package com.tmax.ws.axis.security;

import com.tmax.axis.AxisFault;
import com.tmax.axis.Constants;
import com.tmax.axis.MessageContext;
import com.tmax.axis.handlers.BasicHandler;
import com.tmax.ws.axis.security.util.AxisUtil;
import com.tmax.ws.security.WSConstants;
import com.tmax.ws.security.WSSConfig;
import com.tmax.ws.security.WSSecurityEngine;
import com.tmax.ws.security.WSSecurityEngineResult;
import com.tmax.ws.security.WSSecurityException;
import com.tmax.ws.security.components.crypto.Crypto;
import com.tmax.ws.security.components.crypto.CryptoFactory;
import com.tmax.ws.security.handler.WSHandlerConstants;
import com.tmax.ws.security.handler.WSHandlerResult;
import com.tmax.ws.security.util.WSSecurityUtil;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Vector;
import javax.security.auth.callback.CallbackHandler;
import javax.xml.namespace.QName;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPHeaderElement;
import javax.xml.soap.SOAPMessage;
import jeus.security.base.DecryptionException;
import jeus.security.util.EncryptionUtil;
import jeus.security.util.LoggerUtil;
import jeus.util.logging.JeusLogger;
import jeus.util.message.JeusMessage_Security;
import jeus.util.message.JeusMessage_Webservices_SEC;
import jeus.webservices.wssecurity.WSSProperties;
import org.w3c.dom.Document;
import org.w3c.dom.Node;

/* loaded from: input_file:com/tmax/ws/axis/security/WSDoAllReceiver.class */
public class WSDoAllReceiver extends BasicHandler {
    static final WSSecurityEngine secEngine = WSSecurityEngine.getInstance();
    protected final JeusLogger logger = JeusLogger.getLogger("jeus.webservices.wss");
    private Hashtable cryptos = new Hashtable();
    private Crypto sigCrypto = null;
    private Crypto decCrypto = null;
    private Crypto _crypto = null;
    WSSConfig wssConfig = WSSConfig.getNewInstance();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/tmax/ws/axis/security/WSDoAllReceiver$RequestData.class */
    public class RequestData {
        MessageContext msgContext;

        private RequestData() {
            this.msgContext = null;
        }

        void clear() {
            this.msgContext = null;
        }
    }

    /* JADX WARN: Type inference failed for: r6v0, types: [java.lang.Throwable, com.tmax.axis.AxisFault] */
    @Override // com.tmax.axis.handlers.BasicHandler, com.tmax.axis.Handler
    public void init() {
        try {
            this._crypto = loadCrypto();
            String str = (String) getOption(WSHandlerConstants.OBSERVE_ACTIONORDER);
            if (str != null && str.equals("false")) {
                this.wssConfig.setObserveActionOrderAtReceiving(false);
            }
            String str2 = (String) getOption(WSHandlerConstants.TIMESTAMP_SIGNING);
            if (str2 == null || !str2.equals("true")) {
                this.wssConfig.setEnableSignatureConfirmation(false);
            } else {
                this.wssConfig.setEnableSignatureConfirmation(true);
            }
            String str3 = (String) getOption(WSHandlerConstants.TIMESTAMP_ABERRATION);
            int i = 0;
            if (str3 != null) {
                try {
                    i = Integer.parseInt(str3);
                } catch (NumberFormatException e) {
                }
            }
            this.wssConfig.setAberration(i);
            String str4 = (String) getOption(WSHandlerConstants.CLOCK_PRECISION);
            int i2 = 0;
            if (str4 != null) {
                try {
                    i2 = Integer.parseInt(str4);
                } catch (NumberFormatException e2) {
                }
            }
            this.wssConfig.setPrecision(i2);
            String str5 = (String) getOption(WSHandlerConstants.TIMESTAMP_PRECISION);
            if (str5 == null || !str5.equals("true")) {
                this.wssConfig.setPrecisionInMilliSeconds(false);
            } else {
                this.wssConfig.setPrecisionInMilliSeconds(true);
            }
        } catch (AxisFault e3) {
            this.logger.log(JeusMessage_Webservices_SEC._6012_LEVEL, "WSS: Unexpected Error", (Throwable) e3);
            e3.printStackTrace();
        }
    }

    private void detachSecurityElement(SOAPMessage sOAPMessage) throws SOAPException {
        Iterator childElements = sOAPMessage.getSOAPHeader().getChildElements();
        while (childElements.hasNext()) {
            Node node = (Node) childElements.next();
            if (node.getNodeType() == 1 && node.getNamespaceURI().equals(WSConstants.WSSE_NS) && node.getLocalName().equals(WSConstants.WSSE_LN)) {
                node.getParentNode().removeChild(node);
            }
        }
    }

