package org.apache.cxf.ws.security.wss4j;

import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.logging.Logger;
import javax.xml.namespace.QName;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.binding.soap.interceptor.SoapActionInInterceptor;
import org.apache.cxf.binding.soap.model.SoapBindingInfo;
import org.apache.cxf.binding.soap.model.SoapOperationInfo;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.Attachment;
import org.apache.cxf.message.Message;
import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.rt.security.utils.SecurityUtils;
import org.apache.cxf.service.model.BindingInfo;
import org.apache.cxf.service.model.BindingOperationInfo;
import org.apache.cxf.service.model.EndpointInfo;
import org.apache.cxf.service.model.MessageInfo;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.policy.EffectivePolicy;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.cxf.ws.security.policy.PolicyUtils;
import org.apache.wss4j.common.WSSPolicyException;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.policy.SP12Constants;
import org.apache.wss4j.policy.SPConstants;
import org.apache.wss4j.policy.model.AlgorithmSuite;
import org.apache.wss4j.policy.stax.OperationPolicy;
import org.apache.wss4j.policy.stax.enforcer.PolicyEnforcer;
import org.apache.wss4j.policy.stax.enforcer.PolicyInputProcessor;
import org.apache.wss4j.stax.ext.WSSSecurityProperties;
import org.apache.wss4j.stax.impl.securityToken.HttpsSecurityTokenImpl;
import org.apache.wss4j.stax.securityEvent.HttpsTokenSecurityEvent;
import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.securityEvent.SecurityEvent;
import org.apache.xml.security.stax.securityEvent.SecurityEventListener;

/* loaded from: input_file:WEB-INF/lib/cxf-rt-ws-security-3.3.6.jar:org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.class */
public class PolicyBasedWSS4JStaxInInterceptor extends WSS4JStaxInInterceptor {
    private static final Logger LOG = LogUtils.getL7dLogger(PolicyBasedWSS4JStaxInInterceptor.class);

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.apache.cxf.ws.security.wss4j.WSS4JStaxInInterceptor, org.apache.cxf.interceptor.Interceptor
    public void handleMessage(SoapMessage soapMessage) throws Fault {
        AssertionInfoMap assertionInfoMap = (AssertionInfoMap) soapMessage.get(AssertionInfoMap.class);
        boolean contextualBoolean = MessageUtils.getContextualBoolean(soapMessage, SecurityConstants.ENABLE_STREAMING_SECURITY);
        if (assertionInfoMap == null || !contextualBoolean) {
            return;
        }
        super.handleMessage(soapMessage);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.cxf.ws.security.wss4j.AbstractWSS4JStaxInterceptor
    public WSSSecurityProperties createSecurityProperties() {
        WSSSecurityProperties wSSSecurityProperties = new WSSSecurityProperties();
        wSSSecurityProperties.setSkipDocumentEvents(true);
        return wSSSecurityProperties;
    }

    private void checkAsymmetricBinding(AssertionInfoMap assertionInfoMap, SoapMessage soapMessage, WSSSecurityProperties wSSSecurityProperties) throws WSSecurityException {
        if (PolicyUtils.getFirstAssertionByLocalname(assertionInfoMap, SPConstants.ASYMMETRIC_BINDING) == null) {
            return;
        }
        Object securityPropertyValue = SecurityUtils.getSecurityPropertyValue(org.apache.cxf.rt.security.SecurityConstants.SIGNATURE_CRYPTO, soapMessage);
        if (securityPropertyValue == null) {
            securityPropertyValue = SecurityUtils.getSecurityPropertyValue(org.apache.cxf.rt.security.SecurityConstants.SIGNATURE_PROPERTIES, soapMessage);
        }
        Object securityPropertyValue2 = SecurityUtils.getSecurityPropertyValue(org.apache.cxf.rt.security.SecurityConstants.ENCRYPT_CRYPTO, soapMessage);
        if (securityPropertyValue2 == null) {
            securityPropertyValue2 = SecurityUtils.getSecurityPropertyValue(org.apache.cxf.rt.security.SecurityConstants.ENCRYPT_PROPERTIES, soapMessage);
        }
        Crypto encryptionCrypto = getEncryptionCrypto(securityPropertyValue2, soapMessage, wSSSecurityProperties);
        Crypto signatureCrypto = (securityPropertyValue2 == null || !securityPropertyValue2.equals(securityPropertyValue)) ? getSignatureCrypto(securityPropertyValue, soapMessage, wSSSecurityProperties) : encryptionCrypto;
        if (signatureCrypto != null) {
            wSSSecurityProperties.setDecryptionCrypto(signatureCrypto);
        }
        if (encryptionCrypto != null) {
            wSSSecurityProperties.setSignatureVerificationCrypto(encryptionCrypto);
        } else if (signatureCrypto != null) {
            wSSSecurityProperties.setSignatureVerificationCrypto(signatureCrypto);
        }
    }

