package org.apache.cxf.sts.token.validator;

import java.security.Principal;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.security.auth.Subject;
import org.apache.cxf.common.security.SimplePrincipal;
import org.apache.cxf.interceptor.security.DefaultSecurityContext;
import org.apache.cxf.interceptor.security.JAASLoginInterceptor;
import org.apache.cxf.interceptor.security.RolePrefixSecurityContextImpl;
import org.apache.cxf.interceptor.security.SAMLSecurityContext;
import org.apache.cxf.ws.security.wss4j.SAMLUtils;
import org.apache.ws.security.saml.ext.AssertionWrapper;

/* loaded from: input_file:WEB-INF/lib/cxf-services-sts-core-2.7.19-MULE-004.jar:org/apache/cxf/sts/token/validator/DefaultSAMLRoleParser.class */
public class DefaultSAMLRoleParser implements SAMLRoleParser {
    public static final String SAML_ROLE_ATTRIBUTENAME_DEFAULT = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role";
    private String roleClassifier;
    private boolean useJaasSubject = true;
    private String roleClassifierType = JAASLoginInterceptor.ROLE_CLASSIFIER_PREFIX;
    private String roleAttributeName = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role";

    @Override // org.apache.cxf.sts.token.validator.SAMLRoleParser
    public Set<Principal> parseRolesFromAssertion(Principal principal, Subject subject, AssertionWrapper assertionWrapper) {
        return (subject == null || !this.useJaasSubject) ? createSecurityContext(principal, SAMLUtils.parseRolesInAssertion(assertionWrapper, this.roleAttributeName)).getUserRoles() : (this.roleClassifier == null || "".equals(this.roleClassifier)) ? new DefaultSecurityContext(principal, subject).getUserRoles() : new RolePrefixSecurityContextImpl(subject, this.roleClassifier, this.roleClassifierType).getUserRoles();
    }

    private SAMLSecurityContext createSecurityContext(Principal principal, List<String> list) {
        HashSet hashSet;
        if (list != null) {
            hashSet = new HashSet();
            Iterator<String> it = list.iterator();
            while (it.hasNext()) {
                hashSet.add(new SimplePrincipal(it.next()));
            }
        } else {
            hashSet = null;
        }
        return new SAMLSecurityContext(principal, hashSet);
    }

    public boolean isUseJaasSubject() {
        return this.useJaasSubject;
    }

    public void setUseJaasSubject(boolean z) {
        this.useJaasSubject = z;
    }

    public String getRoleClassifier() {
        return this.roleClassifier;
    }

    public void setRoleClassifier(String str) {
        this.roleClassifier = str;
    }

    public String getRoleClassifierType() {
        return this.roleClassifierType;
    }

    public void setRoleClassifierType(String str) {
        this.roleClassifierType = str;
    }

    public String getRoleAttributeName() {
        return this.roleAttributeName;
    }

    public void setRoleAttributeName(String str) {
        this.roleAttributeName = str;
    }
}
