package org.apache.cxf.ws.security.policy.interceptors;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import org.apache.cxf.endpoint.Endpoint;
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.Message;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.phase.Phase;
import org.apache.cxf.service.model.EndpointInfo;
import org.apache.cxf.ws.policy.AbstractPolicyInterceptorProvider;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.cxf.ws.security.kerberos.KerberosClient;
import org.apache.cxf.ws.security.kerberos.KerberosUtils;
import org.apache.cxf.ws.security.policy.SP11Constants;
import org.apache.cxf.ws.security.policy.SP12Constants;
import org.apache.cxf.ws.security.tokenstore.MemoryTokenStore;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.cxf.ws.security.tokenstore.TokenStore;
import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor;
import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor;
import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor;
import org.apache.cxf.ws.security.wss4j.policyvalidators.KerberosTokenPolicyValidator;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.handler.WSHandlerConstants;
import org.apache.ws.security.handler.WSHandlerResult;
import org.apache.ws.security.message.token.BinarySecurity;
import org.apache.ws.security.message.token.KerberosSecurity;

/* loaded from: input_file:org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.class */
public class KerberosTokenInterceptorProvider extends AbstractPolicyInterceptorProvider {

    /* loaded from: input_file:org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider$KerberosTokenInInterceptor.class */
    static class KerberosTokenInInterceptor extends AbstractPhaseInterceptor<Message> {
        public KerberosTokenInInterceptor() {
            super(Phase.PRE_PROTOCOL);
            addAfter(WSS4JInInterceptor.class.getName());
            addAfter(PolicyBasedWSS4JInInterceptor.class.getName());
        }

        @Override // org.apache.cxf.interceptor.Interceptor
        public void handleMessage(Message message) throws Fault {
            Collection<AssertionInfo> collection;
            AssertionInfoMap assertionInfoMap = (AssertionInfoMap) message.get(AssertionInfoMap.class);
            if (assertionInfoMap == null || (collection = assertionInfoMap.get(SP12Constants.KERBEROS_TOKEN)) == null) {
                return;
            }
            if (isRequestor(message)) {
                Iterator<AssertionInfo> it = collection.iterator();
                while (it.hasNext()) {
                    it.next().setAsserted(true);
                }
            } else {
                List cast = CastUtils.cast((List<?>) message.get(WSHandlerConstants.RECV_RESULTS));
                if (cast == null || cast.size() <= 0) {
                    return;
                }
                parseHandlerResults((WSHandlerResult) cast.get(0), message, assertionInfoMap);
            }
        }

        private void parseHandlerResults(WSHandlerResult wSHandlerResult, Message message, AssertionInfoMap assertionInfoMap) {
            for (WSSecurityEngineResult wSSecurityEngineResult : findKerberosResults(wSHandlerResult.getResults())) {
                KerberosSecurity kerberosSecurity = (KerberosSecurity) wSSecurityEngineResult.get("binary-security-token");
                if (new KerberosTokenPolicyValidator(message).validatePolicy(assertionInfoMap, kerberosSecurity)) {
                    SecurityToken createSecurityToken = KerberosTokenInterceptorProvider.createSecurityToken(kerberosSecurity);
                    createSecurityToken.setSecret((byte[]) wSSecurityEngineResult.get("secret"));
                    message.getExchange().put(SecurityConstants.TOKEN, createSecurityToken);
                    return;
                }
            }
        }

        private List<WSSecurityEngineResult> findKerberosResults(List<WSSecurityEngineResult> list) {
            ArrayList arrayList = new ArrayList();
            for (WSSecurityEngineResult wSSecurityEngineResult : list) {
                if (((Integer) wSSecurityEngineResult.get("action")).intValue() == 4096 && (((BinarySecurity) wSSecurityEngineResult.get("binary-security-token")) instanceof KerberosSecurity)) {
                    arrayList.add(wSSecurityEngineResult);
                }
            }
            return arrayList;
        }
    }

