package org.apache.cxf.ws.security.wss4j;

import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import java.util.logging.Logger;
import javax.xml.namespace.QName;
import org.apache.cxf.Bus;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.binding.soap.interceptor.SoapActionInInterceptor;
import org.apache.cxf.binding.soap.model.SoapBindingInfo;
import org.apache.cxf.binding.soap.model.SoapOperationInfo;
import org.apache.cxf.common.classloader.ClassLoaderUtils;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.endpoint.Endpoint;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.Message;
import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.resource.ResourceManager;
import org.apache.cxf.service.model.BindingInfo;
import org.apache.cxf.service.model.BindingOperationInfo;
import org.apache.cxf.service.model.EndpointInfo;
import org.apache.cxf.service.model.MessageInfo;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.policy.EffectivePolicy;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.util.Loader;
import org.apache.wss4j.policy.SP12Constants;
import org.apache.wss4j.policy.WSSPolicyException;
import org.apache.wss4j.policy.stax.OperationPolicy;
import org.apache.wss4j.policy.stax.PolicyEnforcer;
import org.apache.wss4j.policy.stax.PolicyInputProcessor;
import org.apache.wss4j.stax.ext.WSSSecurityProperties;
import org.apache.wss4j.stax.impl.securityToken.HttpsSecurityTokenImpl;
import org.apache.wss4j.stax.securityEvent.HttpsTokenSecurityEvent;
import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.securityEvent.SecurityEvent;
import org.apache.xml.security.stax.securityEvent.SecurityEventListener;

/* loaded from: input_file:org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.class */
public class PolicyBasedWSS4JStaxInInterceptor extends WSS4JStaxInInterceptor {
    public static final PolicyBasedWSS4JStaxInInterceptor INSTANCE = new PolicyBasedWSS4JStaxInInterceptor();
    private static final Logger LOG = LogUtils.getL7dLogger(PolicyBasedWSS4JStaxInInterceptor.class);

    public PolicyBasedWSS4JStaxInInterceptor() {
        super(new HashMap());
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.apache.cxf.ws.security.wss4j.WSS4JStaxInInterceptor, org.apache.cxf.interceptor.Interceptor
    public void handleMessage(SoapMessage soapMessage) throws Fault {
        AssertionInfoMap assertionInfoMap = (AssertionInfoMap) soapMessage.get(AssertionInfoMap.class);
        boolean isTrue = MessageUtils.isTrue(soapMessage.getContextualProperty(SecurityConstants.ENABLE_STREAMING_SECURITY));
        if (assertionInfoMap == null || !isTrue) {
            return;
        }
        super.handleMessage(soapMessage);
        soapMessage.getInterceptorChain().add(new PolicyStaxActionInInterceptor());
    }

    private static Properties getProps(Object obj, URL url, SoapMessage soapMessage) {
        Properties properties = null;
        if (obj instanceof Properties) {
            properties = (Properties) obj;
        } else if (url != null) {
            try {
                properties = new Properties();
                InputStream openStream = url.openStream();
                properties.load(openStream);
                openStream.close();
            } catch (IOException e) {
                properties = null;
            }
        }
        return properties;
    }

    private URL getPropertiesFileURL(Object obj, SoapMessage soapMessage) {
        if (!(obj instanceof String)) {
            if (obj instanceof URL) {
                return (URL) obj;
            }
            return null;
        }
        URL url = (URL) ((ResourceManager) ((Bus) soapMessage.getExchange().get(Bus.class)).getExtension(ResourceManager.class)).resolveResource((String) obj, URL.class);
        if (url == null) {
            try {
                url = ClassLoaderUtils.getResource((String) obj, AbstractWSS4JInterceptor.class);
            } catch (IOException e) {
                return null;
            }
        }
        if (url == null) {
            url = new URL((String) obj);
        }
        return url;
    }

