package org.apache.cxf.ws.security.wss4j;

import java.io.IOException;
import java.security.Principal;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.xml.namespace.QName;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPMessage;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.XMLStreamReader;
import javax.xml.transform.dom.DOMSource;
import org.apache.cxf.binding.soap.SoapFault;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.binding.soap.SoapVersion;
import org.apache.cxf.binding.soap.saaj.SAAJInInterceptor;
import org.apache.cxf.binding.soap.saaj.SAAJUtils;
import org.apache.cxf.common.classloader.ClassLoaderUtils;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.endpoint.Endpoint;
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.interceptor.security.DefaultSecurityContext;
import org.apache.cxf.interceptor.security.RolePrefixSecurityContextImpl;
import org.apache.cxf.message.Message;
import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.phase.Phase;
import org.apache.cxf.rt.security.claims.ClaimCollection;
import org.apache.cxf.rt.security.saml.SAMLSecurityContext;
import org.apache.cxf.rt.security.saml.SAMLUtils;
import org.apache.cxf.security.SecurityContext;
import org.apache.cxf.security.transport.TLSSessionInfo;
import org.apache.cxf.staxutils.StaxUtils;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.cxf.ws.security.tokenstore.TokenStore;
import org.apache.wss4j.common.cache.ReplayCache;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.ext.WSPasswordCallback;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.principal.CustomTokenPrincipal;
import org.apache.wss4j.common.principal.WSDerivedKeyTokenPrincipal;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.dom.WSSConfig;
import org.apache.wss4j.dom.WSSecurityEngine;
import org.apache.wss4j.dom.WSSecurityEngineResult;
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.handler.WSHandlerConstants;
import org.apache.wss4j.dom.handler.WSHandlerResult;
import org.apache.wss4j.dom.processor.Processor;
import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.apache.wss4j.dom.validate.NoOpValidator;
import org.apache.wss4j.dom.validate.Validator;
import org.w3c.dom.Element;
import org.w3c.dom.Node;

/* loaded from: input_file:org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.class */
public class WSS4JInInterceptor extends AbstractWSS4JInterceptor {
    public static final String SAML_ROLE_ATTRIBUTENAME_DEFAULT = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role";
    public static final String TIMESTAMP_RESULT = "wss4j.timestamp.result";
    public static final String SIGNATURE_RESULT = "wss4j.signature.result";
    public static final String PRINCIPAL_RESULT = "wss4j.principal.result";
    public static final String PROCESSOR_MAP = "wss4j.processor.map";
    public static final String VALIDATOR_MAP = "wss4j.validator.map";
    public static final String SECURITY_PROCESSED;
    private static final Logger LOG;
    private boolean ignoreActions;
    private WSSecurityEngine secEngineOverride;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor$CXFRequestData.class */
    public static class CXFRequestData extends RequestData {
        @Override // org.apache.wss4j.dom.handler.RequestData
        public Validator getValidator(QName qName) throws WSSecurityException {
            String str = null;
            if (WSSecurityEngine.SAML_TOKEN.equals(qName)) {
                str = SecurityConstants.SAML1_TOKEN_VALIDATOR;
            } else if (WSSecurityEngine.SAML2_TOKEN.equals(qName)) {
                str = SecurityConstants.SAML2_TOKEN_VALIDATOR;
            } else if (WSSecurityEngine.USERNAME_TOKEN.equals(qName)) {
                str = SecurityConstants.USERNAME_TOKEN_VALIDATOR;
            } else if (WSSecurityEngine.SIGNATURE.equals(qName)) {
                str = SecurityConstants.SIGNATURE_TOKEN_VALIDATOR;
            } else if (WSSecurityEngine.TIMESTAMP.equals(qName)) {
                str = SecurityConstants.TIMESTAMP_TOKEN_VALIDATOR;
            } else if (WSSecurityEngine.BINARY_TOKEN.equals(qName)) {
                str = SecurityConstants.BST_TOKEN_VALIDATOR;
            } else if (WSSecurityEngine.SECURITY_CONTEXT_TOKEN_05_02.equals(qName) || WSSecurityEngine.SECURITY_CONTEXT_TOKEN_05_12.equals(qName)) {
                str = SecurityConstants.SCT_TOKEN_VALIDATOR;
            }
            if (str != null) {
                Object contextualProperty = ((SoapMessage) getMsgContext()).getContextualProperty(str);
                try {
                    if (contextualProperty instanceof Validator) {
                        return (Validator) contextualProperty;
                    }
                    if (contextualProperty instanceof Class) {
                        return (Validator) ((Class) contextualProperty).newInstance();
                    }
                    if (contextualProperty instanceof String) {
                        return (Validator) ClassLoaderUtils.loadClass(contextualProperty.toString(), WSS4JInInterceptor.class).newInstance();
                    }
                    if (contextualProperty != null) {
                        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "Cannot load Validator: " + contextualProperty, new Object[0]);
                    }
                } catch (RuntimeException e) {
                    throw e;
                } catch (Exception e2) {
                    throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e2);
                }
            }
            return super.getValidator(qName);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor$TokenStoreCallbackHandler.class */
    public class TokenStoreCallbackHandler implements CallbackHandler {
        private CallbackHandler internal;
        private TokenStore store;

