package com.sun.enterprise.security.webservices;

import com.sun.enterprise.security.jmac.provider.PacketMapMessageInfo;
import com.sun.enterprise.security.jmac.provider.PacketMessageInfo;
import com.sun.enterprise.security.jmac.provider.config.PipeHelper;
import com.sun.enterprise.util.LocalStringManagerImpl;
import com.sun.logging.LogDomains;
import com.sun.xml.ws.api.message.Packet;
import com.sun.xml.ws.api.pipe.Pipe;
import com.sun.xml.ws.api.pipe.PipeCloner;
import com.sun.xml.ws.api.pipe.helper.AbstractFilterPipeImpl;
import java.security.AccessControlContext;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import javax.security.auth.message.AuthException;
import javax.security.auth.message.AuthStatus;
import javax.security.auth.message.config.ServerAuthContext;
import javax.xml.ws.WebServiceException;

/* loaded from: input_file:com/sun/enterprise/security/webservices/CommonServerSecurityPipe.class */
public class CommonServerSecurityPipe extends AbstractFilterPipeImpl {
    protected static final Logger _logger = LogDomains.getLogger(CommonServerSecurityPipe.class, "javax.enterprise.system.core.security");
    protected static final LocalStringManagerImpl localStrings = new LocalStringManagerImpl(CommonServerSecurityPipe.class);
    private final boolean isHttpBinding;
    private PipeHelper helper;
    private static final String WSIT_SERVER_AUTH_CONTEXT = "com.sun.xml.wss.provider.wsit.WSITServerAuthContext";

    public CommonServerSecurityPipe(Map map, Pipe pipe, boolean z) {
        super(pipe);
        map.put(PipeConstants.SECURITY_PIPE, this);
        this.helper = new PipeHelper(PipeConstants.SOAP_LAYER, map, null);
        this.isHttpBinding = z;
    }

    protected CommonServerSecurityPipe(CommonServerSecurityPipe commonServerSecurityPipe, PipeCloner pipeCloner) {
        super(commonServerSecurityPipe, pipeCloner);
        this.helper = commonServerSecurityPipe.helper;
        this.isHttpBinding = commonServerSecurityPipe.isHttpBinding;
    }

    public void preDestroy() {
        this.helper.disable();
        try {
            PacketMapMessageInfo packetMapMessageInfo = new PacketMapMessageInfo(new Packet(), new Packet());
            Subject subject = new Subject();
            ServerAuthContext serverAuthContext = this.helper.getServerAuthContext(packetMapMessageInfo, subject);
            if (serverAuthContext != null && WSIT_SERVER_AUTH_CONTEXT.equals(serverAuthContext.getClass().getName())) {
                serverAuthContext.cleanSubject(packetMapMessageInfo, subject);
            }
        } catch (Exception e) {
        }
        this.next.preDestroy();
    }

    public Pipe copy(PipeCloner pipeCloner) {
        return new CommonServerSecurityPipe(this, pipeCloner);
    }

    public Packet process(Packet packet) {
        Packet makeFaultResponse;
        if (this.isHttpBinding) {
            return this.next.process(packet);
        }
        try {
            makeFaultResponse = processRequest(packet);
        } catch (Exception e) {
            if (_logger.isLoggable(Level.FINE)) {
                _logger.log(Level.FINE, "Failure in security pipe process", (Throwable) e);
            }
            makeFaultResponse = this.helper.makeFaultResponse(null, e);
        }
        return makeFaultResponse;
    }

