package weblogic.wsee.security.wst.internal;

import javax.servlet.http.HttpServletRequest;
import javax.xml.rpc.handler.soap.SOAPMessageContext;
import weblogic.wsee.connection.transport.servlet.HttpTransportUtils;
import weblogic.wsee.policy.framework.NormalizedExpression;
import weblogic.wsee.policy.framework.PolicyException;
import weblogic.wsee.policy.framework.PolicyMath;
import weblogic.wsee.policy.runtime.PolicyContext;
import weblogic.wsee.security.policy.WssPolicyContext;
import weblogic.wsee.security.policy.WssPolicyUtils;

/* loaded from: input_file:weblogic/wsee/security/wst/internal/STSPolicyHandler.class */
public class STSPolicyHandler extends WSTServerHandler {
    private static final String DEFAULT_BOOTSTRAP_POLICY = "SecurityTokenService.xml";
    private static final String INCLUDE_SCT_POLICY = "AddSctToken.xml";
    private static final String SCT_CANCEL = "/SCT/Cancel";
    private static final String SCT_RENEW = "/SCT/Renew";

    @Override // weblogic.wsee.security.wst.internal.WSTServerHandler
    public boolean handleTrustRequest(SOAPMessageContext sOAPMessageContext, String str) {
        NormalizedExpression createUnitializedExpression = NormalizedExpression.createUnitializedExpression();
        NormalizedExpression normalizedExpression = createUnitializedExpression;
        NormalizedExpression normalizedExpression2 = createUnitializedExpression;
        if (!isTransportSecure(sOAPMessageContext)) {
            NormalizedExpression policy = getPolicy(sOAPMessageContext, DEFAULT_BOOTSTRAP_POLICY);
            normalizedExpression2 = PolicyMath.merge(normalizedExpression2, policy);
            normalizedExpression = PolicyMath.merge(normalizedExpression, policy);
        }
        sOAPMessageContext.setProperty(PolicyContext.EFFECTIVE_REQ_POLICY, normalizedExpression2);
        sOAPMessageContext.setProperty(PolicyContext.EFFECTIVE_RES_POLICY, normalizedExpression);
        return true;
    }

    private static boolean isTransportSecure(SOAPMessageContext sOAPMessageContext) {
        HttpServletRequest httpServletRequest = HttpTransportUtils.getHttpServletRequest(sOAPMessageContext);
        if (httpServletRequest != null) {
            return httpServletRequest.isSecure();
        }
        return false;
    }

    private static NormalizedExpression getPolicy(SOAPMessageContext sOAPMessageContext, String str) {
        try {
            return WssPolicyUtils.getPolicy((WssPolicyContext) sOAPMessageContext.getProperty(WssPolicyContext.WSS_POLICY_CTX_PROP), str);
        } catch (PolicyException e) {
            return NormalizedExpression.createUnitializedExpression();
        }
    }
}
