package org.apache.cxf.ws.security.wss4j;

import java.io.IOException;
import java.net.URI;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.regex.Pattern;
import java.util.regex.PatternSyntaxException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.xml.namespace.QName;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.binding.soap.interceptor.SoapInterceptor;
import org.apache.cxf.common.classloader.ClassLoaderUtils;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.endpoint.Endpoint;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.Message;
import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.phase.PhaseInterceptor;
import org.apache.cxf.resource.ResourceManager;
import org.apache.cxf.service.model.EndpointInfo;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.crypto.JasyptPasswordEncryptor;
import org.apache.wss4j.common.crypto.PasswordEncryptor;
import org.apache.wss4j.common.ext.WSPasswordCallback;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.util.Loader;
import org.apache.wss4j.stax.ConfigurationConverter;
import org.apache.wss4j.stax.ext.WSSSecurityProperties;

/* loaded from: input_file:org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.class */
public abstract class AbstractWSS4JStaxInterceptor implements SoapInterceptor, PhaseInterceptor<SoapMessage> {
    private static final Set<QName> HEADERS = new HashSet();
    private static final Logger LOG;
    private final Map<String, Object> properties;
    private final WSSSecurityProperties userSecurityProperties;
    private Map<String, Crypto> cryptos;
    private final Set<String> before;
    private final Set<String> after;
    private String phase;
    private String id;

    public AbstractWSS4JStaxInterceptor(WSSSecurityProperties wSSSecurityProperties) {
        this.cryptos = new ConcurrentHashMap();
        this.before = new HashSet();
        this.after = new HashSet();
        this.id = getClass().getName();
        this.userSecurityProperties = wSSSecurityProperties;
        this.properties = null;
    }

    public AbstractWSS4JStaxInterceptor(Map<String, Object> map) {
        this.cryptos = new ConcurrentHashMap();
        this.before = new HashSet();
        this.after = new HashSet();
        this.id = getClass().getName();
        this.properties = map;
        this.userSecurityProperties = null;
    }

    public AbstractWSS4JStaxInterceptor() {
        this.cryptos = new ConcurrentHashMap();
        this.before = new HashSet();
        this.after = new HashSet();
        this.id = getClass().getName();
        this.userSecurityProperties = null;
        this.properties = null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public WSSSecurityProperties createSecurityProperties() {
        if (this.userSecurityProperties != null) {
            return new WSSSecurityProperties(this.userSecurityProperties);
        }
        WSSSecurityProperties wSSSecurityProperties = new WSSSecurityProperties();
        ConfigurationConverter.parseActions(this.properties, wSSSecurityProperties);
        ConfigurationConverter.parseUserProperties(this.properties, wSSSecurityProperties);
        ConfigurationConverter.parseCallback(this.properties, wSSSecurityProperties);
        ConfigurationConverter.parseBooleanProperties(this.properties, wSSSecurityProperties);
        ConfigurationConverter.parseNonBooleanProperties(this.properties, wSSSecurityProperties);
        return wSSSecurityProperties;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void translateProperties(SoapMessage soapMessage, WSSSecurityProperties wSSSecurityProperties) {
        String str = (String) soapMessage.getContextualProperty(SecurityConstants.IS_BSP_COMPLIANT);
        if (str != null) {
            wSSSecurityProperties.setDisableBSPEnforcement(!Boolean.valueOf(str).booleanValue());
        }
        String str2 = (String) soapMessage.getContextualProperty(SecurityConstants.TIMESTAMP_FUTURE_TTL);
        if (str2 != null) {
            wSSSecurityProperties.setTimeStampFutureTTL(Integer.valueOf(Integer.parseInt(str2)));
        }
        String str3 = (String) soapMessage.getContextualProperty(SecurityConstants.TIMESTAMP_TTL);
        if (str3 != null) {
            wSSSecurityProperties.setTimestampTTL(Integer.valueOf(Integer.parseInt(str3)));
        }
        String str4 = (String) soapMessage.getContextualProperty(SecurityConstants.USERNAMETOKEN_FUTURE_TTL);
        if (str4 != null) {
            wSSSecurityProperties.setUtFutureTTL(Integer.valueOf(Integer.parseInt(str4)));
        }
        String str5 = (String) soapMessage.getContextualProperty(SecurityConstants.USERNAMETOKEN_TTL);
        if (str5 != null) {
            wSSSecurityProperties.setUtTTL(Integer.valueOf(Integer.parseInt(str5)));
        }
        String str6 = (String) soapMessage.getContextualProperty(SecurityConstants.SUBJECT_CERT_CONSTRAINTS);
        if (str6 != null && !"".equals(str6)) {
            wSSSecurityProperties.setSubjectCertConstraints(convertCertConstraints(str6));
        }
        String str7 = (String) soapMessage.getContextualProperty(SecurityConstants.VALIDATE_SAML_SUBJECT_CONFIRMATION);
        if (str7 != null) {
            wSSSecurityProperties.setValidateSamlSubjectConfirmation(Boolean.valueOf(str7).booleanValue());
        }
        String str8 = (String) soapMessage.getContextualProperty(SecurityConstants.ACTOR);
        if (str8 != null) {
            wSSSecurityProperties.setActor(str8);
        }
        wSSSecurityProperties.setMustUnderstand(MessageUtils.getContextualBoolean(soapMessage, SecurityConstants.MUST_UNDERSTAND, true));
        wSSSecurityProperties.setDisableSchemaValidation(!MessageUtils.getContextualBoolean(soapMessage, "schema-validation-enabled", false));
    }

