package weblogic.wsee.security.wst.helpers;

import com.oracle.webservices.oracle_internal_api.interceptors.Stub;
import java.io.IOException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.xml.rpc.JAXRPCException;
import javax.xml.rpc.handler.MessageContext;
import javax.xml.soap.Detail;
import javax.xml.soap.MimeHeaders;
import javax.xml.soap.SOAPBody;
import javax.xml.soap.SOAPEnvelope;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPFault;
import javax.xml.soap.SOAPMessage;
import org.w3c.dom.Node;
import weblogic.wsee.addressing.ClientAddressingHandler;
import weblogic.wsee.connection.Connection;
import weblogic.wsee.connection.ConnectionFactory;
import weblogic.wsee.connection.soap.SoapClientConnection;
import weblogic.wsee.connection.transport.TransportInfo;
import weblogic.wsee.connection.transport.https.SSLAdapter;
import weblogic.wsee.jaxrpc.WLStub;
import weblogic.wsee.jaxws.framework.jaxrpc.SOAPMessageContext;
import weblogic.wsee.message.WlMessageContext;
import weblogic.wsee.message.soap.SoapMessageContext;
import weblogic.wsee.policy.framework.NormalizedExpression;
import weblogic.wsee.policy.framework.PolicyException;
import weblogic.wsee.policy.runtime.PolicyContext;
import weblogic.wsee.policy.runtime.PolicyServer;
import weblogic.wsee.security.WSEESecurityConstants;
import weblogic.wsee.security.bst.StubPropertyBSTCredProv;
import weblogic.wsee.security.policy.WssPolicyContext;
import weblogic.wsee.security.policy.assertions.SecurityPolicyAssertionFactory;
import weblogic.wsee.security.wssc.base.sct.SCCredentialProactiveRequestor;
import weblogic.wsee.security.wssc.utils.WSSCCompatibilityUtil;
import weblogic.wsee.security.wssp.handlers.WssClientHandler;
import weblogic.wsee.security.wst.faults.InvalidRequestException;
import weblogic.wsee.security.wst.faults.RequestFailedException;
import weblogic.wsee.security.wst.faults.WSTFaultUtil;
import weblogic.wsee.security.wst.framework.WSTConstants;
import weblogic.wsee.security.wst.framework.WSTContext;
import weblogic.wsee.security.wst.framework.async.AsyncTrustClient;
import weblogic.wsee.security.wst.framework.async.AsyncTrustClientHelper;
import weblogic.wsee.util.GenericConstants;
import weblogic.wsee.util.WLMessageFactory;
import weblogic.wsee.ws.dispatch.Dispatcher;
import weblogic.xml.crypto.utils.DOMUtils;
import weblogic.xml.crypto.wss.WSSecurityContext;
import weblogic.xml.crypto.wss11.internal.WSS11Context;

/* loaded from: input_file:weblogic/wsee/security/wst/helpers/SOAPHelper.class */
public class SOAPHelper {
    private static final Logger LOGGER;
    private static final String SCT_CANCEL = "/SCT/Cancel";
    private static final String SCT_RENEW = "/SCT/Renew";
    private static final boolean DEBUG = false;
    static final /* synthetic */ boolean $assertionsDisabled;

    public static SoapMessageContext createEmptyRSTBaseMsgContext(boolean z) throws SOAPException {
        SOAPMessage createMessage = WLMessageFactory.getInstance().getMessageFactory(z).createMessage();
        SoapMessageContext soapMessageContext = new SoapMessageContext(z);
        soapMessageContext.setMessage(createMessage);
        return soapMessageContext;
    }

    public static SoapMessageContext createRSTBaseMsgContext(Node node, WSTContext wSTContext) throws SOAPException {
        return createRSTBaseMsgContext(node, wSTContext, createEmptyRSTBaseMsgContext(((SoapMessageContext) wSTContext.getMessageContext()).isSoap12()));
    }

    public static SoapMessageContext createRSTBaseMsgContext(Node node, WSTContext wSTContext, SoapMessageContext soapMessageContext) throws SOAPException {
        if (!$assertionsDisabled && soapMessageContext == null) {
            throw new AssertionError();
        }
        SOAPMessage message = soapMessageContext.getMessage();
        declareNamespacesToSOAPEnv(message.getSOAPPart().getEnvelope(), wSTContext);
        SOAPBody sOAPBody = message.getSOAPBody();
        sOAPBody.appendChild(sOAPBody.getOwnerDocument().importNode(node, true));
        return soapMessageContext;
    }

