package org.apache.cxf.ws.security.wss4j;

import java.io.IOException;
import java.security.Principal;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import java.util.Vector;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.xml.namespace.QName;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.message.Message;
import org.apache.cxf.phase.PhaseInterceptorChain;
import org.apache.cxf.security.SecurityContext;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSDocInfo;
import org.apache.ws.security.WSPasswordCallback;
import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityEngine;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.WSUsernameTokenPrincipal;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.message.token.UsernameToken;
import org.apache.ws.security.processor.Processor;
import org.w3c.dom.Element;

/* loaded from: input_file:apache-servicemix-4.3.0-fuse-01-00/system/org/apache/cxf/cxf-bundle/2.2.9-fuse-01-00/cxf-bundle-2.2.9-fuse-01-00.jar:org/apache/cxf/ws/security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.class */
public abstract class AbstractUsernameTokenAuthenticatingInterceptor extends WSS4JInInterceptor implements Processor {
    private static final Logger LOG = LogUtils.getL7dLogger(AbstractUsernameTokenAuthenticatingInterceptor.class);
    private boolean supportDigestPasswords;

    /* loaded from: input_file:apache-servicemix-4.3.0-fuse-01-00/system/org/apache/cxf/cxf-bundle/2.2.9-fuse-01-00/cxf-bundle-2.2.9-fuse-01-00.jar:org/apache/cxf/ws/security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor$CustomUsernameTokenProcessor.class */
    private class CustomUsernameTokenProcessor implements Processor {
        private String utId;
        private UsernameToken ut;

        private CustomUsernameTokenProcessor() {
        }

        @Override // org.apache.ws.security.processor.Processor
        public void handleToken(Element element, Crypto crypto, Crypto crypto2, CallbackHandler callbackHandler, WSDocInfo wSDocInfo, Vector vector, WSSConfig wSSConfig) throws WSSecurityException {
            if (AbstractUsernameTokenAuthenticatingInterceptor.LOG.isLoggable(Level.FINE)) {
                AbstractUsernameTokenAuthenticatingInterceptor.LOG.fine("Found UsernameToken list element");
            }
            vector.add(0, new WSSecurityEngineResult(1, handleUsernameToken(element, callbackHandler), (X509Certificate) null, (Set) null, (byte[]) null));
            this.utId = this.ut.getID();
        }

        private WSUsernameTokenPrincipal handleUsernameToken(Element element, CallbackHandler callbackHandler) throws WSSecurityException {
            this.ut = new UsernameToken(element, false);
            String name = this.ut.getName();
            String password = this.ut.getPassword();
            String nonce = this.ut.getNonce();
            String created = this.ut.getCreated();
            String passwordType = this.ut.getPasswordType();
            if (AbstractUsernameTokenAuthenticatingInterceptor.LOG.isLoggable(Level.FINE)) {
                AbstractUsernameTokenAuthenticatingInterceptor.LOG.fine("UsernameToken user " + name);
                AbstractUsernameTokenAuthenticatingInterceptor.LOG.fine("UsernameToken password " + password);
            }
            AbstractUsernameTokenAuthenticatingInterceptor.this.setSubject(name, password, this.ut.isHashed(), nonce, created);
            WSUsernameTokenPrincipal wSUsernameTokenPrincipal = new WSUsernameTokenPrincipal(name, this.ut.isHashed());
            wSUsernameTokenPrincipal.setNonce(nonce);
            wSUsernameTokenPrincipal.setPassword(password);
            wSUsernameTokenPrincipal.setCreatedTime(created);
            wSUsernameTokenPrincipal.setPasswordType(passwordType);
            return wSUsernameTokenPrincipal;
        }

        @Override // org.apache.ws.security.processor.Processor
        public String getId() {
            return this.utId;
        }
    }

