package org.apache.rampart;

import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.Vector;
import javax.xml.namespace.QName;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.soap.SOAPEnvelope;
import org.apache.axiom.soap.SOAPFault;
import org.apache.axiom.soap.SOAPFaultSubCode;
import org.apache.axiom.soap.SOAPFaultValue;
import org.apache.axiom.soap.SOAPHeader;
import org.apache.axiom.soap.SOAPHeaderBlock;
import org.apache.axis2.AxisFault;
import org.apache.axis2.context.MessageContext;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.rahas.Token;
import org.apache.rahas.TokenStorage;
import org.apache.rahas.impl.util.SAML2KeyInfo;
import org.apache.rahas.impl.util.SAML2Utils;
import org.apache.rampart.policy.RampartPolicyData;
import org.apache.rampart.util.Axis2Util;
import org.apache.rampart.util.RampartUtil;
import org.apache.ws.secpolicy.WSSPolicyException;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSSecurityEngine;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.WSUsernameTokenPrincipal;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.saml.SAMLKeyInfo;
import org.apache.ws.security.saml.SAMLUtil;
import org.opensaml.SAMLAssertion;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.Conditions;
import org.opensaml.saml2.core.Subject;
import org.opensaml.saml2.core.SubjectConfirmationData;

/* loaded from: input_file:WEB-INF/lib/rampart-core-1.6-wso2v1.jar:org/apache/rampart/RampartEngine.class */
public class RampartEngine {
    private static Log log = LogFactory.getLog(RampartEngine.class);
    private static Log tlog = LogFactory.getLog(RampartConstants.TIME_LOG);
    private static ServiceNonceCache serviceNonceCache = new ServiceNonceCache();

    public Vector process(MessageContext messageContext) throws WSSPolicyException, RampartException, WSSecurityException, AxisFault {
        Vector processSecurityHeader;
        Date date;
        boolean isDebugEnabled = log.isDebugEnabled();
        boolean isDebugEnabled2 = tlog.isDebugEnabled();
        if (isDebugEnabled) {
            log.debug("Enter process(MessageContext msgCtx)");
        }
        RampartMessageData rampartMessageData = new RampartMessageData(messageContext, false);
        RampartPolicyData policyData = rampartMessageData.getPolicyData();
        messageContext.setProperty(RampartMessageData.RAMPART_POLICY_DATA, policyData);
        RampartUtil.validateTransport(rampartMessageData);
        if (policyData == null) {
            return null;
        }
        if (isSecurityFault(rampartMessageData) || !RampartUtil.isSecHeaderRequired(policyData, rampartMessageData.isInitiator(), true)) {
            messageContext.setEnvelope(Axis2Util.getSOAPEnvelopeFromDOMDocument(rampartMessageData.getDocument(), true));
            Axis2Util.useDOOM(false);
            if (!isDebugEnabled) {
                return null;
            }
            log.debug("Return process MessageContext msgCtx)");
            return null;
        }
        WSSecurityEngine wSSecurityEngine = new WSSecurityEngine();
        ValidatorData validatorData = new ValidatorData(rampartMessageData);
        SOAPHeader header = rampartMessageData.getMsgContext().getEnvelope().getHeader();
        if (header == null) {
            throw new RampartException("missingSOAPHeader");
        }
        ArrayList headerBlocksWithNSURI = header.getHeaderBlocksWithNSURI("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
        SOAPHeaderBlock sOAPHeaderBlock = null;
        if (headerBlocksWithNSURI != null) {
            Iterator it = headerBlocksWithNSURI.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                SOAPHeaderBlock sOAPHeaderBlock2 = (SOAPHeaderBlock) it.next();
                if (sOAPHeaderBlock2.getLocalName().equals(WSConstants.WSSE_LN)) {
                    sOAPHeaderBlock = sOAPHeaderBlock2;
                    break;
                }
            }
        }
        if (sOAPHeaderBlock == null) {
            throw new RampartException("missingSecurityHeader");
        }
        long currentTimeMillis = isDebugEnabled2 ? System.currentTimeMillis() : 0L;
