package org.apache.rampart.handler;

import java.util.Iterator;
import java.util.List;
import java.util.Vector;
import org.apache.axiom.om.OMException;
import org.apache.axiom.soap.SOAPHeader;
import org.apache.axiom.soap.SOAPHeaderBlock;
import org.apache.axis2.AxisFault;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.description.HandlerDescription;
import org.apache.axis2.description.Parameter;
import org.apache.axis2.engine.Handler;
import org.apache.neethi.Assertion;
import org.apache.neethi.Policy;
import org.apache.neethi.PolicyEngine;
import org.apache.rampart.RampartMessageData;
import org.apache.rampart.policy.RampartPolicyData;
import org.apache.rampart.util.RampartUtil;
import org.apache.ws.secpolicy.model.Binding;
import org.apache.ws.secpolicy.model.SupportingToken;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.handler.WSHandlerConstants;

/* loaded from: input_file:WEB-INF/lib/rampart-core-1.6.1-wso2v1.jar:org/apache/rampart/handler/PostDispatchVerificationHandler.class */
public class PostDispatchVerificationHandler implements Handler {
    private HandlerDescription handlerDesc;

    @Override // org.apache.axis2.engine.Handler
    public void cleanup() {
    }

    @Override // org.apache.axis2.engine.Handler
    public void flowComplete(MessageContext messageContext) {
    }

    @Override // org.apache.axis2.engine.Handler
    public HandlerDescription getHandlerDesc() {
        return this.handlerDesc;
    }

    @Override // org.apache.axis2.engine.Handler
    public String getName() {
        return "Post dispatch security verification handler";
    }

    @Override // org.apache.axis2.engine.Handler
    public Parameter getParameter(String str) {
        return this.handlerDesc.getParameter(str);
    }

    @Override // org.apache.axis2.engine.Handler
    public void init(HandlerDescription handlerDescription) {
        this.handlerDesc = handlerDescription;
    }

    @Override // org.apache.axis2.engine.Handler
    public Handler.InvocationResponse invoke(MessageContext messageContext) throws AxisFault {
        Parameter parameter;
        if (!messageContext.isEngaged("rampart")) {
            return Handler.InvocationResponse.CONTINUE;
        }
        Policy effectivePolicy = messageContext.getEffectivePolicy();
        if (messageContext.getProperty("rampartPolicy") != null) {
            effectivePolicy = (Policy) messageContext.getProperty("rampartPolicy");
        }
        if (effectivePolicy == null) {
            effectivePolicy = messageContext.getEffectivePolicy();
        }
        if (effectivePolicy == null && (parameter = messageContext.getParameter("rampartPolicy")) != null) {
            effectivePolicy = PolicyEngine.getPolicy(parameter.getParameterElement().getFirstElement());
        }
        if (effectivePolicy == null) {
            return Handler.InvocationResponse.CONTINUE;
        }
        Iterator alternatives = effectivePolicy.getAlternatives();
        boolean z = false;
        if (alternatives.hasNext()) {
            Iterator it = ((List) alternatives.next()).iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Assertion assertion = (Assertion) it.next();
                if (assertion instanceof Binding) {
                    z = true;
                    break;
                }
                if (assertion instanceof SupportingToken) {
                    z = true;
                    break;
                }
            }
        }
        if (z) {
            RampartPolicyData rampartPolicyData = (RampartPolicyData) messageContext.getProperty(RampartMessageData.RAMPART_POLICY_DATA);
            if (rampartPolicyData == null) {
                throw new AxisFault("InvalidSecurity");
            }
            boolean z2 = false;
            if (messageContext.getAxisService().getParameter(RampartMessageData.PARAM_CLIENT_SIDE) != null) {
                z2 = true;
            }
            if (RampartUtil.isSecHeaderRequired(rampartPolicyData, z2, true) && messageContext.getProperty(WSHandlerConstants.RECV_RESULTS) == null) {
                throw new AxisFault("InvalidSecurity");
            }
        }
        if (messageContext.getParameter(WSSHandlerConstants.INFLOW_SECURITY) != null || messageContext.getProperty(WSSHandlerConstants.INFLOW_SECURITY) != null) {
            if (messageContext.getProperty(WSHandlerConstants.RECV_RESULTS) == null) {
                throw new AxisFault("InvalidSecurity");
            }
            if (((Vector) messageContext.getProperty(WSHandlerConstants.RECV_RESULTS)).size() == 0) {
                throw new AxisFault("InvalidSecurity");
            }
        }
        SOAPHeaderBlock securityHeader = getSecurityHeader(messageContext);
        if (securityHeader == null || securityHeader.isProcessed()) {
            return Handler.InvocationResponse.CONTINUE;
        }
        throw new AxisFault("InvalidSecurity - Security policy not found");
    }

    private SOAPHeaderBlock getSecurityHeader(MessageContext messageContext) throws AxisFault {
        try {
            SOAPHeader header = messageContext.getEnvelope().getHeader();
            if (header == null) {
                return null;
            }
            Iterator childElements = header.getChildElements();
            SOAPHeaderBlock sOAPHeaderBlock = null;
            while (true) {
                if (!childElements.hasNext()) {
                    break;
                }
                SOAPHeaderBlock sOAPHeaderBlock2 = (SOAPHeaderBlock) childElements.next();
                if (sOAPHeaderBlock2.getLocalName().equals(WSConstants.WSSE_LN) && sOAPHeaderBlock2.getNamespace().getNamespaceURI().equals("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd")) {
                    sOAPHeaderBlock = sOAPHeaderBlock2;
                    break;
                }
            }
            return sOAPHeaderBlock;
        } catch (OMException e) {
            throw new AxisFault("PostDispatchVerificationHandler: cannot get SOAP header after security processing", e);
        }
    }
}
