package com.sun.enterprise.security.webservices;

import com.sun.enterprise.security.jmac.provider.PacketMapMessageInfo;
import com.sun.enterprise.security.jmac.provider.PacketMessageInfo;
import com.sun.enterprise.security.jmac.provider.config.PipeHelper;
import com.sun.enterprise.util.LocalStringManagerImpl;
import com.sun.xml.ws.api.message.Packet;
import com.sun.xml.ws.api.model.wsdl.WSDLPort;
import com.sun.xml.ws.api.pipe.Pipe;
import com.sun.xml.ws.api.pipe.PipeCloner;
import com.sun.xml.ws.api.pipe.helper.AbstractFilterPipeImpl;
import com.sun.xml.ws.security.secconv.SecureConversationInitiator;
import com.sun.xml.ws.security.secconv.WSSecureConversationException;
import java.util.HashMap;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import javax.security.auth.message.AuthStatus;
import javax.security.auth.message.config.ClientAuthContext;
import javax.xml.bind.JAXBElement;
import javax.xml.ws.WebServiceException;

/* loaded from: input_file:com/sun/enterprise/security/webservices/ClientSecurityPipe.class */
public class ClientSecurityPipe extends AbstractFilterPipeImpl implements SecureConversationInitiator {
    protected PipeHelper helper;
    protected static final Logger _logger = LogUtils.getLogger();
    protected static final LocalStringManagerImpl localStrings = new LocalStringManagerImpl(ClientSecurityPipe.class);
    private static final String WSIT_CLIENT_AUTH_CONTEXT = "com.sun.xml.wss.provider.wsit.WSITClientAuthContext";

    public ClientSecurityPipe(Map map, Pipe pipe) {
        super(pipe);
        map.put("SECURITY_PIPE", this);
        WSDLPort wSDLPort = (WSDLPort) map.get("WSDL_MODEL");
        if (wSDLPort != null) {
            map.put("WSDL_SERVICE", wSDLPort.getOwner().getName());
        }
        this.helper = new PipeHelper("SOAP", map, null);
    }

    protected ClientSecurityPipe(ClientSecurityPipe clientSecurityPipe, PipeCloner pipeCloner) {
        super(clientSecurityPipe, pipeCloner);
        this.helper = clientSecurityPipe.helper;
    }

    @Override // com.sun.xml.ws.api.pipe.helper.AbstractFilterPipeImpl, com.sun.xml.ws.api.pipe.helper.AbstractPipeImpl, com.sun.xml.ws.api.pipe.Pipe
    public void preDestroy() {
        try {
            Packet packet = new Packet();
            PacketMapMessageInfo packetMapMessageInfo = new PacketMapMessageInfo(packet, new Packet());
            Subject clientSubject = getClientSubject(packet);
            ClientAuthContext clientAuthContext = this.helper.getClientAuthContext(packetMapMessageInfo, clientSubject);
            if (clientAuthContext != null && WSIT_CLIENT_AUTH_CONTEXT.equals(clientAuthContext.getClass().getName())) {
                clientAuthContext.cleanSubject(packetMapMessageInfo, clientSubject);
            }
        } catch (Exception e) {
        }
        this.helper.disable();
    }

    @Override // com.sun.xml.ws.api.pipe.Pipe
    public final Pipe copy(PipeCloner pipeCloner) {
        return new ClientSecurityPipe(this, pipeCloner);
    }

    public PipeHelper getPipeHelper() {
        return this.helper;
    }

    @Override // com.sun.xml.ws.api.pipe.helper.AbstractFilterPipeImpl, com.sun.xml.ws.api.pipe.Pipe
    public Packet process(Packet packet) {
        Packet processSecureRequest;
        PacketMapMessageInfo packetMapMessageInfo = new PacketMapMessageInfo(packet, new Packet());
        packetMapMessageInfo.getMap().put("javax.xml.ws.wsdl.service", this.helper.getProperty("WSDL_SERVICE"));
        AuthStatus authStatus = AuthStatus.SEND_SUCCESS;
        Subject clientSubject = getClientSubject(packet);
        try {
            ClientAuthContext clientAuthContext = this.helper.getClientAuthContext(packetMapMessageInfo, clientSubject);
            if (clientAuthContext != null) {
                authStatus = clientAuthContext.secureRequest(packetMapMessageInfo, clientSubject);
            }
            if (authStatus == AuthStatus.FAILURE) {
                if (_logger.isLoggable(Level.FINE)) {
                    _logger.log(Level.FINE, "ws.status_secure_request", authStatus);
                }
                processSecureRequest = packetMapMessageInfo.getResponsePacket();
            } else {
                processSecureRequest = processSecureRequest(packetMapMessageInfo, clientAuthContext, clientSubject);
            }
            return processSecureRequest;
        } catch (Exception e) {
            _logger.log(Level.SEVERE, LogUtils.ERROR_REQUEST_SECURING, (Throwable) e);
            throw new WebServiceException(localStrings.getLocalString("enterprise.webservice.cantSecureRequst", "Cannot secure request for {0}", this.helper.getModelName()), e);
        }
    }

    private Packet processSecureRequest(PacketMessageInfo packetMessageInfo, ClientAuthContext clientAuthContext, Subject subject) throws WebServiceException {
        Packet process = this.next.process(packetMessageInfo.getRequestPacket());
        if (process.getMessage() != null && clientAuthContext != null) {
            packetMessageInfo.setResponsePacket(process);
            try {
                process = clientAuthContext.validateResponse(packetMessageInfo, subject, null) == AuthStatus.SEND_CONTINUE ? processSecureRequest(packetMessageInfo, clientAuthContext, subject) : packetMessageInfo.getResponsePacket();
            } catch (Exception e) {
                throw new WebServiceException(localStrings.getLocalString("enterprise.webservice.cantValidateResponse", "Cannot validate response for {0}", this.helper.getModelName()), e);
            }
        }
        return process;
    }

    private static Subject getClientSubject(Packet packet) {
        Subject subject = null;
        if (packet != null) {
            subject = (Subject) packet.invocationProperties.get("CLIENT_SUBJECT");
        }
        if (subject == null) {
            subject = PipeHelper.getClientSubject();
            if (packet != null) {
                packet.invocationProperties.put("CLIENT_SUBJECT", subject);
            }
        }
        return subject;
    }

    @Override // com.sun.xml.ws.security.secconv.SecureConversationInitiator
    public JAXBElement startSecureConversation(Packet packet) throws WSSecureConversationException {
        PacketMapMessageInfo packetMapMessageInfo = new PacketMapMessageInfo(packet, new Packet());
        JAXBElement jAXBElement = null;
        try {
            Subject clientSubject = getClientSubject(packet);
            HashMap hashMap = new HashMap();
            hashMap.put("SECURITY_TOKEN", packetMapMessageInfo);
            this.helper.getSessionToken(hashMap, packetMapMessageInfo, clientSubject);
            Object obj = packetMapMessageInfo.getMap().get("SECURITY_TOKEN");
            if (obj != null && (obj instanceof JAXBElement)) {
                jAXBElement = (JAXBElement) obj;
            }
            return jAXBElement;
        } catch (Exception e) {
            if (e instanceof WSSecureConversationException) {
                throw ((WSSecureConversationException) e);
            }
            throw new WSSecureConversationException("Secure Conversation failure: ", e);
        }
    }
}
