package org.apache.cxf.rs.security.saml;

import java.io.InputStream;
import java.io.InputStreamReader;
import javax.ws.rs.core.Response;
import javax.xml.stream.XMLStreamReader;
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.jaxrs.model.ClassResourceInfo;
import org.apache.cxf.message.Message;
import org.apache.cxf.staxutils.StaxUtils;
import org.apache.cxf.staxutils.W3CDOMStreamReader;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;

/* loaded from: input_file:cxf-bundle-2.7.11.jar:org/apache/cxf/rs/security/saml/SamlEnvelopedInHandler.class */
public class SamlEnvelopedInHandler extends AbstractSamlInHandler {
    private static final String SAML2_NS = "urn:oasis:names:tc:SAML:2.0:assertion";
    private static final String SAML1_NS = "urn:oasis:names:tc:SAML:1.0:assertion";
    private static final String SAML_ASSERTION = "Assertion";
    private boolean bodyIsRoot;

    @Override // org.apache.cxf.jaxrs.ext.RequestHandler
    public Response handleRequest(Message message, ClassResourceInfo classResourceInfo) {
        if ("GET".equals((String) message.get(Message.HTTP_REQUEST_METHOD))) {
            return null;
        }
        Document document = null;
        InputStream inputStream = (InputStream) message.getContent(InputStream.class);
        if (inputStream != null) {
            try {
                document = StaxUtils.read(new InputStreamReader(inputStream, "UTF-8"));
            } catch (Exception e) {
                throwFault("Invalid XML payload", e);
            }
        } else {
            XMLStreamReader xMLStreamReader = (XMLStreamReader) message.getContent(XMLStreamReader.class);
            if (xMLStreamReader instanceof W3CDOMStreamReader) {
                document = ((W3CDOMStreamReader) xMLStreamReader).getDocument();
            }
        }
        if (document == null) {
            throwFault("No payload is available", null);
        }
        Element node = getNode(document.getDocumentElement(), "urn:oasis:names:tc:SAML:2.0:assertion", "Assertion");
        if (node == null) {
            node = getNode(document.getDocumentElement(), "urn:oasis:names:tc:SAML:1.0:assertion", "Assertion");
        }
        if (node == null) {
            throwFault("SAML Assertion is not available", null);
        }
        validateToken(message, node);
        document.getDocumentElement().removeChild(node);
        if (this.bodyIsRoot) {
            message.setContent(XMLStreamReader.class, new W3CDOMStreamReader(document));
            message.setContent(InputStream.class, null);
            return null;
        }
        Element actualBody = getActualBody(document.getDocumentElement());
        if (actualBody == null) {
            return null;
        }
        DOMUtils.createDocument().adoptNode(actualBody);
        message.setContent(XMLStreamReader.class, new W3CDOMStreamReader(actualBody));
        message.setContent(InputStream.class, null);
        return null;
    }

    private Element getActualBody(Element element) {
        Element firstElement = DOMUtils.getFirstElement(element);
        if (firstElement != null) {
            element.removeChild(firstElement);
        }
        return firstElement;
    }

    protected Element getNode(Element element, String str, String str2) {
        NodeList elementsByTagNameNS = element.getElementsByTagNameNS(str, str2);
        if (elementsByTagNameNS == null || elementsByTagNameNS.getLength() != 1) {
            return null;
        }
        return (Element) elementsByTagNameNS.item(0);
    }

    public void setBodyIsRoot(boolean z) {
        this.bodyIsRoot = z;
    }
}
