package org.apache.ws.axis.security;

import java.io.ByteArrayOutputStream;
import java.math.BigInteger;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.TimeZone;
import java.util.Vector;
import javax.security.auth.callback.CallbackHandler;
import javax.xml.namespace.QName;
import org.apache.axis.AxisFault;
import org.apache.axis.Constants;
import org.apache.axis.Message;
import org.apache.axis.MessageContext;
import org.apache.axis.SOAPPart;
import org.apache.axis.handlers.BasicHandler;
import org.apache.axis.message.SOAPHeaderElement;
import org.apache.axis.utils.XMLUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.axis.security.util.AxisUtil;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSSecurityEngine;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoFactory;
import org.apache.ws.security.handler.WSHandlerConstants;
import org.apache.ws.security.handler.WSHandlerResult;
import org.apache.ws.security.message.token.Timestamp;
import org.apache.ws.security.util.WSSecurityUtil;
import org.w3c.dom.Document;

/* loaded from: input_file:org/apache/ws/axis/security/WSDoAllReceiver.class */
public class WSDoAllReceiver extends BasicHandler {
    static Log log;
    static final WSSecurityEngine secEngine;
    private boolean doDebug = false;
    private static Hashtable cryptos;
    static Class class$org$apache$ws$axis$security$WSDoAllReceiver;

    /* renamed from: org.apache.ws.axis.security.WSDoAllReceiver$1, reason: invalid class name */
    /* loaded from: input_file:org/apache/ws/axis/security/WSDoAllReceiver$1.class */
    static class AnonymousClass1 {
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/ws/axis/security/WSDoAllReceiver$RequestData.class */
    public class RequestData {
        MessageContext msgContext;
        Crypto sigCrypto;
        String sigPropFile;
        Crypto decCrypto;
        String decPropFile;
        int timeToLive;
        private final WSDoAllReceiver this$0;

        private RequestData(WSDoAllReceiver wSDoAllReceiver) {
            this.this$0 = wSDoAllReceiver;
            this.msgContext = null;
            this.sigCrypto = null;
            this.sigPropFile = null;
            this.decCrypto = null;
            this.decPropFile = null;
            this.timeToLive = 300;
        }

        void clear() {
            this.decCrypto = null;
            this.decPropFile = null;
            this.msgContext = null;
            this.sigCrypto = null;
            this.sigPropFile = null;
        }

        RequestData(WSDoAllReceiver wSDoAllReceiver, AnonymousClass1 anonymousClass1) {
            this(wSDoAllReceiver);
        }
    }

