package org.picketlink.identity.federation.core.wstrust;

import java.net.URI;
import java.security.Principal;
import java.util.Map;
import javax.xml.namespace.QName;
import javax.xml.soap.SOAPPart;
import javax.xml.transform.Source;
import javax.xml.transform.dom.DOMResult;
import javax.xml.transform.dom.DOMSource;
import javax.xml.ws.Dispatch;
import javax.xml.ws.Service;
import org.picketlink.common.PicketLinkLogger;
import org.picketlink.common.PicketLinkLoggerFactory;
import org.picketlink.common.constants.WSTrustConstants;
import org.picketlink.common.exceptions.fed.WSTrustException;
import org.picketlink.common.util.DocumentUtil;
import org.picketlink.common.util.StringUtil;
import org.picketlink.identity.federation.core.parsers.wst.WSTrustParser;
import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityToken;
import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityTokenResponseCollection;
import org.picketlink.identity.federation.core.wstrust.writers.WSTrustRequestWriter;
import org.picketlink.identity.federation.ws.trust.CancelTargetType;
import org.picketlink.identity.federation.ws.trust.RenewTargetType;
import org.picketlink.identity.federation.ws.trust.StatusType;
import org.picketlink.identity.federation.ws.trust.ValidateTargetType;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:WEB-INF/lib/picketlink-federation-2.5.3.SP1.jar:org/picketlink/identity/federation/core/wstrust/STSClient.class */
public class STSClient {
    private static final PicketLinkLogger logger = PicketLinkLoggerFactory.getLogger();
    private final ThreadLocal<Dispatch<Source>> dispatchLocal;
    private final String targetNS = "http://org.picketlink.trust/sts/";
    private String wsaIssuerAddress;
    private String wspAppliesTo;
    private String soapBinding;
    private boolean isBatch;

    public STSClient() {
        this.dispatchLocal = new InheritableThreadLocal();
        this.targetNS = "http://org.picketlink.trust/sts/";
        this.soapBinding = "http://schemas.xmlsoap.org/wsdl/soap/http";
        this.isBatch = false;
    }

    public STSClient(STSClientConfig sTSClientConfig) {
        this.dispatchLocal = new InheritableThreadLocal();
        this.targetNS = "http://org.picketlink.trust/sts/";
        this.soapBinding = "http://schemas.xmlsoap.org/wsdl/soap/http";
        this.isBatch = false;
        QName qName = new QName("http://org.picketlink.trust/sts/", sTSClientConfig.getServiceName());
        QName qName2 = new QName("http://org.picketlink.trust/sts/", sTSClientConfig.getPortName());
        this.isBatch = sTSClientConfig.isBatch();
        this.wsaIssuerAddress = sTSClientConfig.getWsaIssuer();
        this.wspAppliesTo = sTSClientConfig.getWspAppliesTo();
        this.soapBinding = sTSClientConfig.getSoapBinding();
        Service create = Service.create(qName);
        create.addPort(qName2, this.soapBinding, sTSClientConfig.getEndPointAddress());
        Dispatch<Source> createDispatch = create.createDispatch(qName2, Source.class, Service.Mode.PAYLOAD);
        Map requestContext = createDispatch.getRequestContext();
        if (sTSClientConfig.getUsername() != null) {
            requestContext.put("javax.xml.ws.security.auth.username", sTSClientConfig.getUsername());
            requestContext.put("javax.xml.ws.security.auth.password", sTSClientConfig.getPassword());
        }
        setDispatch(createDispatch);
    }

    public void setDispatch(Dispatch<Source> dispatch) {
        if (dispatch == null) {
            throw logger.nullArgumentError("dispatch");
        }
        this.dispatchLocal.set(dispatch);
    }

    public Element issueToken(String str) throws WSTrustException {
        RequestSecurityToken requestSecurityToken = new RequestSecurityToken();
        setTokenType(str, requestSecurityToken);
        if (this.wsaIssuerAddress != null) {
            requestSecurityToken.setIssuer(WSTrustUtil.createIssuer(this.wsaIssuerAddress));
        }
        if (this.wspAppliesTo != null) {
            requestSecurityToken.setAppliesTo(WSTrustUtil.createAppliesTo(this.wspAppliesTo));
        }
        return issueToken(requestSecurityToken);
    }

    public Element issueTokenForEndpoint(String str) throws WSTrustException {
        RequestSecurityToken requestSecurityToken = new RequestSecurityToken();
        if (this.wsaIssuerAddress != null) {
            requestSecurityToken.setIssuer(WSTrustUtil.createIssuer(this.wsaIssuerAddress));
        }
        setAppliesTo(str, requestSecurityToken);
        return issueToken(requestSecurityToken);
    }

