package org.apache.cxf.sts.token.validator;

import java.security.Principal;
import java.util.Set;
import javax.security.auth.Subject;
import org.apache.cxf.rt.security.claims.ClaimCollection;
import org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext;
import org.apache.cxf.rt.security.saml.utils.SAMLUtils;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;

/* loaded from: input_file:WEB-INF/lib/cxf-services-sts-core-3.5.3.jar:org/apache/cxf/sts/token/validator/DefaultSAMLRoleParser.class */
public class DefaultSAMLRoleParser extends DefaultSubjectRoleParser implements SAMLRoleParser {
    public static final String SAML_ROLE_ATTRIBUTENAME_DEFAULT = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role";
    private boolean useJaasSubject = true;
    private String roleAttributeName = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role";

    @Override // org.apache.cxf.sts.token.validator.SAMLRoleParser
    public Set<Principal> parseRolesFromAssertion(Principal principal, Subject subject, SamlAssertionWrapper samlAssertionWrapper) {
        if (subject != null && this.useJaasSubject) {
            return super.parseRolesFromSubject(principal, subject);
        }
        ClaimCollection claims = SAMLUtils.getClaims(samlAssertionWrapper);
        return new SAMLSecurityContext(principal, SAMLUtils.parseRolesFromClaims(claims, this.roleAttributeName, null), claims).getUserRoles();
    }

    public boolean isUseJaasSubject() {
        return this.useJaasSubject;
    }

    public void setUseJaasSubject(boolean z) {
        this.useJaasSubject = z;
    }

    public String getRoleAttributeName() {
        return this.roleAttributeName;
    }

    public void setRoleAttributeName(String str) {
        this.roleAttributeName = str;
    }
}
