package org.apache.wss4j.stax.impl;

import java.util.ArrayDeque;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Deque;
import java.util.Iterator;
import java.util.List;
import javax.xml.namespace.QName;
import org.apache.wss4j.common.bsp.BSPRule;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.stax.ext.WSInboundSecurityContext;
import org.apache.wss4j.stax.ext.WSSConstants;
import org.apache.wss4j.stax.ext.WSSUtils;
import org.apache.wss4j.stax.securityEvent.HttpsTokenSecurityEvent;
import org.apache.wss4j.stax.securityEvent.WSSecurityEventConstants;
import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.impl.InboundSecurityContextImpl;
import org.apache.xml.security.stax.securityEvent.AlgorithmSuiteSecurityEvent;
import org.apache.xml.security.stax.securityEvent.ContentEncryptedElementSecurityEvent;
import org.apache.xml.security.stax.securityEvent.EncryptedElementSecurityEvent;
import org.apache.xml.security.stax.securityEvent.SecurityEvent;
import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;
import org.apache.xml.security.stax.securityEvent.SignedElementSecurityEvent;
import org.apache.xml.security.stax.securityEvent.TokenSecurityEvent;
import org.apache.xml.security.stax.securityToken.InboundSecurityToken;
import org.apache.xml.security.stax.securityToken.SecurityToken;
import org.apache.xml.security.stax.securityToken.SecurityTokenConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.2.1.redhat-090.zip:modules/system/layers/fuse/org/apache/ws/security/2.0/wss4j-ws-security-stax-2.0.3.jar:org/apache/wss4j/stax/impl/InboundWSSecurityContextImpl.class */
public class InboundWSSecurityContextImpl extends InboundSecurityContextImpl implements WSInboundSecurityContext {
    private static final Logger LOG = LoggerFactory.getLogger(InboundWSSecurityContextImpl.class);
    private boolean disableBSPEnforcement;
    private final Deque<SecurityEvent> securityEventQueue = new ArrayDeque();
    private boolean operationSecurityEventOccured = false;
    private boolean messageEncryptionTokenOccured = false;
    private boolean allowRSA15KeyTransportAlgorithm = false;
    private List<BSPRule> ignoredBSPRules = Collections.emptyList();

    @Override // org.apache.xml.security.stax.impl.AbstractSecurityContextImpl, org.apache.xml.security.stax.securityEvent.SecurityEventListener
    public synchronized void registerSecurityEvent(SecurityEvent securityEvent) throws XMLSecurityException {
        if (WSSecurityEventConstants.AlgorithmSuite.equals(securityEvent.getSecurityEventType())) {
            forwardSecurityEvent(securityEvent);
            return;
        }
        if (this.operationSecurityEventOccured) {
            if (!this.messageEncryptionTokenOccured && (securityEvent instanceof TokenSecurityEvent)) {
                TokenSecurityEvent tokenSecurityEvent = (TokenSecurityEvent) securityEvent;
                if (((InboundSecurityToken) tokenSecurityEvent.getSecurityToken()).getTokenUsages().contains(WSSecurityTokenConstants.TokenUsage_Encryption)) {
                    TokenSecurityEvent<? extends InboundSecurityToken> createTokenSecurityEvent = WSSUtils.createTokenSecurityEvent((InboundSecurityToken) WSSUtils.getRootToken(tokenSecurityEvent.getSecurityToken()), tokenSecurityEvent.getCorrelationID());
                    setTokenUsage(createTokenSecurityEvent, WSSecurityTokenConstants.TokenUsage_MainEncryption);
                    securityEvent = createTokenSecurityEvent;
                    this.messageEncryptionTokenOccured = true;
                }
            }
            forwardSecurityEvent(securityEvent);
            return;
        }
        if (!WSSecurityEventConstants.Operation.equals(securityEvent.getSecurityEventType())) {
            this.securityEventQueue.push(securityEvent);
            return;
        }
        this.operationSecurityEventOccured = true;
        identifySecurityTokenDepenedenciesAndUsage(this.securityEventQueue);
        Iterator<SecurityEvent> descendingIterator = this.securityEventQueue.descendingIterator();
        while (descendingIterator.hasNext()) {
            forwardSecurityEvent(descendingIterator.next());
        }
        forwardSecurityEvent(securityEvent);
        this.securityEventQueue.clear();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.xml.security.stax.impl.InboundSecurityContextImpl, org.apache.xml.security.stax.impl.AbstractSecurityContextImpl
    public void forwardSecurityEvent(SecurityEvent securityEvent) throws XMLSecurityException {
        if (!this.allowRSA15KeyTransportAlgorithm && SecurityEventConstants.AlgorithmSuite.equals(securityEvent.getSecurityEventType())) {
            AlgorithmSuiteSecurityEvent algorithmSuiteSecurityEvent = (AlgorithmSuiteSecurityEvent) securityEvent;
            Boolean bool = (Boolean) get(WSSConstants.PROP_ALLOW_RSA15_KEYTRANSPORT_ALGORITHM);
            if ((bool == null || !bool.booleanValue()) && "http://www.w3.org/2001/04/xmlenc#rsa-1_5".equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK, WSSConstants.PROP_ALLOW_RSA15_KEYTRANSPORT_ALGORITHM, new Object[0]);
            }
        }
        try {
            super.forwardSecurityEvent(securityEvent);
        } catch (WSSecurityException e) {
            throw e;
        } catch (XMLSecurityException e2) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK, e2);
        }
    }

