package weblogic.wsee.security;

import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import javax.xml.rpc.handler.soap.SOAPMessageContext;
import javax.xml.soap.SOAPException;
import weblogic.kernel.KernelStatus;
import weblogic.security.SSL.TrustManager;
import weblogic.wsee.policy.framework.PolicyAlternative;
import weblogic.wsee.policy.framework.PolicyException;
import weblogic.wsee.security.bst.PolicyBSTCredentialProvider;
import weblogic.wsee.security.bst.StubPropertyBSTCredProv;
import weblogic.wsee.security.policy.SecurityPolicyAssertionHelper;
import weblogic.wsee.security.saml.SAML2CredentialProvider;
import weblogic.wsee.security.saml.SAMLCredentialProvider;
import weblogic.wsee.security.serviceref.ServiceRefBSTCredProv;
import weblogic.wsee.security.serviceref.ServiceRefTrustManager;
import weblogic.wsee.security.serviceref.ServiceRefUNTCredProv;
import weblogic.wsee.security.wss.SecurityPolicyDriver;
import weblogic.wsee.security.wss.SecurityPolicyException;
import weblogic.wsee.security.wss.SecurityPolicyValidator;
import weblogic.wsee.security.wssc.WSSCCredentialProviderFactory;
import weblogic.xml.crypto.api.MarshalException;
import weblogic.xml.crypto.encrypt.api.XMLEncryptionException;
import weblogic.xml.crypto.wss.WSSConstants;
import weblogic.xml.crypto.wss.WSSecurityContext;
import weblogic.xml.crypto.wss.WSSecurityException;
import weblogic.xml.crypto.wss.api.WSSecurityFactory;
import weblogic.xml.crypto.wss.provider.CredentialProvider;

/* loaded from: input_file:weblogic/wsee/security/WssClientHandler.class */
public class WssClientHandler extends WssHandler {
    private boolean autoReset;

    public WssClientHandler() {
        this.autoReset = true;
    }

    public WssClientHandler(boolean z) {
        this.autoReset = true;
        this.autoReset = z;
    }

    @Override // weblogic.wsee.security.WssHandler
    protected boolean processRequest(SOAPMessageContext sOAPMessageContext) throws SOAPException, SecurityPolicyException, PolicyException, WSSecurityException {
        PolicyAlternative requestPolicyAlternative = getRequestPolicyAlternative(sOAPMessageContext);
        processOutbound(requestPolicyAlternative, getResponsePolicyAlternative(sOAPMessageContext), getSecurityPolicyDriver(sOAPMessageContext, requestPolicyAlternative), sOAPMessageContext);
        if (!this.autoReset) {
            return true;
        }
        WSSecurityContext.getSecurityContext(sOAPMessageContext).reset();
        return true;
    }

    protected static void processOutbound(PolicyAlternative policyAlternative, PolicyAlternative policyAlternative2, SecurityPolicyDriver securityPolicyDriver, SOAPMessageContext sOAPMessageContext) throws PolicyException, WSSecurityException, SecurityPolicyException {
        if (policyAlternative == null && policyAlternative2 == null) {
            return;
        }
        try {
            securityPolicyDriver.processOutbound(policyAlternative, policyAlternative2, sOAPMessageContext);
        } catch (MarshalException e) {
            throw new WSSecurityException(e);
        } catch (XMLEncryptionException e2) {
            throw new WSSecurityException(e2);
        }
    }