    /* loaded from: input_file:apache-servicemix-4.3.0-fuse-01-00/system/org/apache/cxf/cxf-bundle/2.2.9-fuse-01-00/cxf-bundle-2.2.9-fuse-01-00.jar:org/apache/cxf/ws/security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor$DelegatingCallbackHandler.class */
    private class DelegatingCallbackHandler implements CallbackHandler {
        private CallbackHandler pwdHandler;

        public DelegatingCallbackHandler(CallbackHandler callbackHandler) {
            this.pwdHandler = callbackHandler;
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
            for (Callback callback : callbackArr) {
                if (callback instanceof WSPasswordCallback) {
                    WSPasswordCallback wSPasswordCallback = (WSPasswordCallback) callback;
                    if (WSConstants.PASSWORD_TEXT.equals(wSPasswordCallback.getPasswordType()) && wSPasswordCallback.getUsage() == 5) {
                        AbstractUsernameTokenAuthenticatingInterceptor.this.setSubject(wSPasswordCallback.getIdentifier(), wSPasswordCallback.getPassword(), false, null, null);
                    } else if (this.pwdHandler != null) {
                        this.pwdHandler.handle(callbackArr);
                    }
                }
            }
        }
    }

    public AbstractUsernameTokenAuthenticatingInterceptor() {
    }

    public AbstractUsernameTokenAuthenticatingInterceptor(Map<String, Object> map) {
        super(map);
    }

    public void setSupportDigestPasswords(boolean z) {
        this.supportDigestPasswords = z;
    }

    @Override // org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor
    protected SecurityContext createSecurityContext(Principal principal) {
        Message currentMessage = PhaseInterceptorChain.getCurrentMessage();
        if (currentMessage == null) {
            throw new IllegalStateException("Current message is not available");
        }
        return doCreateSecurityContext(principal, (Subject) currentMessage.get(Subject.class));
    }

    protected SecurityContext doCreateSecurityContext(Principal principal, Subject subject) {
        return new DefaultSecurityContext(principal, subject);
    }

    protected void setSubject(String str, String str2, boolean z, String str3, String str4) throws WSSecurityException {
        Message currentMessage = PhaseInterceptorChain.getCurrentMessage();
        if (currentMessage == null) {
            throw new IllegalStateException("Current message is not available");
        }
        try {
            Subject createSubject = createSubject(str, str2, z, str3, str4);
            if (createSubject == null || createSubject.getPrincipals().size() == 0 || !createSubject.getPrincipals().iterator().next().getName().equals(str)) {
                throw new WSSecurityException("Failed Authentication : Invalid Subject");
            }
            currentMessage.put((Class<Class>) Subject.class, (Class) createSubject);
        } catch (Exception e) {
            throw new WSSecurityException("Failed Authentication : Subject has not been created", e);
        }
    }

    protected abstract Subject createSubject(String str, String str2, boolean z, String str3, String str4) throws SecurityException;

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor
    public CallbackHandler getCallback(RequestData requestData, int i) throws WSSecurityException {
        if ((i & 1) == 0 || this.supportDigestPasswords) {
            return super.getCallback(requestData, i);
        }
        CallbackHandler callbackHandler = null;
        try {
            callbackHandler = super.getCallback(requestData, i);
        } catch (Exception e) {
        }
        return new DelegatingCallbackHandler(callbackHandler);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor
    public WSSecurityEngine getSecurityEngine() {
        if (!this.supportDigestPasswords) {
            return super.getSecurityEngine();
        }
        HashMap hashMap = new HashMap(3);
        hashMap.put(new QName(WSConstants.USERNAMETOKEN_NS, "UsernameToken"), this);
        hashMap.put(new QName(WSConstants.WSSE_NS, "UsernameToken"), this);
        hashMap.put(new QName(WSConstants.WSSE11_NS, "UsernameToken"), this);
        return createSecurityEngine(hashMap);
    }

    @Override // org.apache.ws.security.processor.Processor
    public void handleToken(Element element, Crypto crypto, Crypto crypto2, CallbackHandler callbackHandler, WSDocInfo wSDocInfo, Vector vector, WSSConfig wSSConfig) throws WSSecurityException {
        new CustomUsernameTokenProcessor().handleToken(element, crypto, crypto2, callbackHandler, wSDocInfo, vector, wSSConfig);
    }
}
