package org.apache.sandesha2.security.rampart;

import java.util.List;
import java.util.Vector;
import javax.xml.namespace.QName;
import org.apache.axiom.om.OMContainer;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMFactory;
import org.apache.axiom.om.OMNamespace;
import org.apache.axiom.om.impl.builder.StAXOMBuilder;
import org.apache.axis2.client.Options;
import org.apache.axis2.context.ConfigurationContext;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.description.AxisModule;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.neethi.Policy;
import org.apache.rahas.SimpleTokenStore;
import org.apache.rahas.Token;
import org.apache.rahas.TokenStorage;
import org.apache.rahas.TrustException;
import org.apache.rahas.TrustUtil;
import org.apache.rahas.client.STSClient;
import org.apache.rampart.RampartException;
import org.apache.rampart.policy.RampartPolicyBuilder;
import org.apache.rampart.policy.RampartPolicyData;
import org.apache.rampart.util.RampartUtil;
import org.apache.sandesha2.SandeshaException;
import org.apache.sandesha2.client.SandeshaClientConstants;
import org.apache.sandesha2.i18n.SandeshaMessageHelper;
import org.apache.sandesha2.security.SecurityManager;
import org.apache.sandesha2.security.SecurityToken;
import org.apache.ws.secpolicy.WSSPolicyException;
import org.apache.ws.secpolicy.model.SecureConversationToken;
import org.apache.ws.security.WSDerivedKeyTokenPrincipal;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.handler.WSHandlerResult;
import org.apache.ws.security.message.token.Reference;

/* loaded from: input_file:org/apache/sandesha2/security/rampart/RampartBasedSecurityManager.class */
public class RampartBasedSecurityManager extends SecurityManager {
    private static final Log log;
    TokenStorage storage;
    static Class class$org$apache$sandesha2$security$rampart$RampartBasedSecurityManager;

    public RampartBasedSecurityManager(ConfigurationContext configurationContext) {
        super(configurationContext);
        this.storage = null;
        this.storage = (TokenStorage) configurationContext.getProperty("org.apache.rahas.TokenStorage");
        if (this.storage == null) {
            this.storage = new SimpleTokenStore();
            configurationContext.setProperty("org.apache.rahas.TokenStorage", this.storage);
        }
    }

    public void checkProofOfPossession(SecurityToken securityToken, OMElement oMElement, MessageContext messageContext) throws SandeshaException {
        SecurityToken recoverSecurityToken;
        Vector vector = (Vector) messageContext.getProperty("RECV_RESULTS");
        if (vector == null) {
            throw new SandeshaException(SandeshaMessageHelper.getMessage("noSecurityResults"));
        }
        boolean z = false;
        for (int i = 0; i < vector.size() && !z; i++) {
            Vector results = ((WSHandlerResult) vector.get(i)).getResults();
            for (int i2 = 0; i2 < results.size() && !z; i2++) {
                WSSecurityEngineResult wSSecurityEngineResult = (WSSecurityEngineResult) results.get(i2);
                if (wSSecurityEngineResult.getAction() == 2 && wSSecurityEngineResult.getPrincipal() != null) {
                    WSDerivedKeyTokenPrincipal principal = wSSecurityEngineResult.getPrincipal();
                    if ((principal instanceof WSDerivedKeyTokenPrincipal) && (recoverSecurityToken = recoverSecurityToken(principal.getBasetokenId())) != null) {
                        Token token = ((RampartSecurityToken) recoverSecurityToken).getToken();
                        String id = token.getId();
                        String uriFromSTR = token.getAttachedReference() != null ? getUriFromSTR(token.getAttachedReference()) : null;
                        String uriFromSTR2 = token.getUnattachedReference() != null ? getUriFromSTR(token.getUnattachedReference()) : null;
                        String id2 = ((RampartSecurityToken) securityToken).getToken().getId();
                        if (id.equals(id2) || uriFromSTR.equals(id2) || uriFromSTR2.equals(id2)) {
                            z = wSSecurityEngineResult.getSignedElements().contains(oMElement.getAttribute(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Id")).getAttributeValue());
                            if (z) {
                                break;
                            }
                        }
                    }
                }
            }
        }
        if (!z) {
            throw new SandeshaException(SandeshaMessageHelper.getMessage("proofOfPossessionNotVerified"));
        }
    }

    private String getUriFromSTR(OMElement oMElement) {
        return oMElement.getFirstChildWithName(Reference.TOKEN).getAttributeValue(new QName("URI")).substring(1);
    }

    public OMElement createSecurityTokenReference(SecurityToken securityToken, MessageContext messageContext) throws SandeshaException {
        OMFactory oMFactory = messageContext.getEnvelope().getOMFactory();
        RampartSecurityToken rampartSecurityToken = (RampartSecurityToken) securityToken;
        OMContainer attachedReference = rampartSecurityToken.getToken().getAttachedReference();
        if (attachedReference == null) {
            attachedReference = rampartSecurityToken.getToken().getUnattachedReference();
        }
        if (attachedReference == null) {
            attachedReference = oMFactory.createOMElement("SecurityTokenReference", "Security", "wsse");
            OMElement createOMElement = oMFactory.createOMElement(Reference.TOKEN, attachedReference);
            createOMElement.addAttribute("ValueType", "http://schemas.xmlsoap.org/ws/2005/02/sc/sct", (OMNamespace) null);
            createOMElement.addAttribute("URI", rampartSecurityToken.getToken().getId(), (OMNamespace) null);
        }
        return convertOMElement(oMFactory, attachedReference);
    }

