package org.apache.rampart;

import java.math.BigInteger;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.Vector;
import javax.xml.namespace.QName;
import org.apache.axiom.om.OMNamespace;
import org.apache.axiom.om.xpath.AXIOMXPath;
import org.apache.axiom.soap.SOAPEnvelope;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.rampart.policy.RampartPolicyData;
import org.apache.rampart.policy.SupportingPolicyData;
import org.apache.rampart.util.RampartUtil;
import org.apache.ws.secpolicy.SPConstants;
import org.apache.ws.secpolicy.model.IssuedToken;
import org.apache.ws.secpolicy.model.SignedEncryptedParts;
import org.apache.ws.secpolicy.model.SupportingToken;
import org.apache.ws.secpolicy.model.Token;
import org.apache.ws.secpolicy.model.UsernameToken;
import org.apache.ws.secpolicy.model.X509Token;
import org.apache.ws.security.SOAP11Constants;
import org.apache.ws.security.SOAP12Constants;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSDataRef;
import org.apache.ws.security.WSEncryptionPart;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoType;
import org.apache.ws.security.message.token.Timestamp;
import org.apache.ws.security.util.WSSecurityUtil;
import org.jaxen.JaxenException;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:WEB-INF/lib/rampart-core-1.7.1.jar:org/apache/rampart/PolicyBasedResultsValidator.class */
public class PolicyBasedResultsValidator implements ExtendedPolicyValidatorCallbackHandler {
    private static Log log = LogFactory.getLog(PolicyBasedResultsValidator.class);

    @Override // org.apache.rampart.PolicyValidatorCallbackHandler
    public void validate(ValidatorData validatorData, Vector vector) throws RampartException {
        validate(validatorData, new ArrayList(vector));
    }

