package org.apache.cxf.ws.security.trust;

import com.sun.xml.ws.encoding.MtomCodec;
import java.util.Collection;
import java.util.LinkedList;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.cxf.Bus;
import org.apache.cxf.attachment.AttachmentUtil;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.Attachment;
import org.apache.cxf.phase.PhaseInterceptorChain;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.cxf.ws.security.trust.AbstractSTSClient;
import org.apache.cxf.ws.security.wss4j.AttachmentCallbackHandler;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.w3c.dom.Element;

/* loaded from: input_file:org/apache/cxf/ws/security/trust/STSClient.class */
public class STSClient extends AbstractSTSClient {
    private static final Logger LOG = LogUtils.getL7dLogger(STSClient.class);

    public STSClient(Bus bus) {
        super(bus);
    }

    public SecurityToken requestSecurityToken() throws Exception {
        return requestSecurityToken(null);
    }

    public SecurityToken requestSecurityToken(String str) throws Exception {
        return requestSecurityToken(str, null);
    }

    public SecurityToken requestSecurityToken(String str, String str2) throws Exception {
        return requestSecurityToken(str, null, "/Issue", str2);
    }

    public SecurityToken requestSecurityToken(String str, String str2, String str3, String str4) throws Exception {
        AbstractSTSClient.STSResponse issue = issue(str, str2, str3, str4);
        SecurityToken createSecurityToken = createSecurityToken(getDocumentElement(issue.getResponse()), issue.getEntropy());
        inlineAttachments(createSecurityToken, issue.getAttachments());
        if (issue.getCert() != null) {
            createSecurityToken.setX509Certificate(issue.getCert(), issue.getCrypto());
        }
        if (createSecurityToken.getTokenType() == null) {
            String tokenTypeFromTemplate = getTokenTypeFromTemplate();
            if (tokenTypeFromTemplate != null) {
                createSecurityToken.setTokenType(tokenTypeFromTemplate);
            } else if (this.tokenType != null) {
                createSecurityToken.setTokenType(this.tokenType);
            }
        }
        return createSecurityToken;
    }

    public SecurityToken renewSecurityToken(SecurityToken securityToken) throws Exception {
        AbstractSTSClient.STSResponse renew = renew(securityToken);
        SecurityToken createSecurityToken = createSecurityToken(getDocumentElement(renew.getResponse()), null);
        inlineAttachments(createSecurityToken, renew.getAttachments());
        if (createSecurityToken.getTokenType() == null) {
            String tokenTypeFromTemplate = getTokenTypeFromTemplate();
            if (tokenTypeFromTemplate != null) {
                createSecurityToken.setTokenType(tokenTypeFromTemplate);
            } else if (this.tokenType != null) {
                createSecurityToken.setTokenType(this.tokenType);
            }
        }
        return createSecurityToken;
    }

    public List<SecurityToken> validateSecurityToken(SecurityToken securityToken) throws Exception {
        String str = this.tokenType;
        if (str == null) {
            str = this.namespace + "/RSTR/Status";
        }
        return validateSecurityToken(securityToken, str);
    }

    private void inlineAttachments(SecurityToken securityToken, Collection<Attachment> collection) throws WSSecurityException {
        Element token;
        if (!AttachmentUtil.isMtomEnabled(PhaseInterceptorChain.getCurrentMessage()) || collection == null || (token = securityToken.getToken()) == null) {
            return;
        }
        WSSecurityUtil.inlineAttachments(XMLUtils.findElements(token.getFirstChild(), MtomCodec.XOP_LOCALNAME, "http://www.w3.org/2004/08/xop/include"), new AttachmentCallbackHandler(collection), true);
    }

    protected List<SecurityToken> validateSecurityToken(SecurityToken securityToken, String str) throws Exception {
        AbstractSTSClient.STSResponse validate = validate(securityToken, str);
        Element documentElement = getDocumentElement(validate.getResponse());
        if ("RequestSecurityTokenResponseCollection".equals(documentElement.getLocalName())) {
            documentElement = DOMUtils.getFirstElement(documentElement);
        }
        if (!"RequestSecurityTokenResponse".equals(documentElement.getLocalName())) {
            throw new Fault("Unexpected element " + documentElement.getLocalName(), LOG);
        }
        String str2 = null;
        boolean z = false;
        LinkedList linkedList = new LinkedList();
        for (Element firstElement = DOMUtils.getFirstElement(documentElement); firstElement != null; firstElement = DOMUtils.getNextElement(firstElement)) {
            if ("Status".equals(firstElement.getLocalName())) {
                z = DOMUtils.getContent(DOMUtils.getFirstChildWithName(firstElement, firstElement.getNamespaceURI(), "Code")).endsWith("/status/valid");
                Element firstChildWithName = DOMUtils.getFirstChildWithName(firstElement, firstElement.getNamespaceURI(), "Reason");
                if (firstChildWithName != null) {
                    str2 = DOMUtils.getContent(firstChildWithName);
                }
            } else if ("RequestedSecurityToken".equals(firstElement.getLocalName())) {
                SecurityToken createSecurityToken = createSecurityToken(getDocumentElement(validate.getResponse()), validate.getEntropy());
                if (validate.getCert() != null) {
                    createSecurityToken.setX509Certificate(validate.getCert(), validate.getCrypto());
                }
                if (createSecurityToken.getTokenType() == null) {
                    String tokenTypeFromTemplate = getTokenTypeFromTemplate();
                    if (tokenTypeFromTemplate != null) {
                        createSecurityToken.setTokenType(tokenTypeFromTemplate);
                    } else if (this.tokenType != null) {
                        createSecurityToken.setTokenType(this.tokenType);
                    }
                }
                linkedList.add(createSecurityToken);
            }
        }
        if (!z) {
            throw new TrustException(LOG, "VALIDATION_FAILED", str2);
        }
        if (linkedList.isEmpty()) {
            linkedList.add(securityToken);
        }
        return linkedList;
    }

    public boolean cancelSecurityToken(SecurityToken securityToken) throws Exception {
        try {
            cancel(securityToken);
            return true;
        } catch (Exception e) {
            LOG.log(Level.WARNING, "Problem cancelling token", (Throwable) e);
            return false;
        }
    }

    private String getTokenTypeFromTemplate() {
        if (this.template == null || DOMUtils.getFirstElement(this.template) == null) {
            return null;
        }
        Element firstElement = DOMUtils.getFirstElement(this.template);
        while (true) {
            Element element = firstElement;
            if (element == null) {
                return null;
            }
            if ("TokenType".equals(element.getLocalName())) {
                return DOMUtils.getContent(element);
            }
            firstElement = DOMUtils.getNextElement(element);
        }
    }
}
