package org.apache.wss4j.stax.test.saml;

import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.xml.parsers.DocumentBuilderFactory;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.Merlin;
import org.apache.wss4j.common.saml.SAMLCallback;
import org.apache.wss4j.common.saml.bean.ActionBean;
import org.apache.wss4j.common.saml.bean.AttributeBean;
import org.apache.wss4j.common.saml.bean.AttributeStatementBean;
import org.apache.wss4j.common.saml.bean.AuthDecisionStatementBean;
import org.apache.wss4j.common.saml.bean.AuthenticationStatementBean;
import org.apache.wss4j.common.saml.bean.ConditionsBean;
import org.apache.wss4j.common.saml.bean.KeyInfoBean;
import org.apache.wss4j.common.saml.bean.SubjectBean;
import org.apache.wss4j.common.saml.bean.SubjectLocalityBean;
import org.apache.wss4j.common.saml.bean.Version;
import org.apache.wss4j.dom.message.WSSecEncryptedKey;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:org/apache/wss4j/stax/test/saml/SAMLCallbackHandlerImpl.class */
public class SAMLCallbackHandlerImpl implements CallbackHandler {
    private X509Certificate[] certs;
    private String issuerFormat;
    private String subjectName = "uid=joe,ou=people,ou=saml-demo,o=example.com";
    private String subjectQualifier = "www.example.com";
    private String confirmationMethod = "urn:oasis:names:tc:SAML:1.0:cm:sender-vouches";
    private Statement statement = Statement.AUTHN;
    private KeyInfoBean.CERT_IDENTIFIER certIdentifier = KeyInfoBean.CERT_IDENTIFIER.X509_CERT;
    private byte[] ephemeralKey = null;
    private String issuer = null;
    private Version samlVersion = Version.SAML_11;
    private String subjectNameIDFormat = null;
    private String subjectLocalityIpAddress = null;
    private String subjectLocalityDnsAddress = null;
    private String resource = null;
    private List<Object> customAttributeValues = null;
    private ConditionsBean conditions = null;
    private boolean signAssertion = true;

    /* loaded from: input_file:org/apache/wss4j/stax/test/saml/SAMLCallbackHandlerImpl$Statement.class */
    public enum Statement {
        AUTHN,
        ATTR,
        AUTHZ
    }

    @Override // javax.security.auth.callback.CallbackHandler
    public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
        if (callbackArr[0] instanceof SAMLCallback) {
            try {
                SAMLCallback sAMLCallback = (SAMLCallback) callbackArr[0];
                KeyStore keyStore = KeyStore.getInstance("jks");
                InputStream resourceAsStream = getClass().getClassLoader().getResourceAsStream("saml/issuer.jks");
                keyStore.load(resourceAsStream, "default".toCharArray());
                resourceAsStream.close();
                Merlin merlin = new Merlin();
                merlin.setKeyStore(keyStore);
                sAMLCallback.setIssuerCrypto(merlin);
                sAMLCallback.setIssuerKeyName("samlissuer");
                sAMLCallback.setIssuerKeyPassword("default");
                sAMLCallback.setSignAssertion(this.signAssertion);
                sAMLCallback.setIssuer(this.issuer);
                sAMLCallback.setIssuerFormat(this.issuerFormat);
                if (this.conditions != null) {
                    sAMLCallback.setConditions(this.conditions);
                }
                SubjectBean subjectBean = new SubjectBean(this.subjectName, this.subjectQualifier, this.confirmationMethod);
                if (this.subjectNameIDFormat != null) {
                    subjectBean.setSubjectNameIDFormat(this.subjectNameIDFormat);
                }
                if ("urn:oasis:names:tc:SAML:1.0:cm:holder-of-key".equals(this.confirmationMethod) || "urn:oasis:names:tc:SAML:2.0:cm:holder-of-key".equals(this.confirmationMethod)) {
                    try {
                        subjectBean.setKeyInfo(createKeyInfo());
                    } catch (Exception e) {
                        throw new IOException("Problem creating KeyInfo: " + e.getMessage());
                    }
                }
                sAMLCallback.setSubject(subjectBean);
                if (getSamlVersion() == Version.SAML_11) {
                    sAMLCallback.setSamlVersion(Version.SAML_11);
                    createAndSetStatement(subjectBean, sAMLCallback);
                } else {
                    sAMLCallback.setSamlVersion(Version.SAML_20);
                    createAndSetStatement(null, sAMLCallback);
                }
            } catch (Exception e2) {
                throw new IOException(e2);
            }
        }
    }