    private void identifySecurityTokenDepenedenciesAndUsage(Deque<SecurityEvent> deque) throws XMLSecurityException {
        TokenSecurityEvent<? extends InboundSecurityToken> tokenSecurityEvent;
        List<TokenSecurityEvent<? extends InboundSecurityToken>> emptyList = Collections.emptyList();
        List<TokenSecurityEvent<? extends InboundSecurityToken>> emptyList2 = Collections.emptyList();
        List<TokenSecurityEvent<? extends InboundSecurityToken>> emptyList3 = Collections.emptyList();
        List<TokenSecurityEvent<? extends InboundSecurityToken>> emptyList4 = Collections.emptyList();
        List<TokenSecurityEvent<? extends InboundSecurityToken>> emptyList5 = Collections.emptyList();
        List<TokenSecurityEvent<? extends InboundSecurityToken>> emptyList6 = Collections.emptyList();
        List<TokenSecurityEvent<? extends InboundSecurityToken>> emptyList7 = Collections.emptyList();
        List<TokenSecurityEvent<? extends InboundSecurityToken>> emptyList8 = Collections.emptyList();
        List<TokenSecurityEvent<? extends InboundSecurityToken>> emptyList9 = Collections.emptyList();
        List<TokenSecurityEvent<? extends InboundSecurityToken>> emptyList10 = Collections.emptyList();
        HttpsTokenSecurityEvent httpsTokenSecurityEvent = null;
        List<TokenSecurityEvent<? extends InboundSecurityToken>> arrayList = new ArrayList<>();
        for (SecurityEvent securityEvent : deque) {
            if (securityEvent instanceof TokenSecurityEvent) {
                TokenSecurityEvent<? extends InboundSecurityToken> tokenSecurityEvent2 = (TokenSecurityEvent) securityEvent;
                if (WSSecurityEventConstants.HttpsToken.equals(securityEvent.getSecurityEventType())) {
                    HttpsTokenSecurityEvent httpsTokenSecurityEvent2 = (HttpsTokenSecurityEvent) tokenSecurityEvent2;
                    httpsTokenSecurityEvent2.getSecurityToken().getTokenUsages().clear();
                    httpsTokenSecurityEvent2.getSecurityToken().addTokenUsage(WSSecurityTokenConstants.TokenUsage_MainSignature);
                    emptyList = addTokenSecurityEvent(httpsTokenSecurityEvent2, emptyList);
                    HttpsTokenSecurityEvent httpsTokenSecurityEvent3 = new HttpsTokenSecurityEvent();
                    httpsTokenSecurityEvent3.setAuthenticationType(httpsTokenSecurityEvent2.getAuthenticationType());
                    httpsTokenSecurityEvent3.setIssuerName(httpsTokenSecurityEvent2.getIssuerName());
                    httpsTokenSecurityEvent3.setSecurityToken(httpsTokenSecurityEvent2.getSecurityToken());
                    httpsTokenSecurityEvent3.getSecurityToken().addTokenUsage(WSSecurityTokenConstants.TokenUsage_MainEncryption);
                    emptyList2 = addTokenSecurityEvent(httpsTokenSecurityEvent2, emptyList2);
                    httpsTokenSecurityEvent = httpsTokenSecurityEvent3;
                } else {
                    arrayList.add(tokenSecurityEvent2);
                }
            }
        }
        for (int i = 0; i < arrayList.size(); i++) {
            TokenSecurityEvent<? extends InboundSecurityToken> tokenSecurityEvent3 = arrayList.get(i);
            InboundSecurityToken inboundSecurityToken = (InboundSecurityToken) WSSUtils.getRootToken(tokenSecurityEvent3.getSecurityToken());
            if (!containsSecurityToken(emptyList3, inboundSecurityToken)) {
                TokenSecurityEvent<? extends InboundSecurityToken> createTokenSecurityEvent = WSSUtils.createTokenSecurityEvent(inboundSecurityToken, tokenSecurityEvent3.getCorrelationID());
                emptyList3 = addTokenSecurityEvent(createTokenSecurityEvent, emptyList3);
                deque.offer(createTokenSecurityEvent);
            }
            deque.remove(tokenSecurityEvent3);
        }
        Iterator<TokenSecurityEvent<? extends InboundSecurityToken>> it = emptyList3.iterator();
        while (it.hasNext()) {