    public static void updateCookies(MessageContext messageContext, SoapMessageContext soapMessageContext) {
        Map map;
        MimeHeaders mimeHeaders;
        if (!((Boolean) soapMessageContext.getProperty(Stub.SESSION_MAINTAIN_PROPERTY)).booleanValue() || (map = (Map) soapMessageContext.getProperty(WLStub.INVOKE_PROPERTIES)) == null || (mimeHeaders = (MimeHeaders) map.get("weblogic.wsee.transport.headers")) == null) {
            return;
        }
        messageContext.setProperty("weblogic.wsee.transport.headers", mimeHeaders);
        Map map2 = (Map) messageContext.getProperty(WLStub.INVOKE_PROPERTIES);
        if (map2 != null) {
            map2.put("weblogic.wsee.transport.headers", mimeHeaders);
        }
    }

    public static void initTrustMsgCtxProperties(WSTContext wSTContext, SoapMessageContext soapMessageContext) {
        boolean endsWith;
        Object bootstrapPolicy;
        MessageContext messageContext = wSTContext.getMessageContext();
        soapMessageContext.setProperty(WLStub.COMPLEX, "true");
        String action = wSTContext.getAction();
        if (action == null) {
            WSTFaultUtil.raiseFault(new InvalidRequestException("Action must be set in WSTContext"));
        }
        soapMessageContext.setProperty("weblogic.wsee.addressing.Action", action);
        soapMessageContext.setProperty(Stub.ENDPOINT_ADDRESS_PROPERTY, wSTContext.getStsUri());
        soapMessageContext.setProperty("weblogic.wsee.addressing.From", messageContext.getProperty("weblogic.wsee.addressing.From"));
        if (messageContext.containsProperty("weblogic.wsee.addressing.version")) {
            soapMessageContext.setProperty("weblogic.wsee.addressing.version", messageContext.getProperty("weblogic.wsee.addressing.version"));
        }
        String str = (String) messageContext.getProperty(WLStub.POLICY_COMPATIBILITY_PREFERENCE);
        if (str != null && !"".equals(str)) {
            soapMessageContext.setProperty(WLStub.POLICY_COMPATIBILITY_PREFERENCE, str);
        }
        if (messageContext.getProperty(WSEESecurityConstants.TRUST_CLAIM) != null) {
            bootstrapPolicy = wSTContext.getBootstrapPolicy();
            if (bootstrapPolicy == null) {
                throw new IllegalArgumentException("Missing STS Trust Policy");
            }
        } else {
            switch (WSSCCompatibilityUtil.getWSSCVersion(str)) {
                case 1:
                    endsWith = false;
                    break;
                case 2:
                    endsWith = action.endsWith(SCT_CANCEL) || action.endsWith(SCT_RENEW);
                    break;
                case 3:
                default:
                    endsWith = action.endsWith(SCT_CANCEL);
                    break;
            }
            if (endsWith) {
                bootstrapPolicy = wSTContext.getOuterPolicy();
                if (bootstrapPolicy == null) {
                    bootstrapPolicy = wSTContext.getBootstrapPolicy();
                }
            } else {
                bootstrapPolicy = wSTContext.getBootstrapPolicy();
            }
        }
        if (bootstrapPolicy != null) {
            soapMessageContext.setProperty(PolicyContext.EFFECTIVE_REQ_POLICY, bootstrapPolicy);
            soapMessageContext.setProperty(PolicyContext.EFFECTIVE_RES_POLICY, bootstrapPolicy);
        }
        soapMessageContext.setProperty(WssPolicyContext.WSS_POLICY_CTX_PROP, (WssPolicyContext) messageContext.getProperty(WssPolicyContext.WSS_POLICY_CTX_PROP));
        soapMessageContext.setProperty("weblogic.wsee.security.wst_bootstrap_policy", messageContext.getProperty("weblogic.wsee.security.wst_bootstrap_policy"));
        soapMessageContext.setProperty("weblogic.wsee.wst.sts_endpoint_uri", null);
        soapMessageContext.setProperty("weblogic.wsee.wst.saml.sts_endpoint_uri", messageContext.getProperty("weblogic.wsee.wst.saml.sts_endpoint_uri"));
        soapMessageContext.setProperty(WLStub.STS_ENCRYPT_CERT, messageContext.getProperty(WLStub.STS_ENCRYPT_CERT));
        soapMessageContext.setProperty(WSEESecurityConstants.TRUST_SOAP_VERSION, messageContext.getProperty(WSEESecurityConstants.TRUST_SOAP_VERSION));
        soapMessageContext.setProperty(WSEESecurityConstants.ON_BEHALF_OF_USER, messageContext.getProperty(WSEESecurityConstants.ON_BEHALF_OF_USER));
        if (LOGGER.isLoggable(Level.FINE)) {
            LOGGER.log(Level.FINE, "weblogic.wsee.security.wst_act_asfor ActAs in WS-Trust is  =" + messageContext.getProperty(WSEESecurityConstants.ACT_AS));
        }
        soapMessageContext.setProperty(WSEESecurityConstants.ACT_AS, messageContext.getProperty(WSEESecurityConstants.ACT_AS));
        soapMessageContext.setProperty("weblogic.wsee.security.trust_version", messageContext.getProperty("weblogic.wsee.security.trust_version"));
        WSSecurityContext createWSSecurityContext = createWSSecurityContext(soapMessageContext, wSTContext.isWssp());
        boolean isWsscTokenType = TrustTokenHelper.isWsscTokenType(wSTContext.getTokenType());
        Object property = messageContext.getProperty(WlMessageContext.WSS_MESSAGE_AGE);
