package org.apache.cxf.ws.security.wss4j;

import java.io.IOException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.cxf.ws.security.tokenstore.TokenStore;
import org.apache.wss4j.common.ext.WSPasswordCallback;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.util.KeyUtils;
import org.apache.xml.security.utils.XMLUtils;

/* loaded from: input_file:lib/cxf-shade-9.0.0.jar:org/apache/cxf/ws/security/wss4j/TokenStoreCallbackHandler.class */
public class TokenStoreCallbackHandler implements CallbackHandler {
    private CallbackHandler internal;
    private TokenStore store;

    public TokenStoreCallbackHandler(CallbackHandler callbackHandler, TokenStore tokenStore) {
        this.internal = callbackHandler;
        this.store = tokenStore;
    }

    @Override // javax.security.auth.callback.CallbackHandler
    public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
        for (Callback callback : callbackArr) {
            if (callback instanceof WSPasswordCallback) {
                WSPasswordCallback wSPasswordCallback = (WSPasswordCallback) callback;
                SecurityToken token = this.store.getToken(wSPasswordCallback.getIdentifier());
                if (token != null && !token.isExpired()) {
                    if (token.getSHA1() == null && wSPasswordCallback.getKey() != null) {
                        token.setSHA1(getSHA1(wSPasswordCallback.getKey()));
                        this.store.add(token.getSHA1(), token);
                    }
                    wSPasswordCallback.setKey(token.getSecret());
                    wSPasswordCallback.setKey(token.getKey());
                    wSPasswordCallback.setCustomToken(token.getToken());
                    return;
                }
            }
        }
        if (this.internal != null) {
            this.internal.handle(callbackArr);
        }
    }

    private static String getSHA1(byte[] bArr) {
        try {
            return XMLUtils.encodeToString(KeyUtils.generateDigest(bArr));
        } catch (WSSecurityException e) {
            return null;
        }
    }
}
