package org.picketlink.identity.federation.bindings.jboss.auth;

import java.io.Serializable;
import java.security.Principal;
import javax.security.auth.Subject;
import org.jboss.aop.advice.Interceptor;
import org.jboss.aop.joinpoint.Invocation;
import org.jboss.logging.Logger;
import org.jboss.security.SecurityContext;
import org.picketlink.identity.federation.api.wstrust.WSTrustClient;
import org.picketlink.identity.federation.core.wstrust.STSClientConfig;
import org.picketlink.identity.federation.core.wstrust.SamlCredential;
import org.picketlink.identity.federation.core.wstrust.WSTrustException;
import org.w3c.dom.Element;

/* loaded from: input_file:jboss-as-7.1.1.Final/modules/org/picketlink/main/picketlink-bindings-jboss-2.0.2.Final.jar:org/picketlink/identity/federation/bindings/jboss/auth/STSClientInterceptor.class */
public class STSClientInterceptor implements Interceptor, Serializable {
    private static final long serialVersionUID = -4351623612864518960L;
    private static final Logger log = Logger.getLogger((Class<?>) STSClientInterceptor.class);
    private static boolean trace = log.isTraceEnabled();
    private String propertiesFile;
    private STSClientConfig.Builder builder;

    public String getName() {
        return getClass().getName();
    }

    public void setPropertiesFile(String str) {
        this.propertiesFile = str;
        if (trace) {
            log.trace("Constructing STSClientInterceptor using " + str + " as the configuration file");
        }
    }

    public Object invoke(Invocation invocation) throws Throwable {
        SecurityContext securityContext = (SecurityContext) invocation.getMetaData("security", "context");
        if (trace) {
            log.trace("Retrieved SecurityContext from invocation: " + securityContext);
        }
        if (securityContext != null) {
            Principal userPrincipal = securityContext.getUtil().getUserPrincipal();
            String str = (String) securityContext.getUtil().getCredential();
            if (this.builder == null) {
                if (this.propertiesFile == null) {
                    throw new IllegalStateException("PL00076: Option not set:Attribute propertiesFile must be set");
                }
                this.builder = new STSClientConfig.Builder(this.propertiesFile);
            }
            WSTrustClient wSTrustClient = new WSTrustClient(this.builder.getServiceName(), this.builder.getPortName(), this.builder.getEndpointAddress(), new WSTrustClient.SecurityInfo(userPrincipal.getName(), str));
            Element element = null;
            try {
                if (trace) {
                    log.trace("Invoking token service to get SAML assertion for " + userPrincipal.getName());
                }
                element = wSTrustClient.issueToken("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0");
                if (trace) {
                    log.trace("SAML assertion for " + userPrincipal.getName() + " successfully obtained");
                }
            } catch (WSTrustException e) {
                log.error("Unable to issue assertion", e);
            }
            if (element != null) {
                Subject subject = securityContext.getUtil().getSubject();
                SecurityContext createSecurityContext = SecurityActions.createSecurityContext();
                createSecurityContext.getUtil().createSubjectInfo(userPrincipal, new SamlCredential(element), subject);
                invocation.getMetaData().addMetaData("security", "context", createSecurityContext);
            }
        }
        return invocation.invokeNext();
    }
}
