package com.sun.xml.wss.jaxws.impl;

import com.sun.xml.ws.api.addressing.WSEndpointReference;
import com.sun.xml.ws.api.message.Message;
import com.sun.xml.ws.api.message.Messages;
import com.sun.xml.ws.api.message.Packet;
import com.sun.xml.ws.api.model.wsdl.WSDLBoundOperation;
import com.sun.xml.ws.api.model.wsdl.WSDLFault;
import com.sun.xml.ws.api.model.wsdl.WSDLOperation;
import com.sun.xml.ws.api.pipe.NextAction;
import com.sun.xml.ws.api.pipe.Tube;
import com.sun.xml.ws.api.pipe.TubeCloner;
import com.sun.xml.ws.api.pipe.helper.AbstractTubeImpl;
import com.sun.xml.ws.api.security.CallbackHandlerFeature;
import com.sun.xml.ws.api.security.secconv.client.SCTokenConfiguration;
import com.sun.xml.ws.api.security.trust.WSTrustException;
import com.sun.xml.ws.api.security.trust.client.IssuedTokenManager;
import com.sun.xml.ws.api.security.trust.client.STSIssuedTokenConfiguration;
import com.sun.xml.ws.assembler.dev.ClientTubelineAssemblyContext;
import com.sun.xml.ws.developer.WSBindingProvider;
import com.sun.xml.ws.policy.Policy;
import com.sun.xml.ws.policy.PolicyAssertion;
import com.sun.xml.ws.policy.PolicyException;
import com.sun.xml.ws.security.IssuedTokenContext;
import com.sun.xml.ws.security.SecurityContextToken;
import com.sun.xml.ws.security.impl.kerberos.KerberosContext;
import com.sun.xml.ws.security.impl.policy.CertificateRetriever;
import com.sun.xml.ws.security.impl.policyconv.SecurityPolicyHolder;
import com.sun.xml.ws.security.policy.IssuedToken;
import com.sun.xml.ws.security.policy.SecureConversationToken;
import com.sun.xml.ws.security.policy.Token;
import com.sun.xml.ws.security.secconv.SecureConversationInitiator;
import com.sun.xml.ws.security.secconv.WSSecureConversationException;
import com.sun.xml.ws.security.secconv.impl.client.DefaultSCTokenConfiguration;
import com.sun.xml.ws.security.trust.GenericToken;
import com.sun.xml.ws.security.trust.STSIssuedTokenFeature;
import com.sun.xml.ws.security.trust.WSTrustConstants;
import com.sun.xml.ws.security.trust.WSTrustElementFactory;
import com.sun.xml.ws.security.trust.elements.str.SecurityTokenReference;
import com.sun.xml.ws.security.trust.impl.client.DefaultSTSIssuedTokenConfiguration;
import com.sun.xml.wss.ProcessingContext;
import com.sun.xml.wss.XWSSConstants;
import com.sun.xml.wss.XWSSecurityException;
import com.sun.xml.wss.impl.MessageConstants;
import com.sun.xml.wss.impl.PolicyTypeUtil;
import com.sun.xml.wss.impl.ProcessingContextImpl;
import com.sun.xml.wss.impl.WssSoapFaultException;
import com.sun.xml.wss.impl.misc.Base64;
import com.sun.xml.wss.impl.misc.DefaultCallbackHandler;
import com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl;
import com.sun.xml.wss.impl.policy.SecurityPolicy;
import com.sun.xml.wss.impl.policy.mls.EncryptionPolicy;
import com.sun.xml.wss.impl.policy.mls.EncryptionTarget;
import com.sun.xml.wss.impl.policy.mls.MessagePolicy;
import com.sun.xml.wss.jaxws.impl.logging.LogStringsMessages;
import com.sun.xml.wss.provider.wsit.PipeConstants;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.ListIterator;
import java.util.Properties;
import java.util.Set;
import java.util.logging.Level;
import javax.security.auth.callback.CallbackHandler;
import javax.xml.bind.JAXBElement;
import javax.xml.namespace.QName;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPMessage;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.XMLStreamReader;
import javax.xml.ws.WebServiceException;
import javax.xml.ws.soap.SOAPFaultException;

