package com.sun.xml.wss.provider.wsit;

import com.sun.xml.ws.api.message.Packet;
import com.sun.xml.ws.api.model.wsdl.WSDLPort;
import com.sun.xml.ws.api.pipe.Fiber;
import com.sun.xml.ws.api.pipe.NextAction;
import com.sun.xml.ws.api.pipe.Tube;
import com.sun.xml.ws.api.pipe.TubeCloner;
import com.sun.xml.ws.api.pipe.helper.AbstractFilterTubeImpl;
import com.sun.xml.ws.api.pipe.helper.AbstractTubeImpl;
import com.sun.xml.ws.security.secconv.SecureConversationInitiator;
import com.sun.xml.ws.security.secconv.WSSecureConversationException;
import com.sun.xml.wss.jaxws.impl.TubeConfiguration;
import com.sun.xml.wss.provider.wsit.logging.LogDomainConstants;
import com.sun.xml.wss.provider.wsit.logging.LogStringsMessages;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import javax.security.auth.message.AuthStatus;
import javax.security.auth.message.config.ClientAuthContext;
import javax.xml.bind.JAXBElement;
import javax.xml.ws.WebServiceException;

/* loaded from: input_file:com/sun/xml/wss/provider/wsit/ClientSecurityTube.class */
public class ClientSecurityTube extends AbstractFilterTubeImpl implements SecureConversationInitiator {
    private static final String WSIT_CLIENT_AUTH_CONTEXT = "com.sun.xml.wss.provider.wsit.WSITClientAuthContext";
    protected PipeHelper helper;
    private AuthStatus status;
    private ClientAuthContext cAC;
    private Subject clientSubject;
    private PacketMessageInfo pmInfo;
    protected X509Certificate serverCert;
    protected static final Logger log = Logger.getLogger("com.sun.xml.wss.provider.wsit", LogDomainConstants.WSIT_PVD_DOMAIN_BUNDLE);

    public ClientSecurityTube(TubeConfiguration tubeConfiguration, Tube tube) {
        super(tube);
        this.status = AuthStatus.SEND_SUCCESS;
        this.cAC = null;
        this.clientSubject = null;
        this.pmInfo = null;
        this.serverCert = null;
    }

    public ClientSecurityTube(Map<Object, Object> map, Tube tube) {
        super(tube);
        this.status = AuthStatus.SEND_SUCCESS;
        this.cAC = null;
        this.clientSubject = null;
        this.pmInfo = null;
        this.serverCert = null;
        map.put(PipeConstants.SECURITY_PIPE, this);
        WSDLPort wSDLPort = (WSDLPort) map.get(PipeConstants.WSDL_MODEL);
        if (wSDLPort != null) {
            map.put(PipeConstants.WSDL_SERVICE, wSDLPort.getOwner().getName());
        }
        this.helper = new PipeHelper(PipeConstants.SOAP_LAYER, map, null);
    }

    protected ClientSecurityTube(ClientSecurityTube clientSecurityTube, TubeCloner tubeCloner) {
        super(clientSecurityTube, tubeCloner);
        this.status = AuthStatus.SEND_SUCCESS;
        this.cAC = null;
        this.clientSubject = null;
        this.pmInfo = null;
        this.serverCert = null;
        this.helper = clientSecurityTube.helper;
        this.serverCert = clientSecurityTube.serverCert;
    }

    /* renamed from: copy, reason: merged with bridge method [inline-methods] */
    public AbstractTubeImpl m284copy(TubeCloner tubeCloner) {
        return new ClientSecurityTube(this, tubeCloner);
    }

    public void preDestroy() {
        try {
            Packet packet = new Packet();
            PacketMapMessageInfo packetMapMessageInfo = new PacketMapMessageInfo(packet, new Packet());
            Subject clientSubject = getClientSubject(packet);
            ClientAuthContext clientAuthContext = this.helper.getClientAuthContext(packetMapMessageInfo, clientSubject);
            if (clientAuthContext != null && WSIT_CLIENT_AUTH_CONTEXT.equals(clientAuthContext.getClass().getName())) {
                clientAuthContext.cleanSubject(packetMapMessageInfo, clientSubject);
            }
        } catch (Exception e) {
        }
        this.helper.disable();
    }

    public NextAction processRequest(Packet packet) {
        try {
            Packet processClientRequest = processClientRequest(packet);
            this.clientSubject = (Subject) processClientRequest.invocationProperties.get(PipeConstants.CLIENT_SUBJECT);
            return this.status == AuthStatus.FAILURE ? doReturnWith(processClientRequest) : doInvoke(((AbstractFilterTubeImpl) this).next, processClientRequest);
        } catch (Throwable th) {
            th = th;
            if (!(th instanceof WebServiceException)) {
                th = new WebServiceException(th);
            }
            return doThrow(th);
        }
    }

