package ru.runa.wfe.security.auth;

import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import ru.runa.wfe.commons.SystemProperties;
import ru.runa.wfe.user.Actor;

/* loaded from: input_file:ru/runa/wfe/security/auth/TrustedLoginModule.class */
public class TrustedLoginModule extends LoginModuleBase {
    @Override // ru.runa.wfe.security.auth.LoginModuleBase
    protected Actor login(CallbackHandler callbackHandler) throws Exception {
        if (!(callbackHandler instanceof TrustedLoginModuleCallbackHandler)) {
            return null;
        }
        if (!SystemProperties.isTrustedAuthenticationEnabled()) {
            this.log.warn("trusted auth is disabled in system.properties");
            return null;
        }
        TrustedLoginModuleCallbackHandler trustedLoginModuleCallbackHandler = (TrustedLoginModuleCallbackHandler) callbackHandler;
        if (this.executorDAO.isExecutorInGroup(trustedLoginModuleCallbackHandler.getServiceUser().getActor(), this.executorDAO.getGroup(SystemProperties.getAdministratorsGroupName()))) {
            return this.executorDAO.getActor(trustedLoginModuleCallbackHandler.getLogin());
        }
        throw new LoginException("Service user does not belongs to administrators");
    }
}