        public TokenStoreCallbackHandler(CallbackHandler callbackHandler, TokenStore tokenStore) {
            this.internal = callbackHandler;
            this.store = tokenStore;
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
            for (Callback callback : callbackArr) {
                WSPasswordCallback wSPasswordCallback = (WSPasswordCallback) callback;
                SecurityToken token = this.store.getToken(wSPasswordCallback.getIdentifier());
                if (token != null && !token.isExpired()) {
                    wSPasswordCallback.setKey(token.getSecret());
                    wSPasswordCallback.setCustomToken(token.getToken());
                    return;
                }
            }
            if (this.internal != null) {
                this.internal.handle(callbackArr);
            }
        }
    }

    public WSS4JInInterceptor() {
        setPhase(Phase.PRE_PROTOCOL);
        getAfter().add(SAAJInInterceptor.class.getName());
    }

    public WSS4JInInterceptor(boolean z) {
        this();
        this.ignoreActions = z;
    }

    public WSS4JInInterceptor(Map<String, Object> map) {
        this();
        setProperties(map);
        Map cast = CastUtils.cast((Map<?, ?>) map.get(PROCESSOR_MAP));
        Map cast2 = CastUtils.cast((Map<?, ?>) map.get(VALIDATOR_MAP));
        if (cast != null) {
            if (cast2 != null) {
                cast.putAll(cast2);
            }
            this.secEngineOverride = createSecurityEngine(cast);
        } else if (cast2 != null) {
            this.secEngineOverride = createSecurityEngine(cast2);
        }
    }

    public void setIgnoreActions(boolean z) {
        this.ignoreActions = z;
    }

    private SOAPMessage getSOAPMessage(SoapMessage soapMessage) {
        SAAJInInterceptor.INSTANCE.handleMessage(soapMessage);
        return (SOAPMessage) soapMessage.getContent(SOAPMessage.class);
    }

    @Override // org.apache.cxf.ws.security.wss4j.AbstractWSS4JInterceptor, org.apache.wss4j.dom.handler.WSHandler
    public Object getProperty(Object obj, String str) {
        Object property = super.getProperty(obj, str);
        if (property == null && WSHandlerConstants.SEND_SIGV.equals(str) && isRequestor((SoapMessage) obj)) {
            property = ((SoapMessage) obj).getExchange().getOutMessage().get(str);
        }
        return property;
    }

    public final boolean isGET(SoapMessage soapMessage) {
        return "GET".equals((String) soapMessage.get(Message.HTTP_REQUEST_METHOD)) && soapMessage.getContent(XMLStreamReader.class) == null;
    }

