package io.fabric8.quickstarts.camel.bridge.security;

import javax.net.ssl.HostnameVerifier;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.message.token.UsernameToken;
import org.apache.wss4j.dom.validate.Credential;
import org.apache.wss4j.dom.validate.Validator;
import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder;
import org.keycloak.admin.client.KeycloakBuilder;

/* loaded from: input_file:BOOT-INF/classes/io/fabric8/quickstarts/camel/bridge/security/KeycloakUTValidator.class */
public class KeycloakUTValidator implements Validator {
    private static Log log = LogFactory.getLog(KeycloakUTValidator.class);
    private String address;
    private String realm;

    @Override // org.apache.wss4j.dom.validate.Validator
    public Credential validate(Credential credential, RequestData requestData) throws WSSecurityException {
        if (credential == null || credential.getUsernametoken() == null) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noCredential");
        }
        UsernameToken usernametoken = credential.getUsernametoken();
        String passwordType = usernametoken.getPasswordType();
        if (log.isDebugEnabled()) {
            log.debug("UsernameToken user " + usernametoken.getName());
            log.debug("UsernameToken password type " + passwordType);
        }
        if (!"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText".equals(passwordType)) {
            if (log.isDebugEnabled()) {
                log.debug("Authentication failed - digest passwords are not accepted");
            }
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
        }
        if (usernametoken.getPassword() == null) {
            if (log.isDebugEnabled()) {
                log.debug("Authentication failed - no password was provided");
            }
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
        }
        try {
            KeycloakBuilder.builder().serverUrl(this.address).realm(this.realm).username(usernametoken.getName()).password(usernametoken.getPassword()).clientId("admin-cli").resteasyClient(new ResteasyClientBuilder().hostnameVerifier((HostnameVerifier) new AllowAllHostnameVerifier()).connectionPoolSize(10).build()).build().realm(this.realm).users().search(usernametoken.getName());
            return credential;
        } catch (RuntimeException e) {
            e.printStackTrace();
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
        }
    }

    public void setAddress(String str) {
        this.address = str;
    }

    public String getAddress() {
        return this.address;
    }

    public String getRealm() {
        return this.realm;
    }

    public void setRealm(String str) {
        this.realm = str;
    }
}
