package org.apache.cxf.sts.token.provider;

import java.util.ArrayList;
import java.util.Collections;
import org.apache.cxf.sts.request.ReceivedToken;
import org.apache.cxf.sts.request.TokenRequirements;
import org.apache.cxf.ws.security.sts.provider.STSException;
import org.apache.cxf.ws.security.sts.provider.model.secext.UsernameTokenType;
import org.apache.ws.security.SAMLTokenPrincipal;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.saml.ext.AssertionWrapper;
import org.apache.ws.security.saml.ext.bean.AttributeBean;
import org.apache.ws.security.saml.ext.bean.AttributeStatementBean;
import org.w3c.dom.Element;

/* loaded from: input_file:WEB-INF/lib/cxf-services-sts-core-2.7.12-jboss-1-SNAPSHOT.jar:org/apache/cxf/sts/token/provider/DefaultAttributeStatementProvider.class */
public class DefaultAttributeStatementProvider implements AttributeStatementProvider {
    @Override // org.apache.cxf.sts.token.provider.AttributeStatementProvider
    public AttributeStatementBean getStatement(TokenProviderParameters tokenProviderParameters) {
        AttributeStatementBean attributeStatementBean = new AttributeStatementBean();
        ArrayList arrayList = new ArrayList();
        TokenRequirements tokenRequirements = tokenProviderParameters.getTokenRequirements();
        String tokenType = tokenRequirements.getTokenType();
        arrayList.add(createDefaultAttribute(tokenType));
        ReceivedToken actAs = tokenRequirements.getActAs();
        if (actAs != null) {
            try {
                AttributeBean handleAdditionalParameters = handleAdditionalParameters(actAs.getToken(), tokenType);
                if (!handleAdditionalParameters.getAttributeValues().isEmpty()) {
                    arrayList.add(handleAdditionalParameters);
                }
            } catch (WSSecurityException e) {
                throw new STSException(e.getMessage(), e);
            }
        }
        attributeStatementBean.setSamlAttributes(arrayList);
        return attributeStatementBean;
    }

    private AttributeBean createDefaultAttribute(String str) {
        AttributeBean attributeBean = new AttributeBean();
        if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(str) || "urn:oasis:names:tc:SAML:2.0:assertion".equals(str)) {
            attributeBean.setQualifiedName("token-requestor");
            attributeBean.setNameFormat("http://cxf.apache.org/sts");
        } else {
            attributeBean.setSimpleName("token-requestor");
            attributeBean.setQualifiedName("http://cxf.apache.org/sts");
        }
        attributeBean.setAttributeValues(Collections.singletonList("authenticated"));
        return attributeBean;
    }

    private AttributeBean handleAdditionalParameters(Object obj, String str) throws WSSecurityException {
        AttributeBean attributeBean = new AttributeBean();
        if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(str) || "urn:oasis:names:tc:SAML:2.0:assertion".equals(str)) {
            attributeBean.setQualifiedName("ActAs");
            attributeBean.setNameFormat("http://cxf.apache.org/sts");
        } else {
            attributeBean.setSimpleName("ActAs");
            attributeBean.setQualifiedName("http://cxf.apache.org/sts");
        }
        if (obj instanceof UsernameTokenType) {
            attributeBean.setAttributeValues(Collections.singletonList(((UsernameTokenType) obj).getUsername().getValue()));
        } else if (obj instanceof Element) {
            attributeBean.setAttributeValues(Collections.singletonList(new SAMLTokenPrincipal(new AssertionWrapper((Element) obj)).getName()));
        }
        return attributeBean;
    }
}