    private Collection<AssertionInfo> getAllAssertionsByLocalname(AssertionInfoMap assertionInfoMap, String str) {
        Collection<AssertionInfo> collection = assertionInfoMap.get(new QName("http://schemas.xmlsoap.org/ws/2005/07/securitypolicy", str));
        Collection<AssertionInfo> collection2 = assertionInfoMap.get(new QName("http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702", str));
        if ((collection == null || collection.isEmpty()) && (collection2 == null || collection2.isEmpty())) {
            return Collections.emptySet();
        }
        HashSet hashSet = new HashSet();
        if (collection != null) {
            hashSet.addAll(collection);
        }
        if (collection2 != null) {
            hashSet.addAll(collection2);
        }
        return hashSet;
    }

    private void checkAsymmetricBinding(AssertionInfoMap assertionInfoMap, SoapMessage soapMessage) throws WSSecurityException {
        if (getAllAssertionsByLocalname(assertionInfoMap, "AsymmetricBinding").isEmpty()) {
            return;
        }
        Object contextualProperty = soapMessage.getContextualProperty(SecurityConstants.SIGNATURE_CRYPTO);
        if (contextualProperty == null) {
            contextualProperty = soapMessage.getContextualProperty(SecurityConstants.SIGNATURE_PROPERTIES);
        }
        Object contextualProperty2 = soapMessage.getContextualProperty(SecurityConstants.ENCRYPT_CRYPTO);
        if (contextualProperty2 == null) {
            contextualProperty2 = soapMessage.getContextualProperty(SecurityConstants.ENCRYPT_PROPERTIES);
        }
        Crypto encryptionCrypto = getEncryptionCrypto(contextualProperty2, soapMessage);
        Crypto signatureCrypto = (contextualProperty2 == null || !contextualProperty2.equals(contextualProperty)) ? getSignatureCrypto(contextualProperty, soapMessage) : encryptionCrypto;
        if (signatureCrypto != null) {
            soapMessage.put("decryptionPropRefId", (Object) ("RefId-" + signatureCrypto.hashCode()));
            soapMessage.put("RefId-" + signatureCrypto.hashCode(), (Object) signatureCrypto);
        }
        if (encryptionCrypto != null) {
            soapMessage.put("signatureVerificationPropRefId", (Object) ("RefId-" + encryptionCrypto.hashCode()));
            soapMessage.put("RefId-" + encryptionCrypto.hashCode(), (Object) encryptionCrypto);
        } else if (signatureCrypto != null) {
            soapMessage.put("signatureVerificationPropRefId", (Object) ("RefId-" + signatureCrypto.hashCode()));
            soapMessage.put("RefId-" + signatureCrypto.hashCode(), (Object) signatureCrypto);
        }
    }

