package org.apache.cxf.ws.security.wss4j;

import java.security.Principal;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import javax.xml.soap.SOAPException;
import javax.xml.stream.XMLStreamException;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.common.security.SecurityToken;
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.interceptor.security.DefaultSecurityContext;
import org.apache.cxf.message.Message;
import org.apache.cxf.phase.PhaseInterceptorChain;
import org.apache.cxf.security.SecurityContext;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.handler.WSHandlerConstants;
import org.apache.wss4j.dom.handler.WSHandlerResult;
import org.apache.wss4j.dom.message.token.UsernameToken;
import org.apache.wss4j.dom.validate.UsernameTokenValidator;
import org.w3c.dom.Element;

/* loaded from: input_file:WEB-INF/lib/cxf-rt-ws-security-3.1.10.jar:org/apache/cxf/ws/security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.class */
public abstract class AbstractUsernameTokenAuthenticatingInterceptor extends WSS4JInInterceptor {
    private static final Logger LOG = LogUtils.getL7dLogger(AbstractUsernameTokenAuthenticatingInterceptor.class);
    private boolean supportDigestPasswords;

    /* loaded from: input_file:WEB-INF/lib/cxf-rt-ws-security-3.1.10.jar:org/apache/cxf/ws/security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor$CustomValidator.class */
    protected class CustomValidator extends UsernameTokenValidator {
        protected CustomValidator() {
        }

        @Override // org.apache.wss4j.dom.validate.UsernameTokenValidator
        protected void verifyCustomPassword(UsernameToken usernameToken, RequestData requestData) throws WSSecurityException {
            AbstractUsernameTokenAuthenticatingInterceptor.this.setSubject(usernameToken.getName(), usernameToken.getPassword(), false, null, null);
        }

        @Override // org.apache.wss4j.dom.validate.UsernameTokenValidator
        protected void verifyPlaintextPassword(UsernameToken usernameToken, RequestData requestData) throws WSSecurityException {
            AbstractUsernameTokenAuthenticatingInterceptor.this.setSubject(usernameToken.getName(), usernameToken.getPassword(), false, null, null);
        }

        @Override // org.apache.wss4j.dom.validate.UsernameTokenValidator
        protected void verifyDigestPassword(UsernameToken usernameToken, RequestData requestData) throws WSSecurityException {
            if (!AbstractUsernameTokenAuthenticatingInterceptor.this.supportDigestPasswords) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
            }
            AbstractUsernameTokenAuthenticatingInterceptor.this.setSubject(usernameToken.getName(), usernameToken.getPassword(), usernameToken.isHashed(), usernameToken.getNonce(), usernameToken.getCreated());
        }

        @Override // org.apache.wss4j.dom.validate.UsernameTokenValidator
        protected void verifyUnknownPassword(UsernameToken usernameToken, RequestData requestData) throws WSSecurityException {
            AbstractUsernameTokenAuthenticatingInterceptor.this.setSubject(usernameToken.getName(), null, false, null, null);
        }
    }

    /* loaded from: input_file:WEB-INF/lib/cxf-rt-ws-security-3.1.10.jar:org/apache/cxf/ws/security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor$UsernameTokenSecurityContextCreator.class */
    private static class UsernameTokenSecurityContextCreator extends DefaultWSS4JSecurityContextCreator {
        private UsernameTokenSecurityContextCreator() {
        }

        @Override // org.apache.cxf.ws.security.wss4j.DefaultWSS4JSecurityContextCreator
        protected SecurityContext createSecurityContext(Principal principal) {
            Message currentMessage = PhaseInterceptorChain.getCurrentMessage();
            if (currentMessage == null) {
                throw new IllegalStateException("Current message is not available");
            }
            return new DefaultSecurityContext(principal, (Subject) currentMessage.get(Subject.class));
        }
    }

    public AbstractUsernameTokenAuthenticatingInterceptor() {
        this(new HashMap());
    }

    public AbstractUsernameTokenAuthenticatingInterceptor(Map<String, Object> map) {
        super(map);
        getAfter().add(PolicyBasedWSS4JInInterceptor.class.getName());
    }

    public void setSupportDigestPasswords(boolean z) {
        this.supportDigestPasswords = z;
    }

    public boolean getSupportDigestPasswords() {
        return this.supportDigestPasswords;
    }

    @Override // org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor, org.apache.cxf.interceptor.Interceptor
    public void handleMessage(SoapMessage soapMessage) throws Fault {
        SecurityToken securityToken = (SecurityToken) soapMessage.get(SecurityToken.class);
        SecurityContext securityContext = (SecurityContext) soapMessage.get(SecurityContext.class);
        if (securityToken == null || securityContext == null || securityContext.getUserPrincipal() == null) {
            super.handleMessage(soapMessage);
            return;
        }
        org.apache.cxf.common.security.UsernameToken usernameToken = (org.apache.cxf.common.security.UsernameToken) securityToken;
        soapMessage.put((Class<Class>) SecurityContext.class, (Class) doCreateSecurityContext(securityContext.getUserPrincipal(), createSubject(usernameToken.getName(), usernameToken.getPassword(), usernameToken.isHashed(), usernameToken.getNonce(), usernameToken.getCreatedTime())));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor
    public void doResults(SoapMessage soapMessage, String str, Element element, Element element2, WSHandlerResult wSHandlerResult, boolean z) throws SOAPException, XMLStreamException, WSSecurityException {
        List cast = CastUtils.cast((List<?>) soapMessage.get(WSHandlerConstants.RECV_RESULTS));
        if (cast == null) {
            cast = new LinkedList();
            soapMessage.put(WSHandlerConstants.RECV_RESULTS, (Object) cast);
        }
        cast.add(0, wSHandlerResult);
        new UsernameTokenSecurityContextCreator().createSecurityContext(soapMessage, wSHandlerResult);
    }

    protected SecurityContext doCreateSecurityContext(Principal principal, Subject subject) {
        return new DefaultSecurityContext(principal, subject);
    }

    protected void setSubject(String str, String str2, boolean z, String str3, String str4) throws WSSecurityException {
        Message currentMessage = PhaseInterceptorChain.getCurrentMessage();
        if (currentMessage == null) {
            throw new IllegalStateException("Current message is not available");
        }
        try {
            Subject createSubject = createSubject(str, str2, z, str3, str4);
            if (createSubject == null || createSubject.getPrincipals().size() == 0 || !createSubject.getPrincipals().iterator().next().getName().equals(str)) {
                LOG.severe("Failed Authentication : Invalid Subject");
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION, new Exception("Failed Authentication : Invalid Subject"));
            }
            currentMessage.put((Class<Class>) Subject.class, (Class) createSubject);
        } catch (Exception e) {
            LOG.severe("Failed Authentication : Subject has not been created");
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION, e);
        }
    }

    protected abstract Subject createSubject(String str, String str2, boolean z, String str3, String str4) throws SecurityException;

    @Override // org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor
    protected WSSecurityEngine getSecurityEngine(boolean z) {
        HashMap hashMap = new HashMap(1);
        hashMap.put(WSConstants.USERNAME_TOKEN, new CustomValidator());
        return createSecurityEngine(hashMap);
    }
}