    @Override // org.apache.cxf.interceptor.Interceptor
    public void handleMessage(SoapMessage soapMessage) throws Fault {
        WSSecurityEngine securityEngine;
        if (soapMessage.containsKey(SECURITY_PROCESSED) || isGET(soapMessage)) {
            return;
        }
        boolean contextualBoolean = MessageUtils.getContextualBoolean(soapMessage, SecurityConstants.VALIDATE_TOKEN, true);
        translateProperties(soapMessage);
        CXFRequestData cXFRequestData = new CXFRequestData();
        WSSConfig wSSConfig = (WSSConfig) soapMessage.getContextualProperty(WSSConfig.class.getName());
        if (wSSConfig != null) {
            securityEngine = new WSSecurityEngine();
            securityEngine.setWssConfig(wSSConfig);
        } else {
            securityEngine = getSecurityEngine(contextualBoolean);
            if (securityEngine == null) {
                securityEngine = new WSSecurityEngine();
            }
            wSSConfig = securityEngine.getWssConfig();
        }
        cXFRequestData.setWssConfig(wSSConfig);
        SOAPMessage sOAPMessage = getSOAPMessage(soapMessage);
        boolean isLoggable = LOG.isLoggable(Level.FINE);
        SoapVersion version = soapMessage.getVersion();
        if (isLoggable) {
            LOG.fine("WSS4JInInterceptor: enter handleMessage()");
        }
        try {
            try {
                try {
                    cXFRequestData.setMsgContext(soapMessage);
                    cXFRequestData.setAttachmentCallbackHandler(new AttachmentCallbackHandler(soapMessage));
                    setAlgorithmSuites(soapMessage, cXFRequestData);
                    cXFRequestData.setCallbackHandler(getCallback(cXFRequestData, contextualBoolean));
                    computeAction(soapMessage, cXFRequestData);
                    List<Integer> decodeAction = WSSecurityUtil.decodeAction(getAction(soapMessage, version));
                    String str = (String) getOption("actor");
                    if (str == null) {
                        str = (String) soapMessage.getContextualProperty(SecurityConstants.ACTOR);
                    }
                    configureReplayCaches(cXFRequestData, decodeAction, soapMessage);
                    TLSSessionInfo tLSSessionInfo = (TLSSessionInfo) soapMessage.get(TLSSessionInfo.class);
                    if (tLSSessionInfo != null) {
                        cXFRequestData.setTlsCerts(tLSSessionInfo.getPeerCertificates());
                    }
                    doReceiverAction(decodeAction, cXFRequestData);
                    cXFRequestData.setEnableRevocation(cXFRequestData.isRevocationEnabled() || MessageUtils.isTrue(soapMessage.getContextualProperty(SecurityConstants.ENABLE_REVOCATION)));
                    List<WSSecurityEngineResult> processSecurityHeader = securityEngine.processSecurityHeader(WSSecurityUtil.getSecurityHeader(sOAPMessage.getSOAPPart(), str), cXFRequestData);
                    if (processSecurityHeader == null || processSecurityHeader.isEmpty()) {
                        ArrayList arrayList = new ArrayList();
                        if (sOAPMessage.getSOAPPart().getEnvelope().getBody().hasFault() && isRequestor(soapMessage)) {
                            LOG.warning("Request does not contain Security header, but it's a fault.");
                            doResults(soapMessage, str, SAAJUtils.getHeader(sOAPMessage), SAAJUtils.getBody(sOAPMessage), arrayList);
                        } else {
                            checkActions(soapMessage, cXFRequestData, arrayList, decodeAction, SAAJUtils.getBody(sOAPMessage));
                            doResults(soapMessage, str, SAAJUtils.getHeader(sOAPMessage), SAAJUtils.getBody(sOAPMessage), arrayList);
                        }
                    } else {
                        if (cXFRequestData.getWssConfig().isEnableSignatureConfirmation()) {
                            checkSignatureConfirmation(cXFRequestData, processSecurityHeader);
                        }
                        storeSignature(soapMessage, cXFRequestData, processSecurityHeader);
                        storeTimestamp(soapMessage, cXFRequestData, processSecurityHeader);
                        checkActions(soapMessage, cXFRequestData, processSecurityHeader, decodeAction, SAAJUtils.getBody(sOAPMessage));
                        doResults(soapMessage, str, SAAJUtils.getHeader(sOAPMessage), SAAJUtils.getBody(sOAPMessage), processSecurityHeader, contextualBoolean);
                    }
                    advanceBody(soapMessage, SAAJUtils.getBody(sOAPMessage));
                    SAAJInInterceptor.replaceHeaders(sOAPMessage, soapMessage);
                    if (isLoggable) {
                        LOG.fine("WSS4JInInterceptor: exit handleMessage()");
                    }
                    soapMessage.put(SECURITY_PROCESSED, (Object) Boolean.TRUE);
                    cXFRequestData.clear();
                } catch (WSSecurityException e) {
                    throw createSoapFault(soapMessage, version, e);
                }
            } catch (XMLStreamException e2) {
                throw new SoapFault(new org.apache.cxf.common.i18n.Message("STAX_EX", LOG, new Object[0]), e2, version.getSender());
            } catch (SOAPException e3) {
                throw new SoapFault(new org.apache.cxf.common.i18n.Message("SAAJ_EX", LOG, new Object[0]), (Throwable) e3, version.getSender());
            }
        } catch (Throwable th) {
            cXFRequestData.clear();
            throw th;
        }
    }

