package org.apache.cxf.ws.security.wss4j;

import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Map;
import java.util.Properties;
import java.util.logging.Logger;
import javax.xml.namespace.QName;
import org.apache.cxf.Bus;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.common.classloader.ClassLoaderUtils;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.endpoint.Endpoint;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.resource.ResourceManager;
import org.apache.cxf.service.model.EndpointInfo;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.cxf.ws.security.wss4j.policyhandlers.StaxAsymmetricBindingHandler;
import org.apache.cxf.ws.security.wss4j.policyhandlers.StaxSymmetricBindingHandler;
import org.apache.cxf.ws.security.wss4j.policyhandlers.StaxTransportBindingHandler;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.util.Loader;
import org.apache.wss4j.stax.ext.WSSSecurityProperties;
import org.apache.xml.security.stax.securityToken.OutboundSecurityToken;
import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;

/* loaded from: input_file:org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.class */
public class PolicyBasedWSS4JStaxOutInterceptor extends WSS4JStaxOutInterceptor {
    public static final PolicyBasedWSS4JStaxOutInterceptor INSTANCE = new PolicyBasedWSS4JStaxOutInterceptor();
    private static final Logger LOG = LogUtils.getL7dLogger(PolicyBasedWSS4JStaxOutInterceptor.class);

    @Override // org.apache.cxf.ws.security.wss4j.WSS4JStaxOutInterceptor
    public void handleMessage(SoapMessage soapMessage) throws Fault {
        AssertionInfoMap assertionInfoMap = (AssertionInfoMap) soapMessage.get(AssertionInfoMap.class);
        boolean isTrue = MessageUtils.isTrue(soapMessage.getContextualProperty(SecurityConstants.ENABLE_STREAMING_SECURITY));
        if (assertionInfoMap == null || !isTrue) {
            return;
        }
        getProperties().clear();
        super.handleMessage(soapMessage);
    }

    private static Properties getProps(Object obj, URL url, SoapMessage soapMessage) {
        Properties properties = null;
        if (obj instanceof Properties) {
            properties = (Properties) obj;
        } else if (url != null) {
            try {
                properties = new Properties();
                InputStream openStream = url.openStream();
                properties.load(openStream);
                openStream.close();
            } catch (IOException e) {
                properties = null;
            }
        }
        return properties;
    }

    private URL getPropertiesFileURL(Object obj, SoapMessage soapMessage) {
        if (!(obj instanceof String)) {
            if (obj instanceof URL) {
                return (URL) obj;
            }
            return null;
        }
        URL url = (URL) ((ResourceManager) ((Bus) soapMessage.getExchange().get(Bus.class)).getExtension(ResourceManager.class)).resolveResource((String) obj, URL.class);
        if (url == null) {
            try {
                url = ClassLoaderUtils.getResource((String) obj, AbstractWSS4JInterceptor.class);
            } catch (IOException e) {
                return null;
            }
        }
        if (url == null) {
            url = new URL((String) obj);
        }
        return url;
    }

    private Collection<AssertionInfo> getAllAssertionsByLocalname(AssertionInfoMap assertionInfoMap, String str) {
        Collection collection = (Collection) assertionInfoMap.get(new QName("http://schemas.xmlsoap.org/ws/2005/07/securitypolicy", str));
        Collection collection2 = (Collection) assertionInfoMap.get(new QName("http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702", str));
        if ((collection == null || collection.isEmpty()) && (collection2 == null || collection2.isEmpty())) {
            return Collections.emptySet();
        }
        HashSet hashSet = new HashSet();
        if (collection != null) {
            hashSet.addAll(collection);
        }
        if (collection2 != null) {
            hashSet.addAll(collection2);
        }
        return hashSet;
    }

    private void checkAsymmetricBinding(AssertionInfoMap assertionInfoMap, SoapMessage soapMessage, WSSSecurityProperties wSSSecurityProperties) throws WSSecurityException {
        Object contextualProperty = soapMessage.getContextualProperty(SecurityConstants.SIGNATURE_CRYPTO);
        if (contextualProperty == null) {
            contextualProperty = soapMessage.getContextualProperty(SecurityConstants.SIGNATURE_PROPERTIES);
        }
        Object contextualProperty2 = soapMessage.getContextualProperty(SecurityConstants.ENCRYPT_CRYPTO);
        if (contextualProperty2 == null) {
            contextualProperty2 = soapMessage.getContextualProperty(SecurityConstants.ENCRYPT_PROPERTIES);
        }
        Crypto encryptionCrypto = getEncryptionCrypto(contextualProperty2, soapMessage, wSSSecurityProperties);
        Crypto signatureCrypto = (contextualProperty2 == null || !contextualProperty2.equals(contextualProperty)) ? getSignatureCrypto(contextualProperty, soapMessage, wSSSecurityProperties) : encryptionCrypto;
        if (signatureCrypto != null) {
            soapMessage.put("signaturePropRefId", "RefId-" + signatureCrypto.hashCode());
            soapMessage.put("RefId-" + signatureCrypto.hashCode(), signatureCrypto);
        }
        if (encryptionCrypto != null) {
            soapMessage.put("encryptionPropRefId", "RefId-" + encryptionCrypto.hashCode());
            soapMessage.put("RefId-" + encryptionCrypto.hashCode(), encryptionCrypto);
        } else if (signatureCrypto != null) {
            soapMessage.put("encryptionPropRefId", "RefId-" + signatureCrypto.hashCode());
            soapMessage.put("RefId-" + signatureCrypto.hashCode(), signatureCrypto);
        }
    }

