package org.apache.cxf.systest.jaxrs.security.saml;

import java.io.IOException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.message.Message;
import org.apache.cxf.phase.PhaseInterceptorChain;
import org.apache.cxf.rs.security.common.CryptoLoader;
import org.apache.cxf.rs.security.common.SecurityUtils;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.saml.ext.SAMLCallback;
import org.apache.ws.security.saml.ext.bean.ActionBean;
import org.apache.ws.security.saml.ext.bean.AttributeBean;
import org.apache.ws.security.saml.ext.bean.AttributeStatementBean;
import org.apache.ws.security.saml.ext.bean.AuthDecisionStatementBean;
import org.apache.ws.security.saml.ext.bean.AuthenticationStatementBean;
import org.apache.ws.security.saml.ext.bean.ConditionsBean;
import org.apache.ws.security.saml.ext.bean.KeyInfoBean;
import org.apache.ws.security.saml.ext.bean.SubjectBean;
import org.joda.time.DateTime;
import org.opensaml.common.SAMLVersion;

/* loaded from: input_file:org/apache/cxf/systest/jaxrs/security/saml/SamlCallbackHandler.class */
public class SamlCallbackHandler implements CallbackHandler {
    private boolean saml2;
    private String confirmationMethod;

    public SamlCallbackHandler() {
        this.saml2 = true;
        this.confirmationMethod = "urn:oasis:names:tc:SAML:2.0:cm:sender-vouches";
    }

    public SamlCallbackHandler(boolean z) {
        this.saml2 = true;
        this.confirmationMethod = "urn:oasis:names:tc:SAML:2.0:cm:sender-vouches";
        this.saml2 = z;
    }

    public void setConfirmationMethod(String str) {
        this.confirmationMethod = str;
    }

    @Override // javax.security.auth.callback.CallbackHandler
    public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
        Message currentMessage = PhaseInterceptorChain.getCurrentMessage();
        for (int i = 0; i < callbackArr.length; i++) {
            if (callbackArr[i] instanceof SAMLCallback) {
                SAMLCallback sAMLCallback = (SAMLCallback) callbackArr[i];
                if (this.saml2) {
                    sAMLCallback.setSamlVersion(SAMLVersion.VERSION_20);
                } else {
                    sAMLCallback.setSamlVersion(SAMLVersion.VERSION_11);
                }
                sAMLCallback.setIssuer("https://idp.example.org/SAML2");
                String str = (String) currentMessage.getContextualProperty("saml.subject.name");
                if (str == null) {
                    str = "uid=sts-client,o=mock-sts.com";
                }
                if (!this.saml2 && "urn:oasis:names:tc:SAML:2.0:cm:sender-vouches".equals(this.confirmationMethod)) {
                    this.confirmationMethod = "urn:oasis:names:tc:SAML:1.0:cm:sender-vouches";
                }
                SubjectBean subjectBean = new SubjectBean(str, "www.mock-sts.com", this.confirmationMethod);
                if ("urn:oasis:names:tc:SAML:2.0:cm:holder-of-key".equals(this.confirmationMethod)) {
                    try {
                        Crypto crypto = new CryptoLoader().getCrypto(currentMessage, "ws-security.signature.crypto", "ws-security.signature.properties");
                        X509Certificate x509Certificate = SecurityUtils.getCertificates(crypto, SecurityUtils.getUserName(currentMessage, crypto, "ws-security.signature.username"))[0];
                        KeyInfoBean keyInfoBean = new KeyInfoBean();
                        keyInfoBean.setCertificate(x509Certificate);
                        subjectBean.setKeyInfo(keyInfoBean);
                    } catch (Exception e) {
                        throw new RuntimeException(e);
                    }
                }
                sAMLCallback.setSubject(subjectBean);
                ConditionsBean conditionsBean = new ConditionsBean();
                conditionsBean.setAudienceURI("https://sp.example.com/SAML2");
                sAMLCallback.setConditions(conditionsBean);
                AuthDecisionStatementBean authDecisionStatementBean = new AuthDecisionStatementBean();
                authDecisionStatementBean.setDecision(AuthDecisionStatementBean.Decision.INDETERMINATE);
                authDecisionStatementBean.setResource("https://sp.example.com/SAML2");
                ActionBean actionBean = new ActionBean();
                actionBean.setContents("Read");
                authDecisionStatementBean.setActions(Collections.singletonList(actionBean));
                sAMLCallback.setAuthDecisionStatementData(Collections.singletonList(authDecisionStatementBean));
                AuthenticationStatementBean authenticationStatementBean = new AuthenticationStatementBean();
                authenticationStatementBean.setSubject(subjectBean);
                authenticationStatementBean.setAuthenticationInstant(new DateTime());
                authenticationStatementBean.setSessionIndex("123456");
                authenticationStatementBean.setAuthenticationMethod("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport");
                sAMLCallback.setAuthenticationStatementData(Collections.singletonList(authenticationStatementBean));
                AttributeStatementBean attributeStatementBean = new AttributeStatementBean();
                attributeStatementBean.setSubject(subjectBean);
                List cast = CastUtils.cast((List) currentMessage.getContextualProperty("saml.roles"));
                if (cast == null) {
                    cast = Collections.singletonList("user");
                }
                ArrayList arrayList = new ArrayList();
                AttributeBean attributeBean = new AttributeBean();
                attributeBean.setSimpleName("subject-role");
                attributeBean.setQualifiedName("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role");
                attributeBean.setNameFormat("urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified");
                attributeBean.setAttributeValues(cast);
                arrayList.add(attributeBean);
                List cast2 = CastUtils.cast((List) currentMessage.getContextualProperty("saml.auth"));
                if (cast2 == null) {
                    cast2 = Collections.singletonList("password");
                }
                AttributeBean attributeBean2 = new AttributeBean();
                attributeBean2.setSimpleName("http://claims/authentication");
                attributeBean2.setQualifiedName("http://claims/authentication");
                attributeBean2.setNameFormat("http://claims/authentication-format");
                attributeBean2.setAttributeValues(cast2);
                arrayList.add(attributeBean2);
                attributeStatementBean.setSamlAttributes(arrayList);
                sAMLCallback.setAttributeStatementData(Collections.singletonList(attributeStatementBean));
            }
        }
    }
}
