package com.sun.xml.ws.security.impl.policyconv;

import com.sun.xml.ws.addressing.policy.Address;
import com.sun.xml.ws.policy.PolicyAssertion;
import com.sun.xml.ws.policy.PolicyException;
import com.sun.xml.ws.security.impl.policy.PolicyUtil;
import com.sun.xml.ws.security.policy.Binding;
import com.sun.xml.ws.security.policy.EncryptedElements;
import com.sun.xml.ws.security.policy.EncryptedParts;
import com.sun.xml.ws.security.policy.IssuedToken;
import com.sun.xml.ws.security.policy.KerberosToken;
import com.sun.xml.ws.security.policy.SamlToken;
import com.sun.xml.ws.security.policy.SecureConversationToken;
import com.sun.xml.ws.security.policy.SecurityPolicyVersion;
import com.sun.xml.ws.security.policy.SignedElements;
import com.sun.xml.ws.security.policy.SignedParts;
import com.sun.xml.ws.security.policy.SymmetricBinding;
import com.sun.xml.ws.security.policy.Token;
import com.sun.xml.ws.security.policy.X509Token;
import com.sun.xml.wss.impl.PolicyTypeUtil;
import com.sun.xml.wss.impl.policy.SecurityPolicy;
import com.sun.xml.wss.impl.policy.mls.AuthenticationTokenPolicy;
import com.sun.xml.wss.impl.policy.mls.DerivedTokenKeyBinding;
import com.sun.xml.wss.impl.policy.mls.EncryptionPolicy;
import com.sun.xml.wss.impl.policy.mls.IssuedTokenKeyBinding;
import com.sun.xml.wss.impl.policy.mls.KeyBindingBase;
import com.sun.xml.wss.impl.policy.mls.SecureConversationTokenKeyBinding;
import com.sun.xml.wss.impl.policy.mls.SignaturePolicy;
import com.sun.xml.wss.impl.policy.mls.SymmetricKeyBinding;
import com.sun.xml.wss.impl.policy.mls.TimestampPolicy;
import com.sun.xml.wss.impl.policy.mls.WSSPolicy;
import java.util.Vector;

/* loaded from: input_file:com/sun/xml/ws/security/impl/policyconv/SymmetricBindingProcessor.class */
public class SymmetricBindingProcessor extends BindingProcessor {
    private SymmetricBinding binding;

    public SymmetricBindingProcessor(SymmetricBinding symmetricBinding, XWSSPolicyContainer xWSSPolicyContainer, boolean z, boolean z2, Vector<SignedParts> vector, Vector<EncryptedParts> vector2, Vector<SignedElements> vector3, Vector<EncryptedElements> vector4) {
        this.binding = null;
        this.binding = symmetricBinding;
        this.container = xWSSPolicyContainer;
        this.isServer = z;
        this.isIncoming = z2;
        this.protectionOrder = symmetricBinding.getProtectionOrder();
        this.tokenProcessor = new TokenProcessor(z, z2, this.pid);
        this.iAP = new IntegrityAssertionProcessor(symmetricBinding.getAlgorithmSuite(), symmetricBinding.isSignContent());
        this.eAP = new EncryptionAssertionProcessor(symmetricBinding.getAlgorithmSuite(), false);
        this.signedParts = vector;
        this.signedElements = vector3;
        this.encryptedElements = vector4;
        this.encryptedParts = vector2;
    }

