package electric.soap.security.handlers;

import com.webmethods.fabric.console.services.services.IServicesConstants;
import electric.glue.IGLUEContextConstants;
import electric.glue.IGLUELoggingConstants;
import electric.glue.context.ThreadContext;
import electric.service.IService;
import electric.soap.ISOAPConstants;
import electric.soap.ISOAPHandler;
import electric.soap.SOAPException;
import electric.soap.SOAPMessage;
import electric.soap.handlers.chain.ChainedSOAPHandler;
import electric.soap.security.IWSSConstants;
import electric.soap.security.IWSSContextConstants;
import electric.soap.security.SOAPSecurityException;
import electric.soap.security.WSSContext;
import electric.soap.security.encryption.WSSEncryptionProcessor;
import electric.soap.security.signature.WSSSignatureProcessor;
import electric.soap.security.tokens.SecurityTokenProcessor;
import electric.soap.security.util.SecurityXPathFactory;
import electric.util.Context;
import electric.util.XURL;
import electric.util.log.ILoggingConstants;
import electric.util.log.Log;
import electric.xml.Document;
import electric.xml.Element;
import electric.xml.IXMLConstants;
import electric.xml.IXPath;
import java.rmi.RemoteException;
import java.util.Hashtable;
import java.util.Vector;

/* loaded from: input_file:electric/soap/security/handlers/SecurityHandler.class */
public class SecurityHandler extends ChainedSOAPHandler implements IWSSConstants, IWSSContextConstants, ISOAPConstants, IXMLConstants, IGLUELoggingConstants, IGLUEContextConstants {
    protected IService service;
    protected SecurityTokenProcessor tokenProcessor;
    protected WSSSignatureProcessor signatureProcessor;
    protected WSSEncryptionProcessor encryptionProcessor;

    public SecurityHandler(IService iService, ISOAPHandler iSOAPHandler) {
        super(iSOAPHandler);
        this.service = iService;
        this.tokenProcessor = new SecurityTokenProcessor();
        this.signatureProcessor = new WSSSignatureProcessor(this.tokenProcessor);
        this.encryptionProcessor = new WSSEncryptionProcessor(this.tokenProcessor);
    }

    @Override // electric.soap.handlers.chain.ChainedSOAPHandler, electric.soap.ISOAPHandler
    public SOAPMessage handle(SOAPMessage sOAPMessage, Context context) throws RemoteException, SecurityException {
        WSSContext wSSContext = (WSSContext) this.service.getContext().getProperty(IGLUEContextConstants.WSS_CONTEXT);
        return (wSSContext == null || !WSSContext.isEnabled()) ? this.nextHandler.handle(sOAPMessage, context) : handleSecurity(sOAPMessage, wSSContext, context);
    }

    private SOAPMessage handleSecurity(SOAPMessage sOAPMessage, WSSContext wSSContext, Context context) throws SOAPException {
        SOAPMessage sOAPMessage2 = null;
        try {
            sOAPMessage.deoptimize();
            handleMustUnderstand(sOAPMessage, context);
            incoming(sOAPMessage, wSSContext, context);
            sOAPMessage2 = this.nextHandler.handle(sOAPMessage, context);
        } catch (SOAPException e) {
            throw e;
        } catch (Exception e2) {
            if (Log.isLogging(ILoggingConstants.EXCEPTION_EVENT)) {
                Log.log(ILoggingConstants.EXCEPTION_EVENT, "problem in security handler", (Throwable) e2);
            }
        }
        if (sOAPMessage2 == null) {
            return null;
        }
        sOAPMessage2.deoptimize();
        Element headerElement = sOAPMessage2.getHeaderElement(IWSSConstants.WSSE_NAMESPACE, "Security");
        if (headerElement == null) {
            headerElement = new Element(IWSSConstants.WSSE_PREFIX, "Security", IWSSConstants.WSSE_NAMESPACE);
            headerElement.setAttributeNS(IXMLConstants.XMLNS, "xmlns:wsse", IWSSConstants.WSSE_NAMESPACE);
            sOAPMessage2.addHeader().addChild(headerElement);
        }
        outgoing(sOAPMessage2, wSSContext, headerElement);
        return sOAPMessage2;
    }

