package com.sun.xml.ws.security.impl.policyconv;

import com.sun.istack.NotNull;
import com.sun.xml.ws.policy.PolicyException;
import com.sun.xml.ws.security.policy.Binding;
import com.sun.xml.ws.security.policy.EncryptedElements;
import com.sun.xml.ws.security.policy.EncryptedParts;
import com.sun.xml.ws.security.policy.EncryptedSupportingTokens;
import com.sun.xml.ws.security.policy.EndorsingEncryptedSupportingTokens;
import com.sun.xml.ws.security.policy.EndorsingSupportingTokens;
import com.sun.xml.ws.security.policy.SignedElements;
import com.sun.xml.ws.security.policy.SignedEncryptedSupportingTokens;
import com.sun.xml.ws.security.policy.SignedEndorsingEncryptedSupportingTokens;
import com.sun.xml.ws.security.policy.SignedEndorsingSupportingTokens;
import com.sun.xml.ws.security.policy.SignedParts;
import com.sun.xml.ws.security.policy.SignedSupportingTokens;
import com.sun.xml.ws.security.policy.SupportingTokens;
import com.sun.xml.ws.security.policy.WSSAssertion;
import com.sun.xml.wss.impl.MessageConstants;
import com.sun.xml.wss.impl.PolicyTypeUtil;
import com.sun.xml.wss.impl.policy.mls.AuthenticationTokenPolicy;
import com.sun.xml.wss.impl.policy.mls.DerivedTokenKeyBinding;
import com.sun.xml.wss.impl.policy.mls.EncryptionPolicy;
import com.sun.xml.wss.impl.policy.mls.EncryptionTarget;
import com.sun.xml.wss.impl.policy.mls.IssuedTokenKeyBinding;
import com.sun.xml.wss.impl.policy.mls.KeyBindingBase;
import com.sun.xml.wss.impl.policy.mls.SignaturePolicy;
import com.sun.xml.wss.impl.policy.mls.SignatureTarget;
import com.sun.xml.wss.impl.policy.mls.Target;
import com.sun.xml.wss.impl.policy.mls.TimestampPolicy;
import com.sun.xml.wss.impl.policy.mls.WSSPolicy;
import java.util.Iterator;
import java.util.Vector;
import javax.xml.namespace.QName;

/* loaded from: input_file:WEB-INF/lib/wssx-impl-3.0.3.jar:com/sun/xml/ws/security/impl/policyconv/BindingProcessor.class */
public abstract class BindingProcessor {
    protected PolicyID pid;
    protected String protectionOrder = "SignBeforeEncrypting";
    protected boolean isServer = false;
    protected boolean isIncoming = false;
    protected SignaturePolicy primarySP = null;
    protected EncryptionPolicy primaryEP = null;
    protected EncryptionPolicy sEncPolicy = null;
    protected SignaturePolicy sSigPolicy = null;
    protected XWSSPolicyContainer container = null;
    protected Vector<SignedParts> signedParts = null;
    protected Vector<EncryptedParts> encryptedParts = null;
    protected Vector<SignedElements> signedElements = null;
    protected Vector<EncryptedElements> encryptedElements = null;
    protected TokenProcessor tokenProcessor = null;
    protected IntegrityAssertionProcessor iAP = null;
    protected EncryptionAssertionProcessor eAP = null;
    private WSSAssertion wss11 = null;
    private boolean isIssuedTokenAsEncryptedSupportingToken = false;
    protected boolean foundEncryptTargets = false;

