package org.osaf.cosmo.acegisecurity.providers.wsse;

import java.text.ParseException;
import java.util.Date;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.osaf.cosmo.acegisecurity.userdetails.CosmoUserDetails;
import org.osaf.cosmo.dao.UserDao;
import org.osaf.cosmo.model.User;
import org.osaf.cosmo.util.DateUtil;
import org.osaf.cosmo.wsse.UsernameToken;
import org.osaf.cosmo.wsse.WsseUtils;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;

/* loaded from: input_file:org/osaf/cosmo/acegisecurity/providers/wsse/WsseAuthenticationProvider.class */
public class WsseAuthenticationProvider implements AuthenticationProvider {
    private static final Log log = LogFactory.getLog(WsseAuthenticationProvider.class);
    private static int DEFAULT_WSSE_TOKEN_TIMEOUT = 7200;
    private UserDao userDao;
    private Date currentTime = null;
    private int tokenTimeout = DEFAULT_WSSE_TOKEN_TIMEOUT;

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        if (!supports(authentication.getClass())) {
            return null;
        }
        WsseAuthenticationToken wsseAuthenticationToken = (WsseAuthenticationToken) authentication;
        UsernameToken usernameToken = (UsernameToken) wsseAuthenticationToken.getCredentials();
        if (usernameToken.getNonce() == null || ((usernameToken.getNonce() != null && usernameToken.getNonce().isEmpty()) || usernameToken.getCreated() == null || ((usernameToken.getCreated() != null && usernameToken.getCreated().isEmpty()) || usernameToken.getPasswordDigest() == null || (usernameToken.getPasswordDigest() != null && usernameToken.getPasswordDigest().isEmpty())))) {
            throw new BadCredentialsException("WSSE token invalid : missing fields");
        }
        try {
            Date time = DateUtil.parseRfc3339Calendar(usernameToken.getCreated()).getTime();
            Date date = this.currentTime == null ? new Date() : this.currentTime;
            if (time.after(date)) {
                throw new BadCredentialsException("WSSE token invalid: created is in the future");
            }
            if (date.getTime() > time.getTime() + (this.tokenTimeout * 1000)) {
                throw new BadCredentialsException("WSSE token invalid: token timed out");
            }
            User user = this.userDao.getUser(usernameToken.getUsername());
            if (user == null) {
                throw new BadCredentialsException("WSSE token invalid: invalid user");
            }
            if (!WsseUtils.calculatePasswordDigest(user.getPassword(), usernameToken.getNonce(), usernameToken.getCreated()).equals(usernameToken.getPasswordDigest())) {
                throw new BadCredentialsException("WSSE token invalid: invalid password hash");
            }
            wsseAuthenticationToken.setUserDetails(new CosmoUserDetails(user));
            wsseAuthenticationToken.setAuthenticated(true);
            return wsseAuthenticationToken;
        } catch (ParseException e) {
            throw new BadCredentialsException("WSSE token invalid: invalid created timestamp format");
        }
    }

    public boolean supports(Class cls) {
        return WsseAuthenticationToken.class.isAssignableFrom(cls);
    }

    public UserDao getUserDao() {
        return this.userDao;
    }

    public void setUserDao(UserDao userDao) {
        this.userDao = userDao;
    }

    public int getTokenTimeout() {
        return this.tokenTimeout;
    }

    public void setTokenTimeout(int i) {
        this.tokenTimeout = i;
    }

    protected void setCurrentTime(Date date) {
        this.currentTime = date;
    }
}