    @Override // com.tmax.axis.Handler
    public void invoke(MessageContext messageContext) throws AxisFault {
        X509Certificate certificate;
        RequestData requestData = new RequestData();
        try {
            try {
                try {
                    requestData.msgContext = messageContext;
                    Vector vector = new Vector();
                    String str = (String) getOption(WSHandlerConstants.ACTION);
                    String str2 = str;
                    if (str == null) {
                        str2 = (String) messageContext.getProperty(WSHandlerConstants.ACTION);
                    }
                    if (str2 == null) {
                        this.logger.log(JeusMessage_Webservices_SEC._6011_LEVEL, JeusMessage_Webservices_SEC._6011, "WSDoAllReceiver: No action defined");
                        throw new WSSAxisFault("WSDoAllReceiver: No action defined");
                    }
                    int decodeAction = AxisUtil.decodeAction(str2, vector);
                    String str3 = (String) getOption("actor");
                    SOAPMessage message = messageContext.getMessage();
                    try {
                        Document sOAPPart = message.getSOAPPart();
                        if (WSSecurityUtil.findElement(sOAPPart.getDocumentElement(), Constants.ELEM_FAULT, WSSecurityUtil.getSOAPConstants(sOAPPart.getDocumentElement()).getEnvelopeURI()) != null) {
                            return;
                        }
                        if ((decodeAction & 2) == 2) {
                            decodeSignatureParameter();
                        }
                        if ((decodeAction & 4) == 4) {
                            decodeDecryptionParameter();
                        }
                        CallbackHandler callbackHandler = null;
                        if ((decodeAction & 5) != 0) {
                            callbackHandler = getPasswordCB(requestData);
                            if (callbackHandler == null) {
                                Crypto crypto = this._crypto;
                                this.sigCrypto = crypto;
                                this.decCrypto = crypto;
                                if (this.decCrypto == null && this.sigCrypto == null) {
                                    this.logger.log(JeusMessage_Webservices_SEC._6011_LEVEL, JeusMessage_Webservices_SEC._6011, "WSDoAllReceiver: Crypto initialization failure for both signature and decryption");
                                    throw new WSSAxisFault("WSDoAllReceiver: Crypto initialization failure for both signature and decryption");
                                }
                            }
                        }
                        WSSecurityEngine wSSecurityEngine = secEngine;
                        WSSecurityEngine.setWssConfig(this.wssConfig);
                        try {
                            Vector processSecurityHeader = secEngine.processSecurityHeader(sOAPPart, str3, callbackHandler, this.sigCrypto, this.decCrypto);
                            if (processSecurityHeader == null) {
                                if (decodeAction == 0) {
                                    requestData.clear();
                                    return;
                                } else {
                                    this.logger.log(JeusMessage_Webservices_SEC._6003_LEVEL, JeusMessage_Webservices_SEC._6003, "WSDoAllReceiver: Request does not contain required Security header");
                                    throw new WSSAxisFault("WSDoAllReceiver: Request does not contain required Security header");
                                }
                            }
                            boolean hasSignedElementQname = WSSecurityUtil.hasSignedElementQname(processSecurityHeader, new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Timestamp"));
                            if (this.wssConfig.isEnableSignatureConfirmation() && !hasSignedElementQname) {
                                this.logger.log(JeusMessage_Webservices_SEC._6003_LEVEL, JeusMessage_Webservices_SEC._6003, "WSDoAllReceiver: Request does not have Timestamp signed");
                                throw new WSSAxisFault("WSDoAllReceiver: Request does not have Timestamp signed");
                            }
                            ArrayList arrayList = new ArrayList();
                            try {
                                Iterator examineAllHeaderElements = message.getSOAPHeader().examineAllHeaderElements();
                                while (examineAllHeaderElements.hasNext()) {
                                    Object next = examineAllHeaderElements.next();
                                    if (next instanceof SOAPHeaderElement) {
                                        SOAPHeaderElement sOAPHeaderElement = (SOAPHeaderElement) next;
                                        arrayList.add(new QName(sOAPHeaderElement.getElementName().getURI(), sOAPHeaderElement.getElementName().getLocalName(), sOAPHeaderElement.getElementName().getPrefix()));
                                    }
                                }
