package io.fabric8.quickstarts.camel.bridge.security;

import java.util.List;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.validate.Credential;
import org.apache.wss4j.dom.validate.SamlAssertionValidator;
import org.keycloak.OAuth2Constants;
import org.keycloak.adapters.authorization.util.KeycloakSecurityContextPlaceHolderResolver;
import org.opensaml.core.xml.schema.impl.XSStringImpl;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.AttributeStatement;

/* loaded from: input_file:BOOT-INF/classes/io/fabric8/quickstarts/camel/bridge/security/Saml2Validator.class */
public class Saml2Validator extends SamlAssertionValidator {
    @Override // org.apache.wss4j.dom.validate.SamlAssertionValidator, org.apache.wss4j.dom.validate.SignatureTrustValidator, org.apache.wss4j.dom.validate.Validator
    public Credential validate(Credential credential, RequestData requestData) throws WSSecurityException {
        Credential validate = super.validate(credential, requestData);
        SamlAssertionWrapper samlAssertion = validate.getSamlAssertion();
        if (!"admin".equals(samlAssertion.getSaml2().getSubject().getNameID().getValue())) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
        }
        if (!KeycloakSecurityContextPlaceHolderResolver.NAME.equals(samlAssertion.getIssuerString())) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
        }
        Assertion saml2 = samlAssertion.getSaml2();
        if (saml2 == null) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
        }
        List<AttributeStatement> attributeStatements = saml2.getAttributeStatements();
        if (attributeStatements == null || attributeStatements.isEmpty()) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
        }
        if (!"uma_authorization".contentEquals(((XSStringImpl) attributeStatements.get(0).getAttributes().get(0).getAttributeValues().get(0)).getValue())) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
        }
        if (OAuth2Constants.OFFLINE_ACCESS.contentEquals(((XSStringImpl) attributeStatements.get(0).getAttributes().get(0).getAttributeValues().get(1)).getValue())) {
            return validate;
        }
        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
    }
}
