package org.apache.cxf.ws.security.wss4j;

import java.security.cert.X509Certificate;
import java.util.Map;
import java.util.Vector;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.callback.CallbackHandler;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPMessage;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.XMLStreamReader;
import javax.xml.transform.dom.DOMSource;
import org.apache.activemq.transport.stomp.Stomp;
import org.apache.cxf.binding.soap.SoapFault;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.binding.soap.SoapVersion;
import org.apache.cxf.binding.soap.saaj.SAAJInInterceptor;
import org.apache.cxf.common.i18n.Message;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.phase.Phase;
import org.apache.cxf.staxutils.StaxUtils;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.handler.WSHandlerResult;
import org.apache.ws.security.message.token.Timestamp;
import org.apache.ws.security.util.WSSecurityUtil;

/* loaded from: input_file:WEB-INF/lib/cxf-bundle-2.0.4-incubator.jar:org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.class */
public class WSS4JInInterceptor extends AbstractWSS4JInterceptor {
    public static final String TIMESTAMP_RESULT = "wss4j.timestamp.result";
    public static final String SIGNATURE_RESULT = "wss4j.signature.result";
    private static final Logger LOG = LogUtils.getL7dLogger(WSS4JInInterceptor.class);
    private static final Logger TIME_LOG = LogUtils.getL7dLogger(WSS4JInInterceptor.class, null, WSS4JInInterceptor.class.getName() + "-Time");

    public WSS4JInInterceptor() {
        setPhase(Phase.PRE_PROTOCOL);
        getAfter().add(SAAJInInterceptor.class.getName());
    }

    public WSS4JInInterceptor(Map<String, Object> map) {
        this();
        setProperties(map);
    }

