package org.mule.module.dynamicscrm.security.policies;

import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import javax.xml.namespace.QName;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.cxf.Bus;
import org.apache.cxf.configuration.jsse.TLSClientParameters;
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.Message;
import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.transport.http.HTTPConduit;
import org.apache.cxf.ws.addressing.EndpointReferenceType;
import org.apache.cxf.ws.addressing.VersionTransformer;
import org.apache.cxf.ws.policy.AbstractPolicyInterceptorProvider;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.security.policy.SP12Constants;
import org.apache.cxf.ws.security.trust.STSClient;
import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor;
import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor;
import org.apache.cxf.wsdl.EndpointReferenceUtils;
import org.mule.api.ConnectionException;
import org.mule.api.ConnectionExceptionCode;
import org.w3c.dom.Element;

/* loaded from: input_file:org/mule/module/dynamicscrm/security/policies/XrmAuthenticationPolicyInterceptorProvider.class */
public class XrmAuthenticationPolicyInterceptorProvider extends AbstractPolicyInterceptorProvider {
    private static final Log LOG = LogFactory.getLog(XrmAuthenticationPolicyInterceptorProvider.class);
    private static final long serialVersionUID = 3412956180069920480L;

    /* loaded from: input_file:org/mule/module/dynamicscrm/security/policies/XrmAuthenticationPolicyInterceptorProvider$AuthenticationPolicyInInterceptor.class */
    private class AuthenticationPolicyInInterceptor extends AbstractPhaseInterceptor<Message> {
        public AuthenticationPolicyInInterceptor() {
            super("pre-protocol");
            addAfter(WSS4JInInterceptor.class.getName());
            addAfter(PolicyBasedWSS4JInInterceptor.class.getName());
        }

        public void handleMessage(Message message) throws Fault {
            Collection collection;
            AssertionInfoMap assertionInfoMap = (AssertionInfoMap) message.get(AssertionInfoMap.class);
            if (assertionInfoMap == null || (collection = (Collection) assertionInfoMap.get(XrmConstants.AUTH_POLICY_2011)) == null) {
                return;
            }
            Iterator it = collection.iterator();
            while (it.hasNext()) {
                ((AssertionInfo) it.next()).setAsserted(true);
            }
        }
    }

    /* loaded from: input_file:org/mule/module/dynamicscrm/security/policies/XrmAuthenticationPolicyInterceptorProvider$AuthenticationPolicyOutInterceptor.class */
    private class AuthenticationPolicyOutInterceptor extends AbstractPhaseInterceptor<Message> {
        public AuthenticationPolicyOutInterceptor() {
            super("prepare-send");
            addBefore("IssuedTokenOutInterceptor");
        }

        public void handleMessage(Message message) throws Fault {
            Collection<AssertionInfo> collection;
            AssertionInfoMap assertionInfoMap = (AssertionInfoMap) message.get(AssertionInfoMap.class);
            if (assertionInfoMap == null || null == (collection = (Collection) assertionInfoMap.get(XrmConstants.AUTH_POLICY_2011))) {
                return;
            }
            for (AssertionInfo assertionInfo : collection) {
                if (StringUtils.equalsIgnoreCase(assertionInfo.getAssertion().getAuthenticationType(), "Federation")) {
                    String str = "";
                    Collection collection2 = (Collection) assertionInfoMap.get(SP12Constants.ISSUED_TOKEN);
                    if (collection2 != null && !collection2.isEmpty()) {
                        Iterator it = collection2.iterator();
                        if (it.hasNext()) {
                            str = XrmAuthenticationPolicyInterceptorProvider.this.findMEXLocation(((AssertionInfo) it.next()).getAssertion().getIssuerEpr());
                        }
                    }
                    if (StringUtils.isEmpty(str)) {
                        assertionInfo.setNotAsserted("Unable to get Federation Metadata WSDL from CRM's Authentication Policy");
                        return;
                    }
                    STSClient sTSClient = (STSClient) message.getContextualProperty("ws-security.sts.client");
                    if (sTSClient == null) {
                        sTSClient = new STSClient((Bus) message.getExchange().get(Bus.class));
                        sTSClient.setSoap12();
                        sTSClient.setWsdlLocation(str);
                        sTSClient.setServiceQName(new QName("http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice", "SecurityTokenService"));
                        sTSClient.setEndpointQName(new QName("http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice", "UserNameWSTrustBinding_IWSTrust13Async"));
                    } else if (StringUtils.isEmpty(sTSClient.getWsdlLocation())) {
                        sTSClient.setWsdlLocation(str);
                    }
                    if (MessageUtils.getContextualBoolean(message, XrmConstants.DISABLE_CN_CHECK, false)) {
                        try {
                            XrmAuthenticationPolicyInterceptorProvider.disableCnCheck(sTSClient);
                        } catch (ConnectionException e) {
                            XrmAuthenticationPolicyInterceptorProvider.LOG.debug(e);
                            assertionInfo.setNotAsserted("Error when trying to disble CN check in STS Client: " + e.getMessage());
                            return;
                        }
                    }
                    message.setContextualProperty("ws-security.sts.client", sTSClient);
                }
                assertionInfo.setAsserted(true);
            }
        }
    }

    public XrmAuthenticationPolicyInterceptorProvider() {
        super(Arrays.asList(XrmConstants.AUTH_POLICY_2011, XrmConstants.AUTH_POLICY_2012));
        getInInterceptors().add(new AuthenticationPolicyInInterceptor());
        getInFaultInterceptors().add(new AuthenticationPolicyInInterceptor());
        getOutInterceptors().add(new AuthenticationPolicyOutInterceptor());
        getOutFaultInterceptors().add(new AuthenticationPolicyOutInterceptor());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String findMEXLocation(EndpointReferenceType endpointReferenceType) {
        String findMEXLocation;
        if (endpointReferenceType.getMetadata() != null && endpointReferenceType.getMetadata().getAny() != null) {
            for (Object obj : endpointReferenceType.getMetadata().getAny()) {
                if ((obj instanceof Element) && (findMEXLocation = findMEXLocation((Element) obj)) != null) {
                    return findMEXLocation;
                }
            }
        }
        return EndpointReferenceUtils.getAddress(endpointReferenceType);
    }

    private String findMEXLocation(Element element) {
        Element firstElement = DOMUtils.getFirstElement(element);
        while (true) {
            Element element2 = firstElement;
            if (element2 == null) {
                return null;
            }
            if (element2.getLocalName().equals("Address") && VersionTransformer.isSupported(element2.getNamespaceURI()) && "MetadataReference".equals(element.getLocalName())) {
                return DOMUtils.getContent(element2);
            }
            String findMEXLocation = findMEXLocation(element2);
            if (findMEXLocation != null) {
                return findMEXLocation;
            }
            firstElement = DOMUtils.getNextElement(element2);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void disableCnCheck(STSClient sTSClient) throws ConnectionException {
        try {
            HTTPConduit conduit = sTSClient.getClient().getConduit();
            TLSClientParameters tLSClientParameters = new TLSClientParameters();
            tLSClientParameters.setUseHttpsURLConnectionDefaultHostnameVerifier(true);
            tLSClientParameters.setUseHttpsURLConnectionDefaultSslSocketFactory(true);
            conduit.setTlsClientParameters(tLSClientParameters);
        } catch (Exception e) {
            throw new ConnectionException(ConnectionExceptionCode.UNKNOWN, e.getMessage(), "Error when trying to disble CN check: " + e.getMessage(), e);
        }
    }
}
