server.UserIdentity;
import org.eclipse.jetty.util.component.ContainerLifeCycle;
import org.eclipse.jetty.util.log.Log;
import org.eclipse.jetty.util.log.Logger;

/* loaded from: input_file:org/eclipse/jetty/security/openid/OpenIdLoginService.class */
public class OpenIdLoginService extends ContainerLifeCycle implements LoginService {
    private static final Logger LOG = Log.getLogger(OpenIdLoginService.class);
    private final OpenIdConfiguration _configuration;
    private final LoginService loginService;
    private IdentityService identityService;
    private boolean authenticateNewUsers;

    public OpenIdLoginService(OpenIdConfiguration openIdConfiguration) {
        this(openIdConfiguration, null);
    }

    public OpenIdLoginService(OpenIdConfiguration openIdConfiguration, LoginService loginService) {
        this._configuration = openIdConfiguration;
        this.loginService = loginService;
        addBean(this.loginService);
    }

    public String getName() {
        return this._configuration.getIssuer();
    }

    public OpenIdConfiguration getConfiguration() {
        return this._configuration;
    }

    public UserIdentity login(String str, Object obj, ServletRequest servletRequest) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("login({}, {}, {})", new Object[]{str, obj, servletRequest});
        }
        OpenIdCredentials openIdCredentials = (OpenIdCredentials) obj;
        try {
            openIdCredentials.redeemAuthCode();
            if (openIdCredentials.isExpired()) {
                return null;
            }
            OpenIdUserPrincipal openIdUserPrincipal = new OpenIdUserPrincipal(openIdCredentials);
            Subject subject = new Subject();
            subject.getPrincipals().add(openIdUserPrincipal);
            subject.getPrivateCredentials().add(obj);
            subject.setReadOnly();
            if (this.loginService == null) {
                return this.identityService.newUserIdentity(subject, openIdUserPrincipal, new String[0]);
            }
            UserIdentity login = this.loginService.login(openIdCredentials.getUserId(), "", servletRequest);
            if (login != null) {
                return new OpenIdUserIdentity(subject, openIdUserPrincipal, login);
            }
            if (isAuthenticateNewUsers()) {
                return getIdentityService().newUserIdentity(subject, openIdUserPrincipal, new String[0]);
            }
            return null;
        } catch (Throwable th) {
            LOG.warn(th);
            return null;
        }
    }

    public boolean isAuthenticateNewUsers() {
        return this.authenticateNewUsers;
    }

    public void setAuthenticateNewUsers(boolean z) {
        this.authenticateNewUsers = z;
    }

    public boolean validate(UserIdentity userIdentity) {
        Principal userPrincipal = userIdentity.getUserPrincipal();
        return (userPrincipal instanceof OpenIdUserPrincipal) && !((OpenIdUserPrincipal) userPrincipal).getCredentials().isExpired();
    }

    public IdentityService getIdentityService() {
        return this.loginService == null ? this.identityService : this.loginService.getIdentityService();
    }

    public void setIdentityService(IdentityService identityService) {
        if (isRunning()) {
            throw new IllegalStateException("Running");
        }
        if (this.loginService != null) {
            this.loginService.setIdentityService(identityService);
        } else {
            this.identityService = identityService;
        }
    }

    public void logout(UserIdentity userIdentity) {
    }
}
