package org.picketlink.trust.jbossws.handler;

import java.security.Principal;
import java.util.ArrayList;
import java.util.List;
import javax.security.auth.Subject;
import javax.xml.namespace.QName;
import javax.xml.soap.SOAPMessage;
import javax.xml.soap.SOAPPart;
import javax.xml.ws.handler.MessageContext;
import javax.xml.ws.handler.soap.SOAPMessageContext;
import org.picketlink.common.constants.JBossSAMLURIConstants;
import org.picketlink.common.exceptions.ConfigurationException;
import org.picketlink.common.util.StringUtil;
import org.picketlink.identity.federation.bindings.jboss.subject.PicketLinkPrincipal;
import org.picketlink.identity.federation.core.saml.v2.util.AssertionUtil;
import org.picketlink.identity.federation.core.wstrust.SamlCredential;
import org.picketlink.identity.federation.core.wstrust.plugins.saml.SAMLUtil;
import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
import org.picketlink.trust.jbossws.SAML2Constants;
import org.picketlink.trust.jbossws.Util;
import org.w3c.dom.Element;

/* loaded from: input_file:org/picketlink/trust/jbossws/handler/AbstractSAML2Handler.class */
public abstract class AbstractSAML2Handler extends AbstractPicketLinkTrustHandler {
    public static final String ROLE_KEY_SYS_PROP = "picketlink.rolekey";

    @Override // org.picketlink.trust.jbossws.handler.AbstractPicketLinkTrustHandler
    protected boolean handleInbound(MessageContext messageContext) {
        logger.trace("Handling Inbound Message");
        String str = JBossSAMLURIConstants.ASSERTION_NSURI.get();
        SOAPMessage message = ((SOAPMessageContext) messageContext).getMessage();
        if (message == null) {
            throw logger.nullValueError("SOAP Message");
        }
        Element findElement = Util.findElement(Util.findOrCreateSoapHeader(message.getSOAPPart().getDocumentElement()), new QName(str, "Assertion"));
        if (findElement == null) {
            logger.trace("We did not find any assertion");
            return true;
        }
        AssertionType assertionType = null;
        try {
            assertionType = SAMLUtil.fromElement(findElement);
            if (AssertionUtil.hasExpired(assertionType)) {
            }
        } catch (Exception e) {
            logger.samlAssertionPasingFailed(e);
        }
        SamlCredential samlCredential = new SamlCredential(findElement);
        if (logger.isTraceEnabled()) {
            logger.trace("Assertion included in SOAP payload: " + samlCredential.getAssertionAsString());
        }
        String username = getUsername(Util.findElement(Util.findElement(findElement, new QName(str, "Subject")), new QName(str, "NameID")));
        Subject subject = new Subject();
        createSecurityContext(samlCredential, subject, new PicketLinkPrincipal(username), messageContext);
        if (assertionType == null) {
            return true;
        }
        ArrayList arrayList = new ArrayList();
        String systemProperty = SecurityActions.getSystemProperty(ROLE_KEY_SYS_PROP, "Role");
        if (StringUtil.isNotNull(systemProperty)) {
            arrayList.addAll(StringUtil.tokenize(systemProperty));
        }
        logger.trace("Rolekeys to extract roles from the assertion: " + arrayList);
        List roles = AssertionUtil.getRoles(assertionType, arrayList);
        if (roles.size() <= 0) {
            logger.trace("Did not find roles in the assertion");
            return true;
        }
        logger.trace("Roles in the assertion: " + roles);
        subject.getPrincipals().add(SecurityActions.group(roles));
        return true;
    }

    protected void createSecurityContext(SamlCredential samlCredential, Subject subject, Principal principal, MessageContext messageContext) {
        try {
            SecurityActions.setSecurityContext(SecurityActions.createSecurityContext(principal, samlCredential, subject, getSecurityDomainName(messageContext)));
        } catch (ConfigurationException e) {
            throw new RuntimeException((Throwable) e);
        }
    }

    @Override // org.picketlink.trust.jbossws.handler.AbstractPicketLinkTrustHandler
    protected boolean handleOutbound(MessageContext messageContext) {
        logger.trace("Handling Outbound Message");
        SOAPMessageContext sOAPMessageContext = (SOAPMessageContext) messageContext;
        SOAPMessage message = sOAPMessageContext.getMessage();
        Element element = (Element) sOAPMessageContext.get(SAML2Constants.SAML2_ASSERTION_PROPERTY);
        if (element == null) {
            element = getAssertionFromSubject();
        }
        if (element == null) {
            logger.trace("We did not find any assertion");
            return true;
        }
        SOAPPart sOAPPart = message.getSOAPPart();
        Element findOrCreateSoapHeader = Util.findOrCreateSoapHeader(sOAPPart.getDocumentElement());
        try {
            Element element2 = (Element) SAAJHelper.getDomElement(getSecurityHeaderElement(sOAPPart));
            element2.setAttributeNS(findOrCreateSoapHeader.getNamespaceURI(), findOrCreateSoapHeader.getPrefix() + ":mustUnderstand", "1");
            if (element != null) {
                if (sOAPPart.getDocumentElement().getOwnerDocument() != element.getOwnerDocument()) {
                    element2.appendChild(sOAPPart.getDocumentElement().getOwnerDocument().importNode(element, true));
                } else {
                    element2.appendChild(element);
                }
            }
            findOrCreateSoapHeader.insertBefore(element2, findOrCreateSoapHeader.getFirstChild());
            return true;
        } catch (Exception e) {
            logger.error(e);
            return false;
        }
    }
}