    public NextAction processResponse(Packet packet) {
        try {
            packet.invocationProperties.put(PipeConstants.CLIENT_SUBJECT, this.clientSubject);
            return doReturnWith(processClientResponse(packet));
        } catch (Throwable th) {
            th = th;
            if (!(th instanceof WebServiceException)) {
                th = new WebServiceException(th);
            }
            return doThrow(th);
        }
    }

    public NextAction processException(Throwable th) {
        if (!(th instanceof WebServiceException)) {
            th = new WebServiceException(th);
        }
        return doThrow(th);
    }

    private Packet processClientRequest(Packet packet) {
        Packet requestPacket;
        PacketMapMessageInfo packetMapMessageInfo = new PacketMapMessageInfo(packet, new Packet());
        packetMapMessageInfo.getMap().put("javax.xml.ws.wsdl.service", this.helper.getProperty(PipeConstants.WSDL_SERVICE));
        this.clientSubject = getClientSubject(packet);
        this.cAC = null;
        try {
            this.cAC = this.helper.getClientAuthContext(packetMapMessageInfo, this.clientSubject);
            if (this.cAC != null) {
                this.status = this.cAC.secureRequest(packetMapMessageInfo, this.clientSubject);
            }
            if (this.status == AuthStatus.FAILURE) {
                if (log.isLoggable(Level.FINE)) {
                    log.log(Level.FINE, "ws.status_secure_request", this.status);
                }
                requestPacket = packetMapMessageInfo.getResponsePacket();
            } else {
                requestPacket = packetMapMessageInfo.getRequestPacket();
            }
            this.pmInfo = packetMapMessageInfo;
            return requestPacket;
        } catch (Exception e) {
            log.log(Level.SEVERE, LogStringsMessages.WSITPVD_0058_ERROR_SECURE_REQUEST(), (Throwable) e);
            throw new WebServiceException("Cannot secure request", e);
        }
    }

    private Packet processClientResponse(Packet packet) {
        if (packet.getMessage() != null && this.cAC != null) {
            AuthStatus authStatus = AuthStatus.SUCCESS;
            this.pmInfo.setResponsePacket(packet);
            try {
                packet = this.cAC.validateResponse(this.pmInfo, this.clientSubject, (Subject) null) == AuthStatus.SEND_CONTINUE ? processSecureRequest(this.pmInfo, this.cAC, this.clientSubject) : this.pmInfo.getResponsePacket();
            } catch (Exception e) {
                throw new WebServiceException("Cannot validate response for {0}", e);
            }
        }
        return packet;
    }

    private Packet processSecureRequest(PacketMessageInfo packetMessageInfo, ClientAuthContext clientAuthContext, Subject subject) throws WebServiceException {
        Packet runSync = Fiber.current().owner.createFiber().runSync(this.next, packetMessageInfo.getRequestPacket());
        if (runSync.getMessage() != null && clientAuthContext != null) {
            AuthStatus authStatus = AuthStatus.SUCCESS;
            packetMessageInfo.setResponsePacket(runSync);
            try {
                runSync = clientAuthContext.validateResponse(packetMessageInfo, subject, (Subject) null) == AuthStatus.SEND_CONTINUE ? processSecureRequest(packetMessageInfo, clientAuthContext, subject) : packetMessageInfo.getResponsePacket();
            } catch (Exception e) {
                throw new WebServiceException("Cannot validate response for {0}", e);
            }
        }
        return runSync;
    }

    public JAXBElement startSecureConversation(Packet packet) throws WSSecureConversationException {
        PacketMapMessageInfo packetMapMessageInfo = new PacketMapMessageInfo(packet, new Packet());
        JAXBElement jAXBElement = null;
        try {
            Subject clientSubject = getClientSubject(packet);
            HashMap hashMap = new HashMap();
            hashMap.put(PipeConstants.SECURITY_TOKEN, packetMapMessageInfo);
            this.helper.getSessionToken(hashMap, packetMapMessageInfo, clientSubject);
            Object obj = packetMapMessageInfo.getMap().get(PipeConstants.SECURITY_TOKEN);
            if (obj != null && (obj instanceof JAXBElement)) {
                jAXBElement = (JAXBElement) obj;
            }
            return jAXBElement;
        } catch (Exception e) {
            if (e instanceof WSSecureConversationException) {
                throw e;
            }
            throw new WSSecureConversationException("Secure Conversation failure: ", e);
        }
    }

    private Subject getClientSubject(Packet packet) {
        Subject subject = null;
        if (packet != null) {
            subject = (Subject) packet.invocationProperties.get(PipeConstants.CLIENT_SUBJECT);
        }
        if (subject == null) {
            subject = this.helper.getClientSubject();
            if (packet != null) {
                packet.invocationProperties.put(PipeConstants.CLIENT_SUBJECT, subject);
            }
        }
        return subject;
    }
}
