package org.n52.security.service.crypto;

import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import javax.xml.namespace.QName;
import javax.xml.soap.SOAPBody;
import javax.xml.soap.SOAPException;
import org.apache.axis.AxisFault;
import org.apache.axis.Message;
import org.apache.axis.MessageContext;
import org.apache.axis.handlers.BasicHandler;
import org.apache.axis.message.SOAPEnvelope;
import org.apache.axis.message.SOAPHeaderElement;
import org.n52.security.common.xml.DOMSerializer;
import org.n52.security.service.config.SecurityConfig;
import org.n52.security.service.config.ServiceConfig;
import org.n52.security.service.config.support.axis1.Axis1SecurityConfigUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:org/n52/security/service/crypto/Axis1SecurityHandler.class */
public class Axis1SecurityHandler extends BasicHandler {
    private static final long serialVersionUID = -8971125677235353598L;
    private static final Logger LOG = LoggerFactory.getLogger(Axis1SecurityHandler.class);
    private static final String PROPERTY_SOAPDOCUMENTSECURER = "soapDocumentSecurer";
    private static final String PROPERTY_SOAPDOCUMENTVERIFIER = "soapDocumentVerifier";
    private static final String OPTION_SERVICE_NAME = "serviceName";
    private static final String OPTION_ACTIVATED_ON_BODY_ELEMENTS = "activatedOnBodyElementNames";

    public List getUnderstoodHeaders() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Security"));
        return arrayList;
    }

    public void invoke(MessageContext messageContext) throws AxisFault {
        try {
            if (messageContext.isClient()) {
                if (messageContext.getPastPivot()) {
                    validateMsg(messageContext, messageContext.getResponseMessage());
                } else {
                    secureMsg(messageContext, messageContext.getRequestMessage());
                }
            } else if (messageContext.getPastPivot()) {
                secureMsg(messageContext, messageContext.getResponseMessage());
            } else {
                validateMsg(messageContext, messageContext.getRequestMessage());
            }
        } catch (Throwable th) {
            if (LOG.isWarnEnabled()) {
                LOG.warn("exception during handling the security of an axis soap message: " + th, th);
            }
            if (!(th instanceof AxisFault)) {
                throw new AxisFault("exception during security handling: " + th, th);
            }
            throw th;
        }
    }

    protected void secureMsg(MessageContext messageContext, Message message) throws Exception {
        if (LOG.isTraceEnabled()) {
            LOG.trace(MessageFormat.format("secureMsg({0})", DOMSerializer.createNew().serializeToString(message.getSOAPEnvelope().getAsDocument())));
        }
        SOAPEnvelope sOAPEnvelope = message.getSOAPEnvelope();
        if (reactOnMsg(messageContext, sOAPEnvelope.getBody())) {
            SoapDocumentSecurer soapDocumentSecurer = getSoapDocumentSecurer(getServiceConfig(messageContext));
            Document asDocument = sOAPEnvelope.getAsDocument();
            replaceInMessageCtx(messageContext, asDocument, soapDocumentSecurer.secure(asDocument, new HashMap()));
        }
    }

    protected void validateMsg(MessageContext messageContext, Message message) throws Exception {
        if (LOG.isTraceEnabled()) {
            LOG.trace(MessageFormat.format("validateMsg({0})", DOMSerializer.createNew().serializeToString(message.getSOAPEnvelope().getAsDocument())));
        }
        SOAPEnvelope sOAPEnvelope = message.getSOAPEnvelope();
        if (reactOnMsg(messageContext, sOAPEnvelope.getBody())) {
            getSoapDocumentVerifier(getServiceConfig(messageContext)).verify(sOAPEnvelope.getAsDocument(), new HashMap());
            SOAPHeaderElement headerByName = sOAPEnvelope.getHeaderByName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Security");
            if (headerByName != null) {
                headerByName.setProcessed(true);
            }
        }
    }

    private boolean reactOnMsg(MessageContext messageContext, SOAPBody sOAPBody) throws SOAPException {
        String[] bodyElementNames = getBodyElementNames(messageContext);
        if (bodyElementNames.length == 0) {
            return true;
        }
        List asList = Arrays.asList(bodyElementNames);
        NodeList childNodes = sOAPBody.getChildNodes();
        for (int i = 0; i < childNodes.getLength(); i++) {
            Node item = childNodes.item(i);
            if (item.getNodeType() == 1 && asList.contains(item.getLocalName())) {
                return true;
            }
        }
        return false;
    }

    protected void replaceInMessageCtx(MessageContext messageContext, Document document, Document document2) {
        messageContext.setCurrentMessage(new Message(DOMSerializer.createNew().serializeToBytes(document2)));
    }

    protected String findOptionValue(String str, MessageContext messageContext) {
        String str2;
        String str3 = (String) messageContext.getProperty(str);
        return str3 != null ? str3 : (messageContext.getService() == null || (str2 = (String) messageContext.getService().getOption(str)) == null) ? (String) getOption(str) : str2;
    }

    protected ServiceConfig getServiceConfig(MessageContext messageContext) {
        SecurityConfig securityConfig = Axis1SecurityConfigUtil.getSecurityConfig(messageContext);
        if (securityConfig == null) {
            throw new IllegalStateException("<security-config> not found in axis 1 message context");
        }
        String serviceName = getServiceName(messageContext);
        ServiceConfig serviceConfig = securityConfig.getServiceConfig(serviceName);
        if (serviceConfig == null) {
            throw new IllegalStateException("Service element <" + serviceName + "> not found in security-config.");
        }
        return serviceConfig;
    }

    protected String getServiceName(MessageContext messageContext) {
        String findOptionValue = findOptionValue(OPTION_SERVICE_NAME, messageContext);
        if (findOptionValue == null) {
            throw new IllegalStateException("Property serviceName not configured on handler configuration.");
        }
        return findOptionValue;
    }

    protected String[] getBodyElementNames(MessageContext messageContext) {
        String findOptionValue = findOptionValue(OPTION_ACTIVATED_ON_BODY_ELEMENTS, messageContext);
        return findOptionValue == null ? new String[0] : findOptionValue.split(";|,| ");
    }

    protected SoapDocumentSecurer getSoapDocumentSecurer(ServiceConfig serviceConfig) {
        SoapDocumentSecurer soapDocumentSecurer = (SoapDocumentSecurer) serviceConfig.getProperties().get(PROPERTY_SOAPDOCUMENTSECURER);
        if (soapDocumentSecurer == null) {
            throw new IllegalStateException("property <soapDocumentSecurer> not configured in service config <" + serviceConfig + ">");
        }
        return soapDocumentSecurer;
    }

    protected SoapDocumentVerifier getSoapDocumentVerifier(ServiceConfig serviceConfig) {
        SoapDocumentVerifier soapDocumentVerifier = (SoapDocumentVerifier) serviceConfig.getProperties().get(PROPERTY_SOAPDOCUMENTVERIFIER);
        if (soapDocumentVerifier == null) {
            throw new IllegalStateException("property <soapDocumentVerifier> not configured in service config <" + serviceConfig + ">");
        }
        return soapDocumentVerifier;
    }
}