    private void checkTransportBinding(AssertionInfoMap assertionInfoMap, SoapMessage soapMessage, WSSSecurityProperties wSSSecurityProperties) throws XMLSecurityException {
        if ((PolicyUtils.getFirstAssertionByLocalname(assertionInfoMap, SPConstants.TRANSPORT_BINDING) != null) || (PolicyUtils.getFirstAssertionByLocalname(assertionInfoMap, SPConstants.SYMMETRIC_BINDING) == null && PolicyUtils.getFirstAssertionByLocalname(assertionInfoMap, SPConstants.ASYMMETRIC_BINDING) == null)) {
            if (isRequestor(soapMessage)) {
                HttpsTokenSecurityEvent httpsTokenSecurityEvent = new HttpsTokenSecurityEvent();
                httpsTokenSecurityEvent.setAuthenticationType(HttpsTokenSecurityEvent.AuthenticationType.HttpsNoAuthentication);
                HttpsSecurityTokenImpl httpsSecurityTokenImpl = new HttpsSecurityTokenImpl();
                try {
                    httpsSecurityTokenImpl.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_MAIN_SIGNATURE);
                } catch (XMLSecurityException e) {
                    LOG.fine(e.getMessage());
                }
                httpsTokenSecurityEvent.setSecurityToken(httpsSecurityTokenImpl);
                getSecurityEventList(soapMessage).add(httpsTokenSecurityEvent);
            }
            Object securityPropertyValue = SecurityUtils.getSecurityPropertyValue(org.apache.cxf.rt.security.SecurityConstants.SIGNATURE_CRYPTO, soapMessage);
            if (securityPropertyValue == null) {
                securityPropertyValue = SecurityUtils.getSecurityPropertyValue(org.apache.cxf.rt.security.SecurityConstants.SIGNATURE_PROPERTIES, soapMessage);
            }
            Object securityPropertyValue2 = SecurityUtils.getSecurityPropertyValue(org.apache.cxf.rt.security.SecurityConstants.ENCRYPT_CRYPTO, soapMessage);
            if (securityPropertyValue2 == null) {
                securityPropertyValue2 = SecurityUtils.getSecurityPropertyValue(org.apache.cxf.rt.security.SecurityConstants.ENCRYPT_PROPERTIES, soapMessage);
            }
            Crypto encryptionCrypto = getEncryptionCrypto(securityPropertyValue2, soapMessage, wSSSecurityProperties);
            Crypto signatureCrypto = (securityPropertyValue2 == null || !securityPropertyValue2.equals(securityPropertyValue)) ? getSignatureCrypto(securityPropertyValue, soapMessage, wSSSecurityProperties) : encryptionCrypto;
            if (signatureCrypto != null) {
                wSSSecurityProperties.setDecryptionCrypto(signatureCrypto);
            }
            if (encryptionCrypto != null) {
                wSSSecurityProperties.setSignatureVerificationCrypto(encryptionCrypto);
            } else if (signatureCrypto != null) {
                wSSSecurityProperties.setSignatureVerificationCrypto(signatureCrypto);
            }
        }
    }

    private List<SecurityEvent> getSecurityEventList(Message message) {
        List<SecurityEvent> list = (List) message.getExchange().get(SecurityEvent.class.getName() + ".out");
        if (list == null) {
            list = new ArrayList();
            message.getExchange().put(SecurityEvent.class.getName() + ".out", list);
        }
        return list;
    }

