package org.forgerock.openam.sts.rest.token.validator;

import java.security.cert.X509Certificate;
import org.forgerock.openam.sts.TokenType;
import org.forgerock.openam.sts.TokenValidationException;
import org.forgerock.openam.sts.token.ThreadLocalAMTokenCache;
import org.forgerock.openam.sts.token.validator.AuthenticationHandler;
import org.forgerock.openam.sts.token.validator.PrincipalFromSession;
import org.forgerock.openam.sts.token.validator.ValidationInvocationContext;

/* loaded from: input_file:org/forgerock/openam/sts/rest/token/validator/RestCertificateTokenTransformValidator.class */
public class RestCertificateTokenTransformValidator implements RestTokenTransformValidator<X509Certificate[]> {
    private final AuthenticationHandler<X509Certificate[]> authenticationHandler;
    private final ThreadLocalAMTokenCache threadLocalAMTokenCache;
    private final PrincipalFromSession principalFromSession;
    private final ValidationInvocationContext validationInvocationContext;
    private final boolean invalidateAMSession;

    public RestCertificateTokenTransformValidator(AuthenticationHandler<X509Certificate[]> authenticationHandler, ThreadLocalAMTokenCache threadLocalAMTokenCache, PrincipalFromSession principalFromSession, ValidationInvocationContext validationInvocationContext, boolean z) {
        this.authenticationHandler = authenticationHandler;
        this.threadLocalAMTokenCache = threadLocalAMTokenCache;
        this.principalFromSession = principalFromSession;
        this.validationInvocationContext = validationInvocationContext;
        this.invalidateAMSession = z;
    }

    @Override // org.forgerock.openam.sts.rest.token.validator.RestTokenTransformValidator
    public RestTokenTransformValidatorResult validateToken(RestTokenTransformValidatorParameters<X509Certificate[]> restTokenTransformValidatorParameters) throws TokenValidationException {
        String authenticate = this.authenticationHandler.authenticate(restTokenTransformValidatorParameters.getInputToken(), TokenType.X509);
        this.threadLocalAMTokenCache.cacheSessionIdForContext(this.validationInvocationContext, authenticate, this.invalidateAMSession);
        return new RestTokenTransformValidatorResult(this.principalFromSession.getPrincipalFromSession(authenticate), authenticate);
    }
}
