package org.spin.query.message.identity.local;

import java.util.Collection;
import java.util.Collections;
import java.util.Map;
import javax.xml.crypto.dsig.XMLSignatureException;
import org.apache.log4j.Logger;
import org.spin.query.message.identity.IdentityService;
import org.spin.query.message.identity.IdentityServiceException;
import org.spin.tools.Util;
import org.spin.tools.config.ConfigException;
import org.spin.tools.crypto.signature.Identity;
import org.spin.tools.crypto.signature.XMLSignatureUtil;

/* loaded from: input_file:WEB-INF/lib/identity-service-1.18.jar:org/spin/query/message/identity/local/LocalIdentityService.class */
public class LocalIdentityService implements IdentityService {
    private static final Logger log = Logger.getLogger(LocalIdentityService.class);
    private static final boolean DEBUG = log.isInfoEnabled();
    private final Map<String, LocalAuthEntry> userDB;
    private final XMLSignatureUtil xmlSignatureUtil;

    public LocalIdentityService() throws IdentityServiceException {
        this(Collections.emptyList());
    }

    public LocalIdentityService(Collection<LocalAuthEntry> collection) throws IdentityServiceException {
        this.userDB = Util.makeHashMap();
        try {
            this.xmlSignatureUtil = XMLSignatureUtil.getDefaultInstance();
            for (LocalAuthEntry localAuthEntry : collection) {
                this.userDB.put(getQualifiedUsername(localAuthEntry), localAuthEntry);
            }
        } catch (ConfigException e) {
            throw new IdentityServiceException("Error getting an XMLSignatureUtil instance: ", e);
        }
    }

    @Override // org.spin.query.message.identity.IdentityService
    public Identity certify(String str, String str2, String str3) throws IdentityServiceException {
        String qualifiedUsername = getQualifiedUsername(str, str2);
        boolean containsKey = this.userDB.containsKey(qualifiedUsername);
        if (DEBUG) {
            log.debug("Looking up domain:user " + qualifiedUsername + ", in the database? " + containsKey);
        }
        if (!containsKey || !this.userDB.get(qualifiedUsername).hasPassword(str3)) {
            log.warn("Password failed for user " + str2 + " in domain " + str);
            return new Identity();
        }
        try {
            return this.xmlSignatureUtil.sign(new Identity(str, str2, this.userDB.get(qualifiedUsername).getAssertions()));
        } catch (XMLSignatureException e) {
            throw new IdentityServiceException("Failed to sign identity", e);
        }
    }

    private static final String getQualifiedUsername(LocalAuthEntry localAuthEntry) {
        return getQualifiedUsername(localAuthEntry.getDomain(), localAuthEntry.getUsername());
    }

    private static final String getQualifiedUsername(String str, String str2) {
        return str.toLowerCase() + ":" + str2.toLowerCase();
    }

    public static final Identity getUnsignedPublicIdentity() {
        return new Identity("public-domain", "public-user", "public-assertion");
    }
}