    /* JADX WARN: Type inference failed for: r19v0, types: [java.lang.Throwable, org.apache.ws.security.WSSecurityException] */
    @Override // org.apache.axis.Handler
    public void invoke(MessageContext messageContext) throws AxisFault {
        Timestamp timestamp;
        X509Certificate certificate;
        if (this.doDebug) {
            log.debug(new StringBuffer().append("WSDoAllReceiver: enter invoke() with msg type: ").append(messageContext.getCurrentMessage().getMessageType()).toString());
        }
        RequestData requestData = new RequestData(this, null);
        try {
            requestData.msgContext = messageContext;
            Vector vector = new Vector();
            String str = (String) getOption(WSHandlerConstants.ACTION);
            String str2 = str;
            if (str == null) {
                str2 = (String) messageContext.getProperty(WSHandlerConstants.ACTION);
            }
            if (str2 == null) {
                throw new AxisFault("WSDoAllReceiver: No action defined");
            }
            int decodeAction = AxisUtil.decodeAction(str2, vector);
            String str3 = (String) getOption("actor");
            Message currentMessage = messageContext.getCurrentMessage();
            try {
                Document asDocument = currentMessage.getSOAPEnvelope().getAsDocument();
                if (this.doDebug) {
                    log.debug("Received SOAP request: ");
                    log.debug(XMLUtils.PrettyDocumentToString(asDocument));
                }
                String messageType = currentMessage.getMessageType();
                if (messageType != null && messageType.equals(Message.RESPONSE)) {
                    if (WSSecurityUtil.findElement(asDocument.getDocumentElement(), Constants.ELEM_FAULT, WSSecurityUtil.getSOAPConstants(asDocument.getDocumentElement()).getEnvelopeURI()) != null) {
                        return;
                    }
                }
                CallbackHandler passwordCB = (decodeAction & 5) != 0 ? getPasswordCB(requestData) : null;
                if ((decodeAction & 2) == 2) {
                    decodeSignatureParameter(requestData);
                }
                if ((decodeAction & 4) == 4) {
                    decodeDecryptionParameter(requestData);
                }
                try {
                    Vector processSecurityHeader = secEngine.processSecurityHeader(asDocument, str3, passwordCB, requestData.sigCrypto, requestData.decCrypto);
                    if (processSecurityHeader == null) {
                        if (decodeAction != 0) {
                            throw new AxisFault("WSDoAllReceiver: Request does not contain required Security header");
                        }
                        requestData.clear();
                        return;
                    }
                    ArrayList arrayList = new ArrayList();
                    Iterator it = currentMessage.getSOAPEnvelope().getHeaders().iterator();
                    while (it.hasNext()) {
                        SOAPHeaderElement sOAPHeaderElement = (SOAPHeaderElement) it.next();
                        if (sOAPHeaderElement.isProcessed()) {
                            arrayList.add(sOAPHeaderElement.getQName());
                        }
                    }
                    SOAPPart sOAPPart = (SOAPPart) currentMessage.getSOAPPart();
                    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                    org.apache.xml.security.utils.XMLUtils.outputDOM(asDocument, byteArrayOutputStream, true);
                    sOAPPart.setCurrentMessage(byteArrayOutputStream.toByteArray(), 4);
                    if (this.doDebug) {
                        log.debug("Processed received SOAP request");
                        log.debug(XMLUtils.PrettyDocumentToString(asDocument));
                    }
                    Iterator it2 = arrayList.iterator();
                    while (it2.hasNext()) {
                        QName qName = (QName) it2.next();
                        Enumeration headersByName = currentMessage.getSOAPEnvelope().getHeadersByName(qName.getNamespaceURI(), qName.getLocalPart());
                        while (headersByName.hasMoreElements()) {
                            ((SOAPHeaderElement) headersByName.nextElement()).setProcessed(true);
                        }
                    }
                    try {
                        Iterator examineHeaderElements = currentMessage.getSOAPEnvelope().getHeader().examineHeaderElements(str3);
                        javax.xml.soap.SOAPHeaderElement sOAPHeaderElement2 = null;
                        while (true) {
                            if (!examineHeaderElements.hasNext()) {
                                break;
                            }
                            javax.xml.soap.SOAPHeaderElement sOAPHeaderElement3 = (javax.xml.soap.SOAPHeaderElement) examineHeaderElements.next();
                            if (sOAPHeaderElement3.getLocalName().equals(WSConstants.WSSE_LN) && sOAPHeaderElement3.getNamespaceURI().equals(WSConstants.WSSE_NS)) {
                                sOAPHeaderElement2 = sOAPHeaderElement3;
                                break;
                            }
                        }
                        ((SOAPHeaderElement) sOAPHeaderElement2).setProcessed(true);
                        WSSecurityEngineResult fetchActionResult = WSSecurityUtil.fetchActionResult(processSecurityHeader, 2);
                        if (fetchActionResult != null && (certificate = fetchActionResult.getCertificate()) != null && !verifyTrust(certificate, requestData)) {
                            throw new AxisFault("WSDoAllReceiver: The certificate used for the signature is not trusted");
                        }
                        WSSecurityEngineResult fetchActionResult2 = WSSecurityUtil.fetchActionResult(processSecurityHeader, 32);
                        if (fetchActionResult2 != null && (timestamp = fetchActionResult2.getTimestamp()) != null) {
                            String str4 = (String) getOption(WSHandlerConstants.TTL_TIMESTAMP);
                            String str5 = str4;
                            if (str4 == null) {
                                str5 = (String) messageContext.getProperty(WSHandlerConstants.TTL_TIMESTAMP);
                            }
                            int i = 0;
                            if (str5 != null) {
                                try {
                                    i = Integer.parseInt(str5);
                                } catch (NumberFormatException e) {
                                    i = requestData.timeToLive;
                                }
                            }
                            if (i <= 0) {
                                int i2 = requestData.timeToLive;
                            }
                            if (!verifyTimestamp(timestamp, requestData.timeToLive)) {
                                throw new AxisFault("WSDoAllReceiver: The timestamp could not be validated");
                            }
                        }
                        int size = processSecurityHeader.size();
                        int size2 = vector.size();
                        if (size2 != size) {
                            throw new AxisFault("WSDoAllReceiver: security processing failed (actions number mismatch)");
                        }
                        for (int i3 = 0; i3 < size2; i3++) {
                            if (((Integer) vector.get(i3)).intValue() != ((WSSecurityEngineResult) processSecurityHeader.get(i3)).getAction()) {
                                throw new AxisFault("WSDoAllReceiver: security processing failed (actions mismatch)");
                            }
                        }
                        Vector vector2 = (Vector) messageContext.getProperty(WSHandlerConstants.RECV_RESULTS);
                        Vector vector3 = vector2;
                        if (vector2 == null) {
                            vector3 = new Vector();
                            messageContext.setProperty(WSHandlerConstants.RECV_RESULTS, vector3);
                        }
                        vector3.add(0, new WSHandlerResult(str3, processSecurityHeader));
                        if (this.doDebug) {
                            log.debug("WSDoAllReceiver: exit invoke()");
                        }
                        requestData.clear();
                    } catch (Exception e2) {
                        throw new AxisFault("WSDoAllReceiver: cannot get SOAP header after security processing", e2);
                    }
                } catch (WSSecurityException e3) {
                    e3.printStackTrace();
                    throw new AxisFault("WSDoAllReceiver: security processing failed", e3);
                }
            } catch (Exception e4) {
                throw new AxisFault("WSDoAllReceiver: cannot convert into document", e4);
            }
        } finally {
            requestData.clear();
        }
    }

