package org.apache.cxf.sts.token.provider;

import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.callback.CallbackHandler;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.sts.STSPropertiesMBean;
import org.apache.cxf.sts.SignatureProperties;
import org.apache.cxf.sts.request.KeyRequirements;
import org.apache.cxf.sts.token.realm.RealmProperties;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.ext.WSPasswordCallback;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-343-04.zip:modules/system/layers/fuse/org/apache/cxf/3.1/cxf-services-sts-core-3.1.5.redhat-630343-04.jar:org/apache/cxf/sts/token/provider/AbstractSAMLTokenProvider.class */
public abstract class AbstractSAMLTokenProvider {
    private static final Logger LOG = LogUtils.getL7dLogger(AbstractSAMLTokenProvider.class);

    /* JADX INFO: Access modifiers changed from: protected */
    public void signToken(SamlAssertionWrapper samlAssertionWrapper, RealmProperties realmProperties, STSPropertiesMBean sTSPropertiesMBean, KeyRequirements keyRequirements) throws Exception {
        Crypto signatureCrypto = sTSPropertiesMBean.getSignatureCrypto();
        CallbackHandler callbackHandler = sTSPropertiesMBean.getCallbackHandler();
        SignatureProperties signatureProperties = sTSPropertiesMBean.getSignatureProperties();
        String signatureUsername = sTSPropertiesMBean.getSignatureUsername();
        if (realmProperties != null) {
            if (realmProperties.getSignatureCrypto() != null) {
                LOG.fine("SAMLRealm signature keystore used");
                signatureCrypto = realmProperties.getSignatureCrypto();
                callbackHandler = realmProperties.getCallbackHandler();
                signatureUsername = realmProperties.getSignatureAlias();
            }
            if (realmProperties.getSignatureProperties() != null) {
                signatureProperties = realmProperties.getSignatureProperties();
            }
        }
        String signatureAlgorithm = keyRequirements.getSignatureAlgorithm();
        if (signatureAlgorithm == null) {
            signatureAlgorithm = signatureProperties.getSignatureAlgorithm();
        } else if (!signatureProperties.getAcceptedSignatureAlgorithms().contains(signatureAlgorithm)) {
            signatureAlgorithm = signatureProperties.getSignatureAlgorithm();
            if (LOG.isLoggable(Level.FINE)) {
                LOG.fine("SignatureAlgorithm not supported, defaulting to: " + signatureAlgorithm);
            }
        }
        String c14nAlgorithm = keyRequirements.getC14nAlgorithm();
        if (c14nAlgorithm == null) {
            c14nAlgorithm = signatureProperties.getC14nAlgorithm();
        } else if (!signatureProperties.getAcceptedC14nAlgorithms().contains(c14nAlgorithm)) {
            c14nAlgorithm = signatureProperties.getC14nAlgorithm();
            if (LOG.isLoggable(Level.FINE)) {
                LOG.fine("C14nAlgorithm not supported, defaulting to: " + c14nAlgorithm);
            }
        }
        if ((signatureUsername == null || "".equals(signatureUsername)) && signatureCrypto != null) {
            signatureUsername = signatureCrypto.getDefaultX509Identifier();
            if (LOG.isLoggable(Level.FINE)) {
                LOG.fine("Signature alias is null so using default alias: " + signatureUsername);
            }
        }
        WSPasswordCallback[] wSPasswordCallbackArr = {new WSPasswordCallback(signatureUsername, 3)};
        LOG.fine("Creating SAML Token");
        callbackHandler.handle(wSPasswordCallbackArr);
        String password = wSPasswordCallbackArr[0].getPassword();
        LOG.fine("Signing SAML Token");
        samlAssertionWrapper.signAssertion(signatureUsername, password, signatureCrypto, signatureProperties.isUseKeyValue(), c14nAlgorithm, signatureAlgorithm, signatureProperties.getDigestAlgorithm());
    }
}
