package org.apache.wss4j.policy.stax.assertionStates;

import javax.xml.namespace.QName;
import org.apache.wss4j.common.WSSPolicyException;
import org.apache.wss4j.policy.AssertionState;
import org.apache.wss4j.policy.model.AbstractSecurityAssertion;
import org.apache.wss4j.policy.model.AlgorithmSuite;
import org.apache.wss4j.policy.stax.Assertable;
import org.apache.wss4j.policy.stax.DummyPolicyAsserter;
import org.apache.wss4j.policy.stax.PolicyAsserter;
import org.apache.wss4j.stax.ext.WSSConstants;
import org.apache.xml.security.stax.ext.XMLSecurityConstants;
import org.apache.xml.security.stax.securityEvent.AlgorithmSuiteSecurityEvent;
import org.apache.xml.security.stax.securityEvent.SecurityEvent;
import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;

/* loaded from: input_file:wildfly-10.1.0.Final/modules/system/layers/base/org/apache/ws/security/main/wss4j-ws-security-policy-stax-2.1.5.jar:org/apache/wss4j/policy/stax/assertionStates/AlgorithmSuiteAssertionState.class */
public class AlgorithmSuiteAssertionState extends AssertionState implements Assertable {
    private PolicyAsserter policyAsserter;

    public AlgorithmSuiteAssertionState(AbstractSecurityAssertion abstractSecurityAssertion, PolicyAsserter policyAsserter, boolean z) {
        super(abstractSecurityAssertion, z);
        this.policyAsserter = policyAsserter;
        if (this.policyAsserter == null) {
            this.policyAsserter = new DummyPolicyAsserter();
        }
        if (z) {
            AlgorithmSuite algorithmSuite = (AlgorithmSuite) getAssertion();
            policyAsserter.assertPolicy(getAssertion());
            policyAsserter.assertPolicy(new QName(algorithmSuite.getAlgorithmSuiteType().getNamespace(), algorithmSuite.getAlgorithmSuiteType().getName()));
        }
    }

    @Override // org.apache.wss4j.policy.stax.Assertable
    public SecurityEventConstants.Event[] getSecurityEventType() {
        return new SecurityEventConstants.Event[]{SecurityEventConstants.AlgorithmSuite};
    }

