package org.jboss.ws.extensions.security;

import com.jboss.jbossnetwork.product.jbpm.handlers.ContextVariables;
import java.util.ArrayList;
import java.util.List;
import javax.xml.namespace.QName;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPHeader;
import javax.xml.soap.SOAPMessage;
import javax.xml.ws.WebServiceException;
import org.jboss.logging.Logger;
import org.jboss.ws.core.CommonMessageContext;
import org.jboss.ws.core.CommonSOAPFaultException;
import org.jboss.ws.core.soap.MessageContextAssociation;
import org.jboss.ws.core.soap.SOAPMessageImpl;
import org.jboss.ws.extensions.security.exception.InvalidSecurityHeaderException;
import org.jboss.ws.extensions.security.exception.WSSecurityException;
import org.jboss.ws.extensions.security.nonce.DefaultNonceFactory;
import org.jboss.ws.extensions.security.nonce.NonceFactory;
import org.jboss.ws.extensions.security.operation.AuthorizeOperation;
import org.jboss.ws.extensions.security.operation.EncryptionOperation;
import org.jboss.ws.extensions.security.operation.RequireEncryptionOperation;
import org.jboss.ws.extensions.security.operation.RequireOperation;
import org.jboss.ws.extensions.security.operation.RequireSignatureOperation;
import org.jboss.ws.extensions.security.operation.RequireTimestampOperation;
import org.jboss.ws.extensions.security.operation.SendUsernameOperation;
import org.jboss.ws.extensions.security.operation.SignatureOperation;
import org.jboss.ws.extensions.security.operation.TimestampOperation;
import org.jboss.ws.metadata.umdm.EndpointMetaData;
import org.jboss.ws.metadata.umdm.OperationMetaData;
import org.jboss.ws.metadata.wsse.Authenticate;
import org.jboss.ws.metadata.wsse.Authorize;
import org.jboss.ws.metadata.wsse.Config;
import org.jboss.ws.metadata.wsse.Encrypt;
import org.jboss.ws.metadata.wsse.Operation;
import org.jboss.ws.metadata.wsse.Port;
import org.jboss.ws.metadata.wsse.RequireEncryption;
import org.jboss.ws.metadata.wsse.RequireSignature;
import org.jboss.ws.metadata.wsse.RequireTimestamp;
import org.jboss.ws.metadata.wsse.Requires;
import org.jboss.ws.metadata.wsse.Sign;
import org.jboss.ws.metadata.wsse.Timestamp;
import org.jboss.ws.metadata.wsse.Username;
import org.jboss.ws.metadata.wsse.WSSecurityConfiguration;
import org.jboss.wsf.common.DOMWriter;
import org.jboss.wsf.spi.SPIProviderResolver;
import org.jboss.wsf.spi.invocation.SecurityAdaptor;
import org.jboss.wsf.spi.invocation.SecurityAdaptorFactory;
import org.w3c.dom.Element;

/* loaded from: input_file:lib/jbossws-native-core-3.1.1.GA.jar:org/jboss/ws/extensions/security/WSSecurityDispatcher.class */
public class WSSecurityDispatcher implements WSSecurityAPI {
    private static Logger log = Logger.getLogger(WSSecurityDispatcher.class);

    @Override // org.jboss.ws.extensions.security.WSSecurityAPI
    public void decodeMessage(WSSecurityConfiguration wSSecurityConfiguration, SOAPMessage sOAPMessage, Config config) throws SOAPException {
        Config actualConfig = getActualConfig(wSSecurityConfiguration, config);
        SOAPHeader sOAPHeader = sOAPMessage.getSOAPHeader();
        Element findElement = sOAPHeader != null ? Util.findElement(sOAPHeader, new QName(Constants.WSSE_NS, "Security")) : null;
        if (findElement == null) {
            if (sOAPMessage.getSOAPBody().getFault() != null) {
                return;
            }
            if (hasRequirements(actualConfig)) {
                throw convertToFault(new InvalidSecurityHeaderException("This service requires <wsse:Security>, which is missing."));
            }
        }
        if (findElement != null) {
            try {
                decodeHeader(wSSecurityConfiguration, actualConfig, sOAPMessage, findElement);
            } catch (WSSecurityException e) {
                if (e.isInternalError()) {
                    log.error("Internal error occured handling inbound message:", e);
                } else if (log.isDebugEnabled()) {
                    log.debug("Returning error to sender: " + e.getMessage());
                }
                throw convertToFault(e);
            }
        }
        authorize(actualConfig);
    }

