package org.apache.cxf.ws.security.policy.interceptors;

import java.util.Collection;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.logging.Logger;
import javax.xml.transform.dom.DOMSource;
import org.apache.cxf.Bus;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.endpoint.Endpoint;
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.interceptor.Interceptor;
import org.apache.cxf.message.Exchange;
import org.apache.cxf.message.Message;
import org.apache.cxf.message.MessageContentsList;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.phase.Phase;
import org.apache.cxf.service.Service;
import org.apache.cxf.service.invoker.Invoker;
import org.apache.cxf.service.model.BindingOperationInfo;
import org.apache.cxf.staxutils.W3CDOMStreamWriter;
import org.apache.cxf.transport.Destination;
import org.apache.cxf.ws.addressing.AddressingProperties;
import org.apache.cxf.ws.addressing.AddressingPropertiesImpl;
import org.apache.cxf.ws.addressing.AttributedURIType;
import org.apache.cxf.ws.addressing.JAXWSAConstants;
import org.apache.cxf.ws.addressing.MAPAggregator;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.policy.EndpointPolicy;
import org.apache.cxf.ws.policy.PolicyBuilder;
import org.apache.cxf.ws.policy.PolicyEngine;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.cxf.ws.security.policy.SP12Constants;
import org.apache.cxf.ws.security.policy.model.Binding;
import org.apache.cxf.ws.security.policy.model.Header;
import org.apache.cxf.ws.security.policy.model.ProtectionToken;
import org.apache.cxf.ws.security.policy.model.SecureConversationToken;
import org.apache.cxf.ws.security.policy.model.SignedEncryptedParts;
import org.apache.cxf.ws.security.policy.model.SymmetricBinding;
import org.apache.cxf.ws.security.policy.model.Trust10;
import org.apache.cxf.ws.security.policy.model.Trust13;
import org.apache.cxf.ws.security.tokenstore.MemoryTokenStore;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.cxf.ws.security.tokenstore.TokenStore;
import org.apache.cxf.ws.security.trust.STSClient;
import org.apache.cxf.ws.security.trust.STSUtils;
import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor;
import org.apache.neethi.All;
import org.apache.neethi.Assertion;
import org.apache.neethi.ExactlyOne;
import org.apache.neethi.Policy;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.handler.WSHandlerConstants;
import org.apache.ws.security.handler.WSHandlerResult;
import org.apache.ws.security.message.token.SecurityContextToken;
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.util.Base64;
import org.apache.ws.security.util.XmlSchemaDateFormat;
import org.apache.xpath.compiler.Keywords;
import org.opensaml.ws.wstrust.CancelTarget;
import org.opensaml.ws.wstrust.Entropy;
import org.opensaml.ws.wstrust.Lifetime;
import org.opensaml.ws.wstrust.RequestSecurityToken;
import org.opensaml.ws.wstrust.RequestSecurityTokenResponseCollection;
import org.opensaml.ws.wstrust.RequestedAttachedReference;
import org.opensaml.ws.wstrust.RequestedTokenCancelled;
import org.opensaml.ws.wstrust.RequestedUnattachedReference;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;

/* loaded from: input_file:WEB-INF/lib/cxf-bundle-minimal-2.4.0-easy.jar:org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.class */
class SecureConversationInInterceptor extends AbstractPhaseInterceptor<SoapMessage> {
    static final Logger LOG = LogUtils.getL7dLogger(SecureConversationInInterceptor.class);

    /* loaded from: input_file:WEB-INF/lib/cxf-bundle-minimal-2.4.0-easy.jar:org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor$STSInvoker.class */
    public class STSInvoker implements Invoker {
        public STSInvoker() {
        }

