package com.ibm.xml.soapsec.token;

import com.ibm.wsspi.wssecurity.SoapSecurityException;
import com.ibm.wsspi.wssecurity.auth.callback.BinaryTokenCallback;
import com.ibm.wsspi.wssecurity.auth.callback.XMLTokenSenderCallback;
import com.ibm.xml.soapsec.Constants;
import com.ibm.xml.soapsec.RequestPool;
import com.ibm.xml.soapsec.token.TokenRequest;
import com.ibm.xml.soapsec.util.ConfigUtil;
import com.ibm.xml.soapsec.util.Tr;
import com.ibm.xml.soapsec.util.TraceComponent;
import java.io.IOException;
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.cert.X509Certificate;
import java.util.Map;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.xml.namespace.QName;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:lib/com.ibm.ws.runtime.jar:com/ibm/xml/soapsec/token/SenderLogin.class */
public class SenderLogin implements SenderLoginComponent {
    private static final String comp = "security.wssecurity";
    private static final TraceComponent tc = Tr.register(SenderLogin.class, "Web Services Security", "com.ibm.ws.webservices.wssecurity.resources.was-wssecurity");
    TokenSenderConfig conf = null;

    @Override // com.ibm.xml.soapsec.SoapSecurityComponent
    public void init(Map map) throws Exception {
        this.conf = (TokenSenderConfig) map.get(TokenSenderConfig.class);
    }

    @Override // com.ibm.xml.soapsec.SoapSecurityComponent
    public void invoke(Document document, Element element, Map map) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "invoke(" + document + "," + element + "," + map + ")");
        }
        String wssens = Constants.getWSSENS(map);
        if (this.conf == null) {
            throw SoapSecurityException.format(Constants.getQName(wssens, Constants.INVALID_SECURITY_QNAME), "security.wssecurity.ReceiverLogin.token01");
        }
        String authMethod = this.conf.getAuthMethod();
        String idType = this.conf.getIdType();
        String trustMode = this.conf.getTrustMode();
        QName tokenValueType = this.conf.getTokenValueType();
        final CallbackHandler callbackHandler = this.conf.getCallbackHandler();
        boolean isIntegral = this.conf.isIntegral();
        try {
            if (Constants.STR_BASIC.equals(authMethod)) {
                TokenRequest.Username retrieveUsernameTokenByTargetPort = retrieveUsernameTokenByTargetPort();
                if (retrieveUsernameTokenByTargetPort == null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Existing token not found, prompting for new token.");
                    }
                    TokenRequest.Username usernameRequest = getUsernameRequest(callbackHandler, true);
                    RequestPool.add(map, usernameRequest);
                    cacheUsernameTokenByTargetPort(usernameRequest);
                } else {
                    RequestPool.add(map, retrieveUsernameTokenByTargetPort);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Existing token found.");
                    }
                }
            } else if (Constants.STR_ID.equals(authMethod)) {
                if (idType.equals("X509Certificate")) {
                    X509Certificate initialSenderCert = getInitialSenderCert();
                    if (initialSenderCert == null) {
                        Tr.error(tc, "security.wssecurity.no.initial.cert");
                        throw SoapSecurityException.format("security.wssecurity.no.initial.cert");
                    }
                    TokenRequest.Binary binary = new TokenRequest.Binary(Constants.getQName(wssens, "X509v3"), initialSenderCert.getEncoded(), null, null, isIntegral);
                    if (trustMode != null) {
                        if (trustMode.equals(Constants.STR_BASIC)) {
                            RequestPool.add(map, getUsernameRequest(callbackHandler, true));
                        } else {
                            binary.setSignature(true);
                        }
                    }
                    RequestPool.add(map, binary);
                } else {
                    String initialSenderId = getInitialSenderId();
                    if (initialSenderId == null || initialSenderId.length() == 0) {
                        Tr.error(tc, "security.wssecurity.no.initial.sender");
                        throw SoapSecurityException.format("security.wssecurity.no.initial.sender");
                    }
                    TokenRequest.Username username = new TokenRequest.Username(getInitialSenderId(), null, null, false, this.conf.isNonceAdded(), this.conf.getEncodingType(), this.conf.isNonceTimestampAdded());
                    if (trustMode != null) {
                        if (trustMode.equals(Constants.STR_BASIC)) {
                            RequestPool.add(map, getUsernameRequest(callbackHandler, true));
                        } else {
                            username.setSignature(true);
                        }
                    }
                    RequestPool.add(map, username);
                }
            } else if (!"Signature".equals(authMethod)) {
                final BinaryTokenCallback binaryTokenCallback = new BinaryTokenCallback(null, null);
                final XMLTokenSenderCallback xMLTokenSenderCallback = new XMLTokenSenderCallback();
                try {
                    AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.xml.soapsec.token.SenderLogin.1
                        @Override // java.security.PrivilegedExceptionAction
                        public Object run() throws IOException, UnsupportedCallbackException {
                            callbackHandler.handle(new Callback[]{binaryTokenCallback, xMLTokenSenderCallback});
                            return null;
                        }
                    });
                    byte[] credToken = binaryTokenCallback.getCredToken();
                    if (credToken == null || credToken.length == 0) {
                        Element[] xMLTokens = xMLTokenSenderCallback.getXMLTokens();
                        if (xMLTokens != null && xMLTokens.length != 0) {
                            RequestPool.add(map, new TokenRequest.XML(xMLTokens, isIntegral));
                        }
                    } else {
                        RequestPool.add(map, new TokenRequest.Binary(tokenValueType, credToken, null, null, isIntegral));
                    }
                } catch (PrivilegedActionException e) {
                    throw e.getException();
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "invoke(Document doc, Element target, Map context)");
            }
        } catch (Exception e2) {
            throw SoapSecurityException.format(Constants.getQName(wssens, Constants.INVALID_SECURITY_QNAME), "security.wssecurity.SenderLogin.token32", e2.toString());
        }
    }

    protected TokenRequest.Username getUsernameRequest(CallbackHandler callbackHandler, boolean z) throws Exception {
        Callback nameCallback = new NameCallback(ConfigUtil.getMessage("security.wssecurity.SenderLogin.token29"));
        PasswordCallback passwordCallback = new PasswordCallback(ConfigUtil.getMessage("security.wssecurity.SenderLogin.token30"), false);
        if (z) {
            callbackHandler.handle(new Callback[]{nameCallback, passwordCallback});
        } else {
            callbackHandler.handle(new Callback[]{nameCallback});
        }
        return new TokenRequest.Username(nameCallback.getName(), z ? new String(passwordCallback.getPassword()) : null, null, this.conf.isIntegral(), this.conf.isNonceAdded(), this.conf.getEncodingType(), this.conf.isNonceTimestampAdded());
    }

    protected String getInitialSenderId() throws SoapSecurityException {
        return "initialSender";
    }

    protected X509Certificate getInitialSenderCert() throws SoapSecurityException {
        return null;
    }

    protected void cacheUsernameTokenByTargetPort(TokenRequest.Username username) throws SoapSecurityException {
    }

    protected TokenRequest.Username retrieveUsernameTokenByTargetPort() throws SoapSecurityException {
        return null;
    }
}