        String attributeValue = sOAPHeaderBlock.getAttributeValue(new QName(rampartMessageData.getSoapConstants().getEnvelopeURI(), "actor"));
        Crypto signatureCrypto = RampartUtil.getSignatureCrypto(policyData.getRampartConfig(), messageContext.getAxisService().getClassLoader());
        TokenCallbackHandler tokenCallbackHandler = new TokenCallbackHandler(rampartMessageData.getTokenStorage(), RampartUtil.getPasswordCB(rampartMessageData));
        if (policyData.isSymmetricBinding()) {
            if (isDebugEnabled) {
                log.debug("Processing security header using SymetricBinding");
            }
            processSecurityHeader = wSSecurityEngine.processSecurityHeader(rampartMessageData.getDocument(), attributeValue, tokenCallbackHandler, signatureCrypto, RampartUtil.getEncryptionCrypto(policyData.getRampartConfig(), messageContext.getAxisService().getClassLoader()));
        } else {
            if (isDebugEnabled) {
                log.debug("Processing security header in normal path");
            }
            processSecurityHeader = wSSecurityEngine.processSecurityHeader(rampartMessageData.getDocument(), attributeValue, tokenCallbackHandler, signatureCrypto, RampartUtil.getEncryptionCrypto(policyData.getRampartConfig(), messageContext.getAxisService().getClassLoader()));
        }
        long currentTimeMillis2 = isDebugEnabled2 ? System.currentTimeMillis() : 0L;
        for (int i = 0; i < processSecurityHeader.size(); i++) {
            WSSecurityEngineResult wSSecurityEngineResult = (WSSecurityEngineResult) processSecurityHeader.get(i);
            Integer num = (Integer) wSSecurityEngineResult.get("action");
            if (8 == num.intValue()) {
                if (wSSecurityEngineResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION) instanceof Assertion) {
                    Assertion assertion = (Assertion) wSSecurityEngineResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
                    String id = assertion.getID();
                    Subject subject = assertion.getSubject();
                    Date date2 = null;
                    if (assertion.getConditions() != null) {
                        Conditions conditions = assertion.getConditions();
                        date = conditions.getNotBefore() != null ? conditions.getNotBefore().toDate() : null;
                        if (conditions.getNotOnOrAfter() != null) {
                            date2 = conditions.getNotOnOrAfter().toDate();
                        }
                    } else {
                        SubjectConfirmationData subjectConfirmationData = subject.getSubjectConfirmations().get(0).getSubjectConfirmationData();
                        date = subjectConfirmationData.getNotBefore() != null ? subjectConfirmationData.getNotBefore().toDate() : null;
                        if (subjectConfirmationData.getNotOnOrAfter() != null) {
                            date2 = subjectConfirmationData.getNotOnOrAfter().toDate();
                        }
                    }
                    SAML2KeyInfo sAML2KeyInfo = SAML2Utils.getSAML2KeyInfo(assertion, signatureCrypto, tokenCallbackHandler);
                    try {
                        TokenStorage tokenStorage = rampartMessageData.getTokenStorage();
                        if (tokenStorage.getToken(id) == null) {
                            Token token = new Token(id, (OMElement) SAML2Utils.getElementFromAssertion(assertion), date, date2);
                            token.setSecret(sAML2KeyInfo.getSecret());
                            tokenStorage.add(token);
                        }
                    } catch (Exception e) {
                        throw new RampartException("errorInAddingTokenIntoStore", e);
                    }
                } else {
                    SAMLAssertion sAMLAssertion = (SAMLAssertion) wSSecurityEngineResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
                    String id2 = sAMLAssertion.getId();
                    Date notBefore = sAMLAssertion.getNotBefore();
                    Date notOnOrAfter = sAMLAssertion.getNotOnOrAfter();
                    SAMLKeyInfo sAMLKeyInfo = SAMLUtil.getSAMLKeyInfo(sAMLAssertion, signatureCrypto, tokenCallbackHandler);
