package org.picketlink.identity.federation.core.wstrust;

import java.util.ArrayList;
import javax.xml.bind.Binder;
import javax.xml.bind.JAXBElement;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Marshaller;
import javax.xml.transform.Source;
import org.apache.log4j.Logger;
import org.picketlink.identity.federation.core.saml.v2.common.SAMLDocumentHolder;
import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
import org.picketlink.identity.federation.core.util.JAXBUtil;
import org.picketlink.identity.federation.core.wstrust.wrappers.BaseRequestSecurityToken;
import org.picketlink.identity.federation.core.wstrust.wrappers.BaseRequestSecurityTokenResponse;
import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityToken;
import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityTokenCollection;
import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityTokenResponse;
import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityTokenResponseCollection;
import org.picketlink.identity.federation.ws.trust.ObjectFactory;
import org.picketlink.identity.federation.ws.trust.RequestSecurityTokenCollectionType;
import org.picketlink.identity.federation.ws.trust.RequestSecurityTokenResponseCollectionType;
import org.picketlink.identity.federation.ws.trust.RequestSecurityTokenType;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:org/picketlink/identity/federation/core/wstrust/WSTrustJAXBFactory.class */
public class WSTrustJAXBFactory {
    private Marshaller marshaller;
    private Binder<Node> binder;
    private final ObjectFactory objectFactory;
    private static Logger log = Logger.getLogger(WSTrustJAXBFactory.class);
    private static final WSTrustJAXBFactory instance = new WSTrustJAXBFactory();
    private boolean trace = log.isTraceEnabled();
    private ThreadLocal<SAMLDocumentHolder> holders = new ThreadLocal<>();

    private WSTrustJAXBFactory() {
        try {
            this.marshaller = JAXBUtil.getMarshaller(getPackages());
            this.binder = JAXBUtil.getJAXBContext(getPackages()).createBinder();
            this.objectFactory = new ObjectFactory();
        } catch (JAXBException e) {
            throw new RuntimeException(e.getMessage(), e);
        }
    }

    public static WSTrustJAXBFactory getInstance() {
        return instance;
    }

    private String getPackages() {
        return "org.picketlink.identity.federation.ws.addressing:org.picketlink.identity.federation.ws.policy:org.picketlink.identity.federation.ws.trust:org.picketlink.identity.federation.ws.wss.secext:org.picketlink.identity.federation.ws.wss.utility:org.picketlink.identity.xmlsec.w3.xmldsig";
    }

    public BaseRequestSecurityToken parseRequestSecurityToken(Source source) throws WSTrustException {
        try {
            Node nodeFromSource = DocumentUtil.getNodeFromSource(source);
            Document ownerDocument = nodeFromSource instanceof Document ? (Document) nodeFromSource : nodeFromSource.getOwnerDocument();
            if (findNodeByNameNS(ownerDocument, "RequestSecurityToken", WSTrustConstants.BASE_NAMESPACE) == null) {
                throw new RuntimeException("The request document must contain at least one RequestSecurityToken node");
            }
            JAXBElement jAXBElement = (JAXBElement) this.binder.unmarshal(ownerDocument);
            if (jAXBElement.getDeclaredType().equals(RequestSecurityTokenType.class)) {
                RequestSecurityToken requestSecurityToken = new RequestSecurityToken((RequestSecurityTokenType) jAXBElement.getValue());
                requestSecurityToken.setRSTDocument(ownerDocument);
                return requestSecurityToken;
            }
            if (jAXBElement.getDeclaredType().equals(RequestSecurityTokenCollectionType.class)) {
                return new RequestSecurityTokenCollection((RequestSecurityTokenCollectionType) jAXBElement.getValue(), ownerDocument);
            }
            throw new WSTrustException("Request message doesn't contain a valid request type");
        } catch (Exception e) {
            throw new WSTrustException("Error parsing security token request", e);
        }
    }

