package org.apache.rampart.handler;

import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.Vector;
import javax.security.auth.callback.CallbackHandler;
import javax.xml.namespace.QName;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMException;
import org.apache.axiom.soap.SOAPHeader;
import org.apache.axiom.soap.SOAPHeaderBlock;
import org.apache.axis2.AxisFault;
import org.apache.axis2.context.MessageContext;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.rampart.RampartConstants;
import org.apache.rampart.util.Axis2Util;
import org.apache.rampart.util.HandlerParameterDecoder;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.handler.WSHandlerConstants;
import org.apache.ws.security.handler.WSHandlerResult;
import org.apache.ws.security.message.token.Timestamp;
import org.apache.ws.security.util.WSSecurityUtil;
import org.w3c.dom.Document;

/* loaded from: input_file:WEB-INF/lib/rampart-core-1.6.1-wso2v42.jar:org/apache/rampart/handler/WSDoAllReceiver.class */
public class WSDoAllReceiver extends WSDoAllHandler {
    private static final Log log = LogFactory.getLog(WSDoAllReceiver.class);
    private static final Log mlog = LogFactory.getLog(RampartConstants.MESSAGE_LOG);

    public WSDoAllReceiver() {
        this.inHandler = true;
    }

    @Override // org.apache.rampart.handler.WSDoAllHandler
    public void processMessage(MessageContext messageContext) throws AxisFault {
        if (mlog.isDebugEnabled()) {
            mlog.debug("*********************** WSDoAllReceiver recieved \n" + messageContext.getEnvelope());
        }
        boolean isDebugEnabled = log.isDebugEnabled();
        if (isDebugEnabled) {
            log.debug("WSDoAllReceiver: enter invoke() ");
        }
        String str = (String) getProperty(messageContext, WSSHandlerConstants.USE_DOOM);
        boolean z = str != null && "true".equalsIgnoreCase(str);
        RequestData requestData = new RequestData();
        try {
            try {
                processBasic(messageContext, z, requestData);
                if (requestData != null) {
                    requestData.clear();
                }
                if (isDebugEnabled) {
                    log.debug("WSDoAllReceiver: exit invoke()");
                }
            } catch (Exception e) {
                setAddressingInformationOnFault(messageContext);
                throw new AxisFault(e.getMessage(), e);
            } catch (AxisFault e2) {
                setAddressingInformationOnFault(messageContext);
                throw e2;
            }
        } catch (Throwable th) {
            if (requestData != null) {
                requestData.clear();
            }
            if (isDebugEnabled) {
                log.debug("WSDoAllReceiver: exit invoke()");
            }
            throw th;
        }
    }