    protected void createAndSetStatement(SubjectBean subjectBean, SAMLCallback sAMLCallback) {
        if (this.statement == Statement.AUTHN) {
            AuthenticationStatementBean authenticationStatementBean = new AuthenticationStatementBean();
            if (subjectBean != null) {
                authenticationStatementBean.setSubject(subjectBean);
            }
            if (this.subjectLocalityIpAddress != null || this.subjectLocalityDnsAddress != null) {
                SubjectLocalityBean subjectLocalityBean = new SubjectLocalityBean();
                subjectLocalityBean.setIpAddress(this.subjectLocalityIpAddress);
                subjectLocalityBean.setDnsAddress(this.subjectLocalityDnsAddress);
                authenticationStatementBean.setSubjectLocality(subjectLocalityBean);
            }
            authenticationStatementBean.setAuthenticationMethod("Password");
            sAMLCallback.setAuthenticationStatementData(Collections.singletonList(authenticationStatementBean));
            return;
        }
        if (this.statement != Statement.ATTR) {
            AuthDecisionStatementBean authDecisionStatementBean = new AuthDecisionStatementBean();
            if (subjectBean != null) {
                authDecisionStatementBean.setSubject(subjectBean);
            }
            ActionBean actionBean = new ActionBean();
            actionBean.setContents("Read");
            authDecisionStatementBean.setActions(Collections.singletonList(actionBean));
            authDecisionStatementBean.setResource("endpoint");
            authDecisionStatementBean.setDecision(AuthDecisionStatementBean.Decision.PERMIT);
            authDecisionStatementBean.setResource(this.resource);
            sAMLCallback.setAuthDecisionStatementData(Collections.singletonList(authDecisionStatementBean));
            return;
        }
        AttributeStatementBean attributeStatementBean = new AttributeStatementBean();
        AttributeBean attributeBean = new AttributeBean();
        if (subjectBean != null) {
            attributeStatementBean.setSubject(subjectBean);
            attributeBean.setSimpleName("role");
            attributeBean.setQualifiedName("http://custom-ns");
        } else {
            attributeBean.setQualifiedName("role");
        }
        if (this.customAttributeValues != null) {
            attributeBean.setAttributeValues(this.customAttributeValues);
        } else {
            ArrayList arrayList = new ArrayList();
            arrayList.add("user");
            attributeBean.setAttributeValues(arrayList);
        }
        attributeStatementBean.setSamlAttributes(Collections.singletonList(attributeBean));
        sAMLCallback.setAttributeStatementData(Collections.singletonList(attributeStatementBean));
    }

    protected KeyInfoBean createKeyInfo() throws Exception {
        KeyInfoBean keyInfoBean = new KeyInfoBean();
        if (this.statement == Statement.AUTHN) {
            keyInfoBean.setCertificate(this.certs[0]);
            keyInfoBean.setCertIdentifer(this.certIdentifier);
        } else if (this.statement == Statement.ATTR) {
            DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
            newInstance.setNamespaceAware(true);
            Document newDocument = newInstance.newDocumentBuilder().newDocument();
            WSSecEncryptedKey wSSecEncryptedKey = new WSSecEncryptedKey();
            wSSecEncryptedKey.setKeyIdentifierType(2);
            wSSecEncryptedKey.setUseThisCert(this.certs[0]);
            wSSecEncryptedKey.prepare(newDocument, (Crypto) null);
            this.ephemeralKey = wSSecEncryptedKey.getEphemeralKey();
            keyInfoBean.setEphemeralKey(this.ephemeralKey);
            Element encryptedKeyElement = wSSecEncryptedKey.getEncryptedKeyElement();
            Element createElementNS = newDocument.createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:KeyInfo");
            createElementNS.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:ds", "http://www.w3.org/2000/09/xmldsig#");
            createElementNS.appendChild(encryptedKeyElement);
            keyInfoBean.setElement(createElementNS);
        }
        return keyInfoBean;
    }

    public String getSubjectName() {
        return this.subjectName;
    }

    public void setSubjectName(String str) {
        this.subjectName = str;
    }

    public String getSubjectQualifier() {
        return this.subjectQualifier;
    }

    public void setSubjectQualifier(String str) {
        this.subjectQualifier = str;
    }

    public String getConfirmationMethod() {
        return this.confirmationMethod;
    }

    public void setConfirmationMethod(String str) {
        this.confirmationMethod = str;
    }

    public X509Certificate[] getCerts() {
        return this.certs;
    }

    public void setCerts(X509Certificate[] x509CertificateArr) {
        this.certs = x509CertificateArr;
    }

    public Statement getStatement() {
        return this.statement;
    }

    public void setStatement(Statement statement) {
        this.statement = statement;
    }

    public KeyInfoBean.CERT_IDENTIFIER getCertIdentifier() {
        return this.certIdentifier;
    }

    public void setCertIdentifier(KeyInfoBean.CERT_IDENTIFIER cert_identifier) {
        this.certIdentifier = cert_identifier;
    }

    public byte[] getEphemeralKey() {
        return this.ephemeralKey;
    }

    public void setEphemeralKey(byte[] bArr) {
        this.ephemeralKey = bArr;
    }

    public String getIssuer() {
        return this.issuer;
    }

    public void setIssuer(String str) {
        this.issuer = str;
    }

    public void setIssuerFormat(String str) {
        this.issuerFormat = str;
    }

    public boolean isSignAssertion() {
        return this.signAssertion;
    }

    public void setSignAssertion(boolean z) {
        this.signAssertion = z;
    }

    public Version getSamlVersion() {
        return this.samlVersion;
    }

    public void setSamlVersion(Version version) {
        this.samlVersion = version;
    }

    public void setConditions(ConditionsBean conditionsBean) {
        this.conditions = conditionsBean;
    }

    public void setSubjectNameIDFormat(String str) {
        this.subjectNameIDFormat = str;
    }

    public void setSubjectLocality(String str, String str2) {
        this.subjectLocalityIpAddress = str;
        this.subjectLocalityDnsAddress = str2;
    }

    public void setResource(String str) {
        this.resource = str;
    }

    public void setCustomAttributeValues(List<Object> list) {
        this.customAttributeValues = list;
    }
}
