package org.apache.cxf.rt.security.xacml;

import java.security.Principal;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import javax.xml.namespace.QName;
import org.apache.cxf.interceptor.security.SAMLSecurityContext;
import org.apache.cxf.message.Message;
import org.apache.cxf.security.SecurityContext;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.saml.ext.AssertionWrapper;
import org.joda.time.DateTime;
import org.opensaml.xacml.ctx.ActionType;
import org.opensaml.xacml.ctx.AttributeType;
import org.opensaml.xacml.ctx.AttributeValueType;
import org.opensaml.xacml.ctx.RequestType;
import org.opensaml.xacml.ctx.ResourceType;
import org.opensaml.xacml.ctx.SubjectType;
import org.w3c.dom.Element;

/* loaded from: input_file:org/apache/cxf/rt/security/xacml/DefaultXACMLRequestBuilder.class */
public class DefaultXACMLRequestBuilder implements XACMLRequestBuilder {
    private String action = "execute";
    private boolean sendDateTime = true;
    private boolean sendFullRequestURL;

    public void setAction(String str) {
        this.action = str;
    }

    public String getAction() {
        return this.action;
    }

    @Override // org.apache.cxf.rt.security.xacml.XACMLRequestBuilder
    public RequestType createRequest(Principal principal, List<String> list, Message message) throws Exception {
        String issuer = getIssuer(message);
        String action = getAction(message);
        ArrayList arrayList = new ArrayList();
        arrayList.add(RequestComponentBuilder.createAttributeType(XACMLConstants.SUBJECT_ID, XACMLConstants.XS_STRING, issuer, Collections.singletonList(RequestComponentBuilder.createAttributeValueType(principal.getName()))));
        if (list != null) {
            ArrayList arrayList2 = new ArrayList();
            for (String str : list) {
                if (str != null) {
                    arrayList2.add(RequestComponentBuilder.createAttributeValueType(str));
                }
            }
            if (!arrayList2.isEmpty()) {
                arrayList.add(RequestComponentBuilder.createAttributeType(XACMLConstants.SUBJECT_ROLE, XACMLConstants.XS_ANY_URI, issuer, arrayList2));
            }
        }
        SubjectType createSubjectType = RequestComponentBuilder.createSubjectType(arrayList, null);
        ResourceType createResourceType = createResourceType(message);
        AttributeType createAttributeType = RequestComponentBuilder.createAttributeType(XACMLConstants.ACTION_ID, XACMLConstants.XS_STRING, null, Collections.singletonList(RequestComponentBuilder.createAttributeValueType(action)));
        arrayList.clear();
        arrayList.add(createAttributeType);
        ActionType createActionType = RequestComponentBuilder.createActionType(arrayList);
        arrayList.clear();
        if (this.sendDateTime) {
            arrayList.add(RequestComponentBuilder.createAttributeType(XACMLConstants.CURRENT_DATETIME, XACMLConstants.XS_DATETIME, null, Collections.singletonList(RequestComponentBuilder.createAttributeValueType(new DateTime().toString()))));
        }
        return RequestComponentBuilder.createRequestType(Collections.singletonList(createSubjectType), Collections.singletonList(createResourceType), createActionType, RequestComponentBuilder.createEnvironmentType(arrayList));
    }

    private ResourceType createResourceType(Message message) {
        String resourceURI;
        ArrayList arrayList = new ArrayList();
        boolean isSOAPService = isSOAPService(message);
        if (isSOAPService) {
            QName wSDLService = getWSDLService(message);
            QName wSDLOperation = getWSDLOperation(message);
            if (wSDLService != null) {
                String str = wSDLService.toString() + "#";
                resourceURI = (wSDLService.getNamespaceURI() == null || !wSDLService.getNamespaceURI().equals(wSDLOperation.getNamespaceURI())) ? str + wSDLOperation.toString() : str + wSDLOperation.getLocalPart();
            } else {
                resourceURI = wSDLOperation.toString();
            }
        } else {
            resourceURI = getResourceURI(message, this.sendFullRequestURL);
        }
        arrayList.add(createAttribute(XACMLConstants.RESOURCE_ID, XACMLConstants.XS_STRING, (String) null, resourceURI));
        if (isSOAPService) {
            QName wSDLService2 = getWSDLService(message);
            if (wSDLService2 != null) {
                arrayList.add(createAttribute(XACMLConstants.RESOURCE_WSDL_SERVICE_ID, XACMLConstants.XS_STRING, (String) null, wSDLService2.toString()));
            }
            arrayList.add(createAttribute(XACMLConstants.RESOURCE_WSDL_OPERATION_ID, XACMLConstants.XS_STRING, (String) null, getWSDLOperation(message).toString()));
            arrayList.add(createAttribute(XACMLConstants.RESOURCE_WSDL_ENDPOINT, XACMLConstants.XS_STRING, (String) null, getResourceURI(message, this.sendFullRequestURL)));
        }
        return RequestComponentBuilder.createResourceType(arrayList, null);
    }

    private String getIssuer(Message message) throws WSSecurityException {
        Element assertionElement;
        SAMLSecurityContext sAMLSecurityContext = (SecurityContext) message.get(SecurityContext.class);
        if (!(sAMLSecurityContext instanceof SAMLSecurityContext) || (assertionElement = sAMLSecurityContext.getAssertionElement()) == null) {
            return null;
        }
        return new AssertionWrapper(assertionElement).getIssuerString();
    }

    public boolean isSendDateTime() {
        return this.sendDateTime;
    }

    public void setSendDateTime(boolean z) {
        this.sendDateTime = z;
    }

    public boolean isSendFullRequestURL() {
        return this.sendFullRequestURL;
    }

    public void setSendFullRequestURL(boolean z) {
        this.sendFullRequestURL = z;
    }

    @Override // org.apache.cxf.rt.security.xacml.XACMLRequestBuilder
    public List<String> getResources(Message message) {
        return Collections.emptyList();
    }

    @Override // org.apache.cxf.rt.security.xacml.XACMLRequestBuilder
    public String getResource(Message message) {
        return null;
    }

    private boolean isSOAPService(Message message) {
        return getWSDLOperation(message) != null;
    }

    private QName getWSDLOperation(Message message) {
        if (message == null || message.get("javax.xml.ws.wsdl.operation") == null) {
            return null;
        }
        return (QName) message.get("javax.xml.ws.wsdl.operation");
    }

    private QName getWSDLService(Message message) {
        if (message == null || message.get("javax.xml.ws.wsdl.service") == null) {
            return null;
        }
        return (QName) message.get("javax.xml.ws.wsdl.service");
    }

    private String getResourceURI(Message message, boolean z) {
        String str = z ? "org.apache.cxf.request.url" : "org.apache.cxf.request.uri";
        if (message == null || message.get(str) == null) {
            return null;
        }
        return (String) message.get(str);
    }

    private String getAction(Message message) {
        String str = this.action;
        if (message.get("javax.xml.ws.wsdl.operation") == null && message.get("org.apache.cxf.request.method") != null) {
            str = (String) message.get("org.apache.cxf.request.method");
        }
        return str;
    }

    private AttributeType createAttribute(String str, String str2, String str3, List<AttributeValueType> list) {
        return RequestComponentBuilder.createAttributeType(str, str2, str3, list);
    }

    private AttributeType createAttribute(String str, String str2, String str3, String str4) {
        return createAttribute(str, str2, str3, Collections.singletonList(RequestComponentBuilder.createAttributeValueType(str4)));
    }
}
