package org.picketlink.identity.federation.bindings.jboss.auth;

import java.security.KeyStore;
import java.security.Principal;
import java.security.acl.Group;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import org.picketlink.common.exceptions.ConfigurationException;
import org.picketlink.identity.federation.core.factories.JBossAuthCacheInvalidationFactory;
import org.picketlink.identity.federation.core.wstrust.SamlCredential;
import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
import org.w3c.dom.Element;

/* loaded from: input_file:eap7/api-jars/picketlink-wildfly8-2.5.5.SP1.jar:org/picketlink/identity/federation/bindings/jboss/auth/SAMLTokenCertValidatingCommonLoginModule.class */
public abstract class SAMLTokenCertValidatingCommonLoginModule extends SAMLTokenFromHttpRequestAbstractLoginModule {
    protected Principal principal;
    protected SamlCredential credential;
    protected AssertionType assertion;
    protected boolean enableCacheInvalidation;
    protected String securityDomain;
    protected String localValidationSecurityDomain;
    protected String roleKey;
    protected Map<String, Object> options;
    protected Map<String, Object> rawOptions;
    public static final String STS_CONFIG_FILE = "configFile";
    public static final String ENDPOINT_ADDRESS = "endpointAddress";
    public static final String PORT_NAME = "portName";
    public static final String SERVICE_NAME = "serviceName";
    public static final String USERNAME_KEY = "username";
    public static final String PASSWORD_KEY = "password";
    protected boolean localTestingOnly;

    @Override // org.picketlink.identity.federation.bindings.jboss.auth.SAMLTokenFromHttpRequestAbstractLoginModule, org.jboss.security.auth.spi.AbstractServerLoginModule
    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2);

    @Override // org.jboss.security.auth.spi.AbstractServerLoginModule
    public boolean login() throws LoginException;

    @Override // org.jboss.security.auth.spi.AbstractServerLoginModule
    public boolean commit() throws LoginException;

    @Override // org.jboss.security.auth.spi.AbstractServerLoginModule
    public boolean abort() throws LoginException;

    @Override // org.jboss.security.auth.spi.AbstractServerLoginModule
    public boolean logout() throws LoginException;

    private void clearState();

    @Override // org.jboss.security.auth.spi.AbstractServerLoginModule
    protected Principal getIdentity();

    @Override // org.jboss.security.auth.spi.AbstractServerLoginModule
    protected Group[] getRoleSets() throws LoginException;

    protected JBossAuthCacheInvalidationFactory.TimeCacheExpiry getCacheExpiry() throws Exception;

    private void validateSAMLCredential() throws LoginException, ConfigurationException, CertificateExpiredException, CertificateNotYetValidException;

    private X509Certificate getX509Certificate() throws LoginException;

    private String findNameSpacePrefix(Element element, String str);

    protected void validateCertPath(X509Certificate x509Certificate) throws LoginException;

    protected abstract KeyStore getKeyStore() throws Exception;
}