            TokenSecurityEvent<? extends InboundSecurityToken> next = it.next();
            List<InboundSecurityToken> isSignedToken = isSignedToken(next, deque, httpsTokenSecurityEvent);
            List<QName> arrayList2 = new ArrayList<>(4);
            arrayList2.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
            arrayList2.add(WSSConstants.TAG_dsig_Signature);
            boolean signsElement = signsElement(next, arrayList2, deque);
            boolean encryptsElement = encryptsElement(next, arrayList2, deque);
            List<QName> arrayList3 = new ArrayList<>(4);
            arrayList3.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
            arrayList3.add(WSSConstants.TAG_wsse11_SignatureConfirmation);
            boolean signsElement2 = signsElement(next, arrayList3, deque);
            boolean encryptsElement2 = encryptsElement(next, arrayList3, deque);
            List<QName> arrayList4 = new ArrayList<>(4);
            arrayList4.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
            arrayList4.add(WSSConstants.TAG_wsu_Timestamp);
            boolean signsElement3 = signsElement(next, arrayList4, deque);
            List<QName> arrayList5 = new ArrayList<>(4);
            arrayList5.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
            arrayList5.add(WSSConstants.TAG_wsse_UsernameToken);
            boolean encryptsElement3 = encryptsElement(next, arrayList5, deque);
            boolean z = Boolean.TRUE == get(WSSConstants.TRANSPORT_SECURITY_ACTIVE);
            List<InboundSecurityToken> isEncryptedToken = isEncryptedToken(next, deque, httpsTokenSecurityEvent);
            boolean contains = ((InboundSecurityToken) next.getSecurityToken()).getTokenUsages().contains(WSSecurityTokenConstants.TokenUsage_Signature);
            boolean contains2 = ((InboundSecurityToken) next.getSecurityToken()).getTokenUsages().contains(WSSecurityTokenConstants.TokenUsage_Encryption);
            if (!z && signsElement2 && signsElement3 && !signsElement) {
                it.remove();
                emptyList = addTokenSecurityEvent(next, emptyList);
                if (contains2) {
                    emptyList2 = addTokenSecurityEvent(next, emptyList2);
                }
            } else if (!z && signsElement2 && !signsElement) {
                it.remove();
                emptyList = addTokenSecurityEvent(next, emptyList);
                if (contains2) {
                    emptyList2 = addTokenSecurityEvent(next, emptyList2);
                }
            } else if (!z && signsElement3 && !signsElement) {
                it.remove();
                emptyList = addTokenSecurityEvent(next, emptyList);
                if (contains2) {
                    emptyList2 = addTokenSecurityEvent(next, emptyList2);
                }
            } else if (!z && (encryptsElement || encryptsElement2 || encryptsElement3)) {
                it.remove();
                emptyList2 = addTokenSecurityEvent(next, emptyList2);
            } else if (signsElement && isSignedToken.size() > 0 && isEncryptedToken.size() > 0) {
                it.remove();
                emptyList10 = addTokenSecurityEvent(next, emptyList10);
            } else if (z && signsElement3 && isSignedToken.size() > 0 && isEncryptedToken.size() > 0) {
                it.remove();
                emptyList10 = addTokenSecurityEvent(next, emptyList10);
            } else if (signsElement && isSignedToken.size() == 0 && isEncryptedToken.size() > 0) {
                it.remove();
                emptyList9 = addTokenSecurityEvent(next, emptyList9);
            } else if (signsElement && isSignedToken.size() > 0) {
                it.remove();
                emptyList6 = addTokenSecurityEvent(next, emptyList6);
            } else if (contains && isSignedToken.size() > 0) {
                it.remove();
                emptyList6 = addTokenSecurityEvent(next, emptyList6);
