package org.apache.cxf.sts.request;

import com.fasterxml.jackson.core.util.MinimalPrettyPrinter;
import java.io.ByteArrayInputStream;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.KeyException;
import java.security.NoSuchProviderException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.xml.bind.JAXBElement;
import javax.xml.crypto.MarshalException;
import javax.xml.crypto.dom.DOMStructure;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import javax.xml.crypto.dsig.keyinfo.KeyValue;
import javax.xml.crypto.dsig.keyinfo.X509Data;
import javax.xml.ws.WebServiceContext;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.common.util.Base64Utility;
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.rt.security.claims.Claim;
import org.apache.cxf.rt.security.claims.ClaimCollection;
import org.apache.cxf.sts.QNameConstants;
import org.apache.cxf.sts.STSConstants;
import org.apache.cxf.sts.STSPropertiesMBean;
import org.apache.cxf.sts.claims.ClaimsParser;
import org.apache.cxf.sts.claims.IdentityClaimsParser;
import org.apache.cxf.ws.security.sts.provider.STSException;
import org.apache.cxf.ws.security.sts.provider.model.BinarySecretType;
import org.apache.cxf.ws.security.sts.provider.model.CancelTargetType;
import org.apache.cxf.ws.security.sts.provider.model.ClaimsType;
import org.apache.cxf.ws.security.sts.provider.model.EntropyType;
import org.apache.cxf.ws.security.sts.provider.model.LifetimeType;
import org.apache.cxf.ws.security.sts.provider.model.OnBehalfOfType;
import org.apache.cxf.ws.security.sts.provider.model.ParticipantType;
import org.apache.cxf.ws.security.sts.provider.model.ParticipantsType;
import org.apache.cxf.ws.security.sts.provider.model.RenewTargetType;
import org.apache.cxf.ws.security.sts.provider.model.RenewingType;
import org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType;
import org.apache.cxf.ws.security.sts.provider.model.UseKeyType;
import org.apache.cxf.ws.security.sts.provider.model.ValidateTargetType;
import org.apache.cxf.ws.security.sts.provider.model.secext.ReferenceType;
import org.apache.cxf.ws.security.sts.provider.model.secext.SecurityTokenReferenceType;
import org.apache.cxf.ws.security.sts.provider.model.wstrust14.ActAsType;
import org.apache.cxf.ws.security.sts.provider.model.xmldsig.KeyInfoType;
import org.apache.cxf.ws.security.sts.provider.model.xmldsig.X509DataType;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.dom.WSDocInfo;
import org.apache.wss4j.dom.WSSConfig;
import org.apache.wss4j.dom.WSSecurityEngineResult;
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.handler.WSHandlerConstants;
import org.apache.wss4j.dom.handler.WSHandlerResult;
import org.apache.wss4j.dom.message.token.SecurityContextToken;
import org.apache.wss4j.dom.processor.EncryptedKeyProcessor;
import org.apache.xml.security.keys.content.x509.XMLX509Certificate;
import org.opensaml.ws.wstrust.Claims;
import org.opensaml.ws.wstrust.KeyType;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;

/* loaded from: input_file:WEB-INF/lib/cxf-services-sts-core-3.0.4.redhat-621177.jar:org/apache/cxf/sts/request/RequestParser.class */
public class RequestParser {
    private static final Logger LOG = LogUtils.getL7dLogger(RequestParser.class);
    private KeyRequirements keyRequirements = new KeyRequirements();
    private TokenRequirements tokenRequirements = new TokenRequirements();