    private void checkTransportBinding(AssertionInfoMap assertionInfoMap, SoapMessage soapMessage, WSSSecurityProperties wSSSecurityProperties) throws WSSecurityException {
        Object contextualProperty = soapMessage.getContextualProperty(SecurityConstants.SIGNATURE_CRYPTO);
        if (contextualProperty == null) {
            contextualProperty = soapMessage.getContextualProperty(SecurityConstants.SIGNATURE_PROPERTIES);
        }
        Object contextualProperty2 = soapMessage.getContextualProperty(SecurityConstants.ENCRYPT_CRYPTO);
        if (contextualProperty2 == null) {
            contextualProperty2 = soapMessage.getContextualProperty(SecurityConstants.ENCRYPT_PROPERTIES);
        }
        Crypto encryptionCrypto = getEncryptionCrypto(contextualProperty2, soapMessage, wSSSecurityProperties);
        Crypto signatureCrypto = (contextualProperty2 == null || !contextualProperty2.equals(contextualProperty)) ? getSignatureCrypto(contextualProperty, soapMessage, wSSSecurityProperties) : encryptionCrypto;
        if (signatureCrypto != null) {
            soapMessage.put("signaturePropRefId", "RefId-" + signatureCrypto.hashCode());
            soapMessage.put("RefId-" + signatureCrypto.hashCode(), signatureCrypto);
        }
        if (encryptionCrypto != null) {
            soapMessage.put("encryptionPropRefId", "RefId-" + encryptionCrypto.hashCode());
            soapMessage.put("RefId-" + encryptionCrypto.hashCode(), encryptionCrypto);
        } else if (signatureCrypto != null) {
            soapMessage.put("encryptionPropRefId", "RefId-" + signatureCrypto.hashCode());
            soapMessage.put("RefId-" + signatureCrypto.hashCode(), signatureCrypto);
        }
    }

    private void checkSymmetricBinding(AssertionInfoMap assertionInfoMap, SoapMessage soapMessage, WSSSecurityProperties wSSSecurityProperties) throws WSSecurityException {
        Object contextualProperty = soapMessage.getContextualProperty(SecurityConstants.SIGNATURE_CRYPTO);
        if (contextualProperty == null) {
            contextualProperty = soapMessage.getContextualProperty(SecurityConstants.SIGNATURE_PROPERTIES);
        }
        Object contextualProperty2 = soapMessage.getContextualProperty(SecurityConstants.ENCRYPT_CRYPTO);
        if (contextualProperty2 == null) {
            contextualProperty2 = soapMessage.getContextualProperty(SecurityConstants.ENCRYPT_PROPERTIES);
        }
        Crypto encryptionCrypto = getEncryptionCrypto(contextualProperty2, soapMessage, wSSSecurityProperties);
        Crypto signatureCrypto = (contextualProperty2 == null || !contextualProperty2.equals(contextualProperty)) ? getSignatureCrypto(contextualProperty, soapMessage, wSSSecurityProperties) : encryptionCrypto;
        if (isRequestor(soapMessage)) {
            Crypto crypto = encryptionCrypto;
            if (crypto == null) {
                crypto = signatureCrypto;
            }
            if (crypto != null) {
                soapMessage.put("encryptionPropRefId", "RefId-" + crypto.hashCode());
                soapMessage.put("RefId-" + crypto.hashCode(), crypto);
            }
            Crypto crypto2 = signatureCrypto;
            if (crypto2 == null) {
                crypto2 = encryptionCrypto;
            }
            if (crypto2 != null) {
                soapMessage.put("signaturePropRefId", "RefId-" + crypto2.hashCode());
                soapMessage.put("RefId-" + crypto2.hashCode(), crypto2);
                return;
            }
            return;
        }
        Crypto crypto3 = signatureCrypto;
        if (crypto3 == null) {
            crypto3 = encryptionCrypto;
        }
        if (crypto3 != null) {
            soapMessage.put("encryptionPropRefId", "RefId-" + crypto3.hashCode());
            soapMessage.put("RefId-" + crypto3.hashCode(), crypto3);
        }
        Crypto crypto4 = encryptionCrypto;
        if (crypto4 == null) {
            crypto4 = signatureCrypto;
        }
        if (crypto4 != null) {
            soapMessage.put("signaturePropRefId", "RefId-" + crypto4.hashCode());
            soapMessage.put("RefId-" + crypto4.hashCode(), crypto4);
        }
    }