            } else if (signsElement) {
                it.remove();
                emptyList5 = addTokenSecurityEvent(next, emptyList5);
            } else if (isSignedToken.size() > 0 && isEncryptedToken.size() > 0) {
                it.remove();
                emptyList7 = addTokenSecurityEvent(next, emptyList7);
            } else if (isSignedToken.size() > 0) {
                it.remove();
                emptyList4 = addTokenSecurityEvent(next, emptyList4);
            } else if (isEncryptedToken.size() > 0) {
                it.remove();
                emptyList8 = addTokenSecurityEvent(next, emptyList8);
            }
        }
        if (emptyList.isEmpty() && (tokenSecurityEvent = getTokenSecurityEvent(getSupportingTokenSigningToken(emptyList4, emptyList6, emptyList7, emptyList10, deque), arrayList)) != null) {
            removeTokenSecurityEvent(tokenSecurityEvent, emptyList3);
            removeTokenSecurityEvent(tokenSecurityEvent, emptyList4);
            removeTokenSecurityEvent(tokenSecurityEvent, emptyList5);
            removeTokenSecurityEvent(tokenSecurityEvent, emptyList6);
            removeTokenSecurityEvent(tokenSecurityEvent, emptyList7);
            removeTokenSecurityEvent(tokenSecurityEvent, emptyList8);
            removeTokenSecurityEvent(tokenSecurityEvent, emptyList9);
            removeTokenSecurityEvent(tokenSecurityEvent, emptyList10);
            emptyList = addTokenSecurityEvent(tokenSecurityEvent, emptyList);
        }
        if (emptyList.isEmpty()) {
            Iterator<TokenSecurityEvent<? extends InboundSecurityToken>> it2 = emptyList3.iterator();
            while (true) {
                if (!it2.hasNext()) {
                    break;
                }
                TokenSecurityEvent<? extends InboundSecurityToken> next2 = it2.next();
                if (((InboundSecurityToken) next2.getSecurityToken()).getTokenUsages().contains(WSSecurityTokenConstants.TokenUsage_Signature)) {
                    it2.remove();
                    emptyList = addTokenSecurityEvent(next2, emptyList);
                    break;
                }
            }
        }
        if (emptyList2.isEmpty()) {
            Iterator<TokenSecurityEvent<? extends InboundSecurityToken>> it3 = emptyList3.iterator();
            while (true) {
                if (!it3.hasNext()) {
                    break;
                }
                TokenSecurityEvent<? extends InboundSecurityToken> next3 = it3.next();
                if (((InboundSecurityToken) next3.getSecurityToken()).getTokenUsages().contains(WSSecurityTokenConstants.TokenUsage_Encryption)) {
                    it3.remove();
                    emptyList2 = addTokenSecurityEvent(next3, emptyList2);
                    break;
                }
            }
        }
        if (!emptyList2.isEmpty()) {
            this.messageEncryptionTokenOccured = true;
        }
        setTokenUsage(emptyList, WSSecurityTokenConstants.TokenUsage_MainSignature);
        setTokenUsage(emptyList2, WSSecurityTokenConstants.TokenUsage_MainEncryption);
        setTokenUsage(emptyList3, WSSecurityTokenConstants.TokenUsage_SupportingTokens);
        setTokenUsage(emptyList4, WSSecurityTokenConstants.TokenUsage_SignedSupportingTokens);
        setTokenUsage(emptyList5, WSSecurityTokenConstants.TokenUsage_EndorsingSupportingTokens);
        setTokenUsage(emptyList6, WSSecurityTokenConstants.TokenUsage_SignedEndorsingSupportingTokens);
        setTokenUsage(emptyList7, WSSecurityTokenConstants.TokenUsage_SignedEncryptedSupportingTokens);
        setTokenUsage(emptyList8, WSSecurityTokenConstants.TokenUsage_EncryptedSupportingTokens);
        setTokenUsage(emptyList9, WSSecurityTokenConstants.TokenUsage_EndorsingEncryptedSupportingTokens);
        setTokenUsage(emptyList10, WSSecurityTokenConstants.TokenUsage_SignedEndorsingEncryptedSupportingTokens);
    }