        @Override // org.apache.cxf.service.invoker.Invoker
        public Object invoke(Exchange exchange, Object obj) {
            AddressingProperties addressingProperties = (AddressingProperties) exchange.getInMessage().getContextualProperty("javax.xml.ws.addressing.context.inbound");
            if (addressingProperties != null) {
                AddressingPropertiesImpl addressingPropertiesImpl = new AddressingPropertiesImpl(addressingProperties.getNamespaceURI());
                AttributedURIType attributedURIType = new AttributedURIType();
                attributedURIType.setValue(addressingProperties.getAction().getValue().replace("/RST/", "/RSTR/"));
                addressingPropertiesImpl.setAction(attributedURIType);
                exchange.getOutMessage().put("javax.xml.ws.addressing.context.outbound", addressingPropertiesImpl);
            }
            Node node = ((DOMSource) ((MessageContentsList) obj).get(0)).getNode();
            Element documentElement = node instanceof Document ? ((Document) node).getDocumentElement() : (Element) node;
            String namespaceURI = documentElement.getNamespaceURI();
            String prefix = documentElement.getPrefix();
            SecurityToken securityToken = null;
            if (!RequestSecurityToken.ELEMENT_LOCAL_NAME.equals(documentElement.getLocalName())) {
                throw new Fault("Unknown SecureConversation element: " + documentElement.getLocalName(), SecureConversationInInterceptor.LOG);
            }
            try {
                W3CDOMStreamWriter w3CDOMStreamWriter = new W3CDOMStreamWriter();
                w3CDOMStreamWriter.setNsRepairing(true);
                if ("http://docs.oasis-open.org/ws-sx/ws-trust/200512".equals(namespaceURI)) {
                    w3CDOMStreamWriter.writeStartElement(prefix, RequestSecurityTokenResponseCollection.ELEMENT_LOCAL_NAME, namespaceURI);
                }
                w3CDOMStreamWriter.writeStartElement(prefix, "RequestSecurityTokenResponse", namespaceURI);
                String str = null;
                for (Element firstElement = DOMUtils.getFirstElement(documentElement); firstElement != null; firstElement = DOMUtils.getNextElement(firstElement)) {
                    String localName = firstElement.getLocalName();
                    if (namespaceURI.equals(firstElement.getNamespaceURI())) {
                        if ("RequestType".equals(localName)) {
                            str = firstElement.getTextContent();
                        } else if (CancelTarget.ELEMENT_LOCAL_NAME.equals(localName)) {
                            securityToken = findCancelToken(exchange, firstElement);
                        }
                    }
                }
                if (str == null) {
                    str = "/Issue";
                }
                if (str.endsWith("/Issue")) {
                    doIssue(documentElement, exchange, w3CDOMStreamWriter, prefix, namespaceURI);
                } else if (str.endsWith("/Cancel")) {
                    TokenStore tokenStore = (TokenStore) ((Endpoint) exchange.get(Endpoint.class)).getEndpointInfo().getProperty(TokenStore.class.getName());
                    securityToken.setState(SecurityToken.State.CANCELLED);
                    tokenStore.update(securityToken);
                    w3CDOMStreamWriter.writeEmptyElement(prefix, RequestedTokenCancelled.ELEMENT_LOCAL_NAME, namespaceURI);
                    exchange.put(SecurityConstants.TOKEN, securityToken);
                } else if (str.endsWith("/Renew")) {
                }
                w3CDOMStreamWriter.writeEndElement();
                if ("http://docs.oasis-open.org/ws-sx/ws-trust/200512".equals(namespaceURI)) {
                    w3CDOMStreamWriter.writeEndElement();
                }
                return new MessageContentsList(new DOMSource(w3CDOMStreamWriter.getDocument()));
            } catch (RuntimeException e) {
                throw e;
            } catch (Exception e2) {
                throw new Fault(e2);
            }
        }

