package org.apache.wss4j.policy.stax.assertionStates;

import java.util.LinkedList;
import javax.xml.namespace.QName;
import org.apache.wss4j.common.WSSPolicyException;
import org.apache.wss4j.policy.AssertionState;
import org.apache.wss4j.policy.model.AbstractSecurityAssertion;
import org.apache.wss4j.policy.model.Header;
import org.apache.wss4j.policy.model.SignedParts;
import org.apache.wss4j.policy.stax.Assertable;
import org.apache.wss4j.policy.stax.DummyPolicyAsserter;
import org.apache.wss4j.policy.stax.PolicyAsserter;
import org.apache.wss4j.stax.ext.WSSConstants;
import org.apache.wss4j.stax.ext.WSSUtils;
import org.apache.wss4j.stax.securityEvent.SignedPartSecurityEvent;
import org.apache.wss4j.stax.securityEvent.WSSecurityEventConstants;
import org.apache.xml.security.stax.securityEvent.SecurityEvent;
import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.2.1.redhat-211.zip:modules/system/layers/fuse/org/apache/ws/security/2.0/wss4j-ws-security-policy-stax-2.0.3.jar:org/apache/wss4j/policy/stax/assertionStates/SignedPartsAssertionState.class */
public class SignedPartsAssertionState extends AssertionState implements Assertable {
    private int attachmentCount;
    private int signedAttachmentCount;
    private boolean signedAttachmentRequired;
    private PolicyAsserter policyAsserter;

    public SignedPartsAssertionState(AbstractSecurityAssertion abstractSecurityAssertion, PolicyAsserter policyAsserter, boolean z, int i) {
        super(abstractSecurityAssertion, z);
        this.attachmentCount = i;
        this.policyAsserter = policyAsserter;
        if (this.policyAsserter == null) {
            this.policyAsserter = new DummyPolicyAsserter();
        }
        if (z) {
            policyAsserter.assertPolicy(getAssertion());
        }
    }

    @Override // org.apache.wss4j.policy.stax.Assertable
    public SecurityEventConstants.Event[] getSecurityEventType() {
        return new SecurityEventConstants.Event[]{WSSecurityEventConstants.SignedPart};
    }

    @Override // org.apache.wss4j.policy.stax.Assertable
    public boolean assertEvent(SecurityEvent securityEvent) throws WSSPolicyException {
        SignedPartSecurityEvent signedPartSecurityEvent = (SignedPartSecurityEvent) securityEvent;
        SignedParts signedParts = (SignedParts) getAssertion();
        if (signedParts.getAttachments() != null) {
            this.signedAttachmentRequired = true;
            if (signedPartSecurityEvent.isAttachment()) {
                this.signedAttachmentCount++;
                setAsserted(true);
                this.policyAsserter.assertPolicy(getAssertion());
                return true;
            }
        }
        if (signedParts.isBody() && WSSUtils.pathMatches(WSSConstants.SOAP_11_BODY_PATH, signedPartSecurityEvent.getElementPath(), true, false)) {
            if (signedPartSecurityEvent.isSigned()) {
                setAsserted(true);
                this.policyAsserter.assertPolicy(getAssertion());
                return true;
            }
            setAsserted(false);
            setErrorMessage("Element " + WSSUtils.pathAsString(signedPartSecurityEvent.getElementPath()) + " must be signed");
            this.policyAsserter.unassertPolicy(getAssertion(), getErrorMessage());
            return false;
        }
        if (signedParts.isSignAllHeaders()) {
            if (signedPartSecurityEvent.isSigned()) {
                setAsserted(true);
                this.policyAsserter.assertPolicy(getAssertion());
                return true;
            }
            setAsserted(false);
            setErrorMessage("Element " + WSSUtils.pathAsString(signedPartSecurityEvent.getElementPath()) + " must be signed");
            this.policyAsserter.unassertPolicy(getAssertion(), getErrorMessage());
            return false;
        }
        for (int i = 0; i < signedParts.getHeaders().size(); i++) {
            Header header = signedParts.getHeaders().get(i);
            QName qName = new QName(header.getNamespace(), header.getName() == null ? "" : header.getName());
            LinkedList linkedList = new LinkedList();
            linkedList.addAll(WSSConstants.SOAP_11_HEADER_PATH);
            linkedList.add(qName);
            if (WSSUtils.pathMatches(linkedList, signedPartSecurityEvent.getElementPath(), true, header.getName() == null)) {
                if (signedPartSecurityEvent.isSigned()) {
                    setAsserted(true);
                    this.policyAsserter.assertPolicy(getAssertion());
                    return true;
                }
                setAsserted(false);
                setErrorMessage("Element " + WSSUtils.pathAsString(signedPartSecurityEvent.getElementPath()) + " must be signed");
                this.policyAsserter.unassertPolicy(getAssertion(), getErrorMessage());
                return false;
            }
        }
        this.policyAsserter.assertPolicy(getAssertion());
        return true;
    }

    @Override // org.apache.wss4j.policy.AssertionState, org.apache.wss4j.policy.stax.Assertable
    public boolean isAsserted() {
        if (!this.signedAttachmentRequired || this.signedAttachmentCount >= this.attachmentCount) {
            return super.isAsserted();
        }
        return false;
    }
}
