package org.picketlink.identity.federation.core.wstrust.handlers;

import java.util.Collections;
import java.util.Iterator;
import java.util.Set;
import javax.annotation.PostConstruct;
import javax.annotation.Resource;
import javax.xml.namespace.QName;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPFactory;
import javax.xml.soap.SOAPFault;
import javax.xml.soap.SOAPHeaderElement;
import javax.xml.ws.WebServiceException;
import javax.xml.ws.handler.MessageContext;
import javax.xml.ws.handler.soap.SOAPHandler;
import javax.xml.ws.handler.soap.SOAPMessageContext;
import javax.xml.ws.soap.SOAPFaultException;
import org.picketlink.common.PicketLinkLogger;
import org.picketlink.common.PicketLinkLoggerFactory;
import org.picketlink.common.constants.WSTrustConstants;
import org.picketlink.common.exceptions.ParsingException;
import org.picketlink.common.exceptions.fed.WSTrustException;
import org.picketlink.identity.federation.core.wstrust.STSClient;
import org.picketlink.identity.federation.core.wstrust.STSClientConfig;
import org.picketlink.identity.federation.core.wstrust.STSClientFactory;
import org.picketlink.identity.federation.core.wstrust.STSClientPool;
import org.w3c.dom.Element;

/* loaded from: input_file:org/picketlink/identity/federation/core/wstrust/handlers/STSSecurityHandler.class */
public abstract class STSSecurityHandler implements SOAPHandler<SOAPMessageContext> {
    protected static final PicketLinkLogger logger = PicketLinkLoggerFactory.getLogger();
    public static final String USERNAME_MSG_CONTEXT_PROPERTY = "org.picketlink.identity.federation.core.wstrust.handlers.username";
    public static final String PASSWORD_MSG_CONTEXT_PROPERTY = "org.picketlink.identity.federation.core.wstrust.handlers.password";
    private String configFile = STSClientConfig.DEFAULT_CONFIG_FILE;
    private STSClientConfig.Builder configBuilder;

    public abstract QName getSecurityElementQName();

    public abstract QName getTokenElementQName();

    @PostConstruct
    public void parseSTSConfig() {
        this.configBuilder = new STSClientConfig.Builder(this.configFile);
    }

    public boolean handleMessage(SOAPMessageContext sOAPMessageContext) {
        STSClientPool sTSClientFactory;
        STSClientPool sTSClientFactory2;
        STSClientPool sTSClientFactory3;
        STSClientPool sTSClientFactory4;
        if (isOutBound(sOAPMessageContext)) {
            return true;
        }
        STSClient sTSClient = null;
        try {
            try {
                Element extractSecurityToken = extractSecurityToken(sOAPMessageContext, getSecurityElementQName(), getTokenElementQName());
                if (extractSecurityToken == null) {
                    throwSecurityTokenUnavailable();
                }
                setUsernameFromMessageContext(sOAPMessageContext, this.configBuilder);
                setPasswordFromMessageContext(sOAPMessageContext, this.configBuilder);
                sTSClient = createSTSClient(this.configBuilder.build());
                if (!sTSClient.validateToken(extractSecurityToken)) {
                    throwFailedAuthentication();
                }
                if (sTSClient == null || (sTSClientFactory4 = STSClientFactory.getInstance()) == null) {
                    return true;
                }
                sTSClientFactory4.returnClient(sTSClient);
                return true;
            } catch (WSTrustException e) {
                throwInvalidSecurity();
                if (sTSClient == null || (sTSClientFactory2 = STSClientFactory.getInstance()) == null) {
                    return true;
                }
                sTSClientFactory2.returnClient(sTSClient);
                return true;
            } catch (ParsingException e2) {
                throwInvalidSecurity();
                if (sTSClient == null || (sTSClientFactory = STSClientFactory.getInstance()) == null) {
                    return true;
                }
                sTSClientFactory.returnClient(sTSClient);
                return true;
            }
        } catch (Throwable th) {
            if (sTSClient != null && (sTSClientFactory3 = STSClientFactory.getInstance()) != null) {
                sTSClientFactory3.returnClient(sTSClient);
            }
            throw th;
        }
    }

