package com.sun.identity.authentication.modules.sae;

import com.sun.identity.authentication.spi.AMLoginModule;
import com.sun.identity.authentication.spi.AuthLoginException;
import com.sun.identity.sae.api.SecureAttrs;
import com.sun.identity.saml2.common.SAML2Utils;
import com.sun.identity.shared.debug.Debug;
import com.sun.identity.workflow.ParameterKeys;
import java.security.Principal;
import java.util.Map;
import java.util.Properties;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.servlet.http.HttpServletRequest;

/* loaded from: input_file:com/sun/identity/authentication/modules/sae/SAE.class */
public class SAE extends AMLoginModule {
    private static final int DEFAULT_AUTH_LEVEL = 0;
    private String userTokenId;
    private SAEPrincipal userPrincipal;
    private static final String customModule = "SAE";
    private static Debug debug;

    public void init(Subject subject, Map map, Map map2) {
    }

    public int process(Callback[] callbackArr, int i) throws AuthLoginException {
        debug.message("SAE AuthModule.process...");
        HttpServletRequest httpServletRequest = getHttpServletRequest();
        if (httpServletRequest == null) {
            debug.error("SAE AuthModule.process: httprequest is null.");
            throw new AuthLoginException("HttpServletRequest is null");
        }
        String parameter = httpServletRequest.getParameter("sun.data");
        if (debug.messageEnabled()) {
            debug.message("SAE AuthModule.process+encodedStr=" + parameter);
        }
        String parameter2 = httpServletRequest.getParameter(ParameterKeys.P_REALM);
        String parameter3 = httpServletRequest.getParameter("idpEntityID");
        String parameter4 = httpServletRequest.getParameter("idpAppUrl");
        debug.message("SAE AuthModule.SAML2Utils.getSAEAttrs");
        Map sAEAttrs = SAML2Utils.getSAEAttrs(parameter2, parameter3, "IDPRole", parameter4);
        if (sAEAttrs == null) {
            debug.error("SAE AuthModule.process:get SAE Attrs failed:null.");
            throw new AuthLoginException("SAE config Attributes are null");
        }
        String str = (String) sAEAttrs.get(ParameterKeys.P_TYPE);
        String str2 = (String) sAEAttrs.get("encryptionalgorithm");
        String str3 = (String) sAEAttrs.get("encryptionkeystrength");
        String str4 = DEFAULT_AUTH_LEVEL;
        String str5 = DEFAULT_AUTH_LEVEL;
        if ("symmetric".equals(str)) {
            str4 = (String) sAEAttrs.get("secret");
            str5 = str4;
        } else if ("asymmetric".equals(str)) {
            str4 = (String) sAEAttrs.get("pubkeyalias");
            str5 = (String) sAEAttrs.get("privatekeyalias");
        }
        if (debug.messageEnabled()) {
            debug.message("SAE AuthModule: realm=" + parameter2 + ", idpEntityID=" + parameter3 + ", idpAppUrl=" + parameter4 + ", cryptoType=" + str + ", key=" + str4);
        }
        try {
            String str6 = str + "_" + str2 + "_" + str3;
            SecureAttrs secureAttrs = SecureAttrs.getInstance(str6);
            if (secureAttrs == null) {
                Properties properties = new Properties();
                properties.setProperty("certclassimpl", "com.sun.identity.sae.api.FMCerts");
                if (str2 != null) {
                    properties.setProperty("encryptionalgorithm", str2);
                }
                if (str3 != null) {
                    properties.setProperty("encryptionkeystrength", str3);
                }
                SecureAttrs.init(str6, str, properties);
                secureAttrs = SecureAttrs.getInstance(str6);
            }
            Map verifyEncodedString = secureAttrs.verifyEncodedString(parameter, str4, str5);
            if (debug.messageEnabled()) {
                debug.message("SAE AuthModule.: SAE attrs:" + verifyEncodedString);
            }
            if (verifyEncodedString == null) {
                debug.error("SAE AuthModule.process:verification failed:attrs null.");
                throw new AuthLoginException("Attributes are null");
            }
            this.userTokenId = (String) verifyEncodedString.get("sun.userid");
            for (Map.Entry entry : verifyEncodedString.entrySet()) {
                String str7 = (String) entry.getKey();
                String str8 = (String) entry.getValue();
                if (!str7.equals("sun.userid")) {
                    if (debug.messageEnabled()) {
                        debug.message("Session Property set: " + str7 + "= " + str8);
                    }
                    setUserSessionProperty(str7, str8);
                }
            }
            String str9 = (String) verifyEncodedString.get("sun.authlevel");
            int i2 = DEFAULT_AUTH_LEVEL;
            if (str9 != null && str9.length() != 0) {
                try {
                    i2 = Integer.parseInt(str9);
                } catch (Exception e) {
                    debug.error("Unable to parse auth level " + str9 + ". Using default.", e);
                    i2 = DEFAULT_AUTH_LEVEL;
                }
            }
            if (debug.messageEnabled()) {
                debug.message("SAE AuthModule: auth level = " + i2);
            }
            setAuthLevel(i2);
            debug.message("SAE AuthModule:return SUCCESS");
            return -1;
        } catch (Exception e2) {
            debug.error("SAE AuthModule.process: verification failed.", e2);
            throw new AuthLoginException("verify failed");
        }
    }

    public Principal getPrincipal() {
        if (this.userPrincipal == null && this.userTokenId != null) {
            this.userPrincipal = new SAEPrincipal(this.userTokenId);
        }
        return this.userPrincipal;
    }

    public void destroyModuleState() {
        this.userPrincipal = null;
        this.userTokenId = null;
    }

    static {
        debug = null;
        debug = Debug.getInstance(customModule);
    }
}