/* loaded from: input_file:com/sun/xml/wss/jaxws/impl/SecurityClientTube.class */
public class SecurityClientTube extends SecurityTubeBase implements SecureConversationInitiator {
    private IssuedTokenManager itm;
    private Hashtable<String, String> scPolicyIDtoSctIdMap;
    private Set trustConfig;
    private Set wsscConfig;
    private Set<PolicyAssertion> configAssertions;
    Properties props;
    private ClientTubelineAssemblyContext wsitContext;

    public SecurityClientTube(ClientTubelineAssemblyContext clientTubelineAssemblyContext, Tube tube) {
        super(new ClientTubeConfiguration(clientTubelineAssemblyContext.getPolicyMap(), clientTubelineAssemblyContext.getWsdlPort(), clientTubelineAssemblyContext.getBinding()), tube);
        this.itm = IssuedTokenManager.getInstance();
        this.scPolicyIDtoSctIdMap = new Hashtable<>();
        this.trustConfig = null;
        this.wsscConfig = null;
        this.configAssertions = null;
        this.props = new Properties();
        try {
            for (SecurityPolicyHolder securityPolicyHolder : this.outMessagePolicyMap.values()) {
                if (this.configAssertions != null) {
                    this.configAssertions.addAll(securityPolicyHolder.getConfigAssertions("http://schemas.sun.com/2006/03/wss/client"));
                } else {
                    this.configAssertions = securityPolicyHolder.getConfigAssertions("http://schemas.sun.com/2006/03/wss/client");
                }
                if (this.trustConfig != null) {
                    this.trustConfig.addAll(securityPolicyHolder.getConfigAssertions(com.sun.xml.ws.security.impl.policy.Constants.SUN_TRUST_CLIENT_SECURITY_POLICY_NS));
                } else {
                    this.trustConfig = securityPolicyHolder.getConfigAssertions(com.sun.xml.ws.security.impl.policy.Constants.SUN_TRUST_CLIENT_SECURITY_POLICY_NS);
                }
                if (this.wsscConfig != null) {
                    this.wsscConfig.addAll(securityPolicyHolder.getConfigAssertions(com.sun.xml.ws.security.impl.policy.Constants.SUN_SECURE_CLIENT_CONVERSATION_POLICY_NS));
                } else {
                    this.wsscConfig = securityPolicyHolder.getConfigAssertions(com.sun.xml.ws.security.impl.policy.Constants.SUN_SECURE_CLIENT_CONVERSATION_POLICY_NS);
                }
            }
            this.wsitContext = clientTubelineAssemblyContext;
            this.secEnv = new DefaultSecurityEnvironmentImpl(configureClientHandler(this.configAssertions, this.props), this.props);
        } catch (Exception e) {
            log.log(Level.SEVERE, LogStringsMessages.WSSTUBE_0023_ERROR_CREATING_NEW_INSTANCE_SEC_CLIENT_TUBE(), (Throwable) e);
            throw new RuntimeException(LogStringsMessages.WSSTUBE_0023_ERROR_CREATING_NEW_INSTANCE_SEC_CLIENT_TUBE(), e);
        }
    }

    protected SecurityClientTube(SecurityClientTube securityClientTube, TubeCloner tubeCloner) {
        super(securityClientTube, tubeCloner);
        this.itm = IssuedTokenManager.getInstance();
        this.scPolicyIDtoSctIdMap = new Hashtable<>();
        this.trustConfig = null;
        this.wsscConfig = null;
        this.configAssertions = null;
        this.props = new Properties();
        this.trustConfig = securityClientTube.trustConfig;
        this.wsscConfig = securityClientTube.wsscConfig;
        this.scPolicyIDtoSctIdMap = securityClientTube.scPolicyIDtoSctIdMap;
    }

    @Override // com.sun.xml.ws.api.pipe.helper.AbstractTubeImpl, com.sun.xml.ws.api.pipe.Tube
    public AbstractTubeImpl copy(TubeCloner tubeCloner) {
        return new SecurityClientTube(this, tubeCloner);
    }

