package org.apache.cxf.rt.security.saml.interceptor;

import java.security.Principal;
import java.util.logging.Logger;
import javax.security.auth.callback.CallbackHandler;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.configuration.security.AuthorizationPolicy;
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.message.Message;
import org.apache.cxf.rt.security.SecurityConstants;
import org.apache.cxf.rt.security.claims.ClaimCollection;
import org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext;
import org.apache.cxf.rt.security.saml.utils.SAMLUtils;
import org.apache.cxf.rt.security.utils.SecurityUtils;
import org.apache.cxf.security.SecurityContext;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.principal.WSUsernameTokenPrincipalImpl;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.message.token.UsernameToken;
import org.apache.wss4j.dom.validate.Credential;
import org.apache.wss4j.dom.validate.UsernameTokenValidator;
import org.apache.wss4j.dom.validate.Validator;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-343-07.zip:modules/system/layers/fuse/org/apache/cxf/3.1/cxf-rt-security-saml-3.1.5.redhat-630343-07.jar:org/apache/cxf/rt/security/saml/interceptor/WSS4JBasicAuthValidator.class */
public abstract class WSS4JBasicAuthValidator {
    private static final Logger LOG = LogUtils.getL7dLogger(WSS4JBasicAuthValidator.class);
    private static final String SAML_ROLE_ATTRIBUTENAME_DEFAULT = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role";
    private Validator validator;
    private CallbackHandler callbackHandler;

    /* JADX INFO: Access modifiers changed from: protected */
    public void validate(Message message) throws WSSecurityException {
        SecurityContext createSecurityContext;
        AuthorizationPolicy authorizationPolicy = (AuthorizationPolicy) message.get(AuthorizationPolicy.class);
        if (authorizationPolicy == null || authorizationPolicy.getUserName() == null || authorizationPolicy.getPassword() == null) {
            String str = null;
            if (authorizationPolicy != null) {
                str = authorizationPolicy.getUserName();
            }
            String str2 = "No user name and/or password is available, name: " + str;
            LOG.warning(str2);
            throw new SecurityException(str2);
        }
        UsernameToken convertPolicyToToken = convertPolicyToToken(authorizationPolicy);
        Credential credential = new Credential();
        credential.setUsernametoken(convertPolicyToToken);
        RequestData requestData = new RequestData();
        requestData.setMsgContext(message);
        requestData.setCallbackHandler(this.callbackHandler);
        Credential validate = getValidator().validate(credential, requestData);
        if (validate == null || validate.getPrincipal() == null) {
            WSUsernameTokenPrincipalImpl wSUsernameTokenPrincipalImpl = new WSUsernameTokenPrincipalImpl(authorizationPolicy.getUserName(), false);
            wSUsernameTokenPrincipalImpl.setPassword(authorizationPolicy.getPassword());
            createSecurityContext = createSecurityContext(wSUsernameTokenPrincipalImpl);
        } else {
            createSecurityContext = createSecurityContext(message, validate);
        }
        message.put((Class<Class>) SecurityContext.class, (Class) createSecurityContext);
    }

    protected UsernameToken convertPolicyToToken(AuthorizationPolicy authorizationPolicy) {
        UsernameToken usernameToken = new UsernameToken(false, DOMUtils.createDocument(), "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");
        usernameToken.setName(authorizationPolicy.getUserName());
        usernameToken.setPassword(authorizationPolicy.getPassword());
        return usernameToken;
    }

    protected SecurityContext createSecurityContext(final Principal principal) {
        return new SecurityContext() { // from class: org.apache.cxf.rt.security.saml.interceptor.WSS4JBasicAuthValidator.1
            @Override // org.apache.cxf.security.SecurityContext
            public Principal getUserPrincipal() {
                return principal;
            }

            @Override // org.apache.cxf.security.SecurityContext
            public boolean isUserInRole(String str) {
                return false;
            }
        };
    }

    protected SecurityContext createSecurityContext(Message message, Credential credential) {
        SamlAssertionWrapper transformedToken = credential.getTransformedToken();
        if (transformedToken == null) {
            transformedToken = credential.getSamlAssertion();
        }
        if (transformedToken == null) {
            return createSecurityContext(credential.getPrincipal());
        }
        String str = (String) SecurityUtils.getSecurityPropertyValue(SecurityConstants.SAML_ROLE_ATTRIBUTENAME, message);
        if (str == null || str.length() == 0) {
            str = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role";
        }
        ClaimCollection claims = SAMLUtils.getClaims(transformedToken);
        SAMLSecurityContext sAMLSecurityContext = new SAMLSecurityContext(credential.getPrincipal(), SAMLUtils.parseRolesFromClaims(claims, str, null), claims);
        sAMLSecurityContext.setIssuer(SAMLUtils.getIssuer(transformedToken));
        sAMLSecurityContext.setAssertionElement(SAMLUtils.getAssertionElement(transformedToken));
        return sAMLSecurityContext;
    }

    public Validator getValidator() {
        return this.validator != null ? this.validator : new UsernameTokenValidator();
    }

    public void setValidator(Validator validator) {
        this.validator = validator;
    }

    public CallbackHandler getCallbackHandler() {
        return this.callbackHandler;
    }

    public void setCallbackHandler(CallbackHandler callbackHandler) {
        this.callbackHandler = callbackHandler;
    }
}
