package org.apache.servicemix.cxfbc.interceptors;

import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.UndeclaredThrowableException;
import java.security.GeneralSecurityException;
import java.security.cert.X509Certificate;
import java.util.List;
import javax.security.auth.Subject;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.ws.security.wss4j.AbstractWSS4JInterceptor;
import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor;
import org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor;
import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor;
import org.apache.servicemix.common.security.AuthenticationService;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSUsernameTokenPrincipal;
import org.apache.ws.security.handler.WSHandlerResult;

/* loaded from: input_file:org/apache/servicemix/cxfbc/interceptors/JbiJAASInterceptor.class */
public class JbiJAASInterceptor extends AbstractWSS4JInterceptor {
    private AuthenticationService authenticationService;
    private boolean x509;
    private boolean delegateToJaas;
    private String domain = "servicemix-domain";
    private ThreadLocal<Subject> currentSubject = new ThreadLocal<>();

    public JbiJAASInterceptor(AuthenticationService authenticationService, boolean z, boolean z2) {
        setPhase("pre-protocol");
        getAfter().add(WSS4JInInterceptor.class.getName());
        getAfter().add(PolicyBasedWSS4JInInterceptor.class.getName());
        getAfter().add(UsernameTokenInterceptor.class.getName());
        this.authenticationService = authenticationService;
        this.x509 = z;
        this.delegateToJaas = z2;
    }

    public void handleMessage(SoapMessage soapMessage) throws Fault {
        try {
            try {
                if (!this.delegateToJaas) {
                    this.currentSubject.set(null);
                    return;
                }
                Subject subject = this.currentSubject.get();
                if (subject == null) {
                    subject = new Subject();
                    this.currentSubject.set(subject);
                }
                List<WSHandlerResult> list = (List) soapMessage.get("RECV_RESULTS");
                if (list == null) {
                    this.currentSubject.set(null);
                    return;
                }
                for (WSHandlerResult wSHandlerResult : list) {
                    if (wSHandlerResult == null || wSHandlerResult.getResults() == null) {
                        this.currentSubject.set(null);
                        return;
                    }
                    boolean z = false;
                    for (WSSecurityEngineResult wSSecurityEngineResult : wSHandlerResult.getResults()) {
                        if (wSSecurityEngineResult != null && (wSSecurityEngineResult.get("principal") instanceof WSUsernameTokenPrincipal)) {
                            WSUsernameTokenPrincipal wSUsernameTokenPrincipal = (WSUsernameTokenPrincipal) wSSecurityEngineResult.get("principal");
                            subject.getPrincipals().add(wSUsernameTokenPrincipal);
                            this.authenticationService.authenticate(subject, this.domain, wSUsernameTokenPrincipal.getName(), wSUsernameTokenPrincipal.getPassword());
                            z = true;
                        }
                    }
                    if (!z && this.x509) {
                        for (WSSecurityEngineResult wSSecurityEngineResult2 : wSHandlerResult.getResults()) {
                            if (wSSecurityEngineResult2 != null && (wSSecurityEngineResult2.get("x509-certificates") instanceof X509Certificate)) {
                                X509Certificate x509Certificate = (X509Certificate) wSSecurityEngineResult2.get("x509-certificates");
                                this.authenticationService.authenticate(subject, this.domain, x509Certificate.getIssuerX500Principal().getName(), x509Certificate);
                            }
                        }
                    }
                }
                soapMessage.put(Subject.class, subject);
                this.currentSubject.set(null);
            } catch (UndeclaredThrowableException e) {
                Throwable undeclaredThrowable = e.getUndeclaredThrowable();
                if (undeclaredThrowable != null && (undeclaredThrowable instanceof InvocationTargetException)) {
                    throw new Fault(((InvocationTargetException) undeclaredThrowable).getTargetException());
                }
                this.currentSubject.set(null);
            } catch (GeneralSecurityException e2) {
                throw new Fault(e2);
            }
        } catch (Throwable th) {
            this.currentSubject.set(null);
            throw th;
        }
    }
}