                                Iterator it = arrayList.iterator();
                                while (it.hasNext()) {
                                    messageContext.setHeaderProcessingStatus((QName) it.next(), true);
                                }
                                detachSecurityElement(message);
                                WSSecurityEngineResult fetchActionResult = WSSecurityUtil.fetchActionResult(processSecurityHeader, 2);
                                if (fetchActionResult != null && (certificate = fetchActionResult.getCertificate()) != null && !verifyTrust(certificate)) {
                                    this.logger.log(JeusMessage_Webservices_SEC._6004_LEVEL, JeusMessage_Webservices_SEC._6004, "WSDoAllReceiver: The certificate used for the signature is not trusted:" + certificate.getSubjectDN().getName());
                                    throw new WSSAxisFault("WSDoAllReceiver: The certificate used for the signature is not trusted:" + certificate.getSubjectDN().getName(), 4);
                                }
                                WSSecurityUtil.fetchActionResult(processSecurityHeader, 32);
                                int size = processSecurityHeader.size();
                                int size2 = vector.size();
                                if (size2 != size) {
                                    this.logger.log(JeusMessage_Webservices_SEC._6003_LEVEL, JeusMessage_Webservices_SEC._6003, "WSDoAllReceiver: security processing failed (actions number mismatch)");
                                    throw new WSSAxisFault("WSDoAllReceiver: security processing failed (actions number mismatch)");
                                }
                                if (this.wssConfig.getObserveActionOrderAtReceiving()) {
                                    for (int i = 0; i < size2; i++) {
                                        if (((Integer) vector.get(i)).intValue() != ((WSSecurityEngineResult) processSecurityHeader.get(i)).getAction()) {
                                            this.logger.log(JeusMessage_Webservices_SEC._6003_LEVEL, JeusMessage_Webservices_SEC._6003, "WSDoAllReceiver: security processing failed (actions order mismatch)");
                                            throw new WSSAxisFault("WSDoAllReceiver: security processing failed (actions order mismatch)");
                                        }
                                    }
                                } else {
                                    Vector vector2 = (Vector) vector.clone();
                                    for (int i2 = 0; i2 < size2; i2++) {
                                        if (!vector2.remove(new Integer(((WSSecurityEngineResult) processSecurityHeader.get(i2)).getAction()))) {
                                            this.logger.log(JeusMessage_Webservices_SEC._6003_LEVEL, JeusMessage_Webservices_SEC._6003, "WSDoAllReceiver: security processing failed (action(s) not exist)");
                                            throw new WSSAxisFault("WSDoAllReceiver: security processing failed (action(s) not exist)");
                                        }
                                    }
                                    if (!vector2.isEmpty()) {
                                        this.logger.log(JeusMessage_Webservices_SEC._6003_LEVEL, JeusMessage_Webservices_SEC._6003, "WSDoAllReceiver: security processing failed (action(s) remained)");
                                        throw new WSSAxisFault("WSDoAllReceiver: security processing failed (action(s) remained)");
                                    }
                                }
                                Vector vector3 = (Vector) messageContext.getProperty(WSHandlerConstants.RECV_RESULTS);
                                Vector vector4 = vector3;
                                if (vector3 == null) {
                                    vector4 = new Vector();
                                    messageContext.setProperty(WSHandlerConstants.RECV_RESULTS, vector4);
                                }
                                vector4.add(0, new WSHandlerResult(str3, processSecurityHeader));
                                requestData.clear();
                            } catch (SOAPException e) {
                                throw AxisFault.makeFault(e);
                            }
                        } catch (WSSecurityException e2) {
                            throw new WSSAxisFault(e2);
                        }
                    } catch (Exception e3) {
                        this.logger.log(JeusMessage_Webservices_SEC._6012_LEVEL, "WSS: Unexpected Error", e3);
                        throw new AxisFault("WSDoAllReceiver: cannot convert into document", e3);
                    }
                } finally {
                    requestData.clear();
                }
            } catch (AxisFault e4) {
                throw e4;
            }
        } catch (Exception e5) {
            this.logger.log(JeusMessage_Webservices_SEC._6012_LEVEL, "WSS: Unexpected Error", e5);
            throw AxisFault.makeFault(e5);
        }
    }

