package com.ibm.ws.webservices.wssecurity.handler;

import com.ibm.ws.security.core.ContextManager;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.webservices.engine.MessageContext;
import com.ibm.ws.webservices.wssecurity.util.CORBAHelper;
import com.ibm.ws.webservices.wssecurity.util.ConfigConstants;
import com.ibm.ws.webservices.wssecurity.util.WSSoapSecurityUtil;
import com.ibm.wsspi.webservices.rpc.handler.GenericHandler;
import com.ibm.xml.soapsec.Constants;
import com.ibm.xml.soapsec.ReceiverConfig;
import com.ibm.xml.soapsec.Result;
import com.ibm.xml.soapsec.SoapSecurityReceiver;
import com.ibm.xml.soapsec.dsig.SignatureResult;
import com.ibm.xml.soapsec.proxy.FaultProxy;
import com.ibm.xml.soapsec.proxy.MessageContextProxy;
import com.ibm.xml.soapsec.token.LoginResult;
import com.ibm.xml.soapsec.token.TokenResult;
import com.ibm.xml.soapsec.util.Tr;
import com.ibm.xml.soapsec.util.TraceComponent;
import java.security.cert.X509Certificate;
import javax.security.auth.Subject;

/* loaded from: input_file:lib/com.ibm.ws.runtime.jar:com/ibm/ws/webservices/wssecurity/handler/WSSoapSecurityReceiverBase.class */
public class WSSoapSecurityReceiverBase extends SoapSecurityReceiver {
    private static final String comp = "security.wssecurity";
    public static final String OPTION = GlobalSecurityHandler.class.getName() + ".configPath";
    private static final TraceComponent tc = Tr.register(WSSoapSecurityReceiverBase.class, "Web Services Security", "com.ibm.ws.webservices.wssecurity.resources.was-wssecurity");
    private static final String clsName = WSSoapSecurityReceiverBase.class.getName();

    @Override // com.ibm.xml.soapsec.SoapSecurityReceiver
    public void init() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "init()");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "init()");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.ibm.xml.soapsec.SoapSecurityReceiver
    public void initConfig(MessageContextProxy messageContextProxy) {
        boolean z;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initConfig(" + messageContextProxy + ")");
        }
        String str = (String) getHandlerOption(GenericHandler.HANDLER_PARAM_ROLE);
        if (str == null || str.length() == 0) {
            z = !messageContextProxy.getPastPivot();
        } else {
            z = str.equals(GenericHandler.HANDLER_PARAM_ROLE_SERVER);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "isServer=" + z);
        }
        try {
            if (z) {
                ReceiverConfig receiverConfig = (ReceiverConfig) messageContextProxy.getConfig("RequestReceiverConfig");
                if (receiverConfig == null) {
                    throw new IllegalArgumentException(ConfigConstants.getMessage("security.wssecurity.request.receiver.config.isnull"));
                }
                if (tc.isDebugEnabled()) {
                    StringBuffer stringBuffer = new StringBuffer("ReceiverConfig class name=");
                    stringBuffer.append(receiverConfig.getClass().getName());
                    stringBuffer.append(", source=");
                    if (receiverConfig instanceof WSEMFRequestReceiverConfig) {
                        stringBuffer.append(((WSEMFRequestReceiverConfig) receiverConfig).getOrigin());
                    } else {
                        stringBuffer.append("unknown");
                    }
                    stringBuffer.append(", ReceiverConfig=").append(receiverConfig);
                    Tr.debug(tc, stringBuffer.toString());
                }
                if (receiverConfig instanceof WSEMFRequestReceiverConfig) {
                    WSEMFRequestReceiverConfig wSEMFRequestReceiverConfig = (WSEMFRequestReceiverConfig) receiverConfig;
                    String wssens = wSEMFRequestReceiverConfig.getWSSENS();
                    if (wssens != null && wssens.length() != 0) {
                        messageContextProxy.setConfig(Constants.REQUEST_WSSE_NAMESPACE, wssens);
                    }
                    String wsuns = wSEMFRequestReceiverConfig.getWSUNS();
                    if (wsuns != null && wsuns.length() != 0) {
                        messageContextProxy.setConfig(Constants.REQUEST_WSU_NAMESPACE, wsuns);
                    }
                }
                setMessageOption(CONFIG_KEY, receiverConfig);
            } else {
                ReceiverConfig receiverConfig2 = (ReceiverConfig) messageContextProxy.getConfig("ResponseReceiverConfig");
                if (receiverConfig2 == null) {
                    throw new IllegalArgumentException(ConfigConstants.getMessage("security.wssecurity.reponse.receiver.config.isnull"));
                }
                if (tc.isDebugEnabled()) {
                    StringBuffer stringBuffer2 = new StringBuffer("ReceiverConfig class name=");
                    stringBuffer2.append(receiverConfig2.getClass().getName());
                    stringBuffer2.append(", source=");
                    if (receiverConfig2 instanceof WSEMFResponseReceiverConfig) {
                        stringBuffer2.append(((WSEMFResponseReceiverConfig) receiverConfig2).getOrigin());
                    } else {
                        stringBuffer2.append("unknown");
                    }
                    stringBuffer2.append(", ReceiverConfig=").append(receiverConfig2);
                    Tr.debug(tc, stringBuffer2.toString());
                }
                setMessageOption(CONFIG_KEY, receiverConfig2);
            }
            super.initConfig(messageContextProxy);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "initConfig(MessageContextProxy context)");
            }
        } catch (IllegalArgumentException e) {
            throw e;
        } catch (Throwable th) {
            Tr.processException(th, clsName + ".init", "96", this);
            Tr.error(tc, "security.wssecurity.FileConfigSSR.init", th);
            throw new IllegalArgumentException(th.getMessage());
        }
    }

