package com.mulesoft.modules.wss.internal.inbound;

import com.mulesoft.modules.wss.api.constants.SoapVersion;
import com.mulesoft.modules.wss.internal.auth.MustUnderstandAuthentication;
import com.mulesoft.modules.wss.internal.error.WssErrorTypeProvider;
import com.mulesoft.modules.wss.internal.error.WssException;
import com.mulesoft.modules.wss.internal.error.WssSecurityException;
import com.mulesoft.modules.wss.internal.util.SoapMessageHandler;
import java.io.InputStream;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.List;
import javax.inject.Inject;
import javax.inject.Named;
import javax.xml.soap.SOAPMessage;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.dom.engine.WSSecurityEngineResult;
import org.apache.wss4j.dom.handler.WSHandlerResult;
import org.apache.wss4j.dom.message.WSSecHeader;
import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.mule.runtime.api.metadata.TypedValue;
import org.mule.runtime.api.security.Authentication;
import org.mule.runtime.api.security.SecurityException;
import org.mule.runtime.api.security.SecurityProviderNotFoundException;
import org.mule.runtime.api.security.UnknownAuthenticationTypeException;
import org.mule.runtime.api.store.ObjectStore;
import org.mule.runtime.api.store.ObjectStoreException;
import org.mule.runtime.api.store.ObjectStoreManager;
import org.mule.runtime.extension.api.annotation.error.Throws;
import org.mule.runtime.extension.api.annotation.param.Config;
import org.mule.runtime.extension.api.annotation.param.Content;
import org.mule.runtime.extension.api.annotation.param.MediaType;
import org.mule.runtime.extension.api.annotation.param.Optional;
import org.mule.runtime.extension.api.annotation.param.display.DisplayName;
import org.mule.runtime.extension.api.runtime.operation.Result;
import org.mule.runtime.extension.api.runtime.parameter.CorrelationInfo;
import org.mule.runtime.extension.api.security.AuthenticationHandler;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;

/* loaded from: input_file:com/mulesoft/modules/wss/internal/inbound/WssInboundOperations.class */
public class WssInboundOperations {
    private static final Logger LOGGER = LoggerFactory.getLogger(WssInboundOperations.class);
    private static final SoapMessageHandler ENVELOPE_DOCUMENT_FACTORY = new SoapMessageHandler();

    @Inject
    @Named("_muleObjectStoreManager")
    private ObjectStoreManager runtimeObjectStoreManager;

    @Throws({WssErrorTypeProvider.class})
    @MediaType(value = "application/xml", strict = false)
    @DisplayName("Validate WSS")
    public Result<InputStream, Void> validateWss(@Config WssInboundConfig wssInboundConfig, @Content TypedValue<InputStream> typedValue, @Optional(defaultValue = "SOAP_12") SoapVersion soapVersion, CorrelationInfo correlationInfo, AuthenticationHandler authenticationHandler) {
        try {
            setMustUnderstand(authenticationHandler);
            String rfcString = typedValue.getDataType().getMediaType().toRfcString();
            SOAPMessage create = ENVELOPE_DOCUMENT_FACTORY.create((InputStream) typedValue.getValue(), rfcString, soapVersion);
            Document ownerDocument = create.getSOAPPart().getDocumentElement().getOwnerDocument();
            if (WSSecurityUtil.findWsseSecurityHeaderBlock(ownerDocument, ownerDocument.getDocumentElement(), wssInboundConfig.getActor(), false) == null) {
                throw new WssSecurityException("Missing wsse:Security header in request");
            }
            saveSigningCert(correlationInfo.getCorrelationId(), wssInboundConfig.processSecurity(ownerDocument));
            if (wssInboundConfig.extractSecurityHeader()) {
                new WSSecHeader(wssInboundConfig.getActor(), ownerDocument).removeSecurityHeader();
            }
            return Result.builder().output(ENVELOPE_DOCUMENT_FACTORY.serialize(create)).mediaType(org.mule.runtime.api.metadata.MediaType.parse(rfcString)).build();
        } catch (WSSecurityException | WssException e) {
            throw new WssSecurityException("Error trying to process message security", e);
        }
    }

    private void saveSigningCert(String str, WSHandlerResult wSHandlerResult) {
        List<WSSecurityEngineResult> results = wSHandlerResult.getResults();
        ObjectStore defaultPartition = this.runtimeObjectStoreManager.getDefaultPartition();
        for (WSSecurityEngineResult wSSecurityEngineResult : results) {
            Integer num = (Integer) wSSecurityEngineResult.get("action");
            if (num != null && num.intValue() == 2) {
                try {
                    defaultPartition.store(str, (X509Certificate) wSSecurityEngineResult.get("x509-certificate"));
                    return;
                } catch (ObjectStoreException e) {
                    LOGGER.warn("Unable to store signing certificate for future encryption");
                    return;
                }
            }
        }
    }

    private void setMustUnderstand(AuthenticationHandler authenticationHandler) {
        if (authenticationHandler == null) {
            return;
        }
        java.util.Optional authentication = authenticationHandler.getAuthentication();
        if (!authentication.isPresent()) {
            try {
                authenticationHandler.setAuthentication(new MustUnderstandAuthentication());
            } catch (SecurityProviderNotFoundException | SecurityException | UnknownAuthenticationTypeException e) {
                throw new WssException("Cannot set Must Understand Authentication", e);
            }
        } else {
            Authentication authentication2 = (Authentication) authentication.get();
            HashMap hashMap = new HashMap(authentication2.getProperties());
            hashMap.putAll(new MustUnderstandAuthentication().getProperties());
            authentication2.setProperties(hashMap);
        }
    }
}