    private void outgoing(SOAPMessage sOAPMessage, WSSContext wSSContext, Element element) throws SOAPSecurityException, Exception {
        ThreadContext.removeProperty(IWSSContextConstants.WSS_TOKENS);
        this.tokenProcessor.addTokens(sOAPMessage, wSSContext, element);
        Hashtable hashtable = new Hashtable();
        this.signatureProcessor.addTokens(sOAPMessage, wSSContext, element, hashtable);
        this.signatureProcessor.addSignatures(sOAPMessage, wSSContext, element);
        this.encryptionProcessor.addEncryptionCertificates(sOAPMessage, wSSContext, element, hashtable);
        this.encryptionProcessor.addEncryptions(sOAPMessage, wSSContext, element, hashtable);
    }

    private void incoming(SOAPMessage sOAPMessage, WSSContext wSSContext, Context context) throws SOAPException {
        Vector readTokens = this.tokenProcessor.readTokens(sOAPMessage, wSSContext);
        Context thread = Context.thread();
        for (int i = 0; i < readTokens.size(); i++) {
            thread.addProperty(IWSSContextConstants.WSS_TOKENS, readTokens.elementAt(i));
        }
        Vector vector = new Vector();
        boolean authenticate = wSSContext.in.authenticate(sOAPMessage, readTokens, vector);
        Vector vector2 = new Vector();
        this.encryptionProcessor.decrypt(sOAPMessage, vector2, wSSContext.in.guards());
        if (authenticate) {
            Vector vector3 = new Vector();
            authenticate = !this.signatureProcessor.validateSignatures(sOAPMessage, wSSContext, vector3, readTokens) ? false : wSSContext.in.authorize(sOAPMessage, vector3, vector2, vector);
        }
        if (authenticate) {
            return;
        }
        logAuthFailure(sOAPMessage, context);
        throw new SOAPException("security", "Server", (String) null, "<detail>SECURITY EXCEPTION</detail>");
    }

    private void logAuthFailure(SOAPMessage sOAPMessage, Context context) {
        String str = IServicesConstants.UNKNOWN;
        String str2 = IServicesConstants.UNKNOWN;
        if (context != null) {
            XURL xurl = (XURL) context.getProperty("endpoint");
            if (xurl != null) {
                str = xurl.toString();
            }
            str2 = context.getStringProperty(IGLUEContextConstants.TRANSPORT_SOURCE);
        }
        if (Log.isLogging(ILoggingConstants.SECURITY_EVENT)) {
            Log.log(ILoggingConstants.SECURITY_EVENT, new StringBuffer().append("authorization failed for message from:").append(str2).append(" to:").append(str).toString());
        }
        if (Log.isLogging(IGLUELoggingConstants.SECURITY_DEBUG_EVENT)) {
            Log.log(IGLUELoggingConstants.SECURITY_DEBUG_EVENT, new StringBuffer().append("authorization failed, message detail:").append(sOAPMessage.toString()).toString());
        }
    }

    protected void handleMustUnderstand(SOAPMessage sOAPMessage, Context context) {
        try {
            Document document = sOAPMessage.getDocument();
            IXPath createXPath = SecurityXPathFactory.createXPath("/soap:Envelope/soap:Header/wsse:Security");
            createXPath.setNamespace("soap", "http://schemas.xmlsoap.org/soap/envelope/");
            createXPath.setNamespace(IWSSConstants.WSSE_PREFIX, IWSSConstants.WSSE_NAMESPACE);
            Element element = createXPath.getElement(document.getRoot());
            if (element != null) {
                context.addProperty(ISOAPConstants.UNDERSTOOD, element);
            }
        } catch (Throwable th) {
            if (Log.isLogging(ILoggingConstants.EXCEPTION_EVENT)) {
                Log.log(ILoggingConstants.EXCEPTION_EVENT, "problem with mustunderstand", th);
            }
        }
    }
}
