package fi.vm.sade.generic.service.authz.interceptor;

import fi.vm.sade.generic.common.JAXBUtils;
import fi.vm.sade.generic.common.auth.xml.AuthzDataHolder;
import fi.vm.sade.generic.common.auth.xml.ElementNames;
import fi.vm.sade.generic.common.auth.xml.Organisation;
import fi.vm.sade.generic.service.authz.aspect.AuthzData;
import fi.vm.sade.generic.service.authz.aspect.AuthzDataThreadLocal;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.ResourceBundle;
import java.util.Set;
import javax.xml.bind.JAXBException;
import javax.xml.namespace.QName;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.binding.soap.interceptor.AbstractSoapInterceptor;
import org.apache.cxf.binding.soap.interceptor.SoapActionInInterceptor;
import org.apache.cxf.common.i18n.Message;
import org.apache.cxf.headers.Header;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.phase.Phase;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.handler.WSHandlerConstants;
import org.apache.ws.security.handler.WSHandlerResult;
import org.apache.ws.security.message.token.UsernameToken;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Element;

/* loaded from: input_file:WEB-INF/lib/generic-service-1.0-20120906.090238-80.jar:fi/vm/sade/generic/service/authz/interceptor/SecurityAuditInterceptor.class */
public class SecurityAuditInterceptor extends AbstractSoapInterceptor {
    private static final Logger LOGGER = LoggerFactory.getLogger(SecurityAuditInterceptor.class);
    private static final Set<QName> HEADERS = new HashSet();
    private static ThreadLocal<Map<String, Set<String>>> foo;

    public SecurityAuditInterceptor() {
        super(Phase.PRE_PROTOCOL);
        getAfter().add(SoapActionInInterceptor.class.getName());
    }

    public SecurityAuditInterceptor(String str) {
        super(str);
    }

    @Override // org.apache.cxf.binding.soap.interceptor.AbstractSoapInterceptor, org.apache.cxf.binding.soap.interceptor.SoapInterceptor
    public Set<QName> getUnderstoodHeaders() {
        return HEADERS;
    }

    @Override // org.apache.cxf.interceptor.Interceptor
    public void handleMessage(SoapMessage soapMessage) throws Fault {
        WSHandlerResult wSHandlerResult;
        LOGGER.info(" -- Security Audit handler called. -- ");
        Header header = null;
        Iterator<Header> it = soapMessage.getHeaders().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Header next = it.next();
            if (next.getName().getLocalPart().equals(ElementNames.AUTHZ_DATA)) {
                header = next;
                break;
            }
        }
        if (header == null) {
            throw new Fault(new Message("SOAP header for authorization data is null", (ResourceBundle) null, (Object[]) null));
        }
        try {
            AuthzDataHolder authzDataHolder = (AuthzDataHolder) JAXBUtils.unmarshal((Element) header.getObject(), AuthzDataHolder.class);
            if (authzDataHolder == null) {
                throw new Fault(new Message("Authorization data missing", (ResourceBundle) null, (Object[]) null));
            }
            LOGGER.info("Got authz data: " + authzDataHolder.organisations.toString());
            Set<Organisation> set = authzDataHolder.organisations;
            HashMap hashMap = new HashMap();
            for (Organisation organisation : set) {
                hashMap.put(organisation.oid, new AuthzData.Organisation(organisation.children, organisation.roles));
            }
            AuthzDataThreadLocal.set(new AuthzData(hashMap));
            String str = (String) soapMessage.get("javax.xml.ws.wsdl.operation");
            String str2 = (String) soapMessage.get("javax.xml.ws.wsdl.interface");
            String str3 = "";
            List list = (List) soapMessage.get(WSHandlerConstants.RECV_RESULTS);
            if (list != null) {
                Iterator it2 = list.iterator();
                while (it2.hasNext() && (wSHandlerResult = (WSHandlerResult) it2.next()) != null && wSHandlerResult.getResults() != null) {
                    Iterator<WSSecurityEngineResult> it3 = wSHandlerResult.getResults().iterator();
                    while (true) {
                        if (!it3.hasNext()) {
                            break;
                        }
                        WSSecurityEngineResult next2 = it3.next();
                        if (next2 != null && (next2.get(WSSecurityEngineResult.TAG_USERNAME_TOKEN) instanceof UsernameToken)) {
                            str3 = ((UsernameToken) next2.get(WSSecurityEngineResult.TAG_USERNAME_TOKEN)).getName();
                            break;
                        }
                    }
                    if (str3 != null) {
                        break;
                    }
                }
            }
            LOGGER.info("User '" + str3 + "' called operation " + str + " in " + str2);
        } catch (JAXBException e) {
            throw new Fault(new Message("Can't read authz data.", (ResourceBundle) null, (Object[]) null));
        }
    }

    static {
        HEADERS.add(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Security"));
        HEADERS.add(new QName("http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd", "Security"));
        HEADERS.add(new QName("http://www.w3.org/2001/04/xmlenc#", "EncryptedData"));
    }
}
