package com.sun.xml.wss.provider.wsit;

import com.sun.xml.ws.api.message.Packet;
import com.sun.xml.ws.api.pipe.Pipe;
import com.sun.xml.ws.api.pipe.PipeCloner;
import com.sun.xml.ws.api.pipe.helper.AbstractFilterPipeImpl;
import com.sun.xml.wss.provider.wsit.logging.LogDomainConstants;
import com.sun.xml.wss.provider.wsit.logging.LogStringsMessages;
import java.security.AccessControlContext;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import javax.security.auth.message.AuthException;
import javax.security.auth.message.AuthStatus;
import javax.security.auth.message.config.ServerAuthContext;
import javax.xml.ws.WebServiceException;

/* loaded from: input_file:com/sun/xml/wss/provider/wsit/ServerSecurityPipe.class */
public class ServerSecurityPipe extends AbstractFilterPipeImpl {
    protected static final Logger logger = Logger.getLogger("com.sun.xml.wss.provider.wsit", LogDomainConstants.WSIT_PVD_DOMAIN_BUNDLE);
    private final boolean isHttpBinding;
    private PipeHelper helper;

    public ServerSecurityPipe(Map<Object, Object> map, Pipe pipe, boolean z) {
        super(pipe);
        map.put(PipeConstants.SECURITY_PIPE, this);
        this.helper = new PipeHelper(PipeConstants.SOAP_LAYER, map, null);
        this.isHttpBinding = z;
    }

    protected ServerSecurityPipe(ServerSecurityPipe serverSecurityPipe, PipeCloner pipeCloner) {
        super(serverSecurityPipe, pipeCloner);
        this.helper = serverSecurityPipe.helper;
        this.isHttpBinding = serverSecurityPipe.isHttpBinding;
    }

    public void preDestroy() {
        this.helper.disable();
        this.next.preDestroy();
    }

    public Pipe copy(PipeCloner pipeCloner) {
        return new ServerSecurityPipe(this, pipeCloner);
    }

    public Packet process(Packet packet) {
        if (this.isHttpBinding) {
            return this.next.process(packet);
        }
        Packet packet2 = null;
        try {
            packet2 = processRequest(packet);
        } catch (Exception e) {
            if (logger.isLoggable(Level.FINE)) {
                logger.log(Level.FINE, "Failure in security pipe process", (Throwable) e);
            }
            packet2 = this.helper.makeFaultResponse(packet2, e);
        }
        return packet2;
    }

    private Packet processRequest(Packet packet) throws Exception {
        AuthStatus authStatus = AuthStatus.SUCCESS;
        PacketMapMessageInfo packetMapMessageInfo = new PacketMapMessageInfo(packet, new Packet());
        Subject subject = (Subject) packet.invocationProperties.get(PipeConstants.SERVER_SUBJECT);
        ServerAuthContext serverAuthContext = this.helper.getServerAuthContext(packetMapMessageInfo, subject);
        Subject clientSubject = getClientSubject(packet);
        try {
            if (serverAuthContext != null) {
                try {
                    authStatus = serverAuthContext.validateRequest(packetMapMessageInfo, clientSubject, subject);
                } catch (Exception e) {
                    logger.log(Level.SEVERE, LogStringsMessages.WSITPVD_0053_ERROR_VALIDATE_REQUEST(), (Throwable) e);
                    Throwable webServiceException = new WebServiceException("Cannot validate request for", e);
                    AuthStatus authStatus2 = AuthStatus.SEND_FAILURE;
                    Packet faultResponse = this.helper.getFaultResponse(packetMapMessageInfo.getRequestPacket(), packetMapMessageInfo.getResponsePacket(), webServiceException);
                    packetMapMessageInfo.getRequestPacket();
                    return faultResponse;
                }
            }
            final Packet requestPacket = packetMapMessageInfo.getRequestPacket();
            Packet packet2 = null;
            if (authStatus == AuthStatus.SUCCESS) {
                this.helper.authorize(requestPacket);
                if (1 != 0) {
                    if (System.getSecurityManager() == null) {
                        try {
                            packet2 = this.next.process(requestPacket);
                        } catch (Exception e2) {
                            logger.log(Level.SEVERE, LogStringsMessages.WSITPVD_0055_WS_ERROR_NEXT_PIPE(), (Throwable) e2);
                            packet2 = this.helper.getFaultResponse(requestPacket, packetMapMessageInfo.getResponsePacket(), e2);
                        }
                    } else {
                        try {
                            packet2 = (Packet) Subject.doAsPrivileged(clientSubject, new PrivilegedExceptionAction() { // from class: com.sun.xml.wss.provider.wsit.ServerSecurityPipe.1
                                @Override // java.security.PrivilegedExceptionAction
                                public Object run() throws Exception {
                                    return ServerSecurityPipe.this.next.process(requestPacket);
                                }
                            }, (AccessControlContext) null);
                        } catch (PrivilegedActionException e3) {
                            Throwable cause = e3.getCause();
                            if (cause instanceof AuthException) {
                                logger.log(Level.SEVERE, LogStringsMessages.WSITPVD_0055_WS_ERROR_NEXT_PIPE(), cause);
                            }
                            packet2 = this.helper.getFaultResponse(requestPacket, packetMapMessageInfo.getResponsePacket(), cause);
                        }
                    }
                }
                if (packet2 == null) {
                    Throwable webServiceException2 = new WebServiceException("Invocation of Service {0} returned null response packet");
                    packet2 = this.helper.getFaultResponse(requestPacket, packetMapMessageInfo.getResponsePacket(), webServiceException2);
                    logger.log(Level.SEVERE, LogStringsMessages.WSITPVD_0056_NULL_RESPONSE(), webServiceException2);
                }
                if (serverAuthContext != null && packet2.getMessage() != null) {
                    packetMapMessageInfo.setResponsePacket(packet2);
                    packet2 = processResponse(packetMapMessageInfo, serverAuthContext, subject);
                }
            } else {
                if (logger.isLoggable(Level.FINE)) {
                    logger.log(Level.FINE, "ws.status_validate_request", authStatus);
                }
                packet2 = packetMapMessageInfo.getResponsePacket();
            }
            return packet2;
        } catch (Throwable th) {
            packetMapMessageInfo.getRequestPacket();
            throw th;
        }
    }

    private Packet processResponse(PacketMessageInfo packetMessageInfo, ServerAuthContext serverAuthContext, Subject subject) throws Exception {
        try {
            AuthStatus secureResponse = serverAuthContext.secureResponse(packetMessageInfo, subject);
            if (logger.isLoggable(Level.FINE)) {
                logger.log(Level.FINE, "ws.status_secure_response", secureResponse);
            }
            return packetMessageInfo.getResponsePacket();
        } catch (Exception e) {
            if (!(e instanceof AuthException)) {
                logger.log(Level.SEVERE, LogStringsMessages.WSITPVD_0054_ERROR_SECURE_RESPONSE(), (Throwable) e);
            } else if (logger.isLoggable(Level.INFO)) {
                logger.log(Level.INFO, "ws.error_secure_response", (Throwable) e);
            }
            return this.helper.makeFaultResponse(packetMessageInfo.getResponsePacket(), e);
        }
    }

    private Subject getClientSubject(Packet packet) {
        Subject subject = null;
        if (packet != null) {
            subject = (Subject) packet.invocationProperties.get(PipeConstants.CLIENT_SUBJECT);
        }
        if (subject == null) {
            subject = this.helper.getClientSubject();
            if (packet != null) {
                packet.invocationProperties.put(PipeConstants.CLIENT_SUBJECT, subject);
            }
        }
        return subject;
    }
}