    public BindingProcessor() {
        this.pid = null;
        this.pid = new PolicyID();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void protectPrimarySignature() throws PolicyException {
        if (this.primarySP == null) {
            return;
        }
        boolean z = (this.isServer && !this.isIncoming) || (!this.isServer && this.isIncoming);
        if ("EncryptBeforeSigning".equals(this.protectionOrder)) {
            EncryptionPolicy.FeatureBinding featureBinding = (EncryptionPolicy.FeatureBinding) getSecondaryEncryptionPolicy().getFeatureBinding();
            EncryptionTarget newURIEncryptionTarget = this.eAP.getTargetCreator().newURIEncryptionTarget(this.primarySP.getUUID());
            SecurityPolicyUtil.setName(newURIEncryptionTarget, this.primarySP);
            featureBinding.addTargetBinding(newURIEncryptionTarget);
            if (this.foundEncryptTargets && isWSS11() && requireSC() && z && getBinding().getSignatureProtection()) {
                this.eAP.process(Target.SIGNATURE_CONFIRMATION, featureBinding);
                return;
            }
            return;
        }
        EncryptionPolicy.FeatureBinding featureBinding2 = (EncryptionPolicy.FeatureBinding) this.primaryEP.getFeatureBinding();
        EncryptionTarget newURIEncryptionTarget2 = this.eAP.getTargetCreator().newURIEncryptionTarget(this.primarySP.getUUID());
        SecurityPolicyUtil.setName(newURIEncryptionTarget2, this.primarySP);
        featureBinding2.addTargetBinding(newURIEncryptionTarget2);
        if (this.foundEncryptTargets && isWSS11() && requireSC() && z && getBinding().getSignatureProtection()) {
            this.eAP.process(Target.SIGNATURE_CONFIRMATION, featureBinding2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void protectTimestamp(TimestampPolicy timestampPolicy) {
        if (this.primarySP != null) {
            SignatureTarget newURISignatureTarget = this.iAP.getTargetCreator().newURISignatureTarget(timestampPolicy.getUUID());
            this.iAP.getTargetCreator().addTransform(newURISignatureTarget);
            SecurityPolicyUtil.setName(newURISignatureTarget, timestampPolicy);
            ((SignaturePolicy.FeatureBinding) this.primarySP.getFeatureBinding()).addTargetBinding(newURISignatureTarget);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void protectToken(WSSPolicy wSSPolicy) {
        if (this.primarySP == null) {
            return;
        }
        if (!(this.isServer && this.isIncoming) && (this.isServer || this.isIncoming)) {
            return;
        }
        protectToken(wSSPolicy, false);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void protectToken(@NotNull WSSPolicy wSSPolicy, boolean z) {
        String uuid = wSSPolicy.getUUID();
        String str = null;
        String includeToken = ((KeyBindingBase) wSSPolicy).getIncludeToken();
        boolean z2 = false;
        QName qName = null;
        if (includeToken.endsWith("Always") || includeToken.endsWith("AlwaysToRecipient") || includeToken.endsWith("Once")) {
            z2 = true;
        }
        if (PolicyTypeUtil.usernameTokenBinding(wSSPolicy)) {
            str = ((AuthenticationTokenPolicy.UsernameTokenBinding) wSSPolicy).getUUID();
            if (str == null) {
                str = this.pid.generateID();
                ((AuthenticationTokenPolicy.UsernameTokenBinding) wSSPolicy).setSTRID(str);
            }
            z2 = true;
            qName = new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "UsernameToken");
        } else if (PolicyTypeUtil.x509CertificateBinding(wSSPolicy)) {
            str = ((AuthenticationTokenPolicy.X509CertificateBinding) wSSPolicy).getSTRID();
            if (str == null) {
                str = this.pid.generateID();
                ((AuthenticationTokenPolicy.X509CertificateBinding) wSSPolicy).setSTRID(str);
            }
            qName = new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", MessageConstants.WSSE_BINARY_SECURITY_TOKEN_LNAME);
        } else if (PolicyTypeUtil.samlTokenPolicy(wSSPolicy)) {
            str = generateSAMLSTRID();
            ((AuthenticationTokenPolicy.SAMLAssertionBinding) wSSPolicy).setSTRID(str);
            qName = new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", MessageConstants.SAML_ASSERTION_LNAME);
        } else if (PolicyTypeUtil.issuedTokenKeyBinding(wSSPolicy)) {
            IssuedTokenKeyBinding issuedTokenKeyBinding = (IssuedTokenKeyBinding) wSSPolicy;
            str = issuedTokenKeyBinding.getSTRID();
            if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1".equals(issuedTokenKeyBinding.getTokenType()) || "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0".equals(issuedTokenKeyBinding.getTokenType())) {
                str = generateSAMLSTRID();
                issuedTokenKeyBinding.setSTRID(str);
                uuid = str;
            }
            if (str == null) {
                str = this.pid.generateID();
                issuedTokenKeyBinding.setSTRID(str);
            }
        } else if (PolicyTypeUtil.secureConversationTokenKeyBinding(wSSPolicy)) {
        }
        if (includeToken.endsWith("Never") || PolicyTypeUtil.samlTokenPolicy(wSSPolicy) || PolicyTypeUtil.issuedTokenKeyBinding(wSSPolicy)) {
            uuid = str;
        }
        if (z) {
            SignatureTargetCreator targetCreator = this.iAP.getTargetCreator();
            SignatureTarget newURISignatureTarget = PolicyTypeUtil.derivedTokenKeyBinding(wSSPolicy) ? PolicyTypeUtil.symmetricKeyBinding(((DerivedTokenKeyBinding) wSSPolicy).getOriginalKeyBinding()) ? targetCreator.newURISignatureTarget(uuid) : targetCreator.newURISignatureTarget(uuid) : targetCreator.newURISignatureTarget(uuid);
            if (newURISignatureTarget != null) {
                if (!z2) {
                    targetCreator.addSTRTransform(newURISignatureTarget);
                    newURISignatureTarget.setPolicyQName(qName);
                } else {
                    targetCreator.addTransform(newURISignatureTarget);
                }
                ((SignaturePolicy.FeatureBinding) this.primarySP.getFeatureBinding()).addTargetBinding(newURISignatureTarget);
                return;
            }
            return;
        }
        if (uuid != null) {
            SignatureTargetCreator targetCreator2 = this.iAP.getTargetCreator();
            SignatureTarget newURISignatureTarget2 = targetCreator2.newURISignatureTarget(uuid);
            if (!z2) {
                targetCreator2.addSTRTransform(newURISignatureTarget2);
                newURISignatureTarget2.setPolicyQName(qName);
            } else {
                targetCreator2.addTransform(newURISignatureTarget2);
            }
            ((SignaturePolicy.FeatureBinding) this.primarySP.getFeatureBinding()).addTargetBinding(newURISignatureTarget2);
        }
    }