    @Override // weblogic.wsee.security.WssHandler
    protected boolean processResponse(SOAPMessageContext sOAPMessageContext) throws PolicyException, SOAPException, SecurityPolicyException, WSSecurityException {
        copyEndpointAddress(sOAPMessageContext);
        processInbound(getResponsePolicyAlternative(sOAPMessageContext), getSecurityPolicyValidator(sOAPMessageContext), sOAPMessageContext);
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // weblogic.wsee.security.WssHandler
    public void fillCredentialProviders(SOAPMessageContext sOAPMessageContext, WSSecurityContext wSSecurityContext, PolicyAlternative policyAlternative) throws WSSecurityException {
        List serviceRefClientCredProvs;
        TrustManager trustManager = (TrustManager) sOAPMessageContext.getProperty(WSSecurityContext.TRUST_MANAGER);
        if (trustManager != null) {
            wSSecurityContext.setProperty(WSSecurityContext.TRUST_MANAGER, trustManager);
        } else if (KernelStatus.isServer()) {
            wSSecurityContext.setProperty(WSSecurityContext.TRUST_MANAGER, ServiceRefTrustManager.getInstance());
        }
        List list = (List) sOAPMessageContext.getProperty(WSSecurityContext.CREDENTIAL_PROVIDER_LIST);
        if (list != null) {
            wSSecurityContext.setCredentialProviders(list);
        }
        CredentialProvider stubPropCredProv = getStubPropCredProv(sOAPMessageContext);
        if (stubPropCredProv != null) {
            wSSecurityContext.addCredentialProvider(stubPropCredProv);
        }
        if (KernelStatus.isServer() && (serviceRefClientCredProvs = getServiceRefClientCredProvs()) != null) {
            wSSecurityContext.addCredentialProviders(serviceRefClientCredProvs);
        }
        if (stubPropCredProv == null) {
            wSSecurityContext.addCredentialProviders(getServerCredProvs(policyAlternative, wSSecurityContext));
        }
        addWSSCCredProviders(wSSecurityContext, policyAlternative);
    }

    private static void addWSSCCredProviders(WSSecurityContext wSSecurityContext, PolicyAlternative policyAlternative) {
        WSSCCredentialProviderFactory wSSCCredentialProviderFactory = WSSCCredentialProviderFactory.getInstance();
        for (String str : (String[]) SecurityPolicyAssertionHelper.getAllSupportedTokenTypes(policyAlternative).toArray(new String[0])) {
            CredentialProvider credentialProvider = wSSCCredentialProviderFactory.getCredentialProvider(str);
            if (credentialProvider != null) {
                wSSecurityContext.addCredentialProvider(credentialProvider);
            }
        }
    }

    private CredentialProvider getStubPropCredProv(SOAPMessageContext sOAPMessageContext) throws WSSecurityException {
        X509Certificate x509Certificate = (X509Certificate) sOAPMessageContext.getProperty("weblogic.wsee.security.bst.serverEncryptCert");
        X509Certificate x509Certificate2 = (X509Certificate) sOAPMessageContext.getProperty("weblogic.wsee.security.bst.serverVerifyCert");
        if (x509Certificate != null) {
            return new StubPropertyBSTCredProv(x509Certificate, x509Certificate2);
        }
        if (x509Certificate2 == null) {
            return null;
        }
        throw new WSSecurityException("Invalid to set server's verify certificate but no encryption certificate.");
    }

    private List getServiceRefClientCredProvs() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new ServiceRefUNTCredProv());
        arrayList.add(new ServiceRefBSTCredProv());
        arrayList.add(new SAMLCredentialProvider());
        arrayList.add(new SAML2CredentialProvider());
        return arrayList;
    }

    private List getServerCredProvs(PolicyAlternative policyAlternative, WSSecurityContext wSSecurityContext) throws WSSecurityException {
        try {
            PolicyBSTCredentialProvider policyBSTCredentialProvider = new PolicyBSTCredentialProvider(policyAlternative, wSSecurityContext);
            ArrayList arrayList = new ArrayList();
            arrayList.add(policyBSTCredentialProvider);
            return arrayList;
        } catch (Exception e) {
            throw new WSSecurityException("Failed to setup server side credential provider: " + e.getMessage(), e);
        }
    }

    protected void processInbound(PolicyAlternative policyAlternative, SecurityPolicyValidator securityPolicyValidator, SOAPMessageContext sOAPMessageContext) throws WSSecurityException, SOAPException, SecurityPolicyException, PolicyException {
        try {
            if (hasSecurityHeader(sOAPMessageContext)) {
                setupSecurityContext(sOAPMessageContext, null);
                WSSecurityFactory.getInstance();
                WSSecurityFactory.unmarshalAndProcessSecurity(sOAPMessageContext);
            }
            if (policyAlternative != null) {
                securityPolicyValidator.processInbound(policyAlternative, sOAPMessageContext);
            }
        } catch (MarshalException e) {
            throw new WSSecurityException(e, WSSConstants.FAILURE_INVALID);
        } catch (XMLEncryptionException e2) {
            throw new WSSecurityException(e2, WSSConstants.FAILURE_VERIFY_OR_DECRYPT);
        } catch (weblogic.xml.dom.marshal.MarshalException e3) {
            throw new WSSecurityException((Exception) e3, WSSConstants.FAILURE_INVALID);
        }
    }
}