    private void checkSymmetricBinding(AssertionInfoMap assertionInfoMap, SoapMessage soapMessage, WSSSecurityProperties wSSSecurityProperties) throws WSSecurityException {
        if (PolicyUtils.getFirstAssertionByLocalname(assertionInfoMap, SPConstants.SYMMETRIC_BINDING) == null) {
            return;
        }
        Object securityPropertyValue = SecurityUtils.getSecurityPropertyValue(org.apache.cxf.rt.security.SecurityConstants.SIGNATURE_CRYPTO, soapMessage);
        if (securityPropertyValue == null) {
            securityPropertyValue = SecurityUtils.getSecurityPropertyValue(org.apache.cxf.rt.security.SecurityConstants.SIGNATURE_PROPERTIES, soapMessage);
        }
        Object securityPropertyValue2 = SecurityUtils.getSecurityPropertyValue(org.apache.cxf.rt.security.SecurityConstants.ENCRYPT_CRYPTO, soapMessage);
        if (securityPropertyValue2 == null) {
            securityPropertyValue2 = SecurityUtils.getSecurityPropertyValue(org.apache.cxf.rt.security.SecurityConstants.ENCRYPT_PROPERTIES, soapMessage);
        }
        Crypto encryptionCrypto = getEncryptionCrypto(securityPropertyValue2, soapMessage, wSSSecurityProperties);
        Crypto signatureCrypto = (securityPropertyValue2 == null || !securityPropertyValue2.equals(securityPropertyValue)) ? getSignatureCrypto(securityPropertyValue, soapMessage, wSSSecurityProperties) : encryptionCrypto;
        if (isRequestor(soapMessage)) {
            Crypto crypto = encryptionCrypto;
            if (crypto == null) {
                crypto = signatureCrypto;
            }
            if (crypto != null) {
                wSSSecurityProperties.setSignatureCrypto(crypto);
            }
            Crypto crypto2 = signatureCrypto;
            if (crypto2 == null) {
                crypto2 = encryptionCrypto;
            }
            if (crypto2 != null) {
                wSSSecurityProperties.setDecryptionCrypto(crypto2);
                return;
            }
            return;
        }
        Crypto crypto3 = signatureCrypto;
        if (crypto3 == null) {
            crypto3 = encryptionCrypto;
        }
        if (crypto3 != null) {
            wSSSecurityProperties.setSignatureVerificationCrypto(crypto3);
        }
        Crypto crypto4 = encryptionCrypto;
        if (crypto4 == null) {
            crypto4 = signatureCrypto;
        }
        if (crypto4 != null) {
            wSSSecurityProperties.setDecryptionCrypto(crypto4);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.cxf.ws.security.wss4j.WSS4JStaxInInterceptor
    public void configureProperties(SoapMessage soapMessage, WSSSecurityProperties wSSSecurityProperties) throws XMLSecurityException {
        Collection<AssertionInfo> collection;
        AssertionInfoMap assertionInfoMap = (AssertionInfoMap) soapMessage.get(AssertionInfoMap.class);
        checkAsymmetricBinding(assertionInfoMap, soapMessage, wSSSecurityProperties);
        checkSymmetricBinding(assertionInfoMap, soapMessage, wSSSecurityProperties);
        checkTransportBinding(assertionInfoMap, soapMessage, wSSSecurityProperties);
        String str = (String) soapMessage.getContextualProperty(SecurityConstants.ASYMMETRIC_SIGNATURE_ALGORITHM);
        String str2 = (String) soapMessage.getContextualProperty(SecurityConstants.SYMMETRIC_SIGNATURE_ALGORITHM);
        if ((str != null || str2 != null) && (collection = assertionInfoMap.get(SP12Constants.ALGORITHM_SUITE)) != null && !collection.isEmpty()) {
            Iterator<AssertionInfo> it = collection.iterator();
            while (it.hasNext()) {
                AlgorithmSuite algorithmSuite = (AlgorithmSuite) it.next().getAssertion();
                if (str != null) {
                    algorithmSuite.setAsymmetricSignature(str);
                }
                if (str2 != null) {
                    algorithmSuite.setSymmetricSignature(str2);
                }
            }
        }
        super.configureProperties(soapMessage, wSSSecurityProperties);
    }

    @Override // org.apache.cxf.ws.security.wss4j.WSS4JStaxInInterceptor
    protected boolean isNonceCacheRequired(SoapMessage soapMessage, WSSSecurityProperties wSSSecurityProperties) {
        AssertionInfoMap assertionInfoMap = (AssertionInfoMap) soapMessage.get(AssertionInfoMap.class);
        return (assertionInfoMap == null || PolicyUtils.getFirstAssertionByLocalname(assertionInfoMap, "UsernameToken") == null) ? false : true;
    }

    @Override // org.apache.cxf.ws.security.wss4j.WSS4JStaxInInterceptor
    protected boolean isTimestampCacheRequired(SoapMessage soapMessage, WSSSecurityProperties wSSSecurityProperties) {
        AssertionInfoMap assertionInfoMap = (AssertionInfoMap) soapMessage.get(AssertionInfoMap.class);
        return (assertionInfoMap == null || PolicyUtils.getFirstAssertionByLocalname(assertionInfoMap, SPConstants.INCLUDE_TIMESTAMP) == null) ? false : true;
    }

