package org.apache.cxf.sts.token.validator;

import java.util.HashMap;
import java.util.Properties;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.sts.STSConstants;
import org.apache.cxf.sts.request.ReceivedToken;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.dom.message.token.SecurityContextToken;
import org.w3c.dom.Element;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.2.1.redhat-222-01.zip:modules/system/layers/fuse/org/apache/cxf/3.0/cxf-services-sts-core-3.0.4.redhat-621222-01.jar:org/apache/cxf/sts/token/validator/SCTValidator.class */
public class SCTValidator implements TokenValidator {
    public static final String SCT_VALIDATOR_SECRET = "sct-validator-secret";
    private static final Logger LOG = LogUtils.getL7dLogger(SCTValidator.class);

    @Override // org.apache.cxf.sts.token.validator.TokenValidator
    public boolean canHandleToken(ReceivedToken receivedToken) {
        return canHandleToken(receivedToken, null);
    }

    @Override // org.apache.cxf.sts.token.validator.TokenValidator
    public boolean canHandleToken(ReceivedToken receivedToken, String str) {
        Object token = receivedToken.getToken();
        if (!(token instanceof Element)) {
            return false;
        }
        Element element = (Element) token;
        String namespaceURI = element.getNamespaceURI();
        return ("http://schemas.xmlsoap.org/ws/2005/02/sc".equals(namespaceURI) || "http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512".equals(namespaceURI)) && "SecurityContextToken".equals(element.getLocalName());
    }

    @Override // org.apache.cxf.sts.token.validator.TokenValidator
    public TokenValidatorResponse validateToken(TokenValidatorParameters tokenValidatorParameters) {
        LOG.fine("Validating SecurityContextToken");
        TokenValidatorResponse tokenValidatorResponse = new TokenValidatorResponse();
        ReceivedToken token = tokenValidatorParameters.getToken();
        token.setState(ReceivedToken.STATE.INVALID);
        tokenValidatorResponse.setToken(token);
        if (tokenValidatorParameters.getTokenStore() == null) {
            LOG.log(Level.FINE, "A cache must be configured to use the SCTValidator");
            return tokenValidatorResponse;
        }
        if (token.isDOMElement()) {
            try {
                String identifier = new SecurityContextToken((Element) token.getToken()).getIdentifier();
                SecurityToken token2 = tokenValidatorParameters.getTokenStore().getToken(identifier);
                if (token2 == null) {
                    LOG.fine("Identifier: " + identifier + " is not found in the cache");
                    return tokenValidatorResponse;
                }
                if (token2.isExpired()) {
                    token.setState(ReceivedToken.STATE.EXPIRED);
                    LOG.fine("Token: " + identifier + " is in the cache but expired");
                    return tokenValidatorResponse;
                }
                byte[] secret = token2.getSecret();
                HashMap hashMap = new HashMap();
                hashMap.put(SCT_VALIDATOR_SECRET, secret);
                tokenValidatorResponse.setAdditionalProperties(hashMap);
                tokenValidatorResponse.setPrincipal(token2.getPrincipal());
                Properties properties = token2.getProperties();
                if (properties != null) {
                    tokenValidatorResponse.setTokenRealm(properties.getProperty(STSConstants.TOKEN_REALM));
                }
                token.setState(ReceivedToken.STATE.VALID);
            } catch (WSSecurityException e) {
                LOG.log(Level.WARNING, "", (Throwable) e);
            }
        }
        return tokenValidatorResponse;
    }
}