    @Override // com.sun.xml.ws.api.pipe.helper.AbstractFilterTubeImpl, com.sun.xml.ws.api.pipe.Tube
    public NextAction processRequest(Packet packet) {
        if (this.wsitContext != null) {
            WSBindingProvider bindingProvider = this.wsitContext.getWrappedContext().getBindingProvider();
            WSEndpointReference wSEndpointReference = bindingProvider.getWSEndpointReference();
            X509Certificate x509Certificate = (X509Certificate) bindingProvider.getRequestContext().get(XWSSConstants.SERVER_CERTIFICATE_PROPERTY);
            if (x509Certificate != null) {
                this.props.put(PipeConstants.SERVER_CERT, x509Certificate);
                this.serverCert = x509Certificate;
            } else if (wSEndpointReference != null) {
                try {
                    WSEndpointReference.EPRExtension ePRExtension = wSEndpointReference.getEPRExtension(new QName("http://schemas.xmlsoap.org/ws/2006/02/addressingidentity", com.sun.xml.ws.security.impl.policy.Constants.IDENTITY));
                    if (ePRExtension != null) {
                        XMLStreamReader readAsXMLStreamReader = ePRExtension.readAsXMLStreamReader();
                        CertificateRetriever certificateRetriever = new CertificateRetriever();
                        byte[] bSTFromIdentityExtension = certificateRetriever.getBSTFromIdentityExtension(readAsXMLStreamReader);
                        X509Certificate x509Certificate2 = null;
                        if (bSTFromIdentityExtension != null) {
                            x509Certificate2 = certificateRetriever.constructCertificate(bSTFromIdentityExtension);
                        }
                        if (x509Certificate2 != null) {
                            this.props.put(PipeConstants.SERVER_CERT, x509Certificate2);
                            this.serverCert = x509Certificate2;
                        }
                    }
                } catch (XMLStreamException e) {
                    log.log(Level.WARNING, e.getMessage());
                }
            }
        }
        try {
            return doInvoke(this.next, processClientRequestPacket(packet));
        } catch (Throwable th) {
            th = th;
            if (!(th instanceof WebServiceException)) {
                th = new WebServiceException(th);
            }
            return doThrow(th);
        }
    }

    public Packet processClientRequestPacket(Packet packet) {
        Message secureOutboundMessage;
        if ("true".equals(packet.invocationProperties.get(WSTrustConstants.IS_TRUST_MESSAGE))) {
            packet.getMessage().getHeaders().fillRequestAddressingHeaders(packet, this.addVer, this.soapVersion, false, (String) packet.invocationProperties.get(WSTrustConstants.TRUST_ACTION));
        }
        Message message = packet.getMessage();
        boolean isSCMessage = isSCMessage(packet);
        if (!isSCMessage && !isSCCancel(packet)) {
            invokeSCPlugin(packet);
        }
        invokeTrustPlugin(packet, isSCMessage);
        ProcessingContext initializeOutgoingProcessingContext = initializeOutgoingProcessingContext(packet, isSCMessage);
        ((ProcessingContextImpl) initializeOutgoingProcessingContext).setIssuedTokenContextMap(this.issuedTokenContextMap);
        ((ProcessingContextImpl) initializeOutgoingProcessingContext).setSCPolicyIDtoSctIdMap(this.scPolicyIDtoSctIdMap);
        initializeOutgoingProcessingContext.isClient(true);
        try {
            if (hasKerberosTokenPolicy()) {
                populateKerberosContext(packet, (ProcessingContextImpl) initializeOutgoingProcessingContext, isSCMessage);
            }
            if (isSCRenew(packet)) {
                DefaultSCTokenConfiguration defaultSCTokenConfiguration = new DefaultSCTokenConfiguration(this.wsscVer.getNamespaceURI());
                defaultSCTokenConfiguration.getOtherOptions().put(PolicyTypeUtil.MESSAGEPOLICY_CONFIG_TYPE, (MessagePolicy) initializeOutgoingProcessingContext.getSecurityPolicy());
                try {
                    this.itm.renewIssuedToken(this.itm.createIssuedTokenContext(defaultSCTokenConfiguration, packet.endpointAddress.toString()));
                } catch (WSTrustException e) {
                    log.log(Level.SEVERE, LogStringsMessages.WSSTUBE_0035_ERROR_ISSUEDTOKEN_CREATION(), (Throwable) e);
                    throw new WebServiceException(LogStringsMessages.WSSTUBE_0035_ERROR_ISSUEDTOKEN_CREATION(), e);
                }
            }
            try {
                if (this.optimized) {
                    secureOutboundMessage = secureOutboundMessage(message, initializeOutgoingProcessingContext);
                } else {
                    if (!isSCMessage) {
                        cacheOperation(message);
                    }
                    secureOutboundMessage = Messages.create(secureOutboundMessage(message.readAsSOAPMessage(), initializeOutgoingProcessingContext));
                }
                packet.setMessage(secureOutboundMessage);
                if (isSCRenew(packet)) {
                    Token token = (Token) packet.invocationProperties.get(Constants.SC_ASSERTION);
                    DefaultSCTokenConfiguration defaultSCTokenConfiguration2 = new DefaultSCTokenConfiguration(this.wsscVer.getNamespaceURI(), false);
                    defaultSCTokenConfiguration2.getOtherOptions().put(PolicyTypeUtil.MESSAGEPOLICY_CONFIG_TYPE, getOutgoingXWSBootstrapPolicy(token));
                    try {
                        this.itm.renewIssuedToken(this.itm.createIssuedTokenContext(defaultSCTokenConfiguration2, packet.endpointAddress.toString()));
                    } catch (WSTrustException e2) {
                        log.log(Level.SEVERE, LogStringsMessages.WSSTUBE_0035_ERROR_ISSUEDTOKEN_CREATION(), (Throwable) e2);
                        throw new WebServiceException(LogStringsMessages.WSSTUBE_0035_ERROR_ISSUEDTOKEN_CREATION(), e2);
                    }
                }
                return packet;
            } catch (WssSoapFaultException e3) {
                log.log(Level.SEVERE, LogStringsMessages.WSSTUBE_0024_ERROR_SECURING_OUTBOUND_MSG(), (Throwable) e3);
                throw new WebServiceException(LogStringsMessages.WSSTUBE_0024_ERROR_SECURING_OUTBOUND_MSG(), getSOAPFaultException(e3));
            } catch (SOAPException e4) {
                log.log(Level.SEVERE, LogStringsMessages.WSSTUBE_0024_ERROR_SECURING_OUTBOUND_MSG(), (Throwable) e4);
                throw new WebServiceException(LogStringsMessages.WSSTUBE_0024_ERROR_SECURING_OUTBOUND_MSG(), e4);
            }
        } catch (XWSSecurityException e5) {
            log.log(Level.SEVERE, LogStringsMessages.WSSTUBE_0024_ERROR_SECURING_OUTBOUND_MSG(), (Throwable) e5);
            throw new WebServiceException(LogStringsMessages.WSSTUBE_0024_ERROR_SECURING_OUTBOUND_MSG(), e5);
        }
    }

