package com.ibm.ws.wssecurity.cxf.interceptor;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.wssecurity.cxf.validator.UsernameTokenValidator;
import com.ibm.ws.wssecurity.cxf.validator.Utils;
import com.ibm.ws.wssecurity.cxf.validator.WssSamlAssertionValidator;
import com.ibm.ws.wssecurity.internal.WSSecurityConstants;
import com.ibm.ws.wssecurity.signature.SignatureAlgorithms;
import com.ibm.wsspi.kernel.service.utils.SerializableProtectedString;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.binding.soap.interceptor.AbstractSoapInterceptor;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.phase.Phase;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor;
import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:wlp/lib/com.ibm.ws.wssecurity_1.0.13.jar:com/ibm/ws/wssecurity/cxf/interceptor/WSSecurityLibertyPluginInterceptor.class */
public class WSSecurityLibertyPluginInterceptor extends AbstractSoapInterceptor {
    private static final String SIGNATURE_METHOD = "signatureAlgorithm";
    static final long serialVersionUID = 4211940688980554572L;
    static final Map<String, Object> providerConfigMap = Collections.synchronizedMap(new HashMap());
    static final Map<String, Object> clientConfigMap = Collections.synchronizedMap(new HashMap());
    private static final TraceComponent tc = Tr.register((Class<?>) WSSecurityLibertyPluginInterceptor.class, "WSSecurity", "com.ibm.ws.wssecurity.resources.WSSecurityMessages");
    static Map<String, Object> samlTokenConfigMap = null;

    public WSSecurityLibertyPluginInterceptor() {
        super(Phase.PRE_PROTOCOL);
        addBefore(PolicyBasedWSS4JInInterceptor.class.getName());
        addBefore(PolicyBasedWSS4JOutInterceptor.class.getName());
    }

    public static void setBindingsConfiguration(Map<String, Object> map) {
        if (map == null) {
            providerConfigMap.clear();
            return;
        }
        if (!providerConfigMap.isEmpty()) {
            providerConfigMap.clear();
        }
        providerConfigMap.putAll(map);
    }

    public static void setClientBindingsConfiguration(Map<String, Object> map) {
        if (map == null) {
            clientConfigMap.clear();
            return;
        }
        if (!clientConfigMap.isEmpty()) {
            clientConfigMap.clear();
        }
        clientConfigMap.putAll(map);
    }

    public static void setSamlTokenConfiguration(Map<String, Object> map) {
        samlTokenConfigMap = map;
    }

    @Override // org.apache.cxf.interceptor.Interceptor
    public void handleMessage(@Sensitive SoapMessage soapMessage) throws Fault {
        if (soapMessage == null) {
            return;
        }
        if (!MessageUtils.isRequestor(soapMessage)) {
            if (soapMessage.getContextualProperty(SecurityConstants.USERNAME_TOKEN_VALIDATOR) == null) {
                soapMessage.put(SecurityConstants.USERNAME_TOKEN_VALIDATOR, new UsernameTokenValidator());
            }
            if (soapMessage.getContextualProperty(SecurityConstants.SAML2_TOKEN_VALIDATOR) == null) {
                soapMessage.put(SecurityConstants.SAML2_TOKEN_VALIDATOR, new WssSamlAssertionValidator(samlTokenConfigMap));
            }
            for (String str : providerConfigMap.keySet()) {
                if ("ws-security.signature.properties".equals(str)) {
                    Map map = (Map) providerConfigMap.get("ws-security.signature.properties");
                    if (map != null) {
                        HashMap hashMap = new HashMap(map);
                        Utils.modifyConfigMap(hashMap);
                        Properties properties = new Properties();
                        properties.putAll(hashMap);
                        soapMessage.setContextualProperty(str, properties);
                        soapMessage.setContextualProperty("ws-security.signature.crypto", Utils.getCrypto(properties));
                        SignatureAlgorithms.setAlgorithm(soapMessage, (String) map.get("signatureAlgorithm"));
                    }
                } else if ("ws-security.encryption.properties".equals(str)) {
                    Map map2 = (Map) providerConfigMap.get("ws-security.encryption.properties");
                    if (map2 != null) {
                        HashMap hashMap2 = new HashMap(map2);
                        Utils.modifyConfigMap(hashMap2);
                        Properties properties2 = new Properties();
                        properties2.putAll(hashMap2);
                        soapMessage.setContextualProperty(str, properties2);
                        soapMessage.setContextualProperty("ws-security.encryption.crypto", Utils.getCrypto(properties2));
                    }
                } else if ("ws-security.password".equals(str)) {
                    soapMessage.setContextualProperty(str, Utils.changePasswordType((SerializableProtectedString) providerConfigMap.get("ws-security.password")));
                } else {
                    if ("ws-security.cache.config.file".equals(str)) {
                    }
                    soapMessage.setContextualProperty(str, providerConfigMap.get(str));
                }
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "Provider Config attribute is set on message = ", str, ", value = ", providerConfigMap.get(str));
                }
            }
            return;
        }
        boolean z = soapMessage.getContextualProperty("ws-security.username") != null;
        for (String str2 : clientConfigMap.keySet()) {
            if (soapMessage.getContextualProperty(str2) == null) {
                if ("ws-security.signature.properties".equals(str2)) {
                    Map map3 = (Map) clientConfigMap.get("ws-security.signature.properties");
                    if (map3 != null) {
                        HashMap hashMap3 = new HashMap(map3);
                        Utils.modifyConfigMap(hashMap3);
                        Properties properties3 = new Properties();
                        properties3.putAll(hashMap3);
                        soapMessage.setContextualProperty(str2, properties3);
                        soapMessage.setContextualProperty("ws-security.signature.crypto", Utils.getCrypto(properties3));
                        SignatureAlgorithms.setAlgorithm(soapMessage, (String) map3.get("signatureAlgorithm"));
                    }
                } else if ("ws-security.encryption.properties".equals(str2)) {
                    Map map4 = (Map) clientConfigMap.get("ws-security.encryption.properties");
                    if (map4 != null) {
                        HashMap hashMap4 = new HashMap(map4);
                        Utils.modifyConfigMap(hashMap4);
                        Properties properties4 = new Properties();
                        properties4.putAll(hashMap4);
                        soapMessage.setContextualProperty(str2, properties4);
                        soapMessage.setContextualProperty("ws-security.encryption.crypto", Utils.getCrypto(properties4));
                    }
                } else if (!"ws-security.password".equals(str2)) {
                    soapMessage.setContextualProperty(str2, clientConfigMap.get(str2));
                } else if (!z) {
                    soapMessage.setContextualProperty(str2, Utils.changePasswordType((SerializableProtectedString) clientConfigMap.get("ws-security.password")));
                }
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "Client Config attribute is set on message = ", str2, ", value = ", clientConfigMap.get(str2));
                }
            }
            String str3 = (String) soapMessage.getContextualProperty("ws-security.saml-callback-handler");
            if (str3 == null || str3.isEmpty()) {
                soapMessage.setContextualProperty("ws-security.saml-callback-handler", WSSecurityConstants.DEFAULT_SAML_CALLBACK_HANDLER);
            }
        }
    }
}
