package com.sun.xml.wss.provider.wsit;

import com.sun.tools.ws.processor.modeler.annotation.WebServiceConstants;
import com.sun.xml.ws.api.message.AttachmentSet;
import com.sun.xml.ws.api.message.Message;
import com.sun.xml.ws.api.message.Messages;
import com.sun.xml.ws.api.message.Packet;
import com.sun.xml.ws.api.model.wsdl.WSDLBoundOperation;
import com.sun.xml.ws.api.model.wsdl.WSDLFault;
import com.sun.xml.ws.api.model.wsdl.WSDLOperation;
import com.sun.xml.ws.api.server.WSEndpoint;
import com.sun.xml.ws.message.stream.LazyStreamBasedMessage;
import com.sun.xml.ws.policy.Policy;
import com.sun.xml.ws.policy.PolicyAssertion;
import com.sun.xml.ws.policy.PolicyException;
import com.sun.xml.ws.runtime.util.Session;
import com.sun.xml.ws.runtime.util.SessionManager;
import com.sun.xml.ws.security.IssuedTokenContext;
import com.sun.xml.ws.security.SecurityContextToken;
import com.sun.xml.ws.security.impl.IssuedTokenContextImpl;
import com.sun.xml.ws.security.impl.policy.Constants;
import com.sun.xml.ws.security.impl.policyconv.SecurityPolicyHolder;
import com.sun.xml.ws.security.opt.impl.JAXBFilterProcessingContext;
import com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient;
import com.sun.xml.ws.security.opt.impl.util.SOAPUtil;
import com.sun.xml.ws.security.policy.SecureConversationToken;
import com.sun.xml.ws.security.policy.Token;
import com.sun.xml.ws.security.secconv.WSSCContract;
import com.sun.xml.ws.security.secconv.WSSCFactory;
import com.sun.xml.ws.security.secconv.WSSecureConversationException;
import com.sun.xml.ws.security.trust.WSTrustConstants;
import com.sun.xml.ws.security.trust.WSTrustElementFactory;
import com.sun.xml.ws.security.trust.elements.BaseSTSResponse;
import com.sun.xml.ws.security.trust.elements.RequestSecurityToken;
import com.sun.xml.wss.NonceManager;
import com.sun.xml.wss.ProcessingContext;
import com.sun.xml.wss.RealmAuthenticationAdapter;
import com.sun.xml.wss.SubjectAccessor;
import com.sun.xml.wss.XWSSecurityException;
import com.sun.xml.wss.impl.MessageConstants;
import com.sun.xml.wss.impl.NewSecurityRecipient;
import com.sun.xml.wss.impl.ProcessingContextImpl;
import com.sun.xml.wss.impl.WssSoapFaultException;
import com.sun.xml.wss.impl.XWSSecurityRuntimeException;
import com.sun.xml.wss.impl.filter.DumpFilter;
import com.sun.xml.wss.impl.misc.DefaultCallbackHandler;
import com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl;
import com.sun.xml.wss.impl.misc.WSITProviderSecurityEnvironment;
import com.sun.xml.wss.impl.policy.mls.MessagePolicy;
import com.sun.xml.wss.jaxws.impl.PolicyResolverImpl;
import com.sun.xml.wss.provider.wsit.logging.LogStringsMessages;
import java.lang.ref.WeakReference;
import java.net.URI;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.logging.Level;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.message.AuthException;
import javax.security.auth.message.AuthStatus;
import javax.security.auth.message.MessageInfo;
import javax.security.auth.message.config.ServerAuthContext;
import javax.xml.bind.JAXBElement;
import javax.xml.bind.JAXBException;
import javax.xml.namespace.QName;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPMessage;
import javax.xml.ws.WebServiceException;

/* loaded from: input_file:META-INF/lib/webservices-osgi-2.0.1.jar:com/sun/xml/wss/provider/wsit/WSITServerAuthContext.class */
public class WSITServerAuthContext extends WSITAuthContextBase implements ServerAuthContext {
    protected static final String TRUE = "true";
    static final String SERVICE_ENDPOINT = "SERVICE_ENDPOINT";
    private SessionManager sessionManager;
    private Set trustConfig;
    private Set wsscConfig;
    private CallbackHandler handler;
    String operation;
    WeakReference<WSEndpoint> endPoint;
    WSITServerAuthModule authModule;
    static final String PIPE_HELPER = "PIPE_HELPER";

