package com.sun.xml.wss.impl.filter;

import com.sun.xml.wss.XWSSecurityException;
import com.sun.xml.wss.core.SecurityHeader;
import com.sun.xml.wss.impl.FilterProcessingContext;
import com.sun.xml.wss.impl.MessageConstants;
import com.sun.xml.wss.impl.SecurableSoapMessage;
import com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl;
import com.sun.xml.wss.impl.policy.mls.AuthenticationTokenPolicy;
import com.sun.xml.wss.saml.Assertion;
import com.sun.xml.wss.saml.AssertionUtil;
import java.util.Iterator;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;

/* loaded from: input_file:spg-ui-war-2.1.44.war:WEB-INF/lib/xws-security-3.0.jar:com/sun/xml/wss/impl/filter/ImportSamlAssertionFilter.class */
public class ImportSamlAssertionFilter {
    protected static final Logger log = Logger.getLogger("javax.enterprise.resource.xml.webservices.security", "com.sun.xml.wss.logging.LogStrings");

    public static void process(FilterProcessingContext filterProcessingContext) throws XWSSecurityException {
        Assertion fromElement;
        SecurityHeader findSecurityHeader = filterProcessingContext.getSecurableSoapMessage().findSecurityHeader();
        Element element = null;
        if (filterProcessingContext.getMode() == 0 || filterProcessingContext.getMode() == 2 || filterProcessingContext.getMode() == 3) {
            NodeList nodeList = null;
            Iterator childElements = findSecurityHeader.getChildElements();
            while (true) {
                if (!childElements.hasNext()) {
                    break;
                }
                Element element2 = (Element) childElements.next();
                if (element2.getAttributeNode(MessageConstants.SAML_ID_LNAME) == null) {
                    if (element2.getAttributeNode(MessageConstants.SAML_ASSERTIONID_LNAME) != null) {
                        nodeList = findSecurityHeader.getElementsByTagNameNS("urn:oasis:names:tc:SAML:1.0:assertion", MessageConstants.SAML_ASSERTION_LNAME);
                        break;
                    }
                } else {
                    nodeList = findSecurityHeader.getElementsByTagNameNS("urn:oasis:names:tc:SAML:2.0:assertion", MessageConstants.SAML_ASSERTION_LNAME);
                    break;
                }
            }
            if (nodeList == null) {
                throw new XWSSecurityException("SAMLAssertion is null");
            }
            int length = nodeList.getLength();
            int i = 0;
            for (int i2 = 0; i2 < length; i2++) {
                if (nodeList.item(i2).getParentNode().getLocalName().equals("Advice")) {
                    i++;
                }
            }
            if (length == 0) {
                throw new XWSSecurityException("No SAML Assertion found, Reciever requirement not met");
            }
            element = nodeList.item(0);
            try {
                fromElement = AssertionUtil.fromElement(element);
                if (filterProcessingContext.getMode() == 0) {
                    AuthenticationTokenPolicy.SAMLAssertionBinding sAMLAssertionBinding = (AuthenticationTokenPolicy.SAMLAssertionBinding) ((AuthenticationTokenPolicy) filterProcessingContext.getSecurityPolicy()).getFeatureBinding();
                    if (!"".equals(sAMLAssertionBinding.getAuthorityIdentifier()) && !sAMLAssertionBinding.getAuthorityIdentifier().equals(fromElement.getSamlIssuer())) {
                        throw SecurableSoapMessage.newSOAPFaultException(MessageConstants.WSSE_INVALID_SECURITY_TOKEN, "Received SAML Assertion has invalid Issuer", new XWSSecurityException("Invalid Assertion Issuer, expected " + sAMLAssertionBinding.getAuthorityIdentifier() + ", found " + fromElement.getSamlIssuer()));
                    }
                }
            } catch (Exception e) {
                log.log(Level.SEVERE, "WSS0418.saml.import.exception");
                throw SecurableSoapMessage.newSOAPFaultException(MessageConstants.WSSE_INVALID_SECURITY, "Exception while importing SAML Token", e);
            }
        } else {
            if (filterProcessingContext.getMode() == 1) {
                throw new XWSSecurityException("Internal Error: Called ImportSAMLAssertionFilter in POSTHOC Mode");
            }
            if (filterProcessingContext.getMode() == 3) {
                filterProcessingContext.getInferredSecurityPolicy().append(new AuthenticationTokenPolicy.SAMLAssertionBinding());
            }
            try {
                fromElement = AssertionUtil.fromElement(findSecurityHeader.getCurrentHeaderElement());
            } catch (Exception e2) {
                throw SecurableSoapMessage.newSOAPFaultException(MessageConstants.WSSE_INVALID_SECURITY_TOKEN, "Exception while importing SAML Assertion", e2);
            }
        }
        filterProcessingContext.getTokenCache().put(fromElement.getAssertionID(), fromElement);
        filterProcessingContext.getSecurityEnvironment().validateSAMLAssertion(filterProcessingContext.getExtraneousProperties(), element);
        filterProcessingContext.getSecurityEnvironment().updateOtherPartySubject(DefaultSecurityEnvironmentImpl.getSubject(filterProcessingContext), fromElement);
    }
}