    private void removeTokenSecurityEvent(TokenSecurityEvent<? extends InboundSecurityToken> tokenSecurityEvent, List<TokenSecurityEvent<? extends InboundSecurityToken>> list) {
        for (int i = 0; i < list.size(); i++) {
            TokenSecurityEvent<? extends InboundSecurityToken> tokenSecurityEvent2 = list.get(i);
            if (tokenSecurityEvent2.getSecurityToken().getId().equals(tokenSecurityEvent.getSecurityToken().getId())) {
                list.remove(tokenSecurityEvent2);
                return;
            }
        }
    }

    private List<TokenSecurityEvent<? extends InboundSecurityToken>> addTokenSecurityEvent(TokenSecurityEvent<? extends InboundSecurityToken> tokenSecurityEvent, List<TokenSecurityEvent<? extends InboundSecurityToken>> list) {
        if (list == Collections.emptyList()) {
            list = new ArrayList();
        }
        list.add(tokenSecurityEvent);
        return list;
    }

    private boolean containsSecurityToken(List<TokenSecurityEvent<? extends InboundSecurityToken>> list, SecurityToken securityToken) {
        if (securityToken == null) {
            return false;
        }
        for (int i = 0; i < list.size(); i++) {
            if (list.get(i).getSecurityToken().getId().equals(securityToken.getId())) {
                return true;
            }
        }
        return false;
    }

    private TokenSecurityEvent<? extends InboundSecurityToken> getTokenSecurityEvent(InboundSecurityToken inboundSecurityToken, List<TokenSecurityEvent<? extends InboundSecurityToken>> list) throws XMLSecurityException {
        if (inboundSecurityToken == null) {
            return null;
        }
        for (int i = 0; i < list.size(); i++) {
            TokenSecurityEvent<? extends InboundSecurityToken> tokenSecurityEvent = list.get(i);
            if (tokenSecurityEvent.getSecurityToken().getId().equals(inboundSecurityToken.getId())) {
                return tokenSecurityEvent;
            }
        }
        return null;
    }

    private InboundSecurityToken getSupportingTokenSigningToken(List<TokenSecurityEvent<? extends InboundSecurityToken>> list, List<TokenSecurityEvent<? extends InboundSecurityToken>> list2, List<TokenSecurityEvent<? extends InboundSecurityToken>> list3, List<TokenSecurityEvent<? extends InboundSecurityToken>> list4, Deque<SecurityEvent> deque) throws XMLSecurityException {
        for (int i = 0; i < list.size(); i++) {
            List<InboundSecurityToken> signingToken = getSigningToken(list.get(i), deque);
            if (signingToken.size() == 1) {
                return signingToken.get(0);
            }
        }
        for (int i2 = 0; i2 < list2.size(); i2++) {
            List<InboundSecurityToken> signingToken2 = getSigningToken(list2.get(i2), deque);
            if (signingToken2.size() == 1) {
                return signingToken2.get(0);
            }
        }
        for (int i3 = 0; i3 < list3.size(); i3++) {
            List<InboundSecurityToken> signingToken3 = getSigningToken(list3.get(i3), deque);
            if (signingToken3.size() == 1) {
                return signingToken3.get(0);
            }
        }
        for (int i4 = 0; i4 < list4.size(); i4++) {
            List<InboundSecurityToken> signingToken4 = getSigningToken(list4.get(i4), deque);
            if (signingToken4.size() == 1) {
                return signingToken4.get(0);
            }
        }
        return null;
    }

    private List<InboundSecurityToken> getSigningToken(TokenSecurityEvent<? extends SecurityToken> tokenSecurityEvent, Deque<SecurityEvent> deque) throws XMLSecurityException {
        ArrayList arrayList = new ArrayList();
        for (SecurityEvent securityEvent : deque) {
            if (WSSecurityEventConstants.SignedElement.equals(securityEvent.getSecurityEventType())) {
                SignedElementSecurityEvent signedElementSecurityEvent = (SignedElementSecurityEvent) securityEvent;
                if (signedElementSecurityEvent.isSigned() && WSSUtils.pathMatches(signedElementSecurityEvent.getElementPath(), ((InboundSecurityToken) tokenSecurityEvent.getSecurityToken()).getElementPath(), true, false)) {
                    arrayList.add((InboundSecurityToken) signedElementSecurityEvent.getSecurityToken());
                }
            }
        }
        return arrayList;
    }

