package com.sun.xml.ws.security.impl.policyconv;

import com.sun.xml.ws.policy.PolicyAssertion;
import com.sun.xml.ws.policy.PolicyException;
import com.sun.xml.ws.security.impl.policy.PolicyUtil;
import com.sun.xml.ws.security.policy.AlgorithmSuite;
import com.sun.xml.ws.security.policy.Binding;
import com.sun.xml.ws.security.policy.EncryptedElements;
import com.sun.xml.ws.security.policy.EncryptedParts;
import com.sun.xml.ws.security.policy.SecurityPolicyVersion;
import com.sun.xml.ws.security.policy.SignedElements;
import com.sun.xml.ws.security.policy.SignedParts;
import com.sun.xml.ws.security.policy.SupportingTokens;
import com.sun.xml.ws.security.policy.Target;
import com.sun.xml.ws.security.policy.Token;
import com.sun.xml.ws.security.policy.UserNameToken;
import com.sun.xml.wss.impl.MessageConstants;
import com.sun.xml.wss.impl.PolicyTypeUtil;
import com.sun.xml.wss.impl.policy.mls.AuthenticationTokenPolicy;
import com.sun.xml.wss.impl.policy.mls.EncryptionPolicy;
import com.sun.xml.wss.impl.policy.mls.IssuedTokenKeyBinding;
import com.sun.xml.wss.impl.policy.mls.KeyBindingBase;
import com.sun.xml.wss.impl.policy.mls.SignaturePolicy;
import com.sun.xml.wss.impl.policy.mls.SignatureTarget;
import com.sun.xml.wss.impl.policy.mls.WSSPolicy;
import java.util.ArrayList;
import java.util.Iterator;
import javax.xml.namespace.QName;

/* loaded from: input_file:com/sun/xml/ws/security/impl/policyconv/SupportingTokensProcessor.class */
public class SupportingTokensProcessor {
    protected TokenProcessor tokenProcessor;
    protected SignatureTargetCreator stc;
    protected EncryptionTargetCreator etc;
    protected Binding binding;
    protected XWSSPolicyContainer policyContainer;
    protected SignaturePolicy signaturePolicy;
    protected EncryptionPolicy encryptionPolicy;
    protected SupportingTokens st;
    protected IntegrityAssertionProcessor iAP;
    protected EncryptionAssertionProcessor eAP;
    protected ArrayList<SignaturePolicy> spList;
    protected ArrayList<EncryptionPolicy> epList;
    protected SignedParts emptySP;
    protected boolean buildSP;
    protected boolean buildEP;
    protected PolicyID pid;

    protected SupportingTokensProcessor() {
        this.tokenProcessor = null;
        this.stc = null;
        this.etc = null;
        this.binding = null;
        this.policyContainer = null;
        this.signaturePolicy = null;
        this.encryptionPolicy = null;
        this.st = null;
        this.iAP = null;
        this.eAP = null;
        this.spList = null;
        this.epList = null;
        this.emptySP = null;
        this.buildSP = false;
        this.buildEP = false;
        this.pid = null;
    }

    public SupportingTokensProcessor(SupportingTokens supportingTokens, TokenProcessor tokenProcessor, Binding binding, XWSSPolicyContainer xWSSPolicyContainer, SignaturePolicy signaturePolicy, EncryptionPolicy encryptionPolicy, PolicyID policyID) {
        this.tokenProcessor = null;
        this.stc = null;
        this.etc = null;
        this.binding = null;
        this.policyContainer = null;
        this.signaturePolicy = null;
        this.encryptionPolicy = null;
        this.st = null;
        this.iAP = null;
        this.eAP = null;
        this.spList = null;
        this.epList = null;
        this.emptySP = null;
        this.buildSP = false;
        this.buildEP = false;
        this.pid = null;
        this.st = supportingTokens;
        this.tokenProcessor = tokenProcessor;
        this.binding = binding;
        this.pid = policyID;
        this.policyContainer = xWSSPolicyContainer;
        this.encryptionPolicy = encryptionPolicy;
        this.signaturePolicy = signaturePolicy;
        AlgorithmSuite algorithmSuite = supportingTokens.getAlgorithmSuite();
        if (algorithmSuite == null && binding != null) {
            algorithmSuite = binding.getAlgorithmSuite();
        }
        this.iAP = new IntegrityAssertionProcessor(algorithmSuite, binding != null ? binding.isSignContent() : false);
        this.eAP = new EncryptionAssertionProcessor(algorithmSuite, false);
        this.stc = this.iAP.getTargetCreator();
        this.etc = this.eAP.getTargetCreator();
        this.emptySP = getEmptySignedParts(supportingTokens.getSignedParts());
    }