    public BaseRequestSecurityTokenResponse parseRequestSecurityTokenResponse(Source source) throws WSTrustException {
        try {
            try {
                Object unmarshal = this.binder.unmarshal(DocumentUtil.getNodeFromSource(source));
                if (!(unmarshal instanceof JAXBElement)) {
                    throw new RuntimeException("Invalid response type: " + unmarshal.getClass().getName());
                }
                JAXBElement jAXBElement = (JAXBElement) unmarshal;
                if (jAXBElement.getDeclaredType().equals(RequestSecurityTokenResponseCollectionType.class)) {
                    return new RequestSecurityTokenResponseCollection((RequestSecurityTokenResponseCollectionType) jAXBElement.getValue());
                }
                throw new RuntimeException("Invalid response type: " + jAXBElement.getDeclaredType());
            } catch (JAXBException e) {
                throw new RuntimeException("Failed to unmarshall security token response", e);
            }
        } catch (Exception e2) {
            throw new WSTrustException("Failed to transform request source", e2);
        }
    }

    public Source marshallRequestSecurityToken(RequestSecurityToken requestSecurityToken) {
        Element element = null;
        String uri = requestSecurityToken.getRequestType().toString();
        if (uri.equalsIgnoreCase(WSTrustConstants.VALIDATE_REQUEST) && requestSecurityToken.getValidateTarget() != null) {
            element = (Element) requestSecurityToken.getValidateTarget().getAny();
            requestSecurityToken.getValidateTarget().setAny((Object) null);
        } else if (uri.equalsIgnoreCase(WSTrustConstants.RENEW_REQUEST) && requestSecurityToken.getRenewTarget() != null) {
            element = (Element) requestSecurityToken.getRenewTarget().getAny();
            requestSecurityToken.getRenewTarget().setAny((Object) null);
        } else if (uri.equalsIgnoreCase(WSTrustConstants.CANCEL_REQUEST) && requestSecurityToken.getCancelTarget() != null) {
            element = (Element) requestSecurityToken.getCancelTarget().getAny();
            requestSecurityToken.getCancelTarget().setAny((Object) null);
        }
        try {
            Document createDocument = DocumentUtil.createDocument();
            this.binder.marshal(this.objectFactory.createRequestSecurityToken(requestSecurityToken.getDelegate()), createDocument);
            if (element != null) {
                Node node = null;
                if (uri.equalsIgnoreCase(WSTrustConstants.VALIDATE_REQUEST)) {
                    node = findNodeByNameNS(createDocument, "ValidateTarget", WSTrustConstants.BASE_NAMESPACE);
                } else if (uri.equalsIgnoreCase(WSTrustConstants.RENEW_REQUEST)) {
                    node = findNodeByNameNS(createDocument, "RenewTarget", WSTrustConstants.BASE_NAMESPACE);
                } else if (uri.equalsIgnoreCase(WSTrustConstants.CANCEL_REQUEST)) {
                    node = findNodeByNameNS(createDocument, "CancelTarget", WSTrustConstants.BASE_NAMESPACE);
                }
                if (node == null) {
                    throw new RuntimeException("Unsupported request type:" + uri);
                }
                node.appendChild(createDocument.importNode(element, true));
            }
            return DocumentUtil.getXMLSource(createDocument);
        } catch (Exception e) {
            throw new RuntimeException("Failed to marshall security token request", e);
        }
    }

