package com.sun.enterprise.security.jmac.provider.config;

import com.sun.enterprise.deployment.Application;
import com.sun.enterprise.deployment.BundleDescriptor;
import com.sun.enterprise.deployment.EjbDescriptor;
import com.sun.enterprise.deployment.ServiceReferenceDescriptor;
import com.sun.enterprise.deployment.WebBundleDescriptor;
import com.sun.enterprise.deployment.WebServiceEndpoint;
import com.sun.enterprise.deployment.util.ModuleDescriptor;
import com.sun.enterprise.security.SecurityContext;
import com.sun.enterprise.security.SecurityServicesUtil;
import com.sun.enterprise.security.audit.AuditManager;
import com.sun.enterprise.security.authorize.EJBPolicyContextDelegate;
import com.sun.enterprise.security.common.AppservAccessController;
import com.sun.enterprise.security.common.ClientSecurityContext;
import com.sun.enterprise.security.jmac.AuthMessagePolicy;
import com.sun.enterprise.security.jmac.config.ConfigHelper;
import com.sun.enterprise.security.jmac.config.GFServerConfigProvider;
import com.sun.enterprise.security.jmac.config.HandlerContext;
import com.sun.enterprise.security.webservices.PipeConstants;
import com.sun.enterprise.util.LocalStringManagerImpl;
import com.sun.enterprise.util.io.FileUtils;
import com.sun.xml.ws.api.EndpointAddress;
import com.sun.xml.ws.api.SOAPVersion;
import com.sun.xml.ws.api.WSBinding;
import com.sun.xml.ws.api.message.Message;
import com.sun.xml.ws.api.message.Messages;
import com.sun.xml.ws.api.message.Packet;
import com.sun.xml.ws.api.model.JavaMethod;
import com.sun.xml.ws.api.model.SEIModel;
import com.sun.xml.ws.api.model.wsdl.WSDLPort;
import com.sun.xml.ws.api.server.WSEndpoint;
import java.lang.reflect.Method;
import java.net.URL;
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.message.AuthException;
import javax.security.auth.message.AuthStatus;
import javax.security.auth.message.MessageInfo;
import javax.security.auth.message.config.AuthConfigFactory;
import javax.security.auth.message.config.ClientAuthConfig;
import javax.security.auth.message.config.ClientAuthContext;
import javax.security.auth.message.config.ServerAuthConfig;
import javax.security.auth.message.config.ServerAuthContext;
import javax.servlet.http.HttpServletRequest;
import javax.xml.bind.UnmarshalException;
import javax.xml.ws.WebServiceException;
import org.glassfish.api.invocation.ComponentInvocation;
import org.glassfish.api.invocation.InvocationManager;

/* loaded from: input_file:com/sun/enterprise/security/jmac/provider/config/PipeHelper.class */
public class PipeHelper extends ConfigHelper {
    private AuditManager auditManager;
    protected static final LocalStringManagerImpl localStrings = new LocalStringManagerImpl(PipeConstants.class);
    private boolean isEjbEndpoint;
    private SEIModel seiModel;
    private SOAPVersion soapVersion;
    private InvocationManager invManager;
    private EJBPolicyContextDelegate ejbDelegate;

    public PipeHelper(String str, Map map, CallbackHandler callbackHandler) {
        WSEndpoint wSEndpoint;
        this.auditManager = null;
        this.invManager = null;
        this.ejbDelegate = null;
        init(str, getAppCtxt(map), map, callbackHandler);
        this.isEjbEndpoint = processSunDeploymentDescriptor();
        this.seiModel = (SEIModel) map.get(PipeConstants.SEI_MODEL);
        WSBinding wSBinding = (WSBinding) map.get(PipeConstants.BINDING);
        if (wSBinding == null && (wSEndpoint = (WSEndpoint) map.get(PipeConstants.ENDPOINT)) != null) {
            wSBinding = wSEndpoint.getBinding();
        }
        this.soapVersion = wSBinding != null ? wSBinding.getSOAPVersion() : SOAPVersion.SOAP_11;
        this.auditManager = SecurityServicesUtil.getInstance().getAuditManager();
        this.invManager = (InvocationManager) SecurityServicesUtil.getInstance().getHabitat().getComponent(InvocationManager.class);
        this.ejbDelegate = new EJBPolicyContextDelegate();
    }

