package org.apache.rampart;

import java.io.IOException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.rahas.EncryptedKeyToken;
import org.apache.rahas.Token;
import org.apache.rahas.TokenStorage;
import org.apache.rahas.TrustException;
import org.apache.rampart.policy.model.KerberosConfig;
import org.apache.rampart.policy.model.RampartConfig;
import org.apache.ws.security.WSParameterCallback;
import org.apache.ws.security.WSPasswordCallback;
import org.w3c.dom.Element;

/* loaded from: input_file:WEB-INF/lib/rampart-core-1.6.1-wso2v18.jar:org/apache/rampart/TokenCallbackHandler.class */
public class TokenCallbackHandler implements CallbackHandler {
    private TokenStorage store;
    private CallbackHandler handler;
    private String tokenIdentifier;
    private RampartConfig config;

    public TokenCallbackHandler(TokenStorage tokenStorage, CallbackHandler callbackHandler) {
        this.store = tokenStorage;
        this.handler = callbackHandler;
        this.tokenIdentifier = null;
    }

    public TokenCallbackHandler(TokenStorage tokenStorage, CallbackHandler callbackHandler, RampartConfig rampartConfig) {
        this.store = tokenStorage;
        this.handler = callbackHandler;
        this.config = rampartConfig;
    }

    @Override // javax.security.auth.callback.CallbackHandler
    public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
        KerberosConfig kerberosConfig;
        String property;
        String property2;
        for (int i = 0; i < callbackArr.length; i++) {
            if (callbackArr[i] instanceof WSPasswordCallback) {
                WSPasswordCallback wSPasswordCallback = (WSPasswordCallback) callbackArr[i];
                String identifer = wSPasswordCallback.getIdentifer();
                if ((wSPasswordCallback.getUsage() == 6 || wSPasswordCallback.getUsage() == 7) && this.store != null) {
                    try {
                        Token token = this.store.getToken(identifer);
                        if (token != null) {
                            wSPasswordCallback.setKey(token.getSecret());
                            wSPasswordCallback.setCustomToken((Element) token.getToken());
                        }
                    } catch (Exception e) {
                        e.printStackTrace();
                        throw new IOException(e.getMessage());
                    }
                } else if (wSPasswordCallback.getUsage() == 8) {
                    try {
                        String[] tokenIdentifiers = this.store.getTokenIdentifiers();
                        for (int i2 = 0; i2 < tokenIdentifiers.length; i2++) {
                            Token token2 = this.store.getToken(tokenIdentifiers[i2]);
                            if (token2 != null && token2.getToken() != null) {
                                String namespaceURI = token2.getToken().getNamespace().getNamespaceURI();
                                if ((token2 instanceof EncryptedKeyToken) && ((EncryptedKeyToken) token2).getSHA1().equals(identifer)) {
                                    wSPasswordCallback.setKey(token2.getSecret());
                                    wSPasswordCallback.setCustomToken((Element) token2.getToken());
                                    this.tokenIdentifier = tokenIdentifiers[i2];
                                } else if ((namespaceURI.equals("urn:oasis:names:tc:SAML:1.0:assertion") || namespaceURI.equals("urn:oasis:names:tc:SAML:2.0:assertion")) && token2.getUnattachedReference().getFirstElement().getText().equals(identifer)) {
                                    wSPasswordCallback.setKey(token2.getSecret());
                                    wSPasswordCallback.setCustomToken((Element) token2.getToken());
                                }
                            }
                        }
                    } catch (TrustException e2) {
                        e2.printStackTrace();
                        throw new IOException(e2.getMessage());
                    }
                } else if (this.handler != null) {
                    this.handler.handle(new Callback[]{wSPasswordCallback});
                }
            } else {
                if (!(callbackArr[i] instanceof WSParameterCallback)) {
                    throw new UnsupportedCallbackException(callbackArr[i], "Unrecognized Callback");
                }
                WSParameterCallback wSParameterCallback = (WSParameterCallback) callbackArr[i];
                if (wSParameterCallback.getProperty() == 0) {
                    if (this.config != null) {
                        KerberosConfig kerberosConfig2 = this.config.getKerberosConfig();
                        int i3 = 0;
                        if (kerberosConfig2 != null && (property2 = kerberosConfig2.getProp().getProperty(KerberosConfig.KDC_DES_AES_FACTOR)) != null) {
                            try {
                                i3 = Integer.parseInt(property2);
                            } catch (Exception e3) {
                                i3 = 0;
                            }
                        }
                        wSParameterCallback.setIntValue(i3);
                    }
                } else if (wSParameterCallback.getProperty() == 1 && this.config != null && (kerberosConfig = this.config.getKerberosConfig()) != null && (property = kerberosConfig.getProp().getProperty(KerberosConfig.SERVICE_PRINCIPLE_PASSWORD)) != null) {
                    wSParameterCallback.setStringValue(property);
                }
            }
        }
    }

    public void removeEncryptedToken() throws RampartException {
        try {
            if (this.tokenIdentifier != null) {
                this.store.removeToken(this.tokenIdentifier);
            }
        } catch (TrustException e) {
            throw new RampartException(e.getMessage(), e);
        }
    }
}
