package org.apache.cxf.sts.token.provider;

import java.util.ArrayList;
import org.apache.cxf.sts.request.ReceivedToken;
import org.apache.cxf.sts.request.TokenRequirements;
import org.apache.cxf.ws.security.sts.provider.STSException;
import org.apache.cxf.ws.security.sts.provider.model.secext.UsernameTokenType;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.principal.SAMLTokenPrincipalImpl;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.common.saml.bean.AttributeBean;
import org.apache.wss4j.common.saml.bean.AttributeStatementBean;
import org.w3c.dom.Element;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-310-11.zip:modules/system/layers/fuse/org/apache/cxf/3.1/cxf-services-sts-core-3.1.5.redhat-630310-11.jar:org/apache/cxf/sts/token/provider/DefaultAttributeStatementProvider.class */
public class DefaultAttributeStatementProvider implements AttributeStatementProvider {
    @Override // org.apache.cxf.sts.token.provider.AttributeStatementProvider
    public AttributeStatementBean getStatement(TokenProviderParameters tokenProviderParameters) {
        AttributeStatementBean attributeStatementBean = new AttributeStatementBean();
        ArrayList arrayList = new ArrayList();
        TokenRequirements tokenRequirements = tokenProviderParameters.getTokenRequirements();
        String tokenType = tokenRequirements.getTokenType();
        arrayList.add(createDefaultAttribute(tokenType));
        ReceivedToken actAs = tokenRequirements.getActAs();
        if (actAs != null) {
            try {
                AttributeBean handleAdditionalParameters = handleAdditionalParameters(actAs.getToken(), tokenType);
                if (!handleAdditionalParameters.getAttributeValues().isEmpty()) {
                    arrayList.add(handleAdditionalParameters);
                }
            } catch (WSSecurityException e) {
                throw new STSException(e.getMessage(), e);
            }
        }
        attributeStatementBean.setSamlAttributes(arrayList);
        return attributeStatementBean;
    }

    private AttributeBean createDefaultAttribute(String str) {
        AttributeBean attributeBean = new AttributeBean();
        if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1".equals(str) || "urn:oasis:names:tc:SAML:1.0:assertion".equals(str)) {
            attributeBean.setSimpleName("token-requestor");
            attributeBean.setQualifiedName("http://cxf.apache.org/sts");
        } else {
            attributeBean.setQualifiedName("token-requestor");
            attributeBean.setNameFormat("http://cxf.apache.org/sts");
        }
        attributeBean.addAttributeValue("authenticated");
        return attributeBean;
    }

    private AttributeBean handleAdditionalParameters(Object obj, String str) throws WSSecurityException {
        AttributeBean attributeBean = new AttributeBean();
        if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1".equals(str) || "urn:oasis:names:tc:SAML:1.0:assertion".equals(str)) {
            attributeBean.setSimpleName("ActAs");
            attributeBean.setQualifiedName("http://cxf.apache.org/sts");
        } else {
            attributeBean.setQualifiedName("ActAs");
            attributeBean.setNameFormat("http://cxf.apache.org/sts");
        }
        if (obj instanceof UsernameTokenType) {
            attributeBean.addAttributeValue(((UsernameTokenType) obj).getUsername().getValue());
        } else if (obj instanceof Element) {
            attributeBean.addAttributeValue(new SAMLTokenPrincipalImpl(new SamlAssertionWrapper((Element) obj)).getName());
        }
        return attributeBean;
    }
}