    @Override // org.apache.rampart.ExtendedPolicyValidatorCallbackHandler
    public void validate(ValidatorData validatorData, List<WSSecurityEngineResult> list) throws RampartException {
        Timestamp timestamp;
        X509Certificate x509Certificate;
        SignedEncryptedParts signedParts;
        SignedEncryptedParts signedParts2;
        RampartMessageData rampartMessageData = validatorData.getRampartMessageData();
        RampartPolicyData policyData = rampartMessageData.getPolicyData();
        if (policyData != null && list == null) {
            throw new RampartException("noSecurityResults");
        }
        WSSecurityEngineResult wSSecurityEngineResult = null;
        if (policyData != null && policyData.isIncludeTimestamp()) {
            wSSecurityEngineResult = WSSecurityUtil.fetchActionResult(list, 32);
            if (wSSecurityEngineResult == null && !policyData.isIncludeTimestampOptional()) {
                throw new RampartException("timestampMissing");
            }
        }
        List<WSEncryptionPart> encryptedParts = RampartUtil.getEncryptedParts(rampartMessageData);
        if (policyData != null && policyData.isSignatureProtection() && isSignatureRequired(rampartMessageData)) {
            encryptedParts.add(RampartUtil.createEncryptionPart("Signature", RampartUtil.getSigElementId(rampartMessageData), "http://www.w3.org/2000/09/xmldsig#", RampartConstants.XML_ENCRYPTION_MODIFIER_ELEMENT));
        }
        List<WSEncryptionPart> signedParts3 = RampartUtil.getSignedParts(rampartMessageData);
        if (policyData != null && ((wSSecurityEngineResult != null || !policyData.isIncludeTimestampOptional()) && policyData.isIncludeTimestamp() && !policyData.isTransportBinding())) {
            signedParts3.add(RampartUtil.createEncryptionPart("Timestamp", WSSecurityEngineResult.TAG_TIMESTAMP));
        }
        if (!rampartMessageData.isInitiator()) {
            SupportingToken endorsingSupportingTokens = policyData != null ? policyData.getEndorsingSupportingTokens() : null;
            if (endorsingSupportingTokens != null && !endorsingSupportingTokens.isOptional() && (((signedParts2 = endorsingSupportingTokens.getSignedParts()) != null && !signedParts2.isOptional() && (signedParts2.isBody() || signedParts2.getHeaders().size() > 0)) || policyData.isIncludeTimestamp())) {
                signedParts3.add(RampartUtil.createEncryptionPart(SPConstants.ENDORSING_SUPPORTING_TOKENS, SPConstants.ENDORSING_SUPPORTING_TOKENS));
            }
            SupportingToken signedEndorsingSupportingTokens = policyData != null ? policyData.getSignedEndorsingSupportingTokens() : null;
            if (signedEndorsingSupportingTokens != null && !signedEndorsingSupportingTokens.isOptional() && (((signedParts = signedEndorsingSupportingTokens.getSignedParts()) != null && !signedParts.isOptional() && (signedParts.isBody() || signedParts.getHeaders().size() > 0)) || policyData.isIncludeTimestamp())) {
                signedParts3.add(RampartUtil.createEncryptionPart(SPConstants.SIGNED_ENDORSING_SUPPORTING_TOKENS, SPConstants.SIGNED_ENDORSING_SUPPORTING_TOKENS));
            }
            if (policyData != null) {
                for (SupportingToken supportingToken : policyData.getSupportingTokensList()) {
                    if (supportingToken != null && !supportingToken.isOptional()) {
                        SupportingPolicyData supportingPolicyData = new SupportingPolicyData();
                        supportingPolicyData.build(supportingToken);
                        encryptedParts.addAll(RampartUtil.getSupportingEncryptedParts(rampartMessageData, supportingPolicyData));
                        signedParts3.addAll(RampartUtil.getSupportingSignedParts(rampartMessageData, supportingPolicyData));
                    }
                }
            }
        }
        validateEncrSig(validatorData, encryptedParts, signedParts3, list);
        if (policyData != null && !policyData.isTransportBinding()) {
            validateProtectionOrder(validatorData, list);
        }
        validateEncryptedParts(validatorData, encryptedParts, list);
        validateSignedPartsHeaders(validatorData, signedParts3, list);
        validateRequiredElements(validatorData);
        if (!rampartMessageData.isInitiator()) {
            validateSupportingTokens(validatorData, list);
        }
        WSSecurityEngineResult fetchActionResult = WSSecurityUtil.fetchActionResult(list, 2);
        if (fetchActionResult != null && (x509Certificate = (X509Certificate) fetchActionResult.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE)) != null && !verifyTrust(x509Certificate, rampartMessageData)) {
            throw new RampartException("trustVerificationError");
        }
        WSSecurityEngineResult fetchActionResult2 = WSSecurityUtil.fetchActionResult(list, 32);
        if (fetchActionResult2 != null && (timestamp = (Timestamp) fetchActionResult2.get(WSSecurityEngineResult.TAG_TIMESTAMP)) != null && !verifyTimestamp(timestamp, rampartMessageData)) {
            throw new RampartException("cannotValidateTimestamp");
        }
    }

    protected void validateEncrSig(ValidatorData validatorData, List<WSEncryptionPart> list, List<WSEncryptionPart> list2, List<WSSecurityEngineResult> list3) throws RampartException {
        boolean z = false;
        boolean z2 = false;
        for (Integer num : getSigEncrActions(list3)) {
            if (num.intValue() == 2) {
                z = true;
            } else if (num.intValue() == 4) {
                z2 = true;
            }
        }
        RampartPolicyData policyData = validatorData.getRampartMessageData().getPolicyData();
        SupportingToken signedSupportingTokens = policyData.getSignedSupportingTokens();
        SupportingToken signedEndorsingSupportingTokens = policyData.getSignedEndorsingSupportingTokens();
        if (z && list2.size() == 0 && ((signedSupportingTokens == null || signedSupportingTokens.getTokens().size() == 0) && (signedEndorsingSupportingTokens == null || signedEndorsingSupportingTokens.getTokens().size() == 0))) {
            throw new RampartException("unexprectedSignature");
        }
        if (!z && list2.size() > 0) {
            throw new RampartException("signatureMissing");
        }
        if (!z2 || list.size() != 0) {
            if (!z2 && list.size() > 0) {
                throw new RampartException("encryptionMissing");
            }
            return;
        }
        boolean z3 = false;
        Iterator<WSSecurityEngineResult> it = getResults(list3, 4).iterator();
        while (it.hasNext()) {
            ArrayList arrayList = (ArrayList) it.next().get(WSSecurityEngineResult.TAG_DATA_REF_URIS);
            if (arrayList != null && arrayList.size() != 0) {
                z3 = true;
            }
        }
        if (z3 && !isUsernameTokenPresent(validatorData)) {
            throw new RampartException("unexprectedEncryptedPart");
        }
    }

