package org.apache.cxf.ws.security.wss4j;

import java.security.Provider;
import java.util.Collection;
import java.util.Collections;
import java.util.Set;
import java.util.logging.Logger;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPMessage;
import org.apache.cxf.binding.soap.SoapFault;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor;
import org.apache.cxf.binding.soap.saaj.SAAJUtils;
import org.apache.cxf.common.i18n.Message;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.phase.Phase;
import org.apache.cxf.phase.PhaseInterceptor;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.cxf.ws.security.policy.PolicyUtils;
import org.apache.cxf.ws.security.tokenstore.TokenStoreException;
import org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler;
import org.apache.cxf.ws.security.wss4j.policyhandlers.SymmetricBindingHandler;
import org.apache.cxf.ws.security.wss4j.policyhandlers.TransportBindingHandler;
import org.apache.neethi.Policy;
import org.apache.wss4j.common.ConfigurationConstants;
import org.apache.wss4j.common.crypto.ThreadLocalSecurityProvider;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.dom.engine.WSSConfig;
import org.apache.wss4j.dom.message.WSSecHeader;
import org.apache.wss4j.policy.SPConstants;
import org.apache.wss4j.policy.model.AbstractBinding;
import org.apache.wss4j.policy.model.AsymmetricBinding;
import org.apache.wss4j.policy.model.SymmetricBinding;
import org.apache.wss4j.policy.model.TransportBinding;
import org.w3c.dom.Element;

/* loaded from: input_file:lib/cxf-rt-ws-security-3.4.5.jar:org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.class */
public class PolicyBasedWSS4JOutInterceptor extends AbstractPhaseInterceptor<SoapMessage> {
    public static final String SECURITY_PROCESSED = PolicyBasedWSS4JOutInterceptor.class.getName() + ".DONE";
    public static final PolicyBasedWSS4JOutInterceptor INSTANCE = new PolicyBasedWSS4JOutInterceptor();
    private static final Logger LOG = LogUtils.getL7dLogger(PolicyBasedWSS4JOutInterceptor.class);
    private PolicyBasedWSS4JOutInterceptorInternal ending;
    private SAAJOutInterceptor saajOut;

    /* loaded from: input_file:lib/cxf-rt-ws-security-3.4.5.jar:org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.class */
    public final class PolicyBasedWSS4JOutInterceptorInternal implements PhaseInterceptor<SoapMessage> {
        public PolicyBasedWSS4JOutInterceptorInternal() {
        }

        @Override // org.apache.cxf.interceptor.Interceptor
        public void handleMessage(SoapMessage soapMessage) throws Fault {
            Object obj = soapMessage.getExchange().get((Class<Object>) Provider.class);
            boolean z = obj != null && ThreadLocalSecurityProvider.isInstalled();
            if (z) {
                try {
                    ThreadLocalSecurityProvider.setProvider((Provider) obj);
                } catch (Throwable th) {
                    if (z) {
                        ThreadLocalSecurityProvider.unsetProvider();
                    }
                    throw th;
                }
            }
            handleMessageInternal(soapMessage);
            if (z) {
                ThreadLocalSecurityProvider.unsetProvider();
            }
        }