    protected Crypto loadSignatureCrypto(RequestData requestData) throws AxisFault {
        String str = (String) getOption(WSHandlerConstants.SIG_PROP_FILE);
        requestData.sigPropFile = str;
        if (str == null) {
            requestData.sigPropFile = (String) requestData.msgContext.getProperty(WSHandlerConstants.SIG_PROP_FILE);
        }
        if (requestData.sigPropFile == null) {
            throw new AxisFault("WSDoAllReceiver: Signature: no crypto property file");
        }
        Crypto crypto = (Crypto) cryptos.get(requestData.sigPropFile);
        Crypto crypto2 = crypto;
        if (crypto == null) {
            crypto2 = CryptoFactory.getInstance(requestData.sigPropFile);
            cryptos.put(requestData.sigPropFile, crypto2);
        }
        return crypto2;
    }

    protected Crypto loadDecryptionCrypto(RequestData requestData) throws AxisFault {
        Crypto crypto;
        String str = (String) getOption(WSHandlerConstants.DEC_PROP_FILE);
        requestData.decPropFile = str;
        if (str == null) {
            requestData.decPropFile = (String) requestData.msgContext.getProperty(WSHandlerConstants.DEC_PROP_FILE);
        }
        if (requestData.decPropFile != null) {
            Crypto crypto2 = (Crypto) cryptos.get(requestData.decPropFile);
            crypto = crypto2;
            if (crypto2 == null) {
                crypto = CryptoFactory.getInstance(requestData.decPropFile);
                cryptos.put(requestData.decPropFile, crypto);
            }
        } else {
            Crypto crypto3 = requestData.sigCrypto;
            crypto = crypto3;
            if (crypto3 == null) {
                throw new AxisFault("WSDoAllReceiver: Encryption: no crypto property file");
            }
        }
        return crypto;
    }

