package weblogic.webservice.core.handler;

import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import javax.xml.rpc.JAXRPCException;
import javax.xml.rpc.handler.MessageContext;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPPart;
import weblogic.utils.CharsetMap;
import weblogic.utils.Debug;
import weblogic.webservice.GenericHandler;
import weblogic.webservice.Operation;
import weblogic.webservice.WLMessageContext;
import weblogic.webservice.WLSOAPPart;
import weblogic.webservice.WebService;
import weblogic.webservice.context.WebServiceContext;
import weblogic.webservice.context.WebServiceSession;
import weblogic.webservice.core.DefaultMessageContext;
import weblogic.webservice.core.soap.SOAPMessageImpl;
import weblogic.webservice.util.BufferStream;
import weblogic.xml.security.InvalidSecurityException;
import weblogic.xml.security.SecurityAssertion;
import weblogic.xml.security.SecurityConfigurationException;
import weblogic.xml.security.SecurityProcessingException;
import weblogic.xml.security.UserInfo;
import weblogic.xml.security.encryption.EncryptionException;
import weblogic.xml.security.signature.ReferenceValidationException;
import weblogic.xml.security.signature.SignatureValidationException;
import weblogic.xml.security.specs.BinarySecurityTokenSpec;
import weblogic.xml.security.specs.EncryptionSpec;
import weblogic.xml.security.specs.SecurityDD;
import weblogic.xml.security.specs.SecuritySpec;
import weblogic.xml.security.specs.SignatureSpec;
import weblogic.xml.security.specs.TimestampConfig;
import weblogic.xml.security.specs.UsernameTokenSpec;
import weblogic.xml.security.utils.Utils;
import weblogic.xml.security.wsse.SecureSoapInputStream;
import weblogic.xml.security.wsse.SecureSoapOutputStream;
import weblogic.xml.security.wsse.Security;
import weblogic.xml.security.wsse.SecurityElementFactory;
import weblogic.xml.security.wsse.Token;
import weblogic.xml.stream.XMLOutputStream;
import weblogic.xml.stream.XMLStreamException;

/* loaded from: input_file:weblogic/webservice/core/handler/WSSEClientHandler.class */
public class WSSEClientHandler extends GenericHandler {
    private static String WS_SECURITY = "weblogic.webservice.security.";
    public static final String REQUEST_SECURITY = new StringBuffer().append(WS_SECURITY).append("request").toString();
    public static final String REQUEST_USERINFO = new StringBuffer().append(WS_SECURITY).append("request.userinfo").toString();
    public static final String REQUEST_ENCRYPTION_CERT = new StringBuffer().append(WS_SECURITY).append("request.encryption.certificate").toString();
    public static final String KEY_ATTRIBUTE = new StringBuffer().append(WS_SECURITY).append("key").toString();
    public static final String CERT_ATTRIBUTE = new StringBuffer().append(WS_SECURITY).append("certificate").toString();
    private static final boolean DEBUG = Security.WSSE_VERBOSE;
    private static final SecurityElementFactory factory = SecurityElementFactory.getDefaultFactory();
    private boolean initialized = false;
    private SecurityDD securityDD = null;

    @Override // weblogic.webservice.GenericHandler, javax.xml.rpc.handler.Handler
    public boolean handleRequest(MessageContext messageContext) {
        ClientTimestampHandler requestTimestampHandler;
        if (!this.initialized) {
            initialize(getSecurityDD(messageContext));
        }
        Operation operation = getOperation(messageContext);
        SecuritySpec requestSpec = getRequestSpec(operation, this.securityDD);
        WebServiceSession session = ((WebServiceContext) messageContext.getProperty(WLMessageContext.CONTEXT_PROP)).getSession();
        Security security = (Security) session.getAttribute(REQUEST_SECURITY);
        session.removeAttribute(REQUEST_SECURITY);
        if (security == null) {
            if (requestSpec == null) {
                return true;
            }
            security = factory.createSecurity((String) null);
            processSpecs(security, (X509Certificate) session.getAttribute(CERT_ATTRIBUTE), (PrivateKey) session.getAttribute(KEY_ATTRIBUTE), (UserInfo) session.getAttribute(REQUEST_USERINFO), (X509Certificate) session.getAttribute(REQUEST_ENCRYPTION_CERT), requestSpec);
        }
        if (TimestampHandler.INTEGRATED && (requestTimestampHandler = getRequestTimestampHandler(operation)) != null) {
            requestTimestampHandler.handleRequest(messageContext);
        }
        WLMessageContext wLMessageContext = (WLMessageContext) messageContext;
        WLSOAPPart wLSOAPPart = (WLSOAPPart) wLMessageContext.getMessage().getSOAPPart();
        try {
            BufferStream bufferStream = new BufferStream();
            XMLOutputStream secureSoapOutputStream = new SecureSoapOutputStream(security, bufferStream, getEncoding(wLMessageContext));
            try {
                wLSOAPPart.writeTo(secureSoapOutputStream);
                secureSoapOutputStream.close(true);
                wLSOAPPart.setContent(bufferStream);
                return true;
            } catch (SOAPException e) {
                e.printStackTrace();
                if (DEBUG) {
                    e.printStackTrace();
                }
                throw new SecurityConfigurationException("Unable to secure request", e);
            } catch (XMLStreamException e2) {
                if (DEBUG) {
                    e2.printStackTrace();
                }
                throw new SecurityConfigurationException("Unable to secure request", e2);
            }
        } catch (XMLStreamException e3) {
            if (DEBUG) {
                e3.printStackTrace();
            }
            throw new SecurityConfigurationException("Unable to secure request", e3);
        }
    }