        private void doIssue(Element element, Exchange exchange, W3CDOMStreamWriter w3CDOMStreamWriter, String str, String str2) throws Exception {
            byte[] bArr = null;
            int i = 256;
            String str3 = null;
            Element firstElement = DOMUtils.getFirstElement(element);
            while (true) {
                Element element2 = firstElement;
                if (element2 == null) {
                    w3CDOMStreamWriter.writeStartElement(str, "RequestedSecurityToken", str2);
                    SecurityContextToken securityContextToken = new SecurityContextToken(SecureConversationTokenInterceptorProvider.getWSCVersion(str3), w3CDOMStreamWriter.getDocument());
                    Date date = new Date();
                    Date date2 = new Date();
                    date2.setTime(date.getTime() + (300000 * 1000));
                    SecurityToken securityToken = new SecurityToken(securityContextToken.getIdentifier(), date, date2);
                    securityToken.setToken(securityContextToken.getElement());
                    securityToken.setTokenType("http://schemas.xmlsoap.org/ws/2005/02/sc/sct");
                    w3CDOMStreamWriter.getCurrentNode().appendChild(securityContextToken.getElement());
                    w3CDOMStreamWriter.writeEndElement();
                    w3CDOMStreamWriter.writeStartElement(str, RequestedAttachedReference.ELEMENT_LOCAL_NAME, str2);
                    securityToken.setAttachedReference(SecureConversationTokenInterceptorProvider.writeSecurityTokenReference(w3CDOMStreamWriter, "#" + securityContextToken.getID(), str3));
                    w3CDOMStreamWriter.writeEndElement();
                    w3CDOMStreamWriter.writeStartElement(str, RequestedUnattachedReference.ELEMENT_LOCAL_NAME, str2);
                    securityToken.setUnattachedReference(SecureConversationTokenInterceptorProvider.writeSecurityTokenReference(w3CDOMStreamWriter, securityContextToken.getIdentifier(), str3));
                    w3CDOMStreamWriter.writeEndElement();
                    XmlSchemaDateFormat xmlSchemaDateFormat = new XmlSchemaDateFormat();
                    w3CDOMStreamWriter.writeStartElement(str, Lifetime.ELEMENT_LOCAL_NAME, str2);
                    w3CDOMStreamWriter.writeNamespace("wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
                    w3CDOMStreamWriter.writeStartElement("wsu", "Created", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
                    w3CDOMStreamWriter.writeCharacters(xmlSchemaDateFormat.format(Long.valueOf(date.getTime())));
                    w3CDOMStreamWriter.writeEndElement();
                    w3CDOMStreamWriter.writeStartElement("wsu", "Expires", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
                    w3CDOMStreamWriter.writeCharacters(xmlSchemaDateFormat.format(Long.valueOf(date2.getTime())));
                    w3CDOMStreamWriter.writeEndElement();
                    w3CDOMStreamWriter.writeEndElement();
                    securityToken.setSecret(SecureConversationTokenInterceptorProvider.writeProofToken(str, str2, w3CDOMStreamWriter, bArr, i));
                    ((TokenStore) ((Endpoint) exchange.get(Endpoint.class)).getEndpointInfo().getProperty(TokenStore.class.getName())).add(securityToken);
                    return;
                }
                String localName = element2.getLocalName();
                if (str2.equals(element2.getNamespaceURI())) {
                    if (Entropy.ELEMENT_LOCAL_NAME.equals(localName)) {
                        Element firstElement2 = DOMUtils.getFirstElement(element2);
                        if (firstElement2 != null) {
                            bArr = Base64.decode(firstElement2.getTextContent());
                        }
                    } else if ("KeySize".equals(localName)) {
                        i = Integer.parseInt(element2.getTextContent());
                    } else if ("TokenType".equals(localName)) {
                        str3 = element2.getTextContent();
                    }
                }
                firstElement = DOMUtils.getNextElement(element2);
            }
        }

        private SecurityToken findCancelToken(Exchange exchange, Element element) throws WSSecurityException {
            return ((TokenStore) ((Endpoint) exchange.get(Endpoint.class)).getEndpointInfo().getProperty(TokenStore.class.getName())).getToken(new SecurityTokenReference(DOMUtils.getFirstElement(element)).getReference().getURI());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/cxf-bundle-minimal-2.4.0-easy.jar:org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor$SecureConversationCancelInterceptor.class */
    public static class SecureConversationCancelInterceptor extends AbstractPhaseInterceptor<SoapMessage> {
        static final SecureConversationCancelInterceptor INSTANCE = new SecureConversationCancelInterceptor();

        public SecureConversationCancelInterceptor() {
            super(Phase.POST_LOGICAL);
        }

        @Override // org.apache.cxf.interceptor.Interceptor
        public void handleMessage(SoapMessage soapMessage) throws Fault {
            Collection<AssertionInfo> collection;
            AssertionInfoMap assertionInfoMap = (AssertionInfoMap) soapMessage.get(AssertionInfoMap.class);
            if (assertionInfoMap == null || (collection = assertionInfoMap.get(SP12Constants.SECURE_CONVERSATION_TOKEN)) == null || collection.isEmpty()) {
                return;
            }
            doCancel(soapMessage, assertionInfoMap, (SecureConversationToken) collection.iterator().next().getAssertion());
        }