    public void process() throws PolicyException {
        Token protectionToken = this.binding.getProtectionToken();
        if (protectionToken == null) {
            Token signatureToken = this.binding.getSignatureToken();
            Token encryptionToken = this.binding.getEncryptionToken();
            if (encryptionToken != null) {
                this.primaryEP = new EncryptionPolicy();
                this.primaryEP.setUUID(this.pid.generateID());
                addSymmetricKeyBinding(this.primaryEP, encryptionToken);
            }
            if (signatureToken != null) {
                this.primarySP = new SignaturePolicy();
                this.primarySP.setUUID(this.pid.generateID());
                SignaturePolicy.FeatureBinding featureBinding = this.primarySP.getFeatureBinding();
                SecurityPolicyUtil.setCanonicalizationMethod(featureBinding, this.binding.getAlgorithmSuite());
                featureBinding.isPrimarySignature(true);
                addSymmetricKeyBinding(this.primarySP, signatureToken);
            }
        } else {
            this.primarySP = new SignaturePolicy();
            this.primarySP.setUUID(this.pid.generateID());
            this.primaryEP = new EncryptionPolicy();
            this.primaryEP.setUUID(this.pid.generateID());
            addSymmetricKeyBinding(this.primarySP, protectionToken);
            addSymmetricKeyBinding(this.primaryEP, protectionToken);
            SignaturePolicy.FeatureBinding featureBinding2 = this.primarySP.getFeatureBinding();
            SecurityPolicyUtil.setCanonicalizationMethod(featureBinding2, this.binding.getAlgorithmSuite());
            featureBinding2.isPrimarySignature(true);
        }
        if (this.protectionOrder == "SignBeforeEncrypting") {
            this.container.insert(this.primarySP);
        } else {
            this.container.insert(this.primaryEP);
            this.container.insert(this.primarySP);
            if (this.primaryEP != null) {
                this.primaryEP.getFeatureBinding().setUseStandAloneRefList(true);
            }
        }
        addPrimaryTargets();
        if (this.foundEncryptTargets && this.binding.getSignatureProtection()) {
            protectPrimarySignature();
        }
        if (this.binding.isIncludeTimeStamp()) {
            SecurityPolicy timestampPolicy = new TimestampPolicy();
            timestampPolicy.setUUID(this.pid.generateID());
            this.container.insert(timestampPolicy);
            if (!this.binding.isDisableTimestampSigning()) {
                protectTimestamp(timestampPolicy);
            }
        }
        if (this.binding.getTokenProtection()) {
            WSSPolicy wSSPolicy = (WSSPolicy) this.primarySP.getKeyBinding();
            if (PolicyTypeUtil.derivedTokenKeyBinding(wSSPolicy)) {
                protectToken(wSSPolicy, true);
            } else {
                protectToken((WSSPolicy) wSSPolicy.getKeyBinding(), true);
            }
        }
    }