    @Override // com.sun.xml.ws.api.pipe.helper.AbstractFilterTubeImpl, com.sun.xml.ws.api.pipe.Tube
    public NextAction processResponse(Packet packet) {
        try {
            return doReturnWith(processClientResponsePacket(packet));
        } catch (Throwable th) {
            th = th;
            if (!(th instanceof WebServiceException)) {
                th = new WebServiceException(th);
            }
            return doThrow(th);
        }
    }

    public Packet processClientResponsePacket(Packet packet) {
        Message verifyInboundMessage;
        boolean z = false;
        if ("true".equals(packet.invocationProperties.get(WSTrustConstants.IS_TRUST_MESSAGE))) {
            z = true;
        }
        if (packet.getMessage() == null) {
            return packet;
        }
        ProcessingContext initializeInboundProcessingContext = initializeInboundProcessingContext(packet);
        initializeInboundProcessingContext.isClient(true);
        ((ProcessingContextImpl) initializeInboundProcessingContext).setIssuedTokenContextMap(this.issuedTokenContextMap);
        ((ProcessingContextImpl) initializeInboundProcessingContext).setSCPolicyIDtoSctIdMap(this.scPolicyIDtoSctIdMap);
        initializeInboundProcessingContext.setExtraneousProperty(ProcessingContext.OPERATION_RESOLVER, new PolicyResolverImpl(this.inMessagePolicyMap, this.inProtocolPM, this.cachedOperation, this.tubeConfig, this.addVer, true, this.rmVer, this.mcVer));
        try {
            Message message = packet.getMessage();
            if (message == null) {
                return packet;
            }
            if (this.optimized) {
                verifyInboundMessage = verifyInboundMessage(message, initializeInboundProcessingContext);
            } else {
                SOAPMessage verifyInboundMessage2 = verifyInboundMessage(message.readAsSOAPMessage(), initializeInboundProcessingContext);
                if (message.isFault()) {
                    throw new SOAPFaultException(verifyInboundMessage2.getSOAPBody().getFault());
                }
                verifyInboundMessage = Messages.create(verifyInboundMessage2);
            }
            resetCachedOperation();
            packet.setMessage(verifyInboundMessage);
            if (z) {
                getAction(packet);
            }
            return packet;
        } catch (XWSSecurityException e) {
            log.log(Level.SEVERE, LogStringsMessages.WSSTUBE_0025_ERROR_VERIFY_INBOUND_MSG(), (Throwable) e);
            throw new WebServiceException(LogStringsMessages.WSSTUBE_0025_ERROR_VERIFY_INBOUND_MSG(), getSOAPFaultException(e));
        } catch (SOAPException e2) {
            log.log(Level.SEVERE, LogStringsMessages.WSSTUBE_0025_ERROR_VERIFY_INBOUND_MSG(), (Throwable) e2);
            throw new WebServiceException(LogStringsMessages.WSSTUBE_0025_ERROR_VERIFY_INBOUND_MSG(), e2);
        }
    }