    protected void validateSupportingTokens(ValidatorData validatorData, List<WSSecurityEngineResult> list) throws RampartException {
        RampartPolicyData policyData = validatorData.getRampartMessageData().getPolicyData();
        Iterator<SupportingToken> it = policyData.getSupportingTokensList().iterator();
        while (it.hasNext()) {
            handleSupportingTokens(list, it.next());
        }
        handleSupportingTokens(list, policyData.getSignedSupportingTokens());
        handleSupportingTokens(list, policyData.getSignedEndorsingSupportingTokens());
        handleSupportingTokens(list, policyData.getEndorsingSupportingTokens());
    }

    protected void handleSupportingTokens(List<WSSecurityEngineResult> list, SupportingToken supportingToken) throws RampartException {
        if (supportingToken == null) {
            return;
        }
        Iterator<Token> it = supportingToken.getTokens().iterator();
        while (it.hasNext()) {
            Token next = it.next();
            if (next instanceof UsernameToken) {
                UsernameToken usernameToken = (UsernameToken) next;
                WSSecurityEngineResult fetchActionResult = WSSecurityUtil.fetchActionResult(list, 1);
                if (fetchActionResult == null && !usernameToken.isOptional()) {
                    throw new RampartException("usernameTokenMissing");
                }
                org.apache.ws.security.message.token.UsernameToken usernameToken2 = (org.apache.ws.security.message.token.UsernameToken) fetchActionResult.get(WSSecurityEngineResult.TAG_USERNAME_TOKEN);
                if (usernameToken.isNoPassword() && usernameToken2.getPassword() != null) {
                    throw new RampartException("invalidUsernameTokenType");
                }
                if (usernameToken.isHashPassword() && !usernameToken2.isHashed()) {
                    throw new RampartException("invalidUsernameTokenType");
                }
                if (!usernameToken.isHashPassword() && (usernameToken2.getPassword() == null || !usernameToken2.getPasswordType().equals(WSConstants.PASSWORD_TEXT))) {
                    throw new RampartException("invalidUsernameTokenType");
                }
            } else if (next instanceof IssuedToken) {
                WSSecurityEngineResult fetchActionResult2 = WSSecurityUtil.fetchActionResult(list, 16);
                if (fetchActionResult2 == null) {
                    log.debug("No signed SAMLToken found. Looking for unsigned SAMLTokens");
                    fetchActionResult2 = WSSecurityUtil.fetchActionResult(list, 8);
                }
                if (fetchActionResult2 == null) {
                    throw new RampartException("samlTokenMissing");
                }
            } else if (next instanceof X509Token) {
                X509Token x509Token = (X509Token) next;
                if (WSSecurityUtil.fetchActionResult(list, 4096) == null && !x509Token.isOptional()) {
                    throw new RampartException("binaryTokenMissing");
                }
            } else {
                continue;
            }
        }
    }

    protected void validateProtectionOrder(ValidatorData validatorData, List<WSSecurityEngineResult> list) throws RampartException {
        String protectionOrder = validatorData.getRampartMessageData().getPolicyData().getProtectionOrder();
        List<Integer> sigEncrActions = getSigEncrActions(list);
        if (sigEncrActions.size() < 2) {
            return;
        }
        boolean z = true;
        boolean z2 = true;
        for (Integer num : sigEncrActions) {
            if (num.intValue() == 2) {
                z = false;
            } else if (num.intValue() == 4) {
                z2 = false;
            }
        }
        if (z || z2) {
            return;
        }
        boolean z3 = false;
        if (!"SignBeforeEncrypting".equals(protectionOrder)) {
            boolean z4 = false;
            for (Integer num2 : sigEncrActions) {
                if (num2.intValue() == 2 && !z4) {
                    break;
                }
                if (num2.intValue() == 4) {
                    z4 = true;
                } else if (z4) {
                    z3 = true;
                }
            }
        } else {
            boolean z5 = false;
            Iterator<Integer> it = sigEncrActions.iterator();
            while (true) {
                if (!it.hasNext() && z3) {
                    break;
                }
                Integer next = it.next();
                if (next.intValue() == 4 && !z5) {
                    break;
                }
                if (next.intValue() == 2) {
                    z5 = true;
                } else if (z5) {
                    z3 = true;
                }
            }
        }
        if (!z3) {
            throw new RampartException("protectionOrderMismatch");
        }
    }