    public ClientAuthContext getClientAuthContext(MessageInfo messageInfo, Subject subject) throws AuthException {
        ClientAuthConfig authConfig = getAuthConfig(false);
        if (authConfig == null) {
            return null;
        }
        addModel(messageInfo, this.map);
        return authConfig.getAuthContext(authConfig.getAuthContextID(messageInfo), subject, this.map);
    }

    public ServerAuthContext getServerAuthContext(MessageInfo messageInfo, Subject subject) throws AuthException {
        ServerAuthConfig authConfig = getAuthConfig(true);
        if (authConfig == null) {
            return null;
        }
        addModel(messageInfo, this.map);
        return authConfig.getAuthContext(authConfig.getAuthContextID(messageInfo), subject, this.map);
    }

    public static Subject getClientSubject() {
        Subject subject = null;
        if (SecurityServicesUtil.getInstance().isACC()) {
            ClientSecurityContext current = ClientSecurityContext.getCurrent();
            if (current != null) {
                subject = current.getSubject();
            }
            if (subject == null) {
                subject = Subject.getSubject(AccessController.getContext());
            }
        } else {
            SecurityContext current2 = SecurityContext.getCurrent();
            if (current2 != null && !current2.didServerGenerateCredentials()) {
                subject = current2.getSubject();
            }
        }
        if (subject == null) {
            subject = new Subject();
        }
        return subject;
    }

    public void getSessionToken(Map map, MessageInfo messageInfo, Subject subject) throws AuthException {
        ClientAuthConfig authConfig = getAuthConfig(false);
        if (authConfig != null) {
            map.putAll(this.map);
            addModel(messageInfo, this.map);
            authConfig.getAuthContext(authConfig.getAuthContextID(messageInfo), subject, map);
        }
    }

    public void authorize(Packet packet) throws Exception {
        final String ejbImplClassName;
        SecurityContext.setCurrent(new SecurityContext((Subject) packet.invocationProperties.get(PipeConstants.CLIENT_SUBJECT)));
        if (this.isEjbEndpoint) {
            ComponentInvocation currentInvocation = this.invManager.getCurrentInvocation();
            if (this.ejbDelegate != null) {
                this.ejbDelegate.setSOAPMessage(packet.getMessage(), currentInvocation);
            }
            Method method = null;
            if (this.seiModel != null) {
                JavaMethod method2 = packet.getMessage().getMethod(this.seiModel);
                method = method2 != null ? method2.getMethod() : null;
            } else {
                EjbDescriptor ejbComponentImpl = ((WebServiceEndpoint) this.map.get(PipeConstants.SERVICE_ENDPOINT)).getEjbComponentImpl();
                if (ejbComponentImpl != null && (ejbImplClassName = ejbComponentImpl.getEjbImplClassName()) != null) {
                    try {
                        method = (Method) AppservAccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.sun.enterprise.security.jmac.provider.config.PipeHelper.1
                            @Override // java.security.PrivilegedExceptionAction
                            public Object run() throws Exception {
                                return Class.forName(ejbImplClassName, true, Thread.currentThread().getContextClassLoader()).getMethod("invoke", Object.class);
                            }
                        });
                    } catch (PrivilegedActionException e) {
                        throw new RuntimeException(e.getException());
                    }
                }
            }
            if (method == null || this.ejbDelegate == null) {
                return;
            }
            try {
                if (this.ejbDelegate.authorize(currentInvocation, method)) {
                } else {
                    throw new Exception(localStrings.getLocalString("enterprise.webservice.methodNotAuth", "Client not authorized for invocation of {0}", new Object[]{method}));
                }
            } catch (UnmarshalException e2) {
                UnmarshalException unmarshalException = new UnmarshalException(localStrings.getLocalString("enterprise.webservice.errorUnMarshalMethod", "Error unmarshalling method for ejb {0}", new Object[]{ejbName()}));
                unmarshalException.initCause(e2);
                throw unmarshalException;
            } catch (Exception e3) {
                Exception exc = new Exception(localStrings.getLocalString("enterprise.webservice.methodNotAuth", "Client not authorized for invocation of {0}", new Object[]{method}));
                exc.initCause(e3);
                throw exc;
            }
        }
    }

