package org.jboss.wsf.stack.cxf.jaspi.client;

import java.util.Properties;
import javax.security.auth.Subject;
import javax.security.auth.message.AuthException;
import javax.security.auth.message.config.ClientAuthConfig;
import javax.xml.namespace.QName;
import javax.xml.soap.SOAPMessage;
import org.apache.cxf.binding.soap.Soap12;
import org.apache.cxf.binding.soap.SoapBinding;
import org.apache.cxf.binding.soap.SoapFault;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.message.Message;
import org.jboss.security.auth.login.JASPIAuthenticationInfo;
import org.jboss.security.auth.message.GenericMessageInfo;

/* loaded from: input_file:m2repo/org/jboss/ws/cxf/jbossws-cxf-jaspi/5.2.4.Final/jbossws-cxf-jaspi-5.2.4.Final.jar:org/jboss/wsf/stack/cxf/jaspi/client/JaspiClientAuthenticator.class */
public class JaspiClientAuthenticator {
    public static final String JASPI_SECURITY_DOMAIN = "jaspi.security.domain";
    private final ClientAuthConfig clientConfig;
    private final String securityDomain;
    private final JASPIAuthenticationInfo jpi;

    public JaspiClientAuthenticator(ClientAuthConfig clientAuthConfig, String str, JASPIAuthenticationInfo jASPIAuthenticationInfo) {
        this.clientConfig = clientAuthConfig;
        this.securityDomain = str;
        this.jpi = jASPIAuthenticationInfo;
    }

    public void secureRequest(SoapMessage soapMessage) {
        GenericMessageInfo genericMessageInfo = new GenericMessageInfo((SOAPMessage) soapMessage.getContent(SOAPMessage.class), null);
        String authContextID = this.clientConfig.getAuthContextID(genericMessageInfo);
        Properties properties = new Properties();
        properties.put("security-domain", this.securityDomain);
        properties.put("jaspi-policy", this.jpi);
        Subject subject = new Subject();
        try {
            this.clientConfig.getAuthContext(authContextID, subject, properties).secureRequest(genericMessageInfo, subject);
        } catch (AuthException e) {
            if (!isSOAP12(soapMessage)) {
                throw new SoapFault(e.getMessage(), new QName("", "japsi AuthException"));
            }
            throw new SoapFault(e.getMessage(), Soap12.getInstance().getSender());
        }
    }

    public void validateResponse(SoapMessage soapMessage) {
        GenericMessageInfo genericMessageInfo = new GenericMessageInfo((SOAPMessage) soapMessage.getExchange().getInMessage().get(SOAPMessage.class), (SOAPMessage) soapMessage.getContent(SOAPMessage.class));
        String authContextID = this.clientConfig.getAuthContextID(genericMessageInfo);
        Properties properties = new Properties();
        properties.put("security-domain", this.securityDomain);
        properties.put("jaspi-policy", this.jpi);
        try {
            this.clientConfig.getAuthContext(authContextID, new Subject(), properties).validateResponse(genericMessageInfo, new Subject(), new Subject());
        } catch (AuthException e) {
            if (!isSOAP12(soapMessage)) {
                throw new SoapFault(e.getMessage(), new QName("", "japsi AuthException"));
            }
            throw new SoapFault(e.getMessage(), Soap12.getInstance().getSender());
        }
    }

    private boolean isSOAP12(Message message) {
        return (message.getExchange().getBinding() instanceof SoapBinding) && ((SoapBinding) message.getExchange().getBinding()).getSoapVersion() == Soap12.getInstance();
    }
}
