package org.apache.cxf.sts.token.validator;

import java.security.Principal;
import java.util.HashSet;
import java.util.Properties;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.callback.CallbackHandler;
import javax.xml.bind.JAXBElement;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Marshaller;
import org.apache.cxf.common.jaxb.JAXBContextCache;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.sts.QNameConstants;
import org.apache.cxf.sts.STSConstants;
import org.apache.cxf.sts.STSPropertiesMBean;
import org.apache.cxf.sts.request.ReceivedToken;
import org.apache.cxf.sts.token.realm.UsernameTokenRealmCodec;
import org.apache.cxf.ws.security.sts.provider.model.ObjectFactory;
import org.apache.cxf.ws.security.sts.provider.model.secext.UsernameTokenType;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.ws.security.CustomTokenPrincipal;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.WSUsernameTokenPrincipal;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.message.token.UsernameToken;
import org.apache.ws.security.validate.Credential;
import org.apache.ws.security.validate.Validator;
import org.w3c.dom.Element;

/* loaded from: input_file:WEB-INF/lib/cxf-services-sts-core-2.7.19-MULE-003.jar:org/apache/cxf/sts/token/validator/UsernameTokenValidator.class */
public class UsernameTokenValidator implements TokenValidator {
    private static final Logger LOG = LogUtils.getL7dLogger(UsernameTokenValidator.class);
    private Validator validator = new org.apache.ws.security.validate.UsernameTokenValidator();
    private UsernameTokenRealmCodec usernameTokenRealmCodec;

    public void setValidator(Validator validator) {
        this.validator = validator;
    }

    public void setUsernameTokenRealmCodec(UsernameTokenRealmCodec usernameTokenRealmCodec) {
        this.usernameTokenRealmCodec = usernameTokenRealmCodec;
    }

    @Override // org.apache.cxf.sts.token.validator.TokenValidator
    public boolean canHandleToken(ReceivedToken receivedToken) {
        return canHandleToken(receivedToken, null);
    }

    @Override // org.apache.cxf.sts.token.validator.TokenValidator
    public boolean canHandleToken(ReceivedToken receivedToken, String str) {
        return receivedToken.getToken() instanceof UsernameTokenType;
    }

    @Override // org.apache.cxf.sts.token.validator.TokenValidator
    public TokenValidatorResponse validateToken(TokenValidatorParameters tokenValidatorParameters) {
        UsernameToken usernameToken;
        Properties properties;
        LOG.fine("Validating UsernameToken");
        STSPropertiesMBean stsProperties = tokenValidatorParameters.getStsProperties();
        Crypto signatureCrypto = stsProperties.getSignatureCrypto();
        CallbackHandler callbackHandler = stsProperties.getCallbackHandler();
        RequestData requestData = new RequestData();
        requestData.setSigCrypto(signatureCrypto);
        WSSConfig newInstance = WSSConfig.getNewInstance();
        requestData.setWssConfig(newInstance);
        requestData.setCallbackHandler(callbackHandler);
        requestData.setMsgContext(tokenValidatorParameters.getWebServiceContext().getMessageContext());
        TokenValidatorResponse tokenValidatorResponse = new TokenValidatorResponse();
        ReceivedToken token = tokenValidatorParameters.getToken();
        token.setState(ReceivedToken.STATE.INVALID);
        tokenValidatorResponse.setToken(token);
        if (!token.isUsernameToken()) {
            return tokenValidatorResponse;
        }
        UsernameTokenType usernameTokenType = (UsernameTokenType) token.getToken();
        try {
            HashSet hashSet = new HashSet();
            hashSet.add(ObjectFactory.class);
            hashSet.add(org.apache.cxf.ws.security.sts.provider.model.wstrust14.ObjectFactory.class);
            Marshaller createMarshaller = JAXBContextCache.getCachedContextAndSchemas(hashSet, null, null, null, false).getContext().createMarshaller();
            Element createElement = DOMUtils.createDocument().createElement("root-element");
            createMarshaller.marshal(new JAXBElement(QNameConstants.USERNAME_TOKEN, UsernameTokenType.class, usernameTokenType), createElement);
            try {
                usernameToken = new UsernameToken((Element) createElement.getFirstChild(), newInstance.getAllowNamespaceQualifiedPasswordTypes(), newInstance.isWsiBSPCompliant());
                tokenValidatorResponse.setPrincipal(new CustomTokenPrincipal(usernameToken.getName()));
            } catch (WSSecurityException e) {
                LOG.log(Level.WARNING, "", (Throwable) e);
            }
            if (usernameToken.getPassword() == null) {
                return tokenValidatorResponse;
            }
            int hashCode = usernameToken.hashCode();
            SecurityToken securityToken = null;
            if (tokenValidatorParameters.getTokenStore() != null) {
                securityToken = tokenValidatorParameters.getTokenStore().getToken(Integer.toString(hashCode));
                if (securityToken != null && securityToken.getTokenHash() != hashCode) {
                    securityToken = null;
                }
            }
            if (securityToken == null) {
                Credential credential = new Credential();
                credential.setUsernametoken(usernameToken);
                this.validator.validate(credential, requestData);
            }
            Principal createPrincipal = createPrincipal(usernameToken.getName(), usernameToken.getPassword(), usernameToken.getPasswordType(), usernameToken.getNonce(), usernameToken.getCreated());
            String str = null;
            if (this.usernameTokenRealmCodec != null) {
                str = this.usernameTokenRealmCodec.getRealmFromToken(usernameToken);
                if (securityToken != null && (properties = securityToken.getProperties()) != null && !str.equals(properties.getProperty(STSConstants.TOKEN_REALM))) {
                    return tokenValidatorResponse;
                }
            }
            if (tokenValidatorParameters.getTokenStore() != null && securityToken == null) {
                SecurityToken securityToken2 = new SecurityToken(usernameToken.getID());
                securityToken2.setToken(usernameToken.getElement());
                int hashCode2 = usernameToken.hashCode();
                String num = Integer.toString(hashCode2);
                securityToken2.setTokenHash(hashCode2);
                tokenValidatorParameters.getTokenStore().add(num, securityToken2);
            }
            tokenValidatorResponse.setPrincipal(createPrincipal);
            tokenValidatorResponse.setTokenRealm(str);
            token.setState(ReceivedToken.STATE.VALID);
            return tokenValidatorResponse;
        } catch (JAXBException e2) {
            LOG.log(Level.WARNING, "", e2);
            return tokenValidatorResponse;
        }
    }

    private Principal createPrincipal(String str, String str2, String str3, String str4, String str5) {
        boolean z = false;
        if (WSConstants.PASSWORD_DIGEST.equals(str3)) {
            z = true;
        }
        WSUsernameTokenPrincipal wSUsernameTokenPrincipal = new WSUsernameTokenPrincipal(str, z);
        wSUsernameTokenPrincipal.setNonce(str4);
        wSUsernameTokenPrincipal.setPassword(str2);
        wSUsernameTokenPrincipal.setCreatedTime(str5);
        wSUsernameTokenPrincipal.setPasswordType(str3);
        return wSUsernameTokenPrincipal;
    }
}