    protected abstract EncryptionPolicy getSecondaryEncryptionPolicy() throws PolicyException;

    private String generateSAMLSTRID() {
        return "SAML" + this.pid.generateID();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addPrimaryTargets() throws PolicyException {
        SignaturePolicy.FeatureBinding featureBinding = null;
        if (this.primarySP != null) {
            featureBinding = (SignaturePolicy.FeatureBinding) this.primarySP.getFeatureBinding();
        }
        EncryptionPolicy.FeatureBinding featureBinding2 = null;
        if (this.primaryEP != null) {
            featureBinding2 = (EncryptionPolicy.FeatureBinding) this.primaryEP.getFeatureBinding();
        }
        if (featureBinding != null) {
            if (featureBinding.getCanonicalizationAlgorithm() == null || featureBinding.getCanonicalizationAlgorithm().equals("")) {
                featureBinding.setCanonicalizationAlgorithm("http://www.w3.org/2001/10/xml-exc-c14n#");
            }
            Iterator<SignedElements> it = this.signedElements.iterator();
            while (it.hasNext()) {
                this.iAP.process(it.next(), featureBinding);
            }
            Iterator<SignedParts> it2 = this.signedParts.iterator();
            while (true) {
                if (!it2.hasNext()) {
                    break;
                }
                SignedParts next = it2.next();
                if (SecurityPolicyUtil.isSignedPartsEmpty(next)) {
                    this.signedParts.removeAllElements();
                    this.signedParts.add(next);
                    break;
                }
            }
            Iterator<SignedParts> it3 = this.signedParts.iterator();
            while (it3.hasNext()) {
                this.iAP.process(it3.next(), featureBinding);
            }
            if (isWSS11() && requireSC()) {
                this.iAP.process(Target.SIGNATURE_CONFIRMATION, featureBinding);
            }
        }
        if (featureBinding2 != null) {
            Iterator<EncryptedParts> it4 = this.encryptedParts.iterator();
            while (it4.hasNext()) {
                EncryptedParts next2 = it4.next();
                this.foundEncryptTargets = true;
                this.eAP.process(next2, featureBinding2);
            }
            Iterator<EncryptedElements> it5 = this.encryptedElements.iterator();
            while (it5.hasNext()) {
                EncryptedElements next3 = it5.next();
                this.foundEncryptTargets = true;
                this.eAP.process(next3, featureBinding2);
            }
        }
    }

    protected boolean requireSC() {
        return (this.wss11 == null || this.wss11.getRequiredProperties() == null || !this.wss11.getRequiredProperties().contains("RequireSignatureConfirmation")) ? false : true;
    }

    protected abstract Binding getBinding();

    public void processSupportingTokens(SupportingTokens supportingTokens) throws PolicyException {
        new SupportingTokensProcessor(supportingTokens, this.tokenProcessor, getBinding(), this.container, this.primarySP, getEncryptionPolicy(), this.pid).process();
    }

