package org.apache.cxf.systest.ws.saml.client;

import java.io.IOException;
import java.security.cert.X509Certificate;
import java.util.Collections;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoFactory;
import org.apache.ws.security.components.crypto.CryptoType;
import org.apache.ws.security.saml.ext.SAMLCallback;
import org.apache.ws.security.saml.ext.bean.AttributeBean;
import org.apache.ws.security.saml.ext.bean.AttributeStatementBean;
import org.apache.ws.security.saml.ext.bean.ConditionsBean;
import org.apache.ws.security.saml.ext.bean.KeyInfoBean;
import org.apache.ws.security.saml.ext.bean.SubjectBean;
import org.opensaml.common.SAMLVersion;

/* loaded from: input_file:org/apache/cxf/systest/ws/saml/client/SamlCallbackHandler.class */
public class SamlCallbackHandler implements CallbackHandler {
    private boolean saml2;
    private String confirmationMethod;
    private KeyInfoBean.CERT_IDENTIFIER keyInfoIdentifier;
    private ConditionsBean conditions;
    private String cryptoAlias;
    private String cryptoPropertiesFile;

    public SamlCallbackHandler() {
        this.saml2 = true;
        this.confirmationMethod = "urn:oasis:names:tc:SAML:2.0:cm:sender-vouches";
        this.keyInfoIdentifier = KeyInfoBean.CERT_IDENTIFIER.X509_CERT;
        this.cryptoAlias = "alice";
        this.cryptoPropertiesFile = "org/apache/cxf/systest/ws/wssec10/client/alice.properties";
    }

    public SamlCallbackHandler(boolean z) {
        this.saml2 = true;
        this.confirmationMethod = "urn:oasis:names:tc:SAML:2.0:cm:sender-vouches";
        this.keyInfoIdentifier = KeyInfoBean.CERT_IDENTIFIER.X509_CERT;
        this.cryptoAlias = "alice";
        this.cryptoPropertiesFile = "org/apache/cxf/systest/ws/wssec10/client/alice.properties";
        this.saml2 = z;
    }

    public void setConfirmationMethod(String str) {
        this.confirmationMethod = str;
    }

    public void setKeyInfoIdentifier(KeyInfoBean.CERT_IDENTIFIER cert_identifier) {
        this.keyInfoIdentifier = cert_identifier;
    }

    @Override // javax.security.auth.callback.CallbackHandler
    public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
        for (int i = 0; i < callbackArr.length; i++) {
            if (callbackArr[i] instanceof SAMLCallback) {
                SAMLCallback sAMLCallback = (SAMLCallback) callbackArr[i];
                if (this.saml2) {
                    sAMLCallback.setSamlVersion(SAMLVersion.VERSION_20);
                } else {
                    sAMLCallback.setSamlVersion(SAMLVersion.VERSION_11);
                }
                if (this.conditions != null) {
                    sAMLCallback.setConditions(this.conditions);
                }
                sAMLCallback.setIssuer("sts");
                if (!this.saml2 && "urn:oasis:names:tc:SAML:2.0:cm:sender-vouches".equals(this.confirmationMethod)) {
                    this.confirmationMethod = "urn:oasis:names:tc:SAML:1.0:cm:sender-vouches";
                }
                SubjectBean subjectBean = new SubjectBean("uid=sts-client,o=mock-sts.com", "www.mock-sts.com", this.confirmationMethod);
                if ("urn:oasis:names:tc:SAML:2.0:cm:holder-of-key".equals(this.confirmationMethod) || "urn:oasis:names:tc:SAML:1.0:cm:holder-of-key".equals(this.confirmationMethod)) {
                    try {
                        subjectBean.setKeyInfo(createKeyInfo());
                    } catch (Exception e) {
                        throw new IOException("Problem creating KeyInfo: " + e.getMessage());
                    }
                }
                sAMLCallback.setSubject(subjectBean);
                AttributeStatementBean attributeStatementBean = new AttributeStatementBean();
                attributeStatementBean.setSubject(subjectBean);
                AttributeBean attributeBean = new AttributeBean();
                if (this.saml2) {
                    attributeBean.setQualifiedName("subject-role");
                } else {
                    attributeBean.setSimpleName("subject-role");
                    attributeBean.setQualifiedName("http://custom-ns");
                }
                attributeBean.setAttributeValues(Collections.singletonList("system-user"));
                attributeStatementBean.setSamlAttributes(Collections.singletonList(attributeBean));
                sAMLCallback.setAttributeStatementData(Collections.singletonList(attributeStatementBean));
            }
        }
    }

    protected KeyInfoBean createKeyInfo() throws Exception {
        Crypto cryptoFactory = CryptoFactory.getInstance(this.cryptoPropertiesFile);
        CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
        cryptoType.setAlias(this.cryptoAlias);
        X509Certificate[] x509Certificates = cryptoFactory.getX509Certificates(cryptoType);
        KeyInfoBean keyInfoBean = new KeyInfoBean();
        keyInfoBean.setCertIdentifer(this.keyInfoIdentifier);
        if (this.keyInfoIdentifier == KeyInfoBean.CERT_IDENTIFIER.X509_CERT) {
            keyInfoBean.setCertificate(x509Certificates[0]);
        } else if (this.keyInfoIdentifier == KeyInfoBean.CERT_IDENTIFIER.KEY_VALUE) {
            keyInfoBean.setPublicKey(x509Certificates[0].getPublicKey());
        }
        return keyInfoBean;
    }

    public ConditionsBean getConditions() {
        return this.conditions;
    }

    public void setConditions(ConditionsBean conditionsBean) {
        this.conditions = conditionsBean;
    }

    public String getCryptoAlias() {
        return this.cryptoAlias;
    }

    public void setCryptoAlias(String str) {
        this.cryptoAlias = str;
    }

    public String getCryptoPropertiesFile() {
        return this.cryptoPropertiesFile;
    }

    public void setCryptoPropertiesFile(String str) {
        this.cryptoPropertiesFile = str;
    }
}
