package org.eclipse.scout.jaxws.security.provider;

import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.xml.namespace.QName;
import javax.xml.soap.SOAPElement;
import javax.xml.soap.SOAPHeader;
import javax.xml.ws.WebServiceException;
import javax.xml.ws.handler.MessageContext;
import javax.xml.ws.handler.soap.SOAPMessageContext;
import org.eclipse.scout.commons.BooleanUtility;
import org.eclipse.scout.commons.TypeCastUtility;
import org.eclipse.scout.commons.logger.IScoutLogger;
import org.eclipse.scout.commons.logger.ScoutLogManager;
import org.eclipse.scout.jaxws.annotation.ScoutTransaction;
import org.eclipse.scout.jaxws.internal.ContextHelper;
import org.eclipse.scout.jaxws.internal.SessionHelper;
import org.eclipse.scout.jaxws.security.Authenticator;
import org.eclipse.scout.jaxws.session.IServerSessionFactory;
import org.eclipse.scout.rt.server.IServerSession;
import org.eclipse.scout.service.ServiceUtility;

@ScoutTransaction
/* loaded from: input_file:org/eclipse/scout/jaxws/security/provider/WsseUsernameTokenAuthenticationHandler.class */
public class WsseUsernameTokenAuthenticationHandler implements IAuthenticationHandler {
    private static final IScoutLogger LOG = ScoutLogManager.getLogger(WsseUsernameTokenAuthenticationHandler.class);
    private static final String WSSE = "wsse";
    private static final String WS_SEC = "Security";
    private static final String USERNAME_TOKEN = "UsernameToken";
    private static final String USERNAME = "Username";
    private static final String PASSWORD = "Password";
    private static final String NAME_SPACE_URI = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
    private ICredentialValidationStrategy m_credentialValidationStrategy;

    public WsseUsernameTokenAuthenticationHandler() {
        ServiceUtility.injectConfigProperties(this);
    }

    public final boolean handleMessage(SOAPMessageContext sOAPMessageContext) {
        if (((Boolean) TypeCastUtility.castValue(sOAPMessageContext.get("javax.xml.ws.handler.message.outbound"), Boolean.TYPE)).booleanValue() || Authenticator.isSubjectAuthenticated()) {
            return true;
        }
        try {
            SOAPHeader header = sOAPMessageContext.getMessage().getSOAPPart().getEnvelope().getHeader();
            if (header == null) {
                throw new WebServiceException("Authentication failed as no WSSE-Security header found.");
            }
            if (!authenticateRequest(header)) {
                return breakHandlerChain(sOAPMessageContext);
            }
            IServerSessionFactory portTypeSessionFactory = ContextHelper.getPortTypeSessionFactory(sOAPMessageContext);
            IServerSession createNewServerSession = SessionHelper.createNewServerSession(portTypeSessionFactory);
            if (createNewServerSession == null) {
                return true;
            }
            ContextHelper.setContextSession(sOAPMessageContext, portTypeSessionFactory, createNewServerSession);
            return true;
        } catch (Exception e) {
            return breakHandlerChainWithException(sOAPMessageContext, e);
        }
    }

    @Override // org.eclipse.scout.jaxws.security.provider.IAuthenticationHandler
    public void injectCredentialValidationStrategy(ICredentialValidationStrategy iCredentialValidationStrategy) {
        this.m_credentialValidationStrategy = iCredentialValidationStrategy;
    }

    public Set<QName> getHeaders() {
        HashSet hashSet = new HashSet();
        hashSet.add(new QName(NAME_SPACE_URI, WS_SEC));
        return hashSet;
    }

    public void close(MessageContext messageContext) {
    }

    public boolean handleFault(SOAPMessageContext sOAPMessageContext) {
        return false;
    }

    protected boolean authenticateRequest(SOAPHeader sOAPHeader) throws Exception {
        Iterator childElements = sOAPHeader.getChildElements(new QName(NAME_SPACE_URI, WS_SEC, WSSE));
        if (!childElements.hasNext()) {
            throw new WebServiceException("Authentication failed as no WSSE-Security header found.");
        }
        while (childElements.hasNext()) {
            Iterator childElements2 = ((SOAPElement) childElements.next()).getChildElements(new QName(NAME_SPACE_URI, USERNAME_TOKEN, WSSE));
            while (childElements2.hasNext()) {
                SOAPElement sOAPElement = (SOAPElement) childElements2.next();
                Iterator childElements3 = sOAPElement.getChildElements(new QName(NAME_SPACE_URI, USERNAME, WSSE));
                Iterator childElements4 = sOAPElement.getChildElements(new QName(NAME_SPACE_URI, PASSWORD, WSSE));
                if (childElements3.hasNext() && childElements4.hasNext()) {
                    SOAPElement sOAPElement2 = (SOAPElement) childElements3.next();
                    SOAPElement sOAPElement3 = (SOAPElement) childElements4.next();
                    if (sOAPElement2 != null && sOAPElement3 != null) {
                        return Authenticator.authenticateRequest(this.m_credentialValidationStrategy, sOAPElement2.getValue(), sOAPElement3.getValue());
                    }
                }
            }
        }
        return false;
    }

    protected boolean breakHandlerChain(SOAPMessageContext sOAPMessageContext) {
        sOAPMessageContext.put("javax.xml.ws.http.response.code", 401);
        if (BooleanUtility.nvl((Boolean) sOAPMessageContext.get("com.sun.xml.internal.ws.server.OneWayOperation"), false)) {
            throw new WebServiceException("Unauthorized");
        }
        return false;
    }

    protected boolean breakHandlerChainWithException(SOAPMessageContext sOAPMessageContext, Exception exc) {
        sOAPMessageContext.put("javax.xml.ws.http.response.code", 500);
        LOG.error("Internal server error (Message Level WS-Security with UsernameToken authentication)", exc);
        if (exc instanceof WebServiceException) {
            throw ((WebServiceException) exc);
        }
        throw new WebServiceException("Internal server error");
    }

    @Override // org.eclipse.scout.jaxws.security.provider.IAuthenticationHandler
    public String getName() {
        return "WSSE Username Token";
    }
}
