package org.apache.servicemix.cxfbc.interceptors;

import java.security.GeneralSecurityException;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.Vector;
import javax.security.auth.Subject;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.ws.security.wss4j.AbstractWSS4JInterceptor;
import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor;
import org.apache.servicemix.jbi.security.auth.AuthenticationService;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSUsernameTokenPrincipal;
import org.apache.ws.security.handler.WSHandlerResult;

/* loaded from: input_file:org/apache/servicemix/cxfbc/interceptors/JbiJAASInterceptor.class */
public class JbiJAASInterceptor extends AbstractWSS4JInterceptor {
    private AuthenticationService authenticationService;
    private boolean x509;
    private String domain = "servicemix-domain";
    private ThreadLocal<Subject> currentSubject = new ThreadLocal<>();

    public JbiJAASInterceptor(AuthenticationService authenticationService, boolean z) {
        setPhase("pre-protocol");
        getAfter().add(WSS4JInInterceptor.class.getName());
        this.authenticationService = authenticationService;
        this.x509 = z;
    }

    public void handleMessage(SoapMessage soapMessage) throws Fault {
        try {
            try {
                Subject subject = this.currentSubject.get();
                if (subject == null) {
                    subject = new Subject();
                    this.currentSubject.set(subject);
                }
                Vector<WSHandlerResult> vector = (Vector) soapMessage.get("RECV_RESULTS");
                if (vector == null) {
                    return;
                }
                for (WSHandlerResult wSHandlerResult : vector) {
                    if (wSHandlerResult == null || wSHandlerResult.getResults() == null) {
                        this.currentSubject.set(null);
                        return;
                    }
                    boolean z = false;
                    Iterator it = wSHandlerResult.getResults().iterator();
                    while (it.hasNext()) {
                        WSSecurityEngineResult wSSecurityEngineResult = (WSSecurityEngineResult) it.next();
                        if (wSSecurityEngineResult != null && (wSSecurityEngineResult.getPrincipal() instanceof WSUsernameTokenPrincipal)) {
                            WSUsernameTokenPrincipal principal = wSSecurityEngineResult.getPrincipal();
                            subject.getPrincipals().add(principal);
                            this.authenticationService.authenticate(subject, this.domain, principal.getName(), principal.getPassword());
                            z = true;
                        }
                    }
                    if (!z && this.x509) {
                        Iterator it2 = wSHandlerResult.getResults().iterator();
                        while (it2.hasNext()) {
                            WSSecurityEngineResult wSSecurityEngineResult2 = (WSSecurityEngineResult) it2.next();
                            if (wSSecurityEngineResult2 != null && (wSSecurityEngineResult2.getCertificate() instanceof X509Certificate)) {
                                X509Certificate certificate = wSSecurityEngineResult2.getCertificate();
                                this.authenticationService.authenticate(subject, this.domain, certificate.getIssuerX500Principal().getName(), certificate);
                            }
                        }
                    }
                }
                soapMessage.put(Subject.class, subject);
                this.currentSubject.set(null);
            } catch (GeneralSecurityException e) {
                throw new Fault(e);
            }
        } finally {
            this.currentSubject.set(null);
        }
    }
}
