package org.picketlink.identity.federation.bindings.jboss.auth;

import java.security.Principal;
import java.security.acl.Group;
import java.util.Enumeration;
import java.util.List;
import java.util.Map;
import javax.security.auth.Subject;
import org.apache.log4j.Logger;
import org.jboss.security.SecurityContextAssociation;
import org.picketlink.identity.federation.core.wstrust.plugins.saml.SAML20TokenAttributeProvider;
import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType;
import org.picketlink.identity.federation.saml.v2.assertion.AttributeType;

/* loaded from: input_file:org/picketlink/identity/federation/bindings/jboss/auth/SAML20TokenRoleAttributeProvider.class */
public class SAML20TokenRoleAttributeProvider implements SAML20TokenAttributeProvider {
    private static Logger logger = Logger.getLogger(SAML20TokenRoleAttributeProvider.class);
    public static final String JBOSS_ROLE_PRINCIPAL_NAME = "Roles";
    public static final String DEFAULT_TOKEN_ROLE_ATTRIBUTE_NAME = "role";
    private String tokenRoleAttributeName;

    public void setProperties(Map<String, String> map) {
        this.tokenRoleAttributeName = map.get(getClass().getName() + ".tokenRoleAttributeName");
        if (this.tokenRoleAttributeName == null) {
            this.tokenRoleAttributeName = DEFAULT_TOKEN_ROLE_ATTRIBUTE_NAME;
        }
    }

    public AttributeStatementType getAttributeStatement() {
        Subject authenticatedSubject = SecurityContextAssociation.getSecurityContext().getSubjectInfo().getAuthenticatedSubject();
        if (authenticatedSubject == null) {
            if (!logger.isDebugEnabled()) {
                return null;
            }
            logger.debug("No authentication Subject found, cannot provide any user roles!");
            return null;
        }
        AttributeStatementType attributeStatementType = new AttributeStatementType();
        AttributeType attributeType = new AttributeType();
        attributeType.setName(this.tokenRoleAttributeName);
        attributeStatementType.getAttributeOrEncryptedAttribute().add(attributeType);
        List attributeValue = attributeType.getAttributeValue();
        for (Principal principal : authenticatedSubject.getPrincipals()) {
            if (JBOSS_ROLE_PRINCIPAL_NAME.equalsIgnoreCase(principal.getName())) {
                Enumeration<? extends Principal> members = ((Group) principal).members();
                while (members.hasMoreElements()) {
                    attributeValue.add(members.nextElement().getName());
                }
            }
        }
        if (logger.isDebugEnabled()) {
            logger.debug("Returning an AttributeStatement with a [" + this.tokenRoleAttributeName + "] attribute containing: " + attributeType.getAttributeValue());
        }
        return attributeStatementType;
    }
}
