package net.shibboleth.idp.authn.impl;

import java.util.Iterator;
import java.util.List;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.idp.authn.AbstractExtractionAction;
import net.shibboleth.idp.authn.AuthnEventIds;
import net.shibboleth.idp.authn.context.AuthenticationContext;
import net.shibboleth.idp.authn.context.UsernamePasswordContext;
import net.shibboleth.utilities.java.support.collection.Pair;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.profile.action.ActionSupport;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.soap.soap11.Envelope;
import org.opensaml.soap.wssecurity.Password;
import org.opensaml.soap.wssecurity.Security;
import org.opensaml.soap.wssecurity.Username;
import org.opensaml.soap.wssecurity.UsernameToken;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/idp-authn-impl-4.1.6.jar:net/shibboleth/idp/authn/impl/ExtractUsernamePasswordFromWSSToken.class */
public class ExtractUsernamePasswordFromWSSToken extends AbstractExtractionAction {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger((Class<?>) ExtractUsernamePasswordFromWSSToken.class);

    @Nullable
    private Envelope inboundMessage;

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.shibboleth.idp.authn.AbstractAuthenticationAction
    public boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AuthenticationContext authenticationContext) {
        MessageContext inboundMessageContext = profileRequestContext.getInboundMessageContext();
        if (inboundMessageContext != null && (inboundMessageContext.getMessage() instanceof Envelope)) {
            this.inboundMessage = (Envelope) inboundMessageContext.getMessage();
            return super.doPreExecute(profileRequestContext, authenticationContext);
        }
        this.log.debug("{} Inbound message context missing or doesn't contain a SOAP Envelope", getLogPrefix());
        ActionSupport.buildEvent(profileRequestContext, AuthnEventIds.NO_CREDENTIALS);
        return false;
    }

    @Override // net.shibboleth.idp.authn.AbstractAuthenticationAction
    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AuthenticationContext authenticationContext) {
        Pair<String, String> extractUsernamePassword = extractUsernamePassword(this.inboundMessage);
        if (extractUsernamePassword != null) {
            ((UsernamePasswordContext) authenticationContext.getSubcontext(UsernamePasswordContext.class, true)).setUsername(extractUsernamePassword.getFirst()).setPassword(extractUsernamePassword.getSecond());
        } else {
            this.log.debug("{} inbound message does not contain a username and password", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, AuthnEventIds.NO_CREDENTIALS);
        }
    }

    @Nullable
    private Pair<String, String> extractUsernamePassword(@Nonnull Envelope envelope) {
        UsernameToken usernameToken = getUsernameToken(envelope);
        if (usernameToken == null) {
            return null;
        }
        Username username = usernameToken.getUsername();
        if (username == null) {
            this.log.debug("{} <UsernameToken> does not contain a <Username>", getLogPrefix());
            return null;
        }
        List<XMLObject> unknownXMLObjects = usernameToken.getUnknownXMLObjects(Password.ELEMENT_NAME);
        if (unknownXMLObjects == null || unknownXMLObjects.size() == 0) {
            this.log.debug("{} <UsernameToken> does not contain a <Password>", getLogPrefix());
            return null;
        }
        Iterator<XMLObject> it = unknownXMLObjects.iterator();
        Password password = null;
        while (it.hasNext()) {
            password = (Password) it.next();
            if (password.getType() != null && !password.getType().equals(Password.TYPE_PASSWORD_TEXT)) {
                this.log.debug("{} Skipping password with unsupported type {}", getLogPrefix(), password.getType());
                password = null;
            }
        }
        if (password != null) {
            return new Pair<>(username.getValue(), password.getValue());
        }
        this.log.debug("{} <UsernameToken> does not contain a support <Password>", getLogPrefix());
        return null;
    }

    @Nullable
    private UsernameToken getUsernameToken(@Nonnull Envelope envelope) {
        List<XMLObject> unknownXMLObjects = envelope.getHeader().getUnknownXMLObjects(Security.ELEMENT_NAME);
        if (unknownXMLObjects == null || unknownXMLObjects.size() == 0) {
            this.log.debug("{} Inbound message does not contain <Security>", getLogPrefix());
            return null;
        }
        List<XMLObject> unknownXMLObjects2 = ((Security) unknownXMLObjects.get(0)).getUnknownXMLObjects(UsernameToken.ELEMENT_NAME);
        if (unknownXMLObjects2 != null && unknownXMLObjects2.size() != 0) {
            return (UsernameToken) unknownXMLObjects2.get(0);
        }
        this.log.debug("{} Inbound message security header does not contain <UsernameToken>", getLogPrefix());
        return null;
    }
}