    protected Crypto loadCrypto() throws AxisFault {
        Crypto crypto;
        WSSProperties wSSProperties = (WSSProperties) getOption(WSJeusConstants.WSSPROPERTIES);
        if (wSSProperties != null) {
            Crypto crypto2 = (Crypto) this.cryptos.get(wSSProperties.uniqueID());
            if (crypto2 != null) {
                return crypto2;
            }
            crypto = CryptoFactory.getInstance(wSSProperties);
            if (crypto == null) {
                this.logger.log(JeusMessage_Webservices_SEC._6011_LEVEL, JeusMessage_Webservices_SEC._6011, "WSDoAllReceiver: Could not load keystore.");
                throw new AxisFault("WSDoAllReceiver: Could not load keystore.");
            }
            this.cryptos.put(wSSProperties.uniqueID(), crypto);
        } else {
            crypto = (Crypto) this.cryptos.get("com.tmax.ws.security.components.crypto.SecurityFWItf");
            if (crypto == null) {
                Hashtable hashtable = new Hashtable();
                hashtable.put(WSSProperties.CRYPTO_PROVIDER, "com.tmax.ws.security.components.crypto.SecurityFWItf");
                crypto = CryptoFactory.getInstance(hashtable);
                if (crypto == null) {
                    this.logger.log(JeusMessage_Webservices_SEC._6011_LEVEL, JeusMessage_Webservices_SEC._6011, "WSDoAllReceiver: Could not load keystore.");
                    throw new AxisFault("WSDoAllReceiver: Could not load keystore.");
                }
                this.cryptos.put("com.tmax.ws.security.components.crypto.SecurityFWItf", crypto);
            }
        }
        return crypto;
    }