    /* loaded from: input_file:org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider$KerberosTokenOutInterceptor.class */
    static class KerberosTokenOutInterceptor extends AbstractPhaseInterceptor<Message> {
        public KerberosTokenOutInterceptor() {
            super(Phase.PREPARE_SEND);
        }

        @Override // org.apache.cxf.interceptor.Interceptor
        public void handleMessage(Message message) throws Fault {
            Collection<AssertionInfo> collection;
            String str;
            AssertionInfoMap assertionInfoMap = (AssertionInfoMap) message.get(AssertionInfoMap.class);
            if (assertionInfoMap == null || (collection = assertionInfoMap.get(SP12Constants.KERBEROS_TOKEN)) == null || collection.isEmpty()) {
                return;
            }
            if (!isRequestor(message)) {
                Iterator<AssertionInfo> it = collection.iterator();
                while (it.hasNext()) {
                    it.next().setAsserted(true);
                }
                return;
            }
            SecurityToken securityToken = (SecurityToken) message.getContextualProperty(SecurityConstants.TOKEN);
            if (securityToken == null && (str = (String) message.getContextualProperty(SecurityConstants.TOKEN_ID)) != null) {
                securityToken = KerberosTokenInterceptorProvider.getTokenStore(message).getToken(str);
            }
            if (securityToken == null) {
                try {
                    KerberosClient client = KerberosUtils.getClient(message, "kerberos");
                    synchronized (client) {
                        securityToken = client.requestSecurityToken();
                    }
                } catch (RuntimeException e) {
                    throw e;
                } catch (Exception e2) {
                    throw new Fault(e2);
                }
            }
            if (securityToken != null) {
                Iterator<AssertionInfo> it2 = collection.iterator();
                while (it2.hasNext()) {
                    it2.next().setAsserted(true);
                }
                ((Endpoint) message.getExchange().get(Endpoint.class)).put(SecurityConstants.TOKEN_ID, securityToken.getId());
                message.getExchange().put(SecurityConstants.TOKEN_ID, securityToken.getId());
                KerberosTokenInterceptorProvider.getTokenStore(message).add(securityToken);
            }
        }
    }

    public KerberosTokenInterceptorProvider() {
        super(Arrays.asList(SP11Constants.KERBEROS_TOKEN, SP12Constants.KERBEROS_TOKEN));
        getOutInterceptors().add(PolicyBasedWSS4JOutInterceptor.INSTANCE);
        getOutFaultInterceptors().add(PolicyBasedWSS4JOutInterceptor.INSTANCE);
        getInInterceptors().add(PolicyBasedWSS4JInInterceptor.INSTANCE);
        getInFaultInterceptors().add(PolicyBasedWSS4JInInterceptor.INSTANCE);
        getOutInterceptors().add(new KerberosTokenOutInterceptor());
        getOutFaultInterceptors().add(new KerberosTokenOutInterceptor());
        getInInterceptors().add(new KerberosTokenInInterceptor());
        getInFaultInterceptors().add(new KerberosTokenInInterceptor());
    }

    static final TokenStore getTokenStore(Message message) {
        TokenStore tokenStore;
        EndpointInfo endpointInfo = ((Endpoint) message.getExchange().get(Endpoint.class)).getEndpointInfo();
        synchronized (endpointInfo) {
            TokenStore tokenStore2 = (TokenStore) message.getContextualProperty(TokenStore.class.getName());
            if (tokenStore2 == null) {
                tokenStore2 = (TokenStore) endpointInfo.getProperty(TokenStore.class.getName());
            }
            if (tokenStore2 == null) {
                tokenStore2 = new MemoryTokenStore();
                endpointInfo.setProperty(TokenStore.class.getName(), tokenStore2);
            }
            tokenStore = tokenStore2;
        }
        return tokenStore;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static SecurityToken createSecurityToken(KerberosSecurity kerberosSecurity) {
        SecurityToken securityToken = new SecurityToken(kerberosSecurity.getID());
        securityToken.setToken(kerberosSecurity.getElement());
        securityToken.setTokenType(kerberosSecurity.getValueType());
        return securityToken;
    }
}
