package org.jboss.identity.federation.core.wstrust.handlers;

import java.util.Collections;
import java.util.Iterator;
import java.util.Set;
import javax.annotation.PostConstruct;
import javax.annotation.Resource;
import javax.xml.namespace.QName;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPHeaderElement;
import javax.xml.ws.WebServiceException;
import javax.xml.ws.handler.MessageContext;
import javax.xml.ws.handler.soap.SOAPHandler;
import javax.xml.ws.handler.soap.SOAPMessageContext;
import org.jboss.identity.federation.core.exceptions.ParsingException;
import org.jboss.identity.federation.core.wstrust.STSClient;
import org.jboss.identity.federation.core.wstrust.STSClientConfig;
import org.jboss.identity.federation.core.wstrust.STSClientFactory;
import org.jboss.identity.federation.core.wstrust.WSTrustException;
import org.w3c.dom.Element;

/* loaded from: input_file:org/jboss/identity/federation/core/wstrust/handlers/STSSecurityHandler.class */
public abstract class STSSecurityHandler implements SOAPHandler<SOAPMessageContext> {
    private String configFile = STSClientConfig.DEFAULT_CONFIG_FILE;
    private STSClient wsTrustClient;

    public abstract QName getSecurityElementQName();

    public abstract QName getTokenElementQName();

    @PostConstruct
    public void createWSTrustClient() {
        if (this.wsTrustClient == null) {
            try {
                this.wsTrustClient = STSClientFactory.getInstance().create(new STSClientConfig.Builder().build(this.configFile));
            } catch (ParsingException e) {
                throw new IllegalStateException(e.getMessage(), e);
            }
        }
    }

    public boolean handleMessage(SOAPMessageContext sOAPMessageContext) {
        if (isOutBound(sOAPMessageContext)) {
            return true;
        }
        try {
            Element extractSecurityToken = extractSecurityToken(sOAPMessageContext, getSecurityElementQName(), getTokenElementQName());
            if (this.wsTrustClient.validateToken(extractSecurityToken)) {
                return true;
            }
            throw new WebServiceException("Could not validate security token " + extractSecurityToken);
        } catch (SOAPException e) {
            throw new WebServiceException(e.getMessage(), e);
        } catch (WSTrustException e2) {
            throw new WebServiceException(e2.getMessage(), e2);
        }
    }

    public void setWSTrustClient(STSClient sTSClient) {
        this.wsTrustClient = sTSClient;
    }

    public Set<QName> getHeaders() {
        return Collections.singleton(getSecurityElementQName());
    }

    public boolean handleFault(SOAPMessageContext sOAPMessageContext) {
        return true;
    }

    public void close(MessageContext messageContext) {
    }

    @Resource(name = "STSClientConfig")
    public void setConfigFile(String str) {
        if (str != null) {
            this.configFile = str;
        }
    }

    private boolean isOutBound(SOAPMessageContext sOAPMessageContext) {
        return ((Boolean) sOAPMessageContext.get("javax.xml.ws.handler.message.outbound")).booleanValue();
    }

    private Element extractSecurityToken(SOAPMessageContext sOAPMessageContext, QName qName, QName qName2) throws SOAPException {
        if (qName == null) {
            throw new IllegalStateException("securityQName from subclass cannot be null!");
        }
        if (qName2 == null) {
            throw new IllegalStateException("tokenQName from subclass cannot be null!");
        }
        Iterator childElements = sOAPMessageContext.getMessage().getSOAPHeader().getChildElements(qName);
        while (childElements.hasNext()) {
            SOAPHeaderElement sOAPHeaderElement = (SOAPHeaderElement) childElements.next();
            if (sOAPHeaderElement.getElementQName().equals(qName)) {
                Iterator childElements2 = sOAPHeaderElement.getChildElements(qName2);
                if (childElements2.hasNext()) {
                    return (Element) childElements2.next();
                }
            }
        }
        return null;
    }
}