    public void auditInvocation(Packet packet, AuthStatus authStatus) {
        WebServiceEndpoint webServiceEndpoint;
        if (this.auditManager.isAuditOn()) {
            String str = null;
            if (!this.isEjbEndpoint && packet != null && packet.supports("javax.xml.ws.servlet.request")) {
                str = ((HttpServletRequest) packet.get("javax.xml.ws.servlet.request")).getRequestURI().toString();
            }
            String str2 = null;
            if (this.map != null && (webServiceEndpoint = (WebServiceEndpoint) this.map.get(PipeConstants.SERVICE_ENDPOINT)) != null) {
                str2 = webServiceEndpoint.getEndpointName();
            }
            if (str2 == null) {
                str2 = "(no endpoint)";
            }
            if (this.isEjbEndpoint) {
                this.auditManager.ejbAsWebServiceInvocation(str2, AuthStatus.SUCCESS.equals(authStatus));
            } else {
                this.auditManager.webServiceInvocation(str == null ? "(no uri)" : str, str2, AuthStatus.SUCCESS.equals(authStatus));
            }
        }
    }

    public Object getModelName() {
        WSDLPort wSDLPort = (WSDLPort) getProperty(PipeConstants.WSDL_MODEL);
        return wSDLPort == null ? "unknown" : wSDLPort.getName();
    }

    public Packet makeFaultResponse(Packet packet, Throwable th) {
        if (!(th instanceof WebServiceException)) {
            th = new WebServiceException(th);
        }
        if (packet == null) {
            packet = new Packet();
        }
        try {
            return packet.createResponse(Messages.create(th, this.soapVersion));
        } catch (Exception e) {
            return new Packet().createResponse(Messages.create(th, this.soapVersion));
        }
    }

    public boolean isTwoWay(boolean z, Packet packet) {
        WSDLPort wSDLPort;
        boolean z2 = z;
        Message message = packet.getMessage();
        if (message != null && (wSDLPort = (WSDLPort) getProperty(PipeConstants.WSDL_MODEL)) != null) {
            z2 = !message.isOneWay(wSDLPort);
        }
        return z2;
    }

    public Packet getFaultResponse(Packet packet, Packet packet2, Throwable th) {
        boolean z = true;
        try {
            z = isTwoWay(true, packet);
        } catch (Exception e) {
        }
        return z ? makeFaultResponse(packet2, th) : new Packet();
    }

    public void disable() {
        this.listenerWrapper.disableWithRefCount();
    }

    protected HandlerContext getHandlerContext(Map map) {
        String str = null;
        WebServiceEndpoint webServiceEndpoint = (WebServiceEndpoint) map.get(PipeConstants.SERVICE_ENDPOINT);
        if (webServiceEndpoint != null) {
            Application application = webServiceEndpoint.getBundleDescriptor().getApplication();
            if (application != null) {
                str = application.getRealm();
            }
            if (str == null) {
                str = webServiceEndpoint.getRealm();
            }
        }
        final String str2 = str;
        return new HandlerContext() { // from class: com.sun.enterprise.security.jmac.provider.config.PipeHelper.2
            public String getRealmName() {
                return str2;
            }
        };
    }

    private boolean processSunDeploymentDescriptor() {
        if (factory == null) {
            return false;
        }
        if (AuthMessagePolicy.getMessageSecurityBinding(PipeConstants.SOAP_LAYER, this.map) != null && !hasExactMatchAuthProvider()) {
            setJmacProviderRegisID(factory.registerConfigProvider(new GFServerConfigProvider((Map) null, (AuthConfigFactory) null), this.layer, this.appCtxt, "GF AuthConfigProvider bound by Sun Specific Descriptor"));
        }
        WebServiceEndpoint webServiceEndpoint = (WebServiceEndpoint) this.map.get(PipeConstants.SERVICE_ENDPOINT);
        if (webServiceEndpoint == null) {
            return false;
        }
        return webServiceEndpoint.implementedByEjbComponent();
    }