    public Element issueToken(String str, String str2) throws WSTrustException {
        if (str == null && str2 == null) {
            throw logger.nullArgumentError("endpointURI or tokenType");
        }
        RequestSecurityToken requestSecurityToken = new RequestSecurityToken();
        if (this.wsaIssuerAddress != null) {
            requestSecurityToken.setIssuer(WSTrustUtil.createIssuer(this.wsaIssuerAddress));
        }
        setAppliesTo(str, requestSecurityToken);
        setTokenType(str2, requestSecurityToken);
        return issueToken(requestSecurityToken);
    }

    public Element issueTokenOnBehalfOf(String str, String str2, Principal principal) throws WSTrustException {
        if (str == null && str2 == null) {
            throw logger.nullArgumentError("endpointURI or tokenType");
        }
        RequestSecurityToken requestSecurityToken = new RequestSecurityToken();
        if (this.wsaIssuerAddress != null) {
            requestSecurityToken.setIssuer(WSTrustUtil.createIssuer(this.wsaIssuerAddress));
        }
        setAppliesTo(str, requestSecurityToken);
        setTokenType(str2, requestSecurityToken);
        setOnBehalfOf(principal, requestSecurityToken);
        return issueToken(requestSecurityToken);
    }

    private RequestSecurityToken setAppliesTo(String str, RequestSecurityToken requestSecurityToken) {
        if (StringUtil.isNotNull(this.wspAppliesTo)) {
            requestSecurityToken.setAppliesTo(WSTrustUtil.createAppliesTo(this.wspAppliesTo));
        } else if (str != null) {
            requestSecurityToken.setAppliesTo(WSTrustUtil.createAppliesTo(str));
        }
        return requestSecurityToken;
    }

    private RequestSecurityToken setTokenType(String str, RequestSecurityToken requestSecurityToken) {
        if (str != null) {
            requestSecurityToken.setTokenType(URI.create(str));
        }
        return requestSecurityToken;
    }

    private RequestSecurityToken setOnBehalfOf(Principal principal, RequestSecurityToken requestSecurityToken) {
        if (principal != null) {
            requestSecurityToken.setOnBehalfOf(WSTrustUtil.createOnBehalfOfWithUsername(principal.getName(), "ID"));
        }
        return requestSecurityToken;
    }

    public Element issueToken(RequestSecurityToken requestSecurityToken) throws WSTrustException {
        NodeList elementsByTagNameNS;
        if (requestSecurityToken.getRequestType() == null) {
            if (this.isBatch) {
                requestSecurityToken.setRequestType(URI.create(WSTrustConstants.BATCH_ISSUE_REQUEST));
            } else {
                requestSecurityToken.setRequestType(URI.create(WSTrustConstants.ISSUE_REQUEST));
            }
        }
        if (requestSecurityToken.getContext() == null) {
            requestSecurityToken.setContext("default-context");
        }
        validateDispatch();
        try {
            SOAPPart nodeFromSource = DocumentUtil.getNodeFromSource((Source) this.dispatchLocal.get().invoke(createSourceFromRequest(requestSecurityToken)));
            Document ownerDocument = nodeFromSource instanceof Document ? (Document) nodeFromSource : nodeFromSource.getOwnerDocument();
            if (ownerDocument instanceof SOAPPart) {
                Node firstChild = ((SOAPPart) ownerDocument).getEnvelope().getBody().getFirstChild();
                elementsByTagNameNS = ((Element) firstChild).getElementsByTagNameNS(WSTrustConstants.BASE_NAMESPACE, WSTrustConstants.REQUESTED_TOKEN);
                if (elementsByTagNameNS == null || elementsByTagNameNS.getLength() == 0) {
                    elementsByTagNameNS = ((Element) firstChild).getElementsByTagName(WSTrustConstants.REQUESTED_TOKEN);
                }
            } else {
                elementsByTagNameNS = ownerDocument.getElementsByTagNameNS(WSTrustConstants.BASE_NAMESPACE, WSTrustConstants.REQUESTED_TOKEN);
                if (elementsByTagNameNS == null || elementsByTagNameNS.getLength() == 0) {
                    elementsByTagNameNS = ownerDocument.getElementsByTagName(WSTrustConstants.REQUESTED_TOKEN);
                }
            }
            if (elementsByTagNameNS == null) {
                throw new WSTrustException(logger.nullValueError("NodeList"));
            }
            Node item = elementsByTagNameNS.item(0);
            if (item == null) {
                throw new WSTrustException(logger.nullValueError("RSTR in the payload"));
            }
            return (Element) item.getFirstChild();
        } catch (Exception e) {
            throw new WSTrustException(logger.processingError(e));
        }
    }

