package com.sun.xml.ws.security.impl.policyconv;

import com.sun.xml.ws.policy.PolicyAssertion;
import com.sun.xml.ws.policy.PolicyException;
import com.sun.xml.ws.security.impl.policy.PolicyUtil;
import com.sun.xml.ws.security.policy.AlgorithmSuite;
import com.sun.xml.ws.security.policy.Binding;
import com.sun.xml.ws.security.policy.EncryptedElements;
import com.sun.xml.ws.security.policy.EncryptedParts;
import com.sun.xml.ws.security.policy.SecurityPolicyVersion;
import com.sun.xml.ws.security.policy.SignedElements;
import com.sun.xml.ws.security.policy.SignedParts;
import com.sun.xml.ws.security.policy.SupportingTokens;
import com.sun.xml.ws.security.policy.Target;
import com.sun.xml.ws.security.policy.Token;
import com.sun.xml.ws.security.policy.UserNameToken;
import com.sun.xml.wss.impl.policy.SecurityPolicy;
import com.sun.xml.wss.impl.policy.mls.AuthenticationTokenPolicy;
import com.sun.xml.wss.impl.policy.mls.EncryptionPolicy;
import com.sun.xml.wss.impl.policy.mls.IssuedTokenKeyBinding;
import com.sun.xml.wss.impl.policy.mls.SignaturePolicy;
import com.sun.xml.wss.impl.policy.mls.SignatureTarget;
import com.sun.xml.wss.impl.policy.mls.WSSPolicy;
import java.util.ArrayList;
import java.util.Iterator;

/* loaded from: input_file:com/sun/xml/ws/security/impl/policyconv/SupportingTokensProcessor.class */
public class SupportingTokensProcessor {
    protected TokenProcessor tokenProcessor;
    protected SignatureTargetCreator stc;
    protected EncryptionTargetCreator etc;
    protected Binding binding;
    protected XWSSPolicyContainer policyContainer;
    protected SignaturePolicy signaturePolicy;
    protected EncryptionPolicy encryptionPolicy;
    protected SupportingTokens st;
    protected IntegrityAssertionProcessor iAP;
    protected EncryptionAssertionProcessor eAP;
    protected ArrayList<SignaturePolicy> spList;
    protected ArrayList<EncryptionPolicy> epList;
    protected SignedParts emptySP;
    protected boolean buildSP;
    protected boolean buildEP;
    protected PolicyID pid;

    protected SupportingTokensProcessor() {
        this.tokenProcessor = null;
        this.stc = null;
        this.etc = null;
        this.binding = null;
        this.policyContainer = null;
        this.signaturePolicy = null;
        this.encryptionPolicy = null;
        this.st = null;
        this.iAP = null;
        this.eAP = null;
        this.spList = null;
        this.epList = null;
        this.emptySP = null;
        this.buildSP = false;
        this.buildEP = false;
        this.pid = null;
    }

    public SupportingTokensProcessor(SupportingTokens supportingTokens, TokenProcessor tokenProcessor, Binding binding, XWSSPolicyContainer xWSSPolicyContainer, SignaturePolicy signaturePolicy, EncryptionPolicy encryptionPolicy, PolicyID policyID) {
        this.tokenProcessor = null;
        this.stc = null;
        this.etc = null;
        this.binding = null;
        this.policyContainer = null;
        this.signaturePolicy = null;
        this.encryptionPolicy = null;
        this.st = null;
        this.iAP = null;
        this.eAP = null;
        this.spList = null;
        this.epList = null;
        this.emptySP = null;
        this.buildSP = false;
        this.buildEP = false;
        this.pid = null;
        this.st = supportingTokens;
        this.tokenProcessor = tokenProcessor;
        this.binding = binding;
        this.pid = policyID;
        this.policyContainer = xWSSPolicyContainer;
        this.encryptionPolicy = encryptionPolicy;
        this.signaturePolicy = signaturePolicy;
        AlgorithmSuite algorithmSuite = supportingTokens.getAlgorithmSuite();
        algorithmSuite = algorithmSuite == null ? binding.getAlgorithmSuite() : algorithmSuite;
        this.iAP = new IntegrityAssertionProcessor(algorithmSuite, binding.isSignContent());
        this.eAP = new EncryptionAssertionProcessor(algorithmSuite, false);
        this.stc = this.iAP.getTargetCreator();
        this.etc = this.eAP.getTargetCreator();
        this.emptySP = getEmptySignedParts(supportingTokens.getSignedParts());
    }