    private void checkActions(SoapMessage soapMessage, RequestData requestData, List<WSSecurityEngineResult> list, List<Integer> list2, Element element) throws WSSecurityException {
        if (this.ignoreActions) {
            return;
        }
        if (!checkReceiverResultsAnyOrder(list, list2)) {
            LOG.warning("Security processing failed (actions mismatch)");
            throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY);
        }
        if (((String) getProperty(soapMessage, "signatureParts")) != null) {
            LOG.warning("To enforce that particular elements were signed you must either use WS-SecurityPolicy, or else use the CryptoCoverageChecker or SignatureCoverageChecker");
        }
    }

    private void storeSignature(SoapMessage soapMessage, RequestData requestData, List<WSSecurityEngineResult> list) throws WSSecurityException {
        List<WSSecurityEngineResult> fetchAllActionResults = WSSecurityUtil.fetchAllActionResults(list, 2);
        if (fetchAllActionResults.isEmpty()) {
            return;
        }
        soapMessage.put(SIGNATURE_RESULT, (Object) fetchAllActionResults.get(fetchAllActionResults.size() - 1));
    }

    private void storeTimestamp(SoapMessage soapMessage, RequestData requestData, List<WSSecurityEngineResult> list) throws WSSecurityException {
        List<WSSecurityEngineResult> fetchAllActionResults = WSSecurityUtil.fetchAllActionResults(list, 32);
        if (fetchAllActionResults.isEmpty()) {
            return;
        }
        soapMessage.put(TIMESTAMP_RESULT, (Object) fetchAllActionResults.get(fetchAllActionResults.size() - 1));
    }

    protected void computeAction(SoapMessage soapMessage, RequestData requestData) throws WSSecurityException {
        Crypto crypto = (Crypto) soapMessage.getContextualProperty(SecurityConstants.ENCRYPT_CRYPTO);
        if (crypto != null) {
            requestData.setDecCrypto(crypto);
        }
        Crypto crypto2 = (Crypto) soapMessage.getContextualProperty(SecurityConstants.SIGNATURE_CRYPTO);
        if (crypto2 != null) {
            requestData.setSigVerCrypto(crypto2);
        }
    }

