package org.apache.cxf.ws.security.policy.interceptors;

import java.util.Collection;
import java.util.Iterator;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.endpoint.Endpoint;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.Message;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.phase.Phase;
import org.apache.cxf.ws.addressing.AddressingProperties;
import org.apache.cxf.ws.addressing.JAXWSAConstants;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.cxf.ws.security.policy.SP12Constants;
import org.apache.cxf.ws.security.policy.model.SecureConversationToken;
import org.apache.cxf.ws.security.policy.model.Trust10;
import org.apache.cxf.ws.security.policy.model.Trust13;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.cxf.ws.security.trust.STSClient;
import org.apache.cxf.ws.security.trust.STSUtils;

/* loaded from: input_file:org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.class */
class SecureConversationOutInterceptor extends AbstractPhaseInterceptor<SoapMessage> {
    public SecureConversationOutInterceptor() {
        super(Phase.PREPARE_SEND);
    }

    @Override // org.apache.cxf.interceptor.Interceptor
    public void handleMessage(SoapMessage soapMessage) throws Fault {
        Collection<AssertionInfo> collection;
        String str;
        AssertionInfoMap assertionInfoMap = (AssertionInfoMap) soapMessage.get(AssertionInfoMap.class);
        if (assertionInfoMap == null || (collection = assertionInfoMap.get(SP12Constants.SECURE_CONVERSATION_TOKEN)) == null || collection.isEmpty()) {
            return;
        }
        if (!isRequestor(soapMessage)) {
            Iterator<AssertionInfo> it = collection.iterator();
            while (it.hasNext()) {
                it.next().setAsserted(true);
            }
            return;
        }
        SecureConversationToken secureConversationToken = (SecureConversationToken) collection.iterator().next().getAssertion();
        SecurityToken securityToken = (SecurityToken) soapMessage.getContextualProperty(SecurityConstants.TOKEN);
        if (securityToken == null && (str = (String) soapMessage.getContextualProperty(SecurityConstants.TOKEN_ID)) != null) {
            securityToken = NegotiationUtils.getTokenStore(soapMessage).getToken(str);
        }
        SecurityToken issueToken = securityToken == null ? issueToken(soapMessage, assertionInfoMap, secureConversationToken) : renewToken(soapMessage, assertionInfoMap, securityToken, secureConversationToken);
        if (issueToken != null) {
            Iterator<AssertionInfo> it2 = collection.iterator();
            while (it2.hasNext()) {
                it2.next().setAsserted(true);
            }
            ((Endpoint) soapMessage.getExchange().get(Endpoint.class)).put(SecurityConstants.TOKEN, issueToken);
            ((Endpoint) soapMessage.getExchange().get(Endpoint.class)).put(SecurityConstants.TOKEN_ID, issueToken.getId());
            soapMessage.getExchange().put(SecurityConstants.TOKEN_ID, issueToken.getId());
            soapMessage.getExchange().put(SecurityConstants.TOKEN, issueToken);
            NegotiationUtils.getTokenStore(soapMessage).add(issueToken);
        }
    }

    private SecurityToken renewToken(SoapMessage soapMessage, AssertionInfoMap assertionInfoMap, SecurityToken securityToken, SecureConversationToken secureConversationToken) {
        SecurityToken renewSecurityToken;
        if (!securityToken.isExpired()) {
            return securityToken;
        }
        STSClient client = STSUtils.getClient(soapMessage, "sct");
        AddressingProperties addressingProperties = (AddressingProperties) soapMessage.get("javax.xml.ws.addressing.context.outbound");
        if (addressingProperties == null) {
            addressingProperties = (AddressingProperties) soapMessage.get(JAXWSAConstants.CLIENT_ADDRESSING_PROPERTIES);
        } else if (addressingProperties.getAction().getValue().endsWith("Renew")) {
            return securityToken;
        }
        synchronized (client) {
            try {
                try {
                    SecureConversationTokenInterceptorProvider.setupClient(client, soapMessage, assertionInfoMap, secureConversationToken, true);
                    client.setLocation(soapMessage.getContextualProperty(Message.ENDPOINT_ADDRESS).toString());
                    client.getRequestContext().put(SecurityConstants.TOKEN_ID, securityToken.getId());
                    if (addressingProperties != null) {
                        client.setAddressingNamespace(addressingProperties.getNamespaceURI());
                    }
                    renewSecurityToken = client.renewSecurityToken(securityToken);
                    client.setTrust((Trust10) null);
                    client.setTrust((Trust13) null);
                    client.setTemplate(null);
                    client.setLocation(null);
                    client.setAddressingNamespace(null);
                } catch (Throwable th) {
                    client.setTrust((Trust10) null);
                    client.setTrust((Trust13) null);
                    client.setTemplate(null);
                    client.setLocation(null);
                    client.setAddressingNamespace(null);
                    throw th;
                }
            } catch (RuntimeException e) {
                throw e;
            } catch (Exception e2) {
                throw new Fault(e2);
            }
        }
        return renewSecurityToken;
    }

    private SecurityToken issueToken(SoapMessage soapMessage, AssertionInfoMap assertionInfoMap, SecureConversationToken secureConversationToken) {
        SecurityToken requestSecurityToken;
        STSClient client = STSUtils.getClient(soapMessage, "sct");
        AddressingProperties addressingProperties = (AddressingProperties) soapMessage.get("javax.xml.ws.addressing.context.outbound");
        if (addressingProperties == null) {
            addressingProperties = (AddressingProperties) soapMessage.get(JAXWSAConstants.CLIENT_ADDRESSING_PROPERTIES);
        }
        synchronized (client) {
            try {
                try {
                    String str = SecureConversationTokenInterceptorProvider.setupClient(client, soapMessage, assertionInfoMap, secureConversationToken, false);
                    if (addressingProperties != null) {
                        client.setAddressingNamespace(addressingProperties.getNamespaceURI());
                    }
                    requestSecurityToken = client.requestSecurityToken(str);
                    String tokenType = requestSecurityToken.getTokenType();
                    requestSecurityToken.setTokenType(tokenType);
                    if (tokenType == null || "".equals(tokenType)) {
                        requestSecurityToken.setTokenType(STSUtils.TOKEN_TYPE_SCT_05_02);
                    }
                } finally {
                    client.setTrust((Trust10) null);
                    client.setTrust((Trust13) null);
                    client.setTemplate(null);
                    client.setLocation(null);
                    client.setAddressingNamespace(null);
                }
            } catch (RuntimeException e) {
                throw e;
            } catch (Exception e2) {
                throw new Fault(e2);
            }
        }
        return requestSecurityToken;
    }
}