    public void parseRequest(RequestSecurityTokenType requestSecurityTokenType, WebServiceContext webServiceContext, STSPropertiesMBean sTSPropertiesMBean, List<ClaimsParser> list) throws STSException {
        LOG.fine("Parsing RequestSecurityToken");
        this.keyRequirements = new KeyRequirements();
        this.tokenRequirements = new TokenRequirements();
        for (Object obj : requestSecurityTokenType.getAny()) {
            if (obj instanceof JAXBElement) {
                JAXBElement jAXBElement = (JAXBElement) obj;
                try {
                    boolean parseTokenRequirements = parseTokenRequirements(jAXBElement, this.tokenRequirements, webServiceContext, list);
                    if (!parseTokenRequirements) {
                        parseTokenRequirements = parseKeyRequirements(jAXBElement, this.keyRequirements, webServiceContext, sTSPropertiesMBean);
                    }
                    if (!parseTokenRequirements) {
                        LOG.log(Level.WARNING, "Found a JAXB object of unknown type: " + jAXBElement.getName());
                        throw new STSException("An unknown element was received", STSException.BAD_REQUEST);
                    }
                } catch (STSException e) {
                    LOG.log(Level.WARNING, "", (Throwable) e);
                    throw e;
                } catch (RuntimeException e2) {
                    LOG.log(Level.WARNING, "", (Throwable) e2);
                    throw e2;
                }
            } else {
                if (!(obj instanceof Element)) {
                    LOG.log(Level.WARNING, "An unknown element was received");
                    throw new STSException("An unknown element was received", STSException.BAD_REQUEST);
                }
                Element element = (Element) obj;
                if ("http://docs.oasis-open.org/ws-sx/ws-trust/200512".equals(element.getNamespaceURI()) && "SecondaryParameters".equals(element.getLocalName())) {
                    parseSecondaryParameters(element, list);
                } else {
                    if (!"AppliesTo".equals(element.getLocalName()) || (!"http://www.w3.org/ns/ws-policy".equals(element.getNamespaceURI()) && !"http://schemas.xmlsoap.org/ws/2004/09/policy".equals(element.getNamespaceURI()))) {
                        LOG.log(Level.WARNING, "An unknown (DOM) element was received: " + element.getLocalName() + MinimalPrettyPrinter.DEFAULT_ROOT_VALUE_SEPARATOR + element.getNamespaceURI());
                        throw new STSException("An unknown element was received", STSException.BAD_REQUEST);
                    }
                    this.tokenRequirements.setAppliesTo(element);
                    LOG.fine("Found AppliesTo element");
                }
            }
        }
        String context = requestSecurityTokenType.getContext();
        this.tokenRequirements.setContext(context);
        LOG.fine("Received Context attribute: " + context);
    }

    public KeyRequirements getKeyRequirements() {
        return this.keyRequirements;
    }

    public TokenRequirements getTokenRequirements() {
        return this.tokenRequirements;
    }