    @Override // org.apache.cxf.ws.security.wss4j.WSS4JStaxInInterceptor
    protected boolean isSamlCacheRequired(SoapMessage soapMessage, WSSSecurityProperties wSSSecurityProperties) {
        AssertionInfoMap assertionInfoMap = (AssertionInfoMap) soapMessage.get(AssertionInfoMap.class);
        return (assertionInfoMap == null || PolicyUtils.getFirstAssertionByLocalname(assertionInfoMap, SPConstants.SAML_TOKEN) == null) ? false : true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.cxf.ws.security.wss4j.WSS4JStaxInInterceptor
    public List<SecurityEventListener> configureSecurityEventListeners(SoapMessage soapMessage, WSSSecurityProperties wSSSecurityProperties) throws WSSPolicyException {
        ArrayList arrayList = new ArrayList(2);
        arrayList.addAll(super.configureSecurityEventListeners(soapMessage, wSSSecurityProperties));
        PolicyEnforcer createPolicyEnforcer = createPolicyEnforcer(soapMessage.getExchange().getEndpoint().getEndpointInfo(), soapMessage);
        wSSSecurityProperties.addInputProcessor(new PolicyInputProcessor(createPolicyEnforcer, wSSSecurityProperties));
        arrayList.add(createPolicyEnforcer);
        return arrayList;
    }

    private PolicyEnforcer createPolicyEnforcer(EndpointInfo endpointInfo, SoapMessage soapMessage) throws WSSPolicyException {
        QName concreteName;
        QName concreteName2;
        EffectivePolicy effectivePolicy = null;
        ArrayList arrayList = new ArrayList();
        for (BindingOperationInfo bindingOperationInfo : endpointInfo.getBinding().getOperations()) {
            QName name = bindingOperationInfo.getName();
            EffectivePolicy effectivePolicy2 = (EffectivePolicy) bindingOperationInfo.getProperty("policy-engine-info-serve-request");
            if (MessageUtils.isRequestor(soapMessage)) {
                effectivePolicy2 = (EffectivePolicy) bindingOperationInfo.getProperty("policy-engine-info-client-response");
                if (effectivePolicy2 != null && "http://cxf.apache.org/jaxws/dispatch".equals(name.getNamespaceURI())) {
                    effectivePolicy = effectivePolicy2;
                }
                if (bindingOperationInfo.getOutput() != null) {
                    MessageInfo messageInfo = bindingOperationInfo.getOutput().getMessageInfo();
                    name = messageInfo.getName();
                    if (messageInfo.getMessagePartsNumber() > 0 && (concreteName2 = messageInfo.getFirstMessagePart().getConcreteName()) != null) {
                        name = concreteName2;
                    }
                }
            } else if (bindingOperationInfo.getInput() != null) {
                MessageInfo messageInfo2 = bindingOperationInfo.getInput().getMessageInfo();
                name = messageInfo2.getName();
                if (messageInfo2.getMessagePartsNumber() > 0 && (concreteName = messageInfo2.getFirstMessagePart().getConcreteName()) != null) {
                    name = concreteName;
                }
            }
            SoapOperationInfo soapOperationInfo = (SoapOperationInfo) bindingOperationInfo.getExtensor(SoapOperationInfo.class);
            if (soapOperationInfo != null && effectivePolicy2 == null && effectivePolicy != null) {
                effectivePolicy2 = effectivePolicy;
            }
            if (effectivePolicy2 != null && soapOperationInfo != null) {
                BindingInfo binding = bindingOperationInfo.getBinding();
                if (!(binding instanceof SoapBindingInfo)) {
                    throw new IllegalArgumentException("BindingInfo is not an instance of SoapBindingInfo");
                }
                String namespace = ((SoapBindingInfo) binding).getSoapVersion().getNamespace();
                OperationPolicy operationPolicy = new OperationPolicy(name);
                operationPolicy.setPolicy(effectivePolicy2.getPolicy());
                operationPolicy.setOperationAction(soapOperationInfo.getAction());
                operationPolicy.setSoapMessageVersionNamespace(namespace);
                arrayList.add(operationPolicy);
            }
        }
        String soapAction = SoapActionInInterceptor.getSoapAction(soapMessage);
        if (soapAction == null) {
            soapAction = "";
        }
        String str = (String) soapMessage.getContextualProperty(SecurityConstants.ACTOR);
        Collection<Attachment> attachments = soapMessage.getAttachments();
        int i = 0;
        if (attachments != null && !attachments.isEmpty()) {
            i = attachments.size();
        }
        return new PolicyEnforcer(arrayList, soapAction, isRequestor(soapMessage), str, i, new WSS4JPolicyAsserter((AssertionInfoMap) soapMessage.get(AssertionInfoMap.class)));
    }
}