    /* JADX WARN: Multi-variable type inference failed */
    public void process() throws PolicyException {
        Iterator tokens = this.st.getTokens();
        if (this.st.getEncryptedParts().hasNext() || this.st.getEncryptedElements().hasNext()) {
            this.buildEP = true;
        }
        if (this.st.getSignedElements().hasNext() || this.st.getSignedParts().hasNext()) {
            this.buildSP = true;
        }
        while (tokens.hasNext()) {
            Token token = (Token) tokens.next();
            SecurityPolicyVersion sPVersion = SecurityPolicyUtil.getSPVersion((PolicyAssertion) token);
            WSSPolicy wSSToken = this.tokenProcessor.getWSSToken(token);
            if ((this instanceof EndorsingSupportingTokensProcessor) && PolicyUtil.isUsernameToken((PolicyAssertion) token, sPVersion)) {
                ((AuthenticationTokenPolicy.UsernameTokenBinding) wSSToken).isEndorsing(true);
            }
            if (PolicyUtil.isIssuedToken((PolicyAssertion) token, sPVersion) && (this instanceof EndorsingSupportingTokensProcessor)) {
                ((IssuedTokenKeyBinding) wSSToken).setSTRID(null);
            }
            if (wSSToken.getUUID() != null) {
                addToPrimarySignature(wSSToken, token);
                encryptToken(token, sPVersion);
                if (PolicyUtil.isSamlToken((PolicyAssertion) token, sPVersion)) {
                    correctSAMLBinding(wSSToken);
                }
                collectSignaturePolicies(token);
                if (this.buildEP) {
                    EncryptionPolicy encryptionPolicy = new EncryptionPolicy();
                    encryptionPolicy.setKeyBinding(wSSToken);
                    getEPList().add(encryptionPolicy);
                }
            }
            if (!(this instanceof EndorsingSupportingTokensProcessor)) {
                AuthenticationTokenPolicy authenticationTokenPolicy = new AuthenticationTokenPolicy();
                authenticationTokenPolicy.setFeatureBinding(wSSToken);
                this.policyContainer.insert(authenticationTokenPolicy);
            }
            addTargets();
        }
    }

    protected void collectSignaturePolicies(Token token) throws PolicyException {
        if (this.buildSP) {
            createSupportingSignature(token);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void createSupportingSignature(Token token) throws PolicyException {
        SignaturePolicy signaturePolicy = new SignaturePolicy();
        signaturePolicy.setUUID(this.pid.generateID());
        this.tokenProcessor.addKeyBinding(this.binding, signaturePolicy, token, true);
        if (this.binding != null && this.binding.getTokenProtection()) {
            protectToken((WSSPolicy) signaturePolicy.getKeyBinding(), signaturePolicy);
        }
        SignaturePolicy.FeatureBinding featureBinding = (SignaturePolicy.FeatureBinding) signaturePolicy.getFeatureBinding();
        AlgorithmSuite algorithmSuite = this.st.getAlgorithmSuite();
        if (algorithmSuite == null && this.binding != null) {
            algorithmSuite = this.binding.getAlgorithmSuite();
        }
        SecurityPolicyUtil.setCanonicalizationMethod(featureBinding, algorithmSuite);
        getSPList().add(signaturePolicy);
        endorseSignature(signaturePolicy);
    }

    protected void addToPrimarySignature(WSSPolicy wSSPolicy, Token token) throws PolicyException {
    }

    protected void endorseSignature(SignaturePolicy signaturePolicy) {
    }

    protected ArrayList<SignaturePolicy> getSPList() {
        if (this.spList == null) {
            this.spList = new ArrayList<>();
        }
        return this.spList;
    }

    protected ArrayList<EncryptionPolicy> getEPList() {
        if (this.epList == null) {
            this.epList = new ArrayList<>();
        }
        return this.epList;
    }