    private void setTokenUsage(List<TokenSecurityEvent<? extends InboundSecurityToken>> list, SecurityTokenConstants.TokenUsage tokenUsage) throws XMLSecurityException {
        for (int i = 0; i < list.size(); i++) {
            setTokenUsage(list.get(i), tokenUsage);
        }
    }

    private void setTokenUsage(TokenSecurityEvent<? extends InboundSecurityToken> tokenSecurityEvent, SecurityTokenConstants.TokenUsage tokenUsage) throws XMLSecurityException {
        tokenSecurityEvent.getSecurityToken().getTokenUsages().remove(WSSecurityTokenConstants.TokenUsage_SupportingTokens);
        tokenSecurityEvent.getSecurityToken().getTokenUsages().remove(WSSecurityTokenConstants.TokenUsage_Signature);
        tokenSecurityEvent.getSecurityToken().getTokenUsages().remove(WSSecurityTokenConstants.TokenUsage_Encryption);
        tokenSecurityEvent.getSecurityToken().addTokenUsage(tokenUsage);
    }

    private List<InboundSecurityToken> isSignedToken(TokenSecurityEvent<? extends SecurityToken> tokenSecurityEvent, Deque<SecurityEvent> deque, HttpsTokenSecurityEvent httpsTokenSecurityEvent) throws XMLSecurityException {
        ArrayList arrayList = new ArrayList();
        if (httpsTokenSecurityEvent != null) {
            arrayList.add(httpsTokenSecurityEvent.getSecurityToken());
            return arrayList;
        }
        for (SecurityEvent securityEvent : deque) {
            if (WSSecurityEventConstants.SignedElement.equals(securityEvent.getSecurityEventType())) {
                SignedElementSecurityEvent signedElementSecurityEvent = (SignedElementSecurityEvent) securityEvent;
                if (signedElementSecurityEvent.isSigned() && tokenSecurityEvent.getSecurityToken() != null && signedElementSecurityEvent.getXmlSecEvent() != null && signedElementSecurityEvent.getXmlSecEvent() == ((InboundSecurityToken) tokenSecurityEvent.getSecurityToken()).getXMLSecEvent() && !arrayList.contains((InboundSecurityToken) signedElementSecurityEvent.getSecurityToken())) {
                    arrayList.add((InboundSecurityToken) signedElementSecurityEvent.getSecurityToken());
                }
            }
        }
        return arrayList;
    }

    private List<InboundSecurityToken> isEncryptedToken(TokenSecurityEvent<? extends SecurityToken> tokenSecurityEvent, Deque<SecurityEvent> deque, HttpsTokenSecurityEvent httpsTokenSecurityEvent) throws XMLSecurityException {
        ArrayList arrayList = new ArrayList();
        if (httpsTokenSecurityEvent != null) {
            arrayList.add(httpsTokenSecurityEvent.getSecurityToken());
            return arrayList;
        }
        for (SecurityEvent securityEvent : deque) {
            if (WSSecurityEventConstants.EncryptedElement.equals(securityEvent.getSecurityEventType())) {
                EncryptedElementSecurityEvent encryptedElementSecurityEvent = (EncryptedElementSecurityEvent) securityEvent;
                if (encryptedElementSecurityEvent.isEncrypted() && tokenSecurityEvent.getSecurityToken() != null && encryptedElementSecurityEvent.getXmlSecEvent() != null && encryptedElementSecurityEvent.getXmlSecEvent() == ((InboundSecurityToken) tokenSecurityEvent.getSecurityToken()).getXMLSecEvent() && !arrayList.contains((InboundSecurityToken) encryptedElementSecurityEvent.getSecurityToken())) {
                    arrayList.add((InboundSecurityToken) encryptedElementSecurityEvent.getSecurityToken());
                }
            }
        }
        return arrayList;
    }