        private void doCancel(SoapMessage soapMessage, AssertionInfoMap assertionInfoMap, SecureConversationToken secureConversationToken) {
            String str;
            Message outMessage = soapMessage.getExchange().getOutMessage();
            SecurityToken securityToken = (SecurityToken) outMessage.getContextualProperty(SecurityConstants.TOKEN);
            if (securityToken == null && (str = (String) outMessage.getContextualProperty(SecurityConstants.TOKEN_ID)) != null) {
                securityToken = SecureConversationTokenInterceptorProvider.getTokenStore(outMessage).getToken(str);
            }
            STSClient client = STSUtils.getClient(outMessage, "sct");
            AddressingProperties addressingProperties = (AddressingProperties) soapMessage.get("javax.xml.ws.addressing.context.inbound");
            if (addressingProperties == null) {
                addressingProperties = (AddressingProperties) outMessage.get(JAXWSAConstants.CLIENT_ADDRESSING_PROPERTIES);
            }
            synchronized (client) {
                try {
                    try {
                        SecureConversationTokenInterceptorProvider.setupClient(client, soapMessage, assertionInfoMap, secureConversationToken, true);
                        if (addressingProperties != null) {
                            client.setAddressingNamespace(addressingProperties.getNamespaceURI());
                        }
                        client.cancelSecurityToken(securityToken);
                        SecureConversationTokenInterceptorProvider.getTokenStore(outMessage).remove(securityToken);
                        client.setTrust((Trust10) null);
                        client.setTrust((Trust13) null);
                        client.setTemplate(null);
                        client.setLocation(null);
                        client.setAddressingNamespace(null);
                    } catch (RuntimeException e) {
                        throw e;
                    } catch (Exception e2) {
                        throw new Fault(e2);
                    }
                } catch (Throwable th) {
                    client.setTrust((Trust10) null);
                    client.setTrust((Trust13) null);
                    client.setTemplate(null);
                    client.setLocation(null);
                    client.setAddressingNamespace(null);
                    throw th;
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/cxf-bundle-minimal-2.4.0-easy.jar:org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor$SecureConversationTokenFinderInterceptor.class */
    public static final class SecureConversationTokenFinderInterceptor extends AbstractPhaseInterceptor<SoapMessage> {
        static final SecureConversationTokenFinderInterceptor INSTANCE = new SecureConversationTokenFinderInterceptor();

        private SecureConversationTokenFinderInterceptor() {
            super(Phase.PRE_PROTOCOL);
            addAfter(WSS4JInInterceptor.class.getName());
        }

        @Override // org.apache.cxf.interceptor.Interceptor
        public void handleMessage(SoapMessage soapMessage) throws Fault {
            Collection<AssertionInfo> collection;
            boolean z = false;
            List cast = CastUtils.cast((List<?>) soapMessage.get(WSHandlerConstants.RECV_RESULTS));
            if (cast != null) {
                Iterator it = cast.iterator();
                while (it.hasNext()) {
                    for (WSSecurityEngineResult wSSecurityEngineResult : ((WSHandlerResult) it.next()).getResults()) {
                        if (((Integer) wSSecurityEngineResult.get("action")).intValue() == 1024) {
                            soapMessage.getExchange().put(SecurityConstants.TOKEN_ID, ((SecurityContextToken) wSSecurityEngineResult.get(WSSecurityEngineResult.TAG_SECURITY_CONTEXT_TOKEN)).getIdentifier());
                            z = true;
                        }
                    }
                }
            }
            AssertionInfoMap assertionInfoMap = (AssertionInfoMap) soapMessage.get(AssertionInfoMap.class);
            if (assertionInfoMap == null || (collection = assertionInfoMap.get(SP12Constants.SECURE_CONVERSATION_TOKEN)) == null || collection.isEmpty()) {
                return;
            }
            for (AssertionInfo assertionInfo : collection) {
                if (z) {
                    assertionInfo.setAsserted(true);
                } else {
                    assertionInfo.setNotAsserted("No SecureConversation token found in message.");
                }
            }
        }
    }

    public SecureConversationInInterceptor() {
        super(Phase.PRE_PROTOCOL);
    }