    protected void configureReplayCaches(RequestData requestData, List<Integer> list, SoapMessage soapMessage) throws WSSecurityException {
        requestData.setEnableNonceReplayCache(false);
        if (isNonceCacheRequired(list, soapMessage)) {
            ReplayCache replayCache = getReplayCache(soapMessage, SecurityConstants.ENABLE_NONCE_CACHE, SecurityConstants.NONCE_CACHE_INSTANCE);
            requestData.setNonceReplayCache(replayCache);
            if (replayCache != null) {
                requestData.setEnableNonceReplayCache(true);
            }
        }
        requestData.setEnableTimestampReplayCache(false);
        if (isTimestampCacheRequired(list, soapMessage)) {
            ReplayCache replayCache2 = getReplayCache(soapMessage, SecurityConstants.ENABLE_TIMESTAMP_CACHE, SecurityConstants.TIMESTAMP_CACHE_INSTANCE);
            requestData.setTimestampReplayCache(replayCache2);
            if (replayCache2 != null) {
                requestData.setEnableTimestampReplayCache(true);
            }
        }
        requestData.setEnableSamlOneTimeUseReplayCache(false);
        if (isSamlCacheRequired(list, soapMessage)) {
            ReplayCache replayCache3 = getReplayCache(soapMessage, SecurityConstants.ENABLE_SAML_ONE_TIME_USE_CACHE, SecurityConstants.SAML_ONE_TIME_USE_CACHE_INSTANCE);
            requestData.setSamlOneTimeUseReplayCache(replayCache3);
            if (replayCache3 != null) {
                requestData.setEnableSamlOneTimeUseReplayCache(true);
            }
        }
    }

    protected boolean isNonceCacheRequired(List<Integer> list, SoapMessage soapMessage) {
        return list.contains(1) || list.contains(8192);
    }

    protected boolean isTimestampCacheRequired(List<Integer> list, SoapMessage soapMessage) {
        return list.contains(32);
    }

    protected boolean isSamlCacheRequired(List<Integer> list, SoapMessage soapMessage) {
        return list.contains(8) || list.contains(16);
    }

    protected void setAlgorithmSuites(SoapMessage soapMessage, RequestData requestData) throws WSSecurityException {
        super.decodeAlgorithmSuite(requestData);
    }

    protected void doResults(SoapMessage soapMessage, String str, Element element, Element element2, List<WSSecurityEngineResult> list) throws SOAPException, XMLStreamException, WSSecurityException {
        doResults(soapMessage, str, element, element2, list, false);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void doResults(SoapMessage soapMessage, String str, Element element, Element element2, List<WSSecurityEngineResult> list, boolean z) throws SOAPException, XMLStreamException, WSSecurityException {
        List cast = CastUtils.cast((List<?>) soapMessage.get(WSHandlerConstants.RECV_RESULTS));
        if (cast == null) {
            cast = new ArrayList();
            soapMessage.put(WSHandlerConstants.RECV_RESULTS, (Object) cast);
        }
        cast.add(0, new WSHandlerResult(str, list));
        for (int size = list.size() - 1; size >= 0; size--) {
            WSSecurityEngineResult wSSecurityEngineResult = list.get(size);
            if (((Integer) wSSecurityEngineResult.get("action")).intValue() != 4) {
                Principal principal = (Principal) wSSecurityEngineResult.get(WSSecurityEngineResult.TAG_PRINCIPAL);
                Subject subject = (Subject) wSSecurityEngineResult.get("subject");
                boolean contextualBoolean = MessageUtils.getContextualBoolean(soapMessage, SecurityConstants.SC_FROM_JAAS_SUBJECT, true);
                if (subject != null && !(principal instanceof KerberosPrincipal) && contextualBoolean) {
                    String str2 = (String) soapMessage.getContextualProperty(SecurityConstants.SUBJECT_ROLE_CLASSIFIER);
                    if (str2 == null || "".equals(str2)) {
                        soapMessage.put((Class<Class>) SecurityContext.class, (Class) new DefaultSecurityContext(principal, subject));
                        return;
                    }
                    String str3 = (String) soapMessage.getContextualProperty(SecurityConstants.SUBJECT_ROLE_CLASSIFIER_TYPE);
                    if (str3 == null || "".equals(str3)) {
                        str3 = "prefix";
                    }
                    soapMessage.put((Class<Class>) SecurityContext.class, (Class) new RolePrefixSecurityContextImpl(subject, str2, str3));
                    return;
                }
                if (principal != null && isSecurityContextPrincipal(principal, list)) {
                    soapMessage.put(PRINCIPAL_RESULT, (Object) principal);
                    if (!z) {
                        WSS4JTokenConverter.convertToken(soapMessage, principal);
                    }
                    Object obj = wSSecurityEngineResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
                    if (obj == null) {
                        obj = wSSecurityEngineResult.get(WSSecurityEngineResult.TAG_TRANSFORMED_TOKEN);
                    }
                    if (!(obj instanceof SamlAssertionWrapper)) {
                        soapMessage.put((Class<Class>) SecurityContext.class, (Class) createSecurityContext(principal));
                        return;
                    }
                    String str4 = (String) soapMessage.getContextualProperty(SecurityConstants.SAML_ROLE_ATTRIBUTENAME);
                    if (str4 == null || str4.length() == 0) {
                        str4 = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role";
                    }
                    ClaimCollection claims = SAMLUtils.getClaims((SamlAssertionWrapper) obj);
                    SAMLSecurityContext sAMLSecurityContext = new SAMLSecurityContext(principal, SAMLUtils.parseRolesFromClaims(claims, str4, null), claims);
                    sAMLSecurityContext.setIssuer(SAMLUtils.getIssuer(obj));
                    sAMLSecurityContext.setAssertionElement(SAMLUtils.getAssertionElement(obj));
                    soapMessage.put((Class<Class>) SecurityContext.class, (Class) sAMLSecurityContext);
                    return;
                }
            }
        }
    }

