package com.ibm.xml.soapsec;

import com.ibm.ws.webservices.engine.MessageContext;
import com.ibm.wsspi.wssecurity.SoapSecurityException;
import com.ibm.xml.soapsec.dsig.SignatureRequest;
import com.ibm.xml.soapsec.dsig.SignatureSender;
import com.ibm.xml.soapsec.dsig.SignatureSenderConfig;
import com.ibm.xml.soapsec.enc.EncryptionRequest;
import com.ibm.xml.soapsec.enc.EncryptionSender;
import com.ibm.xml.soapsec.enc.EncryptionSenderConfig;
import com.ibm.xml.soapsec.proxy.FaultProxy;
import com.ibm.xml.soapsec.proxy.MessageContextProxy;
import com.ibm.xml.soapsec.proxy.MessageFactory;
import com.ibm.xml.soapsec.proxy.MessageProxy;
import com.ibm.xml.soapsec.time.TimestampSender;
import com.ibm.xml.soapsec.time.TimestampSenderConfig;
import com.ibm.xml.soapsec.token.BinaryTokenSender;
import com.ibm.xml.soapsec.token.SenderLogin;
import com.ibm.xml.soapsec.token.SenderLoginComponent;
import com.ibm.xml.soapsec.token.TokenRequest;
import com.ibm.xml.soapsec.token.TokenSenderConfig;
import com.ibm.xml.soapsec.token.UsernameTokenSender;
import com.ibm.xml.soapsec.token.XMLTokenSender;
import com.ibm.xml.soapsec.util.ConfigUtil;
import com.ibm.xml.soapsec.util.DOMUtil;
import com.ibm.xml.soapsec.util.NamespaceUtil;
import com.ibm.xml.soapsec.util.SetupJCEProviders;
import com.ibm.xml.soapsec.util.Tr;
import com.ibm.xml.soapsec.util.TraceComponent;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.HashMap;
import java.util.Map;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:lib/com.ibm.ws.runtime.jar:com/ibm/xml/soapsec/SoapSecuritySender.class */
public abstract class SoapSecuritySender {
    public static final String CONFIG_KEY;
    private ThreadLocal _messageConfig = new ThreadLocal();
    private Map handlerOption = new HashMap();
    protected static final String MESSAGE_CONTEXT = "com.ibm.ws.webservices.wssecurity.handler.GlobalSecurityHandler.messageContext";
    private static final TraceComponent tc;
    private static final String comp = "security.wssecurity";
    private static final String clsName;

    public void setHandlerOption(String str, Object obj) {
        this.handlerOption.put(str, obj);
    }

    public Object getHandlerOption(String str) {
        return this.handlerOption.get(str);
    }

    private final void clear() {
        this._messageConfig.set(null);
    }

    private Map getMessageConfig() {
        Map map = (Map) this._messageConfig.get();
        if (map == null) {
            map = new HashMap();
            this._messageConfig.set(map);
        }
        return map;
    }

    public void setMessageOption(String str, Object obj) {
        getMessageConfig().put(str, obj);
    }

    public Object getMessageOption(String str) {
        return getMessageConfig().get(str);
    }

