package org.apache.cxf.systest.jaxrs.security.oauth2;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.message.Message;
import org.apache.cxf.phase.PhaseInterceptorChain;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.saml.SAMLCallback;
import org.apache.wss4j.common.saml.bean.ActionBean;
import org.apache.wss4j.common.saml.bean.AttributeBean;
import org.apache.wss4j.common.saml.bean.AttributeStatementBean;
import org.apache.wss4j.common.saml.bean.AudienceRestrictionBean;
import org.apache.wss4j.common.saml.bean.AuthDecisionStatementBean;
import org.apache.wss4j.common.saml.bean.AuthenticationStatementBean;
import org.apache.wss4j.common.saml.bean.ConditionsBean;
import org.apache.wss4j.common.saml.bean.SubjectBean;
import org.joda.time.DateTime;
import org.opensaml.common.SAMLVersion;

/* loaded from: input_file:org/apache/cxf/systest/jaxrs/security/oauth2/SamlCallbackHandler2.class */
public class SamlCallbackHandler2 implements CallbackHandler {
    public static final String PORT = BookServerOAuth2.PORT;
    private String confirmationMethod = "urn:oasis:names:tc:SAML:2.0:cm:bearer";

    public void setConfirmationMethod(String str) {
        this.confirmationMethod = str;
    }

    @Override // javax.security.auth.callback.CallbackHandler
    public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
        Message currentMessage = PhaseInterceptorChain.getCurrentMessage();
        for (int i = 0; i < callbackArr.length; i++) {
            if (callbackArr[i] instanceof SAMLCallback) {
                SAMLCallback sAMLCallback = (SAMLCallback) callbackArr[i];
                sAMLCallback.setSamlVersion(SAMLVersion.VERSION_20);
                sAMLCallback.setIssuer("alice");
                String str = currentMessage != null ? (String) currentMessage.getContextualProperty("saml.subject.name") : null;
                if (str == null) {
                    str = "alice";
                }
                SubjectBean subjectBean = new SubjectBean(str, "www.mock-sts.com", this.confirmationMethod);
                sAMLCallback.setSubject(subjectBean);
                ConditionsBean conditionsBean = new ConditionsBean();
                AudienceRestrictionBean audienceRestrictionBean = new AudienceRestrictionBean();
                audienceRestrictionBean.setAudienceURIs(Collections.singletonList("https://localhost:" + PORT + "/oauth2-auth/token"));
                conditionsBean.setAudienceRestrictions(Collections.singletonList(audienceRestrictionBean));
                sAMLCallback.setConditions(conditionsBean);
                AuthDecisionStatementBean authDecisionStatementBean = new AuthDecisionStatementBean();
                authDecisionStatementBean.setDecision(AuthDecisionStatementBean.Decision.INDETERMINATE);
                authDecisionStatementBean.setResource("https://sp.example.com/SAML2");
                ActionBean actionBean = new ActionBean();
                actionBean.setContents("Read");
                authDecisionStatementBean.setActions(Collections.singletonList(actionBean));
                sAMLCallback.setAuthDecisionStatementData(Collections.singletonList(authDecisionStatementBean));
                AuthenticationStatementBean authenticationStatementBean = new AuthenticationStatementBean();
                authenticationStatementBean.setSubject(subjectBean);
                authenticationStatementBean.setAuthenticationInstant(new DateTime());
                authenticationStatementBean.setSessionIndex("123456");
                authenticationStatementBean.setAuthenticationMethod("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport");
                sAMLCallback.setAuthenticationStatementData(Collections.singletonList(authenticationStatementBean));
                AttributeStatementBean attributeStatementBean = new AttributeStatementBean();
                attributeStatementBean.setSubject(subjectBean);
                List cast = currentMessage != null ? CastUtils.cast((List) currentMessage.getContextualProperty("saml.roles")) : null;
                if (cast == null) {
                    cast = Collections.singletonList("user");
                }
                ArrayList arrayList = new ArrayList();
                AttributeBean attributeBean = new AttributeBean();
                attributeBean.setSimpleName("subject-role");
                attributeBean.setQualifiedName("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role");
                attributeBean.setNameFormat("urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified");
                attributeBean.setAttributeValues(new ArrayList(cast));
                arrayList.add(attributeBean);
                List cast2 = currentMessage != null ? CastUtils.cast((List) currentMessage.getContextualProperty("saml.auth")) : null;
                if (cast2 == null) {
                    cast2 = Collections.singletonList("password");
                }
                AttributeBean attributeBean2 = new AttributeBean();
                attributeBean2.setSimpleName("http://claims/authentication");
                attributeBean2.setQualifiedName("http://claims/authentication");
                attributeBean2.setNameFormat("http://claims/authentication-format");
                attributeBean2.setAttributeValues(new ArrayList(cast2));
                arrayList.add(attributeBean2);
                attributeStatementBean.setSamlAttributes(arrayList);
                sAMLCallback.setAttributeStatementData(Collections.singletonList(attributeStatementBean));
                try {
                    sAMLCallback.setIssuerCrypto(CryptoFactory.getInstance("org/apache/cxf/systest/jaxrs/security/alice.properties"));
                    sAMLCallback.setIssuerKeyName("alice");
                    sAMLCallback.setIssuerKeyPassword("password");
                    sAMLCallback.setSignAssertion(true);
                } catch (WSSecurityException e) {
                    throw new IOException((Throwable) e);
                }
            }
        }
    }
}