    private Binding getBinding(AssertionInfoMap assertionInfoMap) {
        Collection<AssertionInfo> collection = assertionInfoMap.get(SP12Constants.SYMMETRIC_BINDING);
        if (collection != null && !collection.isEmpty()) {
            return (Binding) collection.iterator().next().getAssertion();
        }
        Collection<AssertionInfo> collection2 = assertionInfoMap.get(SP12Constants.ASYMMETRIC_BINDING);
        if (collection2 != null && !collection2.isEmpty()) {
            return (Binding) collection2.iterator().next().getAssertion();
        }
        Collection<AssertionInfo> collection3 = assertionInfoMap.get(SP12Constants.TRANSPORT_BINDING);
        if (collection3 == null || collection3.isEmpty()) {
            return null;
        }
        return (Binding) collection3.iterator().next().getAssertion();
    }

    @Override // org.apache.cxf.interceptor.Interceptor
    public void handleMessage(SoapMessage soapMessage) throws Fault {
        Collection<AssertionInfo> collection;
        Policy policy;
        AssertionInfoMap assertionInfoMap = (AssertionInfoMap) soapMessage.get(AssertionInfoMap.class);
        if (assertionInfoMap == null || (collection = assertionInfoMap.get(SP12Constants.SECURE_CONVERSATION_TOKEN)) == null || collection.isEmpty()) {
            return;
        }
        if (isRequestor(soapMessage)) {
            Iterator<AssertionInfo> it = collection.iterator();
            while (it.hasNext()) {
                it.next().setAsserted(true);
            }
            Object contextualProperty = soapMessage.getContextualProperty(SecurityConstants.STS_TOKEN_DO_CANCEL);
            if (contextualProperty != null) {
                if (Boolean.TRUE.equals(contextualProperty) || Keywords.FUNC_TRUE_STRING.equalsIgnoreCase(contextualProperty.toString())) {
                    soapMessage.getInterceptorChain().add(SecureConversationCancelInterceptor.INSTANCE);
                    return;
                }
                return;
            }
            return;
        }
        String str = (String) soapMessage.get("SOAPAction");
        String str2 = null;
        AddressingProperties addressingProperties = (AddressingProperties) soapMessage.getContextualProperty("javax.xml.ws.addressing.context.inbound");
        if (addressingProperties != null) {
            str2 = addressingProperties.getNamespaceURI();
            if (str == null) {
                str = addressingProperties.getAction().getValue();
            }
        }
        if (str == null || !str.contains("/RST/SCT") || (!str.startsWith("http://schemas.xmlsoap.org/ws/2005/02/trust") && !str.startsWith("http://docs.oasis-open.org/ws-sx/ws-trust/200512"))) {
            soapMessage.getInterceptorChain().add(SecureConversationTokenFinderInterceptor.INSTANCE);
            return;
        }
        Policy bootstrapPolicy = ((SecureConversationToken) collection.iterator().next().getAssertion()).getBootstrapPolicy();
        if (str.endsWith("Cancel") || str.endsWith("/Renew")) {
            Policy policy2 = new Policy();
            ExactlyOne exactlyOne = new ExactlyOne();
            policy2.addPolicyComponent(exactlyOne);
            All all = new All();
            all.addPolicyComponent(SecureConversationTokenInterceptorProvider.getAddressingPolicy(assertionInfoMap, false));
            exactlyOne.addPolicyComponent(all);
            PolicyBuilder policyBuilder = (PolicyBuilder) soapMessage.getExchange().getBus().getExtension(PolicyBuilder.class);
            SymmetricBinding symmetricBinding = new SymmetricBinding(SP12Constants.INSTANCE, policyBuilder);
            symmetricBinding.setIncludeTimestamp(true);
            ProtectionToken protectionToken = new ProtectionToken(SP12Constants.INSTANCE, policyBuilder);
            protectionToken.setToken(new SecureConversationToken(SP12Constants.INSTANCE));
            symmetricBinding.setProtectionToken(protectionToken);
            symmetricBinding.setEntireHeadersAndBodySignatures(true);
            symmetricBinding.setAlgorithmSuite(getBinding(assertionInfoMap).getAlgorithmSuite());
            all.addPolicyComponent(symmetricBinding);
            SignedEncryptedParts signedEncryptedParts = new SignedEncryptedParts(true, SP12Constants.INSTANCE);
            signedEncryptedParts.setBody(true);
            if (str2 != null) {
                signedEncryptedParts.addHeader(new Header("To", str2));
                signedEncryptedParts.addHeader(new Header("From", str2));
                signedEncryptedParts.addHeader(new Header("FaultTo", str2));
                signedEncryptedParts.addHeader(new Header("ReplyTO", str2));
                signedEncryptedParts.addHeader(new Header("MessageID", str2));
                signedEncryptedParts.addHeader(new Header("RelatesTo", str2));
                signedEncryptedParts.addHeader(new Header("Action", str2));
            }
            all.addPolicyComponent(signedEncryptedParts);
            policy = policy2;
            soapMessage.getInterceptorChain().add(SecureConversationTokenFinderInterceptor.INSTANCE);
        } else {
            Policy policy3 = new Policy();
            ExactlyOne exactlyOne2 = new ExactlyOne();
            policy3.addPolicyComponent(exactlyOne2);
            All all2 = new All();
            all2.addPolicyComponent(SecureConversationTokenInterceptorProvider.getAddressingPolicy(assertionInfoMap, false));
            exactlyOne2.addPolicyComponent(all2);
            policy = policy3.merge(bootstrapPolicy);
        }
        unmapSecurityProps(soapMessage);
        recalcEffectivePolicy(soapMessage, str.startsWith("http://schemas.xmlsoap.org/ws/2005/02/trust") ? "http://schemas.xmlsoap.org/ws/2005/02/trust" : "http://docs.oasis-open.org/ws-sx/ws-trust/200512", policy);
    }