    protected boolean isSecurityContextPrincipal(Principal principal, List<WSSecurityEngineResult> list) {
        return !((principal instanceof WSDerivedKeyTokenPrincipal) || (principal instanceof CustomTokenPrincipal)) || list.size() <= 1;
    }

    protected void advanceBody(SoapMessage soapMessage, Node node) throws SOAPException, XMLStreamException, WSSecurityException {
        XMLStreamReader createXMLStreamReader = StaxUtils.createXMLStreamReader(new DOMSource(node));
        int next = createXMLStreamReader.next();
        for (int i = 0; createXMLStreamReader.hasNext() && i < 1 && (next != 2 || next != 1); i++) {
            createXMLStreamReader.next();
        }
        soapMessage.setContent(XMLStreamReader.class, createXMLStreamReader);
    }

    protected SecurityContext createSecurityContext(final Principal principal) {
        return new SecurityContext() { // from class: org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.1
            @Override // org.apache.cxf.security.SecurityContext
            public Principal getUserPrincipal() {
                return principal;
            }

            @Override // org.apache.cxf.security.SecurityContext
            public boolean isUserInRole(String str) {
                return false;
            }
        };
    }

    private String getAction(SoapMessage soapMessage, SoapVersion soapVersion) {
        String str = (String) getOption("action");
        if (str == null) {
            str = (String) soapMessage.get("action");
        }
        if (str != null) {
            return str;
        }
        LOG.warning("No security action was defined!");
        throw new SoapFault("No security action was defined!", soapVersion.getReceiver());
    }

