package com.sun.xml.wss.filter;

import com.sun.xml.wss.ExtendedMessageFilter;
import com.sun.xml.wss.MessageConstants;
import com.sun.xml.wss.PolicyViolationException;
import com.sun.xml.wss.SecurableSoapMessage;
import com.sun.xml.wss.SecurityEnvironment;
import com.sun.xml.wss.SecurityHeader;
import com.sun.xml.wss.UsernameToken;
import com.sun.xml.wss.XWSSecurityException;
import com.sun.xml.wss.configuration.SecurityRequirement;
import com.sun.xml.wss.configuration.SecurityRequirements;
import com.sun.xml.wss.configuration.UsernamePasswordRequirement;
import java.util.logging.Level;
import javax.security.auth.Subject;

/* loaded from: input_file:119166-06/SUNWascmn/reloc/appserver/lib/appserv-rt.jar:com/sun/xml/wss/filter/ImportUsernameTokenFilter.class */
public class ImportUsernameTokenFilter extends FilterBase implements ExtendedMessageFilter {
    private boolean enableLogging;
    SecurityRequirement receiverRequirement;
    static Class class$com$sun$xml$wss$UsernameToken;

    public ImportUsernameTokenFilter() {
        this.enableLogging = false;
        this.receiverRequirement = null;
    }

    public ImportUsernameTokenFilter(SecurityRequirement securityRequirement) {
        this.enableLogging = false;
        this.receiverRequirement = null;
        this.receiverRequirement = securityRequirement;
    }

    @Override // com.sun.xml.wss.ExtendedMessageFilter
    public void setReceiverRequirement(SecurityRequirement securityRequirement) {
        this.receiverRequirement = securityRequirement;
    }

    @Override // com.sun.xml.wss.ExtendedMessageFilter
    public void setReceiverRequirements(SecurityRequirements securityRequirements) throws UnsupportedOperationException {
        log.log(Level.SEVERE, "WSS0207.unsupported.operation.exception");
        throw new UnsupportedOperationException("Operation not supported");
    }

    @Override // com.sun.xml.wss.ExtendedMessageFilter
    public void enableOperationsLog(boolean z) {
        this.enableLogging = z;
    }

    @Override // com.sun.xml.wss.MessageFilter
    public void process(SecurableSoapMessage securableSoapMessage) throws XWSSecurityException {
        Class cls;
        SecurityHeader findSecurityHeader = securableSoapMessage.findSecurityHeader();
        try {
            if (class$com$sun$xml$wss$UsernameToken == null) {
                cls = class$("com.sun.xml.wss.UsernameToken");
                class$com$sun$xml$wss$UsernameToken = cls;
            } else {
                cls = class$com$sun$xml$wss$UsernameToken;
            }
            UsernameToken usernameToken = (UsernameToken) findSecurityHeader.getCurrentHeaderBlock(cls);
            SecurityEnvironment securityEnvironment = securableSoapMessage.getSecurityEnvironment();
            if (securityEnvironment == null) {
                log.log(Level.SEVERE, "WSS0184.SecurityEnvironment.null");
                throw new XWSSecurityException("Security Domain not set on the Message");
            }
            String username = usernameToken.getUsername();
            String password = usernameToken.getPassword();
            String passwordDigest = usernameToken.getPasswordDigest();
            String passwordType = usernameToken.getPasswordType();
            String nonce = usernameToken.getNonce();
            String created = usernameToken.getCreated();
            if (this.receiverRequirement != null) {
                boolean nonceRequired = ((UsernamePasswordRequirement) this.receiverRequirement).getNonceRequired();
                if (((UsernamePasswordRequirement) this.receiverRequirement).getPasswordDigestRequired() && passwordDigest == null) {
                    log.log(Level.SEVERE, "WSS0212.policy.violation.exception");
                    throw new PolicyViolationException("Receiver Requirement for Digested Password has not been met");
                }
                if (nonceRequired && nonce == null) {
                    log.log(Level.SEVERE, "WSS0213.policy.violation.exception");
                    throw new PolicyViolationException("Receiver Requirement for nonce has not been met");
                }
            }
            try {
                if (!(MessageConstants.PASSWORD_TEXT_NS.equals(passwordType) ? securityEnvironment.authenticateUser(username, password) : securityEnvironment.authenticateUser(username, passwordDigest, nonce, created))) {
                    log.log(Level.SEVERE, "WSS0214.failed.sender.authentication");
                    throw SecurableSoapMessage.newSOAPFaultException(MessageConstants.WSSE_FAILED_AUTHENTICATION, "Authentication of Username Password Token Failed", new XWSSecurityException("Invalid Username Password Pair"));
                }
                if (nonce != null && !securityEnvironment.validateAndCacheNonce(nonce, created)) {
                    throw SecurableSoapMessage.newSOAPFaultException(MessageConstants.WSSE_FAILED_AUTHENTICATION, "Invalid Nonce value for Username Token", new XWSSecurityException("Invalid Nonce value for Username Token"));
                }
                if (created != null && !securityEnvironment.validateCreationTime(created)) {
                    throw SecurableSoapMessage.newSOAPFaultException(MessageConstants.WSSE_FAILED_AUTHENTICATION, "Invalid creation-time value for Username Token", new XWSSecurityException("Invalid creation-time value for Username Token"));
                }
                Subject subject = securableSoapMessage.getSubject();
                if (subject == null) {
                    subject = new Subject();
                    securableSoapMessage.setSubject(subject);
                }
                securityEnvironment.updateOtherPartySubject(subject, username, password);
                if (this.enableLogging) {
                    securableSoapMessage.logUsernameToken(nonce != null ? "true" : "false", passwordDigest != null ? "true" : "false");
                }
            } catch (XWSSecurityException e) {
                throw SecurableSoapMessage.newSOAPFaultException(MessageConstants.WSSE_FAILED_AUTHENTICATION, e.getMessage(), e);
            }
        } catch (XWSSecurityException e2) {
            throw SecurableSoapMessage.newSOAPFaultException(MessageConstants.WSSE_INVALID_SECURITY_TOKEN, "Exception while importing Username Password Token", e2);
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }
}
