package org.apache.cxf.ws.security.policy.interceptors;

import java.util.HashMap;
import java.util.logging.Logger;
import javax.xml.namespace.QName;
import org.apache.cxf.Bus;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.Message;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.phase.Phase;
import org.apache.cxf.rt.security.SecurityConstants;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.cxf.ws.security.trust.DefaultSTSTokenCacher;
import org.apache.cxf.ws.security.trust.STSClient;
import org.apache.cxf.ws.security.trust.STSTokenCacher;
import org.apache.cxf.ws.security.trust.STSTokenRetriever;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-343-04.zip:modules/system/layers/fuse/org/apache/cxf/3.1/cxf-rt-ws-security-3.1.5.redhat-630343-04.jar:org/apache/cxf/ws/security/policy/interceptors/STSTokenOutInterceptor.class */
public class STSTokenOutInterceptor extends AbstractPhaseInterceptor<Message> {
    private static final String TOKEN_TYPE_SAML_2_0 = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0";
    private static final String KEY_TYPE_X509 = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey";
    private STSClient stsClient;
    private STSTokenRetriever.TokenRequestParams tokenParams;
    private STSTokenCacher tokenCacher;
    private static final Logger LOG = LogUtils.getL7dLogger(STSTokenOutInterceptor.class);
    private static final String WS_TRUST_NS = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/";
    private static final QName STS_SERVICE_NAME = new QName(WS_TRUST_NS, "SecurityTokenService");
    private static final QName X509_ENDPOINT = new QName(WS_TRUST_NS, "X509_Port");
    private static final QName TRANSPORT_ENDPOINT = new QName(WS_TRUST_NS, "Transport_Port");

    @Deprecated
    /* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-343-04.zip:modules/system/layers/fuse/org/apache/cxf/3.1/cxf-rt-ws-security-3.1.5.redhat-630343-04.jar:org/apache/cxf/ws/security/policy/interceptors/STSTokenOutInterceptor$AuthMode.class */
    public enum AuthMode {
        X509(STSTokenOutInterceptor.X509_ENDPOINT, "http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey"),
        TRANSPORT(STSTokenOutInterceptor.TRANSPORT_ENDPOINT, null);

        private final QName endpointName;
        private final String keyType;

        AuthMode(QName qName, String str) {
            this.endpointName = qName;
            this.keyType = str;
        }

        public QName getEndpointName() {
            return this.endpointName;
        }

        public String getKeyType() {
            return this.keyType;
        }
    }

    /* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-343-04.zip:modules/system/layers/fuse/org/apache/cxf/3.1/cxf-rt-ws-security-3.1.5.redhat-630343-04.jar:org/apache/cxf/ws/security/policy/interceptors/STSTokenOutInterceptor$AuthParams.class */
    public static class AuthParams {
        private final AuthMode authMode;
        private final String userName;
        private final String callbackHandler;
        private final String alias;
        private final String keystoreProperties;

        public AuthParams(AuthMode authMode, String str, String str2) {
            this(authMode, str, str2, null, null);
        }

        public AuthParams(AuthMode authMode, String str, String str2, String str3, String str4) {
            this.authMode = authMode;
            this.userName = str;
            this.callbackHandler = str2;
            this.alias = str3;
            this.keystoreProperties = str4;
        }

        public AuthMode getAuthMode() {
            return this.authMode;
        }

        public String getUserName() {
            return this.userName;
        }

        public String getCallbackHandler() {
            return this.callbackHandler;
        }

        public String getAlias() {
            return this.alias;
        }

        public String getKeystoreProperties() {
            return this.keystoreProperties;
        }
    }

    public STSTokenOutInterceptor(AuthParams authParams, String str, Bus bus) {
        this(Phase.PREPARE_SEND, authParams, str, bus);
    }

    public STSTokenOutInterceptor(String str, AuthParams authParams, String str2, Bus bus) {
        super(str);
        this.tokenCacher = new DefaultSTSTokenCacher();
        this.stsClient = configureBasicSTSClient(authParams, str2, bus);
        this.tokenParams = new STSTokenRetriever.TokenRequestParams();
    }

    public STSTokenOutInterceptor(STSClient sTSClient) {
        this(Phase.PREPARE_SEND, sTSClient, new STSTokenRetriever.TokenRequestParams());
    }

    public STSTokenOutInterceptor(STSClient sTSClient, STSTokenRetriever.TokenRequestParams tokenRequestParams) {
        this(Phase.PREPARE_SEND, sTSClient, tokenRequestParams);
    }

    public STSTokenOutInterceptor(String str, STSClient sTSClient, STSTokenRetriever.TokenRequestParams tokenRequestParams) {
        super(str);
        this.tokenCacher = new DefaultSTSTokenCacher();
        this.stsClient = sTSClient;
        this.tokenParams = tokenRequestParams;
    }

    @Override // org.apache.cxf.interceptor.Interceptor
    public void handleMessage(Message message) throws Fault {
        if (this.stsClient != null) {
            message.put(SecurityConstants.STS_CLIENT, this.stsClient);
        }
        SecurityToken token = STSTokenRetriever.getToken(message, this.tokenParams, this.tokenCacher);
        if (token == null) {
            LOG.warning("Security token was not retrieved from STS");
        }
        processToken(message, token);
    }

    protected void processToken(Message message, SecurityToken securityToken) {
    }

    public STSClient getSTSClient() {
        return this.stsClient;
    }

    public STSTokenCacher getTokenCacher() {
        return this.tokenCacher;
    }

    public void setTokenCacher(STSTokenCacher sTSTokenCacher) {
        this.tokenCacher = sTSTokenCacher;
    }

    private STSClient configureBasicSTSClient(AuthParams authParams, String str, Bus bus) {
        STSClient sTSClient = new STSClient(bus);
        sTSClient.setWsdlLocation(str);
        sTSClient.setServiceName(STS_SERVICE_NAME.toString());
        sTSClient.setEndpointName(authParams.getAuthMode().endpointName.toString());
        if (authParams.getAuthMode().getKeyType() != null) {
            sTSClient.setKeyType(authParams.getAuthMode().getKeyType());
        } else {
            sTSClient.setSendKeyType(false);
        }
        sTSClient.setTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0");
        sTSClient.setAllowRenewingAfterExpiry(true);
        sTSClient.setEnableLifetime(true);
        HashMap hashMap = new HashMap();
        if (authParams.getUserName() != null) {
            hashMap.put(SecurityConstants.USERNAME, authParams.getUserName());
        }
        hashMap.put(SecurityConstants.CALLBACK_HANDLER, authParams.getCallbackHandler());
        if (authParams.getKeystoreProperties() != null && authParams.getKeystoreProperties() != null) {
            hashMap.put(SecurityConstants.ENCRYPT_USERNAME, authParams.getAlias());
            hashMap.put(SecurityConstants.ENCRYPT_PROPERTIES, authParams.getKeystoreProperties());
            hashMap.put(SecurityConstants.SIGNATURE_PROPERTIES, authParams.getKeystoreProperties());
            hashMap.put(SecurityConstants.STS_TOKEN_USERNAME, authParams.getAlias());
            hashMap.put(SecurityConstants.STS_TOKEN_PROPERTIES, authParams.getKeystoreProperties());
            hashMap.put(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO, "true");
        }
        sTSClient.setProperties(hashMap);
        return sTSClient;
    }
}
