package org.apache.cxf.ws.security.wss4j;

import java.security.Principal;
import java.util.ArrayList;
import java.util.List;
import javax.security.auth.callback.CallbackHandler;
import javax.xml.namespace.QName;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.common.classloader.ClassLoaderUtils;
import org.apache.cxf.headers.Header;
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.interceptor.security.DefaultSecurityContext;
import org.apache.cxf.security.SecurityContext;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.cxf.ws.security.policy.SP12Constants;
import org.apache.cxf.ws.security.policy.model.Token;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.cxf.ws.security.tokenstore.TokenStore;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSDocInfo;
import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.handler.WSHandlerConstants;
import org.apache.ws.security.handler.WSHandlerResult;
import org.apache.ws.security.processor.BinarySecurityTokenProcessor;
import org.apache.ws.security.validate.Validator;
import org.w3c.dom.Element;

/* loaded from: input_file:org/apache/cxf/ws/security/wss4j/KerberosTokenInterceptor.class */
public class KerberosTokenInterceptor extends AbstractTokenInterceptor {
    @Override // org.apache.cxf.ws.security.wss4j.AbstractTokenInterceptor
    protected void processToken(SoapMessage soapMessage) {
        Header findSecurityHeader = findSecurityHeader(soapMessage, false);
        if (findSecurityHeader == null) {
            return;
        }
        Element firstElement = DOMUtils.getFirstElement((Element) findSecurityHeader.getObject());
        while (true) {
            Element element = firstElement;
            if (element == null) {
                return;
            }
            if (WSConstants.BINARY_TOKEN_LN.equals(element.getLocalName()) && "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd".equals(element.getNamespaceURI())) {
                try {
                    List<WSSecurityEngineResult> processToken = processToken(element, soapMessage);
                    if (processToken != null) {
                        List cast = CastUtils.cast((List<?>) soapMessage.get(WSHandlerConstants.RECV_RESULTS));
                        if (cast == null) {
                            cast = new ArrayList();
                            soapMessage.put(WSHandlerConstants.RECV_RESULTS, (Object) cast);
                        }
                        cast.add(0, new WSHandlerResult((String) null, processToken));
                        assertTokens(soapMessage, SP12Constants.KERBEROS_TOKEN, false);
                        Principal principal = (Principal) processToken.get(0).get("principal");
                        soapMessage.put(WSS4JInInterceptor.PRINCIPAL_RESULT, (Object) principal);
                        SecurityContext securityContext = (SecurityContext) soapMessage.get(SecurityContext.class);
                        if (securityContext == null || securityContext.getUserPrincipal() == null) {
                            soapMessage.put((Class<Class>) SecurityContext.class, (Class) new DefaultSecurityContext(principal, null));
                        }
                    }
                } catch (WSSecurityException e) {
                    throw new Fault((Throwable) e);
                }
            }
            firstElement = DOMUtils.getNextElement(element);
        }
    }

    private List<WSSecurityEngineResult> processToken(Element element, final SoapMessage soapMessage) throws WSSecurityException {
        WSDocInfo wSDocInfo = new WSDocInfo(element.getOwnerDocument());
        RequestData requestData = new RequestData() { // from class: org.apache.cxf.ws.security.wss4j.KerberosTokenInterceptor.1
            public CallbackHandler getCallbackHandler() {
                return KerberosTokenInterceptor.this.getCallback(soapMessage);
            }

            public Validator getValidator(QName qName) throws WSSecurityException {
                Object contextualProperty = soapMessage.getContextualProperty(SecurityConstants.BST_TOKEN_VALIDATOR);
                try {
                    return contextualProperty instanceof Validator ? (Validator) contextualProperty : contextualProperty instanceof Class ? (Validator) ((Class) contextualProperty).newInstance() : contextualProperty instanceof String ? (Validator) ClassLoaderUtils.loadClass(contextualProperty.toString(), KerberosTokenInterceptor.class).newInstance() : super.getValidator(qName);
                } catch (RuntimeException e) {
                    throw e;
                } catch (Throwable th) {
                    throw new WSSecurityException(th.getMessage(), th);
                }
            }
        };
        requestData.setWssConfig(WSSConfig.getNewInstance());
        return new BinarySecurityTokenProcessor().handleToken(element, requestData, wSDocInfo);
    }

    @Override // org.apache.cxf.ws.security.wss4j.AbstractTokenInterceptor
    protected Token assertTokens(SoapMessage soapMessage) {
        return assertTokens(soapMessage, SP12Constants.KERBEROS_TOKEN, true);
    }

    @Override // org.apache.cxf.ws.security.wss4j.AbstractTokenInterceptor
    protected void addToken(SoapMessage soapMessage) {
        SecurityToken securityToken = getSecurityToken(soapMessage);
        if (securityToken == null || securityToken.getToken() == null) {
            return;
        }
        assertTokens(soapMessage);
        Element element = (Element) findSecurityHeader(soapMessage, true).getObject();
        element.appendChild(element.getOwnerDocument().importNode(securityToken.getToken(), true));
    }

    private SecurityToken getSecurityToken(SoapMessage soapMessage) {
        String str;
        TokenStore tokenStore = getTokenStore(soapMessage);
        if (tokenStore == null || (str = (String) soapMessage.getContextualProperty(SecurityConstants.TOKEN_ID)) == null) {
            return null;
        }
        return tokenStore.getToken(str);
    }
}