    private void checkTransportBinding(AssertionInfoMap assertionInfoMap, SoapMessage soapMessage) throws XMLSecurityException {
        if ((!getAllAssertionsByLocalname(assertionInfoMap, "TransportBinding").isEmpty()) || (getAllAssertionsByLocalname(assertionInfoMap, "SymmetricBinding").isEmpty() && getAllAssertionsByLocalname(assertionInfoMap, "AsymmetricBinding").isEmpty())) {
            if (isRequestor(soapMessage)) {
                HttpsTokenSecurityEvent httpsTokenSecurityEvent = new HttpsTokenSecurityEvent();
                httpsTokenSecurityEvent.setAuthenticationType(HttpsTokenSecurityEvent.AuthenticationType.HttpsNoAuthentication);
                HttpsSecurityTokenImpl httpsSecurityTokenImpl = new HttpsSecurityTokenImpl();
                try {
                    httpsSecurityTokenImpl.addTokenUsage(WSSecurityTokenConstants.TokenUsage_MainSignature);
                } catch (XMLSecurityException e) {
                    LOG.fine(e.getMessage());
                }
                httpsTokenSecurityEvent.setSecurityToken(httpsSecurityTokenImpl);
                getSecurityEventList(soapMessage).add(httpsTokenSecurityEvent);
            }
            Object contextualProperty = soapMessage.getContextualProperty(SecurityConstants.SIGNATURE_CRYPTO);
            if (contextualProperty == null) {
                contextualProperty = soapMessage.getContextualProperty(SecurityConstants.SIGNATURE_PROPERTIES);
            }
            Object contextualProperty2 = soapMessage.getContextualProperty(SecurityConstants.ENCRYPT_CRYPTO);
            if (contextualProperty2 == null) {
                contextualProperty2 = soapMessage.getContextualProperty(SecurityConstants.ENCRYPT_PROPERTIES);
            }
            Crypto encryptionCrypto = getEncryptionCrypto(contextualProperty2, soapMessage);
            Crypto signatureCrypto = (contextualProperty2 == null || !contextualProperty2.equals(contextualProperty)) ? getSignatureCrypto(contextualProperty, soapMessage) : encryptionCrypto;
            if (signatureCrypto != null) {
                soapMessage.put("decryptionPropRefId", (Object) ("RefId-" + signatureCrypto.hashCode()));
                soapMessage.put("RefId-" + signatureCrypto.hashCode(), (Object) signatureCrypto);
            }
            if (encryptionCrypto != null) {
                soapMessage.put("signatureVerificationPropRefId", (Object) ("RefId-" + encryptionCrypto.hashCode()));
                soapMessage.put("RefId-" + encryptionCrypto.hashCode(), (Object) encryptionCrypto);
            } else if (signatureCrypto != null) {
                soapMessage.put("signatureVerificationPropRefId", (Object) ("RefId-" + signatureCrypto.hashCode()));
                soapMessage.put("RefId-" + signatureCrypto.hashCode(), (Object) signatureCrypto);
            }
        }
    }

    private List<SecurityEvent> getSecurityEventList(Message message) {
        List<SecurityEvent> list = (List) message.getExchange().get(SecurityEvent.class.getName() + ".out");
        if (list == null) {
            list = new ArrayList();
            message.getExchange().put(SecurityEvent.class.getName() + ".out", list);
        }
        return list;
    }

    private void checkSymmetricBinding(AssertionInfoMap assertionInfoMap, SoapMessage soapMessage) throws WSSecurityException {
        if (getAllAssertionsByLocalname(assertionInfoMap, "SymmetricBinding").isEmpty()) {
            return;
        }
        Object contextualProperty = soapMessage.getContextualProperty(SecurityConstants.SIGNATURE_CRYPTO);
        if (contextualProperty == null) {
            contextualProperty = soapMessage.getContextualProperty(SecurityConstants.SIGNATURE_PROPERTIES);
        }
        Object contextualProperty2 = soapMessage.getContextualProperty(SecurityConstants.ENCRYPT_CRYPTO);
        if (contextualProperty2 == null) {
            contextualProperty2 = soapMessage.getContextualProperty(SecurityConstants.ENCRYPT_PROPERTIES);
        }
        Crypto encryptionCrypto = getEncryptionCrypto(contextualProperty2, soapMessage);
        Crypto signatureCrypto = (contextualProperty2 == null || !contextualProperty2.equals(contextualProperty)) ? getSignatureCrypto(contextualProperty, soapMessage) : encryptionCrypto;
        if (isRequestor(soapMessage)) {
            Crypto crypto = encryptionCrypto;
            if (crypto == null) {
                crypto = signatureCrypto;
            }
            if (crypto != null) {
                soapMessage.put("signatureVerificationPropRefId", (Object) ("RefId-" + crypto.hashCode()));
                soapMessage.put("RefId-" + crypto.hashCode(), (Object) crypto);
            }
            Crypto crypto2 = signatureCrypto;
            if (crypto2 == null) {
                crypto2 = encryptionCrypto;
            }
            if (crypto2 != null) {
                soapMessage.put("decryptionPropRefId", (Object) ("RefId-" + crypto2.hashCode()));
                soapMessage.put("RefId-" + crypto2.hashCode(), (Object) crypto2);
                return;
            }
            return;
        }
        Crypto crypto3 = signatureCrypto;
        if (crypto3 == null) {
            crypto3 = encryptionCrypto;
        }
        if (crypto3 != null) {
            soapMessage.put("signatureVerificationPropRefId", (Object) ("RefId-" + crypto3.hashCode()));
            soapMessage.put("RefId-" + crypto3.hashCode(), (Object) crypto3);
        }
        Crypto crypto4 = encryptionCrypto;
        if (crypto4 == null) {
            crypto4 = signatureCrypto;
        }
        if (crypto4 != null) {
            soapMessage.put("decryptionPropRefId", (Object) ("RefId-" + crypto4.hashCode()));
            soapMessage.put("RefId-" + crypto4.hashCode(), (Object) crypto4);
        }
    }