    private Collection<Pattern> convertCertConstraints(String str) {
        String[] split = str.split(",");
        if (split == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList(split.length);
        for (String str2 : split) {
            try {
                arrayList.add(Pattern.compile(str2.trim()));
            } catch (PatternSyntaxException e) {
                LOG.log(Level.SEVERE, e.getMessage(), (Throwable) e);
            }
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void configureCallbackHandler(SoapMessage soapMessage, WSSSecurityProperties wSSSecurityProperties) throws WSSecurityException {
        Object contextualProperty = soapMessage.getContextualProperty(SecurityConstants.CALLBACK_HANDLER);
        if (contextualProperty instanceof String) {
            try {
                contextualProperty = ClassLoaderUtils.loadClass((String) contextualProperty, getClass()).newInstance();
                if (contextualProperty instanceof CallbackHandler) {
                    EndpointInfo endpointInfo = ((Endpoint) soapMessage.getExchange().get(Endpoint.class)).getEndpointInfo();
                    synchronized (endpointInfo) {
                        endpointInfo.setProperty(SecurityConstants.CALLBACK_HANDLER, contextualProperty);
                    }
                    ((Endpoint) soapMessage.getExchange().get(Endpoint.class)).put(SecurityConstants.CALLBACK_HANDLER, contextualProperty);
                    soapMessage.getExchange().put(SecurityConstants.CALLBACK_HANDLER, contextualProperty);
                }
            } catch (Exception e) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
            }
        }
        if (contextualProperty == null && getPassword(soapMessage) != null) {
            final String password = getPassword(soapMessage);
            contextualProperty = new CallbackHandler() { // from class: org.apache.cxf.ws.security.wss4j.AbstractWSS4JStaxInterceptor.1
                @Override // javax.security.auth.callback.CallbackHandler
                public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
                    for (Callback callback : callbackArr) {
                        if (callback instanceof WSPasswordCallback) {
                            ((WSPasswordCallback) callback).setPassword(password);
                        }
                    }
                }
            };
        }
        if (contextualProperty instanceof CallbackHandler) {
            wSSSecurityProperties.setCallbackHandler((CallbackHandler) contextualProperty);
        }
    }

    public Set<URI> getRoles() {
        return null;
    }

    public void handleFault(SoapMessage soapMessage) {
    }

    public void postHandleMessage(SoapMessage soapMessage) throws Fault {
    }

    public Collection<PhaseInterceptor<? extends Message>> getAdditionalInterceptors() {
        return null;
    }

    public String getPhase() {
        return this.phase;
    }

    public void setPhase(String str) {
        this.phase = str;
    }

    public Object getOption(String str) {
        if (this.properties != null) {
            return this.properties.get(str);
        }
        return null;
    }

    public String getPassword(Object obj) {
        return (String) ((Message) obj).getContextualProperty("password");
    }

    public Object getProperty(Object obj, String str) {
        Object contextualProperty = ((Message) obj).getContextualProperty(str);
        if (contextualProperty == null) {
            contextualProperty = getOption(str);
        }
        return contextualProperty;
    }

    public void setPassword(Object obj, String str) {
        ((Message) obj).put("password", str);
    }

    public void setProperty(Object obj, String str, Object obj2) {
        ((Message) obj).put(str, obj2);
    }

    public String getId() {
        return this.id;
    }

    public void setId(String str) {
        this.id = str;
    }

    public Set<QName> getUnderstoodHeaders() {
        return HEADERS;
    }

    public Map<String, Object> getProperties() {
        return this.properties != null ? this.properties : Collections.emptyMap();
    }

    public Set<String> getAfter() {
        return this.after;
    }

    public Set<String> getBefore() {
        return this.before;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isRequestor(SoapMessage soapMessage) {
        return MessageUtils.isRequestor(soapMessage);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Crypto loadCrypto(SoapMessage soapMessage, String str, String str2, WSSSecurityProperties wSSSecurityProperties) throws WSSecurityException {
        String str3;
        Crypto crypto = null;
        String str4 = (String) getProperty(soapMessage, str2);
        if (str4 != null) {
            crypto = this.cryptos.get(str4);
            if (crypto == null) {
                Object property = getProperty(soapMessage, str4);
                if (property instanceof Properties) {
                    crypto = CryptoFactory.getInstance((Properties) property, getClassLoader(), getPasswordEncryptor(soapMessage, wSSSecurityProperties));
                    this.cryptos.put(str4, crypto);
                } else if (property instanceof Crypto) {
                    crypto = (Crypto) property;
                    this.cryptos.put(str4, crypto);
                }
            }
            if (crypto == null) {
                LOG.info("The Crypto reference " + str4 + " specified by " + str2 + " could not be loaded");
            }
        }
        if (crypto == null && (str3 = (String) getProperty(soapMessage, str)) != null) {
            crypto = this.cryptos.get(str3);
            if (crypto == null) {
                crypto = loadCryptoFromPropertiesFile(soapMessage, str3, wSSSecurityProperties);
                this.cryptos.put(str3, crypto);
            }
            if (crypto == null) {
                LOG.info("The Crypto properties file " + str3 + " specified by " + str + " could not be loaded or found");
            }
        }
        return crypto;
    }