    private static boolean parseKeyRequirements(JAXBElement<?> jAXBElement, KeyRequirements keyRequirements, WebServiceContext webServiceContext, STSPropertiesMBean sTSPropertiesMBean) {
        if (QNameConstants.AUTHENTICATION_TYPE.equals(jAXBElement.getName())) {
            String str = (String) jAXBElement.getValue();
            keyRequirements.setAuthenticationType(str);
            LOG.fine("Found AuthenticationType: " + str);
            return true;
        }
        if (QNameConstants.KEY_TYPE.equals(jAXBElement.getName())) {
            String str2 = (String) jAXBElement.getValue();
            keyRequirements.setKeyType(str2);
            LOG.fine("Found KeyType: " + str2);
            return true;
        }
        if (QNameConstants.KEY_SIZE.equals(jAXBElement.getName())) {
            long longValue = ((Long) jAXBElement.getValue()).longValue();
            keyRequirements.setKeySize(longValue);
            LOG.fine("Found KeySize: " + longValue);
            return true;
        }
        if (QNameConstants.SIGNATURE_ALGORITHM.equals(jAXBElement.getName())) {
            String str3 = (String) jAXBElement.getValue();
            keyRequirements.setSignatureAlgorithm(str3);
            LOG.fine("Found Signature Algorithm: " + str3);
            return true;
        }
        if (QNameConstants.ENCRYPTION_ALGORITHM.equals(jAXBElement.getName())) {
            String str4 = (String) jAXBElement.getValue();
            keyRequirements.setEncryptionAlgorithm(str4);
            LOG.fine("Found Encryption Algorithm: " + str4);
            return true;
        }
        if (QNameConstants.C14N_ALGORITHM.equals(jAXBElement.getName())) {
            String str5 = (String) jAXBElement.getValue();
            keyRequirements.setC14nAlgorithm(str5);
            LOG.fine("Found C14n Algorithm: " + str5);
            return true;
        }
        if (QNameConstants.COMPUTED_KEY_ALGORITHM.equals(jAXBElement.getName())) {
            String str6 = (String) jAXBElement.getValue();
            keyRequirements.setComputedKeyAlgorithm(str6);
            LOG.fine("Found ComputedKeyAlgorithm: " + str6);
            return true;
        }
        if (QNameConstants.KEYWRAP_ALGORITHM.equals(jAXBElement.getName())) {
            String str7 = (String) jAXBElement.getValue();
            keyRequirements.setKeywrapAlgorithm(str7);
            LOG.fine("Found KeyWrapAlgorithm: " + str7);
            return true;
        }
        if (QNameConstants.USE_KEY.equals(jAXBElement.getName())) {
            keyRequirements.setReceivedKey(parseUseKey((UseKeyType) jAXBElement.getValue(), webServiceContext));
            return true;
        }
        if (QNameConstants.ENTROPY.equals(jAXBElement.getName())) {
            keyRequirements.setEntropy(parseEntropy((EntropyType) jAXBElement.getValue(), sTSPropertiesMBean));
            return true;
        }
        if (QNameConstants.SIGN_WITH.equals(jAXBElement.getName())) {
            String str8 = (String) jAXBElement.getValue();
            keyRequirements.setSignWith(str8);
            LOG.fine("Found SignWith: " + str8);
            return true;
        }
        if (!QNameConstants.ENCRYPT_WITH.equals(jAXBElement.getName())) {
            return QNameConstants.REQUEST_TYPE.equals(jAXBElement.getName());
        }
        String str9 = (String) jAXBElement.getValue();
        keyRequirements.setEncryptWith(str9);
        LOG.fine("Found EncryptWith: " + str9);
        return true;
    }

