package org.jboss.ws.extensions.security.operation;

import java.util.Calendar;
import org.jboss.logging.Logger;
import org.jboss.security.auth.callback.CallbackHandlerPolicyContextHandler;
import org.jboss.ws.extensions.security.SecurityStore;
import org.jboss.ws.extensions.security.SimplePrincipal;
import org.jboss.ws.extensions.security.auth.callback.UsernameTokenCallbackHandler;
import org.jboss.ws.extensions.security.element.SecurityHeader;
import org.jboss.ws.extensions.security.element.Token;
import org.jboss.ws.extensions.security.element.UsernameToken;
import org.jboss.ws.extensions.security.exception.WSSecurityException;
import org.jboss.ws.extensions.security.nonce.NonceStore;
import org.jboss.wsf.spi.SPIProviderResolver;
import org.jboss.wsf.spi.invocation.SecurityAdaptor;
import org.jboss.wsf.spi.invocation.SecurityAdaptorFactory;
import org.jboss.xb.binding.SimpleTypeBindings;
import org.w3c.dom.Document;

/* loaded from: input_file:WEB-INF/lib/jbossws-native-core-3.0.5.GA.jar:org/jboss/ws/extensions/security/operation/ReceiveUsernameOperation.class */
public class ReceiveUsernameOperation implements TokenOperation {
    private SecurityHeader header;
    private SecurityStore store;
    private NonceStore nonceStore;
    private static final int TIMESTAMP_FRESHNESS_THRESHOLD = 300;
    private SecurityAdaptorFactory secAdapterfactory = (SecurityAdaptorFactory) SPIProviderResolver.getInstance().getProvider().getSPI(SecurityAdaptorFactory.class);

    public ReceiveUsernameOperation(SecurityHeader securityHeader, SecurityStore securityStore, NonceStore nonceStore) {
        this.header = securityHeader;
        this.store = securityStore;
        this.nonceStore = nonceStore;
    }

    @Override // org.jboss.ws.extensions.security.operation.TokenOperation
    public void process(Document document, Token token) throws WSSecurityException {
        UsernameToken usernameToken = (UsernameToken) token;
        SecurityAdaptor newSecurityAdapter = this.secAdapterfactory.newSecurityAdapter();
        Logger.getLogger(getClass()).info("Username: " + usernameToken.getUsername());
        Logger.getLogger(getClass()).info("Password: " + usernameToken.getPassword());
        if (usernameToken.isDigest()) {
            verifyUsernameToken(usernameToken);
            CallbackHandlerPolicyContextHandler.setCallbackHandler(new UsernameTokenCallbackHandler(usernameToken.getNonce(), usernameToken.getCreated()));
        }
        newSecurityAdapter.setPrincipal(new SimplePrincipal(usernameToken.getUsername()));
        newSecurityAdapter.setCredential(usernameToken.getPassword());
    }

    private void verifyUsernameToken(UsernameToken usernameToken) throws WSSecurityException {
        if (usernameToken.getCreated() != null) {
            Calendar unmarshalDateTime = SimpleTypeBindings.unmarshalDateTime(usernameToken.getCreated());
            Calendar calendar = Calendar.getInstance();
            calendar.add(13, -300);
            if (calendar.after(unmarshalDateTime)) {
                throw new WSSecurityException("Request rejected since a stale timestamp has been provided: " + usernameToken.getCreated());
            }
        }
        String nonce = usernameToken.getNonce();
        if (nonce != null) {
            if (this.nonceStore.hasNonce(nonce)) {
                throw new WSSecurityException("Request rejected since a message with the same nonce has been recently received; nonce = " + nonce);
            }
            this.nonceStore.putNonce(nonce);
        }
    }
}
