package org.picketlink.trust.jbossws.handler;

import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import javax.security.auth.Subject;
import javax.xml.namespace.QName;
import javax.xml.soap.SOAPMessage;
import javax.xml.ws.handler.MessageContext;
import javax.xml.ws.handler.soap.SOAPMessageContext;
import org.jboss.logging.Logger;
import org.jboss.wsf.common.handler.GenericSOAPHandler;
import org.picketlink.identity.federation.bindings.jboss.subject.PicketLinkPrincipal;
import org.picketlink.identity.federation.core.wstrust.SamlCredential;
import org.picketlink.trust.jbossws.Constants;
import org.picketlink.trust.jbossws.SAML2Constants;
import org.picketlink.trust.jbossws.Util;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:org/picketlink/trust/jbossws/handler/SAML2Handler.class */
public class SAML2Handler extends GenericSOAPHandler {
    protected Logger log = Logger.getLogger(getClass());
    private static Set<QName> headers;

    public Set<QName> getHeaders() {
        return headers;
    }

    protected boolean handleInbound(MessageContext messageContext) {
        Element findElement = Util.findElement(Util.findOrCreateSoapHeader(((SOAPMessageContext) messageContext).getMessage().getSOAPPart().getDocumentElement()), new QName(SAML2Constants.SAML2_ASSERTION_URI, "Assertion"));
        if (findElement == null) {
            return true;
        }
        SamlCredential samlCredential = new SamlCredential(findElement);
        if (this.log.isTraceEnabled()) {
            this.log.trace("Assertion included in SOAP payload:");
            this.log.trace(samlCredential.getAssertionAsString());
        }
        String username = getUsername(Util.findElement(Util.findElement(findElement, new QName(SAML2Constants.SAML2_ASSERTION_URI, "Subject")), new QName(SAML2Constants.SAML2_ASSERTION_URI, "NameID")));
        SecurityActions.setSecurityContext(SecurityActions.createSecurityContext(new PicketLinkPrincipal(username), samlCredential, new Subject()));
        return true;
    }

    protected boolean handleOutbound(MessageContext messageContext) {
        SOAPMessageContext sOAPMessageContext = (SOAPMessageContext) messageContext;
        SOAPMessage message = sOAPMessageContext.getMessage();
        Element element = (Element) sOAPMessageContext.get(SAML2Constants.SAML2_ASSERTION_PROPERTY);
        Document sOAPPart = message.getSOAPPart();
        Element findOrCreateSoapHeader = Util.findOrCreateSoapHeader(sOAPPart.getDocumentElement());
        try {
            Element securityHeaderElement = getSecurityHeaderElement(sOAPPart);
            securityHeaderElement.setAttributeNS(findOrCreateSoapHeader.getNamespaceURI(), findOrCreateSoapHeader.getPrefix() + ":mustUnderstand", "1");
            if (element != null) {
                if (sOAPPart != element.getOwnerDocument()) {
                    securityHeaderElement.appendChild(sOAPPart.importNode(element, true));
                } else {
                    securityHeaderElement.appendChild(element);
                }
            }
            findOrCreateSoapHeader.insertBefore(securityHeaderElement, findOrCreateSoapHeader.getFirstChild());
            return true;
        } catch (Exception e) {
            this.log.error(e);
            return false;
        }
    }

    private Element getSecurityHeaderElement(Document document) {
        Element createElementNS = document.createElementNS(Constants.WSSE_NS, Constants.WSSE_HEADER);
        Util.addNamespace(createElementNS, Constants.WSSE_PREFIX, Constants.WSSE_NS);
        Util.addNamespace(createElementNS, Constants.WSU_PREFIX, Constants.WSU_NS);
        Util.addNamespace(createElementNS, Constants.XML_ENCRYPTION_PREFIX, Constants.XML_SIGNATURE_NS);
        return createElementNS;
    }

    private String getUsername(Element element) {
        String nodeValue = element.getNodeValue();
        if (nodeValue == null) {
            NodeList childNodes = element.getChildNodes();
            int length = childNodes.getLength();
            for (int i = 0; i < length; i++) {
                Node item = childNodes.item(i);
                if (item.getNodeType() == 3) {
                    nodeValue = item.getNodeValue();
                }
            }
        }
        return nodeValue;
    }

    static {
        HashSet hashSet = new HashSet();
        hashSet.add(Constants.WSSE_HEADER_QNAME);
        headers = Collections.unmodifiableSet(hashSet);
    }
}