    private Crypto getEncryptionCrypto(Object obj, SoapMessage soapMessage) throws WSSecurityException {
        Crypto crypto = null;
        if (obj instanceof Crypto) {
            crypto = (Crypto) obj;
        } else if (obj != null) {
            Properties props = getProps(obj, getPropertiesFileURL(obj, soapMessage), soapMessage);
            if (props == null) {
                LOG.fine("Cannot find Crypto Encryption properties: " + obj);
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, new Exception("Cannot find Crypto Encryption properties: " + obj));
            }
            crypto = CryptoFactory.getInstance(props, Loader.getClassLoader(CryptoFactory.class), getPasswordEncryptor(soapMessage));
            EndpointInfo endpointInfo = ((Endpoint) soapMessage.getExchange().get(Endpoint.class)).getEndpointInfo();
            synchronized (endpointInfo) {
                endpointInfo.setProperty(SecurityConstants.ENCRYPT_CRYPTO, crypto);
            }
        }
        return crypto;
    }

    private Crypto getSignatureCrypto(Object obj, SoapMessage soapMessage) throws WSSecurityException {
        Crypto crypto = null;
        if (obj instanceof Crypto) {
            crypto = (Crypto) obj;
        } else if (obj != null) {
            Properties props = getProps(obj, getPropertiesFileURL(obj, soapMessage), soapMessage);
            if (props == null) {
                LOG.fine("Cannot find Crypto Signature properties: " + obj);
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, new Exception("Cannot find Crypto Signature properties: " + obj));
            }
            crypto = CryptoFactory.getInstance(props, Loader.getClassLoader(CryptoFactory.class), getPasswordEncryptor(soapMessage));
            EndpointInfo endpointInfo = ((Endpoint) soapMessage.getExchange().get(Endpoint.class)).getEndpointInfo();
            synchronized (endpointInfo) {
                endpointInfo.setProperty(SecurityConstants.SIGNATURE_CRYPTO, crypto);
            }
        }
        return crypto;
    }

    @Override // org.apache.cxf.ws.security.wss4j.WSS4JStaxInInterceptor
    protected void configureProperties(SoapMessage soapMessage) throws XMLSecurityException {
        Collection<AssertionInfo> collection;
        AssertionInfoMap assertionInfoMap = (AssertionInfoMap) soapMessage.get(AssertionInfoMap.class);
        checkAsymmetricBinding(assertionInfoMap, soapMessage);
        checkSymmetricBinding(assertionInfoMap, soapMessage);
        checkTransportBinding(assertionInfoMap, soapMessage);
        String str = (String) soapMessage.getContextualProperty(SecurityConstants.ASYMMETRIC_SIGNATURE_ALGORITHM);
        if (str != null && (collection = assertionInfoMap.get(SP12Constants.ALGORITHM_SUITE)) != null && !collection.isEmpty()) {
            Iterator<AssertionInfo> it = collection.iterator();
            while (it.hasNext()) {
                it.next().getAssertion().setAsymmetricSignature(str);
            }
        }
        super.configureProperties(soapMessage);
    }

    @Override // org.apache.cxf.ws.security.wss4j.WSS4JStaxInInterceptor
    protected boolean isNonceCacheRequired(SoapMessage soapMessage) {
        AssertionInfoMap assertionInfoMap = (AssertionInfoMap) soapMessage.get(AssertionInfoMap.class);
        return (assertionInfoMap == null || getAllAssertionsByLocalname(assertionInfoMap, "UsernameToken").isEmpty()) ? false : true;
    }

