package net.shrine.identity;

import java.io.UnsupportedEncodingException;
import javax.xml.bind.JAXBException;
import org.apache.commons.codec.binary.Base64;
import org.spin.query.message.identity.IdentityService;
import org.spin.query.message.identity.IdentityServiceException;
import org.spin.tools.JAXBUtils;
import org.spin.tools.crypto.signature.Identity;
import org.spin.tools.crypto.signature.XMLSignatureUtil;

/* loaded from: input_file:WEB-INF/lib/shrine-commons-1.8.jar:net/shrine/identity/CarraIdentityService.class */
public class CarraIdentityService implements IdentityService {
    @Override // org.spin.query.message.identity.IdentityService
    public Identity certify(String str, String str2, String str3) throws IdentityServiceException {
        if (str2 == null || str3 == null) {
            throw new IdentityServiceException("No username or password");
        }
        try {
            Identity convertAuthToIdentity = convertAuthToIdentity(str3);
            if (XMLSignatureUtil.verifySignature(convertAuthToIdentity) && str2.equals(convertAuthToIdentity.getUsername())) {
                return XMLSignatureUtil.sign(new Identity(convertAuthToIdentity.getDomain(), convertAuthToIdentity.getUsername(), convertAuthToIdentity.getAssertion()));
            }
            throw new IdentityServiceException("Not authorized");
        } catch (Exception e) {
            throw new IdentityServiceException("Not authorized");
        }
    }

    private static Identity convertAuthToIdentity(String str) throws JAXBException, UnsupportedEncodingException {
        return (Identity) JAXBUtils.unmarshal(new String(new Base64().decode(str), "UTF-8"), Identity.class);
    }
}
