package org.springframework.ws.soap.security.xwss.callback;

import com.sun.xml.wss.impl.callback.CertificateValidationCallback;
import java.io.IOException;
import java.security.cert.X509Certificate;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationException;
import org.springframework.security.AuthenticationManager;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.providers.x509.X509AuthenticationToken;
import org.springframework.util.Assert;
import org.springframework.ws.soap.security.callback.AbstractCallbackHandler;
import org.springframework.ws.soap.security.callback.CleanupCallback;

/* loaded from: input_file:WEB-INF/lib/spring-ws-security-1.5.6.jar:org/springframework/ws/soap/security/xwss/callback/SpringCertificateValidationCallbackHandler.class */
public class SpringCertificateValidationCallbackHandler extends AbstractCallbackHandler implements InitializingBean {
    private AuthenticationManager authenticationManager;
    private boolean ignoreFailure = false;

    /* renamed from: org.springframework.ws.soap.security.xwss.callback.SpringCertificateValidationCallbackHandler$1, reason: invalid class name */
    /* loaded from: input_file:WEB-INF/lib/spring-ws-security-1.5.6.jar:org/springframework/ws/soap/security/xwss/callback/SpringCertificateValidationCallbackHandler$1.class */
    static class AnonymousClass1 {
    }

    /* loaded from: input_file:WEB-INF/lib/spring-ws-security-1.5.6.jar:org/springframework/ws/soap/security/xwss/callback/SpringCertificateValidationCallbackHandler$SpringSecurityCertificateValidator.class */
    private class SpringSecurityCertificateValidator implements CertificateValidationCallback.CertificateValidator {
        private final SpringCertificateValidationCallbackHandler this$0;

        private SpringSecurityCertificateValidator(SpringCertificateValidationCallbackHandler springCertificateValidationCallbackHandler) {
            this.this$0 = springCertificateValidationCallbackHandler;
        }

        @Override // com.sun.xml.wss.impl.callback.CertificateValidationCallback.CertificateValidator
        public boolean validate(X509Certificate x509Certificate) throws CertificateValidationCallback.CertificateValidationException {
            try {
                Authentication authenticate = this.this$0.authenticationManager.authenticate(new X509AuthenticationToken(x509Certificate));
                if (this.this$0.logger.isDebugEnabled()) {
                    this.this$0.logger.debug(new StringBuffer().append("Authentication request for certificate with DN [").append(x509Certificate.getSubjectX500Principal().getName()).append("] successful").toString());
                }
                SecurityContextHolder.getContext().setAuthentication(authenticate);
                return true;
            } catch (AuthenticationException e) {
                if (this.this$0.logger.isDebugEnabled()) {
                    this.this$0.logger.debug(new StringBuffer().append("Authentication request for certificate with DN [").append(x509Certificate.getSubjectX500Principal().getName()).append("] failed: ").append(e.toString()).toString());
                }
                SecurityContextHolder.clearContext();
                return this.this$0.ignoreFailure;
            }
        }

        SpringSecurityCertificateValidator(SpringCertificateValidationCallbackHandler springCertificateValidationCallbackHandler, AnonymousClass1 anonymousClass1) {
            this(springCertificateValidationCallbackHandler);
        }
    }

    public void setAuthenticationManager(AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
    }

    public void setIgnoreFailure(boolean z) {
        this.ignoreFailure = z;
    }

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() throws Exception {
        Assert.notNull(this.authenticationManager, "authenticationManager is required");
    }

    @Override // org.springframework.ws.soap.security.callback.AbstractCallbackHandler
    protected void handleInternal(Callback callback) throws IOException, UnsupportedCallbackException {
        if (callback instanceof CertificateValidationCallback) {
            ((CertificateValidationCallback) callback).setValidator(new SpringSecurityCertificateValidator(this, null));
        } else {
            if (!(callback instanceof CleanupCallback)) {
                throw new UnsupportedCallbackException(callback);
            }
            SecurityContextHolder.clearContext();
        }
    }
}