    @Override // org.apache.cxf.ws.security.wss4j.WSS4JStaxInInterceptor
    protected boolean isTimestampCacheRequired(SoapMessage soapMessage) {
        AssertionInfoMap assertionInfoMap = (AssertionInfoMap) soapMessage.get(AssertionInfoMap.class);
        return (assertionInfoMap == null || getAllAssertionsByLocalname(assertionInfoMap, "IncludeTimestamp").isEmpty()) ? false : true;
    }

    @Override // org.apache.cxf.ws.security.wss4j.WSS4JStaxInInterceptor
    protected boolean isSamlCacheRequired(SoapMessage soapMessage) {
        AssertionInfoMap assertionInfoMap = (AssertionInfoMap) soapMessage.get(AssertionInfoMap.class);
        return (assertionInfoMap == null || getAllAssertionsByLocalname(assertionInfoMap, "SamlToken").isEmpty()) ? false : true;
    }

    @Override // org.apache.cxf.ws.security.wss4j.WSS4JStaxInInterceptor
    protected List<SecurityEventListener> configureSecurityEventListeners(SoapMessage soapMessage, WSSSecurityProperties wSSSecurityProperties) throws WSSPolicyException {
        ArrayList arrayList = new ArrayList(2);
        arrayList.addAll(super.configureSecurityEventListeners(soapMessage, wSSSecurityProperties));
        PolicyEnforcer createPolicyEnforcer = createPolicyEnforcer(((Endpoint) soapMessage.getExchange().get(Endpoint.class)).getEndpointInfo(), soapMessage);
        wSSSecurityProperties.addInputProcessor(new PolicyInputProcessor(createPolicyEnforcer, wSSSecurityProperties));
        arrayList.add(createPolicyEnforcer);
        return arrayList;
    }

    private PolicyEnforcer createPolicyEnforcer(EndpointInfo endpointInfo, SoapMessage soapMessage) throws WSSPolicyException {
        ArrayList arrayList = new ArrayList();
        for (BindingOperationInfo bindingOperationInfo : endpointInfo.getBinding().getOperations()) {
            QName name = bindingOperationInfo.getName();
            EffectivePolicy effectivePolicy = (EffectivePolicy) bindingOperationInfo.getProperty("policy-engine-info-serve-request");
            String localPart = name.getLocalPart();
            if (MessageUtils.isRequestor(soapMessage)) {
                effectivePolicy = (EffectivePolicy) bindingOperationInfo.getProperty("policy-engine-info-client-response");
                MessageInfo messageInfo = bindingOperationInfo.getOutput().getMessageInfo();
                localPart = messageInfo.getName().getLocalPart();
                if (!messageInfo.getMessageParts().isEmpty()) {
                    localPart = messageInfo.getMessagePart(0).getConcreteName().getLocalPart();
                }
            }
            SoapOperationInfo soapOperationInfo = (SoapOperationInfo) bindingOperationInfo.getExtensor(SoapOperationInfo.class);
            if (effectivePolicy != null && soapOperationInfo != null) {
                BindingInfo binding = bindingOperationInfo.getBinding();
                if (!(binding instanceof SoapBindingInfo)) {
                    throw new IllegalArgumentException("BindingInfo is not an instance of SoapBindingInfo");
                }
                String namespace = ((SoapBindingInfo) binding).getSoapVersion().getNamespace();
                OperationPolicy operationPolicy = new OperationPolicy(localPart);
                operationPolicy.setPolicy(effectivePolicy.getPolicy());
                operationPolicy.setOperationAction(soapOperationInfo.getAction());
                operationPolicy.setSoapMessageVersionNamespace(namespace);
                arrayList.add(operationPolicy);
            }
        }
        String soapAction = SoapActionInInterceptor.getSoapAction(soapMessage);
        if (soapAction == null) {
            soapAction = "";
        }
        return new PolicyEnforcer(arrayList, soapAction, isRequestor(soapMessage), (String) soapMessage.getContextualProperty(SecurityConstants.ACTOR));
    }
}
