package org.apache.cxf.ws.security.policy.interceptors;

import java.util.Collection;
import java.util.Iterator;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.phase.Phase;
import org.apache.cxf.rt.security.utils.SecurityUtils;
import org.apache.cxf.ws.addressing.AddressingProperties;
import org.apache.cxf.ws.addressing.JAXWSAConstants;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.cxf.ws.security.policy.PolicyUtils;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.cxf.ws.security.tokenstore.TokenStoreUtils;
import org.apache.cxf.ws.security.trust.STSClient;
import org.apache.cxf.ws.security.trust.STSUtils;
import org.apache.wss4j.common.spnego.SpnegoClientAction;
import org.apache.wss4j.common.spnego.SpnegoTokenContext;
import org.apache.wss4j.policy.SPConstants;
import org.apache.wss4j.policy.model.Trust10;
import org.apache.wss4j.policy.model.Trust13;
import org.apache.xml.security.utils.Base64;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-322.zip:modules/system/layers/fuse/org/apache/cxf/3.1/cxf-rt-ws-security-3.1.5.redhat-630322.jar:org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.class */
class SpnegoContextTokenOutInterceptor extends AbstractPhaseInterceptor<SoapMessage> {
    /* JADX INFO: Access modifiers changed from: package-private */
    public SpnegoContextTokenOutInterceptor() {
        super(Phase.PREPARE_SEND);
    }

    @Override // org.apache.cxf.interceptor.Interceptor
    public void handleMessage(SoapMessage soapMessage) throws Fault {
        AssertionInfoMap assertionInfoMap = (AssertionInfoMap) soapMessage.get(AssertionInfoMap.class);
        if (assertionInfoMap != null) {
            Collection<AssertionInfo> allAssertionsByLocalname = PolicyUtils.getAllAssertionsByLocalname(assertionInfoMap, SPConstants.SPNEGO_CONTEXT_TOKEN);
            if (allAssertionsByLocalname.isEmpty()) {
                return;
            }
            if (!isRequestor(soapMessage)) {
                Iterator<AssertionInfo> it = allAssertionsByLocalname.iterator();
                while (it.hasNext()) {
                    it.next().setAsserted(true);
                }
                return;
            }
            String str = (String) soapMessage.getContextualProperty(SecurityConstants.TOKEN_ID);
            SecurityToken securityToken = null;
            if (str != null) {
                securityToken = TokenStoreUtils.getTokenStore(soapMessage).getToken(str);
                if (securityToken != null && securityToken.isExpired()) {
                    soapMessage.getExchange().getEndpoint().remove(SecurityConstants.TOKEN_ID);
                    soapMessage.getExchange().remove(SecurityConstants.TOKEN_ID);
                    TokenStoreUtils.getTokenStore(soapMessage).remove(str);
                    securityToken = null;
                }
            }
            if (securityToken == null) {
                securityToken = issueToken(soapMessage, assertionInfoMap);
            }
            if (securityToken != null) {
                Iterator<AssertionInfo> it2 = allAssertionsByLocalname.iterator();
                while (it2.hasNext()) {
                    it2.next().setAsserted(true);
                }
                soapMessage.getExchange().getEndpoint().put(SecurityConstants.TOKEN_ID, securityToken.getId());
                soapMessage.getExchange().put(SecurityConstants.TOKEN_ID, securityToken.getId());
                TokenStoreUtils.getTokenStore(soapMessage).add(securityToken);
            }
        }
    }

    private SecurityToken issueToken(SoapMessage soapMessage, AssertionInfoMap assertionInfoMap) {
        SecurityToken requestSecurityToken;
        String str = (String) soapMessage.getContextualProperty(SecurityConstants.KERBEROS_JAAS_CONTEXT_NAME);
        String str2 = (String) soapMessage.getContextualProperty(SecurityConstants.KERBEROS_SPN);
        SpnegoTokenContext spnegoTokenContext = new SpnegoTokenContext();
        Object contextualProperty = soapMessage.getContextualProperty(SecurityConstants.SPNEGO_CLIENT_ACTION);
        if (contextualProperty instanceof SpnegoClientAction) {
            spnegoTokenContext.setSpnegoClientAction((SpnegoClientAction) contextualProperty);
        }
        try {
            spnegoTokenContext.retrieveServiceTicket(str, SecurityUtils.getCallbackHandler(SecurityUtils.getSecurityPropertyValue(org.apache.cxf.rt.security.SecurityConstants.CALLBACK_HANDLER, soapMessage)), str2);
            STSClient client = STSUtils.getClient(soapMessage, "spnego");
            AddressingProperties addressingProperties = (AddressingProperties) soapMessage.get("javax.xml.ws.addressing.context.outbound");
            if (addressingProperties == null) {
                addressingProperties = (AddressingProperties) soapMessage.get(JAXWSAConstants.CLIENT_ADDRESSING_PROPERTIES);
            }
            synchronized (client) {
                try {
                    try {
                        String str3 = SpnegoTokenInterceptorProvider.setupClient(client, soapMessage, assertionInfoMap);
                        if (addressingProperties != null) {
                            client.setAddressingNamespace(addressingProperties.getNamespaceURI());
                        }
                        requestSecurityToken = client.requestSecurityToken(str3, Base64.encode(spnegoTokenContext.getToken()));
                        requestSecurityToken.setSecret(spnegoTokenContext.unwrapKey(requestSecurityToken.getSecret()));
                        spnegoTokenContext.clear();
                        client.setTrust((Trust10) null);
                        client.setTrust((Trust13) null);
                        client.setTemplate(null);
                        client.setLocation(null);
                        client.setAddressingNamespace(null);
                    } catch (Throwable th) {
                        client.setTrust((Trust10) null);
                        client.setTrust((Trust13) null);
                        client.setTemplate(null);
                        client.setLocation(null);
                        client.setAddressingNamespace(null);
                        throw th;
                    }
                } catch (RuntimeException e) {
                    throw e;
                } catch (Exception e2) {
                    throw new Fault(e2);
                }
            }
            return requestSecurityToken;
        } catch (Exception e3) {
            throw new Fault(e3);
        }
    }
}