    private static String getAppCtxt(Map map) {
        String str;
        WebServiceEndpoint webServiceEndpoint = (WebServiceEndpoint) map.get(PipeConstants.SERVICE_ENDPOINT);
        if (webServiceEndpoint != null) {
            str = getServerName(webServiceEndpoint) + " " + getEndpointURI(webServiceEndpoint);
        } else {
            ServiceReferenceDescriptor serviceReferenceDescriptor = (ServiceReferenceDescriptor) map.get(PipeConstants.SERVICE_REF);
            str = getClientModuleID(serviceReferenceDescriptor) + " " + getRefName(serviceReferenceDescriptor, map);
        }
        return str;
    }

    private static String getServerName(WebServiceEndpoint webServiceEndpoint) {
        return "localhost";
    }

    private static String getRefName(ServiceReferenceDescriptor serviceReferenceDescriptor, Map map) {
        EndpointAddress endpointAddress;
        URL url;
        String str = null;
        if (serviceReferenceDescriptor != null) {
            str = serviceReferenceDescriptor.getName();
        }
        if (str == null && (endpointAddress = (EndpointAddress) map.get(PipeConstants.ENDPOINT_ADDRESS)) != null && (url = endpointAddress.getURL()) != null) {
            str = url.toString();
        }
        if (str == null) {
            str = "#default-ref-name#";
        }
        return str;
    }

    private static String getEndpointURI(WebServiceEndpoint webServiceEndpoint) {
        WebBundleDescriptor bundleDescriptor;
        String str = "#default-endpoint-context#";
        if (webServiceEndpoint != null) {
            str = webServiceEndpoint.getEndpointAddressUri();
            if (str != null && !str.startsWith("/")) {
                str = "/" + str;
            }
            if (webServiceEndpoint.implementedByWebComponent() && (bundleDescriptor = webServiceEndpoint.getBundleDescriptor()) != null) {
                String contextRoot = bundleDescriptor.getContextRoot();
                if (contextRoot != null) {
                    if (!contextRoot.startsWith("/")) {
                        contextRoot = "/" + contextRoot;
                    }
                    str = contextRoot + str;
                }
            }
        }
        return str;
    }

    private static String getClientModuleID(ServiceReferenceDescriptor serviceReferenceDescriptor) {
        String str = "#default-client-context#";
        if (serviceReferenceDescriptor != null) {
            ModuleDescriptor moduleDescriptor = null;
            BundleDescriptor bundleDescriptor = serviceReferenceDescriptor.getBundleDescriptor();
            if (bundleDescriptor != null) {
                moduleDescriptor = bundleDescriptor.getModuleDescriptor();
            }
            Application application = bundleDescriptor.getApplication();
            if (application != null) {
                if (application.isVirtual()) {
                    str = application.getRegistrationName();
                } else if (moduleDescriptor != null) {
                    str = FileUtils.makeFriendlyFilename(moduleDescriptor.getArchiveUri());
                }
            } else if (moduleDescriptor != null) {
                str = FileUtils.makeFriendlyFilename(moduleDescriptor.getArchiveUri());
            }
        }
        return str;
    }

    private static void addModel(MessageInfo messageInfo, Map map) {
        Object obj = map.get(PipeConstants.WSDL_MODEL);
        if (obj != null) {
            messageInfo.getMap().put(PipeConstants.WSDL_MODEL, obj);
        }
    }

    private String ejbName() {
        WebServiceEndpoint webServiceEndpoint = (WebServiceEndpoint) getProperty(PipeConstants.SERVICE_ENDPOINT);
        return webServiceEndpoint == null ? "unknown" : webServiceEndpoint.getEjbComponentImpl().getName();
    }
}