        private void handleMessageInternal(SoapMessage soapMessage) throws Fault {
            AssertionInfoMap assertionInfoMap = (AssertionInfoMap) soapMessage.get(AssertionInfoMap.class);
            if (assertionInfoMap == null) {
                return;
            }
            SOAPMessage sOAPMessage = (SOAPMessage) soapMessage.getContent(SOAPMessage.class);
            boolean contextualBoolean = MessageUtils.getContextualBoolean(soapMessage, SecurityConstants.MUST_UNDERSTAND, true);
            String str = (String) soapMessage.getContextualProperty(SecurityConstants.ACTOR);
            AbstractBinding securityBinding = PolicyUtils.getSecurityBinding(assertionInfoMap);
            if (securityBinding == null && PolicyBasedWSS4JOutInterceptor.this.isRequestor(soapMessage)) {
                securityBinding = new TransportBinding(SPConstants.SPVersion.SP11, new Policy());
            }
            if (securityBinding != null) {
                WSSecHeader wSSecHeader = new WSSecHeader(str, contextualBoolean, sOAPMessage.getSOAPPart());
                try {
                    Element insertSecurityHeader = wSSecHeader.insertSecurityHeader();
                    try {
                        SAAJUtils.getHeader(sOAPMessage).removeChild(insertSecurityHeader);
                        SAAJUtils.getHeader(sOAPMessage).appendChild(insertSecurityHeader);
                    } catch (SOAPException e) {
                    }
                    WSSConfig wSSConfig = (WSSConfig) soapMessage.getContextualProperty(WSSConfig.class.getName());
                    if (wSSConfig == null) {
                        wSSConfig = WSSConfig.getNewInstance();
                    }
                    translateProperties(soapMessage);
                    String str2 = (String) soapMessage.getContextualProperty(SecurityConstants.ASYMMETRIC_SIGNATURE_ALGORITHM);
                    if (str2 != null && securityBinding.getAlgorithmSuite() != null) {
                        securityBinding.getAlgorithmSuite().getAlgorithmSuiteType().setAsymmetricSignature(str2);
                    }
                    String str3 = (String) soapMessage.getContextualProperty(SecurityConstants.SYMMETRIC_SIGNATURE_ALGORITHM);
                    if (str3 != null && securityBinding.getAlgorithmSuite() != null) {
                        securityBinding.getAlgorithmSuite().getAlgorithmSuiteType().setSymmetricSignature(str3);
                    }
                    try {
                        if (securityBinding instanceof TransportBinding) {
                            new TransportBindingHandler(wSSConfig, (TransportBinding) securityBinding, sOAPMessage, wSSecHeader, assertionInfoMap, soapMessage).handleBinding();
                        } else if (securityBinding instanceof SymmetricBinding) {
                            new SymmetricBindingHandler(wSSConfig, (SymmetricBinding) securityBinding, sOAPMessage, wSSecHeader, assertionInfoMap, soapMessage).handleBinding();
                        } else {
                            new AsymmetricBindingHandler(wSSConfig, (AsymmetricBinding) securityBinding, sOAPMessage, wSSecHeader, assertionInfoMap, soapMessage).handleBinding();
                        }
                        if (insertSecurityHeader.getFirstChild() == null) {
                            insertSecurityHeader.getParentNode().removeChild(insertSecurityHeader);
                        }
                    } catch (SOAPException | TokenStoreException e2) {
                        throw new SoapFault(new Message("SECURITY_FAILED", PolicyBasedWSS4JOutInterceptor.LOG, new Object[0]), e2, soapMessage.getVersion().getSender());
                    }
                } catch (WSSecurityException e3) {
                    throw new SoapFault(new Message("SECURITY_FAILED", PolicyBasedWSS4JOutInterceptor.LOG, new Object[0]), e3, soapMessage.getVersion().getSender());
                }
            }
        }

        @Override // org.apache.cxf.phase.PhaseInterceptor
        public Set<String> getAfter() {
            return Collections.emptySet();
        }

        @Override // org.apache.cxf.phase.PhaseInterceptor
        public Set<String> getBefore() {
            return Collections.emptySet();
        }

        @Override // org.apache.cxf.phase.PhaseInterceptor
        public String getId() {
            return PolicyBasedWSS4JOutInterceptorInternal.class.getName();
        }

        @Override // org.apache.cxf.phase.PhaseInterceptor
        public String getPhase() {
            return Phase.POST_PROTOCOL;
        }

        @Override // org.apache.cxf.interceptor.Interceptor
        public void handleFault(SoapMessage soapMessage) {
        }

        @Override // org.apache.cxf.phase.PhaseInterceptor
        public Collection<PhaseInterceptor<? extends org.apache.cxf.message.Message>> getAdditionalInterceptors() {
            return null;
        }

        private void translateProperties(SoapMessage soapMessage) {
            String str = (String) soapMessage.getContextualProperty(SecurityConstants.IS_BSP_COMPLIANT);
            if (str != null) {
                soapMessage.put(ConfigurationConstants.IS_BSP_COMPLIANT, (Object) str);
            }
        }
    }

    public PolicyBasedWSS4JOutInterceptor() {
        super(Phase.PRE_PROTOCOL);
        this.saajOut = new SAAJOutInterceptor();
        getAfter().add(SAAJOutInterceptor.class.getName());
        this.ending = createEndingInterceptor();
    }

    @Override // org.apache.cxf.interceptor.Interceptor
    public void handleMessage(SoapMessage soapMessage) throws Fault {
        if (MessageUtils.getContextualBoolean(soapMessage, SecurityConstants.ENABLE_STREAMING_SECURITY)) {
            return;
        }
        if (soapMessage.getContent(SOAPMessage.class) == null) {
            this.saajOut.handleMessage(soapMessage);
        }
        soapMessage.put(SECURITY_PROCESSED, (Object) Boolean.TRUE);
        soapMessage.getInterceptorChain().add(this.ending);
    }

    @Override // org.apache.cxf.phase.AbstractPhaseInterceptor, org.apache.cxf.interceptor.Interceptor
    public void handleFault(SoapMessage soapMessage) {
        this.saajOut.handleFault(soapMessage);
    }

    public final PolicyBasedWSS4JOutInterceptorInternal createEndingInterceptor() {
        return new PolicyBasedWSS4JOutInterceptorInternal();
    }
}
