package org.apache.cxf.sts.token.provider;

import java.io.IOException;
import java.util.Collections;
import java.util.List;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.wss4j.common.saml.SAMLCallback;
import org.apache.wss4j.common.saml.bean.AttributeStatementBean;
import org.apache.wss4j.common.saml.bean.AuthDecisionStatementBean;
import org.apache.wss4j.common.saml.bean.AuthenticationStatementBean;
import org.apache.wss4j.common.saml.bean.ConditionsBean;
import org.apache.wss4j.common.saml.bean.SubjectBean;
import org.apache.wss4j.common.saml.bean.Version;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-329-07.zip:modules/system/layers/fuse/org/apache/cxf/3.1/cxf-services-sts-core-3.1.5.redhat-630329-07.jar:org/apache/cxf/sts/token/provider/SamlCallbackHandler.class */
public class SamlCallbackHandler implements CallbackHandler {
    private TokenProviderParameters tokenParameters;
    private List<AttributeStatementBean> attributeBeans;
    private List<AuthenticationStatementBean> authBeans;
    private List<AuthDecisionStatementBean> authDecisionBeans;
    private ConditionsBean conditionsBean;
    private SubjectBean subjectBean;
    private String issuer;

    public void setAttributeBeans(List<AttributeStatementBean> list) {
        this.attributeBeans = list;
    }

    public void setAuthenticationBeans(List<AuthenticationStatementBean> list) {
        this.authBeans = list;
    }

    public void setAuthDecisionStatementBeans(List<AuthDecisionStatementBean> list) {
        this.authDecisionBeans = list;
    }

    public void setSubjectBean(SubjectBean subjectBean) {
        this.subjectBean = subjectBean;
    }

    public void setConditionsBean(ConditionsBean conditionsBean) {
        this.conditionsBean = conditionsBean;
    }

    public void setTokenProviderParameters(TokenProviderParameters tokenProviderParameters) {
        this.tokenParameters = tokenProviderParameters;
    }

    public void setIssuer(String str) {
        this.issuer = str;
    }

    @Override // javax.security.auth.callback.CallbackHandler
    public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
        for (Callback callback : callbackArr) {
            if (callback instanceof SAMLCallback) {
                SAMLCallback sAMLCallback = (SAMLCallback) callback;
                if (this.subjectBean != null) {
                    sAMLCallback.setSubject(this.subjectBean);
                }
                String tokenType = this.tokenParameters.getTokenRequirements().getTokenType();
                boolean z = false;
                if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1".equals(tokenType) || "urn:oasis:names:tc:SAML:1.0:assertion".equals(tokenType)) {
                    sAMLCallback.setSamlVersion(Version.SAML_11);
                    z = true;
                    setSubjectOnBeans();
                } else {
                    sAMLCallback.setSamlVersion(Version.SAML_20);
                }
                if (this.issuer == null) {
                    sAMLCallback.setIssuer(this.tokenParameters.getStsProperties().getIssuer());
                } else {
                    sAMLCallback.setIssuer(this.issuer);
                }
                boolean z2 = false;
                if (this.attributeBeans != null && !this.attributeBeans.isEmpty()) {
                    sAMLCallback.setAttributeStatementData(this.attributeBeans);
                    z2 = true;
                }
                if (this.authBeans != null && !this.authBeans.isEmpty()) {
                    sAMLCallback.setAuthenticationStatementData(this.authBeans);
                    z2 = true;
                }
                if (this.authDecisionBeans != null && !this.authDecisionBeans.isEmpty()) {
                    sAMLCallback.setAuthDecisionStatementData(this.authDecisionBeans);
                    z2 = true;
                }
                if (z && !z2) {
                    AttributeStatementBean statement = new DefaultAttributeStatementProvider().getStatement(this.tokenParameters);
                    statement.setSubject(this.subjectBean);
                    sAMLCallback.setAttributeStatementData(Collections.singletonList(statement));
                }
                sAMLCallback.setConditions(this.conditionsBean);
            }
        }
    }

    private void setSubjectOnBeans() {
        if (this.attributeBeans != null) {
            for (AttributeStatementBean attributeStatementBean : this.attributeBeans) {
                if (attributeStatementBean.getSubject() == null) {
                    attributeStatementBean.setSubject(this.subjectBean);
                }
            }
        }
        if (this.authBeans != null) {
            for (AuthenticationStatementBean authenticationStatementBean : this.authBeans) {
                if (authenticationStatementBean.getSubject() == null) {
                    authenticationStatementBean.setSubject(this.subjectBean);
                }
            }
        }
        if (this.authDecisionBeans != null) {
            for (AuthDecisionStatementBean authDecisionStatementBean : this.authDecisionBeans) {
                if (authDecisionStatementBean.getSubject() == null) {
                    authDecisionStatementBean.setSubject(this.subjectBean);
                }
            }
        }
    }
}