    public WSITServerAuthContext(String str, Subject subject, Map<Object, Object> map, CallbackHandler callbackHandler) {
        super(map);
        this.sessionManager = null;
        this.trustConfig = null;
        this.wsscConfig = null;
        this.handler = null;
        this.operation = null;
        this.endPoint = null;
        this.authModule = null;
        this.operation = str;
        this.endPoint = new WeakReference<>((WSEndpoint) map.get(PipeConstants.ENDPOINT));
        this.sessionManager = SessionManager.getSessionManager(this.endPoint.get());
        Set<PolicyAssertion> set = null;
        for (SecurityPolicyHolder securityPolicyHolder : this.inMessagePolicyMap.values()) {
            if (set != null) {
                set.addAll(securityPolicyHolder.getConfigAssertions("http://schemas.sun.com/2006/03/wss/server"));
            } else {
                set = securityPolicyHolder.getConfigAssertions("http://schemas.sun.com/2006/03/wss/server");
            }
            if (this.trustConfig != null) {
                this.trustConfig.addAll(securityPolicyHolder.getConfigAssertions(Constants.SUN_TRUST_SERVER_SECURITY_POLICY_NS));
            } else {
                this.trustConfig = securityPolicyHolder.getConfigAssertions(Constants.SUN_TRUST_SERVER_SECURITY_POLICY_NS);
            }
            if (this.wsscConfig != null) {
                this.wsscConfig.addAll(securityPolicyHolder.getConfigAssertions(Constants.SUN_SECURE_SERVER_CONVERSATION_POLICY_NS));
            } else {
                this.wsscConfig = securityPolicyHolder.getConfigAssertions(Constants.SUN_SECURE_SERVER_CONVERSATION_POLICY_NS);
            }
        }
        if (System.getProperty("com.sun.aas.installRoot") != null) {
            try {
                Properties properties = new Properties();
                populateConfigProperties(set, properties);
                String property = properties.getProperty(DefaultCallbackHandler.JMAC_CALLBACK_HANDLER);
                if (property != null) {
                    this.handler = loadGFHandler(false, property);
                } else if (callbackHandler != null) {
                    this.handler = callbackHandler;
                }
                if (this.handler == null) {
                    this.handler = loadGFHandler(false, property);
                }
                this.secEnv = new WSITProviderSecurityEnvironment(this.handler, map, properties);
            } catch (XWSSecurityException e) {
                log.log(Level.SEVERE, LogStringsMessages.WSITPVD_0048_ERROR_POPULATING_SERVER_CONFIG_PROP(), (Throwable) e);
                throw new WebServiceException(LogStringsMessages.WSITPVD_0048_ERROR_POPULATING_SERVER_CONFIG_PROP(), e);
            }
        } else {
            Properties properties2 = new Properties();
            this.handler = configureServerHandler(set, properties2);
            String property2 = properties2.getProperty(DefaultCallbackHandler.JMAC_CALLBACK_HANDLER);
            if (property2 != null) {
                try {
                    this.handler = loadGFHandler(false, property2);
                    this.secEnv = new WSITProviderSecurityEnvironment(this.handler, map, properties2);
                } catch (XWSSecurityException e2) {
                    log.log(Level.SEVERE, LogStringsMessages.WSITPVD_0048_ERROR_POPULATING_SERVER_CONFIG_PROP(), (Throwable) e2);
                    throw new WebServiceException(LogStringsMessages.WSITPVD_0048_ERROR_POPULATING_SERVER_CONFIG_PROP(), e2);
                }
            } else {
                this.secEnv = new DefaultSecurityEnvironmentImpl(this.handler, properties2);
            }
        }
        this.authModule = new WSITServerAuthModule();
        try {
            this.authModule.initialize(null, null, null, map);
        } catch (AuthException e3) {
            log.log(Level.SEVERE, LogStringsMessages.WSITPVD_0028_ERROR_INIT_AUTH_MODULE(), (Throwable) e3);
            throw new RuntimeException(LogStringsMessages.WSITPVD_0028_ERROR_INIT_AUTH_MODULE(), e3);
        }
    }

    @Override // javax.security.auth.message.ServerAuth
    public AuthStatus validateRequest(MessageInfo messageInfo, Subject subject, Subject subject2) throws AuthException {
        try {
            Packet validateRequest = validateRequest(getRequestPacket(messageInfo), subject, subject2, messageInfo.getMap());
            if (messageInfo.getMap().get("THERE_WAS_A_FAULT") != null) {
                setResponsePacket(messageInfo, validateRequest);
                return AuthStatus.SEND_FAILURE;
            }
            if ((messageInfo.getMap().get("IS_SC_ISSUE") == null && messageInfo.getMap().get("IS_SC_CANCEL") == null) ? false : true) {
                setResponsePacket(messageInfo, validateRequest);
                return AuthStatus.SEND_SUCCESS;
            }
            setRequestPacket(messageInfo, validateRequest);
            return AuthStatus.SUCCESS;
        } catch (XWSSecurityException e) {
            throw getSOAPFaultException(e);
        }
    }