    protected Crypto loadCryptoFromPropertiesFile(SoapMessage soapMessage, String str, WSSSecurityProperties wSSSecurityProperties) throws WSSecurityException {
        return WSS4JUtils.loadCryptoFromPropertiesFile(soapMessage, str, getClass(), getClassLoader(), getPasswordEncryptor(soapMessage, wSSSecurityProperties));
    }

    protected PasswordEncryptor getPasswordEncryptor(SoapMessage soapMessage, WSSSecurityProperties wSSSecurityProperties) {
        PasswordEncryptor passwordEncryptor = (PasswordEncryptor) soapMessage.getContextualProperty(SecurityConstants.PASSWORD_ENCRYPTOR_INSTANCE);
        if (passwordEncryptor != null) {
            return passwordEncryptor;
        }
        CallbackHandler callbackHandler = wSSSecurityProperties.getCallbackHandler();
        if (callbackHandler == null) {
            callbackHandler = (CallbackHandler) getProperties().get("passwordCallbackRef");
        }
        if (callbackHandler != null) {
            return new JasyptPasswordEncryptor(callbackHandler);
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AssertionInfo getFirstAssertionByLocalname(AssertionInfoMap assertionInfoMap, String str) {
        Collection collection = (Collection) assertionInfoMap.get(new QName("http://schemas.xmlsoap.org/ws/2005/07/securitypolicy", str));
        if (collection != null && !collection.isEmpty()) {
            return (AssertionInfo) collection.iterator().next();
        }
        Collection collection2 = (Collection) assertionInfoMap.get(new QName("http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702", str));
        if (collection2 == null || collection2.isEmpty()) {
            return null;
        }
        return (AssertionInfo) collection2.iterator().next();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Crypto getEncryptionCrypto(Object obj, SoapMessage soapMessage, WSSSecurityProperties wSSSecurityProperties) throws WSSecurityException {
        if (obj == null) {
            return null;
        }
        if (obj instanceof Crypto) {
            return (Crypto) obj;
        }
        Properties props = WSS4JUtils.getProps(obj, WSS4JUtils.getPropertiesFileURL(obj, (ResourceManager) soapMessage.getExchange().getBus().getExtension(ResourceManager.class), getClass()));
        if (props == null) {
            LOG.fine("Cannot find Crypto Encryption properties: " + obj);
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, new Exception("Cannot find Crypto Encryption properties: " + obj));
        }
        Crypto cryptoFactory = CryptoFactory.getInstance(props, Loader.getClassLoader(CryptoFactory.class), getPasswordEncryptor(soapMessage, wSSSecurityProperties));
        EndpointInfo endpointInfo = ((Endpoint) soapMessage.getExchange().get(Endpoint.class)).getEndpointInfo();
        synchronized (endpointInfo) {
            endpointInfo.setProperty(SecurityConstants.ENCRYPT_CRYPTO, cryptoFactory);
        }
        return cryptoFactory;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Crypto getSignatureCrypto(Object obj, SoapMessage soapMessage, WSSSecurityProperties wSSSecurityProperties) throws WSSecurityException {
        if (obj == null) {
            return null;
        }
        if (obj instanceof Crypto) {
            return (Crypto) obj;
        }
        Properties props = WSS4JUtils.getProps(obj, WSS4JUtils.getPropertiesFileURL(obj, (ResourceManager) soapMessage.getExchange().getBus().getExtension(ResourceManager.class), getClass()));
        if (props == null) {
            LOG.fine("Cannot find Crypto Signature properties: " + obj);
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, new Exception("Cannot find Crypto Signature properties: " + obj));
        }
        Crypto cryptoFactory = CryptoFactory.getInstance(props, Loader.getClassLoader(CryptoFactory.class), getPasswordEncryptor(soapMessage, wSSSecurityProperties));
        EndpointInfo endpointInfo = ((Endpoint) soapMessage.getExchange().get(Endpoint.class)).getEndpointInfo();
        synchronized (endpointInfo) {
            endpointInfo.setProperty(SecurityConstants.SIGNATURE_CRYPTO, cryptoFactory);
        }
        return cryptoFactory;
    }

    private ClassLoader getClassLoader() {
        try {
            return Loader.getTCL();
        } catch (Exception e) {
            return null;
        }
    }

    static {
        HEADERS.add(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Security"));
        HEADERS.add(new QName("http://www.w3.org/2001/04/xmlenc#", "EncryptedData"));
        HEADERS.add(new QName("http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd", "EncryptedHeader"));
        LOG = LogUtils.getL7dLogger(AbstractWSS4JStaxInterceptor.class);
    }
}