        Long l = null;
        if (isWsscTokenType) {
            l = (Long) messageContext.getProperty("weblogic.wsee.wssc.sct.lifetime");
            if (null == l) {
                if (null != property && (property instanceof Integer)) {
                    l = Long.valueOf(WSTConstants.DEFAULT_SCT_TOKEN_LIFE_TIME);
                    if (LOGGER.isLoggable(Level.FINE)) {
                        LOGGER.log(Level.FINE, "SCT lifetime value set to default =" + l);
                    }
                }
            } else if (LOGGER.isLoggable(Level.FINE)) {
                LOGGER.log(Level.FINE, "SCT lifetime value set with SCT_LIFETIME_PROPERTY of " + l);
            }
        } else if (null != property && (property instanceof Integer)) {
            l = Long.valueOf(((Integer) property).intValue() * 1000);
        }
        if (null != l) {
            wSTContext.setLifetimePeriod(l.longValue());
            if (LOGGER.isLoggable(Level.FINE)) {
                LOGGER.log(Level.FINE, "WST lifetime period = " + wSTContext.getLifetimePeriod());
            }
        }
        if (null != property && (property instanceof Integer)) {
            soapMessageContext.setProperty(WlMessageContext.WSS_MESSAGE_AGE, property);
            if (LOGGER.isLoggable(Level.FINE)) {
                LOGGER.log(Level.FINE, "Trust WSS_MESSAGE_AGE = " + property);
            }
        }
        initSecurityContext(messageContext, soapMessageContext, createWSSecurityContext, isWsscTokenType);
        Object property2 = messageContext.getProperty(Stub.SESSION_MAINTAIN_PROPERTY);
        boolean z = true;
        if (property2 != null && (property2 instanceof Boolean)) {
            z = ((Boolean) property2).booleanValue();
        }
        if (z) {
            soapMessageContext.setProperty(Stub.SESSION_MAINTAIN_PROPERTY, new Boolean(true));
        } else {
            soapMessageContext.setProperty(Stub.SESSION_MAINTAIN_PROPERTY, new Boolean(false));
        }
        Object obj = (String) messageContext.getProperty(WLStub.JMS_TRANSPORT_JNDI_URL);
        if (obj != null) {
            soapMessageContext.setProperty(WLStub.JMS_TRANSPORT_JNDI_URL, obj);
        }
        Object obj2 = (String) messageContext.getProperty("javax.xml.rpc.security.auth.username");
        if (obj2 != null) {
            soapMessageContext.setProperty("javax.xml.rpc.security.auth.username", obj2);
        }
        Object obj3 = (String) messageContext.getProperty("javax.xml.rpc.security.auth.password");
        if (obj3 != null) {
            soapMessageContext.setProperty("javax.xml.rpc.security.auth.password", obj3);
        }
        Object obj4 = (String) messageContext.getProperty(WLStub.JMS_TRANSPORT_MESSAGE_TYPE);
        if (obj4 != null) {
            soapMessageContext.setProperty(WLStub.JMS_TRANSPORT_MESSAGE_TYPE, obj4);
        }
        Object obj5 = (TransportInfo) messageContext.getProperty(WSEESecurityConstants.TRANSPORT_INFO);
        Object obj6 = (SSLAdapter) messageContext.getProperty(WSEESecurityConstants.SSL_ADAPTER);
        if (obj5 != null) {
            soapMessageContext.setProperty(SoapClientConnection.TRANSPORT_INFO_PROPERTY, obj5);
        }
        if (obj6 != null) {
            soapMessageContext.setProperty(WLStub.SSL_ADAPTER, obj6);
        }
        Object obj7 = (SCCredentialProactiveRequestor) messageContext.getProperty(SCCredentialProactiveRequestor.SC_CREDENTIAL_PROACTIVE_REQUESTOR);
        if (obj7 != null) {
            soapMessageContext.setProperty(SCCredentialProactiveRequestor.SC_CREDENTIAL_PROACTIVE_REQUESTOR, obj7);
        }
        Object property3 = messageContext.getProperty(SOAPMessageContext.ASYNC_CLIENT_FEATURE);
        if (property3 != null) {
            soapMessageContext.setProperty(SOAPMessageContext.ASYNC_CLIENT_FEATURE, property3);
        }
        Object obj8 = (String) messageContext.getProperty(SOAPMessageContext.JAX_WS_RUNTIME);
        if (obj8 != null) {
            soapMessageContext.setProperty(SOAPMessageContext.JAX_WS_RUNTIME, obj8);
        }
        Object property4 = messageContext.getProperty(SOAPMessageContext.SERVICE);
        if (property4 != null) {
            soapMessageContext.setProperty(SOAPMessageContext.SERVICE, property4);
        }
        try {
            Dispatcher dispatcher = WlMessageContext.narrow(messageContext).getDispatcher();
            if (dispatcher != null) {
                soapMessageContext.setDispatcher(dispatcher);
            }
        } catch (IllegalArgumentException e) {
        }
        soapMessageContext.setProperty("weblogic.wsee.security.wst.Wss11Runtime", Boolean.valueOf(wSTContext.isWssp()));
        Object obj9 = (String) messageContext.getProperty(WLStub.ENFORCE_ASYNC_TRUST_EXCHANGE);
        if (obj9 != null) {
            soapMessageContext.setProperty(WLStub.ENFORCE_ASYNC_TRUST_EXCHANGE, obj9);
        }
        Object obj10 = (String) messageContext.getProperty(Stub.ENDPOINT_ADDRESS_PROPERTY);
        if (obj10 != null) {
            soapMessageContext.setProperty("weblogic.wsee.security.wst.originalTargetEndpointAddress", obj10);
        }
    }