    public SecurityToken getSecurityToken(MessageContext messageContext) throws SandeshaException {
        String str = (String) RampartUtil.getContextMap(messageContext).get(RampartUtil.getContextIdentifierKey(messageContext));
        if (str == null && !messageContext.isServerSide()) {
            try {
                OMElement createRSTTempalteForSCT = RampartUtil.createRSTTempalteForSCT(1, 1);
                String actionValue = TrustUtil.getActionValue(1, "/RST/SCT");
                Policy policy = (Policy) messageContext.getProperty("rampartPolicy");
                if (policy == null) {
                    return null;
                }
                RampartPolicyData build = RampartPolicyBuilder.build((List) policy.getAlternatives().next());
                SecureConversationToken encryptionToken = build.getEncryptionToken();
                SecureConversationToken secureConversationToken = (encryptionToken == null || !(encryptionToken instanceof SecureConversationToken)) ? null : encryptionToken;
                if (secureConversationToken == null) {
                    org.apache.ws.secpolicy.model.Token signatureToken = build.getSignatureToken();
                    secureConversationToken = (signatureToken == null || !(signatureToken instanceof SecureConversationToken)) ? null : (SecureConversationToken) signatureToken;
                }
                if (secureConversationToken == null) {
                    log.debug(SandeshaMessageHelper.getMessage("noSecConvTokenInPolicy"));
                    return null;
                }
                Policy bootstrapPolicy = secureConversationToken.getBootstrapPolicy();
                bootstrapPolicy.addAssertion(build.getRampartConfig());
                STSClient sTSClient = new STSClient(messageContext.getConfigurationContext());
                Options options = new Options();
                options.setProperty(SandeshaClientConstants.UNRELIABLE_MESSAGE, "true");
                sTSClient.setOptions(options);
                sTSClient.setAction(actionValue);
                sTSClient.setRstTemplate(createRSTTempalteForSCT);
                sTSClient.setCryptoInfo(RampartUtil.getEncryptionCrypto(build.getRampartConfig(), messageContext.getAxisService().getClassLoader()), RampartUtil.getPasswordCB(messageContext, build));
                Token requestSecurityToken = sTSClient.requestSecurityToken(policy, messageContext.getTo().getAddress(), bootstrapPolicy, (String) null);
                requestSecurityToken.setState(1);
                this.storage.add(requestSecurityToken);
                RampartUtil.getContextMap(messageContext).put(RampartUtil.getContextIdentifierKey(messageContext), requestSecurityToken.getId());
                str = requestSecurityToken.getId();
            } catch (TrustException e) {
                throw new SandeshaException(e.getMessage(), e);
            } catch (RampartException e2) {
                throw new SandeshaException(e2.getMessage(), e2);
            } catch (WSSPolicyException e3) {
                throw new SandeshaException(e3.getMessage(), e3);
            }
        }
        return recoverSecurityToken(str);
    }

    public SecurityToken getSecurityToken(OMElement oMElement, MessageContext messageContext) throws SandeshaException {
        String attributeValue = oMElement.getFirstChildWithName(Reference.TOKEN).getAttributeValue(new QName("URI"));
        String str = attributeValue;
        if (!attributeValue.startsWith("urn:") && attributeValue.startsWith("#")) {
            str = str.substring(1);
        }
        return recoverSecurityToken(str);
    }

    public String getTokenRecoveryData(SecurityToken securityToken) throws SandeshaException {
        String id = ((RampartSecurityToken) securityToken).getToken().getId();
        if (!id.startsWith("urn:") && id.startsWith("#")) {
            id = id.substring(1);
        }
        return id;
    }

    public void initSecurity(AxisModule axisModule) {
    }

    public SecurityToken recoverSecurityToken(String str) throws SandeshaException {
        try {
            Token token = this.storage.getToken(str);
            if (token != null) {
                return new RampartSecurityToken(token);
            }
            throw new SandeshaException(SandeshaMessageHelper.getMessage("errorRetrievingSecurityToken"));
        } catch (TrustException e) {
            throw new SandeshaException(SandeshaMessageHelper.getMessage("errorRetrievingSecurityToken"));
        }
    }

    private OMElement convertOMElement(OMFactory oMFactory, OMElement oMElement) {
        return new StAXOMBuilder(oMFactory, oMElement.getXMLStreamReader()).getDocumentElement();
    }

    public void applySecurityToken(SecurityToken securityToken, MessageContext messageContext) throws SandeshaException {
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$org$apache$sandesha2$security$rampart$RampartBasedSecurityManager == null) {
            cls = class$("org.apache.sandesha2.security.rampart.RampartBasedSecurityManager");
            class$org$apache$sandesha2$security$rampart$RampartBasedSecurityManager = cls;
        } else {
            cls = class$org$apache$sandesha2$security$rampart$RampartBasedSecurityManager;
        }
        log = LogFactory.getLog(cls);
    }
}