    private String getEncoding(WLMessageContext wLMessageContext) {
        String charset = wLMessageContext.getOperation().getPort().getBindingInfo().getCharset();
        if (charset == null) {
            charset = ((SOAPMessageImpl) wLMessageContext.getMessage()).getCharset();
        }
        return charset != null ? CharsetMap.getJavaFromIANA(charset) : "UTF-8";
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // weblogic.webservice.GenericHandler, javax.xml.rpc.handler.Handler
    public boolean handleResponse(MessageContext messageContext) {
        if (!this.initialized) {
            initialize(getSecurityDD(messageContext));
        }
        WebServiceSession session = ((WebServiceContext) messageContext.getProperty(WLMessageContext.CONTEXT_PROP)).getSession();
        WLMessageContext wLMessageContext = (WLMessageContext) messageContext;
        SOAPPart sOAPPart = wLMessageContext.getMessage().getSOAPPart();
        WLSOAPPart wLSOAPPart = (WLSOAPPart) sOAPPart;
        try {
            try {
                SecureSoapInputStream secureSoapInputStream = new SecureSoapInputStream(wLSOAPPart.getXMLStreamContent(), (String) null, (PrivateKey) session.getAttribute(KEY_ATTRIBUTE));
                Security securityElement = secureSoapInputStream.getSecurityElement();
                SecurityAssertion[] securityAssertions = secureSoapInputStream.getSecurityAssertions();
                wLSOAPPart.setContent(secureSoapInputStream);
                if (sOAPPart.getEnvelope().getBody().hasFault()) {
                    wLMessageContext.setFault(true);
                    return true;
                }
                Operation operation = getOperation(messageContext);
                if (getResponseSpec(operation, this.securityDD) != null) {
                    if (securityElement == null) {
                        throw new InvalidSecurityException("Response did not contain a valid Security Element");
                    }
                    validateSignatureSpec(securityAssertions);
                    validateEncryptionSpec(securityAssertions);
                }
                if (TimestampHandler.INTEGRATED) {
                    ClientTimestampHandler responseTimestampHandler = getResponseTimestampHandler(operation);
                    if (responseTimestampHandler != null) {
                        responseTimestampHandler.handleResponse(messageContext);
                    }
                    messageContext.setProperty(WLMessageContext.RESPONSE_SECURITY_ASSERTIONS_PROP, securityAssertions);
                }
                return true;
            } catch (SOAPException e) {
                if (DEBUG) {
                    e.printStackTrace();
                }
                throw new JAXRPCException("Unable to process envelope after security processing", e);
            } catch (EncryptionException e2) {
                if (DEBUG) {
                    e2.printStackTrace();
                }
                throw new InvalidSecurityException("Encryption failure: ", e2);
            } catch (XMLStreamException e3) {
                if (DEBUG) {
                    e3.printStackTrace();
                }
                throw new InvalidSecurityException("Security processing failure; ", e3);
            } catch (SignatureValidationException e4) {
                if (DEBUG) {
                    e4.printStackTrace();
                }
                throw new InvalidSecurityException("Signature validation failure", e4);
            } catch (ReferenceValidationException e5) {
                throw new InvalidSecurityException("Signature Reference validation failure", e5);
            }
        } catch (SOAPException e6) {
            if (DEBUG) {
                e6.printStackTrace();
            }
            throw new JAXRPCException(new StringBuffer().append("Can't get soapPart as stream. ").append(e6).toString(), e6);
        } catch (XMLStreamException e7) {
            if (DEBUG) {
                e7.printStackTrace();
            }
            throw new JAXRPCException(new StringBuffer().append("Can't get soapPart as stream. ").append(e7).toString(), e7);
        }
    }