    protected CallbackHandler getCallback(RequestData requestData, boolean z) throws WSSecurityException {
        if (z) {
            return getCallback(requestData);
        }
        CallbackHandler callbackHandler = null;
        try {
            callbackHandler = getCallback(requestData);
        } catch (Exception e) {
        }
        return new DelegatingCallbackHandler(callbackHandler);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v10, types: [java.lang.Object] */
    /* JADX WARN: Type inference failed for: r8v0 */
    protected CallbackHandler getCallback(RequestData requestData) throws WSSecurityException {
        TokenStore tokenStore;
        TokenStore tokenStore2;
        ?? contextualProperty = ((SoapMessage) requestData.getMsgContext()).getContextualProperty(SecurityConstants.CALLBACK_HANDLER);
        boolean z = contextualProperty instanceof String;
        CallbackHandler newInstance = contextualProperty;
        if (z) {
            try {
                newInstance = ClassLoaderUtils.loadClass((String) contextualProperty, getClass()).newInstance();
            } catch (Exception e) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
            }
        }
        CallbackHandler callbackHandler = null;
        if (newInstance instanceof CallbackHandler) {
            callbackHandler = newInstance;
        }
        if (callbackHandler == null) {
            try {
                callbackHandler = getPasswordCallbackHandler(requestData);
            } catch (WSSecurityException e2) {
                Endpoint endpoint = (Endpoint) ((SoapMessage) requestData.getMsgContext()).getExchange().get(Endpoint.class);
                if (endpoint == null || endpoint.getEndpointInfo() == null || (tokenStore = WSS4JUtils.getTokenStore((SoapMessage) requestData.getMsgContext(), false)) == null) {
                    throw e2;
                }
                return new TokenStoreCallbackHandler(null, tokenStore);
            }
        }
        Endpoint endpoint2 = (Endpoint) ((SoapMessage) requestData.getMsgContext()).getExchange().get(Endpoint.class);
        return (endpoint2 == null || endpoint2.getEndpointInfo() == null || (tokenStore2 = WSS4JUtils.getTokenStore((SoapMessage) requestData.getMsgContext(), false)) == null) ? callbackHandler : new TokenStoreCallbackHandler(callbackHandler, tokenStore2);
    }

    protected WSSecurityEngine getSecurityEngine(boolean z) {
        if (this.secEngineOverride != null) {
            return this.secEngineOverride;
        }
        if (z) {
            return null;
        }
        HashMap hashMap = new HashMap(1);
        hashMap.put(WSSecurityEngine.USERNAME_TOKEN, new NoOpValidator());
        return createSecurityEngine(hashMap);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static WSSecurityEngine createSecurityEngine(Map<QName, Object> map) {
        if (!$assertionsDisabled && map == null) {
            throw new AssertionError();
        }
        WSSConfig newInstance = WSSConfig.getNewInstance();
        for (Map.Entry<QName, Object> entry : map.entrySet()) {
            QName key = entry.getKey();
            Object value = entry.getValue();
            if (value instanceof Class) {
                newInstance.setProcessor(key, (Class<?>) value);
            } else if (value instanceof Processor) {
                newInstance.setProcessor(key, (Processor) value);
            } else if (value instanceof Validator) {
                newInstance.setValidator(key, (Validator) value);
            } else if (value == null) {
                newInstance.setProcessor(key, (Class<?>) null);
            }
        }
        WSSecurityEngine wSSecurityEngine = new WSSecurityEngine();
        wSSecurityEngine.setWssConfig(newInstance);
        return wSSecurityEngine;
    }

    protected ReplayCache getReplayCache(SoapMessage soapMessage, String str, String str2) {
        return WSS4JUtils.getReplayCache(soapMessage, str, str2);
    }

    private SoapFault createSoapFault(SoapMessage soapMessage, SoapVersion soapVersion, WSSecurityException wSSecurityException) {
        SoapFault soapFault;
        String message = (MessageUtils.getContextualBoolean(soapMessage, SecurityConstants.RETURN_SECURITY_ERROR, false) || MessageUtils.isRequestor(soapMessage)) ? wSSecurityException.getMessage() : wSSecurityException.getSafeExceptionMessage();
        QName faultCode = wSSecurityException.getFaultCode();
        if (soapVersion.getVersion() != 1.1d || faultCode == null) {
            soapFault = new SoapFault(message, wSSecurityException, soapVersion.getSender());
            if (soapVersion.getVersion() != 1.1d && faultCode != null) {
                soapFault.setSubCode(faultCode);
            }
        } else {
            soapFault = new SoapFault(message, wSSecurityException, faultCode);
        }
        return soapFault;
    }

    static {
        $assertionsDisabled = !WSS4JInInterceptor.class.desiredAssertionStatus();
        SECURITY_PROCESSED = WSS4JInInterceptor.class.getName() + ".DONE";
        LOG = LogUtils.getL7dLogger(WSS4JInInterceptor.class);
    }
}