    private static boolean parseTokenRequirements(JAXBElement<?> jAXBElement, TokenRequirements tokenRequirements, WebServiceContext webServiceContext, List<ClaimsParser> list) {
        if (QNameConstants.TOKEN_TYPE.equals(jAXBElement.getName())) {
            String str = (String) jAXBElement.getValue();
            tokenRequirements.setTokenType(str);
            LOG.fine("Found TokenType: " + str);
            return true;
        }
        if (QNameConstants.ON_BEHALF_OF.equals(jAXBElement.getName())) {
            tokenRequirements.setOnBehalfOf(new ReceivedToken(((OnBehalfOfType) jAXBElement.getValue()).getAny()));
            LOG.fine("Found OnBehalfOf token");
            return true;
        }
        if (QNameConstants.ACT_AS.equals(jAXBElement.getName())) {
            tokenRequirements.setActAs(new ReceivedToken(((ActAsType) jAXBElement.getValue()).getAny()));
            LOG.fine("Found ActAs token");
            return true;
        }
        if (QNameConstants.LIFETIME.equals(jAXBElement.getName())) {
            LifetimeType lifetimeType = (LifetimeType) jAXBElement.getValue();
            Lifetime lifetime = new Lifetime();
            if (lifetimeType.getCreated() != null) {
                lifetime.setCreated(lifetimeType.getCreated().getValue());
            }
            if (lifetimeType.getExpires() != null) {
                lifetime.setExpires(lifetimeType.getExpires().getValue());
            }
            tokenRequirements.setLifetime(lifetime);
            LOG.fine("Found Lifetime element");
            return true;
        }
        if (QNameConstants.VALIDATE_TARGET.equals(jAXBElement.getName())) {
            ReceivedToken receivedToken = new ReceivedToken(((ValidateTargetType) jAXBElement.getValue()).getAny());
            if (isTokenReferenced(receivedToken.getToken())) {
                receivedToken = new ReceivedToken(fetchTokenElementFromReference(receivedToken.getToken(), webServiceContext));
            }
            tokenRequirements.setValidateTarget(receivedToken);
            LOG.fine("Found ValidateTarget token");
            return true;
        }
        if (QNameConstants.CANCEL_TARGET.equals(jAXBElement.getName())) {
            ReceivedToken receivedToken2 = new ReceivedToken(((CancelTargetType) jAXBElement.getValue()).getAny());
            if (isTokenReferenced(receivedToken2.getToken())) {
                receivedToken2 = new ReceivedToken(fetchTokenElementFromReference(receivedToken2.getToken(), webServiceContext));
            }
            tokenRequirements.setCancelTarget(receivedToken2);
            LOG.fine("Found CancelTarget token");
            return true;
        }
        if (QNameConstants.RENEW_TARGET.equals(jAXBElement.getName())) {
            ReceivedToken receivedToken3 = new ReceivedToken(((RenewTargetType) jAXBElement.getValue()).getAny());
            if (isTokenReferenced(receivedToken3.getToken())) {
                receivedToken3 = new ReceivedToken(fetchTokenElementFromReference(receivedToken3.getToken(), webServiceContext));
            }
            tokenRequirements.setRenewTarget(receivedToken3);
            LOG.fine("Found CancelTarget token");
            return true;
        }
        if (QNameConstants.CLAIMS.equals(jAXBElement.getName())) {
            tokenRequirements.setPrimaryClaims(parseClaims((ClaimsType) jAXBElement.getValue(), list));
            LOG.fine("Found Primary Claims token");
            return true;
        }
        if (!QNameConstants.RENEWING.equals(jAXBElement.getName())) {
            if (!QNameConstants.PARTICIPANTS.equals(jAXBElement.getName())) {
                return false;
            }
            tokenRequirements.setParticipants(parseParticipants((ParticipantsType) jAXBElement.getValue()));
            LOG.fine("Found Participants");
            return true;
        }
        RenewingType renewingType = (RenewingType) jAXBElement.getValue();
        Renewing renewing = new Renewing();
        if (renewingType.isAllow() != null) {
            renewing.setAllowRenewing(renewingType.isAllow().booleanValue());
        }
        if (renewingType.isOK() != null) {
            renewing.setAllowRenewingAfterExpiry(renewingType.isOK().booleanValue());
        }
        tokenRequirements.setRenewing(renewing);
        LOG.fine("Found Renewing token");
        return true;
    }

