package org.apache.wss4j.stax.validate;

import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.apache.commons.codec.binary.Base64;
import org.apache.wss4j.binding.wss10.EncodedString;
import org.apache.wss4j.binding.wss10.PasswordString;
import org.apache.wss4j.binding.wss10.UsernameTokenType;
import org.apache.wss4j.binding.wsu10.AttributedDateTime;
import org.apache.wss4j.common.NamePasswordCallbackHandler;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.stax.ext.WSSConstants;
import org.apache.wss4j.stax.impl.securityToken.UsernameSecurityTokenImpl;
import org.apache.wss4j.stax.securityToken.UsernameSecurityToken;
import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
import org.apache.xml.security.stax.ext.XMLSecurityUtils;
import org.apache.xml.security.stax.securityToken.InboundSecurityToken;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.2.1.redhat-020.zip:modules/system/layers/fuse/org/apache/ws/security/2.0/wss4j-ws-security-stax-2.0.3.jar:org/apache/wss4j/stax/validate/JAASUsernameTokenValidatorImpl.class */
public class JAASUsernameTokenValidatorImpl implements UsernameTokenValidator {
    private static final transient Logger log = LoggerFactory.getLogger(JAASUsernameTokenValidatorImpl.class);
    private String contextName = null;

    public void setContextName(String str) {
        this.contextName = str;
    }

    public String getContextName() {
        return this.contextName;
    }

    @Override // org.apache.wss4j.stax.validate.UsernameTokenValidator
    public <T extends UsernameSecurityToken & InboundSecurityToken> T validate(UsernameTokenType usernameTokenType, TokenContext tokenContext) throws WSSecurityException {
        PasswordString passwordString = (PasswordString) XMLSecurityUtils.getQNameType(usernameTokenType.getAny(), WSSConstants.TAG_wsse_Password);
        WSSConstants.UsernameTokenPasswordType usernameTokenPasswordType = WSSConstants.UsernameTokenPasswordType.PASSWORD_NONE;
        if (passwordString != null && passwordString.getType() != null) {
            usernameTokenPasswordType = WSSConstants.UsernameTokenPasswordType.getUsernameTokenPasswordType(passwordString.getType());
        }
        if (usernameTokenPasswordType != WSSConstants.UsernameTokenPasswordType.PASSWORD_TEXT) {
            log.warn("Password type is not supported");
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
        }
        String str = null;
        if (usernameTokenType.getUsername() != null) {
            str = usernameTokenType.getUsername().getValue();
        }
        String str2 = null;
        if (passwordString != null) {
            str2 = passwordString.getValue();
        }
        if (str == null || str.isEmpty() || str2 == null || str2.isEmpty()) {
            log.warn("User or password empty");
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
        }
        try {
            LoginContext loginContext = new LoginContext(getContextName(), getCallbackHandler(str, str2));
            loginContext.login();
            Subject subject = loginContext.getSubject();
            EncodedString encodedString = (EncodedString) XMLSecurityUtils.getQNameType(usernameTokenType.getAny(), WSSConstants.TAG_wsse_Nonce);
            byte[] bArr = null;
            if (encodedString != null) {
                if (!"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary".equals(encodedString.getEncodingType())) {
                    throw new WSSecurityException(WSSecurityException.ErrorCode.UNSUPPORTED_SECURITY_TOKEN, "badTokenType01", new Object[0]);
                }
                bArr = Base64.decodeBase64(encodedString.getValue());
            }
            AttributedDateTime attributedDateTime = (AttributedDateTime) XMLSecurityUtils.getQNameType(usernameTokenType.getAny(), WSSConstants.TAG_wsu_Created);
            UsernameSecurityTokenImpl usernameSecurityTokenImpl = new UsernameSecurityTokenImpl(usernameTokenPasswordType, str, str2, attributedDateTime != null ? attributedDateTime.getValue() : null, bArr, null, null, tokenContext.getWsSecurityContext(), usernameTokenType.getId(), WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference);
            usernameSecurityTokenImpl.setElementPath(tokenContext.getElementPath());
            usernameSecurityTokenImpl.setXMLSecEvent(tokenContext.getFirstXMLSecEvent());
            usernameSecurityTokenImpl.setSubject(subject);
            return usernameSecurityTokenImpl;
        } catch (LoginException e) {
            log.info("Authentication failed", e);
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION, e);
        }
    }

    protected CallbackHandler getCallbackHandler(String str, String str2) {
        return new NamePasswordCallbackHandler(str, str2);
    }
}
