package org.picketlink.trust.jbossws.handler;

import java.security.Principal;
import java.security.acl.Group;
import java.util.Enumeration;
import javax.security.auth.Subject;
import org.apache.cxf.phase.PhaseInterceptorChain;
import org.apache.cxf.security.SecurityContext;
import org.picketlink.identity.federation.core.wstrust.SamlCredential;

/* loaded from: input_file:org/picketlink/trust/jbossws/handler/SAML2Handler.class */
public class SAML2Handler extends AbstractSAML2Handler {
    protected void createSecurityContext(SamlCredential samlCredential, Subject subject, Principal principal) {
        super.createSecurityContext(samlCredential, subject, principal);
        SecurityContext createCXFSecurityContext = createCXFSecurityContext(subject, principal);
        if (PhaseInterceptorChain.getCurrentMessage() != null) {
            PhaseInterceptorChain.getCurrentMessage().put(SecurityContext.class, createCXFSecurityContext);
        }
    }

    private SecurityContext createCXFSecurityContext(final Subject subject, final Principal principal) {
        return new SecurityContext() { // from class: org.picketlink.trust.jbossws.handler.SAML2Handler.1
            public boolean isUserInRole(String str) {
                if (subject == null || subject.getPrincipals().size() <= 1) {
                    return false;
                }
                for (Principal principal2 : subject.getPrincipals()) {
                    if ((principal2 instanceof Group) && SAML2Handler.this.checkGroup((Group) principal2, str)) {
                        return true;
                    }
                }
                return false;
            }

            public Principal getUserPrincipal() {
                return principal;
            }
        };
    }

    protected boolean checkGroup(Group group, String str) {
        if (group.getName().equals(str)) {
            return true;
        }
        Enumeration<? extends Principal> members = group.members();
        while (members.hasMoreElements()) {
            Principal nextElement = members.nextElement();
            if (nextElement.getName().equals(str)) {
                return true;
            }
            if ((nextElement instanceof Group) && checkGroup((Group) nextElement, str)) {
                return true;
            }
        }
        return false;
    }
}