                    try {
                        TokenStorage tokenStorage2 = rampartMessageData.getTokenStorage();
                        if (tokenStorage2.getToken(id2) == null) {
                            Token token2 = new Token(id2, (OMElement) sAMLAssertion.toDOM(), notBefore, notOnOrAfter);
                            token2.setSecret(sAMLKeyInfo.getSecret());
                            tokenStorage2.add(token2);
                        }
                    } catch (Exception e2) {
                        throw new RampartException("errorInAddingTokenIntoStore", e2);
                    }
                }
            } else if (1 == num.intValue()) {
                WSUsernameTokenPrincipal wSUsernameTokenPrincipal = (WSUsernameTokenPrincipal) wSSecurityEngineResult.get(WSSecurityEngineResult.TAG_PRINCIPAL);
                String name = wSUsernameTokenPrincipal.getName();
                messageContext.setProperty("username", name);
                if (wSUsernameTokenPrincipal.getNonce() != null) {
                    int i2 = 0;
                    if (policyData.getRampartConfig() != null) {
                        try {
                            i2 = Integer.parseInt(policyData.getRampartConfig().getNonceLifeTime());
                        } catch (NumberFormatException e3) {
                            log.error("Invalid value for nonceLifeTime in rampart configuration file.", e3);
                            throw new RampartException("invalidNonceLifeTime", e3);
                        }
                    }
                    String endpointName = messageContext.getAxisService().getEndpointName();
                    if (serviceNonceCache.isNonceRepeatingForService(endpointName, name, wSUsernameTokenPrincipal.getNonce())) {
                        throw new RampartException("repeatingNonceValue", new Object[]{wSUsernameTokenPrincipal.getNonce(), name});
                    }
                    serviceNonceCache.addNonceForService(endpointName, name, wSUsernameTokenPrincipal.getNonce(), i2);
                } else {
                    continue;
                }
            } else if (2 == num.intValue()) {
                messageContext.setProperty("X509Certificate", (X509Certificate) wSSecurityEngineResult.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE));
            }
        }
        SOAPEnvelope sOAPEnvelopeFromDOMDocument = Axis2Util.getSOAPEnvelopeFromDOMDocument(rampartMessageData.getDocument(), true);
        long currentTimeMillis3 = isDebugEnabled2 ? System.currentTimeMillis() : 0L;
        messageContext.setEnvelope(sOAPEnvelopeFromDOMDocument);
        Axis2Util.useDOOM(false);
        RampartUtil.getPolicyValidatorCB(messageContext, policyData).validate(validatorData, processSecurityHeader);
        if (isDebugEnabled2) {
            tlog.debug("processHeader by WSSecurityEngine took : " + (currentTimeMillis2 - currentTimeMillis) + ", DOOM conversion took :" + (currentTimeMillis3 - currentTimeMillis2) + ", PolicyBasedResultsValidattor took " + (System.currentTimeMillis() - currentTimeMillis3));
        }
        if (isDebugEnabled) {
            log.debug("Return process(MessageContext msgCtx)");
        }
        return processSecurityHeader;
    }

    private boolean isSecurityFault(RampartMessageData rampartMessageData) {
        SOAPFaultSubCode subCode;
        SOAPFaultValue value;
        SOAPFault fault = rampartMessageData.getMsgContext().getEnvelope().getBody().getFault();
        if (fault == null) {
            return false;
        }
        String namespaceURI = rampartMessageData.getMsgContext().getEnvelope().getNamespace().getNamespaceURI();
        return namespaceURI.equals("http://schemas.xmlsoap.org/soap/envelope/") ? fault.getCode().getTextAsQName().getNamespaceURI().equals("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd") : namespaceURI.equals("http://www.w3.org/2003/05/soap-envelope") && (subCode = fault.getCode().getSubCode()) != null && (value = subCode.getValue()) != null && value.getTextAsQName().getNamespaceURI().equals("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
    }
}