    protected void addSymmetricKeyBinding(WSSPolicy wSSPolicy, Token token) throws PolicyException {
        SymmetricKeyBinding symmetricKeyBinding = new SymmetricKeyBinding();
        Token token2 = (PolicyAssertion) token;
        SecurityPolicyVersion sPVersion = SecurityPolicyUtil.getSPVersion(token2);
        if (PolicyUtil.isX509Token(token2, sPVersion)) {
            AuthenticationTokenPolicy.X509CertificateBinding x509CertificateBinding = new AuthenticationTokenPolicy.X509CertificateBinding();
            X509Token x509Token = (X509Token) token2;
            x509CertificateBinding.setUUID(token.getTokenId());
            this.tokenProcessor.setTokenValueType(x509CertificateBinding, (PolicyAssertion) token2);
            this.tokenProcessor.setTokenInclusion(x509CertificateBinding, token2);
            this.tokenProcessor.setX509TokenRefType(x509CertificateBinding, x509Token);
            if (x509Token.getIssuer() != null) {
                Address address = x509Token.getIssuer().getAddress();
                if (address != null) {
                    x509CertificateBinding.setIssuer(address.getURI().toString());
                }
            } else if (x509Token.getIssuerName() != null) {
                x509CertificateBinding.setIssuer(x509Token.getIssuerName().getIssuerName());
            }
            if (x509Token.getClaims() != null) {
                x509CertificateBinding.setClaims(x509Token.getClaims().getClaimsAsBytes());
            }
            if (!x509Token.isRequireDerivedKeys()) {
                symmetricKeyBinding.setKeyBinding(x509CertificateBinding);
                wSSPolicy.setKeyBinding(symmetricKeyBinding);
                return;
            }
            DerivedTokenKeyBinding derivedTokenKeyBinding = new DerivedTokenKeyBinding();
            symmetricKeyBinding.setKeyBinding(x509CertificateBinding);
            wSSPolicy.setKeyBinding(derivedTokenKeyBinding);
            derivedTokenKeyBinding.setOriginalKeyBinding(symmetricKeyBinding);
            derivedTokenKeyBinding.setUUID(this.pid.generateID());
            return;
        }
        if (PolicyUtil.isKerberosToken(token2, sPVersion)) {
            AuthenticationTokenPolicy.KerberosTokenBinding kerberosTokenBinding = new AuthenticationTokenPolicy.KerberosTokenBinding();
            kerberosTokenBinding.setUUID(token.getTokenId());
            KerberosToken kerberosToken = (KerberosToken) token2;
            this.tokenProcessor.setTokenValueType(kerberosTokenBinding, (PolicyAssertion) token2);
            this.tokenProcessor.setTokenInclusion(kerberosTokenBinding, token2);
            this.tokenProcessor.setKerberosTokenRefType(kerberosTokenBinding, kerberosToken);
            if (kerberosToken.getIssuer() != null) {
                Address address2 = kerberosToken.getIssuer().getAddress();
                if (address2 != null) {
                    kerberosTokenBinding.setIssuer(address2.getURI().toString());
                }
            } else if (kerberosToken.getIssuerName() != null) {
                kerberosTokenBinding.setIssuer(kerberosToken.getIssuerName().getIssuerName());
            }
            if (kerberosToken.getClaims() != null) {
                kerberosTokenBinding.setClaims(kerberosToken.getClaims().getClaimsAsBytes());
            }
            if (!kerberosToken.isRequireDerivedKeys()) {
                symmetricKeyBinding.setKeyBinding(kerberosTokenBinding);
                wSSPolicy.setKeyBinding(symmetricKeyBinding);
                return;
            }
            DerivedTokenKeyBinding derivedTokenKeyBinding2 = new DerivedTokenKeyBinding();
            symmetricKeyBinding.setKeyBinding(kerberosTokenBinding);
            wSSPolicy.setKeyBinding(derivedTokenKeyBinding2);
            derivedTokenKeyBinding2.setOriginalKeyBinding(symmetricKeyBinding);
            derivedTokenKeyBinding2.setUUID(this.pid.generateID());
            return;
        }
        if (PolicyUtil.isSamlToken(token2, sPVersion)) {
            KeyBindingBase sAMLAssertionBinding = new AuthenticationTokenPolicy.SAMLAssertionBinding();
            SamlToken samlToken = (SamlToken) token2;
            sAMLAssertionBinding.setUUID(token.getTokenId());
            sAMLAssertionBinding.setReferenceType("Direct");
            this.tokenProcessor.setTokenInclusion(sAMLAssertionBinding, token2);
            if (samlToken.getIssuer() != null) {
                Address address3 = samlToken.getIssuer().getAddress();
                if (address3 != null) {
                    sAMLAssertionBinding.setIssuer(address3.getURI().toString());
                }
            } else if (samlToken.getIssuerName() != null) {
                sAMLAssertionBinding.setIssuer(samlToken.getIssuerName().getIssuerName());
            }
            if (samlToken.getClaims() != null) {
