package com.ibm.ws.wssecurity.handler;

import com.ibm.ws.wssecurity.config.WSSGeneratorConfig;
import com.ibm.ws.wssecurity.core.WSSGenerator;
import com.ibm.ws.wssecurity.platform.auth.WSSContextManager;
import com.ibm.ws.wssecurity.platform.auth.WSSContextManagerFactory;
import com.ibm.ws.wssecurity.util.Axis2Util;
import com.ibm.ws.wssecurity.util.CommonLogUtils;
import com.ibm.ws.wssecurity.util.Tr;
import com.ibm.ws.wssecurity.util.TraceComponent;
import com.ibm.ws.wssecurity.util.WSSecurityContextUtilFactory;
import com.ibm.ws.wssecurity.util.WSSecurityFactoryBuilder;
import com.ibm.ws.wssecurity.wssapi.token.impl.TokenFactory;
import com.ibm.ws.wssecurity.wssapi.token.impl.TokenFactoryFactory;
import com.ibm.ws.wssecurity.wssapi.token.impl.UsernameTokenImpl;
import com.ibm.ws.wssecurity.xml.xss4j.domutil.DOMUtil;
import com.ibm.wsspi.wssecurity.core.SoapSecurityException;
import java.security.AccessController;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import javax.security.auth.Subject;
import javax.xml.namespace.QName;
import org.apache.axiom.om.OMDocument;
import org.apache.axis2.AxisFault;
import org.apache.axis2.context.MessageContext;

/* loaded from: input_file:com/ibm/ws/wssecurity/handler/WSSecurityGeneratorBase.class */
public class WSSecurityGeneratorBase extends WSSGenerator {
    private static final String comp = "security.wssecurity";
    private final ThreadLocal _threadStore = new ThreadLocal();
    private boolean _initialized = false;
    private static final TraceComponent tc = Tr.register(WSSecurityGeneratorBase.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.wssmessages");
    private static final String clsName = WSSecurityGeneratorBase.class.getName();
    private static Map _globalObjectCache = new HashMap();
    private static String _factoryKey = (String) WSSecurityFactoryBuilder.getImplClassName("com.ibm.ws.wssecurity.platform.UsernameToken");
    private static TokenFactory _UNTtokenFactory = TokenFactoryFactory.getTokenFactory(_factoryKey);

    public void init() throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "init()");
        }
        if (!this._initialized) {
            super.init(new HashMap());
            this._initialized = true;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "init()");
        }
    }

    /* JADX WARN: Type inference failed for: r0v19, types: [java.lang.Throwable, org.apache.axis2.AxisFault] */
    public void invoke(MessageContext messageContext, WSSGeneratorConfig wSSGeneratorConfig) throws AxisFault {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "invoke(MessageContext mcontext[" + messageContext + "],WSSGeneratorConfig config[" + wSSGeneratorConfig + "])");
        }
        try {
            boolean isServiceProvider = Axis2Util.isServiceProvider(messageContext);
            HashMap hashMap = new HashMap(50);
            WSSecurityContextUtilFactory.getInstance().putContext(hashMap);
            hashMap.put(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_MESSAGE_CONTEXT, messageContext);
            hashMap.put("com.ibm.wsspi.wssecurity.config.wssGenerator.configKey", wSSGeneratorConfig);
            try {
                try {
                    super.invoke(null, null, hashMap);
                    if (tc.isDebugEnabled()) {
                        OMDocument ownerDocument = DOMUtil.getOwnerDocument(messageContext.getEnvelope());
                        if (ownerDocument != null) {
                            Tr.debug(tc, "The message processed by: " + (isServiceProvider ? "server side" : "client side") + " " + getClass().getName() + " : ");
                            CommonLogUtils.logDebug(ownerDocument.getOMDocumentElement(), tc);
                        } else {
                            Tr.debug(tc, "No SOAPEnvelope found!");
                        }
                    }
                    WSSecurityContextUtilFactory.getInstance().removeContext();
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "invoke(MessageContext mcontext,WSSGeneratorConfig config)");
                    }
                } catch (SoapSecurityException e) {
                    Tr.processException(e, clsName + ".invoke", "111", this);
                    Tr.error(tc, "security.wssecurity.WSSConsumer.s23", e);
                    ?? makeFault = AxisFault.makeFault(e);
                    if (!isServiceProvider) {
                        makeFault.setFaultCode(new QName(com.ibm.ws.wssecurity.common.Constants.NS_SOAP, "Client.securityException"));
                    } else if (e.getFaultCode() != null) {
                        makeFault.setFaultCode(e.getFaultCode());
                    } else {
                        makeFault.setFaultCode(new QName(com.ibm.ws.wssecurity.common.Constants.NS_SOAP, "Server.securityException"));
                    }
                    throw makeFault;
                }
            } catch (Throwable th) {
                WSSecurityContextUtilFactory.getInstance().removeContext();
                throw th;
            }
        } catch (Exception e2) {
            throw AxisFault.makeFault(e2);
        }
    }

