package org.apache.cxf.ws.security.wss4j;

import com.ibm.websphere.ras.annotation.InjectedTrace;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import java.security.Principal;
import java.util.HashMap;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.common.security.SecurityToken;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.interceptor.security.DefaultSecurityContext;
import org.apache.cxf.message.Message;
import org.apache.cxf.phase.PhaseInterceptorChain;
import org.apache.cxf.security.SecurityContext;
import org.apache.ws.security.WSSecurityEngine;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.message.token.UsernameToken;
import org.apache.ws.security.validate.UsernameTokenValidator;

@InjectedFFDC
@TraceObjectField(fieldName = "LOG", fieldDesc = "Ljava/util/logging/Logger;")
/* loaded from: input_file:wlp/lib/com.ibm.ws.org.apache.cxf.ws.security.2.6.2_1.0.10.jar:org/apache/cxf/ws/security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.class */
public abstract class AbstractUsernameTokenAuthenticatingInterceptor extends WSS4JInInterceptor {
    private static final Logger LOG = LogUtils.getL7dLogger(AbstractUsernameTokenAuthenticatingInterceptor.class);
    private boolean supportDigestPasswords;
    static final long serialVersionUID = 348992507179008143L;

    /* loaded from: input_file:wlp/lib/com.ibm.ws.org.apache.cxf.ws.security.2.6.2_1.0.10.jar:org/apache/cxf/ws/security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor$CustomValidator.class */
    protected class CustomValidator extends UsernameTokenValidator {
        protected CustomValidator() {
        }

        @Override // org.apache.ws.security.validate.UsernameTokenValidator
        protected void verifyCustomPassword(UsernameToken usernameToken, RequestData requestData) throws WSSecurityException {
            AbstractUsernameTokenAuthenticatingInterceptor.this.setSubject(usernameToken.getName(), usernameToken.getPassword(), false, null, null);
        }

        @Override // org.apache.ws.security.validate.UsernameTokenValidator
        protected void verifyPlaintextPassword(UsernameToken usernameToken, RequestData requestData) throws WSSecurityException {
            AbstractUsernameTokenAuthenticatingInterceptor.this.setSubject(usernameToken.getName(), usernameToken.getPassword(), false, null, null);
        }

        @Override // org.apache.ws.security.validate.UsernameTokenValidator
        protected void verifyDigestPassword(UsernameToken usernameToken, RequestData requestData) throws WSSecurityException {
            if (!AbstractUsernameTokenAuthenticatingInterceptor.this.supportDigestPasswords) {
                throw new WSSecurityException(5);
            }
            AbstractUsernameTokenAuthenticatingInterceptor.this.setSubject(usernameToken.getName(), usernameToken.getPassword(), usernameToken.isHashed(), usernameToken.getNonce(), usernameToken.getCreated());
        }

