package com.ibm.ws.wssecurity.cxf.interceptor;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.Trivial;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import javax.security.auth.callback.CallbackHandler;
import javax.xml.namespace.QName;
import org.apache.cxf.binding.soap.SoapHeader;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.common.classloader.ClassLoaderUtils;
import org.apache.cxf.headers.Header;
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.interceptor.security.DefaultSecurityContext;
import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.security.SecurityContext;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.cxf.ws.security.policy.SP12Constants;
import org.apache.cxf.ws.security.policy.model.SamlToken;
import org.apache.cxf.ws.security.wss4j.SamlTokenInterceptor;
import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor;
import org.apache.ws.security.WSDocInfo;
import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityEngine;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.CryptoFactory;
import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.handler.WSHandlerConstants;
import org.apache.ws.security.handler.WSHandlerResult;
import org.apache.ws.security.processor.SAMLTokenProcessor;
import org.apache.ws.security.validate.Validator;
import org.w3c.dom.Element;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:wlp/lib/com.ibm.ws.wssecurity_1.0.17.jar:com/ibm/ws/wssecurity/cxf/interceptor/WSSecuritySamlTokenInterceptor.class */
public class WSSecuritySamlTokenInterceptor extends SamlTokenInterceptor {
    private static final TraceComponent tc = Tr.register(WSSecuritySamlTokenInterceptor.class, "WSSecurity", "com.ibm.ws.wssecurity.resources.WSSecurityMessages");
    public static final String WSSEC = "ws-security";
    public static final String CXF_SIG_PROPS = "ws-security.signature.properties";
    public static final String CXF_ENC_PROPS = "ws-security.encryption.properties";
    static final long serialVersionUID = -5538011446894670891L;

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.apache.cxf.ws.security.wss4j.SamlTokenInterceptor, org.apache.cxf.interceptor.Interceptor
    public void handleMessage(SoapMessage soapMessage) throws Fault {
        boolean isRequestor = MessageUtils.isRequestor(soapMessage);
        boolean isOutbound = MessageUtils.isOutbound(soapMessage);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, " isReq:" + isRequestor + "isOut:" + isOutbound, new Object[0]);
        }
        if (isRequestor != isOutbound) {
            super.handleMessage(soapMessage);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "SamlTokenInterceptor handled(1)", new Object[0]);
                return;
            }
            return;
        }
        if (!isRequestor) {
            if (soapMessage.containsKey(WSS4JInInterceptor.SECURITY_PROCESSED)) {
                return;
            }
            processSamlToken(soapMessage);
        } else {
            super.handleMessage(soapMessage);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "SamlTokenInterceptor handled(1)", new Object[0]);
            }
        }
    }

    @Trivial
    private void processSamlToken(SoapMessage soapMessage) {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "processSamlToken(1)", new Object[0]);
        }
        Header findSecurityHeader = findSecurityHeader(soapMessage, false);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "processSamlToken(2):" + findSecurityHeader, new Object[0]);
        }
        if (findSecurityHeader == null) {
            return;
        }
        Element firstElement = DOMUtils.getFirstElement((Element) findSecurityHeader.getObject());
        while (true) {
            Element element = firstElement;
            if (element == null) {
                return;
            }
            if ("Assertion".equals(element.getLocalName())) {
                try {
                    List<WSSecurityEngineResult> processToken = processToken(element, soapMessage);
                    if (processToken != null) {
                        List cast = CastUtils.cast((List<?>) soapMessage.get(WSHandlerConstants.RECV_RESULTS));
                        if (cast == null) {
                            cast = new ArrayList();
                            soapMessage.put(WSHandlerConstants.RECV_RESULTS, (Object) cast);
                        }
                        cast.add(0, new WSHandlerResult(null, processToken));
                        assertSamlTokens(soapMessage);
                        Principal principal = (Principal) processToken.get(0).get(WSSecurityEngineResult.TAG_PRINCIPAL);
                        soapMessage.put(WSS4JInInterceptor.PRINCIPAL_RESULT, (Object) principal);
                        SecurityContext securityContext = (SecurityContext) soapMessage.get(SecurityContext.class);
                        if (securityContext == null || securityContext.getUserPrincipal() == null) {
                            soapMessage.put((Class<Class>) SecurityContext.class, (Class) new DefaultSecurityContext(principal, null));
                        }
                    }
                } catch (WSSecurityException e) {
                    FFDCFilter.processException(e, "com.ibm.ws.wssecurity.cxf.interceptor.WSSecuritySamlTokenInterceptor", "171", this, new Object[]{soapMessage});
                    throw new Fault(e);
                }
            }
            firstElement = DOMUtils.getNextElement(element);
        }
    }

    @Trivial
    private List<WSSecurityEngineResult> processToken(Element element, final SoapMessage soapMessage) throws WSSecurityException {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "processToken(1):" + element, new Object[0]);
        }
        WSDocInfo wSDocInfo = new WSDocInfo(element.getOwnerDocument());
        RequestData requestData = new RequestData() { // from class: com.ibm.ws.wssecurity.cxf.interceptor.WSSecuritySamlTokenInterceptor.1
            static final long serialVersionUID = 6505831369165965164L;
            private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(AnonymousClass1.class);

            @Override // org.apache.ws.security.handler.RequestData
            public CallbackHandler getCallbackHandler() {
                return WSSecuritySamlTokenInterceptor.this.getCallback(soapMessage);
            }

