package org.apache.cxf.systest.jaxrs.security.oauth2.common;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.message.Message;
import org.apache.cxf.phase.PhaseInterceptorChain;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.saml.SAMLCallback;
import org.apache.wss4j.common.saml.bean.ActionBean;
import org.apache.wss4j.common.saml.bean.AttributeBean;
import org.apache.wss4j.common.saml.bean.AttributeStatementBean;
import org.apache.wss4j.common.saml.bean.AudienceRestrictionBean;
import org.apache.wss4j.common.saml.bean.AuthDecisionStatementBean;
import org.apache.wss4j.common.saml.bean.AuthenticationStatementBean;
import org.apache.wss4j.common.saml.bean.ConditionsBean;
import org.apache.wss4j.common.saml.bean.SubjectBean;
import org.apache.wss4j.common.saml.bean.Version;
import org.joda.time.DateTime;

/* loaded from: input_file:org/apache/cxf/systest/jaxrs/security/oauth2/common/SamlCallbackHandler.class */
public class SamlCallbackHandler implements CallbackHandler {
    private boolean signAssertion;
    private String audience;
    private String confirmationMethod = "urn:oasis:names:tc:SAML:2.0:cm:bearer";
    private String issuer = "resourceOwner";
    private boolean saml2 = true;
    private String cryptoPropertiesFile = "org/apache/cxf/systest/jaxrs/security/alice.properties";
    private String issuerKeyName = "alice";
    private String issuerKeyPassword = "password";
    private String subjectName = "alice";

    public SamlCallbackHandler(boolean z) {
        this.signAssertion = true;
        this.signAssertion = z;
    }

    @Override // javax.security.auth.callback.CallbackHandler
    public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
        Message currentMessage = PhaseInterceptorChain.getCurrentMessage();
        for (int i = 0; i < callbackArr.length; i++) {
            if (callbackArr[i] instanceof SAMLCallback) {
                SAMLCallback sAMLCallback = (SAMLCallback) callbackArr[i];
                if (this.saml2) {
                    sAMLCallback.setSamlVersion(Version.SAML_20);
                } else {
                    sAMLCallback.setSamlVersion(Version.SAML_11);
                }
                sAMLCallback.setIssuer(this.issuer);
                String str = currentMessage != null ? (String) currentMessage.getContextualProperty("saml.subject.name") : null;
                if (str == null) {
                    str = this.subjectName;
                }
                SubjectBean subjectBean = new SubjectBean(str, "www.mock-sts.com", this.confirmationMethod);
                sAMLCallback.setSubject(subjectBean);
                ConditionsBean conditionsBean = new ConditionsBean();
                AudienceRestrictionBean audienceRestrictionBean = new AudienceRestrictionBean();
                audienceRestrictionBean.setAudienceURIs(Collections.singletonList(this.audience));
                conditionsBean.setAudienceRestrictions(Collections.singletonList(audienceRestrictionBean));
                sAMLCallback.setConditions(conditionsBean);
                AuthDecisionStatementBean authDecisionStatementBean = new AuthDecisionStatementBean();
                authDecisionStatementBean.setDecision(AuthDecisionStatementBean.Decision.INDETERMINATE);
                authDecisionStatementBean.setResource("https://sp.example.com/SAML2");
                authDecisionStatementBean.setSubject(subjectBean);
                ActionBean actionBean = new ActionBean();
                actionBean.setContents("Read");
                authDecisionStatementBean.setActions(Collections.singletonList(actionBean));
                sAMLCallback.setAuthDecisionStatementData(Collections.singletonList(authDecisionStatementBean));
                AuthenticationStatementBean authenticationStatementBean = new AuthenticationStatementBean();
                authenticationStatementBean.setSubject(subjectBean);
                authenticationStatementBean.setAuthenticationInstant(new DateTime());
                authenticationStatementBean.setSessionIndex("123456");
                authenticationStatementBean.setSubject(subjectBean);
                authenticationStatementBean.setAuthenticationMethod("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport");
                sAMLCallback.setAuthenticationStatementData(Collections.singletonList(authenticationStatementBean));
                AttributeStatementBean attributeStatementBean = new AttributeStatementBean();
                attributeStatementBean.setSubject(subjectBean);
                List cast = currentMessage != null ? CastUtils.cast((List) currentMessage.getContextualProperty("saml.roles")) : null;
                if (cast == null) {
                    cast = Collections.singletonList("user");
                }
                ArrayList arrayList = new ArrayList();
                AttributeBean attributeBean = new AttributeBean();
                attributeBean.setSimpleName("subject-role");
                attributeBean.setQualifiedName("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role");
                attributeBean.setNameFormat("urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified");
                attributeBean.setAttributeValues(new ArrayList(cast));
                arrayList.add(attributeBean);
                List cast2 = currentMessage != null ? CastUtils.cast((List) currentMessage.getContextualProperty("saml.auth")) : null;
                if (cast2 == null) {
                    cast2 = Collections.singletonList("password");
                }
                AttributeBean attributeBean2 = new AttributeBean();
                attributeBean2.setSimpleName("http://claims/authentication");
                attributeBean2.setQualifiedName("http://claims/authentication");
                attributeBean2.setNameFormat("http://claims/authentication-format");
                attributeBean2.setAttributeValues(new ArrayList(cast2));
                arrayList.add(attributeBean2);
                attributeStatementBean.setSamlAttributes(arrayList);
                sAMLCallback.setAttributeStatementData(Collections.singletonList(attributeStatementBean));
                if (this.signAssertion) {
                    try {
                        sAMLCallback.setIssuerCrypto(CryptoFactory.getInstance(this.cryptoPropertiesFile));
                        sAMLCallback.setIssuerKeyName(this.issuerKeyName);
                        sAMLCallback.setIssuerKeyPassword(this.issuerKeyPassword);
                        sAMLCallback.setSignAssertion(true);
                    } catch (WSSecurityException e) {
                        throw new IOException((Throwable) e);
                    }
                } else {
                    continue;
                }
            }
        }
    }

    public String getCryptoPropertiesFile() {
        return this.cryptoPropertiesFile;
    }

    public void setCryptoPropertiesFile(String str) {
        this.cryptoPropertiesFile = str;
    }

    public String getIssuerKeyName() {
        return this.issuerKeyName;
    }

    public void setIssuerKeyName(String str) {
        this.issuerKeyName = str;
    }

    public String getIssuerKeyPassword() {
        return this.issuerKeyPassword;
    }

    public void setIssuerKeyPassword(String str) {
        this.issuerKeyPassword = str;
    }

    public String getIssuer() {
        return this.issuer;
    }

    public void setIssuer(String str) {
        this.issuer = str;
    }

    public String getAudience() {
        return this.audience;
    }

    public void setAudience(String str) {
        this.audience = str;
    }

    public void setConfirmationMethod(String str) {
        this.confirmationMethod = str;
    }

    public boolean isSaml2() {
        return this.saml2;
    }

    public void setSaml2(boolean z) {
        this.saml2 = z;
    }

    public String getSubjectName() {
        return this.subjectName;
    }

    public void setSubjectName(String str) {
        this.subjectName = str;
    }
}