    private static ReceivedKey parseUseKey(UseKeyType useKeyType, WebServiceContext webServiceContext) throws STSException {
        byte[] bArr = null;
        if (useKeyType.getAny() instanceof JAXBElement) {
            JAXBElement jAXBElement = (JAXBElement) useKeyType.getAny();
            Object value = jAXBElement.getValue();
            if (KeyInfoType.class == jAXBElement.getDeclaredType() || (value instanceof KeyInfoType)) {
                KeyInfoType keyInfoType = (KeyInfoType) KeyInfoType.class.cast(jAXBElement.getValue());
                LOG.fine("Found KeyInfo UseKey type");
                Iterator<Object> it = keyInfoType.getContent().iterator();
                while (it.hasNext()) {
                    X509DataType x509DataType = (X509DataType) extractType(it.next(), X509DataType.class);
                    if (null != x509DataType) {
                        LOG.fine("Found X509Data KeyInfo type");
                        Iterator<Object> it2 = x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName().iterator();
                        while (true) {
                            if (it2.hasNext()) {
                                bArr = (byte[]) extractType(it2.next(), byte[].class);
                                if (null != bArr) {
                                    LOG.fine("Found X509Certificate UseKey type");
                                    break;
                                }
                            }
                        }
                    }
                }
            } else if (SecurityTokenReferenceType.class == jAXBElement.getDeclaredType() || (value instanceof SecurityTokenReferenceType)) {
                try {
                    bArr = Base64Utility.decode(fetchTokenElementFromReference((SecurityTokenReferenceType) SecurityTokenReferenceType.class.cast(jAXBElement.getValue()), webServiceContext).getTextContent().trim());
                    LOG.fine("Found X509Certificate UseKey type via reference");
                } catch (Exception e) {
                    LOG.log(Level.WARNING, "", (Throwable) e);
                    throw new STSException(e.getMessage(), e, STSException.INVALID_REQUEST);
                }
            }
        } else {
            if (!(useKeyType.getAny() instanceof Element)) {
                LOG.log(Level.WARNING, "An unknown element was received");
                throw new STSException("An unknown element was received", STSException.BAD_REQUEST);
            }
            if (isTokenReferenced(useKeyType.getAny())) {
                try {
                    bArr = Base64Utility.decode(fetchTokenElementFromReference(useKeyType.getAny(), webServiceContext).getTextContent().trim());
                    LOG.fine("Found X509Certificate UseKey type via reference");
                } catch (Exception e2) {
                    LOG.log(Level.WARNING, "", (Throwable) e2);
                    throw new STSException(e2.getMessage(), e2, STSException.INVALID_REQUEST);
                }
            } else {
                Element element = (Element) useKeyType.getAny();
                if ("KeyInfo".equals(element.getLocalName())) {
                    return parseKeyInfoElement((Element) useKeyType.getAny());
                }
                NodeList elementsByTagNameNS = element.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "X509Certificate");
                if (elementsByTagNameNS != null && elementsByTagNameNS.getLength() > 0) {
                    try {
                        bArr = Base64Utility.decode(elementsByTagNameNS.item(0).getTextContent().trim());
                        LOG.fine("Found X509Certificate UseKey type");
                    } catch (Exception e3) {
                        LOG.log(Level.WARNING, "", (Throwable) e3);
                        throw new STSException(e3.getMessage(), e3, STSException.INVALID_REQUEST);
                    }
                }
            }
        }
        if (bArr == null) {
            return null;
        }
        try {
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance(XMLX509Certificate.JCA_CERT_ID).generateCertificate(new ByteArrayInputStream(bArr));
            LOG.fine("Successfully parsed X509 Certificate from UseKey");
            ReceivedKey receivedKey = new ReceivedKey();
            receivedKey.setX509Cert(x509Certificate);
            return receivedKey;
        } catch (CertificateException e4) {
            LOG.log(Level.WARNING, "", (Throwable) e4);
            throw new STSException("Error in parsing certificate: ", e4, STSException.INVALID_REQUEST);
        }
    }

    private static Participants parseParticipants(ParticipantsType participantsType) {
        Participants participants = new Participants();
        if (participantsType.getPrimary() != null) {
            participants.setPrimaryParticipant(participantsType.getPrimary().getAny());
        }
        if (participantsType.getParticipant() != null && !participantsType.getParticipant().isEmpty()) {
            ArrayList arrayList = new ArrayList(participantsType.getParticipant().size());
            Iterator<ParticipantType> it = participantsType.getParticipant().iterator();
            while (it.hasNext()) {
                arrayList.add(it.next().getAny());
            }
            participants.setParticipants(arrayList);
        }
        return participants;
    }

    private static <T> T extractType(Object obj, Class<T> cls) {
        if (!(obj instanceof JAXBElement)) {
            return null;
        }
        JAXBElement jAXBElement = (JAXBElement) obj;
        if (cls == jAXBElement.getDeclaredType()) {
            return cls.cast(jAXBElement.getValue());
        }
        return null;
    }