    @Override // com.sun.xml.ws.api.pipe.helper.AbstractFilterTubeImpl, com.sun.xml.ws.api.pipe.Tube
    public NextAction processException(Throwable th) {
        if (!(th instanceof WebServiceException)) {
            th = new WebServiceException(th);
        }
        return doThrow(th);
    }

    private void invokeSCPlugin(Packet packet) {
        List<PolicyAssertion> outBoundSCP = getOutBoundSCP(packet.getMessage());
        PolicyAssertion policyAssertion = null;
        if (this.wsscConfig != null) {
            Iterator it = this.wsscConfig.iterator();
            while (it != null && it.hasNext()) {
                policyAssertion = (PolicyAssertion) it.next();
            }
        }
        Iterator<PolicyAssertion> it2 = outBoundSCP.iterator();
        while (it2.hasNext()) {
            Token token = (Token) ((PolicyAssertion) it2.next());
            if (this.issuedTokenContextMap.get(token.getTokenId()) == null) {
                try {
                    IssuedTokenContext createIssuedTokenContext = this.itm.createIssuedTokenContext(new DefaultSCTokenConfiguration(this.wsscVer.getNamespaceURI(), (SecureConversationToken) token, this.tubeConfig.getWSDLPort(), this.tubeConfig.getBinding(), this, packet, this.addVer, policyAssertion, this.next), packet.endpointAddress.toString());
                    this.itm.getIssuedToken(createIssuedTokenContext);
                    this.issuedTokenContextMap.put(token.getTokenId(), createIssuedTokenContext);
                    this.scPolicyIDtoSctIdMap.put(token.getTokenId(), ((SCTokenConfiguration) createIssuedTokenContext.getSecurityPolicy().get(0)).getTokenId());
                } catch (WSTrustException e) {
                    log.log(Level.SEVERE, LogStringsMessages.WSSTUBE_0035_ERROR_ISSUEDTOKEN_CREATION(), (Throwable) e);
                    throw new WebServiceException(LogStringsMessages.WSSTUBE_0035_ERROR_ISSUEDTOKEN_CREATION(), e);
                }
            }
        }
    }

    protected List<PolicyAssertion> getIssuedTokenPolicies(Packet packet, String str) {
        if (this.outMessagePolicyMap == null) {
            return new ArrayList();
        }
        SecurityPolicyHolder securityPolicyHolder = this.outMessagePolicyMap.get(isTrustMessage(packet) ? getWSDLOpFromAction(packet, false) : getOperation(packet.getMessage()));
        return securityPolicyHolder == null ? EMPTY_LIST : securityPolicyHolder.getIssuedTokens();
    }

    @Override // com.sun.xml.ws.security.secconv.SecureConversationInitiator
    public JAXBElement startSecureConversation(Packet packet) throws WSSecureConversationException {
        List<PolicyAssertion> outBoundSCP = getOutBoundSCP(packet.getMessage());
        if (outBoundSCP.isEmpty()) {
            if (!log.isLoggable(Level.FINE)) {
                return null;
            }
            log.log(Level.FINE, LogStringsMessages.WSSTUBE_0026_NO_POLICY_FOUND_FOR_SC());
            return null;
        }
        Token token = (Token) outBoundSCP.get(0);
        IssuedTokenContext issuedTokenContext = this.issuedTokenContextMap.get(token.getTokenId());
        PolicyAssertion policyAssertion = null;
        if (this.wsscConfig != null) {
            Iterator it = this.wsscConfig.iterator();
            while (it != null && it.hasNext()) {
                policyAssertion = (PolicyAssertion) it.next();
            }
        }
        if (issuedTokenContext == null) {
            try {
                issuedTokenContext = this.itm.createIssuedTokenContext(new DefaultSCTokenConfiguration(this.wsscVer.getNamespaceURI(), (SecureConversationToken) token, this.tubeConfig.getWSDLPort(), this.tubeConfig.getBinding(), this, packet, this.addVer, policyAssertion, this.next), packet.endpointAddress.toString());
                this.itm.getIssuedToken(issuedTokenContext);
                this.issuedTokenContextMap.put(token.getTokenId(), issuedTokenContext);
                this.scPolicyIDtoSctIdMap.put(token.getTokenId(), ((SCTokenConfiguration) issuedTokenContext.getSecurityPolicy().get(0)).getTokenId());
            } catch (WSTrustException e) {
                log.log(Level.SEVERE, LogStringsMessages.WSSTUBE_0035_ERROR_ISSUEDTOKEN_CREATION(), (Throwable) e);
                throw new WebServiceException(LogStringsMessages.WSSTUBE_0035_ERROR_ISSUEDTOKEN_CREATION(), e);
            }
        }
        return WSTrustElementFactory.newInstance().toJAXBElement((SecurityTokenReference) issuedTokenContext.getUnAttachedSecurityTokenReference());
    }

