package org.jboss.ws.extensions.security;

import java.util.ArrayList;
import java.util.List;
import javax.xml.namespace.QName;
import javax.xml.rpc.soap.SOAPFaultException;
import javax.xml.soap.SOAPException;
import org.jboss.lang.JBossStringBuilder;
import org.jboss.logging.Logger;
import org.jboss.ws.WSException;
import org.jboss.ws.core.CommonMessageContext;
import org.jboss.ws.core.StubExt;
import org.jboss.ws.core.soap.SOAPMessageImpl;
import org.jboss.ws.core.utils.DOMWriter;
import org.jboss.ws.metadata.umdm.OperationMetaData;
import org.jboss.ws.metadata.wsse.Config;
import org.jboss.ws.metadata.wsse.Encrypt;
import org.jboss.ws.metadata.wsse.Port;
import org.jboss.ws.metadata.wsse.RequireEncryption;
import org.jboss.ws.metadata.wsse.RequireSignature;
import org.jboss.ws.metadata.wsse.RequireTimestamp;
import org.jboss.ws.metadata.wsse.Requires;
import org.jboss.ws.metadata.wsse.Sign;
import org.jboss.ws.metadata.wsse.Timestamp;
import org.jboss.ws.metadata.wsse.WSSecurityConfiguration;
import org.w3c.dom.Element;

/* loaded from: input_file:org/jboss/ws/extensions/security/WSSecurityDispatcher.class */
public class WSSecurityDispatcher {
    private static Logger log = Logger.getLogger(Class.forName("org.jboss.ws.extensions.security.WSSecurityDispatcher"));

    private static List<Target> convertTargets(List<org.jboss.ws.metadata.wsse.Target> list) {
        if (list == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList(list.size());
        for (org.jboss.ws.metadata.wsse.Target target : list) {
            if ("qname".equals(target.getType())) {
                arrayList.add(new QNameTarget(QName.valueOf(target.getValue()), target.isContentOnly()));
            } else if ("wsuid".equals(target.getType())) {
                arrayList.add(new WsuIdTarget(target.getValue()));
            }
        }
        return arrayList;
    }

    private static Config getConfig(WSSecurityConfiguration wSSecurityConfiguration, String str, String str2) {
        Port port = wSSecurityConfiguration.getPorts().get(str);
        if (port == null) {
            return wSSecurityConfiguration.getDefaultConfig();
        }
        org.jboss.ws.metadata.wsse.Operation operation = port.getOperations().get(str2);
        if (operation != null) {
            return operation.getConfig();
        }
        Config defaultConfig = port.getDefaultConfig();
        return defaultConfig == null ? wSSecurityConfiguration.getDefaultConfig() : defaultConfig;
    }

    private static SOAPFaultException convertToFault(WSSecurityException wSSecurityException) {
        return new SOAPFaultException(wSSecurityException.getFaultCode(), wSSecurityException.getFaultString(), null, null);
    }

    public static void handleInbound(CommonMessageContext commonMessageContext) throws SOAPException, SOAPFaultException {
        WSSecurityConfiguration securityConfig = getSecurityConfig(commonMessageContext);
        SOAPMessageImpl sOAPMessageImpl = (SOAPMessageImpl) commonMessageContext.getSOAPMessage();
        Element findElement = Util.findElement(sOAPMessageImpl.getSOAPHeader(), new QName(Constants.WSSE_NS, "Security"));
        if (findElement == null) {
            if (sOAPMessageImpl.getSOAPBody().getFault() != null) {
                return;
            }
            OperationMetaData operationMetaData = commonMessageContext.getOperationMetaData();
            if (operationMetaData == null) {
                operationMetaData = sOAPMessageImpl.getOperationMetaData(commonMessageContext.getEndpointMetaData());
            }
            if (hasRequirements(securityConfig, operationMetaData.getQName().toString(), operationMetaData.getEndpointMetaData().getPortName().getLocalPart())) {
                throw convertToFault(new InvalidSecurityHeaderException("This service requires <wsse:Security>, which is missing."));
            }
            return;
        }
        try {
            SecurityDecoder securityDecoder = new SecurityDecoder(new SecurityStore(securityConfig.getKeyStoreURL(), securityConfig.getKeyStoreType(), securityConfig.getKeyStorePassword(), securityConfig.getTrustStoreURL(), securityConfig.getTrustStoreType(), securityConfig.getTrustStorePassword()));
            securityDecoder.decode(sOAPMessageImpl.getSOAPPart(), findElement);
            if (log.isTraceEnabled()) {
                log.trace(new JBossStringBuilder().append("Decoded Message:\n").append(DOMWriter.printNode(sOAPMessageImpl.getSOAPPart(), true)).toString());
            }
            OperationMetaData operationMetaData2 = commonMessageContext.getOperationMetaData();
            if (operationMetaData2 == null) {
                operationMetaData2 = sOAPMessageImpl.getOperationMetaData(commonMessageContext.getEndpointMetaData());
            }
            securityDecoder.verify(buildRequireOperations(securityConfig, operationMetaData2.getQName().toString(), operationMetaData2.getEndpointMetaData().getPortName().getLocalPart()));
            if (log.isDebugEnabled()) {
                log.debug("Verification is successful");
            }
            securityDecoder.complete();
        } catch (WSSecurityException e) {
            if (e.isInternalError()) {
                log.error("Internal error occured handling inbound message:", e);
            } else if (log.isDebugEnabled()) {
                log.debug(new JBossStringBuilder().append("Returning error to sender: ").append(e.getMessage()).toString());
            }
            throw convertToFault(e);
        }
    }

