package org.apache.cxf.ws.security.wss4j;

import java.security.Principal;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import javax.security.auth.Subject;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.headers.Header;
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.interceptor.security.DefaultSecurityContext;
import org.apache.cxf.rt.security.SecurityConstants;
import org.apache.cxf.rt.security.utils.SecurityUtils;
import org.apache.cxf.security.SecurityContext;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.cxf.ws.security.tokenstore.TokenStore;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.dom.WSDocInfo;
import org.apache.wss4j.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngineResult;
import org.apache.wss4j.dom.handler.WSHandlerConstants;
import org.apache.wss4j.dom.handler.WSHandlerResult;
import org.apache.wss4j.dom.processor.BinarySecurityTokenProcessor;
import org.apache.wss4j.policy.model.AbstractToken;
import org.w3c.dom.Element;

/* loaded from: input_file:lib/cxf-rt-ws-security-3.5.5.jar:org/apache/cxf/ws/security/wss4j/BinarySecurityTokenInterceptor.class */
public class BinarySecurityTokenInterceptor extends AbstractTokenInterceptor {
    @Override // org.apache.cxf.ws.security.wss4j.AbstractTokenInterceptor
    protected void processToken(SoapMessage soapMessage) {
        Header findSecurityHeader = findSecurityHeader(soapMessage, false);
        if (findSecurityHeader == null) {
            return;
        }
        Element firstElement = DOMUtils.getFirstElement((Element) findSecurityHeader.getObject());
        while (true) {
            Element element = firstElement;
            if (element == null) {
                return;
            }
            if ("BinarySecurityToken".equals(element.getLocalName()) && "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd".equals(element.getNamespaceURI())) {
                try {
                    List<WSSecurityEngineResult> processToken = processToken(element, soapMessage);
                    if (processToken != null) {
                        List cast = CastUtils.cast((List<?>) soapMessage.get(WSHandlerConstants.RECV_RESULTS));
                        if (cast == null) {
                            cast = new ArrayList();
                            soapMessage.put(WSHandlerConstants.RECV_RESULTS, (Object) cast);
                        }
                        cast.add(0, new WSHandlerResult(null, processToken, Collections.singletonMap(4096, processToken)));
                        assertTokens(soapMessage);
                        Principal principal = (Principal) processToken.get(0).get(WSSecurityEngineResult.TAG_PRINCIPAL);
                        SecurityContext securityContext = (SecurityContext) soapMessage.get(SecurityContext.class);
                        if (securityContext == null || securityContext.getUserPrincipal() == null) {
                            soapMessage.put((Class<Class>) SecurityContext.class, (Class) new DefaultSecurityContext(principal, (Subject) null));
                        }
                    }
                } catch (WSSecurityException e) {
                    throw WSS4JUtils.createSoapFault(soapMessage, soapMessage.getVersion(), e);
                }
            }
            firstElement = DOMUtils.getNextElement(element);
        }
    }

    private List<WSSecurityEngineResult> processToken(Element element, SoapMessage soapMessage) throws WSSecurityException {
        CXFRequestData cXFRequestData = new CXFRequestData();
        try {
            cXFRequestData.setCallbackHandler(SecurityUtils.getCallbackHandler(SecurityUtils.getSecurityPropertyValue(SecurityConstants.CALLBACK_HANDLER, soapMessage)));
            cXFRequestData.setMsgContext(soapMessage);
            cXFRequestData.setWssConfig(WSSConfig.getNewInstance());
            cXFRequestData.setWsDocInfo(new WSDocInfo(element.getOwnerDocument()));
            return new BinarySecurityTokenProcessor().handleToken(element, cXFRequestData);
        } catch (Exception e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
        }
    }

    @Override // org.apache.cxf.ws.security.wss4j.AbstractTokenInterceptor
    protected AbstractToken assertTokens(SoapMessage soapMessage) {
        return null;
    }

    @Override // org.apache.cxf.ws.security.wss4j.AbstractTokenInterceptor
    protected void addToken(SoapMessage soapMessage) {
        SecurityToken securityToken = getSecurityToken(soapMessage);
        if (securityToken == null || securityToken.getToken() == null) {
            return;
        }
        assertTokens(soapMessage);
        Element element = (Element) findSecurityHeader(soapMessage, true).getObject();
        element.appendChild(element.getOwnerDocument().importNode(securityToken.getToken(), true));
    }

    private SecurityToken getSecurityToken(SoapMessage soapMessage) {
        String str;
        if (soapMessage.getContextualProperty(org.apache.cxf.ws.security.SecurityConstants.TOKEN) instanceof SecurityToken) {
            return (SecurityToken) soapMessage.getContextualProperty(org.apache.cxf.ws.security.SecurityConstants.TOKEN);
        }
        TokenStore tokenStore = getTokenStore(soapMessage);
        if (tokenStore == null || (str = (String) soapMessage.getContextualProperty(org.apache.cxf.ws.security.SecurityConstants.TOKEN_ID)) == null) {
            return null;
        }
        return tokenStore.getToken(str);
    }
}