        @Override // org.apache.ws.security.validate.UsernameTokenValidator
        protected void verifyUnknownPassword(UsernameToken usernameToken, RequestData requestData) throws WSSecurityException {
            AbstractUsernameTokenAuthenticatingInterceptor.this.setSubject(usernameToken.getName(), null, false, null, null);
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.JSR47TracingMethodAdapter"})
    public AbstractUsernameTokenAuthenticatingInterceptor() {
        this(new HashMap());
        if (LOG != null && LOG.isLoggable(Level.FINER)) {
            LOG.entering("org.apache.cxf.ws.security.wss4j.AbstractUsernameTokenAuthenticatingInterceptor", "<init>", new Object[0]);
        }
        if (LOG == null || !LOG.isLoggable(Level.FINER)) {
            return;
        }
        LOG.exiting("org.apache.cxf.ws.security.wss4j.AbstractUsernameTokenAuthenticatingInterceptor", "<init>", this);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.JSR47TracingMethodAdapter"})
    public AbstractUsernameTokenAuthenticatingInterceptor(Map<String, Object> map) {
        super(map);
        if (LOG != null && LOG.isLoggable(Level.FINER)) {
            LOG.entering("org.apache.cxf.ws.security.wss4j.AbstractUsernameTokenAuthenticatingInterceptor", "<init>", new Object[]{map});
        }
        getAfter().add(PolicyBasedWSS4JInInterceptor.class.getName());
        if (LOG == null || !LOG.isLoggable(Level.FINER)) {
            return;
        }
        LOG.exiting("org.apache.cxf.ws.security.wss4j.AbstractUsernameTokenAuthenticatingInterceptor", "<init>", this);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.JSR47TracingMethodAdapter"})
    public void setSupportDigestPasswords(boolean z) {
        if (LOG != null && LOG.isLoggable(Level.FINER)) {
            LOG.entering("org.apache.cxf.ws.security.wss4j.AbstractUsernameTokenAuthenticatingInterceptor", "setSupportDigestPasswords", new Object[]{Boolean.valueOf(z)});
        }
        this.supportDigestPasswords = z;
        if (LOG == null || !LOG.isLoggable(Level.FINER)) {
            return;
        }
        LOG.exiting("org.apache.cxf.ws.security.wss4j.AbstractUsernameTokenAuthenticatingInterceptor", "setSupportDigestPasswords");
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.JSR47TracingMethodAdapter"})
    public boolean getSupportDigestPasswords() {
        if (LOG != null && LOG.isLoggable(Level.FINER)) {
            LOG.entering("org.apache.cxf.ws.security.wss4j.AbstractUsernameTokenAuthenticatingInterceptor", "getSupportDigestPasswords", new Object[0]);
        }
        boolean z = this.supportDigestPasswords;
        if (LOG != null && LOG.isLoggable(Level.FINER)) {
            LOG.exiting("org.apache.cxf.ws.security.wss4j.AbstractUsernameTokenAuthenticatingInterceptor", "getSupportDigestPasswords", Boolean.valueOf(z));
        }
        return z;
    }

    @Override // org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor, org.apache.cxf.interceptor.Interceptor
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.JSR47TracingMethodAdapter"})
    public void handleMessage(SoapMessage soapMessage) throws Fault {
        if (LOG != null && LOG.isLoggable(Level.FINER)) {
            LOG.entering("org.apache.cxf.ws.security.wss4j.AbstractUsernameTokenAuthenticatingInterceptor", "handleMessage", new Object[]{soapMessage});
        }
        SecurityToken securityToken = (SecurityToken) soapMessage.get(SecurityToken.class);
        SecurityContext securityContext = (SecurityContext) soapMessage.get(SecurityContext.class);
        if (securityToken == null || securityContext == null || securityContext.getUserPrincipal() == null) {
            super.handleMessage(soapMessage);
            if (LOG == null || !LOG.isLoggable(Level.FINER)) {
                return;
            }
            LOG.exiting("org.apache.cxf.ws.security.wss4j.AbstractUsernameTokenAuthenticatingInterceptor", "handleMessage");
            return;
        }
        org.apache.cxf.common.security.UsernameToken usernameToken = (org.apache.cxf.common.security.UsernameToken) securityToken;
        soapMessage.put((Class<Class>) SecurityContext.class, (Class) doCreateSecurityContext(securityContext.getUserPrincipal(), createSubject(usernameToken.getName(), usernameToken.getPassword(), usernameToken.isHashed(), usernameToken.getNonce(), usernameToken.getCreatedTime())));
        if (LOG == null || !LOG.isLoggable(Level.FINER)) {
            return;
        }
        LOG.exiting("org.apache.cxf.ws.security.wss4j.AbstractUsernameTokenAuthenticatingInterceptor", "handleMessage");
    }