    public Element renewToken(String str, Element element) throws WSTrustException {
        NodeList elementsByTagNameNS;
        validateDispatch();
        RequestSecurityToken requestSecurityToken = new RequestSecurityToken();
        requestSecurityToken.setContext("context");
        requestSecurityToken.setTokenType(URI.create("http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/Status"));
        requestSecurityToken.setRequestType(URI.create(WSTrustConstants.RENEW_REQUEST));
        RenewTargetType renewTargetType = new RenewTargetType();
        renewTargetType.add(element);
        requestSecurityToken.setRenewTarget(renewTargetType);
        try {
            SOAPPart nodeFromSource = DocumentUtil.getNodeFromSource((Source) this.dispatchLocal.get().invoke(createSourceFromRequest(requestSecurityToken)));
            Document ownerDocument = nodeFromSource instanceof Document ? (Document) nodeFromSource : nodeFromSource.getOwnerDocument();
            if (ownerDocument instanceof SOAPPart) {
                Node firstChild = ((SOAPPart) ownerDocument).getEnvelope().getBody().getFirstChild();
                elementsByTagNameNS = ((Element) firstChild).getElementsByTagNameNS(WSTrustConstants.BASE_NAMESPACE, WSTrustConstants.REQUESTED_TOKEN);
                if (elementsByTagNameNS == null || elementsByTagNameNS.getLength() == 0) {
                    elementsByTagNameNS = ((Element) firstChild).getElementsByTagName(WSTrustConstants.REQUESTED_TOKEN);
                }
            } else {
                elementsByTagNameNS = ownerDocument.getElementsByTagNameNS(WSTrustConstants.BASE_NAMESPACE, WSTrustConstants.REQUESTED_TOKEN);
                if (elementsByTagNameNS == null || elementsByTagNameNS.getLength() == 0) {
                    elementsByTagNameNS = ownerDocument.getElementsByTagName(WSTrustConstants.REQUESTED_TOKEN);
                }
            }
            if (elementsByTagNameNS == null) {
                throw new WSTrustException(logger.nullValueError("NodeList"));
            }
            return (Element) elementsByTagNameNS.item(0).getFirstChild();
        } catch (Exception e) {
            throw new WSTrustException(logger.processingError(e));
        }
    }

    public boolean validateToken(Element element) throws WSTrustException {
        validateDispatch();
        RequestSecurityToken requestSecurityToken = new RequestSecurityToken();
        requestSecurityToken.setContext("context");
        requestSecurityToken.setTokenType(URI.create("http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/Status"));
        requestSecurityToken.setRequestType(URI.create(WSTrustConstants.VALIDATE_REQUEST));
        ValidateTargetType validateTargetType = new ValidateTargetType();
        validateTargetType.add(element);
        requestSecurityToken.setValidateTarget(validateTargetType);
        try {
            StatusType status = ((RequestSecurityTokenResponseCollection) new WSTrustParser().parse(DocumentUtil.getNodeAsStream(DocumentUtil.getNodeFromSource((Source) this.dispatchLocal.get().invoke(createSourceFromRequest(requestSecurityToken)))))).getRequestSecurityTokenResponses().get(0).getStatus();
            if (status != null) {
                return WSTrustConstants.STATUS_CODE_VALID.equals(status.getCode());
            }
            return false;
        } catch (Exception e) {
            throw new WSTrustException(logger.parserError(e));
        }
    }

    public boolean cancelToken(Element element) throws WSTrustException {
        validateDispatch();
        RequestSecurityToken requestSecurityToken = new RequestSecurityToken();
        requestSecurityToken.setRequestType(URI.create(WSTrustConstants.CANCEL_REQUEST));
        CancelTargetType cancelTargetType = new CancelTargetType();
        cancelTargetType.add(element);
        requestSecurityToken.setCancelTarget(cancelTargetType);
        requestSecurityToken.setContext("context");
        try {
            return ((RequestSecurityTokenResponseCollection) new WSTrustParser().parse(DocumentUtil.getNodeAsStream(DocumentUtil.getNodeFromSource((Source) this.dispatchLocal.get().invoke(createSourceFromRequest(requestSecurityToken)))))).getRequestSecurityTokenResponses().get(0).getRequestedTokenCancelled() != null;
        } catch (Exception e) {
            throw new WSTrustException(logger.parserError(e));
        }
    }

    public Dispatch<Source> getDispatch() {
        return this.dispatchLocal.get();
    }

    private DOMSource createSourceFromRequest(RequestSecurityToken requestSecurityToken) throws WSTrustException {
        try {
            DOMResult dOMResult = new DOMResult(DocumentUtil.createDocument());
            new WSTrustRequestWriter(dOMResult).write(requestSecurityToken);
            return new DOMSource(dOMResult.getNode());
        } catch (Exception e) {
            throw new WSTrustException(logger.processingError(e));
        }
    }

    private void validateDispatch() {
        if (getDispatch() == null) {
            throw logger.injectedValueMissing("Dispatch");
        }
    }

    public String getSoapBinding() {
        return this.soapBinding;
    }

    public void setSoapBinding(String str) {
        this.soapBinding = str;
    }
}