    protected List<Integer> getSigEncrActions(List<WSSecurityEngineResult> list) {
        ArrayList arrayList = new ArrayList();
        Iterator<WSSecurityEngineResult> it = list.iterator();
        while (it.hasNext()) {
            Integer num = (Integer) it.next().get("action");
            if (2 == num.intValue() || 4 == num.intValue()) {
                arrayList.add(num);
            }
        }
        return arrayList;
    }

    protected void validateEncryptedParts(ValidatorData validatorData, List<WSEncryptionPart> list, List<WSSecurityEngineResult> list2) throws RampartException {
        RampartMessageData rampartMessageData = validatorData.getRampartMessageData();
        ArrayList encryptedReferences = getEncryptedReferences(list2);
        RampartPolicyData policyData = rampartMessageData.getPolicyData();
        SOAPEnvelope envelope = rampartMessageData.getMsgContext().getEnvelope();
        Set<OMNamespace> findAllPrefixNamespaces = RampartUtil.findAllPrefixNamespaces(envelope, policyData.getDeclaredNamespaces());
        HashMap hashMap = new HashMap();
        Iterator it = encryptedReferences.iterator();
        while (it.hasNext()) {
            WSDataRef wSDataRef = (WSDataRef) it.next();
            if (wSDataRef != null && wSDataRef.getXpath() != null) {
                try {
                    AXIOMXPath aXIOMXPath = new AXIOMXPath(wSDataRef.getXpath());
                    for (OMNamespace oMNamespace : findAllPrefixNamespaces) {
                        aXIOMXPath.addNamespace(oMNamespace.getPrefix(), oMNamespace.getNamespaceURI());
                    }
                    Iterator it2 = aXIOMXPath.selectNodes(envelope).iterator();
                    while (it2.hasNext()) {
                        hashMap.put(it2.next(), Boolean.valueOf(wSDataRef.isContent()));
                    }
                } catch (JaxenException e) {
                    throw new RampartException("An error occurred while searching for decrypted elements.", e);
                }
            }
        }
        if (policyData.isEncryptBody() && !policyData.isEncryptBodyOptional() && !isRefIdPresent(encryptedReferences, validatorData.getBodyEncrDataId())) {
            throw new RampartException("encryptedPartMissing", new String[]{validatorData.getBodyEncrDataId()});
        }
        for (WSEncryptionPart wSEncryptionPart : list) {
            if (!wSEncryptionPart.getName().equals("Body")) {
                if (("Signature".equals(wSEncryptionPart.getName()) && "http://www.w3.org/2000/09/xmldsig#".equals(wSEncryptionPart.getNamespace())) || wSEncryptionPart.getEncModifier().equals("Header")) {
                    if (!isRefIdPresent(encryptedReferences, new QName(wSEncryptionPart.getNamespace(), wSEncryptionPart.getName()))) {
                        throw new RampartException("encryptedPartMissing", new String[]{wSEncryptionPart.getNamespace() + ":" + wSEncryptionPart.getName()});
                    }
                } else {
                    String xpath = wSEncryptionPart.getXpath();
                    boolean z = false;
                    try {
                        AXIOMXPath aXIOMXPath2 = new AXIOMXPath(xpath);
                        for (OMNamespace oMNamespace2 : findAllPrefixNamespaces) {
                            aXIOMXPath2.addNamespace(oMNamespace2.getPrefix(), oMNamespace2.getNamespaceURI());
                        }
                        Iterator it3 = aXIOMXPath2.selectNodes(envelope).iterator();
                        while (true) {
                            if (!it3.hasNext()) {
                                break;
                            }
                            Object obj = hashMap.get(it3.next());
                            if (obj != null && (RampartConstants.XML_ENCRYPTION_MODIFIER_ELEMENT.equals(wSEncryptionPart.getEncModifier()) ^ ((Boolean) obj).booleanValue())) {
                                z = true;
                                break;
                            }
                        }
                        if (!z) {
                            throw new RampartException("encryptedPartMissing", new String[]{xpath});
                        }
                    } catch (JaxenException e2) {
                        throw new RampartException("An error occurred while searching for decrypted elements.", e2);
                    }
                }
            }
        }
    }