    public Map getMessageOptions() {
        return getMessageConfig();
    }

    public void init() {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void initConfig(MessageContextProxy messageContextProxy) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initConfig(" + messageContextProxy + ")");
        }
        SignatureSender signatureSender = new SignatureSender();
        SenderLoginComponent createLoginComponent = createLoginComponent(messageContextProxy);
        UsernameTokenSender usernameTokenSender = new UsernameTokenSender();
        BinaryTokenSender binaryTokenSender = new BinaryTokenSender();
        XMLTokenSender xMLTokenSender = new XMLTokenSender();
        TimestampSender timestampSender = new TimestampSender();
        EncryptionSender encryptionSender = new EncryptionSender();
        SenderConfig senderConfig = (SenderConfig) getMessageOption(CONFIG_KEY);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Configuration object is as follows:", new Object[]{senderConfig});
        }
        try {
            Map hashMap = new HashMap();
            hashMap.put(SenderConfig.class, senderConfig);
            hashMap.put(SignatureSenderConfig.class, senderConfig.getSignatureConfig());
            hashMap.put(TokenSenderConfig.class, senderConfig.getTokenConfig());
            hashMap.put(EncryptionSenderConfig.class, senderConfig.getEncryptionConfig());
            hashMap.put(TimestampSenderConfig.class, senderConfig.getTimestampConfig());
            signatureSender.init(hashMap);
            createLoginComponent.init(hashMap);
            usernameTokenSender.init(hashMap);
            binaryTokenSender.init(hashMap);
            xMLTokenSender.init(hashMap);
            timestampSender.init(hashMap);
            encryptionSender.init(hashMap);
            setMessageOption(SignatureSender.class.getName(), signatureSender);
            setMessageOption(SenderLoginComponent.class.getName(), createLoginComponent);
            setMessageOption(UsernameTokenSender.class.getName(), usernameTokenSender);
            setMessageOption(BinaryTokenSender.class.getName(), binaryTokenSender);
            setMessageOption(XMLTokenSender.class.getName(), xMLTokenSender);
            setMessageOption(TimestampSender.class.getName(), timestampSender);
            setMessageOption(EncryptionSender.class.getName(), encryptionSender);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "initConfig(MessageContextProxy context)");
            }
        } catch (Exception e) {
            Tr.processException(e, clsName + ".initConfig", "118", this);
            Tr.error(tc, "security.wssecurity.SoapSecuritySender.initConfig", e);
            throw new RuntimeException(e.getMessage());
        }
    }

    protected SenderLoginComponent createLoginComponent(MessageContextProxy messageContextProxy) {
        return new SenderLogin();
    }

    protected boolean adjustContext(MessageContextProxy messageContextProxy, Map map) throws FaultProxy {
        return false;
    }

    protected boolean backContext(MessageContextProxy messageContextProxy, Map map) throws FaultProxy {
        return false;
    }

