package org.wildfly.swarm.microprofile.jwtauth.deployment.auth.jaas;

import java.security.Principal;
import java.security.acl.Group;
import java.util.Iterator;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import org.eclipse.microprofile.jwt.JsonWebToken;
import org.jboss.security.SimpleGroup;
import org.jboss.security.SimplePrincipal;
import org.jboss.security.auth.callback.SecurityAssociationCallback;
import org.jboss.security.auth.spi.RoleMappingLoginModule;
import org.wildfly.swarm.microprofile.jwtauth.deployment.principal.JWTCallerPrincipal;
import org.wildfly.swarm.microprofile.jwtauth.deployment.principal.JWTCallerPrincipalFactory;
import org.wildfly.swarm.microprofile.jwtauth.deployment.principal.ParseException;

/* loaded from: input_file:org/wildfly/swarm/microprofile/jwtauth/deployment/auth/jaas/JWTLoginModule.class */
public class JWTLoginModule extends RoleMappingLoginModule {
    private static final String LOG_EXCEPTIONS = "logExceptions";
    private static final String[] ALL_VALID_OPTIONS = {LOG_EXCEPTIONS};
    private JsonWebToken jwtPrincipal;
    private boolean logExceptions = false;

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        addValidOptions(ALL_VALID_OPTIONS);
        super.initialize(subject, callbackHandler, map, map2);
        if (map2.containsKey(LOG_EXCEPTIONS)) {
            this.logExceptions = Boolean.valueOf(map2.get(LOG_EXCEPTIONS).toString()).booleanValue();
        }
    }

    public boolean login() throws LoginException {
        Callback securityAssociationCallback = new SecurityAssociationCallback();
        try {
            this.callbackHandler.handle(new Callback[]{securityAssociationCallback});
            this.jwtPrincipal = validate((JWTCredential) securityAssociationCallback.getCredential());
            this.loginOk = true;
            return true;
        } catch (Exception e) {
            if (this.logExceptions) {
                this.log.infof(e, "Failed to validate token", new Object[0]);
            }
            LoginException loginException = new LoginException("Failed to validate token");
            loginException.initCause(e);
            throw loginException;
        }
    }

    public boolean commit() throws LoginException {
        this.subject.getPrincipals().add(this.jwtPrincipal);
        Principal simpleGroup = new SimpleGroup("Roles");
        Iterator it = this.jwtPrincipal.getGroups().iterator();
        while (it.hasNext()) {
            simpleGroup.addMember(new SimplePrincipal((String) it.next()));
        }
        this.subject.getPrincipals().add(simpleGroup);
        this.sharedState.put("JsonWebToken", this.jwtPrincipal);
        return super.commit();
    }

    protected JWTCallerPrincipal validate(JWTCredential jWTCredential) throws ParseException {
        return JWTCallerPrincipalFactory.instance().parse(jWTCredential.getBearerToken(), jWTCredential.getAuthContextInfo());
    }

    protected Group[] getRoleSets() throws LoginException {
        return this.options.containsKey("rolesProperties") ? super.getRoleSets() : new Group[]{(Group) this.subject.getPrincipals().stream().filter(principal -> {
            return (principal instanceof Group) && "Roles".equals(principal.getName());
        }).findFirst().get()};
    }
}
