package com.ibm.ws.jaxrs20.client.security.saml;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.security.auth.WSSubject;
import com.ibm.ws.common.internal.encoder.Base64Coder;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import java.io.UnsupportedEncodingException;
import java.util.Arrays;
import java.util.Map;
import javax.ws.rs.ProcessingException;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.Message;
import org.apache.cxf.phase.AbstractPhaseInterceptor;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:com/ibm/ws/jaxrs20/client/security/saml/PropagationHandler.class */
public class PropagationHandler extends AbstractPhaseInterceptor<Message> {
    private static final TraceComponent tc = Tr.register(PropagationHandler.class, "com.ibm.ws.jaxrs20.client", "com.ibm.ws.jaxrs20.client.internal.resources.JAXRSClientMessages");
    static final long serialVersionUID = 7323809712387623421L;

    public PropagationHandler() {
        super("pre-logical");
    }

    public void handleMessage(Message message) throws Fault {
        Object obj = message.get("com.ibm.ws.jaxrs.client.saml.sendToken");
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "Please check if customer is using the [com.ibm.ws.jaxrs.client.saml.sendToken], client configuration property and the value should be true", new Object[0]);
        }
        if (obj != null) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "The client configuration property [com.ibm.ws.jaxrs.client.saml.sendToken] value is " + obj, new Object[0]);
            }
            configClientSAMLHandler(message, obj.toString().toLowerCase());
        }
    }

    @FFDCIgnore({NoClassDefFoundError.class})
    private void configClientSAMLHandler(Message message, String str) {
        if (!str.equals("true")) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "No client SAML handler configuration is specified, skipping this handler.", new Object[0]);
                return;
            }
            return;
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "Entering SAML Handler", new Object[0]);
        }
        if (((String) message.get(Message.ENDPOINT_ADDRESS)).startsWith("https") && TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "user is using SSL connection", new Object[0]);
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "About to get a SAML authentication token from the runAs Subject", new Object[0]);
        }
        try {
            String encodedSaml20Token = getEncodedSaml20Token();
            if (encodedSaml20Token != null && !encodedSaml20Token.isEmpty()) {
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "Retrieved the encoded SAML token. About to set it on the request Header " + encodedSaml20Token, new Object[0]);
                }
                Map map = (Map) message.get(Message.PROTOCOL_HEADERS);
                map.put("Authorization", Arrays.asList("SAML " + encodedSaml20Token));
                message.put(Message.PROTOCOL_HEADERS, map);
            }
        } catch (NoClassDefFoundError e) {
            Tr.warning(tc, "failed_to_extract_saml_token_from_subject", new Object[]{e});
        } catch (Throwable th) {
            FFDCFilter.processException(th, "com.ibm.ws.jaxrs20.client.security.saml.PropagationHandler", "98", this, new Object[]{message, str});
            Tr.warning(tc, "failed_to_extract_saml_token_from_subject", new Object[]{th});
            throw new ProcessingException(th);
        }
    }

    @FFDCIgnore({NoSuchMethodException.class})
    public static String getEncodedSaml20Token() {
        String str = null;
        String str2 = null;
        try {
            for (Object obj : WSSubject.getRunAsSubject().getPrivateCredentials()) {
                try {
                    str2 = (String) obj.getClass().getDeclaredMethod("getSAMLAsString", new Class[0]).invoke(obj, new Object[0]);
                    break;
                } catch (NoSuchMethodException e) {
                } catch (Exception e2) {
                    FFDCFilter.processException(e2, "com.ibm.ws.jaxrs20.client.security.saml.PropagationHandler", "125", (Object) null, new Object[0]);
                    Tr.warning(tc, "failed_to_extract_saml_token_from_subject", new Object[]{e2.getLocalizedMessage()});
                }
            }
        } catch (Exception e3) {
            FFDCFilter.processException(e3, "com.ibm.ws.jaxrs20.client.security.saml.PropagationHandler", "129", (Object) null, new Object[0]);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception while getting SAML token from subject:", new Object[]{e3.getCause()});
            }
            Tr.warning(tc, "failed_to_extract_saml_token_from_subject", new Object[]{e3.getLocalizedMessage()});
        }
        if (str2 != null) {
            byte[] bArr = null;
            try {
                bArr = str2.getBytes("UTF-8");
            } catch (UnsupportedEncodingException e4) {
                FFDCFilter.processException(e4, "com.ibm.ws.jaxrs20.client.security.saml.PropagationHandler", "139", (Object) null, new Object[0]);
            }
            if (bArr != null) {
                str = Base64Coder.base64EncodeToString(bArr);
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Error while trying to get token bytes using utf-8:", new Object[0]);
            }
        }
        return str;
    }
}