    private void decodeHeader(WSSecurityConfiguration wSSecurityConfiguration, Config config, SOAPMessage sOAPMessage, Element element) throws WSSecurityException {
        SecurityStore securityStore = new SecurityStore(wSSecurityConfiguration.getKeyStoreURL(), wSSecurityConfiguration.getKeyStoreType(), wSSecurityConfiguration.getKeyStorePassword(), wSSecurityConfiguration.getKeyPasswords(), wSSecurityConfiguration.getTrustStoreURL(), wSSecurityConfiguration.getTrustStoreType(), wSSecurityConfiguration.getTrustStorePassword());
        NonceFactory nonceFactory = (NonceFactory) Util.loadFactory(NonceFactory.class, wSSecurityConfiguration.getNonceFactory(), DefaultNonceFactory.class);
        Authenticate authenticate = null;
        if (config != null) {
            authenticate = config.getAuthenticate();
        }
        SecurityDecoder securityDecoder = new SecurityDecoder(securityStore, nonceFactory, wSSecurityConfiguration.getTimestampVerification(), authenticate);
        securityDecoder.decode(sOAPMessage.getSOAPPart(), element);
        if (log.isTraceEnabled()) {
            log.trace("Decoded Message:\n" + DOMWriter.printNode(sOAPMessage.getSOAPPart(), true));
        }
        securityDecoder.verify(buildRequireOperations(config));
        if (log.isDebugEnabled()) {
            log.debug("Verification is successful");
        }
        securityDecoder.complete();
    }

    private void authorize(Config config) throws WSSecurityException {
        Authorize authorize;
        if (config == null || (authorize = config.getAuthorize()) == null) {
            return;
        }
        new AuthorizeOperation(authorize).process();
    }

    @Override // org.jboss.ws.extensions.security.WSSecurityAPI
    public void encodeMessage(WSSecurityConfiguration wSSecurityConfiguration, SOAPMessage sOAPMessage, Config config, String str, String str2) throws SOAPException {
        Config actualConfig = getActualConfig(wSSecurityConfiguration, config);
        log.debug("WS-Security config: " + actualConfig);
        if (actualConfig == null) {
            return;
        }
        ArrayList arrayList = new ArrayList();
        Timestamp timestamp = actualConfig.getTimestamp();
        if (timestamp != null) {
            arrayList.add(new TimestampOperation(timestamp.getTtl()));
        }
        Username username = actualConfig.getUsername();
        if (username != null && str != null && str2 != null) {
            arrayList.add(new SendUsernameOperation(str, str2, username.isDigestPassword(), username.isUseNonce(), username.isUseCreated(), ((NonceFactory) Util.loadFactory(NonceFactory.class, wSSecurityConfiguration.getNonceFactory(), DefaultNonceFactory.class)).getGenerator()));
        }
        Sign sign = actualConfig.getSign();
        if (sign != null) {
            List<Target> convertTargets = convertTargets(sign.getTargets());
            if (sign.isIncludeTimestamp()) {
                if (timestamp == null) {
                    arrayList.add(new TimestampOperation(null));
                }
                if (convertTargets != null && convertTargets.size() > 0) {
                    convertTargets.add(new WsuIdTarget(ContextVariables.TIMESTAMP));
                }
            }
            arrayList.add(new SignatureOperation(convertTargets, sign.getAlias(), sign.getTokenRefType()));
        }
        Encrypt encrypt = actualConfig.getEncrypt();
        if (encrypt != null) {
            arrayList.add(new EncryptionOperation(convertTargets(encrypt.getTargets()), encrypt.getAlias(), encrypt.getAlgorithm(), encrypt.getWrap(), encrypt.getTokenRefType()));
        }
        if (arrayList.size() == 0) {
            return;
        }
        if (log.isDebugEnabled()) {
            log.debug("Encoding Message:\n" + DOMWriter.printNode(sOAPMessage.getSOAPPart(), true));
        }
        try {
            new SecurityEncoder(arrayList, new SecurityStore(wSSecurityConfiguration.getKeyStoreURL(), wSSecurityConfiguration.getKeyStoreType(), wSSecurityConfiguration.getKeyStorePassword(), wSSecurityConfiguration.getKeyPasswords(), wSSecurityConfiguration.getTrustStoreURL(), wSSecurityConfiguration.getTrustStoreType(), wSSecurityConfiguration.getTrustStorePassword())).encode(sOAPMessage.getSOAPPart());
        } catch (WSSecurityException e) {
            if (e.isInternalError()) {
                log.error("Internal error occured handling outbound message:", e);
            } else if (log.isDebugEnabled()) {
                log.debug("Returning error to sender: " + e.getMessage());
            }
            throw convertToFault(e);
        }
    }

