package be.ehealth.businessconnector.genericasync.handlers;

import be.ehealth.technicalconnector.config.domain.Duration;
import be.ehealth.technicalconnector.handler.AbstractSOAPHandler;
import java.util.HashSet;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import javax.xml.namespace.QName;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPHeader;
import javax.xml.soap.SOAPMessage;
import javax.xml.ws.ProtocolException;
import javax.xml.ws.handler.soap.SOAPMessageContext;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
import org.apache.wss4j.dom.engine.WSSecurityEngineResult;
import org.apache.wss4j.dom.handler.RequestData;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;

/* loaded from: input_file:be/ehealth/businessconnector/genericasync/handlers/IncomingSecurityHandler.class */
public class IncomingSecurityHandler extends AbstractSOAPHandler {
    private static final Logger LOG = LoggerFactory.getLogger(IncomingSecurityHandler.class);
    private static final QName WSSE = new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Security", "wsse");
    private static final Set<QName> QNAME_LIST = new HashSet();
    private WSSConfig config;
    private int timestampTTL;
    private int timestampFutureTTL;

    @Deprecated
    private IncomingSecurityHandler() {
        this.config = WSSConfig.getNewInstance();
    }

    public IncomingSecurityHandler(Duration duration, Duration duration2) {
        this();
        this.timestampTTL = (int) duration.convert(TimeUnit.SECONDS);
        this.timestampFutureTTL = (int) duration2.convert(TimeUnit.SECONDS);
    }

    public boolean handleInbound(SOAPMessageContext sOAPMessageContext) {
        NodeList elementsByTagNameNS;
        SOAPMessage message = sOAPMessageContext.getMessage();
        WSSecurityEngine wSSecurityEngine = new WSSecurityEngine();
        RequestData requestData = new RequestData();
        requestData.setWssConfig(this.config);
        requestData.setTimeStampTTL(this.timestampTTL);
        requestData.setTimeStampFutureTTL(this.timestampFutureTTL);
        try {
            SOAPHeader sOAPHeader = message.getSOAPHeader();
            if (sOAPHeader != null && (elementsByTagNameNS = sOAPHeader.getElementsByTagNameNS(WSSE.getNamespaceURI(), WSSE.getLocalPart())) != null) {
                LOG.debug("Verify WS Security Header");
                for (int i = 0; i < elementsByTagNameNS.getLength(); i++) {
                    for (WSSecurityEngineResult wSSecurityEngineResult : wSSecurityEngine.processSecurityHeader((Element) elementsByTagNameNS.item(i), requestData).getResults()) {
                        if (!((Boolean) wSSecurityEngineResult.get("validated-token")).booleanValue()) {
                            StringBuffer stringBuffer = new StringBuffer();
                            stringBuffer.append("Unable to validate incoming soap message. Action [");
                            stringBuffer.append(wSSecurityEngineResult.get("action"));
                            stringBuffer.append("].");
                            throw new ProtocolException(stringBuffer.toString());
                        }
                    }
                }
            }
            return true;
        } catch (WSSecurityException e) {
            throw new ProtocolException(e);
        } catch (SOAPException e2) {
            throw new ProtocolException(e2);
        }
    }

    public Set<QName> getHeaders() {
        return QNAME_LIST;
    }

    static {
        QNAME_LIST.add(WSSE);
    }
}