    public void process() throws PolicyException {
        Iterator tokens = this.st.getTokens();
        if (this.st.getEncryptedParts().hasNext() || this.st.getEncryptedElements().hasNext()) {
            this.buildEP = true;
        }
        if (this.st.getSignedElements().hasNext() || this.st.getSignedParts().hasNext()) {
            this.buildSP = true;
        }
        while (tokens.hasNext()) {
            PolicyAssertion policyAssertion = (Token) tokens.next();
            SecurityPolicyVersion sPVersion = SecurityPolicyUtil.getSPVersion(policyAssertion);
            IssuedTokenKeyBinding wSSToken = this.tokenProcessor.getWSSToken(policyAssertion);
            if (PolicyUtil.isIssuedToken(policyAssertion, sPVersion) && (this instanceof EndorsingSupportingTokensProcessor)) {
                wSSToken.setSTRID((String) null);
            }
            if (wSSToken.getUUID() != null) {
                addToPrimarySignature(wSSToken, policyAssertion);
                encryptToken(policyAssertion, sPVersion);
                if (PolicyUtil.isSamlToken(policyAssertion, sPVersion)) {
                    correctSAMLBinding(wSSToken);
                }
                collectSignaturePolicies(policyAssertion);
                if (this.buildEP) {
                    EncryptionPolicy encryptionPolicy = new EncryptionPolicy();
                    encryptionPolicy.setKeyBinding(wSSToken);
                    getEPList().add(encryptionPolicy);
                }
            }
            SecurityPolicy authenticationTokenPolicy = new AuthenticationTokenPolicy();
            authenticationTokenPolicy.setFeatureBinding(wSSToken);
            this.policyContainer.insert(authenticationTokenPolicy);
            addTargets();
        }
    }

    protected void collectSignaturePolicies(Token token) throws PolicyException {
        if (this.buildSP) {
            createSupportingSignature(token);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void createSupportingSignature(Token token) throws PolicyException {
        WSSPolicy signaturePolicy = new SignaturePolicy();
        signaturePolicy.setUUID(this.pid.generateID());
        this.tokenProcessor.addKeyBinding(signaturePolicy, token, true);
        if (this.binding.getTokenProtection()) {
            protectToken((WSSPolicy) signaturePolicy.getKeyBinding(), signaturePolicy);
        }
        SignaturePolicy.FeatureBinding featureBinding = signaturePolicy.getFeatureBinding();
        AlgorithmSuite algorithmSuite = this.st.getAlgorithmSuite();
        if (algorithmSuite == null) {
            algorithmSuite = this.binding.getAlgorithmSuite();
        }
        SecurityPolicyUtil.setCanonicalizationMethod(featureBinding, algorithmSuite);
        getSPList().add(signaturePolicy);
        endorseSignature(signaturePolicy);
    }

    protected void addToPrimarySignature(WSSPolicy wSSPolicy, Token token) throws PolicyException {
    }

    protected void endorseSignature(SignaturePolicy signaturePolicy) {
    }

    protected ArrayList<SignaturePolicy> getSPList() {
        if (this.spList == null) {
            this.spList = new ArrayList<>();
        }
        return this.spList;
    }

    protected ArrayList<EncryptionPolicy> getEPList() {
        if (this.epList == null) {
            this.epList = new ArrayList<>();
        }
        return this.epList;
    }