    private static void processSpecs(Security security, X509Certificate x509Certificate, PrivateKey privateKey, UserInfo userInfo, X509Certificate x509Certificate2, SecuritySpec securitySpec) {
        UsernameTokenSpec usernameTokenSpec = securitySpec.getUsernameTokenSpec();
        BinarySecurityTokenSpec binarySecurityTokenSpec = securitySpec.getBinarySecurityTokenSpec();
        SignatureSpec signatureSpec = securitySpec.getSignatureSpec();
        EncryptionSpec encryptionSpec = securitySpec.getEncryptionSpec();
        if (usernameTokenSpec != null) {
            if (userInfo == null) {
                throw new SecurityConfigurationException("UsernameToken not provided, but required by service");
            }
            security.addToken(factory.createToken(userInfo.getUsername(), userInfo.getPassword(), Utils.getQName(usernameTokenSpec.getPasswordType())));
        }
        Token createToken = (privateKey == null || x509Certificate == null) ? null : factory.createToken(x509Certificate, privateKey);
        if (signatureSpec != null) {
            if (createToken == null) {
                throw new SecurityConfigurationException("Service requires signed requests, but no Token was provided");
            }
            try {
                security.addSignature(createToken, signatureSpec);
            } catch (SecurityProcessingException e) {
                if (DEBUG) {
                    e.printStackTrace();
                }
                throw new SecurityConfigurationException("Unable to add signature to request", e);
            }
        }
        if (binarySecurityTokenSpec != null) {
            if (createToken == null) {
                throw new SecurityConfigurationException("Token not provided, but required by service");
            }
            security.addToken(createToken);
        }
        if (encryptionSpec != null) {
            Token createToken2 = x509Certificate2 != null ? factory.createToken(x509Certificate2, (PrivateKey) null) : encryptionSpec.getCertificate() != null ? factory.createToken(encryptionSpec.getCertificate(), (PrivateKey) null) : null;
            if (createToken2 == null) {
                throw new SecurityConfigurationException("Server requires encryption but no encryption key was was available for server");
            }
            try {
                security.addEncryption(createToken2, encryptionSpec);
            } catch (SecurityProcessingException e2) {
                if (DEBUG) {
                    e2.printStackTrace();
                }
                throw new SecurityConfigurationException("Failed adding encryption to request", e2);
            }
        }
    }

    private void validateEncryptionSpec(SecurityAssertion[] securityAssertionArr) {
    }

    private void validateSignatureSpec(SecurityAssertion[] securityAssertionArr) {
    }

    private void initialize(SecurityDD securityDD) {
        this.securityDD = securityDD;
        this.initialized = true;
    }

    private ClientTimestampHandler getRequestTimestampHandler(Operation operation) {
        SecuritySpec requestSpec = getRequestSpec(operation, this.securityDD);
        if (requestSpec == null) {
            return null;
        }
        ClientTimestampHandler clientTimestampHandler = new ClientTimestampHandler();
        TimestampConfig configuration = clientTimestampHandler.getConfiguration();
        configuration.setGenerateTimestamp((!configuration.generateTimestamp() || requestSpec == null || requestSpec.getSignatureSpec() == null) ? false : true);
        return clientTimestampHandler;
    }

    private ClientTimestampHandler getResponseTimestampHandler(Operation operation) {
        SecuritySpec responseSpec = getResponseSpec(operation, this.securityDD);
        ClientTimestampHandler clientTimestampHandler = new ClientTimestampHandler();
        TimestampConfig configuration = clientTimestampHandler.getConfiguration();
        configuration.setTimestampRequired((!configuration.isTimestampRequired() || responseSpec == null || responseSpec.getSignatureSpec() == null) ? false : true);
        return clientTimestampHandler;
    }

    private static SecuritySpec getRequestSpec(Operation operation, SecurityDD securityDD) {
        String securitySpecRef = operation.getInput().getSecuritySpecRef();
        SecuritySpec securitySpec = securitySpecRef == null ? securityDD.getSecuritySpec("default-spec") : securityDD.getSecuritySpec(securitySpecRef);
        if (DEBUG) {
            Debug.say(new StringBuffer().append("Request spec = ").append(securitySpec).toString());
        }
        return securitySpec;
    }

    private static SecuritySpec getResponseSpec(Operation operation, SecurityDD securityDD) {
        String securitySpecRef = operation.getOutput().getSecuritySpecRef();
        SecuritySpec securitySpec = securitySpecRef == null ? securityDD.getSecuritySpec("default-spec") : securityDD.getSecuritySpec(securitySpecRef);
        if (DEBUG) {
            Debug.say(new StringBuffer().append("Response spec = ").append(securitySpec).toString());
        }
        return securitySpec;
    }

    private static Operation getOperation(MessageContext messageContext) {
        return ((DefaultMessageContext) messageContext).getOperation();
    }

    private static final SecurityDD getSecurityDD(MessageContext messageContext) {
        WebService webService = (WebService) messageContext.getProperty(WLMessageContext.WEBSERVICE_RUNTIME_PROP);
        if (webService != null) {
            return webService.getSecurity();
        }
        return null;
    }
}