    @Override // javax.security.auth.message.ServerAuth
    public AuthStatus secureResponse(MessageInfo messageInfo, Subject subject) throws AuthException {
        boolean z = ((String) messageInfo.getMap().get("IS_TRUST_MESSAGE")) != null;
        try {
            setResponsePacket(messageInfo, secureResponse(getResponsePacket(messageInfo), subject, messageInfo.getMap()));
            return messageInfo.getMap().get("THERE_WAS_A_FAULT") != null ? AuthStatus.SEND_FAILURE : AuthStatus.SUCCESS;
        } catch (XWSSecurityException e) {
            throw getSOAPFaultException(e);
        }
    }

    @Override // javax.security.auth.message.ServerAuth
    public void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthException {
        this.issuedTokenContextMap.clear();
        SessionManager.removeSessionManager(this.endPoint.get());
        NonceManager.deleteInstance(this.endPoint.get());
    }

    public Packet validateRequest(Packet packet, Subject subject, Subject subject2, Map<Object, Object> map) throws XWSSecurityException {
        Message create;
        Packet secureResponse;
        Message message = packet.getMessage();
        boolean z = false;
        boolean z2 = false;
        boolean z3 = false;
        ProcessingContext initializeInboundProcessingContext = initializeInboundProcessingContext(packet);
        initializeInboundProcessingContext.setExtraneousProperty(MessageConstants.AUTH_SUBJECT, subject);
        initializeInboundProcessingContext.setExtraneousProperty(ProcessingContext.OPERATION_RESOLVER, new PolicyResolverImpl(this.inMessagePolicyMap, this.inProtocolPM, cachedOperation(packet), this.pipeConfig, this.addVer, false, this.rmVer, this.mcVer));
        initializeInboundProcessingContext.setExtraneousProperty("SessionManager", this.sessionManager);
        try {
            create = !this.optimized ? Messages.create(verifyInboundMessage(message.readAsSOAPMessage(), initializeInboundProcessingContext)) : verifyInboundMessage(message, initializeInboundProcessingContext);
        } catch (XWSSecurityException e) {
            log.log(Level.SEVERE, LogStringsMessages.WSITPVD_0035_ERROR_VERIFY_INBOUND_MSG(), (Throwable) e);
            z3 = true;
            create = Messages.create(SOAPUtil.getSOAPFaultException(e, this.soapFactory, this.soapVersion), this.soapVersion);
        } catch (WssSoapFaultException e2) {
            log.log(Level.SEVERE, LogStringsMessages.WSITPVD_0035_ERROR_VERIFY_INBOUND_MSG(), (Throwable) e2);
            z3 = true;
            create = Messages.create(SOAPUtil.getSOAPFaultException(e2, this.soapFactory, this.soapVersion), this.soapVersion);
        } catch (XWSSecurityRuntimeException e3) {
            log.log(Level.SEVERE, LogStringsMessages.WSITPVD_0035_ERROR_VERIFY_INBOUND_MSG(), (Throwable) e3);
            z3 = true;
            create = Messages.create(SOAPUtil.getSOAPFaultException(e3, this.soapFactory, this.soapVersion), this.soapVersion);
        } catch (SOAPException e4) {
            log.log(Level.SEVERE, LogStringsMessages.WSITPVD_0035_ERROR_VERIFY_INBOUND_MSG(), (Throwable) e4);
            z3 = true;
            create = Messages.create(SOAPUtil.getSOAPFaultException(e4, this.soapFactory, this.soapVersion), this.soapVersion);
        } catch (WebServiceException e5) {
            log.log(Level.SEVERE, LogStringsMessages.WSITPVD_0035_ERROR_VERIFY_INBOUND_MSG(), (Throwable) e5);
            z3 = true;
            create = Messages.create(SOAPUtil.getSOAPFaultException(e5, this.soapFactory, this.soapVersion), this.soapVersion);
        } catch (Exception e6) {
            log.log(Level.SEVERE, LogStringsMessages.WSITPVD_0035_ERROR_VERIFY_INBOUND_MSG(), (Throwable) e6);
            z3 = true;
            create = Messages.create(SOAPUtil.getSOAPFaultException(e6, this.soapFactory, this.soapVersion), this.soapVersion);
        }
        if (z3) {
            map.put("THERE_WAS_A_FAULT", Boolean.valueOf(z3));
            if (!isAddressingEnabled()) {
                packet.setMessage(create);
                return packet;
            }
            if (this.optimized) {
                packet.setMessage(((JAXBFilterProcessingContext) initializeInboundProcessingContext).getPVMessage());
            }
            return packet.createServerResponse(create, this.addVer, this.soapVersion, this.addVer.getDefaultFaultAction());
        }
        packet.setMessage(create);
        if (isAddressingEnabled()) {
            String action = getAction(packet);
            if (this.wsscVer.getSCTRequestAction().equals(action) || this.wsscVer.getSCTRenewRequestAction().equals(action)) {
                z = true;
