package org.jboss.net.axis.security.handler;

import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Vector;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.security.auth.x500.X500Principal;
import javax.xml.namespace.QName;
import javax.xml.soap.SOAPHeader;
import javax.xml.soap.SOAPHeaderElement;
import org.apache.axis.AxisFault;
import org.apache.axis.MessageContext;
import org.apache.axis.message.SOAPHeaderElementAxisImpl;
import org.apache.axis.utils.Messages;
import org.apache.log4j.Logger;
import org.apache.ws.axis.security.WSDoAllReceiver;
import org.apache.ws.axis.security.WSDoAllReceiverResult;
import org.apache.ws.axis.security.util.AxisUtil;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.components.crypto.Crypto;
import org.jboss.net.axis.security.JBossCrypto;
import org.jboss.net.axis.security.JBossCryptoFactory;
import org.jboss.net.axis.security.SecurityConstants;
import org.jboss.security.SecurityAssociation;
import org.jboss.security.SecurityDomain;
import org.jboss.security.SimplePrincipal;
import org.w3c.dom.Element;

/* loaded from: input_file:org/jboss/net/axis/security/handler/WSSRequestHandler.class */
public class WSSRequestHandler extends WSDoAllReceiver {
    protected Logger log = Logger.getLogger(getClass());
    JBossCrypto sigCrypto = null;
    SecurityDomain domain = null;

    public boolean canHandleBlock(QName qName) {
        return SecurityConstants.SECURITY_HEADER_QNAME.equals(qName);
    }

    public List getUnderstoodHeaders() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(SecurityConstants.SECURITY_HEADER_QNAME);
        return arrayList;
    }

    public void invoke(MessageContext messageContext) throws AxisFault {
        if (this.log.isDebugEnabled()) {
            this.log.debug("Enter: invoke(MessageContext)");
        }
        String str = (String) getOption("action");
        if (str == null) {
            str = (String) messageContext.getProperty("action");
        }
        if (str == null) {
            throw new AxisFault("WSSRequestHandler: No action defined");
        }
        int decodeAction = AxisUtil.decodeAction(str, new Vector());
        try {
            super.invoke(messageContext);
            try {
                SOAPHeader header = messageContext.getCurrentMessage().getSOAPEnvelope().getHeader();
                String str2 = (String) getOption("actor");
                Iterator examineHeaderElements = header.examineHeaderElements(str2);
                SOAPHeaderElement sOAPHeaderElement = null;
                while (examineHeaderElements.hasNext()) {
                    sOAPHeaderElement = (SOAPHeaderElement) examineHeaderElements.next();
                    if (sOAPHeaderElement.getLocalName().equals("Security") && sOAPHeaderElement.getNamespaceURI().equals(WSConstants.WSSE_NS)) {
                        break;
                    }
                }
                if (sOAPHeaderElement != null) {
                    ((SOAPHeaderElementAxisImpl) sOAPHeaderElement).setProcessed(true);
                }
                if (((decodeAction & 2) == 2 || (decodeAction & 1) == 1) && !"true".equals(getOption("skipAuthentication"))) {
                    authenticate(messageContext, str2);
                }
                if (this.log.isDebugEnabled()) {
                    this.log.debug(new StringBuffer().append("\n\tHeader Element: ").append(sOAPHeaderElement.getLocalName()).append("\n\t\tisProcessed: ").append(((SOAPHeaderElementAxisImpl) sOAPHeaderElement).isProcessed()).append("\n\t\tmustUnderstand: ").append(((SOAPHeaderElementAxisImpl) sOAPHeaderElement).getMustUnderstand()).toString());
                    this.log.debug("Exit: invoke(MessageContext)");
                }
            } catch (Exception e) {
                throw new AxisFault("WSRequestHandler: cannot get SOAP header", e);
            }
        } catch (AxisFault e2) {
            this.log.fatal("Failed to handle security header", e2);
            throw e2;
        }
    }