    private Packet processRequest(Packet packet) throws Exception {
        final Packet requestPacket;
        AuthStatus authStatus = AuthStatus.SUCCESS;
        PacketMapMessageInfo packetMapMessageInfo = new PacketMapMessageInfo(packet, new Packet());
        Subject subject = (Subject) packet.invocationProperties.get(PipeConstants.SERVER_SUBJECT);
        ServerAuthContext serverAuthContext = this.helper.getServerAuthContext(packetMapMessageInfo, subject);
        Subject clientSubject = getClientSubject(packet);
        if (serverAuthContext != null) {
            try {
                try {
                    authStatus = serverAuthContext.validateRequest(packetMapMessageInfo, clientSubject, subject);
                } catch (Exception e) {
                    _logger.log(Level.SEVERE, "ws.error_validate_request", (Throwable) e);
                    Throwable webServiceException = new WebServiceException(localStrings.getLocalString("enterprise.webservice.cantValidateRequest", "Cannot validate request for {0}", new Object[]{this.helper.getModelName()}), e);
                    authStatus = AuthStatus.SEND_FAILURE;
                    Packet faultResponse = this.helper.getFaultResponse(packetMapMessageInfo.getRequestPacket(), packetMapMessageInfo.getResponsePacket(), webServiceException);
                    this.helper.auditInvocation(packetMapMessageInfo.getRequestPacket(), authStatus);
                    return faultResponse;
                }
            } finally {
                this.helper.auditInvocation(packetMapMessageInfo.getRequestPacket(), authStatus);
            }
        }
        Packet packet2 = null;
        if (authStatus == AuthStatus.SUCCESS) {
            boolean z = false;
            try {
                this.helper.authorize(requestPacket);
                z = true;
            } catch (Exception e2) {
                packet2 = this.helper.getFaultResponse(requestPacket, packetMapMessageInfo.getResponsePacket(), e2);
            }
            if (z) {
                if (System.getSecurityManager() == null) {
                    try {
                        packet2 = this.next.process(requestPacket);
                    } catch (Exception e3) {
                        _logger.log(Level.SEVERE, "ws.error_next_pipe", (Throwable) e3);
                        packet2 = this.helper.getFaultResponse(requestPacket, packetMapMessageInfo.getResponsePacket(), e3);
                    }
                } else {
                    try {
                        packet2 = (Packet) Subject.doAsPrivileged(clientSubject, new PrivilegedExceptionAction() { // from class: com.sun.enterprise.security.webservices.CommonServerSecurityPipe.1
                            @Override // java.security.PrivilegedExceptionAction
                            public Object run() throws Exception {
                                return CommonServerSecurityPipe.this.next.process(requestPacket);
                            }
                        }, (AccessControlContext) null);
                    } catch (PrivilegedActionException e4) {
                        Throwable cause = e4.getCause();
                        _logger.log(Level.SEVERE, "ws.error_next_pipe", cause);
                        packet2 = this.helper.getFaultResponse(requestPacket, packetMapMessageInfo.getResponsePacket(), cause);
                    }
                }
            }
            if (packet2 == null) {
                Throwable webServiceException2 = new WebServiceException(localStrings.getLocalString("enterprise.webservice.nullResponsePacket", "Invocation of Service {0} returned null response packet", new Object[]{this.helper.getModelName()}));
                packet2 = this.helper.getFaultResponse(requestPacket, packetMapMessageInfo.getResponsePacket(), webServiceException2);
                _logger.log(Level.SEVERE, "", webServiceException2);
            }
            if (serverAuthContext != null && packet2.getMessage() != null) {
                packetMapMessageInfo.setResponsePacket(packet2);
                packet2 = processResponse(packetMapMessageInfo, serverAuthContext, subject);
            }
        } else {
            if (_logger.isLoggable(Level.FINE)) {
                _logger.log(Level.FINE, "ws.status_validate_request", authStatus);
            }
            packet2 = packetMapMessageInfo.getResponsePacket();
        }
        return packet2;
    }

    private Packet processResponse(PacketMessageInfo packetMessageInfo, ServerAuthContext serverAuthContext, Subject subject) throws Exception {
        try {
            AuthStatus secureResponse = serverAuthContext.secureResponse(packetMessageInfo, subject);
            if (_logger.isLoggable(Level.FINE)) {
                _logger.log(Level.FINE, "ws.status_secure_response", secureResponse);
            }
            return packetMessageInfo.getResponsePacket();
        } catch (Exception e) {
            if (!(e instanceof AuthException)) {
                _logger.log(Level.SEVERE, "ws.error_secure_response", (Throwable) e);
            } else if (_logger.isLoggable(Level.INFO)) {
                _logger.log(Level.INFO, "ws.error_secure_response", (Throwable) e);
            }
            return this.helper.makeFaultResponse(packetMessageInfo.getResponsePacket(), e);
        }
    }

    private static Subject getClientSubject(Packet packet) {
        Subject subject = null;
        if (packet != null) {
            subject = (Subject) packet.invocationProperties.get(PipeConstants.CLIENT_SUBJECT);
        }
        if (subject == null) {
            subject = PipeHelper.getClientSubject();
            if (packet != null) {
                packet.invocationProperties.put(PipeConstants.CLIENT_SUBJECT, subject);
            }
        }
        return subject;
    }
}
