package org.apache.cxf.ws.security.trust.delegation;

import java.io.IOException;
import java.lang.ref.WeakReference;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.message.Message;
import org.apache.cxf.phase.PhaseInterceptorChain;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.common.token.PKIPathSecurity;
import org.apache.wss4j.common.token.X509Security;
import org.apache.wss4j.dom.engine.WSSecurityEngineResult;
import org.apache.wss4j.dom.handler.WSHandlerConstants;
import org.apache.wss4j.dom.handler.WSHandlerResult;
import org.w3c.dom.Element;

/* loaded from: input_file:BOOT-INF/lib/cxf-rt-ws-security-3.2.4.jar:org/apache/cxf/ws/security/trust/delegation/ReceivedTokenCallbackHandler.class */
public class ReceivedTokenCallbackHandler implements CallbackHandler {
    private static final List<Integer> DEFAULT_SECURITY_PRIORITIES = new ArrayList();
    private List<Integer> securityPriorities = new ArrayList(DEFAULT_SECURITY_PRIORITIES);
    private boolean useTransformedToken = true;

    @Override // javax.security.auth.callback.CallbackHandler
    public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
        Element tokenFromMessage;
        for (int i = 0; i < callbackArr.length; i++) {
            if (!(callbackArr[i] instanceof DelegationCallback)) {
                throw new UnsupportedCallbackException(callbackArr[i], "Unrecognized Callback");
            }
            DelegationCallback delegationCallback = (DelegationCallback) callbackArr[i];
            Message currentMessage = delegationCallback.getCurrentMessage();
            if (currentMessage != null && currentMessage.get(PhaseInterceptorChain.PREVIOUS_MESSAGE) != null && (tokenFromMessage = getTokenFromMessage((SoapMessage) ((WeakReference) currentMessage.get(PhaseInterceptorChain.PREVIOUS_MESSAGE)).get())) != null) {
                delegationCallback.setToken(tokenFromMessage);
            }
        }
    }

    private Element getTokenFromMessage(SoapMessage soapMessage) {
        List cast;
        if (soapMessage == null || (cast = CastUtils.cast((List<?>) soapMessage.get(WSHandlerConstants.RECV_RESULTS))) == null) {
            return null;
        }
        Iterator it = cast.iterator();
        while (it.hasNext()) {
            Element tokenFromResults = getTokenFromResults((WSHandlerResult) it.next());
            if (tokenFromResults != null) {
                return tokenFromResults;
            }
        }
        return null;
    }

    private Element getTokenFromResults(WSHandlerResult wSHandlerResult) {
        Map<Integer, List<WSSecurityEngineResult>> actionResults = wSHandlerResult.getActionResults();
        for (Integer num : this.securityPriorities) {
            List<WSSecurityEngineResult> list = actionResults.get(num);
            if (list != null && !list.isEmpty()) {
                for (WSSecurityEngineResult wSSecurityEngineResult : list) {
                    if (!skipResult(num, wSSecurityEngineResult)) {
                        Object obj = wSSecurityEngineResult.get(WSSecurityEngineResult.TAG_TRANSFORMED_TOKEN);
                        if (this.useTransformedToken && (obj instanceof SamlAssertionWrapper)) {
                            return ((SamlAssertionWrapper) obj).getElement();
                        }
                        if (wSSecurityEngineResult.get(WSSecurityEngineResult.TAG_TOKEN_ELEMENT) != null) {
                            return (Element) wSSecurityEngineResult.get(WSSecurityEngineResult.TAG_TOKEN_ELEMENT);
                        }
                    }
                }
            }
        }
        return null;
    }

    protected boolean skipResult(Integer num, WSSecurityEngineResult wSSecurityEngineResult) {
        Object obj = wSSecurityEngineResult.get(WSSecurityEngineResult.TAG_BINARY_SECURITY_TOKEN);
        return num.intValue() == 4096 && ((obj instanceof X509Security) || (obj instanceof PKIPathSecurity));
    }

    public boolean isUseTransformedToken() {
        return this.useTransformedToken;
    }

    public void setUseTransformedToken(boolean z) {
        this.useTransformedToken = z;
    }

    public List<Integer> getSecurityPriorities() {
        return this.securityPriorities;
    }

    public void setSecurityPriorities(List<Integer> list) {
        this.securityPriorities = list;
    }

    static {
        DEFAULT_SECURITY_PRIORITIES.add(16);
        DEFAULT_SECURITY_PRIORITIES.add(8);
        DEFAULT_SECURITY_PRIORITIES.add(1);
        DEFAULT_SECURITY_PRIORITIES.add(4096);
        DEFAULT_SECURITY_PRIORITIES.add(8192);
    }
}