    private void cancelSecurityContextToken() {
        Enumeration<String> keys = this.issuedTokenContextMap.keys();
        while (keys.hasMoreElements()) {
            String nextElement = keys.nextElement();
            IssuedTokenContext issuedTokenContext = this.issuedTokenContextMap.get(nextElement);
            if (issuedTokenContext.getSecurityToken() instanceof SecurityContextToken) {
                try {
                    this.itm.cancelIssuedToken(issuedTokenContext);
                    this.issuedTokenContextMap.remove(nextElement);
                    this.scPolicyIDtoSctIdMap.remove(nextElement);
                } catch (WSTrustException e) {
                    log.log(Level.SEVERE, LogStringsMessages.WSSTUBE_0035_ERROR_ISSUEDTOKEN_CREATION(), (Throwable) e);
                    throw new WebServiceException(LogStringsMessages.WSSTUBE_0035_ERROR_ISSUEDTOKEN_CREATION(), e);
                }
            }
        }
    }

    @Override // com.sun.xml.ws.api.pipe.helper.AbstractFilterTubeImpl, com.sun.xml.ws.api.pipe.Tube, com.sun.xml.ws.api.pipe.Pipe
    public void preDestroy() {
        cancelSecurityContextToken();
        if (this.next != null) {
            this.next.preDestroy();
        }
    }