                map.put("IS_SC_ISSUE", "true");
                if (this.wsscConfig != null) {
                    packet.invocationProperties.put(Constants.SUN_SECURE_SERVER_CONVERSATION_POLICY_NS, this.wsscConfig.iterator());
                }
            } else if (this.wsscVer.getSCTCancelRequestAction().equals(action)) {
                z2 = true;
                map.put("IS_SC_CANCEL", "true");
            } else if (this.wsTrustVer.getIssueRequestAction().equals(action) || this.wsTrustVer.getValidateRequestAction().equals(action)) {
                map.put("IS_TRUST_MESSAGE", "true");
                map.put("TRUST_REQUEST_ACTION", action);
                if (this.trustConfig != null) {
                    packet.invocationProperties.put(Constants.SUN_TRUST_SERVER_SECURITY_POLICY_NS, this.trustConfig.iterator());
                }
                packet.invocationProperties.put(WSTrustConstants.SECURITY_ENVIRONMENT, this.secEnv);
                packet.invocationProperties.put(WSTrustConstants.WST_VERSION, this.wsTrustVer);
                IssuedTokenContext trustContext = ((ProcessingContextImpl) initializeInboundProcessingContext).getTrustContext();
                if (trustContext != null && trustContext.getAuthnContextClass() != null) {
                    packet.invocationProperties.put(WSTrustConstants.AUTHN_CONTEXT_CLASS, trustContext.getAuthnContextClass());
                }
            }
            if (z) {
                List<PolicyAssertion> inBoundSCP = getInBoundSCP(packet.getMessage());
                if (!inBoundSCP.isEmpty()) {
                    packet.invocationProperties.put(com.sun.xml.wss.jaxws.impl.Constants.SC_ASSERTION, inBoundSCP.get(0));
                }
            }
        }
        if (!z && cacheOperation(create, packet) == null && this.addVer != null) {
            packet.invocationProperties.put("WSDL_BOUND_OPERATION", getWSDLOpFromAction(packet, true));
        }
        map.put("VALIDATE_REQ_PACKET", packet);
        if (z || z2) {
            secureResponse = secureResponse(invokeSecureConversationContract(packet, initializeInboundProcessingContext, z), subject2, map);
        } else {
            updateSCSessionInfo(packet);
            secureResponse = packet;
        }
        return secureResponse;
    }

    public Packet secureResponse(Packet packet, Subject subject, Map map) throws XWSSecurityException {
        boolean z = map.get("IS_SC_ISSUE") != null;
        boolean z2 = map.get("IS_SC_CANCEL") != null;
        boolean z3 = map.get("IS_TRUST_MESSAGE") != null;
        Packet packet2 = (Packet) map.get("VALIDATE_REQ_PACKET");
        Boolean bool = (Boolean) map.get("THERE_WAS_A_FAULT");
        if (bool != null ? bool.booleanValue() : false) {
            return packet;
        }
        if (!this.optimized) {
            try {
                packet.setMessage(Messages.create(packet.getMessage().readAsSOAPMessage()));
            } catch (SOAPException e) {
                throw new WebServiceException(e);
            }
        }
        ProcessingContext initializeOutgoingProcessingContext = initializeOutgoingProcessingContext(packet, z);
        initializeOutgoingProcessingContext.setExtraneousProperty("SessionManager", this.sessionManager);
        Message message = packet.getMessage();
        try {
            try {
                if (initializeOutgoingProcessingContext.getSecurityPolicy() != null && ((MessagePolicy) initializeOutgoingProcessingContext.getSecurityPolicy()).size() > 0) {
                    message = !this.optimized ? Messages.create(secureOutboundMessage(message.readAsSOAPMessage(), initializeOutgoingProcessingContext)) : secureOutboundMessage(message, initializeOutgoingProcessingContext);
                }
                if (isSCCancel(packet)) {
                    removeContext(packet2);
                }
            } catch (Throwable th) {
                if (isSCCancel(packet)) {
                    removeContext(packet2);
                }
                throw th;
            }
        } catch (WssSoapFaultException e2) {
            map.put("THERE_WAS_A_FAULT", true);
            message = Messages.create(getSOAPFault(e2));
            if (isSCCancel(packet)) {
                removeContext(packet2);
            }
        } catch (SOAPException e3) {
            log.log(Level.SEVERE, LogStringsMessages.WSITPVD_0029_ERROR_SECURING_OUTBOUND_MSG(), (Throwable) e3);
            throw new WebServiceException(LogStringsMessages.WSITPVD_0029_ERROR_SECURING_OUTBOUND_MSG(), e3);
        }
        resetCachedOperation(packet);
        packet.setMessage(message);
        return packet;
    }