    private void decodeSignatureParameter(RequestData requestData) throws AxisFault {
        requestData.sigCrypto = loadSignatureCrypto(requestData);
    }

    private void decodeDecryptionParameter(RequestData requestData) throws AxisFault {
        requestData.decCrypto = loadDecryptionCrypto(requestData);
    }

    private CallbackHandler getPasswordCB(RequestData requestData) throws AxisFault {
        CallbackHandler callbackHandler;
        String str = (String) getOption("passwordCallbackClass");
        String str2 = str;
        if (str == null) {
            str2 = (String) requestData.msgContext.getProperty("passwordCallbackClass");
        }
        if (str2 != null) {
            try {
                try {
                    callbackHandler = (CallbackHandler) Class.forName(str2).newInstance();
                } catch (Exception e) {
                    throw new AxisFault(new StringBuffer().append("WSDoAllReceiver: cannot create instance of password callback: ").append(str2).toString(), e);
                }
            } catch (ClassNotFoundException e2) {
                throw new AxisFault(new StringBuffer().append("WSDoAllReceiver: cannot load password callback class: ").append(str2).toString(), e2);
            }
        } else {
            callbackHandler = (CallbackHandler) requestData.msgContext.getProperty(WSHandlerConstants.PW_CALLBACK_REF);
            if (callbackHandler == null) {
                throw new AxisFault("WSDoAllReceiver: no reference in callback property");
            }
        }
        return callbackHandler;
    }

