package com.ibm.ws.wssecurity.handler;

import com.ibm.websphere.wssecurity.wssapi.WSSConsumingContext;
import com.ibm.websphere.wssecurity.wssapi.WSSException;
import com.ibm.ws.policyset.runtime.PolicySetConfiguration;
import com.ibm.ws.wssecurity.common.SCAndTrustConstants;
import com.ibm.ws.wssecurity.config.WSSGeneratorConfig;
import com.ibm.ws.wssecurity.confimpl.PrivateGeneratorConfig;
import com.ibm.ws.wssecurity.platform.auth.WSSContext;
import com.ibm.ws.wssecurity.platform.auth.WSSContextFactory;
import com.ibm.ws.wssecurity.platform.auth.WSSContextManagerFactory;
import com.ibm.ws.wssecurity.trust.server.sts.Util.STSPolicySetUtil;
import com.ibm.ws.wssecurity.util.Axis2Util;
import com.ibm.ws.wssecurity.util.ConstantsRetrieverFactory;
import com.ibm.ws.wssecurity.util.PlatformContextUtil;
import com.ibm.ws.wssecurity.util.Tr;
import com.ibm.ws.wssecurity.util.TraceComponent;
import com.ibm.ws.wssecurity.wssapi.WSSGeneratorTransformImpl;
import com.ibm.wsspi.wssecurity.core.SoapSecurityException;
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.HashMap;
import org.apache.axis2.AxisFault;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.context.OperationContext;
import org.apache.axis2.description.AxisOperation;
import org.apache.axis2.description.AxisService;
import org.apache.axis2.description.HandlerDescription;
import org.apache.axis2.description.Parameter;
import org.apache.axis2.engine.Handler;

/* loaded from: input_file:com/ibm/ws/wssecurity/handler/WSSecurityGeneratorHandler.class */
public class WSSecurityGeneratorHandler extends WSSecurityGlobalHandler {
    private static final String comp = "security.wssecurity";
    private static final long serialVersionUID = 0;
    private WSSecurityGeneratorBase _gh = null;
    private static boolean isWebSphereServer;
    private static boolean isWebSpherePlatform;
    private static boolean mayCacheTokens;
    private static boolean runningCommonComponent;
    protected static boolean logPolicySetOverride;
    private static final String clsName = WSSecurityGeneratorHandler.class.getName();
    private static final TraceComponent tc = Tr.register(WSSecurityGeneratorHandler.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.wssmessages");

    public WSSecurityGeneratorHandler() {
        this.inboundHandler = false;
    }

    public void init(HandlerDescription handlerDescription) {
        this.handlerDesc = handlerDescription;
        this._gh = new WSSecurityGeneratorBase();
        try {
            this._gh.init();
        } catch (Exception e) {
        }
    }

    @Override // com.ibm.ws.wssecurity.handler.WSSecurityGlobalHandler
    public Handler.InvocationResponse invoke(final MessageContext messageContext) throws AxisFault {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "invoke(MessageContext msgContext)");
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "runningCommonComponent=" + runningCommonComponent);
        }
        if (runningCommonComponent) {
            boolean isServiceProvider = Axis2Util.isServiceProvider(messageContext, true);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "isServiceProvider=" + isServiceProvider);
            }
            if (!isServiceProvider) {
                mayCacheTokens = true;
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "mayCacheTokens=" + mayCacheTokens);
        }
        if (mayCacheTokens) {
            String property = System.getProperty(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_PERSIST_CLIENT_SECURITY_CONTEXT);
            if (property == null || "true".equalsIgnoreCase(property)) {
                Object property2 = messageContext.getProperty("com.ibm.wsspi.websphere.security.SecurityContext");
                try {
                    WSSContext wSSContext = (WSSContext) AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: com.ibm.ws.wssecurity.handler.WSSecurityGeneratorHandler.1
                        @Override // java.security.PrivilegedExceptionAction
                        public Object run() throws SoapSecurityException {
                            return WSSContextManagerFactory.getInstance().getSerializableContext();
                        }
                    });
                    if (property2 == null) {
                        messageContext.setProperty("com.ibm.wsspi.websphere.security.SecurityContext", wSSContext);
                    } else {
                        messageContext.setProperty(com.ibm.ws.wssecurity.common.Constants.WSSECURITY_LOGINPROMPT_CONTEXT, wSSContext);
                    }
                } catch (PrivilegedActionException e) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Exception caught " + e.getMessage());
                    }
                    throw AxisFault.makeFault(e);
                }
            } else {
                Object property3 = messageContext.getProperty("com.ibm.wsspi.websphere.security.SecurityContext");
                try {
                    WSSContext wSSContextFactory = WSSContextFactory.getInstance();
                    if (property3 == null) {
                        messageContext.setProperty("com.ibm.wsspi.websphere.security.SecurityContext", wSSContextFactory);
                    } else {