    /* JADX WARN: Multi-variable type inference failed */
    protected void encryptToken(Token token, SecurityPolicyVersion securityPolicyVersion) throws PolicyException {
        if (!PolicyUtil.isUsernameToken((PolicyAssertion) token, securityPolicyVersion) || !((UserNameToken) token).hasPassword() || ((UserNameToken) token).useHashPassword() || this.binding == null || token.getTokenId() == null) {
            return;
        }
        ((EncryptionPolicy.FeatureBinding) this.encryptionPolicy.getFeatureBinding()).addTargetBinding(this.etc.newURIEncryptionTarget(token.getTokenId()));
    }

    protected SignedParts getEmptySignedParts(Iterator it) {
        while (it.hasNext()) {
            Object obj = (Target) it.next();
            if (PolicyUtil.isSignedParts((PolicyAssertion) obj, SecurityPolicyUtil.getSPVersion((PolicyAssertion) obj)) && SecurityPolicyUtil.isSignedPartsEmpty((SignedParts) obj)) {
                return (SignedParts) obj;
            }
        }
        return null;
    }

    protected void addTargets() {
        if (this.binding == null || !"SignBeforeEncrypting".equals(this.binding.getProtectionOrder())) {
            if (this.epList != null) {
                populateEncryptionPolicy();
            }
            if (this.spList != null) {
                populateSignaturePolicy();
                return;
            }
            return;
        }
        if (this.spList != null) {
            populateSignaturePolicy();
        }
        if (this.epList != null) {
            populateEncryptionPolicy();
        }
    }

    protected void populateSignaturePolicy() {
        Iterator<SignaturePolicy> it = this.spList.iterator();
        while (it.hasNext()) {
            SignaturePolicy next = it.next();
            SignaturePolicy.FeatureBinding featureBinding = (SignaturePolicy.FeatureBinding) next.getFeatureBinding();
            if (this.emptySP != null) {
                this.iAP.process(this.emptySP, featureBinding);
            } else {
                Iterator<SignedParts> signedParts = this.st.getSignedParts();
                while (signedParts.hasNext()) {
                    this.iAP.process(signedParts.next(), featureBinding);
                }
            }
            Iterator<SignedElements> signedElements = this.st.getSignedElements();
            while (signedElements.hasNext()) {
                this.iAP.process(signedElements.next(), featureBinding);
            }
            this.policyContainer.insert(next);
        }
        this.spList.clear();
    }

    protected void populateEncryptionPolicy() {
        Iterator<EncryptionPolicy> it = this.epList.iterator();
        while (it.hasNext()) {
            EncryptionPolicy next = it.next();
            EncryptionPolicy.FeatureBinding featureBinding = (EncryptionPolicy.FeatureBinding) next.getFeatureBinding();
            Iterator<EncryptedElements> encryptedElements = this.st.getEncryptedElements();
            while (encryptedElements.hasNext()) {
                this.eAP.process(encryptedElements.next(), featureBinding);
            }
            Iterator<EncryptedParts> encryptedParts = this.st.getEncryptedParts();
            while (encryptedParts.hasNext()) {
                this.eAP.process(encryptedParts.next(), featureBinding);
            }
            this.policyContainer.insert(next);
        }
    }

    protected void protectToken(WSSPolicy wSSPolicy, SignaturePolicy signaturePolicy) {
        String uuid = wSSPolicy.getUUID();
        boolean z = false;
        String includeToken = ((KeyBindingBase) wSSPolicy).getIncludeToken();
        if (includeToken.endsWith("AlwaysToRecipient") || includeToken.endsWith("Always")) {
            z = true;
        }
        if (uuid != null) {
            SignatureTargetCreator targetCreator = this.iAP.getTargetCreator();
            SignatureTarget newURISignatureTarget = targetCreator.newURISignatureTarget(uuid);
            SecurityPolicyUtil.setName(newURISignatureTarget, wSSPolicy);
            if (z) {
                targetCreator.addTransform(newURISignatureTarget);
            } else {
                targetCreator.addSTRTransform(newURISignatureTarget);
                newURISignatureTarget.setPolicyName(getQName(wSSPolicy));
            }
            ((SignaturePolicy.FeatureBinding) signaturePolicy.getFeatureBinding()).addTargetBinding(newURISignatureTarget);
        }
    }

    protected void correctSAMLBinding(WSSPolicy wSSPolicy) {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public QName getQName(WSSPolicy wSSPolicy) {
        QName qName = null;
        if (PolicyTypeUtil.UsernameTokenBinding(wSSPolicy)) {
            qName = new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "UsernameToken");
        } else if (PolicyTypeUtil.x509CertificateBinding(wSSPolicy)) {
            qName = new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", MessageConstants.WSSE_BINARY_SECURITY_TOKEN_LNAME);
        } else if (PolicyTypeUtil.samlTokenPolicy(wSSPolicy)) {
            qName = new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "SAMLToken");
        }
        return qName;
    }
}