    private Element extractSecurityToken(SOAPMessageContext sOAPMessageContext, QName qName, QName qName2) {
        try {
            if (qName == null) {
                throw logger.nullArgumentError("securityQName from subclass");
            }
            if (qName2 == null) {
                throw logger.nullArgumentError("tokenQName from subclass");
            }
            Iterator childElements = sOAPMessageContext.getMessage().getSOAPHeader().getChildElements(qName);
            while (childElements.hasNext()) {
                SOAPHeaderElement sOAPHeaderElement = (SOAPHeaderElement) childElements.next();
                if (sOAPHeaderElement.getElementQName().equals(qName)) {
                    Iterator childElements2 = sOAPHeaderElement.getChildElements(qName2);
                    if (childElements2.hasNext()) {
                        return (Element) childElements2.next();
                    }
                }
            }
            return null;
        } catch (SOAPException e) {
            throwInvalidSecurity();
            return null;
        }
    }

    private void throwSecurityTokenUnavailable() throws SOAPFaultException {
        throw new SOAPFaultException(createSoapFault("PL00092: Null Value:No security token could be found in the SOAP Header", WSTrustConstants.SECURITY_TOKEN_UNAVAILABLE));
    }

    private void throwFailedAuthentication() throws SOAPFaultException {
        throw new SOAPFaultException(createSoapFault("The security token could not be authenticated or authorized", WSTrustConstants.FAILED_AUTHENTICATION));
    }

    private void throwInvalidSecurity() throws SOAPFaultException {
        throw new SOAPFaultException(createSoapFault("An error occurred while processing the security header", WSTrustConstants.INVALID_SECURITY));
    }

    private SOAPFault createSoapFault(String str, QName qName) {
        try {
            return SOAPFactory.newInstance().createFault(str, qName);
        } catch (SOAPException e) {
            throw new WebServiceException("Exception while trying to create SOAPFault", e);
        }
    }

    private void setUsernameFromMessageContext(SOAPMessageContext sOAPMessageContext, STSClientConfig.Builder builder) {
        String str = (String) sOAPMessageContext.get(USERNAME_MSG_CONTEXT_PROPERTY);
        if (str != null) {
            this.configBuilder.username(str);
        }
    }

    private void setPasswordFromMessageContext(SOAPMessageContext sOAPMessageContext, STSClientConfig.Builder builder) {
        String str = (String) sOAPMessageContext.get(PASSWORD_MSG_CONTEXT_PROPERTY);
        if (str != null) {
            this.configBuilder.password(str);
        }
    }

    public Set<QName> getHeaders() {
        return Collections.singleton(getSecurityElementQName());
    }

    public boolean handleFault(SOAPMessageContext sOAPMessageContext) {
        return true;
    }

    public void close(MessageContext messageContext) {
    }

    @Resource(name = "STSClientConfig")
    public void setConfigFile(String str) {
        if (str != null) {
            this.configFile = str;
        }
    }

    STSClientConfig.Builder getConfigBuilder() {
        return this.configBuilder;
    }

    STSClient createSTSClient(STSClientConfig sTSClientConfig) throws ParsingException {
        STSClientPool sTSClientFactory = STSClientFactory.getInstance();
        if (!sTSClientFactory.configExists(sTSClientConfig)) {
            sTSClientFactory.createPool(sTSClientConfig);
        }
        return sTSClientFactory.getClient(sTSClientConfig);
    }

    private boolean isOutBound(SOAPMessageContext sOAPMessageContext) {
        return ((Boolean) sOAPMessageContext.get("javax.xml.ws.handler.message.outbound")).booleanValue();
    }
}