    @Override // org.jboss.ws.extensions.security.WSSecurityAPI
    public void cleanup() {
        SecurityAdaptor newSecurityAdapter = ((SecurityAdaptorFactory) SPIProviderResolver.getInstance().getProvider().getSPI(SecurityAdaptorFactory.class)).newSecurityAdapter();
        newSecurityAdapter.setPrincipal(null);
        newSecurityAdapter.setCredential(null);
    }

    private List<Target> convertTargets(List<org.jboss.ws.metadata.wsse.Target> list) {
        if (list == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList(list.size());
        for (org.jboss.ws.metadata.wsse.Target target : list) {
            if ("qname".equals(target.getType())) {
                arrayList.add(new QNameTarget(QName.valueOf(target.getValue()), target.isContentOnly()));
            } else if ("wsuid".equals(target.getType())) {
                arrayList.add(new WsuIdTarget(target.getValue()));
            }
        }
        return arrayList;
    }

    private CommonSOAPFaultException convertToFault(WSSecurityException wSSecurityException) {
        return new CommonSOAPFaultException(wSSecurityException.getFaultCode(), wSSecurityException.getFaultString());
    }

    private List<RequireOperation> buildRequireOperations(Config config) {
        Requires requires;
        if (config == null || (requires = config.getRequires()) == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        RequireTimestamp requireTimestamp = requires.getRequireTimestamp();
        if (requireTimestamp != null) {
            arrayList.add(new RequireTimestampOperation(requireTimestamp.getMaxAge()));
        }
        RequireSignature requireSignature = requires.getRequireSignature();
        if (requireSignature != null) {
            arrayList.add(new RequireSignatureOperation(convertTargets(requireSignature.getTargets())));
        }
        RequireEncryption requireEncryption = requires.getRequireEncryption();
        if (requireEncryption != null) {
            arrayList.add(new RequireEncryptionOperation(convertTargets(requireEncryption.getTargets())));
        }
        return arrayList;
    }

    private Config getActualConfig(WSSecurityConfiguration wSSecurityConfiguration, Config config) {
        CommonMessageContext peekMessageContext;
        if (config == null && (peekMessageContext = MessageContextAssociation.peekMessageContext()) != null) {
            EndpointMetaData endpointMetaData = peekMessageContext.getEndpointMetaData();
            QName portName = endpointMetaData.getPortName();
            OperationMetaData operationMetaData = peekMessageContext.getOperationMetaData();
            if (operationMetaData == null) {
                try {
                    operationMetaData = ((SOAPMessageImpl) peekMessageContext.getSOAPMessage()).getOperationMetaData(endpointMetaData);
                } catch (SOAPException e) {
                    throw new WebServiceException("Error while looking for the operation meta data: " + e);
                }
            }
            if (operationMetaData != null) {
                config = selectOperationConfig(wSSecurityConfiguration, portName, operationMetaData.getQName());
            }
        }
        return config != null ? config : wSSecurityConfiguration.getDefaultConfig();
    }

    private Config selectOperationConfig(WSSecurityConfiguration wSSecurityConfiguration, QName qName, QName qName2) {
        Port port = wSSecurityConfiguration.getPorts().get(qName != null ? qName.getLocalPart() : null);
        if (port == null) {
            return wSSecurityConfiguration.getDefaultConfig();
        }
        Operation operation = port.getOperations().get(qName2 != null ? qName2.toString() : null);
        if (operation != null) {
            return operation.getConfig();
        }
        Config defaultConfig = port.getDefaultConfig();
        return defaultConfig == null ? wSSecurityConfiguration.getDefaultConfig() : defaultConfig;
    }

    private boolean hasRequirements(Config config) {
        return (config == null || config.getRequires() == null) ? false : true;
    }
}