    @Override // org.apache.wss4j.policy.stax.Assertable
    public boolean assertEvent(SecurityEvent securityEvent) throws WSSPolicyException {
        AlgorithmSuiteSecurityEvent algorithmSuiteSecurityEvent = (AlgorithmSuiteSecurityEvent) securityEvent;
        AlgorithmSuite algorithmSuite = (AlgorithmSuite) getAssertion();
        XMLSecurityConstants.AlgorithmUsage algorithmUsage = algorithmSuiteSecurityEvent.getAlgorithmUsage();
        int keyLength = algorithmSuiteSecurityEvent.getKeyLength();
        String algorithmURI = algorithmSuiteSecurityEvent.getAlgorithmURI();
        if (WSSConstants.Sym_Sig.equals(algorithmUsage)) {
            if (algorithmSuite.getSymmetricSignature() != null && !algorithmSuite.getSymmetricSignature().equals(algorithmURI)) {
                setAsserted(false);
                setErrorMessage("Symmetric signature algorithm " + algorithmURI + " does not meet policy");
                this.policyAsserter.unassertPolicy(getAssertion(), getErrorMessage());
            }
            if (algorithmSuite.getAlgorithmSuiteType() != null) {
                if (!algorithmSuiteSecurityEvent.isDerivedKey() && (algorithmSuite.getAlgorithmSuiteType().getMinimumSymmetricKeyLength() > keyLength || algorithmSuite.getAlgorithmSuiteType().getMaximumSymmetricKeyLength() < keyLength)) {
                    setAsserted(false);
                    setErrorMessage("Symmetric signature algorithm key length " + keyLength + " does not meet policy");
                    this.policyAsserter.unassertPolicy(getAssertion(), getErrorMessage());
                } else if (algorithmSuiteSecurityEvent.isDerivedKey() && algorithmSuite.getAlgorithmSuiteType().getSignatureDerivedKeyLength() != keyLength) {
                    setAsserted(false);
                    setErrorMessage("Symmetric signature algorithm derived key length " + keyLength + " does not meet policy");
                    this.policyAsserter.unassertPolicy(getAssertion(), getErrorMessage());
                }
            }
        } else if (WSSConstants.Asym_Sig.equals(algorithmUsage)) {
            if (algorithmSuite.getAsymmetricSignature() != null && !algorithmSuite.getAsymmetricSignature().equals(algorithmURI)) {
                setAsserted(false);
                setErrorMessage("Asymmetric algorithm " + algorithmURI + " does not meet policy");
                this.policyAsserter.unassertPolicy(getAssertion(), getErrorMessage());
            }
            if (algorithmSuite.getAlgorithmSuiteType() != null && (algorithmSuite.getAlgorithmSuiteType().getMinimumAsymmetricKeyLength() > keyLength || algorithmSuite.getAlgorithmSuiteType().getMaximumAsymmetricKeyLength() < keyLength)) {
                setAsserted(false);
                setErrorMessage("Asymmetric signature algorithm key length " + keyLength + " does not meet policy");
                this.policyAsserter.unassertPolicy(getAssertion(), getErrorMessage());
            }
        } else if (WSSConstants.SigDig.equals(algorithmUsage)) {
            if (algorithmSuite.getAlgorithmSuiteType() != null && !algorithmSuite.getAlgorithmSuiteType().getDigest().equals(algorithmURI)) {
                setAsserted(false);
                setErrorMessage("Digest algorithm " + algorithmURI + " does not meet policy");
                this.policyAsserter.unassertPolicy(getAssertion(), getErrorMessage());
            }
        } else if (WSSConstants.Enc.equals(algorithmUsage)) {
            if (algorithmSuite.getAlgorithmSuiteType() != null && !algorithmSuite.getAlgorithmSuiteType().getEncryption().equals(algorithmURI)) {
                setAsserted(false);
                setErrorMessage("Encryption algorithm " + algorithmURI + " does not meet policy");
                this.policyAsserter.unassertPolicy(getAssertion(), getErrorMessage());
            }
            if (algorithmSuite.getAlgorithmSuiteType() != null) {
                if (!algorithmSuiteSecurityEvent.isDerivedKey() && (algorithmSuite.getAlgorithmSuiteType().getMinimumSymmetricKeyLength() > keyLength || algorithmSuite.getAlgorithmSuiteType().getMaximumSymmetricKeyLength() < keyLength)) {
                    setAsserted(false);
                    setErrorMessage("Symmetric encryption algorithm key length " + keyLength + " does not meet policy");
                    this.policyAsserter.unassertPolicy(getAssertion(), getErrorMessage());
                } else if (algorithmSuiteSecurityEvent.isDerivedKey() && algorithmSuite.getAlgorithmSuiteType().getEncryptionDerivedKeyLength() != keyLength) {
                    setAsserted(false);
                    setErrorMessage("Symmetric encryption algorithm derived key length " + keyLength + " does not meet policy");
                    this.policyAsserter.unassertPolicy(getAssertion(), getErrorMessage());
                }
            }
        } else if (WSSConstants.Sym_Key_Wrap.equals(algorithmUsage)) {
            if (algorithmSuite.getAlgorithmSuiteType() != null && !algorithmSuite.getAlgorithmSuiteType().getSymmetricKeyWrap().equals(algorithmURI)) {
                setAsserted(false);
                setErrorMessage("Symmetric key wrap algorithm " + algorithmURI + " does not meet policy");
                this.policyAsserter.unassertPolicy(getAssertion(), getErrorMessage());
            }
            if (algorithmSuite.getAlgorithmSuiteType() != null && (algorithmSuite.getAlgorithmSuiteType().getMinimumSymmetricKeyLength() > keyLength || algorithmSuite.getAlgorithmSuiteType().getMaximumSymmetricKeyLength() < keyLength)) {