    private void invokeTrustPlugin(Packet packet, boolean z) {
        List<PolicyAssertion> issuedTokenPoliciesFromBootstrapPolicy = z ? getIssuedTokenPoliciesFromBootstrapPolicy((Token) packet.invocationProperties.get(Constants.SC_ASSERTION)) : getIssuedTokenPolicies(packet, Constants.OPERATION_SCOPE);
        PolicyAssertion policyAssertion = null;
        if (this.trustConfig != null) {
            Iterator it = this.trustConfig.iterator();
            while (it != null && it.hasNext()) {
                policyAssertion = (PolicyAssertion) it.next();
            }
        }
        for (Object obj : issuedTokenPoliciesFromBootstrapPolicy) {
            STSIssuedTokenFeature sTSIssuedTokenFeature = (STSIssuedTokenFeature) this.tubeConfig.getBinding().getFeature(STSIssuedTokenFeature.class);
            STSIssuedTokenConfiguration sTSIssuedTokenConfiguration = sTSIssuedTokenFeature != null ? sTSIssuedTokenFeature.getSTSIssuedTokenConfiguration() : null;
            DefaultSTSIssuedTokenConfiguration defaultSTSIssuedTokenConfiguration = null;
            if (this.issuedTokenContextMap.get(((Token) obj).getTokenId()) == null || sTSIssuedTokenConfiguration != null) {
                try {
                    String str = (String) packet.invocationProperties.get(STSIssuedTokenConfiguration.STS_ENDPOINT);
                    if (str != null) {
                        String str2 = (String) packet.invocationProperties.get(STSIssuedTokenConfiguration.STS_MEX_ADDRESS);
                        defaultSTSIssuedTokenConfiguration = str2 == null ? new DefaultSTSIssuedTokenConfiguration(this.wsTrustVer.getNamespaceURI(), str, (String) packet.invocationProperties.get(STSIssuedTokenConfiguration.STS_WSDL_LOCATION), (String) packet.invocationProperties.get(STSIssuedTokenConfiguration.STS_SERVICE_NAME), (String) packet.invocationProperties.get(STSIssuedTokenConfiguration.STS_PORT_NAME), (String) packet.invocationProperties.get(STSIssuedTokenConfiguration.STS_NAMESPACE)) : new DefaultSTSIssuedTokenConfiguration(this.wsTrustVer.getNamespaceURI(), str, str2);
                    }
                    if (defaultSTSIssuedTokenConfiguration == null) {
                        defaultSTSIssuedTokenConfiguration = new DefaultSTSIssuedTokenConfiguration(this.wsTrustVer.getNamespaceURI(), (IssuedToken) obj, policyAssertion);
                    }
                    defaultSTSIssuedTokenConfiguration.getOtherOptions().putAll(packet.invocationProperties);
                    X509Certificate x509Certificate = (X509Certificate) this.props.get(PipeConstants.SERVER_CERT);
                    if (x509Certificate != null) {
                        if (!this.isCertValidityVerified) {
                            this.isCertValid = new CertificateRetriever().setServerCertInTheSTSConfig(defaultSTSIssuedTokenConfiguration, this.secEnv, x509Certificate);
                            this.isCertValidityVerified = true;
                        } else if (this.isCertValid) {
                            defaultSTSIssuedTokenConfiguration.getOtherOptions().put(com.sun.xml.ws.security.impl.policy.Constants.IDENTITY, x509Certificate);
                        }
                    }
                    if (sTSIssuedTokenConfiguration != null) {
                        sTSIssuedTokenConfiguration.getOtherOptions().put("IssuedToken", defaultSTSIssuedTokenConfiguration);
                        sTSIssuedTokenConfiguration.getOtherOptions().put("AppliesTo", packet.endpointAddress.toString());
                        defaultSTSIssuedTokenConfiguration.copy(sTSIssuedTokenConfiguration);
                        defaultSTSIssuedTokenConfiguration.getOtherOptions().put("RunTimeConfig", sTSIssuedTokenConfiguration);
                    }
                    IssuedTokenContext createIssuedTokenContext = this.itm.createIssuedTokenContext(defaultSTSIssuedTokenConfiguration, packet.endpointAddress.toString());
                    this.itm.getIssuedToken(createIssuedTokenContext);
                    this.issuedTokenContextMap.put(((Token) obj).getTokenId(), createIssuedTokenContext);
                    updateMPForIssuedTokenAsEncryptedSupportingToken(packet, createIssuedTokenContext, ((Token) obj).getTokenId());
                } catch (WSTrustException e) {
                    log.log(Level.SEVERE, LogStringsMessages.WSSTUBE_0035_ERROR_ISSUEDTOKEN_CREATION(), (Throwable) e);
                    throw new WebServiceException(LogStringsMessages.WSSTUBE_0035_ERROR_ISSUEDTOKEN_CREATION(), e);
                }
            }
        }
    }

    @Override // com.sun.xml.wss.jaxws.impl.SecurityTubeBase
    protected SecurityPolicyHolder addOutgoingMP(WSDLBoundOperation wSDLBoundOperation, Policy policy) throws PolicyException {
        SecurityPolicyHolder constructPolicyHolder = constructPolicyHolder(policy, false, false);
        this.outMessagePolicyMap.put(wSDLBoundOperation, constructPolicyHolder);
        return constructPolicyHolder;
    }

    @Override // com.sun.xml.wss.jaxws.impl.SecurityTubeBase
    protected SecurityPolicyHolder addIncomingMP(WSDLBoundOperation wSDLBoundOperation, Policy policy) throws PolicyException {
        SecurityPolicyHolder constructPolicyHolder = constructPolicyHolder(policy, false, true);
        this.inMessagePolicyMap.put(wSDLBoundOperation, constructPolicyHolder);
        return constructPolicyHolder;
    }

    @Override // com.sun.xml.wss.jaxws.impl.SecurityTubeBase
    protected void addIncomingProtocolPolicy(Policy policy, String str) throws PolicyException {
        this.inProtocolPM.put(str, constructPolicyHolder(policy, false, true, true));
    }

    @Override // com.sun.xml.wss.jaxws.impl.SecurityTubeBase
    protected void addOutgoingProtocolPolicy(Policy policy, String str) throws PolicyException {
        this.outProtocolPM.put(str, constructPolicyHolder(policy, false, false, false));
    }

    @Override // com.sun.xml.wss.jaxws.impl.SecurityTubeBase
    protected void addIncomingFaultPolicy(Policy policy, SecurityPolicyHolder securityPolicyHolder, WSDLFault wSDLFault) throws PolicyException {
        securityPolicyHolder.addFaultPolicy(wSDLFault, constructPolicyHolder(policy, false, true));
    }