    private Crypto getEncryptionCrypto(Object obj, SoapMessage soapMessage, WSSSecurityProperties wSSSecurityProperties) throws WSSecurityException {
        Crypto crypto = null;
        if (obj instanceof Crypto) {
            crypto = (Crypto) obj;
        } else if (obj != null) {
            Properties props = getProps(obj, getPropertiesFileURL(obj, soapMessage), soapMessage);
            if (props == null) {
                LOG.fine("Cannot find Crypto Encryption properties: " + obj);
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, new Exception("Cannot find Crypto Encryption properties: " + obj));
            }
            crypto = CryptoFactory.getInstance(props, Loader.getClassLoader(CryptoFactory.class), getPasswordEncryptor(soapMessage, wSSSecurityProperties));
            EndpointInfo endpointInfo = ((Endpoint) soapMessage.getExchange().get(Endpoint.class)).getEndpointInfo();
            synchronized (endpointInfo) {
                endpointInfo.setProperty(SecurityConstants.ENCRYPT_CRYPTO, crypto);
            }
        }
        return crypto;
    }

    private Crypto getSignatureCrypto(Object obj, SoapMessage soapMessage, WSSSecurityProperties wSSSecurityProperties) throws WSSecurityException {
        Crypto crypto = null;
        if (obj instanceof Crypto) {
            crypto = (Crypto) obj;
        } else if (obj != null) {
            Properties props = getProps(obj, getPropertiesFileURL(obj, soapMessage), soapMessage);
            if (props == null) {
                LOG.fine("Cannot find Crypto Signature properties: " + obj);
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, new Exception("Cannot find Crypto Signature properties: " + obj));
            }
            crypto = CryptoFactory.getInstance(props, Loader.getClassLoader(CryptoFactory.class), getPasswordEncryptor(soapMessage, wSSSecurityProperties));
            EndpointInfo endpointInfo = ((Endpoint) soapMessage.getExchange().get(Endpoint.class)).getEndpointInfo();
            synchronized (endpointInfo) {
                endpointInfo.setProperty(SecurityConstants.SIGNATURE_CRYPTO, crypto);
            }
        }
        return crypto;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.cxf.ws.security.wss4j.WSS4JStaxOutInterceptor
    public void configureProperties(SoapMessage soapMessage, Map<String, SecurityTokenProvider<OutboundSecurityToken>> map, WSSSecurityProperties wSSSecurityProperties) throws WSSecurityException {
        AssertionInfoMap assertionInfoMap = (AssertionInfoMap) soapMessage.get(AssertionInfoMap.class);
        Collection<AssertionInfo> allAssertionsByLocalname = getAllAssertionsByLocalname(assertionInfoMap, "AsymmetricBinding");
        if (!allAssertionsByLocalname.isEmpty()) {
            checkAsymmetricBinding(assertionInfoMap, soapMessage, wSSSecurityProperties);
        }
        Collection<AssertionInfo> allAssertionsByLocalname2 = getAllAssertionsByLocalname(assertionInfoMap, "SymmetricBinding");
        if (!allAssertionsByLocalname2.isEmpty()) {
            checkSymmetricBinding(assertionInfoMap, soapMessage, wSSSecurityProperties);
        }
        Collection<AssertionInfo> allAssertionsByLocalname3 = getAllAssertionsByLocalname(assertionInfoMap, "TransportBinding");
        if (!allAssertionsByLocalname3.isEmpty()) {
            checkTransportBinding(assertionInfoMap, soapMessage, wSSSecurityProperties);
        }
        super.configureProperties(soapMessage, map, wSSSecurityProperties);
        if (!allAssertionsByLocalname3.isEmpty()) {
            new StaxTransportBindingHandler(wSSSecurityProperties, soapMessage, allAssertionsByLocalname3.iterator().next().getAssertion(), map).handleBinding();
            return;
        }
        if (!allAssertionsByLocalname.isEmpty()) {
            new StaxAsymmetricBindingHandler(wSSSecurityProperties, soapMessage, allAssertionsByLocalname.iterator().next().getAssertion(), map).handleBinding();
        } else if (allAssertionsByLocalname2.isEmpty()) {
            new StaxTransportBindingHandler(wSSSecurityProperties, soapMessage, null, map).handleBinding();
        } else {
            new StaxSymmetricBindingHandler(wSSSecurityProperties, soapMessage, allAssertionsByLocalname2.iterator().next().getAssertion(), map).handleBinding();
        }
    }
}