    protected SOAPMessage verifyInboundMessage(SOAPMessage sOAPMessage, ProcessingContext processingContext) throws WssSoapFaultException, XWSSecurityException {
        if (debug) {
            DumpFilter.process(processingContext);
        }
        processingContext.setSOAPMessage(sOAPMessage);
        NewSecurityRecipient.validateMessage(processingContext);
        return processingContext.getSOAPMessage();
    }

    protected Message verifyInboundMessage(Message message, ProcessingContext processingContext) throws XWSSecurityException {
        JAXBFilterProcessingContext jAXBFilterProcessingContext = (JAXBFilterProcessingContext) processingContext;
        LazyStreamBasedMessage lazyStreamBasedMessage = (LazyStreamBasedMessage) message;
        AttachmentSet attachments = lazyStreamBasedMessage.getAttachments();
        return ((attachments == null || attachments.isEmpty()) ? new SecurityRecipient(lazyStreamBasedMessage.readMessage(), this.soapVersion) : new SecurityRecipient(lazyStreamBasedMessage.readMessage(), this.soapVersion, attachments)).validateMessage(jAXBFilterProcessingContext);
    }

    @Override // com.sun.xml.wss.provider.wsit.WSITAuthContextBase
    protected ProcessingContext initializeOutgoingProcessingContext(Packet packet, boolean z) {
        ProcessingContextImpl processingContextImpl;
        if (this.optimized) {
            processingContextImpl = new JAXBFilterProcessingContext(packet.invocationProperties);
            ((JAXBFilterProcessingContext) processingContextImpl).setAddressingVersion(this.addVer);
            ((JAXBFilterProcessingContext) processingContextImpl).setSOAPVersion(this.soapVersion);
        } else {
            processingContextImpl = new ProcessingContextImpl(packet.invocationProperties);
        }
        if (this.addVer != null) {
            processingContextImpl.setAction(getAction(packet));
        }
        processingContextImpl.setTimestampTimeout(this.timestampTimeOut);
        processingContextImpl.setSecurityPolicyVersion(this.spVersion.namespaceUri);
        try {
            MessagePolicy outgoingFaultPolicy = packet.getMessage().isFault() ? getOutgoingFaultPolicy(packet) : (isRMMessage(packet) || isMakeConnectionMessage(packet)) ? this.outProtocolPM.get("RM").getMessagePolicy() : isSCCancel(packet) ? this.outProtocolPM.get("SC-CANCEL").getMessagePolicy() : getOutgoingXWSSecurityPolicy(packet, z);
            if (debug && outgoingFaultPolicy != null) {
                outgoingFaultPolicy.dumpMessages(true);
            }
            if (outgoingFaultPolicy != null) {
                processingContextImpl.setSecurityPolicy(outgoingFaultPolicy);
            }
            if (isTrustMessage(packet)) {
                processingContextImpl.isTrustMessage(true);
            }
            if (z) {
                processingContextImpl.setAlgorithmSuite(outgoingFaultPolicy.getAlgorithmSuite());
            } else {
                processingContextImpl.setAlgorithmSuite(getAlgoSuite(getBindingAlgorithmSuite(packet)));
            }
            processingContextImpl.setSecurityEnvironment(this.secEnv);
            processingContextImpl.isInboundMessage(false);
            processingContextImpl.getExtraneousProperties().put(WebServiceConstants.PORT, this.pipeConfig.getWSDLPort());
            return processingContextImpl;
        } catch (XWSSecurityException e) {
            log.log(Level.SEVERE, LogStringsMessages.WSITPVD_0006_PROBLEM_INIT_OUT_PROC_CONTEXT(), (Throwable) e);
            throw new RuntimeException(LogStringsMessages.WSITPVD_0006_PROBLEM_INIT_OUT_PROC_CONTEXT(), e);
        }
    }

