package org.apache.wss4j.stax.impl.securityToken;

import java.io.IOException;
import java.security.Key;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.List;
import java.util.regex.Pattern;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.ext.WSPasswordCallback;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.principal.SAMLTokenPrincipal;
import org.apache.wss4j.common.saml.OpenSAMLUtil;
import org.apache.wss4j.common.saml.SAMLKeyInfo;
import org.apache.wss4j.common.saml.SAMLKeyInfoProcessor;
import org.apache.wss4j.common.saml.SAMLUtil;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.stax.ext.WSInboundSecurityContext;
import org.apache.wss4j.stax.ext.WSSSecurityProperties;
import org.apache.wss4j.stax.securityToken.SamlSecurityToken;
import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
import org.apache.xml.security.algorithms.JCEMapper;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.ext.XMLSecurityConstants;
import org.apache.xml.security.stax.impl.securityToken.AbstractInboundSecurityToken;
import org.apache.xml.security.stax.securityToken.InboundSecurityToken;
import org.apache.xml.security.stax.securityToken.SecurityTokenConstants;
import org.opensaml.saml.common.SAMLVersion;
import org.w3c.dom.Element;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-444.zip:modules/system/layers/fuse/org/apache/ws/security/2.1/wss4j-ws-security-stax-2.1.7.jar:org/apache/wss4j/stax/impl/securityToken/SamlSecurityTokenImpl.class */
public class SamlSecurityTokenImpl extends AbstractInboundSecurityToken implements SamlSecurityToken {
    private final SamlAssertionWrapper samlAssertionWrapper;
    private InboundSecurityToken subjectSecurityToken;
    private Crypto crypto;
    private WSSSecurityProperties securityProperties;
    private Principal principal;
    private SAMLKeyInfo subjectKeyInfo;
    private byte[] secret;
    private Key key;

    public SamlSecurityTokenImpl(WSInboundSecurityContext wSInboundSecurityContext, String str, SecurityTokenConstants.KeyIdentifier keyIdentifier, WSSSecurityProperties wSSSecurityProperties) throws WSSecurityException {
        super(wSInboundSecurityContext, str, keyIdentifier, false);
        this.securityProperties = wSSSecurityProperties;
        if (wSSSecurityProperties.getCallbackHandler() == null) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, "noToken", new Object[]{str});
        }
        WSPasswordCallback wSPasswordCallback = new WSPasswordCallback(str, 7);
        try {
            wSSSecurityProperties.getCallbackHandler().handle(new Callback[]{wSPasswordCallback});
            Element customToken = wSPasswordCallback.getCustomToken();
            if (customToken != null && "Assertion".equals(customToken.getLocalName()) && ("urn:oasis:names:tc:SAML:1.0:assertion".equals(customToken.getNamespaceURI()) || "urn:oasis:names:tc:SAML:2.0:assertion".equals(customToken.getNamespaceURI()))) {
                this.samlAssertionWrapper = new SamlAssertionWrapper(customToken);
                this.subjectKeyInfo = SAMLUtil.getCredentialFromSubject(this.samlAssertionWrapper, (SAMLKeyInfoProcessor) null, wSSSecurityProperties.getSignatureVerificationCrypto(), wSSSecurityProperties.getCallbackHandler());
            } else {
                this.samlAssertionWrapper = null;
                this.secret = wSPasswordCallback.getKey();
                this.key = wSPasswordCallback.getKeyObject();
                if (this.key instanceof PrivateKey) {
                    super.setAsymmetric(true);
                }
            }
            if (this.samlAssertionWrapper == null && this.secret == null && this.key == null) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, "noToken", new Object[]{str});
            }
        } catch (IOException | UnsupportedCallbackException e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e, "noPassword");
        }
    }

    public SamlSecurityTokenImpl(SamlAssertionWrapper samlAssertionWrapper, InboundSecurityToken inboundSecurityToken, WSInboundSecurityContext wSInboundSecurityContext, Crypto crypto, SecurityTokenConstants.KeyIdentifier keyIdentifier, WSSSecurityProperties wSSSecurityProperties) {
        super(wSInboundSecurityContext, samlAssertionWrapper.getId(), keyIdentifier, true);
        this.samlAssertionWrapper = samlAssertionWrapper;
        this.crypto = crypto;
        this.subjectSecurityToken = inboundSecurityToken;
        this.securityProperties = wSSSecurityProperties;
    }