    public Source marshallRequestSecurityTokenCollection(RequestSecurityTokenCollection requestSecurityTokenCollection) {
        if (requestSecurityTokenCollection == null || requestSecurityTokenCollection.getRequestSecurityTokens().size() == 0) {
            throw new IllegalArgumentException("The request collection must contain at least one request");
        }
        String str = null;
        for (RequestSecurityToken requestSecurityToken : requestSecurityTokenCollection.getRequestSecurityTokens()) {
            if (str == null) {
                if (requestSecurityToken.getRequestType() == null || !isValidBatchRequestType(requestSecurityToken.getRequestType().toString())) {
                    throw new IllegalArgumentException("The request type cannot be null and must be a valid WS-Trust batch request type");
                }
                str = requestSecurityToken.getRequestType().toString();
            } else if (requestSecurityToken.getRequestType() == null || !str.equals(requestSecurityToken.getRequestType().toString())) {
                throw new IllegalArgumentException("All requests must be of the same type. Invalid type: " + requestSecurityToken.getRequestType());
            }
        }
        ArrayList arrayList = new ArrayList();
        for (RequestSecurityToken requestSecurityToken2 : requestSecurityTokenCollection.getRequestSecurityTokens()) {
            if (str.equals(WSTrustConstants.BATCH_CANCEL_REQUEST)) {
                arrayList.add((Element) requestSecurityToken2.getCancelTarget().getAny());
                requestSecurityToken2.getCancelTarget().setAny((Object) null);
            } else if (str.equals(WSTrustConstants.BATCH_RENEW_REQUEST)) {
                arrayList.add((Element) requestSecurityToken2.getRenewTarget().getAny());
                requestSecurityToken2.getRenewTarget().setAny((Object) null);
            } else if (str.equals(WSTrustConstants.BATCH_VALIDATE_REQUEST)) {
                arrayList.add((Element) requestSecurityToken2.getValidateTarget().getAny());
                requestSecurityToken2.getValidateTarget().setAny((Object) null);
            }
        }
        try {
            Document createDocument = DocumentUtil.createDocument();
            this.binder.marshal(this.objectFactory.createRequestSecurityTokenCollection(requestSecurityTokenCollection.getDelegate()), createDocument);
            NodeList nodeList = null;
            if (str.equals(WSTrustConstants.BATCH_CANCEL_REQUEST)) {
                nodeList = createDocument.getElementsByTagNameNS(WSTrustConstants.BASE_NAMESPACE, "CancelTarget");
            } else if (str.equals(WSTrustConstants.BATCH_RENEW_REQUEST)) {
                nodeList = createDocument.getElementsByTagNameNS(WSTrustConstants.BASE_NAMESPACE, "RenewTarget");
            } else if (str.equals(WSTrustConstants.BATCH_VALIDATE_REQUEST)) {
                nodeList = createDocument.getElementsByTagNameNS(WSTrustConstants.BASE_NAMESPACE, "ValidateTarget");
            }
            if (nodeList != null) {
                for (int i = 0; i < nodeList.getLength(); i++) {
                    nodeList.item(i).appendChild(createDocument.importNode((Node) arrayList.get(i), true));
                }
            }
            return DocumentUtil.getXMLSource(createDocument);
        } catch (Exception e) {
            throw new RuntimeException("Failed to marshall security token request", e);
        }
    }

    public Source marshallRequestSecurityTokenResponse(RequestSecurityTokenResponseCollection requestSecurityTokenResponseCollection) {
        if (requestSecurityTokenResponseCollection.getRequestSecurityTokenResponses().size() == 0) {
            throw new IllegalArgumentException("The response collection must contain at least one response");
        }
        ArrayList arrayList = new ArrayList();
        for (RequestSecurityTokenResponse requestSecurityTokenResponse : requestSecurityTokenResponseCollection.getRequestSecurityTokenResponses()) {
            if (requestSecurityTokenResponse.getRequestedSecurityToken() != null) {
                arrayList.add((Element) requestSecurityTokenResponse.getRequestedSecurityToken().getAny());
                requestSecurityTokenResponse.getRequestedSecurityToken().setAny((Object) null);
            }
        }
        try {
            Document createDocument = DocumentUtil.createDocument();
            this.marshaller.marshal(this.objectFactory.createRequestSecurityTokenResponseCollection(requestSecurityTokenResponseCollection.getDelegate()), createDocument);
            if (!arrayList.isEmpty()) {
                NodeList elementsByTagNameNS = createDocument.getElementsByTagNameNS(WSTrustConstants.BASE_NAMESPACE, "RequestedSecurityToken");
                for (int i = 0; i < elementsByTagNameNS.getLength(); i++) {
                    elementsByTagNameNS.item(i).appendChild(createDocument.importNode((Node) arrayList.get(i), true));
                }
            }
            if (this.trace) {
                log.trace("Final RSTR doc:" + DocumentUtil.asString(createDocument));
            }
            return DocumentUtil.getXMLSource(createDocument);
        } catch (Exception e) {
            throw new RuntimeException("Failed to marshall security token response", e);
        }
    }

    public SAMLDocumentHolder getSAMLDocumentHolderOnThread() {
        return this.holders.get();
    }

    private Node findNodeByNameNS(Document document, String str, String str2) {
        NodeList elementsByTagNameNS = document.getElementsByTagNameNS(str2, str);
        if (elementsByTagNameNS == null || elementsByTagNameNS.getLength() == 0) {
            return null;
        }
        return elementsByTagNameNS.item(0);
    }

    private boolean isValidBatchRequestType(String str) {
        return str.equals(WSTrustConstants.BATCH_ISSUE_REQUEST) || str.equals(WSTrustConstants.BATCH_RENEW_REQUEST) || str.equals(WSTrustConstants.BATCH_CANCEL_REQUEST) || str.equals(WSTrustConstants.BATCH_VALIDATE_REQUEST);
    }
}