                        messageContext.setProperty(com.ibm.ws.wssecurity.common.Constants.WSSECURITY_LOGINPROMPT_CONTEXT, wSSContextFactory);
                    }
                } catch (Exception e2) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Exception caught " + e2.getMessage());
                    }
                    throw AxisFault.makeFault(e2);
                }
            }
        }
        if (isWebSphereServer) {
            try {
                final PrivilegedExceptionAction privilegedExceptionAction = new PrivilegedExceptionAction() { // from class: com.ibm.ws.wssecurity.handler.WSSecurityGeneratorHandler.2
                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws AxisFault {
                        return WSSecurityGeneratorHandler.this._invoke(messageContext);
                    }
                };
                Handler.InvocationResponse invocationResponse = (Handler.InvocationResponse) AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: com.ibm.ws.wssecurity.handler.WSSecurityGeneratorHandler.3
                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws SoapSecurityException {
                        return (Handler.InvocationResponse) WSSContextFactory.getInstance().runWith(privilegedExceptionAction, messageContext);
                    }
                });
                if (invocationResponse != null) {
                    return invocationResponse;
                }
            } catch (Exception e3) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception caught " + e3.getMessage());
                }
                throw AxisFault.makeFault(e3);
            }
        }
        return _invoke(messageContext);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Handler.InvocationResponse _invoke(MessageContext messageContext) throws AxisFault {
        Parameter parameter;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "_invoke(MessageContext msgContext)");
        }
        Boolean valueOf = Boolean.valueOf(Boolean.FALSE.booleanValue());
        boolean z = false;
        boolean z2 = false;
        WSSGeneratorConfig wSSGeneratorConfig = null;
        Parameter parameter2 = null;
        try {
            boolean isServiceProvider = Axis2Util.isServiceProvider(messageContext);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "isServiceProvider=" + isServiceProvider);
            }
            if (isServiceProvider) {
                String actionURI = getActionURI(messageContext);
                if (actionURI != null) {
                    actionURI = actionURI.trim();
                    if (actionURI.length() != 0 && (SCAndTrustConstants.NS_TRUST_200502_CANCEL_RSTR_MESSAGE_ACTION.equals(actionURI) || SCAndTrustConstants.NS_TRUST_V13_CANCEL_RSTR_MESSAGE_ACTION.equals(actionURI) || SCAndTrustConstants.NS_TRUST_V13_CANCEL_FINAL_RSTR_MESSAGE_ACTION.equals(actionURI) || SCAndTrustConstants.NS_SC_200502_CANCEL_RSTR_MESSAGE_ACTION.equals(actionURI) || SCAndTrustConstants.NS_SC_V13_CANCEL_RSTR_MESSAGE_ACTION.equals(actionURI))) {
                        z2 = true;
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "isCancelResponseMessage = true");
                        }
                    }
                }
                if (tc.isDebugEnabled() && WSSecurityConsumerHandler.stsClassesAvailable()) {
                    Tr.debug(tc, "action returns from STSPolicySetUtil.mapTrustAction=" + STSPolicySetUtil.mapTrustAction(actionURI));
                }
                OperationContext operationContext = messageContext.getOperationContext();
                if (operationContext == null) {
                    operationContext = (OperationContext) messageContext.getProperty("unverifiedOperationContext");
                }
                if (!z2 && operationContext != null) {
                    MessageContext messageContext2 = operationContext.getMessageContext("In");
                    if (messageContext2 != null) {
                        Object property = messageContext2.getProperty(Constants.TRUST_POLICY_SET_CONFIGURATION);
                        if (property != null && (property instanceof PolicySetConfiguration)) {
                            PolicySetConfiguration policySetConfiguration = (PolicySetConfiguration) property;
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Got PolicySetConfiguration from original MessageContext");
                            }
                            z = true;
                            Object policyTypeBinding = policySetConfiguration.getPolicyTypeBinding(PrivateGeneratorConfig.class);
                            if (policyTypeBinding != null) {
                                if (!(policyTypeBinding instanceof PrivateGeneratorConfig)) {
                                    if (!(policyTypeBinding instanceof Exception)) {
                                        if (tc.isDebugEnabled()) {
                                            Tr.debug(tc, "Unable to process outbound SOAP message. Unexpected object in PolicyTypeBinding: " + policyTypeBinding);
                                        }
                                        Tr.error(tc, "security.wssecurity.WSSecurityGeneratorHandler.s02", new Object[]{policyTypeBinding.getClass().getName()});
