package de.adorsys.oauth.loginmodule;

import com.nimbusds.oauth2.sdk.AuthorizationRequest;
import com.nimbusds.oauth2.sdk.id.ClientID;
import java.util.Arrays;
import java.util.Iterator;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import javax.security.jacc.PolicyContext;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/oauth-jboss-support-0.14.jar:de/adorsys/oauth/loginmodule/OAuthClientIdLoginModule.class */
public class OAuthClientIdLoginModule implements LoginModule {
    private static final Logger LOG = LoggerFactory.getLogger(OAuthClientIdLoginModule.class);
    private boolean success;

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
    }

    public boolean login() throws LoginException {
        validateRequest();
        return true;
    }

    public boolean commit() throws LoginException {
        return true;
    }

    public boolean abort() throws LoginException {
        return true;
    }

    public boolean logout() throws LoginException {
        return true;
    }

    private boolean validateRequest() throws LoginException {
        AuthorizationRequest authorizationRequest;
        HttpServletRequest httpServletRequest = (HttpServletRequest) fromPolicyContext(HttpServletRequest.class);
        if ((httpServletRequest != null && httpServletRequest.getUserPrincipal() != null) || (authorizationRequest = (AuthorizationRequest) fromPolicyContext(AuthorizationRequest.class)) == null) {
            return false;
        }
        ClientID clientID = authorizationRequest.getClientID();
        String property = System.getProperty("oauth.clients." + clientID + ".redirectionURIs");
        if (property == null) {
            LOG.warn("Unknow OAUTH ClientID {} requested a token. Please define system property 'oauth.clients.{}.redirectionURIs'.", clientID, clientID);
            throw new LoginException("Unknow OAUTH ClientID {} requested a token. Please define system property 'oauth.clients.{}.redirectionURIs'.");
        }
        String uri = authorizationRequest.getRedirectionURI().toString();
        Iterator it = Arrays.asList(property.split(",")).iterator();
        while (it.hasNext()) {
            if (StringUtils.startsWithIgnoreCase(uri, (String) it.next())) {
                return true;
            }
        }
        LOG.warn("OAUTH ClientID {} requested a token but the redirect urls does not match. Actual redirectionurl {} is not defined in {}.", new Object[]{clientID, authorizationRequest.getRedirectionURI(), property});
        throw new LoginException("OAUTH ClientID {} requested a token but the redirect urls does not match. Actual redirectionurl {} is not defined in {}.");
    }

    private <T> T fromPolicyContext(Class<T> cls) {
        try {
            return (T) PolicyContext.getContext(cls.getName());
        } catch (Exception e) {
            return null;
        }
    }
}
