package org.apache.wss4j.dom.validate;

import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.apache.wss4j.common.NamePasswordCallbackHandler;
import org.apache.wss4j.common.WSS4JConstants;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.message.token.UsernameToken;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/wss4j-ws-security-dom-2.2.0.jar:org/apache/wss4j/dom/validate/JAASUsernameTokenValidator.class */
public class JAASUsernameTokenValidator implements Validator {
    private static final Logger LOG = LoggerFactory.getLogger(JAASUsernameTokenValidator.class);
    private String contextName;

    public void setContextName(String str) {
        this.contextName = str;
    }

    public String getContextName() {
        return this.contextName;
    }

    @Override // org.apache.wss4j.dom.validate.Validator
    public Credential validate(Credential credential, RequestData requestData) throws WSSecurityException {
        if (credential == null || credential.getUsernametoken() == null) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noCredential");
        }
        UsernameToken usernametoken = credential.getUsernametoken();
        String name = usernametoken.getName();
        String passwordType = usernametoken.getPasswordType();
        LOG.debug("UsernameToken user {}", usernametoken.getName());
        LOG.debug("UsernameToken password type {}", passwordType);
        if (usernametoken.isHashed()) {
            LOG.warn("Authentication failed as hashed username token not supported");
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
        }
        String password = usernametoken.getPassword();
        if (!WSS4JConstants.PASSWORD_TEXT.equals(passwordType)) {
            LOG.warn("Password type " + passwordType + " not supported");
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
        }
        if (name == null || name.length() <= 0 || password == null || password.length() <= 0) {
            LOG.warn("User or password empty");
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
        }
        try {
            LoginContext loginContext = new LoginContext(getContextName(), getCallbackHandler(name, password));
            loginContext.login();
            credential.setSubject(loginContext.getSubject());
            return credential;
        } catch (LoginException e) {
            LOG.info("Authentication failed", (Throwable) e);
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION, e);
        }
    }

    protected CallbackHandler getCallbackHandler(String str, String str2) {
        return new NamePasswordCallbackHandler(str, str2);
    }
}
