package org.apache.cxf.ws.security.wss4j;

import java.util.Collection;
import java.util.Collections;
import java.util.Set;
import java.util.logging.Logger;
import javax.security.auth.callback.CallbackHandler;
import javax.xml.namespace.QName;
import org.apache.cxf.binding.soap.SoapHeader;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.binding.soap.interceptor.AbstractSoapInterceptor;
import org.apache.cxf.common.i18n.Message;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.headers.Header;
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.phase.Phase;
import org.apache.cxf.rt.security.utils.SecurityUtils;
import org.apache.cxf.security.transport.TLSSessionInfo;
import org.apache.cxf.service.model.EndpointInfo;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.policy.PolicyException;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.cxf.ws.security.policy.PolicyUtils;
import org.apache.cxf.ws.security.tokenstore.TokenStore;
import org.apache.wss4j.common.ext.WSPasswordCallback;
import org.apache.wss4j.policy.SPConstants;
import org.apache.wss4j.policy.model.AbstractToken;
import org.w3c.dom.Element;

/* loaded from: input_file:lib/cxf-rt-ws-security-3.2.7.jar:org/apache/cxf/ws/security/wss4j/AbstractTokenInterceptor.class */
public abstract class AbstractTokenInterceptor extends AbstractSoapInterceptor {
    private static final Logger LOG = LogUtils.getL7dLogger(AbstractSoapInterceptor.class);
    private static final Set<QName> HEADERS = Collections.singleton(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Security"));

    public AbstractTokenInterceptor() {
        super(Phase.PRE_PROTOCOL);
        addAfter(PolicyBasedWSS4JOutInterceptor.class.getName());
        addAfter(PolicyBasedWSS4JInInterceptor.class.getName());
        addAfter(PolicyBasedWSS4JStaxInInterceptor.class.getName());
    }

    @Override // org.apache.cxf.binding.soap.interceptor.AbstractSoapInterceptor, org.apache.cxf.binding.soap.interceptor.SoapInterceptor
    public Set<QName> getUnderstoodHeaders() {
        return HEADERS;
    }

    @Override // org.apache.cxf.interceptor.Interceptor
    public void handleMessage(SoapMessage soapMessage) throws Fault {
        if (MessageUtils.getContextualBoolean(soapMessage, SecurityConstants.ENABLE_STREAMING_SECURITY, false)) {
            return;
        }
        boolean isRequestor = MessageUtils.isRequestor(soapMessage);
        if (isRequestor != MessageUtils.isOutbound(soapMessage)) {
            assertTokens(soapMessage);
            return;
        }
        if (isRequestor) {
            if (soapMessage.containsKey(PolicyBasedWSS4JOutInterceptor.SECURITY_PROCESSED)) {
                return;
            }
            addToken(soapMessage);
        } else {
            if (soapMessage.containsKey(WSS4JInInterceptor.SECURITY_PROCESSED)) {
                return;
            }
            processToken(soapMessage);
        }
    }

    protected abstract void processToken(SoapMessage soapMessage);

    protected abstract void addToken(SoapMessage soapMessage);

    protected abstract AbstractToken assertTokens(SoapMessage soapMessage);

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractToken assertTokens(SoapMessage soapMessage, String str, boolean z) {
        AssertionInfoMap assertionInfoMap = (AssertionInfoMap) soapMessage.get(AssertionInfoMap.class);
        AbstractToken abstractToken = null;
        for (AssertionInfo assertionInfo : PolicyUtils.getAllAssertionsByLocalname(assertionInfoMap, str)) {
            abstractToken = (AbstractToken) assertionInfo.getAssertion();
            assertionInfo.setAsserted(true);
        }
        PolicyUtils.assertPolicy(assertionInfoMap, SPConstants.SUPPORTING_TOKENS);
        if (z || isTLSInUse(soapMessage)) {
            PolicyUtils.assertPolicy(assertionInfoMap, SPConstants.SIGNED_SUPPORTING_TOKENS);
        }
        return abstractToken;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isTLSInUse(SoapMessage soapMessage) {
        return ((TLSSessionInfo) soapMessage.get(TLSSessionInfo.class)) != null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public TokenStore getTokenStore(SoapMessage soapMessage) {
        TokenStore tokenStore;
        EndpointInfo endpointInfo = soapMessage.getExchange().getEndpoint().getEndpointInfo();
        synchronized (endpointInfo) {
            TokenStore tokenStore2 = (TokenStore) soapMessage.getContextualProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE);
            if (tokenStore2 == null) {
                tokenStore2 = (TokenStore) endpointInfo.getProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE);
            }
            tokenStore = tokenStore2;
        }
        return tokenStore;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Header findSecurityHeader(SoapMessage soapMessage, boolean z) {
        for (Header header : soapMessage.getHeaders()) {
            QName name = header.getName();
            if (name.getLocalPart().equals("Security") && (name.getNamespaceURI().equals("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd") || name.getNamespaceURI().equals("http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"))) {
                return header;
            }
        }
        if (!z) {
            return null;
        }
        Element createElementNS = DOMUtils.getEmptyDocument().createElementNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "wsse:Security");
        createElementNS.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
        SoapHeader soapHeader = new SoapHeader(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Security"), createElementNS);
        soapHeader.setMustUnderstand(true);
        soapMessage.getHeaders().add(soapHeader);
        return soapHeader;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getPassword(String str, AbstractToken abstractToken, int i, SoapMessage soapMessage) {
        try {
            CallbackHandler callbackHandler = SecurityUtils.getCallbackHandler(SecurityUtils.getSecurityPropertyValue(org.apache.cxf.rt.security.SecurityConstants.CALLBACK_HANDLER, soapMessage));
            if (callbackHandler == null) {
                policyNotAsserted(abstractToken, "No callback handler and no password available", soapMessage);
                return null;
            }
            WSPasswordCallback[] wSPasswordCallbackArr = {new WSPasswordCallback(str, i)};
            try {
                callbackHandler.handle(wSPasswordCallbackArr);
            } catch (Exception e) {
                policyNotAsserted(abstractToken, e, soapMessage);
            }
            return wSPasswordCallbackArr[0].getPassword();
        } catch (Exception e2) {
            policyNotAsserted(abstractToken, "No callback handler and no password available", soapMessage);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void policyNotAsserted(AbstractToken abstractToken, String str, SoapMessage soapMessage) {
        if (abstractToken == null) {
            return;
        }
        Collection<AssertionInfo> collection = ((AssertionInfoMap) soapMessage.get(AssertionInfoMap.class)).get(abstractToken.getName());
        if (collection != null) {
            for (AssertionInfo assertionInfo : collection) {
                if (assertionInfo.getAssertion() == abstractToken) {
                    assertionInfo.setNotAsserted(str);
                }
            }
        }
        if (!abstractToken.isOptional()) {
            throw new PolicyException(new Message(str, LOG, new Object[0]));
        }
    }

    protected void policyNotAsserted(AbstractToken abstractToken, Exception exc, SoapMessage soapMessage) {
        if (abstractToken == null) {
            return;
        }
        Collection<AssertionInfo> collection = ((AssertionInfoMap) soapMessage.get(AssertionInfoMap.class)).get(abstractToken.getName());
        if (collection != null) {
            for (AssertionInfo assertionInfo : collection) {
                if (assertionInfo.getAssertion() == abstractToken) {
                    assertionInfo.setNotAsserted(exc.getMessage());
                }
            }
        }
        throw new PolicyException(exc);
    }
}