                sAMLAssertionBinding.setClaims(samlToken.getClaims().getClaimsAsBytes());
            }
            if (!samlToken.isRequireDerivedKeys()) {
                wSSPolicy.setKeyBinding(sAMLAssertionBinding);
                return;
            }
            DerivedTokenKeyBinding derivedTokenKeyBinding3 = new DerivedTokenKeyBinding();
            derivedTokenKeyBinding3.setOriginalKeyBinding(sAMLAssertionBinding);
            wSSPolicy.setKeyBinding(derivedTokenKeyBinding3);
            derivedTokenKeyBinding3.setUUID(this.pid.generateID());
            return;
        }
        if (PolicyUtil.isIssuedToken(token2, sPVersion)) {
            KeyBindingBase issuedTokenKeyBinding = new IssuedTokenKeyBinding();
            this.tokenProcessor.setTokenInclusion(issuedTokenKeyBinding, token2);
            issuedTokenKeyBinding.setUUID(token2.getTokenId());
            IssuedToken issuedToken = (IssuedToken) token2;
            if (issuedToken.getIssuer() != null) {
                Address address4 = issuedToken.getIssuer().getAddress();
                if (address4 != null) {
                    issuedTokenKeyBinding.setIssuer(address4.getURI().toString());
                }
            } else if (issuedToken.getIssuerName() != null) {
                issuedTokenKeyBinding.setIssuer(issuedToken.getIssuerName().getIssuerName());
            }
            if (issuedToken.getClaims() != null) {
                issuedTokenKeyBinding.setClaims(issuedToken.getClaims().getClaimsAsBytes());
            }
            if (!issuedToken.isRequireDerivedKeys()) {
                wSSPolicy.setKeyBinding(issuedTokenKeyBinding);
                return;
            }
            DerivedTokenKeyBinding derivedTokenKeyBinding4 = new DerivedTokenKeyBinding();
            derivedTokenKeyBinding4.setOriginalKeyBinding(issuedTokenKeyBinding);
            wSSPolicy.setKeyBinding(derivedTokenKeyBinding4);
            derivedTokenKeyBinding4.setUUID(this.pid.generateID());
            return;
        }
        if (!PolicyUtil.isSecureConversationToken(token2, sPVersion)) {
            throw new UnsupportedOperationException("addKeyBinding for " + token + "is not supported");
        }
        KeyBindingBase secureConversationTokenKeyBinding = new SecureConversationTokenKeyBinding();
        SecureConversationToken secureConversationToken = (SecureConversationToken) token2;
        if (secureConversationToken.getIssuer() != null) {
            Address address5 = secureConversationToken.getIssuer().getAddress();
            if (address5 != null) {
                secureConversationTokenKeyBinding.setIssuer(address5.getURI().toString());
            }
        } else if (secureConversationToken.getIssuerName() != null) {
            secureConversationTokenKeyBinding.setIssuer(secureConversationToken.getIssuerName().getIssuerName());
        }
        if (secureConversationToken.getClaims() != null) {
            secureConversationTokenKeyBinding.setClaims(secureConversationToken.getClaims().getClaimsAsBytes());
        }
        if (secureConversationToken.isRequireDerivedKeys()) {
            DerivedTokenKeyBinding derivedTokenKeyBinding5 = new DerivedTokenKeyBinding();
            derivedTokenKeyBinding5.setOriginalKeyBinding(secureConversationTokenKeyBinding);
            wSSPolicy.setKeyBinding(derivedTokenKeyBinding5);
            derivedTokenKeyBinding5.setUUID(this.pid.generateID());
        } else {
            wSSPolicy.setKeyBinding(secureConversationTokenKeyBinding);
        }
        this.tokenProcessor.setTokenInclusion(secureConversationTokenKeyBinding, token2);
        secureConversationTokenKeyBinding.setUUID(token2.getTokenId());
    }

    @Override // com.sun.xml.ws.security.impl.policyconv.BindingProcessor
    protected Binding getBinding() {
        return this.binding;
    }

    @Override // com.sun.xml.ws.security.impl.policyconv.BindingProcessor
    protected EncryptionPolicy getSecondaryEncryptionPolicy() throws PolicyException {
        if (this.sEncPolicy == null) {
            this.sEncPolicy = new EncryptionPolicy();
            this.sEncPolicy.setUUID(this.pid.generateID());
            Token protectionToken = this.binding.getProtectionToken();
            if (protectionToken == null) {
                protectionToken = this.binding.getEncryptionToken();
            }
            addSymmetricKeyBinding(this.sEncPolicy, protectionToken);
            this.container.insert(this.sEncPolicy);
        }
        return this.sEncPolicy;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.sun.xml.ws.security.impl.policyconv.BindingProcessor
    public void close() {
        if (this.protectionOrder == "SignBeforeEncrypting") {
            this.container.insert(this.primaryEP);
        }
    }
}