    public void validateRequiredElements(ValidatorData validatorData) throws RampartException {
        RampartMessageData rampartMessageData = validatorData.getRampartMessageData();
        RampartPolicyData policyData = rampartMessageData.getPolicyData();
        SOAPEnvelope envelope = rampartMessageData.getMsgContext().getEnvelope();
        for (String str : policyData.getRequiredElements()) {
            if (!RampartUtil.checkRequiredElements(envelope, policyData.getDeclaredNamespaces(), str)) {
                throw new RampartException("requiredElementsMissing", new String[]{str});
            }
        }
    }

    protected void validateSignedPartsHeaders(ValidatorData validatorData, List<WSEncryptionPart> list, List<WSSecurityEngineResult> list2) throws RampartException {
        RampartMessageData rampartMessageData = validatorData.getRampartMessageData();
        Node firstChild = rampartMessageData.getDocument().getFirstChild();
        WSSecurityEngineResult[] fetchActionResults = fetchActionResults(list2, 2);
        ArrayList arrayList = new ArrayList();
        if (fetchActionResults != null) {
            for (WSSecurityEngineResult wSSecurityEngineResult : fetchActionResults) {
                Iterator it = ((List) wSSecurityEngineResult.get(WSSecurityEngineResult.TAG_DATA_REF_URIS)).iterator();
                while (it.hasNext()) {
                    Element protectedElement = ((WSDataRef) it.next()).getProtectedElement();
                    if (protectedElement.getLocalName().equals("EncryptedHeader")) {
                        NodeList childNodes = protectedElement.getChildNodes();
                        int i = 0;
                        while (true) {
                            if (i >= childNodes.getLength()) {
                                break;
                            }
                            if (childNodes.item(i).getNodeType() == 1) {
                                arrayList.add(new QName(childNodes.item(i).getNamespaceURI(), childNodes.item(i).getLocalName()));
                                break;
                            }
                            i++;
                        }
                    } else {
                        arrayList.add(new QName(protectedElement.getNamespaceURI(), protectedElement.getLocalName()));
                    }
                }
            }
        }
        for (WSEncryptionPart wSEncryptionPart : list) {
            if (wSEncryptionPart.getName().equals("Body")) {
                if (!arrayList.contains("http://schemas.xmlsoap.org/soap/envelope/".equals(firstChild.getNamespaceURI()) ? new SOAP11Constants().getBodyQName() : new SOAP12Constants().getBodyQName()) && !rampartMessageData.getPolicyData().isSignBodyOptional()) {
                    throw new RampartException("bodyNotSigned");
                }
            } else if (wSEncryptionPart.getName().equals("Header") || wSEncryptionPart.getXpath() != null) {
                Element findElement = WSSecurityUtil.findElement(firstChild, wSEncryptionPart.getName(), wSEncryptionPart.getNamespace());
                if (findElement != null && !arrayList.contains(new QName(findElement.getNamespaceURI(), findElement.getLocalName()))) {
                    throw new RampartException(wSEncryptionPart.getXpath() != null ? "signedPartHeaderNotSigned" : "signedElementNotSigned", new String[]{wSEncryptionPart.getNamespace() + ":" + wSEncryptionPart.getName()});
                }
            }
        }
    }

