package no.nav.common.cxf;

import java.util.HashMap;
import javax.xml.namespace.QName;
import org.apache.cxf.Bus;
import org.apache.cxf.BusException;
import org.apache.cxf.binding.soap.Soap12;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.endpoint.Client;
import org.apache.cxf.endpoint.EndpointException;
import org.apache.cxf.interceptor.LoggingInInterceptor;
import org.apache.cxf.interceptor.LoggingOutInterceptor;
import org.apache.cxf.message.Message;
import org.apache.cxf.service.model.EndpointInfo;
import org.apache.cxf.transport.Conduit;
import org.apache.cxf.ws.policy.PolicyBuilder;
import org.apache.cxf.ws.policy.PolicyEngine;
import org.apache.cxf.ws.policy.attachment.reference.RemoteReferenceResolver;
import org.apache.cxf.ws.security.trust.STSClient;
import org.apache.neethi.Policy;

/* loaded from: input_file:no/nav/common/cxf/OidcClientWrapper.class */
public class OidcClientWrapper {
    public static void configureStsForOnBehalfOfWithJWT(Client client, StsConfig stsConfig) {
        client.getRequestContext().put("security.sts.client", createBasicSTSClient(client.getBus(), stsConfig.url, stsConfig.username, stsConfig.password, StsType.ON_BEHALF_OF_WITH_JWT));
        client.getRequestContext().put("security.cache.issued.token.in.endpoint", false);
        setEndpointPolicyReference(client, "classpath:JwtSTSPolicy.xml");
    }

    private static String requireProperty(String str) {
        String property = System.getProperty(str);
        if (property == null) {
            throw new RuntimeException("Required property " + str + " not available.");
        }
        return property;
    }

    private static STSClient createBasicSTSClient(Bus bus, String str, String str2, String str3, StsType stsType) {
        NAVOidcSTSClient nAVOidcSTSClient = new NAVOidcSTSClient(bus, stsType);
        nAVOidcSTSClient.setWsdlLocation("wsdl/ws-trust-1.4-service.wsdl");
        nAVOidcSTSClient.setServiceQName(new QName("http://docs.oasis-open.org/ws-sx/ws-trust/200512/wsdl", "SecurityTokenServiceProvider"));
        nAVOidcSTSClient.setEndpointQName(new QName("http://docs.oasis-open.org/ws-sx/ws-trust/200512/wsdl", "SecurityTokenServiceSOAP"));
        nAVOidcSTSClient.setEnableAppliesTo(false);
        nAVOidcSTSClient.setAllowRenewing(false);
        try {
            nAVOidcSTSClient.getClient().getRequestContext().put(Message.ENDPOINT_ADDRESS, str);
            nAVOidcSTSClient.getOutInterceptors().add(new LoggingOutInterceptor());
            nAVOidcSTSClient.getInInterceptors().add(new LoggingInInterceptor());
            HashMap hashMap = new HashMap();
            hashMap.put("security.username", str2);
            hashMap.put("security.password", str3);
            nAVOidcSTSClient.setProperties(hashMap);
            return nAVOidcSTSClient;
        } catch (BusException | EndpointException e) {
            throw new RuntimeException("Failed to set endpoint adress of STSClient", e);
        }
    }

    private static void setEndpointPolicyReference(Client client, String str) {
        setClientEndpointPolicy(client, resolvePolicyReference(client, str));
    }

    private static Policy resolvePolicyReference(Client client, String str) {
        return new RemoteReferenceResolver("", (PolicyBuilder) client.getBus().getExtension(PolicyBuilder.class)).resolveReference(str);
    }

    private static void setClientEndpointPolicy(Client client, Policy policy) {
        EndpointInfo endpointInfo = client.getEndpoint().getEndpointInfo();
        PolicyEngine policyEngine = (PolicyEngine) client.getBus().getExtension(PolicyEngine.class);
        SoapMessage soapMessage = new SoapMessage(Soap12.getInstance());
        policyEngine.setClientEndpointPolicy(endpointInfo, policyEngine.getClientEndpointPolicy(endpointInfo, (Conduit) null, soapMessage).updatePolicy(policy, soapMessage));
    }
}