                                        throw AxisFault.makeFault(SoapSecurityException.format("security.wssecurity.WSSecurityGeneratorHandler.s02", policyTypeBinding.getClass().getName()));
                                    }
                                    Exception exc = (Exception) policyTypeBinding;
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "Unable to process outbound SOAP message.  PolicySet not loaded properly.", exc);
                                    }
                                    Tr.processException(exc, clsName + ".invoke", "337", this);
                                    if (exc instanceof SoapSecurityException) {
                                        throw AxisFault.makeFault(exc);
                                    }
                                    Tr.error(tc, "security.wssecurity.WSSecurityGeneratorHandler.s01");
                                    throw AxisFault.makeFault(SoapSecurityException.format("security.wssecurity.WSSecurityGeneratorHandler.s01", exc));
                                }
                                wSSGeneratorConfig = (PrivateGeneratorConfig) policyTypeBinding;
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "GeneratorConfig for trust response=" + wSSGeneratorConfig);
                                }
                            } else if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "No PolicyType Binding");
                            }
                        } else if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Unable to get PolicySetConfiguration from original MessageContext, obj = " + property);
                        }
                    } else if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "OperationContext.getMessageContext(WSDLConstants.MESSAGE_LABEL_IN_VALUE) was null");
                    }
                } else if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "MessageContext.OperationContext() was null");
                }
            } else {
                Object property2 = messageContext.getProperty(com.ibm.ws.wssecurity.common.Constants.IS_BOOTSTRAP_REQUIRED);
                Object property3 = messageContext.getProperty(com.ibm.ws.wssecurity.common.Constants.SCT_CANCEL);
                boolean z3 = false;
                if (property3 != null && (property3 instanceof Boolean) && ((Boolean) property3).booleanValue()) {
                    z3 = true;
                }
                if (property2 != null && (property2 instanceof Boolean)) {
                    valueOf = (Boolean) property2;
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "bootstrap property from message context=" + valueOf);
                    }
                    if (valueOf != null && valueOf.booleanValue()) {
                        Object property4 = messageContext.getProperty(com.ibm.ws.wssecurity.common.Constants.BOOTSTRAP_APP_POLICY_CONFIG);
                        if (property4 != null) {
                            if (z3) {
                                wSSGeneratorConfig = (PrivateGeneratorConfig) property4;
                            } else {
                                if (!(property4 instanceof PrivateGeneratorConfig)) {
                                    if (!(property4 instanceof Exception)) {
                                        if (tc.isDebugEnabled()) {
                                            Tr.debug(tc, "Unable to process outbound SOAP message. Unexpected object in PolicyTypeBinding: " + property4);
                                        }
                                        Tr.error(tc, "security.wssecurity.WSSecurityGeneratorHandler.s02", new Object[]{property4.getClass().getName()});
                                        throw AxisFault.makeFault(SoapSecurityException.format("security.wssecurity.WSSecurityGeneratorHandler.s02", property4.getClass().getName()));
                                    }
                                    Exception exc2 = (Exception) property4;
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "Unable to process outbound SOAP message.  PolicySet not loaded properly.", exc2);
                                    }
                                    Tr.processException(exc2, clsName + ".invoke", "404", this);
                                    if (exc2 instanceof SoapSecurityException) {
                                        throw AxisFault.makeFault(exc2);
                                    }
                                    Tr.error(tc, "security.wssecurity.WSSecurityGeneratorHandler.s01");
                                    throw AxisFault.makeFault(SoapSecurityException.format("security.wssecurity.WSSecurityGeneratorHandler.s01", exc2));
                                }
                                wSSGeneratorConfig = ((PrivateGeneratorConfig) property4).getBootstrapGeneratorConfig();
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "bootstrap policy=" + wSSGeneratorConfig);
                                }
                            }
                        } else if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "No PolicyType Binding");
                        }
                    }
                }
            }
            if (wSSGeneratorConfig == null && !valueOf.booleanValue() && !z && !z2) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Get policy for application");
