package weblogic.wsee.security.wst.internal;

import com.oracle.webservices.oracle_internal_api.interceptors.InterceptorConstants;
import java.util.Locale;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.xml.rpc.handler.GenericHandler;
import javax.xml.rpc.handler.soap.SOAPMessageContext;
import javax.xml.soap.SOAPException;
import org.w3c.dom.Node;
import weblogic.wsee.addressing.AddressingHelper;
import weblogic.wsee.message.WlMessageContext;
import weblogic.wsee.policy.framework.DOMUtils;
import weblogic.wsee.policy.framework.PolicyException;
import weblogic.wsee.policy.runtime.PolicyContext;
import weblogic.wsee.reliability.policy.ReliabilityPolicyAssertionsUtils;
import weblogic.wsee.security.WssServerPolicyHandler;
import weblogic.wsee.security.configuration.MBeanConstants;
import weblogic.wsee.security.wssc.utils.WSSCCompatibilityUtil;
import weblogic.wsee.security.wst.faults.BadRequestException;
import weblogic.wsee.security.wst.faults.RequestFailedException;
import weblogic.wsee.security.wst.faults.WSTFaultException;
import weblogic.wsee.security.wst.faults.WSTFaultUtil;
import weblogic.wsee.security.wst.framework.TrustProcessor;
import weblogic.wsee.security.wst.framework.TrustProcessorFactory;
import weblogic.wsee.security.wst.framework.WSTConstants;
import weblogic.wsee.security.wst.framework.WSTContext;
import weblogic.wsee.security.wst.helpers.BindingHelper;
import weblogic.wsee.security.wst.helpers.SOAPHelper;

/* loaded from: input_file:weblogic/wsee/security/wst/internal/STSMessageHandler.class */
public class STSMessageHandler extends WSTServerHandler {
    private static final Logger LOGGER = Logger.getLogger(STSMessageHandler.class.getName());
    private static final String STS_POLICY_VALIDATION_OFF = "weblogic.wsee.security.wst.sts.policy.validation.off";

    @Override // weblogic.wsee.security.wst.internal.WSTServerHandler
    public boolean handleTrustRequest(SOAPMessageContext sOAPMessageContext, String str) {
        if (LOGGER.isLoggable(Level.FINE)) {
            LOGGER.log(Level.FINE, " handleTrustRequest  action arg value='" + str + "'");
        }
        if (!Boolean.getBoolean(STS_POLICY_VALIDATION_OFF)) {
            validatePolicy(sOAPMessageContext);
        }
        if (sOAPMessageContext.containsProperty(WSSCCompatibilityUtil.WST_HEURISTIC_FLAG)) {
            sOAPMessageContext.removeProperty(WSSCCompatibilityUtil.WST_HEURISTIC_FLAG);
        }
        String amendRSTRAction = amendRSTRAction(str);
        if (LOGGER.isLoggable(Level.FINE)) {
            LOGGER.log(Level.FINE, " handleTrustRequest  amended action arg value='" + amendRSTRAction + "'");
        }
        try {
            WSTContext initWSTContext = initWSTContext(sOAPMessageContext, amendRSTRAction);
            boolean z = false;
            if (amendRSTRAction.toLowerCase(Locale.ENGLISH).startsWith("http://docs.oasis-open.org/ws-sx/ws-trust/200512".toLowerCase(Locale.ENGLISH))) {
                z = true;
            }
            Node processRequestSecurityToken = getTrustProcessorFromAction(str).processRequestSecurityToken(SOAPHelper.getRSTBaseNode(sOAPMessageContext.getMessage()), initWSTContext);
            Node node = processRequestSecurityToken;
            if (z) {
                Node marshalRST = BindingHelper.marshalRST(BindingHelper.createEmptyRSTRC(initWSTContext), initWSTContext);
                marshalRST.appendChild(marshalRST.getOwnerDocument().importNode(processRequestSecurityToken, true));
                node = marshalRST;
            }
            sOAPMessageContext.setMessage(SOAPHelper.createRSTBaseMsgContext(node, initWSTContext).getMessage());
            ((WlMessageContext) sOAPMessageContext).getHeaders().addHeader(AddressingHelper.getAddressingProvider(sOAPMessageContext).createActionHeader(amendRSTRAction));
            if ("true".equalsIgnoreCase((String) sOAPMessageContext.getProperty(weblogic.wsee.jaxws.framework.jaxrpc.SOAPMessageContext.JAX_WS_RUNTIME))) {
                sOAPMessageContext.setProperty(InterceptorConstants.SOAPACTION_URI_PROPERTY, amendRSTRAction);
            }
            return false;
        } catch (PolicyException e) {
            WSTFaultUtil.raiseFault(new BadRequestException("Unable to read trust boot strap policy: " + e.getMessage()));
            return false;
        } catch (SOAPException e2) {
            WSTFaultUtil.raiseFault(new BadRequestException("SOAP Exception on reading trust boot strap policy: " + e2.getMessage()));
            return false;
        } catch (WSTFaultException e3) {
            e3.printStackTrace();
            WSTFaultUtil.raiseFault(e3);
            return false;
        }
    }