    @Override // com.ibm.xml.soapsec.SoapSecurityReceiver
    public void invoke(MessageContextProxy messageContextProxy) throws FaultProxy {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "invoke(" + messageContextProxy + ")");
        }
        if (WSSoapSecurityUtil.getServiceHandler((MessageContext) messageContextProxy.get()) != null) {
            super.invoke(messageContextProxy);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "invoke(MessageContextProxy context)");
        }
    }

    @Override // com.ibm.xml.soapsec.SoapSecurityReceiver
    protected void processLoginResults(Result[] resultArr, MessageContextProxy messageContextProxy) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "processLoginResults(" + resultArr + "," + messageContextProxy + ")");
        }
        if (resultArr.length != 0) {
            for (int i = 0; i < resultArr.length; i++) {
                if (resultArr[i] instanceof LoginResult) {
                    Subject subject = ((LoginResult) resultArr[i]).getSubject();
                    CORBAHelper.pushCredential(subject, (MessageContext) messageContextProxy.get());
                    ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
                    if (contextManagerFactory == null) {
                        Tr.error(tc, "security.wssecurity.ctxmgr.isnull");
                    } else {
                        contextManagerFactory.put(ConfigConstants.WS_INITIAL_SENDER_ID, subject);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Initial Sender", subject);
                        }
                    }
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "processLoginResults(Result[] results, MessageContext context)");
                        return;
                    }
                    return;
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "None of the results has a LoginResult, no initial sender is set");
                }
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "No results, no initial sender is set");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "processLoginResults(Result[] results, MessageContext context)");
        }
    }

    @Override // com.ibm.xml.soapsec.SoapSecurityReceiver
    protected void processCertificateResults(Result[] resultArr, Result[] resultArr2, MessageContextProxy messageContextProxy) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "processCertificateResults(" + resultArr + "," + resultArr2 + "," + messageContextProxy + ")");
        }
        if (resultArr.length == 0) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "No resultSign, no signer certificate is set");
            }
        } else if (resultArr2.length != 0) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "result Sign length: " + resultArr.length);
                Tr.debug(tc, "result Token length: " + resultArr2.length);
            }
            X509Certificate x509Certificate = null;
            int i = 0;
            while (true) {
                if (i >= resultArr.length) {
                    break;
                }
                if (resultArr[i] instanceof SignatureResult) {
                    SignatureResult signatureResult = (SignatureResult) resultArr[i];
                    if (signatureResult.isAuthenticatedId()) {
                        x509Certificate = signatureResult.getCertificate();
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Found signer cert: " + x509Certificate);
                        }
                    } else if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Signature result found, but it is not used as authenticated identity, therefore, original certificate is not saved");
                    }
                }
                i++;
            }
            if (x509Certificate != null) {
                Tr.debug(tc, "Signer Cert: " + x509Certificate);
            } else {
                Tr.debug(tc, "Signer Cert is null!");
                int i2 = 0;
                while (true) {
                    if (i2 >= resultArr2.length) {
                        break;
                    }
                    if (resultArr2[i2] instanceof TokenResult.X509) {
                        TokenResult.X509 x509 = (TokenResult.X509) resultArr2[i2];
                        if (x509.isAuthenticatedId()) {
                            x509Certificate = x509.getCertificate();
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Found sender cert: " + x509Certificate);
                            }
                        } else if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "X509 Token result found, but it is not used as authenticated identity, therefore, original certificate is not saved");
                        }
                    }
                    i2++;
                }
            }
            if (x509Certificate != null) {
                ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
                if (contextManagerFactory == null) {
                    Tr.error(tc, "security.wssecurity.ctxmgr.isnull");
                } else {
                    contextManagerFactory.put("com.ibm.ws.wssecurity.OriginalCert", x509Certificate);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Initial Cert", x509Certificate);
                    }
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "No Initial Cert found");
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "No resultToken, no initial sender certificate is set");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "processCertificateResults(Result[] resultSign, Result[] resultToken, MessageContext context)");
        }
    }

    public String toString() {
        return "WSSoapSecurityReceiverBase(config=" + getMessageOption(CONFIG_KEY) + ")";
    }
}