    private boolean verifyTrust(X509Certificate x509Certificate, RequestData requestData) throws AxisFault {
        if (x509Certificate == null) {
            return false;
        }
        String name = x509Certificate.getSubjectDN().getName();
        String name2 = x509Certificate.getIssuerDN().getName();
        BigInteger serialNumber = x509Certificate.getSerialNumber();
        if (this.doDebug) {
            log.debug(new StringBuffer().append("WSDoAllReceiver: Transmitted certificate has subject ").append(name).toString());
            log.debug(new StringBuffer().append("WSDoAllReceiver: Transmitted certificate has issuer ").append(name2).append(" (serial ").append(serialNumber).append(")").toString());
        }
        try {
            String aliasForX509Cert = requestData.sigCrypto.getAliasForX509Cert(name2, serialNumber);
            if (aliasForX509Cert != null) {
                try {
                    X509Certificate[] certificates = requestData.sigCrypto.getCertificates(aliasForX509Cert);
                    if (certificates != null && certificates.length > 0 && x509Certificate.equals(certificates[0])) {
                        if (!this.doDebug) {
                            return true;
                        }
                        log.debug(new StringBuffer().append("Direct trust for certificate with ").append(name).toString());
                        return true;
                    }
                } catch (WSSecurityException e) {
                    throw new AxisFault(new StringBuffer().append("WSDoAllReceiver: Could not get certificates for alias ").append(aliasForX509Cert).toString(), e);
                }
            } else if (this.doDebug) {
                log.debug(new StringBuffer().append("No alias found for subject from issuer with ").append(name2).append(" (serial ").append(serialNumber).append(")").toString());
            }
            try {
                String[] aliasesForDN = requestData.sigCrypto.getAliasesForDN(name2);
                if (aliasesForDN == null || aliasesForDN.length < 1) {
                    if (!this.doDebug) {
                        return false;
                    }
                    log.debug(new StringBuffer().append("No aliases found in keystore for issuer ").append(name2).append(" of certificate for ").append(name).toString());
                    return false;
                }
                for (int i = 0; i < aliasesForDN.length; i++) {
                    String str = aliasesForDN[i];
                    if (this.doDebug) {
                        log.debug(new StringBuffer().append("Preparing to validate certificate path with alias ").append(str).append(" for issuer ").append(name2).toString());
                    }
                    try {
                        X509Certificate[] certificates2 = requestData.sigCrypto.getCertificates(str);
                        if ((certificates2 == null) || (certificates2.length < 1)) {
                            throw new AxisFault(new StringBuffer().append("WSDoAllReceiver: Could not get certificates for alias ").append(str).toString());
                        }
                        X509Certificate[] x509CertificateArr = new X509Certificate[certificates2.length + 1];
                        x509CertificateArr[0] = x509Certificate;
                        for (int i2 = 0; i2 < certificates2.length; i2++) {
                            x509Certificate = certificates2[i];
                            x509CertificateArr[certificates2.length + i2] = x509Certificate;
                        }
                        try {
                            if (requestData.sigCrypto.validateCertPath(x509CertificateArr)) {
                                if (!this.doDebug) {
                                    return true;
                                }
                                log.debug(new StringBuffer().append("WSDoAllReceiver: Certificate path has been verified for certificate with subject ").append(name).toString());
                                return true;
                            }
                        } catch (WSSecurityException e2) {
                            throw new AxisFault(new StringBuffer().append("WSDoAllReceiver: Certificate path verification failed for certificate with subject ").append(name).toString(), e2);
                        }
                    } catch (WSSecurityException e3) {
                        throw new AxisFault(new StringBuffer().append("WSDoAllReceiver: Could not get certificates for alias ").append(str).toString(), e3);
                    }
                }
                log.debug(new StringBuffer().append("WSDoAllReceiver: Certificate path could not be verified for certificate with subject ").append(name).toString());
                return false;
            } catch (WSSecurityException e4) {
                throw new AxisFault(new StringBuffer().append("WSDoAllReceiver: Could not get alias for certificate with ").append(name2).toString(), e4);
            }
        } catch (WSSecurityException e5) {
            throw new AxisFault(new StringBuffer().append("WSDoAllReceiver: Could not get alias for certificate with ").append(name).toString(), e5);
        }
    }

    protected boolean verifyTimestamp(Timestamp timestamp, int i) throws AxisFault {
        Calendar calendar = Calendar.getInstance();
        calendar.setTimeInMillis(calendar.getTimeInMillis() - (i * 1000));
        if (this.doDebug) {
            log.debug("Preparing to verify the timestamp");
            SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
            simpleDateFormat.setTimeZone(TimeZone.getTimeZone("GMT"));
            log.debug(new StringBuffer().append("Validation of Timestamp: Current time is ").append(simpleDateFormat.format(Calendar.getInstance().getTime())).toString());
            log.debug(new StringBuffer().append("Validation of Timestamp: Valid creation is ").append(simpleDateFormat.format(calendar.getTime())).toString());
            log.debug(new StringBuffer().append("Validation of Timestamp: Timestamp created is ").append(simpleDateFormat.format(timestamp.getCreated().getTime())).toString());
        }
        if (timestamp.getCreated().after(calendar)) {
            log.debug("Validation of Timestamp: Everything is ok");
            return true;
        }
        if (!this.doDebug) {
            return false;
        }
        log.debug("Validation of Timestamp: The message was created too long ago");
        return false;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$org$apache$ws$axis$security$WSDoAllReceiver == null) {
            cls = class$("org.apache.ws.axis.security.WSDoAllReceiver");
            class$org$apache$ws$axis$security$WSDoAllReceiver = cls;
        } else {
            cls = class$org$apache$ws$axis$security$WSDoAllReceiver;
        }
        log = LogFactory.getLog(cls.getName());
        secEngine = WSSecurityEngine.getInstance();
        cryptos = new Hashtable(5);
    }
}