    private void recalcEffectivePolicy(SoapMessage soapMessage, String str, Policy policy) {
        Exchange exchange = soapMessage.getExchange();
        Bus bus = (Bus) exchange.get(Bus.class);
        PolicyEngine policyEngine = (PolicyEngine) bus.getExtension(PolicyEngine.class);
        if (null == policyEngine) {
            return;
        }
        Destination destination = exchange.getDestination();
        try {
            Endpoint endpoint = (Endpoint) soapMessage.getExchange().get(Endpoint.class);
            TokenStore tokenStore = (TokenStore) soapMessage.getContextualProperty(TokenStore.class.getName());
            if (tokenStore == null) {
                tokenStore = new MemoryTokenStore();
                endpoint.getEndpointInfo().setProperty(TokenStore.class.getName(), tokenStore);
            }
            Endpoint createSTSEndpoint = STSUtils.createSTSEndpoint(bus, str, endpoint.getEndpointInfo().getTransportId(), destination.getAddress().getAddress().getValue(), soapMessage.getVersion().getBindingId(), policy, null);
            createSTSEndpoint.getEndpointInfo().setProperty(TokenStore.class.getName(), tokenStore);
            soapMessage.getExchange().put(TokenStore.class.getName(), tokenStore);
            EndpointPolicy serverEndpointPolicy = policyEngine.getServerEndpointPolicy(createSTSEndpoint.getEndpointInfo(), destination);
            Iterator<Interceptor<? extends Message>> it = serverEndpointPolicy.getInterceptors().iterator();
            while (it.hasNext()) {
                soapMessage.getInterceptorChain().add(it.next());
            }
            Collection<Assertion> vocabulary = serverEndpointPolicy.getVocabulary();
            if (null != vocabulary) {
                soapMessage.put((Class<Class>) AssertionInfoMap.class, (Class) new AssertionInfoMap(vocabulary));
            }
            createSTSEndpoint.getService().setInvoker(new STSInvoker());
            exchange.put((Class<Class>) Endpoint.class, (Class) createSTSEndpoint);
            exchange.put((Class<Class>) Service.class, (Class) createSTSEndpoint.getService());
            exchange.put((Class<Class>) org.apache.cxf.binding.Binding.class, (Class) createSTSEndpoint.getBinding());
            exchange.remove(BindingOperationInfo.class);
            soapMessage.put(MAPAggregator.ACTION_VERIFIED, (Object) Boolean.TRUE);
        } catch (Exception e) {
            throw new Fault(e);
        }
    }

    private void unmapSecurityProps(Message message) {
        Exchange exchange = message.getExchange();
        for (String str : SecurityConstants.ALL_PROPERTIES) {
            Object contextualProperty = message.getContextualProperty(str + ".sct");
            if (contextualProperty != null) {
                exchange.put(str, contextualProperty);
            }
        }
    }
}