    @Override // com.ibm.ws.wssecurity.core.WSSGenerator
    public void retrieveCachedInformation(MessageContext messageContext) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "retrieveCachedInformation(MessageContext context)");
        }
        final String initialSenderId = getInitialSenderId(messageContext);
        if (initialSenderId != null && initialSenderId.length() > 0) {
            UsernameTokenImpl usernameTokenImpl = (UsernameTokenImpl) AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.wssecurity.handler.WSSecurityGeneratorBase.1
                @Override // java.security.PrivilegedAction
                public Object run() {
                    UsernameTokenImpl usernameTokenImpl2 = (UsernameTokenImpl) WSSecurityGeneratorBase._UNTtokenFactory.getToken(true);
                    usernameTokenImpl2.setUsername(initialSenderId);
                    return usernameTokenImpl2;
                }
            });
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Retrieved identifier of initial sender found [" + usernameTokenImpl + "].");
            }
            messageContext.setProperty(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_INITIAL_SENDER_ID, usernameTokenImpl);
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Retrieved identifier of initial sender not found.");
        }
        X509Certificate initialSenderCert = getInitialSenderCert(messageContext);
        if (initialSenderCert != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Retrieved cert of initial sender found [" + initialSenderCert + "].");
            }
            messageContext.setProperty(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_INITIAL_SENDER_CERT, initialSenderCert);
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Retrieved cert of initial sender not found.");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "retrieveCachedInformation(MessageContext context)");
        }
    }

    protected Object getObject(Object obj) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getObject(Object key[" + obj + "])");
        }
        Object obj2 = null;
        if (obj != null) {
            obj2 = getThreadStore().get(obj);
            if (obj2 == null) {
                synchronized (_globalObjectCache) {
                    obj2 = _globalObjectCache.get(obj);
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getObject(Object key) " + (obj2 == null ? "not found" : "found"));
        }
        return obj2;
    }

    private Map getThreadStore() {
        Map map = (Map) this._threadStore.get();
        if (map == null) {
            map = new HashMap();
            this._threadStore.set(map);
        }
        return map;
    }

    private String getInitialSenderId(MessageContext messageContext) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getInitialSenderId()");
        }
        WSSContextManager wSSContextManagerFactory = WSSContextManagerFactory.getInstance();
        Subject subject = null;
        if (wSSContextManagerFactory != null) {
            subject = (Subject) wSSContextManagerFactory.get(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_INITIAL_SENDER_ID);
        }
        String str = null;
        if (subject != null) {
            Iterator<Principal> it = subject.getPrincipals().iterator();
            if (it.hasNext()) {
                str = it.next().getName();
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getInitialSenderId() returns String[" + str + "]");
        }
        return str;
    }

    private X509Certificate getInitialSenderCert(MessageContext messageContext) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getInitialSenderCert()");
        }
        WSSContextManager wSSContextManagerFactory = WSSContextManagerFactory.getInstance();
        if (wSSContextManagerFactory == null) {
            Tr.error(tc, "security.wssecurity.ctxmgr.isnull");
            throw SoapSecurityException.format("security.wssecurity.ctxmgr.isnull");
        }
        X509Certificate x509Certificate = (X509Certificate) wSSContextManagerFactory.get(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_INITIAL_SENDER_CERT);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Initial Sender Cert", x509Certificate);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getInitialSenderCert() returns X509Certificate[" + x509Certificate + "]");
        }
        return x509Certificate;
    }
}