    private boolean signsElement(TokenSecurityEvent<? extends SecurityToken> tokenSecurityEvent, List<QName> list, Deque<SecurityEvent> deque) throws XMLSecurityException {
        for (SecurityEvent securityEvent : deque) {
            if (WSSecurityEventConstants.SignedElement.equals(securityEvent.getSecurityEventType())) {
                SignedElementSecurityEvent signedElementSecurityEvent = (SignedElementSecurityEvent) securityEvent;
                if (signedElementSecurityEvent.isSigned() && matchesTokenOrWrappedTokenId(tokenSecurityEvent.getSecurityToken(), signedElementSecurityEvent.getSecurityToken().getId(), SecurityTokenConstants.TokenUsage_Signature) && WSSUtils.pathMatches(list, signedElementSecurityEvent.getElementPath(), true, false)) {
                    return true;
                }
            }
        }
        return false;
    }

    private boolean matchesTokenOrWrappedTokenId(SecurityToken securityToken, String str, SecurityTokenConstants.TokenUsage tokenUsage) throws XMLSecurityException {
        if (securityToken.getId().equals(str) && securityToken.getTokenUsages().contains(tokenUsage)) {
            return true;
        }
        List<? extends SecurityToken> wrappedTokens = securityToken.getWrappedTokens();
        for (int i = 0; i < wrappedTokens.size(); i++) {
            boolean matchesTokenOrWrappedTokenId = matchesTokenOrWrappedTokenId(wrappedTokens.get(i), str, tokenUsage);
            if (matchesTokenOrWrappedTokenId) {
                return matchesTokenOrWrappedTokenId;
            }
        }
        return false;
    }

    private boolean encryptsElement(TokenSecurityEvent<? extends SecurityToken> tokenSecurityEvent, List<QName> list, Deque<SecurityEvent> deque) throws XMLSecurityException {
        for (SecurityEvent securityEvent : deque) {
            if (WSSecurityEventConstants.EncryptedElement.equals(securityEvent.getSecurityEventType())) {
                EncryptedElementSecurityEvent encryptedElementSecurityEvent = (EncryptedElementSecurityEvent) securityEvent;
                if (encryptedElementSecurityEvent.isEncrypted() && encryptedElementSecurityEvent.getSecurityToken().getId().equals(tokenSecurityEvent.getSecurityToken().getId()) && WSSUtils.pathMatches(list, encryptedElementSecurityEvent.getElementPath(), true, false)) {
                    return true;
                }
            } else if (WSSecurityEventConstants.ContentEncrypted.equals(securityEvent.getSecurityEventType())) {
                ContentEncryptedElementSecurityEvent contentEncryptedElementSecurityEvent = (ContentEncryptedElementSecurityEvent) securityEvent;
                if (contentEncryptedElementSecurityEvent.isEncrypted() && contentEncryptedElementSecurityEvent.getSecurityToken().getId().equals(tokenSecurityEvent.getSecurityToken().getId()) && contentEncryptedElementSecurityEvent.getXmlSecEvent() == ((InboundSecurityToken) tokenSecurityEvent.getSecurityToken()).getXMLSecEvent() && WSSUtils.pathMatches(list, contentEncryptedElementSecurityEvent.getElementPath(), true, false)) {
                    return true;
                }
            } else {
                continue;
            }
        }
        return false;
    }

    @Override // org.apache.wss4j.stax.ext.WSInboundSecurityContext
    public void handleBSPRule(BSPRule bSPRule) throws WSSecurityException {
        if (this.disableBSPEnforcement) {
            return;
        }
        if (!this.ignoredBSPRules.contains(bSPRule)) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, "empty", "BSP:" + bSPRule.name() + ": " + bSPRule.getMsg());
        }
        LOG.warn("BSP:" + bSPRule.name() + ": " + bSPRule.getMsg());
    }

    @Override // org.apache.wss4j.stax.ext.WSInboundSecurityContext
    public void ignoredBSPRules(List<BSPRule> list) {
        this.ignoredBSPRules = new ArrayList(list);
    }

    public boolean isDisableBSPEnforcement() {
        return this.disableBSPEnforcement;
    }

    public void setDisableBSPEnforcement(boolean z) {
        this.disableBSPEnforcement = z;
    }

    public boolean isAllowRSA15KeyTransportAlgorithm() {
        return this.allowRSA15KeyTransportAlgorithm;
    }

    public void setAllowRSA15KeyTransportAlgorithm(boolean z) {
        this.allowRSA15KeyTransportAlgorithm = z;
    }
}