    private static WSSecurityConfiguration getSecurityConfig(CommonMessageContext commonMessageContext) {
        WSSecurityConfiguration securityConfiguration = commonMessageContext.getEndpointMetaData().getServiceMetaData().getSecurityConfiguration();
        if (securityConfiguration == null) {
            throw new WSException("Cannot obtain security configuration from message context");
        }
        return securityConfiguration;
    }

    private static boolean hasRequirements(WSSecurityConfiguration wSSecurityConfiguration, String str, String str2) {
        Config config = getConfig(wSSecurityConfiguration, str2, str);
        return (config == null || config.getRequires() == null) ? false : true;
    }

    private static List<OperationDescription<RequireOperation>> buildRequireOperations(WSSecurityConfiguration wSSecurityConfiguration, String str, String str2) {
        Requires requires;
        Config config = getConfig(wSSecurityConfiguration, str2, str);
        if (config == null || (requires = config.getRequires()) == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        RequireTimestamp requireTimestamp = requires.getRequireTimestamp();
        if (requireTimestamp != null) {
            arrayList.add(new OperationDescription(Class.forName("org.jboss.ws.extensions.security.RequireTimestampOperation"), null, requireTimestamp.getMaxAge(), null, null));
        }
        RequireSignature requireSignature = requires.getRequireSignature();
        if (requireSignature != null) {
            arrayList.add(new OperationDescription(Class.forName("org.jboss.ws.extensions.security.RequireSignatureOperation"), convertTargets(requireSignature.getTargets()), null, null, null));
        }
        RequireEncryption requireEncryption = requires.getRequireEncryption();
        if (requireEncryption != null) {
            arrayList.add(new OperationDescription(Class.forName("org.jboss.ws.extensions.security.RequireEncryptionOperation"), convertTargets(requireEncryption.getTargets()), null, null, null));
        }
        return arrayList;
    }

    public static void handleOutbound(CommonMessageContext commonMessageContext) throws SOAPException, SOAPFaultException {
        WSSecurityConfiguration securityConfig = getSecurityConfig(commonMessageContext);
        SOAPMessageImpl sOAPMessageImpl = (SOAPMessageImpl) commonMessageContext.getSOAPMessage();
        OperationMetaData operationMetaData = commonMessageContext.getOperationMetaData();
        Config config = getConfig(securityConfig, operationMetaData.getEndpointMetaData().getPortName().getLocalPart(), operationMetaData.getQName().toString());
        log.debug(new JBossStringBuilder().append("WS-Security config: ").append(config).toString());
        if (config == null) {
            return;
        }
        ArrayList arrayList = new ArrayList();
        Timestamp timestamp = config.getTimestamp();
        if (timestamp != null) {
            arrayList.add(new OperationDescription(Class.forName("org.jboss.ws.extensions.security.TimestampOperation"), null, null, timestamp.getTtl(), null));
        }
        if (config.getUsername() != null) {
            Object obj = commonMessageContext.get("javax.xml.rpc.security.auth.username");
            Object obj2 = commonMessageContext.get("javax.xml.rpc.security.auth.password");
            if (obj != null && obj2 != null) {
                arrayList.add(new OperationDescription(Class.forName("org.jboss.ws.extensions.security.SendUsernameOperation"), null, obj.toString(), obj2.toString(), null));
                commonMessageContext.put(StubExt.PROPERTY_AUTH_TYPE, StubExt.PROPERTY_AUTH_TYPE_WSSE);
            }
        }
        Sign sign = config.getSign();
        if (sign != null) {
            List<Target> convertTargets = convertTargets(sign.getTargets());
            if (sign.isIncludeTimestamp()) {
                if (timestamp == null) {
                    arrayList.add(new OperationDescription(Class.forName("org.jboss.ws.extensions.security.TimestampOperation"), null, null, null, null));
                }
                if (convertTargets != null && convertTargets.size() > 0) {
                    convertTargets.add(new WsuIdTarget("timestamp"));
                }
            }
            arrayList.add(new OperationDescription(Class.forName("org.jboss.ws.extensions.security.SignatureOperation"), convertTargets, sign.getAlias(), null, null));
        }
        Encrypt encrypt = config.getEncrypt();
        if (encrypt != null) {
            arrayList.add(new OperationDescription(Class.forName("org.jboss.ws.extensions.security.EncryptionOperation"), convertTargets(encrypt.getTargets()), encrypt.getAlias(), null, encrypt.getAlgorithm()));
        }
        if (arrayList.size() == 0) {
            return;
        }
        if (log.isDebugEnabled()) {
            log.debug(new JBossStringBuilder().append("Encoding Message:\n").append(DOMWriter.printNode(sOAPMessageImpl.getSOAPPart(), true)).toString());
        }
        try {
            new SecurityEncoder(arrayList, new SecurityStore(securityConfig.getKeyStoreURL(), securityConfig.getKeyStoreType(), securityConfig.getKeyStorePassword(), securityConfig.getTrustStoreURL(), securityConfig.getTrustStoreType(), securityConfig.getTrustStorePassword())).encode(sOAPMessageImpl.getSOAPPart());
        } catch (WSSecurityException e) {
            if (e.isInternalError()) {
                log.error("Internal error occured handling outbound message:", e);
            } else if (log.isDebugEnabled()) {
                log.debug(new JBossStringBuilder().append("Returning error to sender: ").append(e.getMessage()).toString());
            }
            throw convertToFault(e);
        }
    }
}
