package com.sun.xml.wss.provider.wsit;

import com.sun.xml.ws.api.message.Packet;
import com.sun.xml.ws.api.pipe.NextAction;
import com.sun.xml.ws.api.pipe.Tube;
import com.sun.xml.ws.api.pipe.TubeCloner;
import com.sun.xml.ws.api.pipe.helper.AbstractFilterTubeImpl;
import com.sun.xml.ws.api.pipe.helper.AbstractTubeImpl;
import com.sun.xml.ws.api.server.WSEndpoint;
import com.sun.xml.wss.NonceManager;
import com.sun.xml.wss.provider.wsit.logging.LogDomainConstants;
import com.sun.xml.wss.provider.wsit.logging.LogStringsMessages;
import java.security.AccessControlContext;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import javax.security.auth.message.AuthException;
import javax.security.auth.message.AuthStatus;
import javax.security.auth.message.config.ServerAuthContext;
import javax.xml.ws.WebServiceException;

/* loaded from: input_file:com/sun/xml/wss/provider/wsit/ServerSecurityTube.class */
public class ServerSecurityTube extends AbstractFilterTubeImpl {
    protected static final Logger logger = Logger.getLogger("com.sun.xml.wss.provider.wsit", LogDomainConstants.WSIT_PVD_DOMAIN_BUNDLE);
    private final boolean isHttpBinding;
    private PipeHelper helper;
    private AuthStatus status;
    private ServerAuthContext sAC;
    private PacketMessageInfo info;
    private WSEndpoint wsEndpoint;

    public ServerSecurityTube(Map<Object, Object> map, Tube tube, boolean z) {
        super(tube);
        this.status = AuthStatus.SEND_SUCCESS;
        this.sAC = null;
        this.info = null;
        this.wsEndpoint = null;
        map.put(PipeConstants.SECURITY_PIPE, this);
        this.helper = new PipeHelper(PipeConstants.SOAP_LAYER, map, null);
        this.isHttpBinding = z;
        this.wsEndpoint = (WSEndpoint) map.get(PipeConstants.ENDPOINT);
    }

    protected ServerSecurityTube(ServerSecurityTube serverSecurityTube, TubeCloner tubeCloner) {
        super(serverSecurityTube, tubeCloner);
        this.status = AuthStatus.SEND_SUCCESS;
        this.sAC = null;
        this.info = null;
        this.wsEndpoint = null;
        this.helper = serverSecurityTube.helper;
        this.isHttpBinding = serverSecurityTube.isHttpBinding;
    }

    /* renamed from: copy, reason: merged with bridge method [inline-methods] */
    public AbstractTubeImpl m293copy(TubeCloner tubeCloner) {
        return new ServerSecurityTube(this, tubeCloner);
    }

    private Subject getClientSubject(Packet packet) {
        Subject subject = null;
        if (packet != null) {
            subject = (Subject) packet.invocationProperties.get(PipeConstants.CLIENT_SUBJECT);
        }
        if (subject == null) {
            subject = this.helper.getClientSubject();
            if (packet != null) {
                packet.invocationProperties.put(PipeConstants.CLIENT_SUBJECT, subject);
            }
        }
        return subject;
    }

    public NextAction processRequest(Packet packet) {
        Packet requestPacket;
        this.info = new PacketMapMessageInfo(packet, new Packet());
        Subject subject = (Subject) packet.invocationProperties.get(PipeConstants.SERVER_SUBJECT);
        Subject clientSubject = getClientSubject(packet);
        try {
            this.sAC = this.helper.getServerAuthContext(this.info, subject);
            if (this.sAC != null) {
                this.status = this.sAC.validateRequest(this.info, clientSubject, subject);
                requestPacket = this.info.getRequestPacket();
            } else {
                requestPacket = this.info.getRequestPacket();
                this.status = AuthStatus.SUCCESS;
            }
            if (this.status != AuthStatus.SUCCESS) {
                if (logger.isLoggable(Level.FINE)) {
                    logger.log(Level.FINE, "ws.status_validate_request", this.status);
                }
                return doReturnWith(this.info.getResponsePacket());
            }
            this.helper.authorize(requestPacket);
            if (System.getSecurityManager() == null) {
                return doInvoke(((AbstractFilterTubeImpl) this).next, requestPacket);
            }
            final Tube tube = ((AbstractFilterTubeImpl) this).next;
            final Packet packet2 = requestPacket;
            try {
                return (NextAction) Subject.doAsPrivileged(clientSubject, new PrivilegedExceptionAction() { // from class: com.sun.xml.wss.provider.wsit.ServerSecurityTube.1
                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws Exception {
                        return ServerSecurityTube.this.doInvoke(tube, packet2);
                    }
                }, (AccessControlContext) null);
            } catch (PrivilegedActionException e) {
                Throwable cause = e.getCause();
                if (cause instanceof AuthException) {
                    logger.log(Level.SEVERE, LogStringsMessages.WSITPVD_0055_WS_ERROR_NEXT_PIPE(), cause);
                }
                return doReturnWith(this.helper.getFaultResponse(requestPacket, this.info.getResponsePacket(), cause));
            }
        } catch (Exception e2) {
            logger.log(Level.SEVERE, LogStringsMessages.WSITPVD_0053_ERROR_VALIDATE_REQUEST(), (Throwable) e2);
            Throwable webServiceException = new WebServiceException("Cannot validate request for", e2);
            this.status = AuthStatus.SEND_FAILURE;
            return doReturnWith(this.helper.getFaultResponse(this.info.getRequestPacket(), this.info.getResponsePacket(), webServiceException));
        }
    }

    public NextAction processResponse(Packet packet) {
        Subject subject = (Subject) packet.invocationProperties.get(PipeConstants.SERVER_SUBJECT);
        if (this.sAC != null && packet.getMessage() != null) {
            try {
                this.info.setResponsePacket(packet);
                packet = processResponse(this.info, this.sAC, subject);
            } catch (Exception e) {
                logger.log(Level.SEVERE, LogStringsMessages.WSITPVD_0057_ERROR_PROCESS_RESPONSE(), (Throwable) e);
            }
        }
        return doReturnWith(packet);
    }

    public NextAction processException(Throwable th) {
        if (!(th instanceof WebServiceException)) {
            th = new WebServiceException(th);
        }
        return doThrow(th);
    }

    private Packet processResponse(PacketMessageInfo packetMessageInfo, ServerAuthContext serverAuthContext, Subject subject) {
        try {
            AuthStatus secureResponse = serverAuthContext.secureResponse(packetMessageInfo, subject);
            if (logger.isLoggable(Level.FINE)) {
                logger.log(Level.FINE, "ws.status_secure_response", secureResponse);
            }
            return AuthStatus.SEND_FAILURE == secureResponse ? this.helper.makeFaultResponse(packetMessageInfo.getResponsePacket(), new Exception("Error in Securing Response")) : packetMessageInfo.getResponsePacket();
        } catch (Exception e) {
            if (!(e instanceof AuthException)) {
                logger.log(Level.SEVERE, LogStringsMessages.WSITPVD_0054_ERROR_SECURE_RESPONSE(), (Throwable) e);
            } else if (logger.isLoggable(Level.INFO)) {
                logger.log(Level.INFO, "ws.error_secure_response", (Throwable) e);
            }
            return this.helper.makeFaultResponse(packetMessageInfo.getResponsePacket(), e);
        }
    }

    public void preDestroy() {
        this.helper.disable();
        this.next.preDestroy();
        NonceManager.deleteInstance(this.wsEndpoint);
    }
}
