package com.sun.xml.wss.impl.filter;

import com.sun.xml.wss.XWSSecurityException;
import com.sun.xml.wss.core.SecurityHeader;
import com.sun.xml.wss.impl.FilterProcessingContext;
import com.sun.xml.wss.impl.MessageConstants;
import com.sun.xml.wss.impl.SecurableSoapMessage;
import com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl;
import com.sun.xml.wss.impl.policy.mls.AuthenticationTokenPolicy;
import com.sun.xml.wss.saml.Assertion;
import com.sun.xml.wss.saml.AssertionUtil;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;

/* loaded from: input_file:com/sun/xml/wss/impl/filter/ImportSamlAssertionFilter.class */
public class ImportSamlAssertionFilter {
    protected static Logger log = Logger.getLogger("javax.enterprise.resource.xml.webservices.security", "com.sun.xml.wss.logging.LogStrings");

    public static void process(FilterProcessingContext filterProcessingContext) throws XWSSecurityException {
        Assertion fromElement;
        SecurityHeader findSecurityHeader = filterProcessingContext.getSecurableSoapMessage().findSecurityHeader();
        Element element = null;
        if (filterProcessingContext.getMode() == 0) {
            NodeList elementsByTagNameNS = findSecurityHeader.getElementsByTagNameNS(MessageConstants.SAML_v1_0_NS, MessageConstants.SAML_ASSERTION_LNAME);
            int length = elementsByTagNameNS.getLength();
            if (length == 0) {
                throw new XWSSecurityException("No SAML Assertion found, Reciever requirement not met");
            }
            if (length > 1) {
                throw new XWSSecurityException("More than one SAML Assertion found, Reciever requirement not met");
            }
            element = elementsByTagNameNS.item(0);
            try {
                fromElement = AssertionUtil.fromElement(element);
                AuthenticationTokenPolicy.SAMLAssertionBinding sAMLAssertionBinding = (AuthenticationTokenPolicy.SAMLAssertionBinding) ((AuthenticationTokenPolicy) filterProcessingContext.getSecurityPolicy()).getFeatureBinding();
                if (!MessageConstants.EMPTY_STRING.equals(sAMLAssertionBinding.getAuthorityIdentifier()) && !sAMLAssertionBinding.getAuthorityIdentifier().equals(fromElement.getSamlIssuer())) {
                    throw SecurableSoapMessage.newSOAPFaultException(MessageConstants.WSSE_INVALID_SECURITY_TOKEN, "Received SAML Assertion has invalid Issuer", new XWSSecurityException(new StringBuffer().append("Invalid Assertion Issuer, expected ").append(sAMLAssertionBinding.getAuthorityIdentifier()).append(", found ").append(fromElement.getSamlIssuer()).toString()));
                }
            } catch (Exception e) {
                log.log(Level.SEVERE, "WSS0418.saml.import.exception");
                throw SecurableSoapMessage.newSOAPFaultException(MessageConstants.WSSE_INVALID_SECURITY, "Exception while importing SAML Token", e);
            }
        } else {
            if (filterProcessingContext.getMode() == 1) {
                throw new XWSSecurityException("Internal Error: Called ImportSAMLAssertionFilter in POSTHOC Mode");
            }
            try {
                fromElement = AssertionUtil.fromElement(findSecurityHeader.getCurrentHeaderElement());
            } catch (Exception e2) {
                throw SecurableSoapMessage.newSOAPFaultException(MessageConstants.WSSE_INVALID_SECURITY_TOKEN, "Exception while importing SAML Assertion", e2);
            }
        }
        filterProcessingContext.getTokenCache().put(fromElement.getAssertionID(), fromElement);
        String confirmationMethod = AssertionUtil.getConfirmationMethod(element);
        if (!MessageConstants.SAML_SENDER_VOUCHES.equals(confirmationMethod)) {
            throw SecurableSoapMessage.newSOAPFaultException(MessageConstants.WSSE_INVALID_SECURITY, "Invalid ConfirmationMethod", new XWSSecurityException(new StringBuffer().append("Invalid ConfirmationMethod ").append(confirmationMethod).toString()));
        }
        filterProcessingContext.getSecurityEnvironment().validateSAMLAssertion(filterProcessingContext.getExtraneousProperties(), element);
        filterProcessingContext.getSecurityEnvironment().updateOtherPartySubject(DefaultSecurityEnvironmentImpl.getSubject(filterProcessingContext), fromElement);
    }
}