    protected void encryptToken(Token token, SecurityPolicyVersion securityPolicyVersion) throws PolicyException {
        if (!PolicyUtil.isUsernameToken((PolicyAssertion) token, securityPolicyVersion) || !((UserNameToken) token).hasPassword() || ((UserNameToken) token).useHashPassword() || token.getTokenId() == null) {
            return;
        }
        this.encryptionPolicy.getFeatureBinding().addTargetBinding(this.etc.newURIEncryptionTarget(token.getTokenId()));
    }

    protected SignedParts getEmptySignedParts(Iterator it) {
        while (it.hasNext()) {
            PolicyAssertion policyAssertion = (Target) it.next();
            if (PolicyUtil.isSignedParts(policyAssertion, SecurityPolicyUtil.getSPVersion(policyAssertion)) && SecurityPolicyUtil.isSignedPartsEmpty((SignedParts) policyAssertion)) {
                return (SignedParts) policyAssertion;
            }
        }
        return null;
    }

    protected void addTargets() {
        if (this.binding.getProtectionOrder() == "SignBeforeEncrypting") {
            if (this.spList != null) {
                populateSignaturePolicy();
            }
            if (this.epList != null) {
                populateEncryptionPolicy();
                return;
            }
            return;
        }
        if (this.epList != null) {
            populateEncryptionPolicy();
        }
        if (this.spList != null) {
            populateSignaturePolicy();
        }
    }

    protected void populateSignaturePolicy() {
        Iterator<SignaturePolicy> it = this.spList.iterator();
        while (it.hasNext()) {
            SecurityPolicy securityPolicy = (SignaturePolicy) it.next();
            SignaturePolicy.FeatureBinding featureBinding = securityPolicy.getFeatureBinding();
            if (this.emptySP != null) {
                this.iAP.process(this.emptySP, featureBinding);
            } else {
                Iterator<SignedParts> signedParts = this.st.getSignedParts();
                while (signedParts.hasNext()) {
                    this.iAP.process(signedParts.next(), featureBinding);
                }
            }
            Iterator<SignedElements> signedElements = this.st.getSignedElements();
            while (signedElements.hasNext()) {
                this.iAP.process(signedElements.next(), featureBinding);
            }
            this.policyContainer.insert(securityPolicy);
        }
    }

    protected void populateEncryptionPolicy() {
        Iterator<EncryptionPolicy> it = this.epList.iterator();
        while (it.hasNext()) {
            SecurityPolicy securityPolicy = (EncryptionPolicy) it.next();
            EncryptionPolicy.FeatureBinding featureBinding = securityPolicy.getFeatureBinding();
            Iterator<EncryptedElements> encryptedElements = this.st.getEncryptedElements();
            while (encryptedElements.hasNext()) {
                this.eAP.process(encryptedElements.next(), featureBinding);
            }
            Iterator<EncryptedParts> encryptedParts = this.st.getEncryptedParts();
            while (encryptedParts.hasNext()) {
                this.eAP.process(encryptedParts.next(), featureBinding);
            }
            this.policyContainer.insert(securityPolicy);
        }
    }

    protected void protectToken(WSSPolicy wSSPolicy, SignaturePolicy signaturePolicy) {
        String uuid = wSSPolicy.getUUID();
        if (uuid != null) {
            SignatureTargetCreator targetCreator = this.iAP.getTargetCreator();
            SignatureTarget newURISignatureTarget = targetCreator.newURISignatureTarget(uuid);
            targetCreator.addTransform(newURISignatureTarget);
            SecurityPolicyUtil.setName(newURISignatureTarget, wSSPolicy);
            targetCreator.addSTRTransform(newURISignatureTarget);
            signaturePolicy.getFeatureBinding().addTargetBinding(newURISignatureTarget);
        }
    }

    protected void correctSAMLBinding(WSSPolicy wSSPolicy) {
    }
}
