package com.appiancorp.ws.securitypolicy;

import com.appiancorp.security.auth.SpringSecurityContextHelper;
import com.appiancorp.suiteapi.common.exceptions.AppianException;
import com.appiancorp.suiteapi.common.exceptions.AppianRuntimeException;
import com.appiancorp.suiteapi.common.exceptions.ErrorCode;
import com.appiancorp.suiteapi.security.external.SecureCredentialsStore;
import com.appiancorp.ws.description.WsSecurityInfo;
import com.appiancorp.ws.exception.UnsupportedWSDLException;
import com.appiancorp.ws.invocation.UsernameTokenExtension;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import java.util.Map;
import java.util.concurrent.Callable;
import org.apache.axis2.client.Options;
import org.apache.neethi.Policy;

/* loaded from: input_file:com/appiancorp/ws/securitypolicy/WsSecurityAppender.class */
public class WsSecurityAppender {
    private final UsernameTokenExtension usernameTokenExtension;
    private final Policy operationEffectivePolicy;
    private final PolicyAssertionsInfoExtractor policyAssertionsInfoExtractor;
    private final UsernameTokenExtension usernameTokenExtensionForWsPolicy09;
    private final SecureCredentialsStore secureCredentialsStore;
    public static final String OPTION_WS_POLICY_0_9_USERNAME = "appian.wspolicy09.username";
    public static final String OPTION_WS_POLICY_0_9_PASSWORD = "appian.wspolicy09.password";

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/appiancorp/ws/securitypolicy/WsSecurityAppender$ScsCredentials.class */
    public final class ScsCredentials {
        private String username;
        private String password;

        public ScsCredentials(String str, String str2) {
            this.username = str;
            this.password = str2;
        }

        public String getUsername() {
            return this.username;
        }

        public String getPassword() {
            return this.password;
        }
    }

    public WsSecurityAppender(UsernameTokenExtension usernameTokenExtension, Policy policy, SecureCredentialsStore secureCredentialsStore) {
        this(usernameTokenExtension, policy, new PolicyAssertionsInfoExtractor(), secureCredentialsStore);
    }

    @VisibleForTesting
    WsSecurityAppender(UsernameTokenExtension usernameTokenExtension, Policy policy, PolicyAssertionsInfoExtractor policyAssertionsInfoExtractor, SecureCredentialsStore secureCredentialsStore) {
        if (policy == null) {
            this.usernameTokenExtension = null;
            this.operationEffectivePolicy = policy;
            this.policyAssertionsInfoExtractor = policyAssertionsInfoExtractor;
            this.usernameTokenExtensionForWsPolicy09 = usernameTokenExtension;
            this.secureCredentialsStore = secureCredentialsStore;
            return;
        }
        this.usernameTokenExtension = usernameTokenExtension;
        this.operationEffectivePolicy = policy;
        this.policyAssertionsInfoExtractor = policyAssertionsInfoExtractor;
        this.usernameTokenExtensionForWsPolicy09 = null;
        this.secureCredentialsStore = secureCredentialsStore;
    }

    public Options attachPolicyTo(Options options) {
        Preconditions.checkNotNull(options);
        PolicyAssertionsInfo createAssertionsInfo = createAssertionsInfo();
        Policy createPolicy = createAssertionsInfo.createPolicy();
        if (this.usernameTokenExtension != null) {
            options = addUserAndPasswordTo(options, createAssertionsInfo.getWsSecurityInfo());
        } else if (createPolicy == null || createPolicy.isEmpty()) {
            if (this.usernameTokenExtensionForWsPolicy09 != null) {
                options = addUserAndPasswordToWsPolicy09(options, createAssertionsInfo.getWsSecurityInfo());
            }
            return options;
        }
        options.setProperty("rampartPolicy", createPolicy);
        return options;
    }

    private PolicyAssertionsInfo createAssertionsInfo() {
        try {
            return this.policyAssertionsInfoExtractor.getAssertionsInfo(this.operationEffectivePolicy);
        } catch (UnsupportedWSDLException e) {
            throw new RuntimeException("The WSDL should have been checked during design time", e);
        }
    }

