package eu.unicore.security.wsutil.client;

import eu.unicore.samly2.assertion.Assertion;
import eu.unicore.security.wsutil.SecuritySessionUtils;
import eu.unicore.security.wsutil.WSSecHeader;
import eu.unicore.util.Log;
import eu.unicore.util.httpclient.IClientConfiguration;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.binding.soap.interceptor.AbstractSoapInterceptor;
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.message.MessageUtils;
import org.apache.log4j.Logger;
import org.w3c.dom.Element;

/* loaded from: input_file:eu/unicore/security/wsutil/client/SAMLAttributePushOutHandler.class */
public class SAMLAttributePushOutHandler extends AbstractSoapInterceptor implements Configurable {
    private static final Logger log = Log.getLogger(Log.SECURITY, SAMLAttributePushOutHandler.class);
    public static final String PUSHED_RAW_ASSERTIONS = SAMLAttributePushOutHandler.class.getName() + ".RAW-SAML-TO-PUSH";
    public static final String PUSHED_ASSERTIONS = "SAMLPushedassertions";
    protected List<Element> toBeInserted;
    protected List<Assertion> origList;

    public SAMLAttributePushOutHandler() {
        super("pre-protocol");
        this.toBeInserted = new ArrayList();
        getBefore().add(DSigOutHandler.class.getName());
        getAfter().add(TDOutHandler.class.getName());
        getAfter().add(ExtendedTDOutHandler.class.getName());
    }

    public SAMLAttributePushOutHandler(List<Assertion> list) throws IOException {
        this();
        convertToJDOM(list);
        this.origList = list;
    }

    @Override // eu.unicore.security.wsutil.client.Configurable
    public void configure(IClientConfiguration iClientConfiguration) {
        Map<String, Object> extraSecurityTokens = iClientConfiguration.getExtraSecurityTokens();
        if (extraSecurityTokens == null) {
            log.debug("Extra security tokens are not set; SAML attributes won't be sent.");
            return;
        }
        Object obj = extraSecurityTokens.get(PUSHED_ASSERTIONS);
        Object obj2 = extraSecurityTokens.get(PUSHED_RAW_ASSERTIONS);
        if (obj != null) {
            List<Assertion> list = (List) obj;
            try {
                convertToJDOM(list);
                this.origList = list;
            } catch (Exception e) {
                log.error("Error when parsing SAML assertions.", e);
            }
        }
        if (obj2 != null) {
            this.toBeInserted.addAll((List) obj2);
        }
        if (this.toBeInserted.size() == 0) {
            log.debug("Thre are no SAML assertions in extra security tokens; SAML attributes won't be sent.");
        } else {
            log.debug("Found SAML assertions to be sent, applying them");
        }
    }

    public void handleMessage(SoapMessage soapMessage) {
        if (!MessageUtils.isOutbound(soapMessage)) {
            log.warn("Handler " + SAMLAttributePushOutHandler.class.getName() + " used in non-client mode, what does not make sense. Check your configuration.");
            return;
        }
        if (this.toBeInserted == null || this.toBeInserted.size() == 0) {
            return;
        }
        if (SecuritySessionUtils.haveSessionID(soapMessage)) {
            log.debug("Skipping SAML out handler as security session is being used");
            return;
        }
        log.debug("Adding SAML assertions to the request's header.");
        Element orInsertWSSecElement = new WSSecHeader(true).getOrInsertWSSecElement(soapMessage.getHeaders());
        for (Element element : this.toBeInserted) {
            if (log.isTraceEnabled()) {
                try {
                    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                    DOMUtils.writeXml(element, byteArrayOutputStream);
                    log.trace(byteArrayOutputStream.toString());
                } catch (Exception e) {
                    log.warn("Can't output assertion", e);
                }
            }
            orInsertWSSecElement.appendChild(orInsertWSSecElement.getOwnerDocument().importNode(element, true));
        }
    }

    protected void convertToJDOM(List<Assertion> list) throws IOException {
        Iterator<Assertion> it = list.iterator();
        while (it.hasNext()) {
            try {
                this.toBeInserted.add(DOMUtils.readXml(it.next().getXMLBeanDoc().newInputStream()).getDocumentElement());
            } catch (Exception e) {
                throw new IOException(e);
            }
        }
    }

    public List<Assertion> getOrigList() {
        return this.origList;
    }
}