    @Override // com.sun.xml.wss.jaxws.impl.SecurityTubeBase
    protected void addOutgoingFaultPolicy(Policy policy, SecurityPolicyHolder securityPolicyHolder, WSDLFault wSDLFault) throws PolicyException {
        securityPolicyHolder.addFaultPolicy(wSDLFault, constructPolicyHolder(policy, false, false));
    }

    @Override // com.sun.xml.wss.jaxws.impl.SecurityTubeBase
    protected String getAction(WSDLOperation wSDLOperation, boolean z) {
        return !z ? wSDLOperation.getInput().getAction() : wSDLOperation.getOutput().getAction();
    }

    protected void populateKerberosContext(Packet packet, ProcessingContextImpl processingContextImpl, boolean z) throws XWSSecurityException {
        List<PolicyAssertion> outBoundKTP = getOutBoundKTP(packet, z);
        if (outBoundKTP.isEmpty()) {
            return;
        }
        ((Token) outBoundKTP.get(0)).getTokenId();
        KerberosContext doKerberosLogin = processingContextImpl.getSecurityEnvironment().doKerberosLogin();
        try {
            processingContextImpl.setExtraneousProperty(MessageConstants.KERBEROS_SHA1_VALUE, Base64.encode(MessageDigest.getInstance(MessageConstants.SHA_1).digest(doKerberosLogin.getKerberosToken())));
            processingContextImpl.setKerberosContext(doKerberosLogin);
        } catch (NoSuchAlgorithmException e) {
            throw new XWSSecurityException(e);
        }
    }

    private void updateMPForIssuedTokenAsEncryptedSupportingToken(Packet packet, IssuedTokenContext issuedTokenContext, String str) {
        WSDLBoundOperation operation = packet.getMessage().getOperation(this.tubeConfig.getWSDLPort());
        SecurityPolicyHolder securityPolicyHolder = this.outMessagePolicyMap.get(operation);
        if (securityPolicyHolder == null || !securityPolicyHolder.isIssuedTokenAsEncryptedSupportingToken()) {
            return;
        }
        MessagePolicy messagePolicy = securityPolicyHolder.getMessagePolicy();
        Iterator it = messagePolicy.getPrimaryPolicies().iterator();
        boolean z = false;
        while (it.hasNext()) {
            SecurityPolicy securityPolicy = (SecurityPolicy) it.next();
            if (PolicyTypeUtil.encryptionPolicy(securityPolicy)) {
                ListIterator listIterator = ((EncryptionPolicy.FeatureBinding) ((EncryptionPolicy) securityPolicy).getFeatureBinding()).getTargetBindings().listIterator();
                while (true) {
                    if (!listIterator.hasNext()) {
                        break;
                    }
                    EncryptionTarget encryptionTarget = (EncryptionTarget) listIterator.next();
                    if (encryptionTarget.getValue().equals(str) && issuedTokenContext != null) {
                        encryptionTarget.setValue(((GenericToken) issuedTokenContext.getSecurityToken()).getId());
                        securityPolicyHolder.setMessagePolicy(messagePolicy);
                        this.outMessagePolicyMap.put(operation, securityPolicyHolder);
                        z = true;
                        break;
                    }
                }
                if (z) {
                    return;
                }
            }
        }
    }

    private CallbackHandler configureClientHandler(Set<PolicyAssertion> set, Properties properties) {
        CallbackHandlerFeature callbackHandlerFeature = (CallbackHandlerFeature) this.tubeConfig.getBinding().getFeature(CallbackHandlerFeature.class);
        if (callbackHandlerFeature != null) {
            return callbackHandlerFeature.getHandler();
        }
        String populateConfigProperties = populateConfigProperties(set, properties);
        try {
            if (populateConfigProperties == null) {
                return new DefaultCallbackHandler("client", properties);
            }
            Object newInstance = loadClass(populateConfigProperties).newInstance();
            if (newInstance instanceof CallbackHandler) {
                return (CallbackHandler) newInstance;
            }
            log.log(Level.SEVERE, LogStringsMessages.WSSTUBE_0033_INVALID_CALLBACK_HANDLER_CLASS(populateConfigProperties));
            throw new RuntimeException(LogStringsMessages.WSSTUBE_0033_INVALID_CALLBACK_HANDLER_CLASS(populateConfigProperties));
        } catch (Exception e) {
            log.log(Level.SEVERE, LogStringsMessages.WSSTUBE_0027_ERROR_CONFIGURE_CLIENT_HANDLER(), (Throwable) e);
            throw new RuntimeException(LogStringsMessages.WSSTUBE_0027_ERROR_CONFIGURE_CLIENT_HANDLER(), e);
        }
    }
}