    private static void handleFault(SoapMessageContext soapMessageContext) {
        Throwable fault = soapMessageContext.getFault();
        if (fault != null) {
            throw new JAXRPCException(fault);
        }
    }

    public static void invokeWsspHandler(SoapMessageContext soapMessageContext, String str, String str2) throws IOException {
        invokeWsspHandler(soapMessageContext, str, str2, false);
    }

    public static void invokeWsspHandler(SoapMessageContext soapMessageContext, String str, String str2, boolean z) throws IOException {
        if (AsyncTrustClientHelper.isAsyncTrustRequired(soapMessageContext)) {
            AsyncTrustClient.process(soapMessageContext, str, str2, z);
            return;
        }
        ClientAddressingHandler clientAddressingHandler = new ClientAddressingHandler();
        if (!clientAddressingHandler.handleRequest(soapMessageContext)) {
            handleFault(soapMessageContext);
        }
        WssClientHandler wssClientHandler = null;
        if (z) {
            wssClientHandler = new WssClientHandler();
            if (!wssClientHandler.handleRequest(soapMessageContext)) {
                handleFault(soapMessageContext);
            }
        }
        Connection createClientConnection = ConnectionFactory.instance().createClientConnection(str, str2);
        createClientConnection.send(soapMessageContext);
        createClientConnection.receive(soapMessageContext);
        if (z && !wssClientHandler.handleResponse(soapMessageContext)) {
            handleFault(soapMessageContext);
        }
        if (clientAddressingHandler.handleResponse(soapMessageContext)) {
            return;
        }
        handleFault(soapMessageContext);
    }

