package org.apache.cxf.ws.security.wss4j.policyvalidators;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Map;
import javax.xml.xpath.XPath;
import javax.xml.xpath.XPathFactory;
import org.apache.cxf.helpers.MapNamespaceContext;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.security.wss4j.CryptoCoverageUtil;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.dom.WSDataRef;
import org.apache.wss4j.policy.SP11Constants;
import org.apache.wss4j.policy.SP12Constants;
import org.apache.wss4j.policy.model.RequiredElements;
import org.w3c.dom.Element;

/* loaded from: input_file:lib/cxf-rt-ws-security-3.1.13.jar:org/apache/cxf/ws/security/wss4j/policyvalidators/SecuredElementsPolicyValidator.class */
public class SecuredElementsPolicyValidator implements SecurityPolicyValidator {
    private CryptoCoverageUtil.CoverageType coverageType = CryptoCoverageUtil.CoverageType.ENCRYPTED;
    private CryptoCoverageUtil.CoverageScope coverageScope = CryptoCoverageUtil.CoverageScope.ELEMENT;

    @Override // org.apache.cxf.ws.security.wss4j.policyvalidators.SecurityPolicyValidator
    public boolean canValidatePolicy(AssertionInfo assertionInfo) {
        return this.coverageType == CryptoCoverageUtil.CoverageType.SIGNED ? assertionInfo.getAssertion() != null && (SP12Constants.SIGNED_ELEMENTS.equals(assertionInfo.getAssertion().getName()) || SP11Constants.SIGNED_ELEMENTS.equals(assertionInfo.getAssertion().getName())) : this.coverageScope == CryptoCoverageUtil.CoverageScope.CONTENT ? assertionInfo.getAssertion() != null && (SP12Constants.CONTENT_ENCRYPTED_ELEMENTS.equals(assertionInfo.getAssertion().getName()) || SP11Constants.CONTENT_ENCRYPTED_ELEMENTS.equals(assertionInfo.getAssertion().getName())) : assertionInfo.getAssertion() != null && (SP12Constants.ENCRYPTED_ELEMENTS.equals(assertionInfo.getAssertion().getName()) || SP11Constants.ENCRYPTED_ELEMENTS.equals(assertionInfo.getAssertion().getName()));
    }

    @Override // org.apache.cxf.ws.security.wss4j.policyvalidators.SecurityPolicyValidator
    public void validatePolicies(PolicyValidatorParameters policyValidatorParameters, Collection<AssertionInfo> collection) {
        XPath newXPath = XPathFactory.newInstance().newXPath();
        Element documentElement = policyValidatorParameters.getSoapHeader().getOwnerDocument().getDocumentElement();
        Collection<WSDataRef> encrypted = policyValidatorParameters.getEncrypted();
        if (this.coverageType == CryptoCoverageUtil.CoverageType.SIGNED) {
            encrypted = policyValidatorParameters.getSigned();
        }
        for (AssertionInfo assertionInfo : collection) {
            RequiredElements requiredElements = (RequiredElements) assertionInfo.getAssertion();
            assertionInfo.setAsserted(true);
            if (requiredElements != null && requiredElements.getXPaths() != null && !requiredElements.getXPaths().isEmpty()) {
                ArrayList arrayList = new ArrayList();
                MapNamespaceContext mapNamespaceContext = new MapNamespaceContext();
                for (org.apache.wss4j.policy.model.XPath xPath : requiredElements.getXPaths()) {
                    arrayList.add(xPath.getXPath());
                    Map<String, String> prefixNamespaceMap = xPath.getPrefixNamespaceMap();
                    if (prefixNamespaceMap != null) {
                        mapNamespaceContext.addNamespaces(prefixNamespaceMap);
                    }
                }
                newXPath.setNamespaceContext(mapNamespaceContext);
                try {
                    CryptoCoverageUtil.checkCoverage(documentElement, encrypted, newXPath, arrayList, this.coverageType, this.coverageScope);
                } catch (WSSecurityException e) {
                    assertionInfo.setNotAsserted("No " + this.coverageType + " element found matching one of the XPaths " + Arrays.toString(arrayList.toArray()));
                }
            }
        }
    }

    public CryptoCoverageUtil.CoverageType getCoverageType() {
        return this.coverageType;
    }

    public void setCoverageType(CryptoCoverageUtil.CoverageType coverageType) {
        this.coverageType = coverageType;
    }

    public CryptoCoverageUtil.CoverageScope getCoverageScope() {
        return this.coverageScope;
    }

    public void setCoverageScope(CryptoCoverageUtil.CoverageScope coverageScope) {
        this.coverageScope = coverageScope;
    }
}
