package com.adobe.granite.oauth.server.auth.impl;

import java.security.Principal;
import java.util.Collections;
import java.util.Map;
import java.util.Set;
import javax.jcr.Credentials;
import javax.jcr.SimpleCredentials;
import javax.security.auth.login.LoginException;
import org.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule;
import org.apache.jackrabbit.oak.spi.security.authentication.AuthInfoImpl;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Deprecated
/* loaded from: input_file:com/adobe/granite/oauth/server/auth/impl/OAuth2ServerLoginModule.class */
public class OAuth2ServerLoginModule extends AbstractLoginModule {
    private static final Logger log = LoggerFactory.getLogger(OAuth2ServerLoginModule.class);
    private static final Set<Class> SUPPORTED_CREDENTIALS = Collections.singleton(OAuth2ServerCredentials.class);
    private String userId;
    private Set<? extends Principal> principals;
    private SimpleCredentials sharedCredentials;

    public boolean commit() throws LoginException {
        if (this.sharedCredentials == null || this.userId == null || this.principals == null || this.principals.isEmpty()) {
            clearState();
            return false;
        }
        if (this.subject.isReadOnly()) {
            log.debug("Could not add information to read only subject {}", this.subject);
            return true;
        }
        this.subject.getPrincipals().addAll(this.principals);
        this.subject.getPublicCredentials().add(this.sharedCredentials);
        this.subject.getPublicCredentials().add(new AuthInfoImpl(this.userId, (Map) null, this.principals));
        return true;
    }

    public boolean login() throws LoginException {
        Credentials credentials = getCredentials();
        if (!(credentials instanceof OAuth2ServerCredentials)) {
            return false;
        }
        this.userId = ((OAuth2ServerCredentials) credentials).getUserId();
        if (this.userId == null) {
            log.debug("Could not extract userId/credentials");
            return false;
        }
        this.principals = getPrincipals(this.userId);
        if (this.principals.isEmpty()) {
            this.principals = null;
            log.debug("No principals found for {}", this.userId);
            return false;
        }
        this.sharedCredentials = new SimpleCredentials(this.userId, new char[0]);
        this.sharedState.put("org.apache.jackrabbit.credentials", this.sharedCredentials);
        this.sharedState.put("javax.security.auth.login.name", this.userId);
        log.debug("login succeeded with trusted user: {}", this.userId);
        return true;
    }

    protected Set<Class> getSupportedCredentials() {
        return SUPPORTED_CREDENTIALS;
    }

    protected void clearState() {
        this.sharedCredentials = null;
        this.userId = null;
        this.principals = null;
        super.clearState();
    }
}