    private void removeContext(Packet packet) {
        String uri;
        SecurityContextToken securityContextToken = (SecurityContextToken) packet.invocationProperties.get(MessageConstants.INCOMING_SCT);
        if (securityContextToken == null || (uri = securityContextToken.getIdentifier().toString()) == null) {
            return;
        }
        this.issuedTokenContextMap.remove(uri);
        this.sessionManager.terminateSession(uri);
    }

    @Override // com.sun.xml.wss.provider.wsit.WSITAuthContextBase
    protected MessagePolicy getOutgoingXWSSecurityPolicy(Packet packet, boolean z) {
        if (z) {
            return getOutgoingXWSBootstrapPolicy((Token) packet.invocationProperties.get(com.sun.xml.wss.jaxws.impl.Constants.SC_ASSERTION));
        }
        WSDLBoundOperation cachedOperation = cachedOperation(packet);
        if (this.outMessagePolicyMap == null) {
            return new MessagePolicy();
        }
        if (isTrustMessage(packet)) {
            cachedOperation = getWSDLOpFromAction(packet, false);
            cacheOperation(cachedOperation, packet);
        }
        SecurityPolicyHolder securityPolicyHolder = this.outMessagePolicyMap.get(cachedOperation);
        return securityPolicyHolder == null ? new MessagePolicy() : securityPolicyHolder.getMessagePolicy();
    }

    protected MessagePolicy getOutgoingFaultPolicy(Packet packet) {
        WSDLBoundOperation cachedOperation = cachedOperation(packet);
        if (cachedOperation == null) {
            return null;
        }
        WSDLOperation operation = cachedOperation.getOperation();
        QName firstDetailEntryName = packet.getMessage().getFirstDetailEntryName();
        WSDLFault wSDLFault = null;
        if (firstDetailEntryName != null) {
            wSDLFault = operation.getFault(firstDetailEntryName);
        }
        SecurityPolicyHolder securityPolicyHolder = this.outMessagePolicyMap.get(cachedOperation);
        if (wSDLFault == null) {
            return securityPolicyHolder != null ? securityPolicyHolder.getMessagePolicy() : new MessagePolicy();
        }
        SecurityPolicyHolder faultPolicy = securityPolicyHolder.getFaultPolicy(wSDLFault);
        return faultPolicy == null ? new MessagePolicy() : faultPolicy.getMessagePolicy();
    }

    private CallbackHandler configureServerHandler(Set set, Properties properties) {
        String populateConfigProperties = populateConfigProperties(set, properties);
        try {
            if (populateConfigProperties == null) {
                return new DefaultCallbackHandler("server", properties, getRealmAuthenticationAdapter(this.endPoint.get()));
            }
            Object newInstance = loadClass(populateConfigProperties).newInstance();
            if (newInstance instanceof CallbackHandler) {
                return (CallbackHandler) newInstance;
            }
            log.log(Level.SEVERE, LogStringsMessages.WSITPVD_0031_INVALID_CALLBACK_HANDLER_CLASS(populateConfigProperties));
            throw new RuntimeException(LogStringsMessages.WSITPVD_0031_INVALID_CALLBACK_HANDLER_CLASS(populateConfigProperties));
        } catch (Exception e) {
            log.log(Level.SEVERE, LogStringsMessages.WSITPVD_0043_ERROR_CONFIGURE_SERVER_HANDLER(), (Throwable) e);
            throw new RuntimeException(LogStringsMessages.WSITPVD_0043_ERROR_CONFIGURE_SERVER_HANDLER(), e);
        }
    }

    @Override // com.sun.xml.wss.provider.wsit.WSITAuthContextBase
    protected boolean bindingHasIssuedTokenPolicy() {
        return this.hasIssuedTokens;
    }

    @Override // com.sun.xml.wss.provider.wsit.WSITAuthContextBase
    protected boolean bindingHasSecureConversationPolicy() {
        return this.hasSecureConversation;
    }