    private static ReceivedKey parseKeyInfoElement(Element element) throws STSException {
        KeyInfoFactory keyInfoFactory;
        try {
            keyInfoFactory = KeyInfoFactory.getInstance("DOM", "ApacheXMLDSig");
        } catch (NoSuchProviderException e) {
            keyInfoFactory = KeyInfoFactory.getInstance("DOM");
        }
        try {
            List content = keyInfoFactory.unmarshalKeyInfo(new DOMStructure(element)).getContent();
            for (int i = 0; i < content.size(); i++) {
                if (content.get(i) instanceof KeyValue) {
                    KeyValue keyValue = (KeyValue) content.get(i);
                    ReceivedKey receivedKey = new ReceivedKey();
                    receivedKey.setPublicKey(keyValue.getPublicKey());
                    return receivedKey;
                }
                if (content.get(i) instanceof X509Certificate) {
                    ReceivedKey receivedKey2 = new ReceivedKey();
                    receivedKey2.setX509Cert((X509Certificate) content.get(i));
                    return receivedKey2;
                }
                if (content.get(i) instanceof X509Data) {
                    X509Data x509Data = (X509Data) content.get(i);
                    for (int i2 = 0; i2 < x509Data.getContent().size(); i2++) {
                        if (x509Data.getContent().get(i2) instanceof X509Certificate) {
                            ReceivedKey receivedKey3 = new ReceivedKey();
                            receivedKey3.setX509Cert((X509Certificate) x509Data.getContent().get(i2));
                            return receivedKey3;
                        }
                    }
                }
            }
            return null;
        } catch (KeyException e2) {
            LOG.log(Level.WARNING, "", (Throwable) e2);
            throw new STSException(e2.getMessage(), e2, STSException.INVALID_REQUEST);
        } catch (MarshalException e3) {
            LOG.log(Level.WARNING, "", e3);
            throw new STSException(e3.getMessage(), e3, STSException.INVALID_REQUEST);
        }
    }

    private static Entropy parseEntropy(EntropyType entropyType, STSPropertiesMBean sTSPropertiesMBean) throws STSException {
        for (Object obj : entropyType.getAny()) {
            if (!(obj instanceof JAXBElement)) {
                if (!(obj instanceof Element) || !"EncryptedKey".equals(((Element) obj).getLocalName())) {
                    LOG.log(Level.WARNING, "An unknown element was received");
                    throw new STSException("An unknown element was received", STSException.BAD_REQUEST);
                }
                EncryptedKeyProcessor encryptedKeyProcessor = new EncryptedKeyProcessor();
                Element element = (Element) obj;
                RequestData requestData = new RequestData();
                requestData.setDecCrypto(sTSPropertiesMBean.getSignatureCrypto());
                requestData.setCallbackHandler(sTSPropertiesMBean.getCallbackHandler());
                requestData.setWssConfig(WSSConfig.getNewInstance());
                try {
                    List<WSSecurityEngineResult> handleToken = encryptedKeyProcessor.handleToken(element, requestData, new WSDocInfo(element.getOwnerDocument()));
                    Entropy entropy = new Entropy();
                    entropy.setDecryptedKey((byte[]) handleToken.get(0).get(WSSecurityEngineResult.TAG_SECRET));
                    return entropy;
                } catch (WSSecurityException e) {
                    LOG.log(Level.WARNING, "", (Throwable) e);
                    throw new STSException(e.getMessage(), e, STSException.INVALID_REQUEST);
                }
            }
            JAXBElement jAXBElement = (JAXBElement) obj;
            if (QNameConstants.BINARY_SECRET.equals(jAXBElement.getName())) {
                BinarySecretType binarySecretType = (BinarySecretType) jAXBElement.getValue();
                LOG.fine("Found BinarySecret Entropy type");
                Entropy entropy2 = new Entropy();
                BinarySecret binarySecret = new BinarySecret();
                binarySecret.setBinarySecretType(binarySecretType.getType());
                binarySecret.setBinarySecretValue(binarySecretType.getValue());
                entropy2.setBinarySecret(binarySecret);
                return entropy2;
            }
            LOG.fine("Unsupported Entropy type: " + jAXBElement.getName());
        }
        return null;
    }

