package com.ibm.ws.wssecurity.wssapi.token.impl;

import com.ibm.websphere.wssecurity.wssapi.WSSException;
import com.ibm.websphere.wssecurity.wssapi.token.SAMLToken;
import com.ibm.websphere.wssecurity.wssapi.token.SAMLTokenFactory;
import com.ibm.websphere.wssecurity.wssapi.token.SecurityToken;
import com.ibm.ws.wssecurity.util.Tr;
import com.ibm.ws.wssecurity.util.TraceComponent;
import com.ibm.wsspi.wssecurity.wssapi.WSSTokenFactory;
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;

/* loaded from: input_file:lib/com.ibm.jaxws.thinclient_9.0.jar:com/ibm/ws/wssecurity/wssapi/token/impl/SAMLWSSTokenFactory.class */
public class SAMLWSSTokenFactory implements WSSTokenFactory {
    private static final TraceComponent tc = Tr.register(SAMLWSSTokenFactory.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.wssmessages");

    @Override // com.ibm.wsspi.wssecurity.wssapi.WSSTokenFactory
    public SecurityToken newSecurityToken(final String str, final Subject subject, final CallbackHandler callbackHandler) throws WSSException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createSecurityToken login = " + str + " subject = " + subject);
        }
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(SAMLTokenFactory.GET_NEWSAMLTOKEN_PERM);
        }
        try {
            return (SecurityToken) AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: com.ibm.ws.wssecurity.wssapi.token.impl.SAMLWSSTokenFactory.1
                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws WSSException {
                    if (SAMLWSSTokenFactory.tc.isDebugEnabled()) {
                        Tr.debug(SAMLWSSTokenFactory.tc, "Performing attribute propagation login.");
                    }
                    try {
                        LoginContext loginContext = subject != null ? new LoginContext(str, subject, callbackHandler) : new LoginContext(str, callbackHandler);
                        loginContext.login();
                        for (Object obj : loginContext.getSubject().getPrivateCredentials()) {
                            if (obj instanceof SAMLToken) {
                                if (SAMLWSSTokenFactory.tc.isDebugEnabled()) {
                                    Tr.debug(SAMLWSSTokenFactory.tc, "Found SAMLToken");
                                }
                                return (SecurityToken) obj;
                            }
                        }
                        return null;
                    } catch (LoginException e) {
                        Tr.error(SAMLWSSTokenFactory.tc, "security.wssecurity.LoginProcessor.s11", new Object[]{e});
                        throw new SecurityException(e);
                    }
                }
            });
        } catch (PrivilegedActionException e) {
            Throwable cause = e.getCause();
            if (cause instanceof WSSException) {
                throw ((WSSException) cause);
            }
            throw new WSSException(cause.getMessage());
        }
    }
}