    @Override // com.sun.xml.wss.provider.wsit.WSITAuthContextBase
    protected boolean bindingHasRMPolicy() {
        return this.hasReliableMessaging;
    }

    private Packet invokeSecureConversationContract(Packet packet, ProcessingContext processingContext, boolean z) {
        String sCTCancelResponseAction;
        BaseSTSResponse cancel;
        IssuedTokenContextImpl issuedTokenContextImpl = new IssuedTokenContextImpl();
        issuedTokenContextImpl.getOtherProperties().put("SessionManager", this.sessionManager);
        Message message = packet.getMessage();
        try {
            issuedTokenContextImpl.setRequestorSubject(SubjectAccessor.getRequesterSubject(processingContext));
            WSTrustElementFactory newInstance = WSTrustElementFactory.newInstance(this.wsscVer);
            RequestSecurityToken createRSTFrom = newInstance.createRSTFrom((JAXBElement) message.readPayloadAsJAXB(WSTrustElementFactory.getContext(this.wsTrustVer).createUnmarshaller()));
            URI requestType = createRSTFrom.getRequestType();
            WSSCContract newWSSCContract = WSSCFactory.newWSSCContract(this.wsscVer);
            newWSSCContract.setWSSCServerConfig((Iterator) packet.invocationProperties.get(Constants.SUN_SECURE_SERVER_CONVERSATION_POLICY_NS));
            if (requestType.toString().equals(this.wsTrustVer.getIssueRequestTypeURI())) {
                cancel = newWSSCContract.issue(createRSTFrom, issuedTokenContextImpl, (SecureConversationToken) getOutBoundSCP(packet.getMessage()).get(0));
                sCTCancelResponseAction = this.wsscVer.getSCTResponseAction();
                String uri = ((SecurityContextToken) issuedTokenContextImpl.getSecurityToken()).getIdentifier().toString();
                Session session = this.sessionManager.getSession(uri);
                if (session == null) {
                    log.log(Level.SEVERE, LogStringsMessages.WSITPVD_0044_ERROR_SESSION_CREATION());
                    throw new WSSecureConversationException(LogStringsMessages.WSITPVD_0044_ERROR_SESSION_CREATION());
                }
                packet.invocationProperties.put(Session.SESSION_ID_KEY, uri);
                packet.invocationProperties.put(Session.SESSION_KEY, session.getUserData());
                session.getSecurityInfo().getIssuedTokenContext().setRequestorSubject(issuedTokenContextImpl.getRequestorSubject());
            } else if (requestType.toString().equals(this.wsTrustVer.getRenewRequestTypeURI())) {
                List<PolicyAssertion> outBoundSCP = getOutBoundSCP(packet.getMessage());
                sCTCancelResponseAction = this.wsscVer.getSCTRenewResponseAction();
                cancel = newWSSCContract.renew(createRSTFrom, issuedTokenContextImpl, (SecureConversationToken) outBoundSCP.get(0));
            } else {
                if (!requestType.toString().equals(this.wsTrustVer.getCancelRequestTypeURI())) {
                    log.log(Level.SEVERE, LogStringsMessages.WSITPVD_0045_UNSUPPORTED_OPERATION_EXCEPTION(requestType));
                    throw new UnsupportedOperationException(LogStringsMessages.WSITPVD_0045_UNSUPPORTED_OPERATION_EXCEPTION(requestType));
                }
                sCTCancelResponseAction = this.wsscVer.getSCTCancelResponseAction();
                cancel = newWSSCContract.cancel(createRSTFrom, issuedTokenContextImpl);
            }
            Packet addAddressingHeaders = addAddressingHeaders(packet, Messages.create(WSTrustElementFactory.getContext(this.wsTrustVer).createMarshaller(), newInstance.toJAXBElement(cancel), this.soapVersion), sCTCancelResponseAction);
            if (z) {
                List<PolicyAssertion> outBoundSCP2 = getOutBoundSCP(packet.getMessage());
                if (!outBoundSCP2.isEmpty()) {
                    addAddressingHeaders.invocationProperties.put(com.sun.xml.wss.jaxws.impl.Constants.SC_ASSERTION, outBoundSCP2.get(0));
                }
            }
            return addAddressingHeaders;
        } catch (JAXBException e) {
            log.log(Level.SEVERE, LogStringsMessages.WSITPVD_0001_PROBLEM_MAR_UNMAR(), e);
            throw new RuntimeException(LogStringsMessages.WSITPVD_0001_PROBLEM_MAR_UNMAR(), e);
        } catch (WSSecureConversationException e2) {
            log.log(Level.SEVERE, LogStringsMessages.WSITPVD_0046_ERROR_INVOKE_SC_CONTRACT(), (Throwable) e2);
            throw new RuntimeException(LogStringsMessages.WSITPVD_0046_ERROR_INVOKE_SC_CONTRACT(), e2);
        } catch (XWSSecurityException e3) {
            log.log(Level.SEVERE, LogStringsMessages.WSITPVD_0046_ERROR_INVOKE_SC_CONTRACT(), (Throwable) e3);
            throw new RuntimeException(LogStringsMessages.WSITPVD_0046_ERROR_INVOKE_SC_CONTRACT(), e3);
        }
    }