    private void parseSecondaryParameters(Element element, List<ClaimsParser> list) {
        LOG.fine("Found SecondaryParameters element");
        Element firstElement = DOMUtils.getFirstElement(element);
        while (true) {
            Element element2 = firstElement;
            if (element2 == null) {
                return;
            }
            String localName = element2.getLocalName();
            String namespaceURI = element2.getNamespaceURI();
            if (this.keyRequirements.getKeySize() == 0 && "KeySize".equals(localName) && "http://docs.oasis-open.org/ws-sx/ws-trust/200512".equals(namespaceURI)) {
                long parseInt = Integer.parseInt(element2.getTextContent().trim());
                this.keyRequirements.setKeySize(parseInt);
                LOG.fine("Found KeySize: " + parseInt);
            } else if (this.tokenRequirements.getTokenType() == null && "TokenType".equals(localName) && "http://docs.oasis-open.org/ws-sx/ws-trust/200512".equals(namespaceURI)) {
                String trim = element2.getTextContent().trim();
                this.tokenRequirements.setTokenType(trim);
                LOG.fine("Found TokenType: " + trim);
            } else if (this.keyRequirements.getKeyType() == null && KeyType.ELEMENT_LOCAL_NAME.equals(localName) && "http://docs.oasis-open.org/ws-sx/ws-trust/200512".equals(namespaceURI)) {
                String trim2 = element2.getTextContent().trim();
                LOG.fine("Found KeyType: " + trim2);
                this.keyRequirements.setKeyType(trim2);
            } else if ("Claims".equals(localName) && "http://docs.oasis-open.org/ws-sx/ws-trust/200512".equals(namespaceURI)) {
                LOG.fine("Found Secondary Claims element");
                this.tokenRequirements.setSecondaryClaims(parseClaims(element2, list));
            } else {
                LOG.fine("Found unknown element: " + localName + MinimalPrettyPrinter.DEFAULT_ROOT_VALUE_SEPARATOR + namespaceURI);
            }
            firstElement = DOMUtils.getNextElement(element2);
        }
    }

    private ClaimCollection parseClaims(Element element, List<ClaimsParser> list) {
        String str = null;
        ClaimCollection claimCollection = new ClaimCollection();
        try {
            str = element.getAttributeNS(null, Claims.DIALECT_ATTRIB_NAME);
            if (str != null && !"".equals(str)) {
                claimCollection.setDialect(new URI(str));
            }
        } catch (URISyntaxException e) {
            LOG.log(Level.WARNING, "Cannot create URI from the given Dialect attribute value " + str, (Throwable) e);
        }
        Element firstElement = DOMUtils.getFirstElement(element);
        while (true) {
            Element element2 = firstElement;
            if (element2 == null) {
                return claimCollection;
            }
            Claim parseChildClaimType = parseChildClaimType(element2, str, list);
            if (parseChildClaimType != null) {
                claimCollection.add(parseChildClaimType);
            }
            firstElement = DOMUtils.getNextElement(element2);
        }
    }

    private static ClaimCollection parseClaims(ClaimsType claimsType, List<ClaimsParser> list) {
        Claim parseChildClaimType;
        String str = null;
        ClaimCollection claimCollection = new ClaimCollection();
        try {
            str = claimsType.getDialect();
            if (str != null && !"".equals(str)) {
                claimCollection.setDialect(new URI(str));
            }
        } catch (URISyntaxException e) {
            LOG.log(Level.WARNING, "Cannot create URI from the given Dialect attribute value " + str, (Throwable) e);
        }
        for (Object obj : claimsType.getAny()) {
            if ((obj instanceof Element) && (parseChildClaimType = parseChildClaimType((Element) obj, str, list)) != null) {
                claimCollection.add(parseChildClaimType);
            }
        }
        return claimCollection;
    }

