package com.ibm.ws.wssecurity.callback;

import com.ibm.ejs.ras.TraceNLS;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.security.auth.WSSubject;
import com.ibm.websphere.security.saml2.Saml20Token;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.wssecurity.internal.WSSecurityConstants;
import com.ibm.ws.wssecurity.token.TokenUtils;
import java.io.IOException;
import java.io.StringReader;
import java.security.AccessController;
import java.security.PrivilegedExceptionAction;
import java.util.Iterator;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.ws.security.saml.ext.SAMLCallback;
import org.opensaml.Configuration;
import org.w3c.dom.Element;
import org.xml.sax.InputSource;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:com/ibm/ws/wssecurity/callback/Saml20PropagationCallbackHandler.class */
public class Saml20PropagationCallbackHandler implements CallbackHandler {
    protected static final TraceComponent tc = Tr.register(Saml20PropagationCallbackHandler.class, "WSSecurity", "com.ibm.ws.wssecurity.resources.WSSecurityMessages");
    static final String samlElementKey = "samlElement";
    static final long serialVersionUID = -5116720668821208501L;

    @Override // javax.security.auth.callback.CallbackHandler
    public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "callbacks", new Object[0]);
        }
        if (TokenUtils.getCommonSsoService("wssSaml") == null) {
            throw new IOException("The wsSecuritySaml-1.1 feature is not currently available. Make sure your server.xml has been configured to use the wsSecuritySaml-1.1 feature properly.");
        }
        if (callbackArr.length == 0) {
            Tr.error(tc, "no_callbacks_provided", new Object[0]);
            throw new IOException(TraceNLS.getFormattedMessage(getClass(), "com.ibm.ws.wssecurity.resources.WSSecurityMessages", "no_callbacks_provided", new Object[0], "CWWKW0233E: No callbacks were provided to handle the request."));
        }
        boolean z = false;
        Saml20Token saml20TokenFromSubject = getSaml20TokenFromSubject();
        Element element = null;
        if (saml20TokenFromSubject != null) {
            element = getSamlElementFromToken(saml20TokenFromSubject);
            if (element != null) {
                z = true;
            }
        }
        if (!z) {
            Tr.error(tc, "no_saml_found_in_subject", new Object[0]);
            throw new IOException(TraceNLS.getFormattedMessage(getClass(), "com.ibm.ws.wssecurity.resources.WSSecurityMessages", "no_saml_found_in_subject", new Object[0], "CWWKW0234E: The required SAML token is missing from the subject."));
        }
        for (int i = 0; i < callbackArr.length; i++) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "callbacks:" + callbackArr[i], new Object[0]);
            }
            if (callbackArr[i] instanceof SAMLCallback) {
                ((SAMLCallback) callbackArr[i]).setAssertionElement(element);
            }
        }
    }

    protected Element getSamlElementFromToken(Saml20Token saml20Token) {
        Element element;
        Element element2 = null;
        try {
            Map properties = saml20Token.getProperties();
            if (properties != null && (element = (Element) properties.get(samlElementKey)) != null) {
                element2 = element;
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "the element from getProperties():", new Object[]{element2});
            }
            if (element2 == null) {
                element2 = Configuration.getParserPool().getBuilder().parse(new InputSource(new StringReader(saml20Token.getSAMLAsString()))).getDocumentElement();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "the element from getSAMLAsString():", new Object[]{element2});
                }
            }
        } catch (Exception e) {
            FFDCFilter.processException(e, WSSecurityConstants.DEFAULT_SAML_CALLBACK_HANDLER, "142", this, new Object[]{saml20Token});
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception while extracting SAML element: ", new Object[]{e.getCause()});
            }
            Tr.warning(tc, "failed_to_extract_saml_element", new Object[]{e.getLocalizedMessage()});
        }
        return element2;
    }

    protected Saml20Token getSaml20TokenFromSubject() {
        Saml20Token saml20Token = null;
        try {
            final Subject runAsSubject = WSSubject.getRunAsSubject();
            saml20Token = (Saml20Token) AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.ws.wssecurity.callback.Saml20PropagationCallbackHandler.1
                static final long serialVersionUID = -5288245422773768850L;
                private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register("com.ibm.ws.wssecurity.callback.Saml20PropagationCallbackHandler$1", AnonymousClass1.class, (String) null, (String) null);

                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws Exception {
                    Iterator it = runAsSubject.getPrivateCredentials(Saml20Token.class).iterator();
                    if (it.hasNext()) {
                        return (Saml20Token) it.next();
                    }
                    return null;
                }
            });
        } catch (Exception e) {
            FFDCFilter.processException(e, WSSecurityConstants.DEFAULT_SAML_CALLBACK_HANDLER, "170", this, new Object[0]);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception while getting SAML token from subject:", new Object[]{e.getCause()});
            }
            Tr.warning(tc, "failed_to_extract_saml_token_from_subject", new Object[]{e.getLocalizedMessage()});
        }
        return saml20Token;
    }
}