    protected boolean isSignatureRequired(RampartMessageData rampartMessageData) {
        RampartPolicyData policyData = rampartMessageData.getPolicyData();
        return (policyData.isSymmetricBinding() && policyData.getSignatureToken() != null) || !(policyData.isSymmetricBinding() || policyData.isTransportBinding() || ((policyData.getInitiatorToken() == null || !rampartMessageData.isInitiator()) && (policyData.getRecipientToken() == null || rampartMessageData.isInitiator())));
    }

    protected boolean verifyTimestamp(Timestamp timestamp, RampartMessageData rampartMessageData) throws RampartException {
        long timestampMaxSkew = RampartUtil.getTimestampMaxSkew(rampartMessageData);
        Date created = timestamp.getCreated();
        if (created != null) {
            long timeInMillis = Calendar.getInstance().getTimeInMillis();
            if (timestampMaxSkew > 0) {
                timeInMillis += timestampMaxSkew * 1000;
            }
            if (created.getTime() > timeInMillis) {
                return false;
            }
        }
        Date expires = timestamp.getExpires();
        if (expires == null) {
            return true;
        }
        long timeInMillis2 = Calendar.getInstance().getTimeInMillis();
        if (timestampMaxSkew > 0) {
            timeInMillis2 -= timestampMaxSkew * 1000;
        }
        return expires.getTime() >= timeInMillis2;
    }

    protected boolean verifyTrust(X509Certificate x509Certificate, RampartMessageData rampartMessageData) throws RampartException {
        if (x509Certificate == null) {
            return false;
        }
        return isCertificateTrusted(x509Certificate, RampartUtil.getSignatureCrypto(rampartMessageData.getPolicyData().getRampartConfig(), rampartMessageData.getCustomClassLoader()));
    }

    protected boolean isCertificateTrusted(X509Certificate x509Certificate, Crypto crypto) throws RampartException {
        String name = x509Certificate.getSubjectX500Principal().getName();
        String name2 = x509Certificate.getIssuerX500Principal().getName();
        BigInteger serialNumber = x509Certificate.getSerialNumber();
        if (log.isDebugEnabled()) {
            log.debug("Transmitted certificate has subject " + name);
            log.debug("Transmitted certificate has issuer " + name2 + " (serial " + serialNumber + ")");
        }
        if (isCertificateInKeyStore(crypto, x509Certificate)) {
            return true;
        }
        CryptoType cryptoType = new CryptoType(CryptoType.TYPE.SUBJECT_DN);
        cryptoType.setSubjectDN(name2);
        X509Certificate[] x509CertificateArr = new X509Certificate[0];
        try {
            X509Certificate[] x509Certificates = crypto.getX509Certificates(cryptoType);
            if (x509Certificates == null || x509Certificates.length < 1) {
                if (!log.isDebugEnabled()) {
                    return false;
                }
                log.debug("No certs found in keystore for issuer " + name2 + " of certificate for " + name);
                return false;
            }
            if (log.isDebugEnabled()) {
                log.debug("Preparing to validate certificate path for issuer " + name2);
            }
            X509Certificate[] x509CertificateArr2 = new X509Certificate[x509Certificates.length + 1];
            x509CertificateArr2[0] = x509Certificate;
            for (int i = 0; i < x509Certificates.length; i++) {
                x509CertificateArr2[i + 1] = x509Certificates[i];
            }
            try {
                if (crypto.verifyTrust(x509CertificateArr2, false)) {
                    if (!log.isDebugEnabled()) {
                        return true;
                    }
                    log.debug("Certificate path has been verified for certificate with subject " + name);
                    return true;
                }
                if (!log.isDebugEnabled()) {
                    return false;
                }
                log.debug("Certificate path could not be verified for certificate with subject " + name);
                return false;
            } catch (WSSecurityException e) {
                throw new RampartException("certPathVerificationFailed", e);
            }
        } catch (WSSecurityException e2) {
            throw new RampartException("noCertForSubject", e2);
        }
    }