                setAsserted(false);
                setErrorMessage("Symmetric key wrap algorithm key length " + keyLength + " does not meet policy");
                this.policyAsserter.unassertPolicy(getAssertion(), getErrorMessage());
            }
        } else if (WSSConstants.Asym_Key_Wrap.equals(algorithmUsage)) {
            if (algorithmSuite.getAlgorithmSuiteType() != null && !algorithmSuite.getAlgorithmSuiteType().getAsymmetricKeyWrap().equals(algorithmURI)) {
                setAsserted(false);
                setErrorMessage("Asymmetric key wrap algorithm " + algorithmURI + " does not meet policy");
                this.policyAsserter.unassertPolicy(getAssertion(), getErrorMessage());
            }
            if (algorithmSuite.getAlgorithmSuiteType() != null && (algorithmSuite.getAlgorithmSuiteType().getMinimumAsymmetricKeyLength() > keyLength || algorithmSuite.getAlgorithmSuiteType().getMaximumAsymmetricKeyLength() < keyLength)) {
                setAsserted(false);
                setErrorMessage("Asymmetric key wrap algorithm key length " + keyLength + " does not meet policy");
                this.policyAsserter.unassertPolicy(getAssertion(), getErrorMessage());
            }
        } else if (WSSConstants.COMP_KEY.equals(algorithmUsage)) {
            if (algorithmSuite.getComputedKey() != null && !algorithmSuite.getComputedKey().equals(algorithmURI)) {
                setAsserted(false);
                setErrorMessage("Computed key algorithm " + algorithmURI + " does not meet policy");
                this.policyAsserter.unassertPolicy(getAssertion(), getErrorMessage());
            }
        } else if (WSSConstants.ENC_KD.equals(algorithmUsage)) {
            if (algorithmSuite.getAlgorithmSuiteType() != null && !algorithmSuite.getAlgorithmSuiteType().getEncryptionKeyDerivation().equals(algorithmURI)) {
                setAsserted(false);
                setErrorMessage("Encryption key derivation algorithm " + algorithmURI + " does not meet policy");
                this.policyAsserter.unassertPolicy(getAssertion(), getErrorMessage());
            }
        } else if (WSSConstants.SIG_KD.equals(algorithmUsage)) {
            if (algorithmSuite.getAlgorithmSuiteType() != null && !algorithmSuite.getAlgorithmSuiteType().getSignatureKeyDerivation().equals(algorithmURI)) {
                setAsserted(false);
                setErrorMessage("Signature key derivation algorithm " + algorithmURI + " does not meet policy");
                this.policyAsserter.unassertPolicy(getAssertion(), getErrorMessage());
            }
        } else if (WSSConstants.SigC14n.equals(algorithmUsage)) {
            if (algorithmSuite.getC14n() != null && !algorithmSuite.getC14n().getValue().equals(algorithmURI)) {
                setAsserted(false);
                setErrorMessage("C14N algorithm " + algorithmURI + " does not meet policy");
                this.policyAsserter.unassertPolicy(getAssertion(), getErrorMessage());
            }
        } else if (WSSConstants.SigTransform.equals(algorithmUsage)) {
            if (algorithmSuite.getC14n() != null && !algorithmSuite.getC14n().getValue().equals(algorithmURI) && !"http://www.w3.org/2001/10/xml-exc-c14n#".equals(algorithmURI) && !"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform".equals(algorithmURI) && !"http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Content-Signature-Transform".equals(algorithmURI) && !"http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Complete-Signature-Transform".equals(algorithmURI)) {
                setAsserted(false);
                setErrorMessage("Transform C14N algorithm " + algorithmURI + " does not meet policy");
                this.policyAsserter.unassertPolicy(getAssertion(), getErrorMessage());
            }
        } else if (WSSConstants.SOAP_NORM.equals(algorithmUsage)) {
            if (algorithmSuite.getSoapNormType() != null && !algorithmSuite.getSoapNormType().getValue().equals(algorithmURI)) {
                setAsserted(false);
                setErrorMessage("Soap normalization algorithm " + algorithmURI + " does not meet policy");
                this.policyAsserter.unassertPolicy(getAssertion(), getErrorMessage());
            }
        } else if (WSSConstants.STR_TRANS.equals(algorithmUsage)) {
            if (algorithmSuite.getStrType() != null && !algorithmSuite.getStrType().getValue().equals(algorithmURI)) {
                setAsserted(false);
                setErrorMessage("STR transformation algorithm " + algorithmURI + " does not meet policy");
                this.policyAsserter.unassertPolicy(getAssertion(), getErrorMessage());
            }
        } else if (WSSConstants.XPATH.equals(algorithmUsage) && algorithmSuite.getXPathType() != null && !algorithmSuite.getXPathType().getValue().equals(algorithmURI)) {
            setAsserted(false);
            setErrorMessage("XPATH algorithm " + algorithmURI + " does not meet policy");
            this.policyAsserter.unassertPolicy(getAssertion(), getErrorMessage());
        }
        if (isAsserted()) {
            this.policyAsserter.assertPolicy(getAssertion());
            String namespace = algorithmSuite.getAlgorithmSuiteType().getNamespace();
            this.policyAsserter.assertPolicy(new QName(namespace, algorithmSuite.getAlgorithmSuiteType().getName()));
            if (algorithmSuite.getC14n() != null) {
                this.policyAsserter.assertPolicy(new QName(namespace, algorithmSuite.getC14n().name()));
            }
        }
        return isAsserted();
    }
}