    public void invoke(MessageContextProxy messageContextProxy) throws FaultProxy {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "invoke(" + messageContextProxy + ")");
        }
        clear();
        try {
            initConfig(messageContextProxy);
            SenderConfig senderConfig = (SenderConfig) getMessageOption(CONFIG_KEY);
            try {
                senderConfig.validate();
                boolean isTimestampEnabled = senderConfig.isTimestampEnabled();
                HashMap hashMap = new HashMap();
                RequestPool.initialize(hashMap);
                boolean z = senderConfig.isTokenEnabled() || senderConfig.isSignatureEnabled() || senderConfig.isEncryptionEnabled() || adjustContext(messageContextProxy, hashMap);
                if (!isTimestampEnabled && !z) {
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "_invoke(MessageContext context)");
                    }
                    return;
                }
                try {
                    MessageProxy currentMessage = messageContextProxy.getCurrentMessage();
                    Document document = currentMessage.getDocument();
                    try {
                        setMessageOption(Constants.TARGET_ENDPOINT, messageContextProxy.getTargetEndpointAddress());
                        setMessageOption(MESSAGE_CONTEXT, messageContextProxy);
                        hashMap.put(Constants.REQUEST_WSSE_NAMESPACE, Constants.getWSSENS(messageContextProxy));
                        hashMap.put(Constants.REQUEST_WSU_NAMESPACE, Constants.getWSUNS(messageContextProxy));
                        if (isTimestampEnabled) {
                            invokeComponent(document, getHeader(document), hashMap, TimestampSender.class);
                        }
                        if (z) {
                            Element addSecurityHeader = addSecurityHeader(document, Constants.getWSSENS(hashMap), senderConfig.getTargetActor(), checkMustUnderstand(senderConfig, messageContextProxy) ? "1" : null);
                            if (senderConfig.isTokenEnabled()) {
                                invokeComponent(document, addSecurityHeader, hashMap, SenderLoginComponent.class);
                            }
                            int length = RequestPool.get(hashMap, TokenRequest.Username.class).length;
                            if (senderConfig.isTokenEnabled() && length > 0) {
                                invokeComponent(document, addSecurityHeader, hashMap, UsernameTokenSender.class);
                            }
                            if (RequestPool.get(hashMap, TokenRequest.Binary.class).length > 0) {
                                invokeComponent(document, addSecurityHeader, hashMap, BinaryTokenSender.class);
                            }
                            if (RequestPool.get(hashMap, TokenRequest.XML.class).length > 0) {
                                invokeComponent(document, addSecurityHeader, hashMap, XMLTokenSender.class);
                            }
                            int length2 = RequestPool.get(hashMap, SignatureRequest.class).length;
                            if (senderConfig.isSignatureEnabled() || length2 > 0) {
                                invokeComponent(document, addSecurityHeader, hashMap, SignatureSender.class);
                            }
                            if (RequestPool.get(hashMap, TokenRequest.Binary.class).length > 0) {
                                invokeComponent(document, addSecurityHeader, hashMap, BinaryTokenSender.class);
                            }
                            int length3 = RequestPool.get(hashMap, EncryptionRequest.class).length;
                            if (senderConfig.isEncryptionEnabled() || length3 > 0) {
                                hashMap.put(Constants.REQUEST_CERT, messageContextProxy.getConfig(Constants.REQUEST_CERT));
                                invokeComponent(document, addSecurityHeader, hashMap, EncryptionSender.class);
                            }
                            if (!senderConfig.doIndentation()) {
                                DOMUtil.removeIndentation(addSecurityHeader);
                            }
                        }
                        messageContextProxy.setCurrentMessage(MessageFactory.getInstance().create(document, currentMessage));
                        backContext(messageContextProxy, hashMap);
                        RequestPool.finalize(hashMap);
                        clear();
                        if (tc.isEntryEnabled()) {
                            Tr.exit(tc, "invoke(MessageContextProxy context)");
                        }
                    } catch (Exception e) {
                        Tr.processException(e, clsName + ".invoke", "264", this);
                        Tr.error(tc, "security.wssecurity.invoke.exception", new Object[]{messageContextProxy.getTargetEndpointAddress(), e});
                        FaultProxy makeFault = FaultProxy.makeFault(e);
                        if (messageContextProxy.getPastPivot()) {
                            messageContextProxy.setCurrentMessage(MessageProxy.getInstance(makeFault));
                        }
                        throw makeFault;
                    }
                } catch (Exception e2) {
                    Tr.processException(e2, clsName + ".invoke", "197", this);
                    Tr.error(tc, "security.wssecurity.message.getDocument", e2);
                    throw FaultProxy.makeFault(e2);
                }
            } catch (SoapSecurityException e3) {
                Tr.processException(e3, clsName + ".invoke", "173", this);
                Tr.error(tc, "security.wssecurity.config.invalid", e3);
                throw FaultProxy.makeFault(e3);
            }
        } finally {
            clear();
        }
    }

    private void invokeComponent(Document document, Element element, Map map, Class cls) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "invokeComponent(" + document + "," + map + "," + cls + ")");
        }
        getComponent(cls).invoke(document, element, map);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "invokeComponent(Document doc, Element security, Map context, Class cl)");
        }
    }

    public void onFault(MessageContextProxy messageContextProxy) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "onFault(" + messageContextProxy + ")");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "onFault(MessageContextProxy context)");
        }
    }

    private SoapSecurityComponent getComponent(Class cls) {
        return (SoapSecurityComponent) getMessageOption(cls.getName());
    }

    private static Element searchForSecurityHeader(Element element, String str, String str2) {
        Element element2;
        Element firstElement = DOMUtil.getFirstElement(element);
        while (true) {
            element2 = firstElement;
            if (element2 == null) {
                return null;
            }
            String namespaceURI = element2.getNamespaceURI();
            String localName = element2.getLocalName();
            if (NamespaceUtil.isWsse(namespaceURI) && "Security".equals(localName)) {
                if (str != null && str.length() != 0) {
                    if (str.equals(element2.getAttributeNS("http://schemas.xmlsoap.org/soap/envelope/", "actor"))) {
                        break;
                    }
                } else if (element2.getAttributeNS("http://schemas.xmlsoap.org/soap/envelope/", "actor").length() == 0) {
                    break;
                }
            }
            firstElement = DOMUtil.getNextElement(element2);
        }
        if (str2 != null) {
            String attributeNS = element2.getAttributeNS("http://schemas.xmlsoap.org/soap/envelope/", "mustUnderstand");
            if (!str2.equals(attributeNS)) {
                Tr.error(tc, "security.wssecurity.SoapSecurityReceiver.sss03", new Object[]{attributeNS, str2});
            }
        }
        return element2;
    }