    protected boolean isCertificateInKeyStore(Crypto crypto, X509Certificate x509Certificate) throws RampartException {
        String name = x509Certificate.getIssuerX500Principal().getName();
        BigInteger serialNumber = x509Certificate.getSerialNumber();
        CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ISSUER_SERIAL);
        cryptoType.setIssuerSerial(name, serialNumber);
        X509Certificate[] x509CertificateArr = new X509Certificate[0];
        try {
            X509Certificate[] x509Certificates = crypto.getX509Certificates(cryptoType);
            if (x509Certificates == null || x509Certificates[0] == null || !x509Certificates[0].equals(x509Certificate)) {
                if (!log.isDebugEnabled()) {
                    return false;
                }
                log.debug("No certificate found for subject from issuer with " + name + " (serial " + serialNumber + ")");
                return false;
            }
            if (!log.isDebugEnabled()) {
                return true;
            }
            log.debug("Direct trust for certificate with " + x509Certificate.getSubjectX500Principal().getName());
            return true;
        } catch (WSSecurityException e) {
            throw new RampartException("noCertificatesForIssuer", new String[]{name, serialNumber.toString()}, e);
        }
    }

    protected ArrayList getEncryptedReferences(List<WSSecurityEngineResult> list) {
        List<WSSecurityEngineResult> results = getResults(list, 4);
        ArrayList arrayList = new ArrayList();
        Iterator<WSSecurityEngineResult> it = results.iterator();
        while (it.hasNext()) {
            ArrayList arrayList2 = (ArrayList) it.next().get(WSSecurityEngineResult.TAG_DATA_REF_URIS);
            if (arrayList2 != null) {
                Iterator it2 = arrayList2.iterator();
                while (it2.hasNext()) {
                    arrayList.add((WSDataRef) it2.next());
                }
            }
        }
        return arrayList;
    }

    protected List<WSSecurityEngineResult> getResults(List<WSSecurityEngineResult> list, int i) {
        ArrayList arrayList = new ArrayList();
        for (WSSecurityEngineResult wSSecurityEngineResult : list) {
            if (((Integer) wSSecurityEngineResult.get("action")).intValue() == i) {
                arrayList.add(wSSecurityEngineResult);
            }
        }
        return arrayList;
    }

    protected boolean isUsernameTokenPresent(ValidatorData validatorData) {
        RampartPolicyData policyData = validatorData.getRampartMessageData().getPolicyData();
        Iterator<SupportingToken> it = policyData.getSupportingTokensList().iterator();
        while (it.hasNext()) {
            if (isUsernameTokenPresent(it.next())) {
                return true;
            }
        }
        if (isUsernameTokenPresent(policyData.getSignedSupportingTokens()) || isUsernameTokenPresent(policyData.getSignedEndorsingSupportingTokens())) {
            return true;
        }
        return isUsernameTokenPresent(policyData.getEndorsingSupportingTokens());
    }

    protected boolean isUsernameTokenPresent(SupportingToken supportingToken) {
        if (supportingToken == null) {
            return false;
        }
        Iterator<Token> it = supportingToken.getTokens().iterator();
        while (it.hasNext()) {
            if (it.next() instanceof UsernameToken) {
                return true;
            }
        }
        return false;
    }

    private boolean isRefIdPresent(ArrayList arrayList, String str) {
        String wsuId;
        if (str != null && str.charAt(0) == '#') {
            str = str.substring(1);
        }
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            WSDataRef wSDataRef = (WSDataRef) it.next();
            if (wSDataRef != null && (wsuId = wSDataRef.getWsuId()) != null && wsuId.equals(str)) {
                return true;
            }
        }
        return false;
    }

    public static WSSecurityEngineResult[] fetchActionResults(List<WSSecurityEngineResult> list, int i) {
        ArrayList arrayList = new ArrayList();
        for (WSSecurityEngineResult wSSecurityEngineResult : list) {
            if (((Integer) wSSecurityEngineResult.get("action")).intValue() == i) {
                arrayList.add(wSSecurityEngineResult);
            }
        }
        return (WSSecurityEngineResult[]) arrayList.toArray(new WSSecurityEngineResult[arrayList.size()]);
    }

    private boolean isRefIdPresent(ArrayList arrayList, QName qName) {
        QName name;
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            WSDataRef wSDataRef = (WSDataRef) it.next();
            if (wSDataRef != null && (name = wSDataRef.getName()) != null && name.equals(qName)) {
                return true;
            }
        }
        return false;
    }
}
