package no.nav.common.cxf.saml;

import java.util.Map;
import java.util.Properties;
import javax.servlet.http.HttpServletRequest;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.security.SecurityContext;
import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.principal.SAMLTokenPrincipal;
import org.apache.wss4j.dom.handler.RequestData;
import org.opensaml.saml.saml2.core.Assertion;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:no/nav/common/cxf/saml/SAMLInInterceptor.class */
public class SAMLInInterceptor extends WSS4JInInterceptor {
    private static final Logger logger = LoggerFactory.getLogger(SAMLInInterceptor.class);
    public static final String SUBJECT_REQUEST_ATTRIBUTE_NAME = SAMLInInterceptor.class.getName();

    public SAMLInInterceptor() {
        setProperty("action", "SAMLTokenSigned");
    }

    public SAMLInInterceptor(boolean z) {
        super(z);
        setProperty("action", "SAMLTokenSigned");
    }

    public SAMLInInterceptor(Map<String, Object> map) {
        super(map);
        setProperty("action", "SAMLTokenSigned");
    }

    public Crypto loadSignatureCrypto(RequestData requestData) throws WSSecurityException {
        Properties properties = new Properties();
        properties.setProperty("org.apache.wss4j.crypto.merlin.truststore.file", System.getProperty("javax.net.ssl.trustStore"));
        properties.setProperty("org.apache.wss4j.crypto.merlin.truststore.password", System.getProperty("javax.net.ssl.trustStorePassword"));
        return CryptoFactory.getInstance(properties);
    }

    public void handleMessage(SoapMessage soapMessage) {
        super.handleMessage(soapMessage);
        SecurityContext securityContext = (SecurityContext) soapMessage.get(SecurityContext.class.getName());
        if (securityContext == null) {
            throw new RuntimeException("Cannot get SecurityContext from SoapMessage");
        }
        SAMLTokenPrincipal userPrincipal = securityContext.getUserPrincipal();
        if (userPrincipal == null) {
            throw new RuntimeException("Cannot get SAMLTokenPrincipal from SecurityContext");
        }
        Assertion saml2 = userPrincipal.getToken().getSaml2();
        logger.debug("SAML Issuer: " + saml2.getIssuer().getValue());
        logger.debug("SAML Subject: " + saml2.getSubject().getNameID().getValue());
        try {
            ((HttpServletRequest) soapMessage.get("HTTP.REQUEST")).setAttribute(SUBJECT_REQUEST_ATTRIBUTE_NAME, SamlUtils.samlAssertionToSubject(saml2));
        } catch (Exception e) {
            logger.info("Login failed", e);
            WSSecurityException wSSecurityException = new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, e);
            throw new Fault(wSSecurityException, wSSecurityException.getFaultCode());
        }
    }
}