    @Override // org.apache.xml.security.stax.impl.securityToken.AbstractSecurityToken, org.apache.xml.security.stax.securityToken.SecurityToken
    public boolean isAsymmetric() throws XMLSecurityException {
        if (this.subjectSecurityToken == null || !this.subjectSecurityToken.isAsymmetric()) {
            return super.isAsymmetric();
        }
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.xml.security.stax.impl.securityToken.AbstractInboundSecurityToken
    public Key getKey(String str, XMLSecurityConstants.AlgorithmUsage algorithmUsage, String str2) throws XMLSecurityException {
        Key key = null;
        if (this.key != null) {
            key = this.key;
        } else if (this.secret != null) {
            key = new SecretKeySpec(this.secret, JCEMapper.getJCEKeyAlgorithmFromURI(str));
        } else if (this.subjectSecurityToken != null) {
            key = this.subjectSecurityToken.getSecretKey(str, algorithmUsage, str2);
        } else if (this.subjectKeyInfo != null && this.subjectKeyInfo.getSecret() != null) {
            key = new SecretKeySpec(this.subjectKeyInfo.getSecret(), JCEMapper.getJCEKeyAlgorithmFromURI(str));
        }
        if (key == null) {
            return super.getKey(str, algorithmUsage, str2);
        }
        super.setSecretKey(str, key);
        return key;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.xml.security.stax.impl.securityToken.AbstractInboundSecurityToken
    public PublicKey getPubKey(String str, XMLSecurityConstants.AlgorithmUsage algorithmUsage, String str2) throws XMLSecurityException {
        return this.subjectSecurityToken != null ? this.subjectSecurityToken.getPublicKey(str, algorithmUsage, str2) : (this.subjectKeyInfo == null || this.subjectKeyInfo.getPublicKey() == null) ? super.getPubKey(str, algorithmUsage, str2) : this.subjectKeyInfo.getPublicKey();
    }

    @Override // org.apache.xml.security.stax.impl.securityToken.AbstractSecurityToken, org.apache.xml.security.stax.securityToken.SecurityToken
    public PublicKey getPublicKey() throws XMLSecurityException {
        return this.subjectSecurityToken != null ? this.subjectSecurityToken.getPublicKey() : (this.subjectKeyInfo == null || this.subjectKeyInfo.getPublicKey() == null) ? super.getPublicKey() : this.subjectKeyInfo.getPublicKey();
    }

    @Override // org.apache.xml.security.stax.impl.securityToken.AbstractSecurityToken, org.apache.xml.security.stax.securityToken.SecurityToken
    public X509Certificate[] getX509Certificates() throws XMLSecurityException {
        return this.subjectSecurityToken != null ? this.subjectSecurityToken.getX509Certificates() : (this.subjectKeyInfo == null || this.subjectKeyInfo.getCerts() == null) ? super.getX509Certificates() : this.subjectKeyInfo.getCerts();
    }

    @Override // org.apache.xml.security.stax.impl.securityToken.AbstractInboundSecurityToken, org.apache.xml.security.stax.securityToken.InboundSecurityToken
    public void verify() throws XMLSecurityException {
        if (this.samlAssertionWrapper == null) {
            return;
        }
        String str = null;
        List<String> confirmationMethods = this.samlAssertionWrapper.getConfirmationMethods();
        if (confirmationMethods != null && confirmationMethods.size() > 0) {
            str = confirmationMethods.get(0);
        }
        if (OpenSAMLUtil.isMethodHolderOfKey(str) || this.samlAssertionWrapper.isSigned()) {
            return;
        }
        X509Certificate[] x509Certificates = getX509Certificates();
        if (x509Certificates != null && x509Certificates.length > 0) {
            boolean z = false;
            Collection<Pattern> collection = null;
            if (this.securityProperties != null) {
                z = this.securityProperties.isEnableRevocation();
                collection = this.securityProperties.getSubjectCertConstraints();
            }
            this.crypto.verifyTrust(x509Certificates, z, collection);
        }
        PublicKey publicKey = getPublicKey();
        if (publicKey != null) {
            this.crypto.verifyTrust(publicKey);
        }
    }

    @Override // org.apache.xml.security.stax.securityToken.SecurityToken
    public SecurityTokenConstants.TokenType getTokenType() {
        return (this.samlAssertionWrapper == null || this.samlAssertionWrapper.getSamlVersion() != SAMLVersion.VERSION_10) ? (this.samlAssertionWrapper == null || this.samlAssertionWrapper.getSamlVersion() != SAMLVersion.VERSION_11) ? WSSecurityTokenConstants.SAML_20_TOKEN : WSSecurityTokenConstants.SAML_11_TOKEN : WSSecurityTokenConstants.SAML_10_TOKEN;
    }

    @Override // org.apache.wss4j.stax.securityToken.SubjectAndPrincipalSecurityToken
    public Subject getSubject() throws WSSecurityException {
        return null;
    }

    @Override // org.apache.wss4j.stax.securityToken.SubjectAndPrincipalSecurityToken
    public Principal getPrincipal() throws WSSecurityException {
        if (this.principal == null) {
            this.principal = new SAMLTokenPrincipal() { // from class: org.apache.wss4j.stax.impl.securityToken.SamlSecurityTokenImpl.1
                @Override // org.apache.wss4j.common.principal.SAMLTokenPrincipal
                public SamlAssertionWrapper getToken() {
                    return SamlSecurityTokenImpl.this.samlAssertionWrapper;
                }

                @Override // org.apache.wss4j.common.principal.SAMLTokenPrincipal, java.security.Principal
                public String getName() {
                    return SamlSecurityTokenImpl.this.samlAssertionWrapper.getSubjectName();
                }

                @Override // org.apache.wss4j.common.principal.SAMLTokenPrincipal
                public String getId() {
                    return SamlSecurityTokenImpl.this.samlAssertionWrapper.getId();
                }
            };
        }
        return this.principal;
    }

    @Override // org.apache.wss4j.stax.securityToken.SamlSecurityToken
    public SamlAssertionWrapper getSamlAssertionWrapper() {
        return this.samlAssertionWrapper;
    }
}