                }
                AxisOperation axisOperation = messageContext.getAxisOperation();
                if (axisOperation != null) {
                    parameter2 = axisOperation.getParameter(ConstantsRetrieverFactory.getInstance().getPolicySetKey());
                    if (parameter2 != null) {
                        Object value = parameter2.getValue();
                        PolicySetConfiguration policySetConfiguration2 = null;
                        if (value == null || !(value instanceof PolicySetConfiguration)) {
                            Object value2 = messageContext.getAxisService().getParameter(ConstantsRetrieverFactory.getInstance().getPolicySetKey()).getValue();
                            if (value2 != null && (value2 instanceof PolicySetConfiguration)) {
                                policySetConfiguration2 = (PolicySetConfiguration) value2;
                            }
                        } else {
                            policySetConfiguration2 = (PolicySetConfiguration) value;
                        }
                        if (policySetConfiguration2 != null) {
                            Object policyTypeBinding2 = policySetConfiguration2.getPolicyTypeBinding(PrivateGeneratorConfig.class);
                            if (policyTypeBinding2 != null) {
                                if (!(policyTypeBinding2 instanceof PrivateGeneratorConfig)) {
                                    if (!(policyTypeBinding2 instanceof Exception)) {
                                        if (tc.isDebugEnabled()) {
                                            Tr.debug(tc, "Unable to process outbound SOAP message. Unexpected object in PolicyTypeBinding: " + policyTypeBinding2);
                                        }
                                        Tr.error(tc, "security.wssecurity.WSSecurityGeneratorHandler.s02", new Object[]{policyTypeBinding2.getClass().getName()});
                                        throw AxisFault.makeFault(SoapSecurityException.format("security.wssecurity.WSSecurityGeneratorHandler.s02", policyTypeBinding2.getClass().getName()));
                                    }
                                    Exception exc3 = (Exception) policyTypeBinding2;
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "Unable to process outbound SOAP message.  PolicySet not loaded properly.", exc3);
                                    }
                                    Tr.processException(exc3, clsName + ".invoke", "467", this);
                                    if (exc3 instanceof SoapSecurityException) {
                                        throw AxisFault.makeFault(exc3);
                                    }
                                    Tr.error(tc, "security.wssecurity.WSSecurityGeneratorHandler.s01");
                                    throw AxisFault.makeFault(SoapSecurityException.format("security.wssecurity.WSSecurityGeneratorHandler.s01", exc3));
                                }
                                wSSGeneratorConfig = (PrivateGeneratorConfig) policyTypeBinding2;
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "app policy=" + wSSGeneratorConfig);
                                }
                            } else if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "No PolicyType Binding");
                            }
                        }
                    }
                }
                if (axisOperation == null || parameter2 == null) {
                    PolicySetConfiguration policySetConfiguration3 = null;
                    AxisService axisService = messageContext.getAxisService();
                    if (axisService != null && (parameter = axisService.getParameter(ConstantsRetrieverFactory.getInstance().getPolicySetKey())) != null) {
                        Object value3 = parameter.getValue();
                        if (value3 != null && (value3 instanceof PolicySetConfiguration)) {
                            policySetConfiguration3 = (PolicySetConfiguration) value3;
                        }
                        if (policySetConfiguration3 != null) {
                            Object policyTypeBinding3 = policySetConfiguration3.getPolicyTypeBinding(PrivateGeneratorConfig.class);
                            if (policyTypeBinding3 != null) {
                                if (!(policyTypeBinding3 instanceof PrivateGeneratorConfig)) {
                                    if (!(policyTypeBinding3 instanceof Exception)) {
                                        if (tc.isDebugEnabled()) {
                                            Tr.debug(tc, "Unable to process outbound SOAP message. Unexpected object in PolicyTypeBinding: " + policyTypeBinding3);
                                        }
                                        Tr.error(tc, "security.wssecurity.WSSecurityGeneratorHandler.s02", new Object[]{policyTypeBinding3.getClass().getName()});
                                        throw AxisFault.makeFault(SoapSecurityException.format("security.wssecurity.WSSecurityGeneratorHandler.s02", policyTypeBinding3.getClass().getName()));
                                    }
                                    Exception exc4 = (Exception) policyTypeBinding3;