            @Override // org.apache.ws.security.handler.RequestData
            public Validator getValidator(QName qName) throws WSSecurityException {
                String str = null;
                if (WSSecurityEngine.SAML_TOKEN.equals(qName)) {
                    str = SecurityConstants.SAML1_TOKEN_VALIDATOR;
                } else if (WSSecurityEngine.SAML2_TOKEN.equals(qName)) {
                    str = SecurityConstants.SAML2_TOKEN_VALIDATOR;
                }
                if (WSSecuritySamlTokenInterceptor.tc.isDebugEnabled()) {
                    Tr.debug(WSSecuritySamlTokenInterceptor.tc, "found key?:" + (str != null), new Object[0]);
                }
                if (str != null) {
                    Object contextualProperty = soapMessage.getContextualProperty(str);
                    try {
                        if (contextualProperty instanceof Validator) {
                            return (Validator) contextualProperty;
                        }
                        if (contextualProperty instanceof Class) {
                            return (Validator) ((Class) contextualProperty).newInstance();
                        }
                        if (contextualProperty instanceof String) {
                            return (Validator) ClassLoaderUtils.loadClass(contextualProperty.toString(), WSSecuritySamlTokenInterceptor.class).newInstance();
                        }
                    } catch (RuntimeException e) {
                        FFDCFilter.processException(e, "com.ibm.ws.wssecurity.cxf.interceptor.WSSecuritySamlTokenInterceptor$1", "216", this, new Object[]{qName});
                        throw e;
                    } catch (Throwable th) {
                        FFDCFilter.processException(th, "com.ibm.ws.wssecurity.cxf.interceptor.WSSecuritySamlTokenInterceptor$1", "218", this, new Object[]{qName});
                        throw new WSSecurityException(th.getMessage(), th);
                    }
                }
                return super.getValidator(qName);
            }
        };
        requestData.setWssConfig(WSSConfig.getNewInstance());
        SAMLTokenProcessor sAMLTokenProcessor = new SAMLTokenProcessor();
        Object contextualProperty = soapMessage.getContextualProperty("ws-security.signature.properties");
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "found sig object:" + (contextualProperty != null), new Object[0]);
        }
        if (contextualProperty != null) {
            Map map = (Map) contextualProperty;
            Properties properties = new Properties();
            properties.putAll(map);
            requestData.setEncCrypto(CryptoFactory.getInstance(properties));
        }
        Object contextualProperty2 = soapMessage.getContextualProperty("ws-security.encryption.properties");
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "found enc object:" + (contextualProperty2 != null), new Object[0]);
        }
        if (contextualProperty2 != null) {
            Map map2 = (Map) contextualProperty2;
            Properties properties2 = new Properties();
            properties2.putAll(map2);
            requestData.setSigCrypto(CryptoFactory.getInstance(properties2));
        }
        return sAMLTokenProcessor.handleToken(element, requestData, wSDocInfo);
    }

    @Trivial
    private SamlToken assertSamlTokens(SoapMessage soapMessage) {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "assertSamlToken(1)", new Object[0]);
        }
        AssertionInfoMap assertionInfoMap = (AssertionInfoMap) soapMessage.get(AssertionInfoMap.class);
        SamlToken samlToken = null;
        for (AssertionInfo assertionInfo : assertionInfoMap.getAssertionInfo(SP12Constants.SAML_TOKEN)) {
            samlToken = (SamlToken) assertionInfo.getAssertion();
            assertionInfo.setAsserted(true);
        }
        Iterator<AssertionInfo> it = assertionInfoMap.getAssertionInfo(SP12Constants.SUPPORTING_TOKENS).iterator();
        while (it.hasNext()) {
            it.next().setAsserted(true);
        }
        Iterator<AssertionInfo> it2 = assertionInfoMap.getAssertionInfo(SP12Constants.SIGNED_SUPPORTING_TOKENS).iterator();
        while (it2.hasNext()) {
            it2.next().setAsserted(true);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "assertSamlToken(2)" + (samlToken != null), new Object[0]);
        }
        return samlToken;
    }

    @Trivial
    private Header findSecurityHeader(SoapMessage soapMessage, boolean z) {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "findSecurityHeader(1) create" + z, new Object[0]);
        }
        for (Header header : soapMessage.getHeaders()) {
            QName name = header.getName();
            if (name.getLocalPart().equals("Security") && (name.getNamespaceURI().equals("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd") || name.getNamespaceURI().equals("http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"))) {
                return header;
            }
        }
        if (!z) {
            return null;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "findSecurityHeader(2)", new Object[0]);
        }
        Element createElementNS = DOMUtils.createDocument().createElementNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "wsse:Security");
        createElementNS.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
        SoapHeader soapHeader = new SoapHeader(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Security"), createElementNS);
        soapHeader.setMustUnderstand(true);
        soapMessage.getHeaders().add(soapHeader);
        return soapHeader;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public CallbackHandler getCallback(SoapMessage soapMessage) {
        Object contextualProperty = soapMessage.getContextualProperty("ws-security.callback-handler");
        CallbackHandler callbackHandler = null;
        if (contextualProperty instanceof CallbackHandler) {
            callbackHandler = (CallbackHandler) contextualProperty;
        } else if (contextualProperty instanceof String) {
            try {
                callbackHandler = (CallbackHandler) ClassLoaderUtils.loadClass((String) contextualProperty, getClass()).newInstance();
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.wssecurity.cxf.interceptor.WSSecuritySamlTokenInterceptor", "331", this, new Object[]{soapMessage});
                callbackHandler = null;
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "getCallBack():" + callbackHandler, new Object[0]);
        }
        return callbackHandler;
    }
}