    private void decodeSignatureParameter() throws AxisFault {
        if (this.sigCrypto == null) {
            this.sigCrypto = loadSignatureCrypto();
            if (this.sigCrypto == null) {
                this.sigCrypto = this._crypto;
            }
            if (this.sigCrypto == null) {
                this.logger.log(JeusMessage_Webservices_SEC._6011_LEVEL, JeusMessage_Webservices_SEC._6011, "WSDoAllReceiver: Crypto initialization failure for signature");
                throw new WSSAxisFault("WSDoAllReceiver: Crypto initialization failure for signature");
            }
        }
    }

    private void decodeDecryptionParameter() throws AxisFault {
        if (this.decCrypto == null) {
            this.decCrypto = loadDecryptionCrypto();
            if (this.decCrypto == null) {
                this.decCrypto = this._crypto;
            }
            if (this.decCrypto == null) {
                this.logger.log(JeusMessage_Webservices_SEC._6011_LEVEL, JeusMessage_Webservices_SEC._6011, "WSDoAllReceiver: Crypto initialization failure for decryption");
                throw new WSSAxisFault("WSDoAllReceiver: Crypto initialization failure for decryption");
            }
        }
    }

    private CallbackHandler getPasswordCB(RequestData requestData) throws AxisFault {
        CallbackHandler callbackHandler;
        String str = (String) getOption(WSHandlerConstants.PW_CALLBACK_CLASS);
        String str2 = str;
        if (str == null) {
            str2 = (String) requestData.msgContext.getProperty(WSHandlerConstants.PW_CALLBACK_CLASS);
        }
        if (str2 != null) {
            try {
                try {
                    callbackHandler = (CallbackHandler) Thread.currentThread().getContextClassLoader().loadClass(str2).newInstance();
                } catch (Exception e) {
                    this.logger.log(JeusMessage_Webservices_SEC._6012_LEVEL, "WSS: Unexpected Error", e);
                    throw new WSSAxisFault("WSDoAllReceiver: cannot create instance of password callback: " + str2);
                }
            } catch (ClassNotFoundException e2) {
                this.logger.log(JeusMessage_Webservices_SEC._6011_LEVEL, JeusMessage_Webservices_SEC._6011, "WSDoAllReceiver: cannot load password callback class: " + str2);
                throw new WSSAxisFault("WSDoAllReceiver: cannot load password callback class: " + str2);
            }
        } else {
            callbackHandler = (CallbackHandler) requestData.msgContext.getProperty(WSHandlerConstants.PW_CALLBACK_REF);
        }
        return callbackHandler;
    }

    private boolean verifyTrust(X509Certificate x509Certificate) throws AxisFault {
        if (x509Certificate == null) {
            return false;
        }
        try {
            return this.sigCrypto.isValid(x509Certificate);
        } catch (WSSecurityException e) {
            this.logger.log(JeusMessage_Webservices_SEC._6012_LEVEL, JeusMessage_Webservices_SEC._6012, e);
            return false;
        }
    }

    private Crypto loadSignatureCrypto() throws AxisFault {
        Crypto crypto = null;
        String str = (String) getOption(WSJeusConstants.SIG_KEY_TYPE);
        try {
            String decryptPassword = EncryptionUtil.decryptPassword((String) getOption(WSJeusConstants.SIG_KEYSTORE_PASSWORD));
            String str2 = (String) getOption(WSJeusConstants.SIG_KEYSTORE_FILENAME);
            if (str != null && decryptPassword != null && str2 != null) {
                WSSProperties wSSProperties = new WSSProperties("com.tmax.ws.security.components.crypto.DefaultWSSecurityItf");
                wSSProperties.setKeyStore(str2, str, decryptPassword);
                wSSProperties.setTrustStore(str2, str, decryptPassword);
                Crypto crypto2 = (Crypto) this.cryptos.get(wSSProperties.uniqueID());
                if (crypto2 != null) {
                    return crypto2;
                }
                crypto = CryptoFactory.getInstance(wSSProperties);
                if (crypto != null) {
                    this.cryptos.put(wSSProperties.uniqueID(), crypto);
                }
            }
            return crypto;
        } catch (DecryptionException e) {
            if (LoggerUtil.logger.isLoggable(JeusMessage_Security._73_LEVEL)) {
                LoggerUtil.logger.log(JeusMessage_Security._73_LEVEL, JeusMessage_Security._73, e);
            }
            throw new AxisFault("[ERROR] Unable to decrypt the configured password.");
        }
    }

    private Crypto loadDecryptionCrypto() throws AxisFault {
        String str;
        Crypto crypto = null;
        String str2 = (String) getOption(WSJeusConstants.DEC_KEY_TYPE);
        try {
            str = EncryptionUtil.decryptPassword((String) getOption(WSJeusConstants.DEC_KEYSTORE_PASSWORD));
        } catch (DecryptionException e) {
            if (LoggerUtil.logger.isLoggable(JeusMessage_Security._73_LEVEL)) {
                LoggerUtil.logger.log(JeusMessage_Security._73_LEVEL, JeusMessage_Security._73, e);
            }
            str = null;
        }
        String str3 = (String) getOption(WSJeusConstants.DEC_KEYSTORE_FILENAME);
        if (str2 != null && str != null && str3 != null) {
            WSSProperties wSSProperties = new WSSProperties("com.tmax.ws.security.components.crypto.DefaultWSSecurityItf");
            wSSProperties.setKeyStore(str3, str2, str);
            wSSProperties.setTrustStore(str3, str2, str);
            Crypto crypto2 = (Crypto) this.cryptos.get(wSSProperties.uniqueID());
            if (crypto2 != null) {
                return crypto2;
            }
            crypto = CryptoFactory.getInstance(wSSProperties);
            if (crypto != null) {
                this.cryptos.put(wSSProperties.uniqueID(), crypto);
            }
        }
        return crypto;
    }
}
