package org.apereo.cas.support.x509;

import lombok.Generated;
import org.apache.cxf.sts.request.ReceivedToken;
import org.apache.cxf.sts.token.delegation.TokenDelegationHandler;
import org.apache.cxf.sts.token.delegation.TokenDelegationParameters;
import org.apache.cxf.sts.token.delegation.TokenDelegationResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Element;

/* loaded from: input_file:org/apereo/cas/support/x509/X509TokenDelegationHandler.class */
public class X509TokenDelegationHandler implements TokenDelegationHandler {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(X509TokenDelegationHandler.class);

    public boolean canHandleToken(ReceivedToken receivedToken) {
        Object token = receivedToken.getToken();
        if (!(token instanceof Element)) {
            return false;
        }
        Element element = (Element) token;
        return "http://www.w3.org/2000/09/xmldsig#".equals(element.getNamespaceURI()) && "X509Data".equals(element.getLocalName());
    }

    public TokenDelegationResponse isDelegationAllowed(TokenDelegationParameters tokenDelegationParameters) {
        TokenDelegationResponse tokenDelegationResponse = new TokenDelegationResponse();
        ReceivedToken token = tokenDelegationParameters.getToken();
        tokenDelegationResponse.setToken(token);
        if (!token.isDOMElement()) {
            return tokenDelegationResponse;
        }
        if (token.getState() != ReceivedToken.STATE.VALID || token.getPrincipal() == null) {
            LOGGER.debug("Delegation is not allowed, as the token is invalid or the principal is null");
        } else {
            tokenDelegationResponse.setDelegationAllowed(true);
            LOGGER.debug("Delegation is allowed for: [{}]", token.getPrincipal());
        }
        return tokenDelegationResponse;
    }
}