    private void validatePolicy(SOAPMessageContext sOAPMessageContext) {
        if (getPolicyHandler().handleRequest(sOAPMessageContext)) {
            return;
        }
        String str = "";
        try {
            str = " " + DOMUtils.toXMLString(sOAPMessageContext.getMessage().getSOAPBody().getFault());
        } catch (SOAPException e) {
        }
        WSTFaultUtil.raiseFault(new WSTFaultException("Failed to validate trust request against policy." + str));
    }

    protected GenericHandler getPolicyHandler() {
        return new WssServerPolicyHandler();
    }

    private WSTContext initWSTContext(SOAPMessageContext sOAPMessageContext, String str) throws PolicyException, SOAPException {
        WSTContext wSTContext = WSTContext.getWSTContext(sOAPMessageContext);
        wSTContext.setAppliesTo((String) sOAPMessageContext.getProperty("weblogic.wsee.connection.end_point_address"));
        wSTContext.setAction(str);
        boolean hasRMPolicy = ReliabilityPolicyAssertionsUtils.hasRMPolicy(PolicyContext.getEndpointPolicy(sOAPMessageContext));
        boolean equalsIgnoreCase = "true".equalsIgnoreCase((String) sOAPMessageContext.getProperty(weblogic.wsee.jaxws.framework.jaxrpc.SOAPMessageContext.JAX_WS_RUNTIME));
        if (hasRMPolicy || equalsIgnoreCase) {
            wSTContext.setPersistSession(true);
        }
        determineTokenType(wSTContext, str);
        setTrustNamespace(wSTContext, str);
        return wSTContext;
    }

    private static final String amendRSTRAction(String str) {
        if ("http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue".equals(str)) {
            return "http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTRC/IssueFinal";
        }
        int indexOf = str.indexOf("/trust/RST/");
        if (indexOf > 0) {
            return str.substring(0, indexOf) + "/trust/RSTR/" + str.substring(indexOf + "/trust/RST/".length(), str.length());
        }
        int indexOf2 = str.indexOf("ws-trust/200512/RST/");
        return indexOf2 > 0 ? str.substring(0, indexOf2) + "ws-trust/200512/RSTR/" + str.substring(indexOf2 + "ws-trust/200512/RST/".length(), str.length()) : str;
    }

    private static TrustProcessor getTrustProcessorFromAction(String str) throws RequestFailedException {
        TrustProcessorFactory trustProcessorFactory = TrustProcessorFactory.getInstance();
        String substring = str.substring(str.lastIndexOf(47));
        TrustProcessor processor = substring.equalsIgnoreCase("/SCT") ? trustProcessorFactory.getProcessor(str) : trustProcessorFactory.getProcessor(substring);
        if (processor == null) {
            throw new RequestFailedException("Can not find trust processor to handle action:" + str);
        }
        return processor;
    }

    private static void determineTokenType(WSTContext wSTContext, String str) throws SOAPException {
        if (LOGGER.isLoggable(Level.FINE)) {
            LOGGER.log(Level.FINE, " about to look up token type for action='" + str.toLowerCase(Locale.ENGLISH) + "'");
        }
        String lowerCase = str.toLowerCase(Locale.ENGLISH);
        if (lowerCase.indexOf(WSTConstants.SCT_CONSTANT) > -1) {
            if (lowerCase.indexOf("http://schemas.xmlsoap.org/ws/2005/02/trust") > -1) {
                wSTContext.setTokenType("http://schemas.xmlsoap.org/ws/2005/02/sc/sct");
            } else {
                if (lowerCase.indexOf("http://docs.oasis-open.org/ws-sx/ws-trust/200512") <= -1) {
                    throw new SOAPException(" Error.  While attempting to determine STS token type.  Unexpected action URI='" + str + "'");
                }
                wSTContext.setTokenType(MBeanConstants.SCT_V13_TYPE);
            }
        }
    }

    private static void setTrustNamespace(WSTContext wSTContext, String str) throws SOAPException {
        if (LOGGER.isLoggable(Level.FINE)) {
            LOGGER.log(Level.FINE, " about to set trust ns for action='" + str.toLowerCase(Locale.ENGLISH) + "'");
        }
        String lowerCase = str.toLowerCase(Locale.ENGLISH);
        if (lowerCase.indexOf("http://schemas.xmlsoap.org/ws/2005/02/trust") > -1) {
            wSTContext.setWstNamespaceURI("http://schemas.xmlsoap.org/ws/2005/02/trust");
        } else {
            if (lowerCase.indexOf("http://docs.oasis-open.org/ws-sx/ws-trust/200512") <= -1) {
                throw new SOAPException(" Error.  While attempting to determine WS-Trust namespace.  Unexpected action URI='" + str + "'");
            }
            wSTContext.setWstNamespaceURI("http://docs.oasis-open.org/ws-sx/ws-trust/200512");
        }
    }
}