    public static void invokeHandlers(SoapMessageContext soapMessageContext, String str, String str2) throws IOException {
        ClientAddressingHandler clientAddressingHandler = new ClientAddressingHandler();
        if (!clientAddressingHandler.handleRequest(soapMessageContext)) {
            handleFault(soapMessageContext);
        }
        weblogic.wsee.security.WssClientHandler wssClientHandler = new weblogic.wsee.security.WssClientHandler();
        boolean hasSecurityPolicy = SecurityPolicyAssertionFactory.hasSecurityPolicy((NormalizedExpression) soapMessageContext.getProperty(PolicyContext.EFFECTIVE_REQ_POLICY));
        if (!hasSecurityPolicy) {
            str = GenericConstants.HTTPS_PROTOCOL;
        } else if (!wssClientHandler.handleRequest(soapMessageContext)) {
            handleFault(soapMessageContext);
        }
        Connection createClientConnection = ConnectionFactory.instance().createClientConnection(str, str2);
        createClientConnection.send(soapMessageContext);
        createClientConnection.receive(soapMessageContext);
        if (hasSecurityPolicy && !wssClientHandler.handleResponse(soapMessageContext)) {
            handleFault(soapMessageContext);
        }
        if (clientAddressingHandler.handleResponse(soapMessageContext)) {
            return;
        }
        handleFault(soapMessageContext);
    }

    public static Node getRSTBaseNode(SOAPMessage sOAPMessage) throws RequestFailedException {
        try {
            SOAPBody sOAPBody = sOAPMessage.getSOAPBody();
            SOAPFault fault = sOAPBody.getFault();
            if (fault != null) {
                throw new RequestFailedException(getFaultMessage(fault));
            }
            Node firstChild = sOAPBody.getFirstChild();
            while (true) {
                Node node = firstChild;
                if (node == null) {
                    throw new RequestFailedException("SOAP Body does not contain any elements");
                }
                if (node.getNodeType() == 1) {
                    return node;
                }
                firstChild = node.getNextSibling();
            }
        } catch (SOAPException e) {
            throw new RequestFailedException(e.getMessage());
        }
    }

    private static void declareNamespacesToSOAPEnv(SOAPEnvelope sOAPEnvelope, WSTContext wSTContext) {
        for (Map.Entry<String, String> entry : wSTContext.getNamespaces().entrySet()) {
            DOMUtils.declareNamespace(sOAPEnvelope, entry.getKey(), entry.getValue());
        }
    }

    private static String getFaultMessage(SOAPFault sOAPFault) {
        Detail detail = sOAPFault.getDetail();
        if (detail == null) {
            return "";
        }
        String obj = detail.toString();
        Node firstChild = detail.getFirstChild();
        while (true) {
            Node node = firstChild;
            if (node == null) {
                return obj;
            }
            if (node.getNodeType() == 3) {
                obj = node.getNodeValue();
            }
            firstChild = node.getNextSibling();
        }
    }

    public static void insertTokenToTrustMessage(MessageContext messageContext, NormalizedExpression normalizedExpression) {
        NormalizedExpression normalizedExpression2 = (NormalizedExpression) messageContext.getProperty(PolicyContext.EFFECTIVE_REQ_POLICY);
        if (normalizedExpression != null) {
            messageContext.setProperty(PolicyContext.EFFECTIVE_REQ_POLICY, normalizedExpression);
            if (WSTContext.getWSTContext(messageContext).isWssp()) {
                new weblogic.wsee.security.WssClientHandler().handleRequest(messageContext);
            } else {
                new weblogic.wsee.security.WssClientHandler(false).handleRequest(messageContext);
            }
        }
        messageContext.setProperty(PolicyContext.EFFECTIVE_REQ_POLICY, normalizedExpression2);
    }