    private void processBasic(MessageContext messageContext, boolean z, RequestData requestData) throws Exception {
        Timestamp timestamp;
        X509Certificate certificate;
        try {
            HandlerParameterDecoder.processParameters(messageContext, true);
            requestData.setMsgContext(messageContext);
            if (getOption(WSSHandlerConstants.INFLOW_SECURITY) == null && getProperty(messageContext, WSSHandlerConstants.INFLOW_SECURITY) == null) {
                if (messageContext.isServerSide() && getOption(WSSHandlerConstants.INFLOW_SECURITY_SERVER) == null && getProperty(messageContext, WSSHandlerConstants.INFLOW_SECURITY_SERVER) == null) {
                    return;
                }
                if (getOption(WSSHandlerConstants.INFLOW_SECURITY_CLIENT) == null && getProperty(messageContext, WSSHandlerConstants.INFLOW_SECURITY_CLIENT) == null) {
                    return;
                }
            }
            Vector vector = new Vector();
            String str = (String) getOption(WSSHandlerConstants.ACTION_ITEMS);
            String str2 = str;
            if (str == null) {
                str2 = (String) getProperty(messageContext, WSSHandlerConstants.ACTION_ITEMS);
            }
            if (str2 == null) {
                throw new AxisFault("WSDoAllReceiver: No action items defined");
            }
            int decodeAction = WSSecurityUtil.decodeAction(str2, vector);
            if (decodeAction == 0) {
                return;
            }
            String str3 = (String) getOption("actor");
            try {
                Document documentFromSOAPEnvelope = Axis2Util.getDocumentFromSOAPEnvelope(messageContext.getEnvelope(), z);
                if (WSSecurityUtil.findElement(documentFromSOAPEnvelope.getDocumentElement(), "Fault", WSSecurityUtil.getSOAPConstants(documentFromSOAPEnvelope.getDocumentElement()).getEnvelopeURI()) != null) {
                    return;
                }
                CallbackHandler callbackHandler = null;
                if ((decodeAction & 5) != 0) {
                    callbackHandler = getPasswordCB(requestData);
                }
                String str4 = (String) getOption(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION);
                String str5 = str4;
                if (str4 == null) {
                    str5 = (String) getProperty(messageContext, WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION);
                }
                if (!messageContext.isServerSide() && !"false".equalsIgnoreCase(str5)) {
                    MessageContext messageContext2 = messageContext.getOperationContext().getMessageContext("Out");
                    if (messageContext2 == null) {
                        throw new WSSecurityException("Cannot obtain request message context");
                    }
                    messageContext.setProperty(WSHandlerConstants.SEND_SIGV, messageContext2.getProperty(WSHandlerConstants.SEND_SIGV));
                }
                doReceiverAction(decodeAction, requestData);
                try {
                    Vector processSecurityHeader = secEngine.processSecurityHeader(documentFromSOAPEnvelope, str3, callbackHandler, requestData.getSigCrypto(), requestData.getDecCrypto());
                    if (processSecurityHeader == null) {
                        if (decodeAction != 0) {
                            throw new AxisFault("WSDoAllReceiver: Incoming message does not contain required Security header");
                        }
                        return;
                    }
                    if (requestData.getWssConfig().isEnableSignatureConfirmation() && !messageContext.isServerSide()) {
                        checkSignatureConfirmation(requestData, processSecurityHeader);
                    }
                    messageContext.setEnvelope(Axis2Util.getSOAPEnvelopeFromDOMDocument(documentFromSOAPEnvelope, z));
                    try {
                        Iterator examineHeaderBlocks = messageContext.getEnvelope().getHeader().examineHeaderBlocks(str3);
                        SOAPHeaderBlock sOAPHeaderBlock = null;
                        while (true) {
                            if (!examineHeaderBlocks.hasNext()) {
                                break;
                            }
                            SOAPHeaderBlock sOAPHeaderBlock2 = (SOAPHeaderBlock) examineHeaderBlocks.next();
                            if (sOAPHeaderBlock2.getLocalName().equals("Security") && sOAPHeaderBlock2.getNamespace().getNamespaceURI().equals("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd")) {
                                sOAPHeaderBlock = sOAPHeaderBlock2;
                                break;
                            }
                        }
                        if (sOAPHeaderBlock != null) {
                            sOAPHeaderBlock.setProcessed();
                        }
                        WSSecurityEngineResult fetchActionResult = WSSecurityUtil.fetchActionResult(processSecurityHeader, 2);
                        if (fetchActionResult != null && (certificate = fetchActionResult.getCertificate()) != null && !verifyTrust(certificate, requestData)) {
                            throw new AxisFault("WSDoAllReceiver: The certificate used for the signature is not trusted");
                        }
                        WSSecurityEngineResult fetchActionResult2 = WSSecurityUtil.fetchActionResult(processSecurityHeader, 32);
                        if (fetchActionResult2 != null && (timestamp = fetchActionResult2.getTimestamp()) != null) {
                            String str6 = (String) getOption(WSHandlerConstants.TTL_TIMESTAMP);
                            String str7 = str6;
                            if (str6 == null) {
                                str7 = (String) getProperty(messageContext, WSHandlerConstants.TTL_TIMESTAMP);
                            }
                            int i = 0;
                            if (str7 != null) {
                                try {
                                    i = Integer.parseInt(str7);
                                } catch (NumberFormatException e) {
                                    i = requestData.getTimeToLive();
                                }
                            }
                            if (i <= 0) {
                                i = requestData.getTimeToLive();
                            }
                            if (!verifyTimestamp(timestamp, i)) {
                                throw new AxisFault("WSDoAllReceiver: The timestamp could not be validated");
                            }
                        }
                        if (!checkReceiverResults(processSecurityHeader, vector)) {
                            throw new AxisFault("WSDoAllReceiver: security processing failed (actions mismatch)");
                        }
                        Vector vector2 = (Vector) getProperty(messageContext, WSHandlerConstants.RECV_RESULTS);
                        Vector vector3 = vector2;
                        if (vector2 == null) {
                            vector3 = new Vector();
                            messageContext.setProperty(WSHandlerConstants.RECV_RESULTS, vector3);
                        }
                        vector3.add(0, new WSHandlerResult(str3, processSecurityHeader));
                    } catch (OMException e2) {
                        throw new AxisFault("WSDoAllReceiver: cannot get SOAP header after security processing", e2);
                    }
                } catch (WSSecurityException e3) {
                    throw new AxisFault("WSDoAllReceiver: security processing failed", (Throwable) e3);
                }
            } catch (WSSecurityException e4) {
                throw new AxisFault("WSDoAllReceiver: Error in converting to Document", (Throwable) e4);
            }
        } catch (Exception e5) {
            throw new AxisFault("Configuration error", e5);
        }
    }

    private void setAddressingInformationOnFault(MessageContext messageContext) {
        SOAPHeader header = messageContext.getEnvelope().getHeader();
        if (header != null) {
            OMElement firstChildWithName = header.getFirstChildWithName(new QName("http://www.w3.org/2005/08/addressing", "MessageID"));
            if (firstChildWithName == null) {
                firstChildWithName = header.getFirstChildWithName(new QName("http://schemas.xmlsoap.org/ws/2004/08/addressing", "MessageID"));
            }
            if (firstChildWithName == null || firstChildWithName.getText() == null) {
                return;
            }
            messageContext.getOptions().setMessageId(firstChildWithName.getText());
        }
    }
}