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "Unable to process outbound SOAP message.  PolicySet not loaded properly.", exc4);
                                    }
                                    Tr.processException(exc4, clsName + ".invoke", "521", this);
                                    if (exc4 instanceof SoapSecurityException) {
                                        throw AxisFault.makeFault(exc4);
                                    }
                                    Tr.error(tc, "security.wssecurity.WSSecurityGeneratorHandler.s01");
                                    throw AxisFault.makeFault(SoapSecurityException.format("security.wssecurity.WSSecurityGeneratorHandler.s01", exc4));
                                }
                                wSSGeneratorConfig = (PrivateGeneratorConfig) policyTypeBinding3;
                                if (wSSGeneratorConfig != null && tc.isDebugEnabled()) {
                                    Tr.debug(tc, "Loaded policy using policy set.");
                                }
                            } else if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "No PolicyType Binding");
                            }
                        }
                    }
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Application Generator Policy=" + wSSGeneratorConfig);
                }
            }
            if (!z2) {
                if (messageContext.getProperty(com.ibm.ws.wssecurity.common.Constants.WSSAPI_CONFIG_KEY_GENERATOR) != null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "WSSAPI enables...");
                        Tr.debug(tc, "WSSAPI logPolicySetOverride = " + logPolicySetOverride);
                    }
                    if (messageContext.getProperty(com.ibm.ws.wssecurity.common.Constants.WSSAPI_CONFIG_KEY_CONSUMER) != null) {
                        WSSConsumingContext wSSConsumingContext = (WSSConsumingContext) messageContext.getProperty(com.ibm.ws.wssecurity.common.Constants.WSSAPI_CONFIG_KEY_CONSUMER);
                        HashMap hashMap = (HashMap) messageContext.getProperty(com.ibm.ws.wssecurity.common.Constants.WSS_PROPERTYMAP);
                        HashMap hashMap2 = hashMap;
                        if (hashMap == null) {
                            hashMap2 = new HashMap();
                        }
                        hashMap2.put(com.ibm.ws.wssecurity.common.Constants.WSSAPI_CONFIG_KEY_CONSUMER, wSSConsumingContext);
                        messageContext.setProperty(com.ibm.ws.wssecurity.common.Constants.WSS_PROPERTYMAP, hashMap2);
                    } else if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "WSSAPI_CONFIG_KEY_CONSUMER property not found in MessageContext. Response message will NOT be processed by web services security.");
                    }
                    if (wSSGeneratorConfig != null && !isServiceProvider && logPolicySetOverride) {
                        Tr.warning(tc, "security.wssecurity.WSSecurityConsumerHandler.s01");
                    }
                    if (wSSGeneratorConfig == null) {
                        try {
                            wSSGeneratorConfig = WSSGeneratorTransformImpl.getInstance().transform(messageContext);
                        } catch (WSSException e) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Error in WSSAPI:", e);
                            }
                            throw AxisFault.makeFault(e);
                        }
                    }
                } else if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "WSSAPI not enabled");
                }
            }
            if (wSSGeneratorConfig != null) {
                try {
                    this._gh.invoke(messageContext, wSSGeneratorConfig);
                } catch (Exception e2) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Error in security handler:", e2);
                    }
                    Tr.processException(e2, clsName + ".invoke", "611", this);
                    throw AxisFault.makeFault(e2);
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "invoke(MessageContext msgContext)");
            }
            return Handler.InvocationResponse.CONTINUE;
        } catch (Exception e3) {
            throw AxisFault.makeFault(e3);
        }
    }

    static {
        isWebSphereServer = false;
        isWebSpherePlatform = false;
        mayCacheTokens = false;
        runningCommonComponent = false;
        logPolicySetOverride = true;
        String property = System.getProperty(com.ibm.wsspi.wssecurity.core.Constants.SUPPRESS_POLICYSET_OVERRIDE_WARNING);
        if (property != null && property.length() != 0 && property.equalsIgnoreCase("true")) {
            logPolicySetOverride = false;
        }
        isWebSphereServer = PlatformContextUtil.isWebSphereServerProcess();
        isWebSpherePlatform = PlatformContextUtil.isWebSpherePlatform();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "isWebSphereServer=" + isWebSphereServer);
            Tr.debug(tc, "isWebSpherePlatform=" + isWebSpherePlatform);
        }
        if (isWebSphereServer) {
            return;
        }
        if (isWebSpherePlatform) {
            mayCacheTokens = true;
        } else {
            runningCommonComponent = true;
        }
    }
}