    private Packet addAddressingHeaders(Packet packet, Message message, String str) {
        Packet createServerResponse = packet.createServerResponse(message, this.addVer, this.soapVersion, str);
        createServerResponse.proxy = packet.proxy;
        createServerResponse.invocationProperties.putAll(packet.invocationProperties);
        return createServerResponse;
    }

    @Override // com.sun.xml.wss.provider.wsit.WSITAuthContextBase
    protected SecurityPolicyHolder addOutgoingMP(WSDLBoundOperation wSDLBoundOperation, Policy policy) throws PolicyException {
        SecurityPolicyHolder constructPolicyHolder = constructPolicyHolder(policy, true, true);
        this.inMessagePolicyMap.put(wSDLBoundOperation, constructPolicyHolder);
        return constructPolicyHolder;
    }

    @Override // com.sun.xml.wss.provider.wsit.WSITAuthContextBase
    protected SecurityPolicyHolder addIncomingMP(WSDLBoundOperation wSDLBoundOperation, Policy policy) throws PolicyException {
        SecurityPolicyHolder constructPolicyHolder = constructPolicyHolder(policy, true, false);
        this.outMessagePolicyMap.put(wSDLBoundOperation, constructPolicyHolder);
        return constructPolicyHolder;
    }

    @Override // com.sun.xml.wss.provider.wsit.WSITAuthContextBase
    protected void addIncomingProtocolPolicy(Policy policy, String str) throws PolicyException {
        this.outProtocolPM.put(str, constructPolicyHolder(policy, true, false, true));
    }

    @Override // com.sun.xml.wss.provider.wsit.WSITAuthContextBase
    protected void addOutgoingProtocolPolicy(Policy policy, String str) throws PolicyException {
        this.inProtocolPM.put(str, constructPolicyHolder(policy, true, true, false));
    }

    @Override // com.sun.xml.wss.provider.wsit.WSITAuthContextBase
    protected void addIncomingFaultPolicy(Policy policy, SecurityPolicyHolder securityPolicyHolder, WSDLFault wSDLFault) throws PolicyException {
        securityPolicyHolder.addFaultPolicy(wSDLFault, constructPolicyHolder(policy, true, false));
    }

    @Override // com.sun.xml.wss.provider.wsit.WSITAuthContextBase
    protected void addOutgoingFaultPolicy(Policy policy, SecurityPolicyHolder securityPolicyHolder, WSDLFault wSDLFault) throws PolicyException {
        securityPolicyHolder.addFaultPolicy(wSDLFault, constructPolicyHolder(policy, true, true));
    }

    @Override // com.sun.xml.wss.provider.wsit.WSITAuthContextBase
    protected String getAction(WSDLOperation wSDLOperation, boolean z) {
        return z ? wSDLOperation.getInput().getAction() : wSDLOperation.getOutput().getAction();
    }

    private RealmAuthenticationAdapter getRealmAuthenticationAdapter(WSEndpoint wSEndpoint) {
        Object spi;
        Class<?> cls = null;
        ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
        if (contextClassLoader != null) {
            try {
                cls = contextClassLoader.loadClass("javax.servlet.ServletContext");
            } catch (ClassNotFoundException e) {
                return null;
            }
        }
        if (cls == null) {
            try {
                cls = getClass().getClassLoader().loadClass("javax.servlet.ServletContext");
            } catch (ClassNotFoundException e2) {
                return null;
            }
        }
        if (cls == null || (spi = wSEndpoint.getContainer().getSPI(cls)) == null) {
            return null;
        }
        return RealmAuthenticationAdapter.newInstance(spi);
    }

    private void updateSCSessionInfo(Packet packet) {
        SecurityContextToken securityContextToken = (SecurityContextToken) packet.invocationProperties.get(MessageConstants.INCOMING_SCT);
        if (securityContextToken != null) {
            String uri = securityContextToken.getIdentifier().toString();
            packet.invocationProperties.put(Session.SESSION_ID_KEY, uri);
            packet.invocationProperties.put(Session.SESSION_KEY, this.sessionManager.getSession(uri).getUserData());
        }
    }
}