    @Override // org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.JSR47TracingMethodAdapter"})
    protected SecurityContext createSecurityContext(Principal principal) {
        if (LOG != null && LOG.isLoggable(Level.FINER)) {
            LOG.entering("org.apache.cxf.ws.security.wss4j.AbstractUsernameTokenAuthenticatingInterceptor", "createSecurityContext", new Object[]{principal});
        }
        Message currentMessage = PhaseInterceptorChain.getCurrentMessage();
        if (currentMessage == null) {
            throw new IllegalStateException("Current message is not available");
        }
        SecurityContext doCreateSecurityContext = doCreateSecurityContext(principal, (Subject) currentMessage.get(Subject.class));
        if (LOG != null && LOG.isLoggable(Level.FINER)) {
            LOG.exiting("org.apache.cxf.ws.security.wss4j.AbstractUsernameTokenAuthenticatingInterceptor", "createSecurityContext", doCreateSecurityContext);
        }
        return doCreateSecurityContext;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.JSR47TracingMethodAdapter"})
    protected SecurityContext doCreateSecurityContext(Principal principal, Subject subject) {
        if (LOG != null && LOG.isLoggable(Level.FINER)) {
            LOG.entering("org.apache.cxf.ws.security.wss4j.AbstractUsernameTokenAuthenticatingInterceptor", "doCreateSecurityContext", new Object[]{principal, subject});
        }
        DefaultSecurityContext defaultSecurityContext = new DefaultSecurityContext(principal, subject);
        if (LOG != null && LOG.isLoggable(Level.FINER)) {
            LOG.exiting("org.apache.cxf.ws.security.wss4j.AbstractUsernameTokenAuthenticatingInterceptor", "doCreateSecurityContext", defaultSecurityContext);
        }
        return defaultSecurityContext;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.JSR47TracingMethodAdapter"})
    protected void setSubject(String str, String str2, boolean z, String str3, String str4) throws WSSecurityException {
        if (LOG != null && LOG.isLoggable(Level.FINER)) {
            LOG.entering("org.apache.cxf.ws.security.wss4j.AbstractUsernameTokenAuthenticatingInterceptor", "setSubject", new Object[]{str, str2, Boolean.valueOf(z), str3, str4});
        }
        Message currentMessage = PhaseInterceptorChain.getCurrentMessage();
        if (currentMessage == null) {
            throw new IllegalStateException("Current message is not available");
        }
        try {
            Subject createSubject = createSubject(str, str2, z, str3, str4);
            if (createSubject == null || createSubject.getPrincipals().size() == 0 || !createSubject.getPrincipals().iterator().next().getName().equals(str)) {
                LOG.severe("Failed Authentication : Invalid Subject");
                throw new WSSecurityException("Failed Authentication : Invalid Subject");
            }
            currentMessage.put((Class<Class>) Subject.class, (Class) createSubject);
            if (LOG == null || !LOG.isLoggable(Level.FINER)) {
                return;
            }
            LOG.exiting("org.apache.cxf.ws.security.wss4j.AbstractUsernameTokenAuthenticatingInterceptor", "setSubject");
        } catch (Exception e) {
            FFDCFilter.processException(e, "org.apache.cxf.ws.security.wss4j.AbstractUsernameTokenAuthenticatingInterceptor", "139", this, new Object[]{str, str2, Boolean.valueOf(z), str3, str4});
            LOG.severe("Failed Authentication : Subject has not been created");
            throw new WSSecurityException("Failed Authentication : Subject has not been created", e);
        }
    }

    protected abstract Subject createSubject(String str, String str2, boolean z, String str3, String str4) throws SecurityException;

    @Override // org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.JSR47TracingMethodAdapter"})
    protected WSSecurityEngine getSecurityEngine(boolean z) {
        if (LOG != null && LOG.isLoggable(Level.FINER)) {
            LOG.entering("org.apache.cxf.ws.security.wss4j.AbstractUsernameTokenAuthenticatingInterceptor", "getSecurityEngine", new Object[]{Boolean.valueOf(z)});
        }
        HashMap hashMap = new HashMap(1);
        hashMap.put(WSSecurityEngine.USERNAME_TOKEN, new CustomValidator());
        WSSecurityEngine createSecurityEngine = createSecurityEngine(hashMap);
        if (LOG != null && LOG.isLoggable(Level.FINER)) {
            LOG.exiting("org.apache.cxf.ws.security.wss4j.AbstractUsernameTokenAuthenticatingInterceptor", "getSecurityEngine", createSecurityEngine);
        }
        return createSecurityEngine;
    }
}