    protected void authenticate(MessageContext messageContext, String str) throws AxisFault {
        if (this.log.isDebugEnabled()) {
            this.log.debug("Enter: authenticate(MessageContext)");
        }
        String str2 = null;
        SimplePrincipal simplePrincipal = null;
        Vector vector = (Vector) messageContext.getProperty("RECV_RESULTS");
        if (vector != null) {
            WSDoAllReceiverResult wSDoAllReceiverResult = null;
            Iterator it = vector.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                WSDoAllReceiverResult wSDoAllReceiverResult2 = (WSDoAllReceiverResult) it.next();
                if (wSDoAllReceiverResult2.getActor() == str) {
                    wSDoAllReceiverResult = wSDoAllReceiverResult2;
                    if (this.log.isDebugEnabled()) {
                        this.log.debug(new StringBuffer().append("Found results for actor: ").append(str).toString());
                    }
                }
            }
            X500Principal x500Principal = null;
            X509Certificate x509Certificate = null;
            Iterator it2 = wSDoAllReceiverResult.getResults().iterator();
            while (it2.hasNext()) {
                WSSecurityEngineResult wSSecurityEngineResult = (WSSecurityEngineResult) it2.next();
                if (wSSecurityEngineResult.getAction() == 2) {
                    x509Certificate = wSSecurityEngineResult.getCertificate();
                    x500Principal = x509Certificate.getSubjectX500Principal();
                }
            }
            try {
                str2 = this.sigCrypto.getAliasForX500Principal(x500Principal);
                simplePrincipal = new SimplePrincipal(str2);
            } catch (Exception e) {
                if (x500Principal == null) {
                    this.log.warn("No Principal was found in the message.");
                } else {
                    this.log.warn(new StringBuffer().append("Unable to determine alias for the principal: ").append(x500Principal.getName()).toString(), e);
                }
            }
            if (this.log.isDebugEnabled()) {
                this.log.debug(new StringBuffer().append("attempting to authenticate using ").append(str2).append(":").append(x509Certificate.getSubjectDN().getName()).toString());
            }
            if (!this.domain.isValid(new SimplePrincipal(str2), x509Certificate)) {
                throw new AxisFault("Server.Unauthenticated", Messages.getMessage("cantAuth01", simplePrincipal.getName()), (String) null, (Element[]) null);
            }
            SecurityAssociation.setPrincipal(simplePrincipal);
            SecurityAssociation.setCredential(x509Certificate);
            messageContext.setProperty("authenticatedUser", this.domain.getActiveSubject());
            Map map = (Map) messageContext.getProperty(SecurityConstants.MC_REQ_SIGNERS);
            if (map == null) {
                map = new HashMap(5);
            }
            map.put(str, str2);
            messageContext.setProperty(SecurityConstants.MC_REQ_SIGNERS, map);
        }
        if (this.log.isDebugEnabled()) {
            this.log.debug("Exit: authenticate(MessageContext)");
        }
    }

    protected Crypto loadSignatureCrypto() throws AxisFault {
        if (this.log.isDebugEnabled()) {
            this.log.debug("Loading the Signature Crypto Class");
        }
        if (this.domain == null) {
            getSecurityDomain();
        }
        KeyStore trustStore = this.domain.getTrustStore();
        if (trustStore == null) {
            throw new AxisFault("WSSReceiverHandler: No truststore available.");
        }
        String str = (String) getOption(SecurityConstants.HANDLER_CRYPTO_CLASS);
        String str2 = str;
        if (str == null) {
            str2 = "org.jboss.net.axis.security.JBoss14Crypto";
        }
        this.sigCrypto = JBossCryptoFactory.getInstance(str2, trustStore);
        return this.sigCrypto;
    }

    protected Crypto loadDecryptionCrypto() throws AxisFault {
        if (this.log.isDebugEnabled()) {
            this.log.debug("Loading the Decryption Crypto Class");
        }
        if (this.domain == null) {
            getSecurityDomain();
        }
        KeyStore keyStore = this.domain.getKeyStore();
        if (keyStore == null) {
            throw new AxisFault("WSSReceiverHandler: No keystore available.");
        }
        String str = (String) getOption(SecurityConstants.HANDLER_CRYPTO_CLASS);
        String str2 = str;
        if (str == null) {
            str2 = "org.jboss.net.axis.security.JBoss14Crypto";
        }
        return JBossCryptoFactory.getInstance(str2, keyStore);
    }

    private void getSecurityDomain() throws AxisFault {
        String str = (String) getOption(SecurityConstants.HANDLER_SEC_DOMAIN);
        String str2 = str;
        if (str == null) {
            str2 = "java:/jaas/other";
        }
        if (this.log.isDebugEnabled()) {
            this.log.debug(new StringBuffer().append("WSSReceiveHandler, securityDomain=").append(str2).toString());
        }
        try {
            Object lookup = new InitialContext().lookup(str2);
            if (lookup == null || !(lookup instanceof SecurityDomain)) {
                this.log.fatal(new StringBuffer().append("The SecurityManager named ").append(str2).append(" is not a SecurityDomain").toString());
                throw new AxisFault("WSSReceiverHandler: No security domain is available.");
            }
            this.domain = (SecurityDomain) lookup;
        } catch (NamingException e) {
            throw new AxisFault(new StringBuffer().append("Unable to find the securityDomain named: ").append(str2).toString(), e);
        }
    }
}