    public void processSupportingTokens(SignedSupportingTokens signedSupportingTokens) throws PolicyException {
        new SignedSupportingTokensProcessor(signedSupportingTokens, this.tokenProcessor, getBinding(), this.container, this.primarySP, getEncryptionPolicy(), this.pid).process();
    }

    public void processSupportingTokens(EndorsingSupportingTokens endorsingSupportingTokens) throws PolicyException {
        new EndorsingSupportingTokensProcessor(endorsingSupportingTokens, this.tokenProcessor, getBinding(), this.container, this.primarySP, getEncryptionPolicy(), this.pid).process();
    }

    public void processSupportingTokens(SignedEndorsingSupportingTokens signedEndorsingSupportingTokens) throws PolicyException {
        new SignedEndorsingSupportingTokensProcessor(signedEndorsingSupportingTokens, this.tokenProcessor, getBinding(), this.container, this.primarySP, getEncryptionPolicy(), this.pid).process();
    }

    public void processSupportingTokens(SignedEncryptedSupportingTokens signedEncryptedSupportingTokens) throws PolicyException {
        SignedEncryptedSupportingTokensProcessor signedEncryptedSupportingTokensProcessor = new SignedEncryptedSupportingTokensProcessor(signedEncryptedSupportingTokens, this.tokenProcessor, getBinding(), this.container, this.primarySP, getEncryptionPolicy(), this.pid);
        signedEncryptedSupportingTokensProcessor.process();
        isIssuedTokenAsEncryptedSupportingToken(signedEncryptedSupportingTokensProcessor.isIssuedTokenAsEncryptedSupportingToken());
    }

    public void processSupportingTokens(EncryptedSupportingTokens encryptedSupportingTokens) throws PolicyException {
        EncryptedSupportingTokensProcessor encryptedSupportingTokensProcessor = new EncryptedSupportingTokensProcessor(encryptedSupportingTokens, this.tokenProcessor, getBinding(), this.container, this.primarySP, getEncryptionPolicy(), this.pid);
        encryptedSupportingTokensProcessor.process();
        isIssuedTokenAsEncryptedSupportingToken(encryptedSupportingTokensProcessor.isIssuedTokenAsEncryptedSupportingToken());
    }

    public void processSupportingTokens(EndorsingEncryptedSupportingTokens endorsingEncryptedSupportingTokens) throws PolicyException {
        EndorsingEncryptedSupportingTokensProcessor endorsingEncryptedSupportingTokensProcessor = new EndorsingEncryptedSupportingTokensProcessor(endorsingEncryptedSupportingTokens, this.tokenProcessor, getBinding(), this.container, this.primarySP, getEncryptionPolicy(), this.pid);
        endorsingEncryptedSupportingTokensProcessor.process();
        isIssuedTokenAsEncryptedSupportingToken(endorsingEncryptedSupportingTokensProcessor.isIssuedTokenAsEncryptedSupportingToken());
    }

    public void processSupportingTokens(SignedEndorsingEncryptedSupportingTokens signedEndorsingEncryptedSupportingTokens) throws PolicyException {
        SignedEndorsingEncryptedSupportingTokensProcessor signedEndorsingEncryptedSupportingTokensProcessor = new SignedEndorsingEncryptedSupportingTokensProcessor(signedEndorsingEncryptedSupportingTokens, this.tokenProcessor, getBinding(), this.container, this.primarySP, getEncryptionPolicy(), this.pid);
        signedEndorsingEncryptedSupportingTokensProcessor.process();
        isIssuedTokenAsEncryptedSupportingToken(signedEndorsingEncryptedSupportingTokensProcessor.isIssuedTokenAsEncryptedSupportingToken());
    }

    protected SignaturePolicy getSignaturePolicy() {
        return "SignBeforeEncrypting".equals(getBinding().getProtectionOrder()) ? this.primarySP : this.sSigPolicy;
    }

    private EncryptionPolicy getEncryptionPolicy() throws PolicyException {
        return "SignBeforeEncrypting".equals(getBinding().getProtectionOrder()) ? this.primaryEP : getSecondaryEncryptionPolicy();
    }

    protected abstract void close();

    public boolean isWSS11() {
        return this.wss11 != null;
    }

    public void setWSS11(WSSAssertion wSSAssertion) {
        this.wss11 = wSSAssertion;
    }

    public boolean isIssuedTokenAsEncryptedSupportingToken() {
        return this.isIssuedTokenAsEncryptedSupportingToken;
    }

    private void isIssuedTokenAsEncryptedSupportingToken(boolean z) {
        this.isIssuedTokenAsEncryptedSupportingToken = z;
    }
}