    private Options addUserAndPasswordTo(Options options, WsSecurityInfo wsSecurityInfo) {
        ScsCredentials extractCredentials = extractCredentials(this.usernameTokenExtension);
        if (extractCredentials != null) {
            String username = extractCredentials.getUsername();
            String password = extractCredentials.getPassword();
            if (username == null) {
                throw new AppianRuntimeException(ErrorCode.WS_USERNAME_TOKEN_EXTENSION_MISSING_USERNAME, new Object[0]);
            }
            boolean isUsernameTokenPasswordRequired = wsSecurityInfo.getIsUsernameTokenPasswordRequired();
            if (isUsernameTokenPasswordRequired && password == null) {
                throw new AppianRuntimeException(ErrorCode.WS_USERNAME_TOKEN_EXTENSION_MISSING_PASSWORD, new Object[0]);
            }
            options.setUserName(username);
            options.setPassword(password);
            if (isUsernameTokenPasswordRequired) {
                options.setPassword(extractCredentials.getPassword());
            }
        }
        return options;
    }

    private Options addUserAndPasswordToWsPolicy09(Options options, WsSecurityInfo wsSecurityInfo) {
        ScsCredentials extractCredentials = extractCredentials(this.usernameTokenExtensionForWsPolicy09);
        return extractCredentials == null ? options : addUserAndPasswordToWsPolicy09(extractCredentials.getUsername(), extractCredentials.getPassword(), options, wsSecurityInfo.getIsUsernameTokenPasswordRequired());
    }

    @VisibleForTesting
    static Options addUserAndPasswordToWsPolicy09(String str, String str2, Options options, boolean z) {
        if (str == null) {
            throw new AppianRuntimeException(ErrorCode.WS_USERNAME_TOKEN_EXTENSION_MISSING_USERNAME, new Object[0]);
        }
        if (z && str2 == null) {
            throw new AppianRuntimeException(ErrorCode.WS_USERNAME_TOKEN_EXTENSION_MISSING_PASSWORD, new Object[0]);
        }
        options.setProperty(OPTION_WS_POLICY_0_9_USERNAME, str);
        options.setProperty(OPTION_WS_POLICY_0_9_PASSWORD, str2);
        return options;
    }

    private ScsCredentials extractCredentials(UsernameTokenExtension usernameTokenExtension) {
        ScsCredentials scsCredentials = null;
        if (usernameTokenExtension != null) {
            if (usernameTokenExtension.getWsdlObtainCredMethodPredefined().booleanValue()) {
                try {
                    scsCredentials = getPredefinedCredentials(usernameTokenExtension);
                } catch (AppianException e) {
                    throw new AppianRuntimeException(e);
                }
            } else {
                scsCredentials = getCustomCredentials(usernameTokenExtension);
            }
        }
        return scsCredentials;
    }

    private ScsCredentials getCustomCredentials(UsernameTokenExtension usernameTokenExtension) {
        return new ScsCredentials(usernameTokenExtension.getUser(), usernameTokenExtension.getPassword());
    }

    private ScsCredentials getPredefinedCredentials(UsernameTokenExtension usernameTokenExtension) throws AppianException {
        String extSysKey = usernameTokenExtension.getExtSysKey();
        return usernameTokenExtension.getExtSysStorageType() == UsernameTokenExtension.ExtSysStorageType.USER ? getPredefinedUserCredentials(extSysKey) : getPredefinedSystemCredentials(extSysKey);
    }

    private ScsCredentials getPredefinedUserCredentials(String str) throws AppianException {
        return getCredentials(str, UsernameTokenExtension.ExtSysStorageType.USER);
    }

    private ScsCredentials getPredefinedSystemCredentials(final String str) throws AppianException {
        return (ScsCredentials) SpringSecurityContextHelper.runAsAdminWithAppianException(new Callable<ScsCredentials>() { // from class: com.appiancorp.ws.securitypolicy.WsSecurityAppender.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.concurrent.Callable
            public ScsCredentials call() throws Exception {
                return WsSecurityAppender.this.getCredentials(str, UsernameTokenExtension.ExtSysStorageType.SYSTEM);
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public ScsCredentials getCredentials(String str, UsernameTokenExtension.ExtSysStorageType extSysStorageType) throws AppianException {
        String str2;
        String str3;
        Map userSecuredValues = this.secureCredentialsStore.getUserSecuredValues(str);
        Map systemSecuredValues = this.secureCredentialsStore.getSystemSecuredValues(str);
        if (extSysStorageType == UsernameTokenExtension.ExtSysStorageType.USER) {
            str2 = (String) userSecuredValues.get("username");
            str3 = (String) userSecuredValues.get("password");
        } else {
            str2 = (String) systemSecuredValues.get("username");
            str3 = (String) systemSecuredValues.get("password");
        }
        return new ScsCredentials(str2, str3);
    }
}