    public static Element getHeader(Document document) {
        Element documentElement = document.getDocumentElement();
        Element firstElement = DOMUtil.getFirstElement(documentElement, "http://schemas.xmlsoap.org/soap/envelope/", "Header");
        if (firstElement == null) {
            String prefix = documentElement.getPrefix();
            if (prefix == null) {
                prefix = "";
            } else if (prefix.length() > 0) {
                prefix = prefix + ":";
            }
            firstElement = document.createElementNS("http://schemas.xmlsoap.org/soap/envelope/", prefix + "Header");
            documentElement.insertBefore(firstElement, documentElement.getFirstChild());
        }
        return firstElement;
    }

    private static Element addSecurityHeader(Document document, String str, String str2, String str3) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "addSecurityHeader(" + document + "," + str2 + "," + str3 + ")");
        }
        Element header = getHeader(document);
        Element searchForSecurityHeader = searchForSecurityHeader(header, str2, str3);
        if (searchForSecurityHeader != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "addSecurityHeader Uses existing wsse:Security element");
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "addSecurityHeader(Document factory, String actor, String must)");
            }
            return searchForSecurityHeader;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "addSecurityHeader Creates new wsse:Security element");
        }
        Element createElementNS = document.createElementNS(str, "wsse:Security");
        createElementNS.setAttributeNS(Constants.NS_XMLNS, "xmlns:wsse", str);
        if (str2 != null) {
            String prefix = header.getPrefix();
            if (prefix == null || prefix.length() <= 0) {
                createElementNS.setAttributeNS("http://schemas.xmlsoap.org/soap/envelope/", "env:actor", str2);
                createElementNS.setAttributeNS(Constants.NS_XMLNS, "xmlns:env", "http://schemas.xmlsoap.org/soap/envelope/");
            } else {
                createElementNS.setAttributeNS("http://schemas.xmlsoap.org/soap/envelope/", prefix + ":actor", str2);
            }
        }
        if (str3 != null) {
            String prefix2 = header.getPrefix();
            if (prefix2 == null || prefix2.length() <= 0) {
                createElementNS.setAttributeNS("http://schemas.xmlsoap.org/soap/envelope/", "env:mustUnderstand", str3);
                createElementNS.setAttributeNS(Constants.NS_XMLNS, "xmlns:env", "http://schemas.xmlsoap.org/soap/envelope/");
            } else {
                createElementNS.setAttributeNS("http://schemas.xmlsoap.org/soap/envelope/", prefix2 + ":mustUnderstand", str3);
            }
        }
        header.insertBefore(createElementNS, header.getFirstChild());
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "addSecurityHeader(Document factory, String actor, String must)");
        }
        return createElementNS;
    }

    public static void prependSecurityElement(Element element, Element element2) {
        element.insertBefore(element2, element.getFirstChild());
    }

    private boolean checkMustUnderstand(SenderConfig senderConfig, MessageContextProxy messageContextProxy) {
        boolean z = true;
        if (!((MessageContext) messageContextProxy.get()).isServer()) {
            z = senderConfig.getClientSetMustUnderstand();
        } else if (senderConfig.getServiceGetMustUnderstand()) {
            z = ConfigUtil.getMustUnderstand(messageContextProxy);
        }
        ConfigUtil.setMustUnderstand(messageContextProxy, z);
        return z;
    }

    static {
        if (((String) AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.xml.soapsec.SoapSecuritySender.1
            @Override // java.security.PrivilegedAction
            public Object run() {
                return System.getProperty("setup-jce");
            }
        })) != null) {
            SetupJCEProviders.setup();
        }
        CONFIG_KEY = SenderConfig.class.getName();
        tc = Tr.register(SoapSecuritySender.class, "Web Services Security", "com.ibm.ws.webservices.wssecurity.resources.was-wssecurity");
        clsName = SoapSecuritySender.class.getName();
    }
}