    private static Claim parseChildClaimType(Element element, String str, List<ClaimsParser> list) {
        if (list != null) {
            for (ClaimsParser claimsParser : list) {
                if (claimsParser != null && str.equals(claimsParser.getSupportedDialect())) {
                    return claimsParser.parse(element);
                }
            }
        }
        if ("http://schemas.xmlsoap.org/ws/2005/05/identity".equals(str)) {
            return IdentityClaimsParser.parseClaimType(element);
        }
        LOG.log(Level.WARNING, "No ClaimsParser is registered for dialect " + str);
        throw new STSException("No ClaimsParser is registered for dialect " + str, STSException.BAD_REQUEST);
    }

    private static boolean isTokenReferenced(Object obj) {
        if (!(obj instanceof Element)) {
            return obj instanceof SecurityTokenReferenceType;
        }
        Element element = (Element) obj;
        return STSConstants.WSSE_EXT_04_01.equals(element.getNamespaceURI()) && "SecurityTokenReference".equals(element.getLocalName());
    }

    private static Element fetchTokenElementFromReference(Object obj, WebServiceContext webServiceContext) {
        String str = null;
        if (obj instanceof Element) {
            NodeList elementsByTagNameNS = ((Element) obj).getElementsByTagNameNS(STSConstants.WSSE_EXT_04_01, "Reference");
            if (elementsByTagNameNS.getLength() == 0) {
                throw new STSException("Cannot find Reference element in the SecurityTokenReference.", STSException.REQUEST_FAILED);
            }
            str = elementsByTagNameNS.item(0).getNodeValue();
        } else if (obj instanceof SecurityTokenReferenceType) {
            Iterator<Object> it = ((SecurityTokenReferenceType) obj).getAny().iterator();
            while (it.hasNext()) {
                JAXBElement jAXBElement = (JAXBElement) it.next();
                if (jAXBElement.getValue() instanceof ReferenceType) {
                    str = ((ReferenceType) jAXBElement.getValue()).getURI();
                }
            }
        }
        LOG.fine("Reference URI found " + str);
        if (str == null) {
            LOG.log(Level.WARNING, "No Reference URI was received");
            throw new STSException("An unknown element was received", STSException.BAD_REQUEST);
        }
        if (str.charAt(0) == '#') {
            str = str.substring(1);
        }
        List cast = CastUtils.cast((List<?>) webServiceContext.getMessageContext().get(WSHandlerConstants.RECV_RESULTS));
        if (cast != null && cast.size() > 0) {
            for (WSSecurityEngineResult wSSecurityEngineResult : ((WSHandlerResult) cast.get(0)).getResults()) {
                Integer num = (Integer) wSSecurityEngineResult.get("action");
                if (str.equals((String) wSSecurityEngineResult.get("id"))) {
                    Element element = (Element) wSSecurityEngineResult.get(WSSecurityEngineResult.TAG_TOKEN_ELEMENT);
                    if (element == null) {
                        throw new STSException("Cannot retrieve token from reference", STSException.INVALID_REQUEST);
                    }
                    return element;
                }
                if (num.intValue() == 1024) {
                    SecurityContextToken securityContextToken = (SecurityContextToken) wSSecurityEngineResult.get(WSSecurityEngineResult.TAG_SECURITY_CONTEXT_TOKEN);
                    if (str.equals(securityContextToken.getIdentifier())) {
                        return securityContextToken.getElement();
                    }
                }
            }
        }
        throw new STSException("Cannot retreive token from reference", STSException.REQUEST_FAILED);
    }
}