    public static void insertTokenToTrustMessage(MessageContext messageContext, String str) {
        try {
            insertTokenToTrustMessage(messageContext, new PolicyServer().getPolicy(str).normalize());
        } catch (PolicyException e) {
            throw new IllegalArgumentException("Fatal Error.  Unable to load policy '" + str + "'");
        }
    }

    private static void initSecurityContext(MessageContext messageContext, SoapMessageContext soapMessageContext, WSSecurityContext wSSecurityContext, boolean z) {
        List list;
        Object property;
        Map credentialProviders = WSSecurityContext.getCredentialProviders(messageContext);
        if (credentialProviders == null || credentialProviders.size() == 0) {
            list = (List) messageContext.getProperty(WSSecurityContext.CREDENTIAL_PROVIDER_LIST);
        } else {
            list = new ArrayList();
            Iterator it = credentialProviders.entrySet().iterator();
            while (it.hasNext()) {
                list.add(((Map.Entry) it.next()).getValue());
            }
        }
        if (z) {
            property = messageContext.getProperty("weblogic.wsee.security.bst.serverEncryptCert");
        } else {
            property = messageContext.getProperty(WLStub.STS_ENCRYPT_CERT);
            if (null == property) {
                property = messageContext.getProperty("weblogic.wsee.security.bst.serverEncryptCert");
                if (null != property && LOGGER.isLoggable(Level.FINE)) {
                    LOGGER.log(Level.FINE, "weblogic.wsee.security.bst.serverEncryptCert is  used for the STS Server Certificate");
                }
            } else if (LOGGER.isLoggable(Level.FINE)) {
                LOGGER.log(Level.FINE, "weblogic.wsee.security.bst.stsEncryptCert is  used for the STS Server Certificate");
            }
        }
        if (property != null) {
            soapMessageContext.setProperty("weblogic.wsee.security.bst.serverEncryptCert", property);
            if (LOGGER.isLoggable(Level.FINE)) {
                LOGGER.log(Level.FINE, "The Server Encypt Certificate in Trust Msg Ctx is " + property.toString());
            }
            if (list != null && !list.isEmpty()) {
                list = CredentialProviderHelper.replaceCredentialProviderWithNewCert(list, (X509Certificate) property);
            } else if (messageContext.getProperty(WLStub.STS_ENCRYPT_CERT) != null) {
                list = new ArrayList();
                list.add(new StubPropertyBSTCredProv((X509Certificate) property, null));
                if (LOGGER.isLoggable(Level.FINE)) {
                    LOGGER.log(Level.FINE, "New StubPropertyBSTCredProv is added with Server Cert");
                }
            }
        }
        if (list != null) {
            soapMessageContext.setProperty(WSSecurityContext.CREDENTIAL_PROVIDER_LIST, list);
            wSSecurityContext.addCredentialProviders(list);
            soapMessageContext.setProperty(WSSecurityContext.WS_SECURITY_CONTEXT, wSSecurityContext);
        }
        Object property2 = messageContext.getProperty("weblogic.wsee.security.bst.serverVerifyCert");
        if (property2 != null) {
            soapMessageContext.setProperty("weblogic.wsee.security.bst.serverVerifyCert", property2);
        }
        Object property3 = messageContext.getProperty(WSSecurityContext.TRUST_MANAGER);
        if (property3 != null) {
            soapMessageContext.setProperty(WSSecurityContext.TRUST_MANAGER, property3);
        }
    }

    private static WSSecurityContext createWSSecurityContext(SoapMessageContext soapMessageContext, boolean z) {
        try {
            return z ? new WSS11Context(soapMessageContext.getMessage().getSOAPHeader(), null, null, null) : new WSSecurityContext(soapMessageContext);
        } catch (SOAPException e) {
            WSTFaultUtil.raiseFault(new InvalidRequestException("Failed to create WSSecurityContext in trust."));
            return null;
        }
    }

    static {
        $assertionsDisabled = !SOAPHelper.class.desiredAssertionStatus();
        LOGGER = Logger.getLogger(SOAPHelper.class.getName());
    }
}