    @Override // org.apache.cxf.interceptor.Interceptor
    public void handleMessage(SoapMessage soapMessage) throws Fault {
        boolean isLoggable = LOG.isLoggable(Level.FINE);
        boolean isLoggable2 = TIME_LOG.isLoggable(Level.FINE);
        SoapVersion version = soapMessage.getVersion();
        if (isLoggable) {
            LOG.fine("WSS4JInSecurityHandler: enter invoke()");
        }
        long j = 0;
        long j2 = 0;
        long j3 = 0;
        if (isLoggable2) {
            j = System.currentTimeMillis();
        }
        RequestData requestData = new RequestData();
        try {
            try {
                requestData.setMsgContext(soapMessage);
                Vector vector = new Vector();
                int decodeAction = WSSecurityUtil.decodeAction(getAction(soapMessage, version), vector);
                String str = (String) getOption("actor");
                SOAPMessage sOAPMessage = (SOAPMessage) soapMessage.getContent(SOAPMessage.class);
                if (sOAPMessage == null) {
                    throw new SoapFault(new Message("NO_SAAJ_DOC", LOG, new Object[0]), version.getReceiver());
                }
                CallbackHandler callback = getCallback(requestData, decodeAction);
                doReceiverAction(decodeAction, requestData);
                if (isLoggable2) {
                    j2 = System.currentTimeMillis();
                }
                try {
                    Vector processSecurityHeader = secEngine.processSecurityHeader(sOAPMessage.getSOAPPart(), str, callback, requestData.getSigCrypto(), requestData.getDecCrypto());
                    if (isLoggable2) {
                        j3 = System.currentTimeMillis();
                    }
                    if (processSecurityHeader == null) {
                        if (decodeAction == 0) {
                            return;
                        }
                        LOG.warning("Request does not contain required Security header");
                        throw new SoapFault(new Message("NO_SECURITY", LOG, new Object[0]), version.getSender());
                    }
                    if (requestData.getWssConfig().isEnableSignatureConfirmation()) {
                        checkSignatureConfirmation(requestData, processSecurityHeader);
                    }
                    WSSecurityEngineResult fetchActionResult = WSSecurityUtil.fetchActionResult(processSecurityHeader, 2);
                    if (fetchActionResult != null) {
                        X509Certificate certificate = fetchActionResult.getCertificate();
                        if (certificate != null && !verifyTrust(certificate, requestData)) {
                            LOG.warning("The certificate used for the signature is not trusted");
                            throw new SoapFault(new Message("UNTRUSTED_CERT", LOG, new Object[0]), version.getSender());
                        }
                        soapMessage.put(SIGNATURE_RESULT, (Object) fetchActionResult);
                    }
                    WSSecurityEngineResult fetchActionResult2 = WSSecurityUtil.fetchActionResult(processSecurityHeader, 32);
                    if (fetchActionResult2 != null) {
                        Timestamp timestamp = fetchActionResult2.getTimestamp();
                        if (timestamp != null && !verifyTimestamp(timestamp, decodeTimeToLive(requestData))) {
                            LOG.warning("The timestamp could not be validated");
                            throw new SoapFault(new Message("INVALID_TIMESTAMP", LOG, new Object[0]), version.getSender());
                        }
                        soapMessage.put(TIMESTAMP_RESULT, (Object) fetchActionResult2);
                    }
                    if (!checkReceiverResults(processSecurityHeader, vector)) {
                        LOG.warning("Security processing failed (actions mismatch)");
                        throw new SoapFault(new Message("ACTION_MISMATCH", LOG, new Object[0]), version.getSender());
                    }
                    doResults(soapMessage, str, sOAPMessage, processSecurityHeader);
                    if (isLoggable2) {
                        long currentTimeMillis = System.currentTimeMillis();
                        TIME_LOG.fine("Receive request: total= " + (currentTimeMillis - j) + " request preparation= " + (j2 - j) + " request processing= " + (j3 - j2) + " header, cert verify, timestamp= " + (currentTimeMillis - j3) + Stomp.NEWLINE);
                    }
                    if (isLoggable) {
                        LOG.fine("WSS4JInHandler: exit invoke()");
                    }
                    requestData.clear();
                } catch (WSSecurityException e) {
                    LOG.log(Level.WARNING, "", e);
                    throw new SoapFault(new Message("SECURITY_FAILED", LOG, new Object[0]), e, version.getSender());
                }
            } catch (WSSecurityException e2) {
                LOG.log(Level.WARNING, "", e2);
                throw new SoapFault(new Message("WSSECURITY_EX", LOG, new Object[0]), e2, version.getSender());
            } catch (SOAPException e3) {
                throw new SoapFault(new Message("SAAJ_EX", LOG, new Object[0]), e3, version.getSender());
            } catch (XMLStreamException e4) {
                throw new SoapFault(new Message("STAX_EX", LOG, new Object[0]), e4, version.getSender());
            }
        } finally {
            requestData.clear();
        }
    }

    private void doResults(SoapMessage soapMessage, String str, SOAPMessage sOAPMessage, Vector vector) throws SOAPException, XMLStreamException {
        Vector vector2 = (Vector) soapMessage.get("RECV_RESULTS");
        if (vector2 == null) {
            vector2 = new Vector();
            soapMessage.put("RECV_RESULTS", (Object) vector2);
        }
        vector2.add(0, new WSHandlerResult(str, vector));
        XMLStreamReader createXMLStreamReader = StaxUtils.createXMLStreamReader(new DOMSource(sOAPMessage.getSOAPBody()));
        int next = createXMLStreamReader.next();
        for (int i = 0; createXMLStreamReader.hasNext() && i < 1 && (next != 2 || next != 1); i++) {
            createXMLStreamReader.next();
        }
        soapMessage.setContent(XMLStreamReader.class, createXMLStreamReader);
    }

    private String getAction(SoapMessage soapMessage, SoapVersion soapVersion) {
        String str = (String) getOption("action");
        if (str == null) {
            str = (String) soapMessage.get("action");
        }
        if (str != null) {
            return str;
        }
        LOG.warning("No security action was defined!");
        throw new SoapFault("No security action was defined!", soapVersion.getReceiver());
    }

    private CallbackHandler getCallback(RequestData requestData, int i) throws WSSecurityException {
        CallbackHandler callbackHandler = null;
        if ((i & 5) != 0) {
            callbackHandler = getPasswordCB(requestData);
        }
        return callbackHandler;
    }
}
