package io.fabric8.quickstarts.camel.bridge.security;

import java.io.IOException;
import java.util.HashMap;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.cxf.Bus;
import org.apache.cxf.BusFactory;
import org.apache.cxf.ext.logging.LoggingInInterceptor;
import org.apache.cxf.ext.logging.LoggingOutInterceptor;
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.phase.PhaseInterceptorChain;
import org.apache.cxf.rt.security.SecurityConstants;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.cxf.ws.security.trust.STSClient;
import org.apache.wss4j.common.saml.SAMLCallback;
import org.opensaml.soap.wstrust.Claims;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:BOOT-INF/classes/io/fabric8/quickstarts/camel/bridge/security/StsSamlCallbackHandler.class */
public class StsSamlCallbackHandler implements CallbackHandler {
    private static final String SAML2_TOKEN_TYPE = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0";
    private static final String BEARER_KEYTYPE = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer";
    private String userName = null;

    @Override // javax.security.auth.callback.CallbackHandler
    public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
        Bus defaultBus = BusFactory.getDefaultBus();
        this.userName = (String) PhaseInterceptorChain.getCurrentMessage().getContextualProperty("cxf.UserName");
        try {
            SecurityToken requestSecurityToken = requestSecurityToken("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0", "http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer", defaultBus, "http://localhost:8080/cxf/UT");
            for (int i = 0; i < callbackArr.length; i++) {
                if (callbackArr[i] instanceof SAMLCallback) {
                    ((SAMLCallback) callbackArr[i]).setAssertionElement(requestSecurityToken.getToken());
                }
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    private SecurityToken requestSecurityToken(String str, String str2, Bus bus, String str3) throws Exception {
        STSClient sTSClient = new STSClient(bus);
        sTSClient.setWsdlLocation(str3 + "?wsdl");
        sTSClient.setServiceName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService");
        sTSClient.setEndpointName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}UT_Port");
        sTSClient.setEnableAppliesTo(false);
        sTSClient.setClaims(createClaims());
        HashMap hashMap = new HashMap();
        hashMap.put(SecurityConstants.USERNAME, this.userName);
        hashMap.put(SecurityConstants.CALLBACK_HANDLER, new UTPasswordCallback());
        sTSClient.setProperties(hashMap);
        sTSClient.setTokenType(str);
        sTSClient.setKeyType(str2);
        sTSClient.getOutInterceptors().add(new LoggingOutInterceptor());
        sTSClient.getInInterceptors().add(new LoggingInInterceptor());
        return sTSClient.requestSecurityToken(str3);
    }

    private Element createClaims() {
        Document emptyDocument = DOMUtils.getEmptyDocument();
        Element createElementNS = emptyDocument.createElementNS("http://docs.oasis-open.org/ws-sx/ws-trust/200512", "Claims");
        createElementNS.setAttributeNS(null, Claims.DIALECT_ATTRIB_NAME, "http://schemas.xmlsoap.org/ws/2005/05/identity");
        Element createElementNS2 = emptyDocument.createElementNS("http://schemas.xmlsoap.org/ws/2005/05/identity", "ClaimType");
        createElementNS2.setAttributeNS(null, "Uri", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role");
        createElementNS.appendChild(createElementNS2);
        return createElementNS;
    }
}
