package org.apache.cxf.ws.security.wss4j.policyvalidators;

import java.util.Collection;
import java.util.List;
import org.apache.cxf.message.Message;
import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.wss4j.dom.WSSecurityEngineResult;
import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.apache.wss4j.policy.SPConstants;
import org.apache.wss4j.policy.model.Wss11;
import org.w3c.dom.Element;

/* loaded from: input_file:WEB-INF/lib/cxf-rt-ws-security-3.0.4.redhat-621177.jar:org/apache/cxf/ws/security/wss4j/policyvalidators/WSS11PolicyValidator.class */
public class WSS11PolicyValidator extends AbstractTokenPolicyValidator implements TokenPolicyValidator {
    @Override // org.apache.cxf.ws.security.wss4j.policyvalidators.TokenPolicyValidator
    public boolean validatePolicy(AssertionInfoMap assertionInfoMap, Message message, Element element, List<WSSecurityEngineResult> list, List<WSSecurityEngineResult> list2) {
        Collection<AssertionInfo> allAssertionsByLocalname = getAllAssertionsByLocalname(assertionInfoMap, SPConstants.WSS11);
        if (allAssertionsByLocalname.isEmpty()) {
            return true;
        }
        parsePolicies(allAssertionsByLocalname, message, list);
        assertPolicy(assertionInfoMap, SPConstants.MUST_SUPPORT_REF_THUMBPRINT);
        assertPolicy(assertionInfoMap, SPConstants.MUST_SUPPORT_REF_ENCRYPTED_KEY);
        assertPolicy(assertionInfoMap, SPConstants.REQUIRE_SIGNATURE_CONFIRMATION);
        assertPolicy(assertionInfoMap, SPConstants.MUST_SUPPORT_REF_KEY_IDENTIFIER);
        assertPolicy(assertionInfoMap, SPConstants.MUST_SUPPORT_REF_ISSUER_SERIAL);
        assertPolicy(assertionInfoMap, SPConstants.MUST_SUPPORT_REF_EXTERNAL_URI);
        assertPolicy(assertionInfoMap, SPConstants.MUST_SUPPORT_REF_EMBEDDED_TOKEN);
        return true;
    }

    private void parsePolicies(Collection<AssertionInfo> collection, Message message, List<WSSecurityEngineResult> list) {
        List<WSSecurityEngineResult> fetchAllActionResults = WSSecurityUtil.fetchAllActionResults(list, 128);
        for (AssertionInfo assertionInfo : collection) {
            Wss11 wss11 = (Wss11) assertionInfo.getAssertion();
            assertionInfo.setAsserted(true);
            if (MessageUtils.isRequestor(message) && ((wss11.isRequireSignatureConfirmation() && fetchAllActionResults.isEmpty()) || (!wss11.isRequireSignatureConfirmation() && !fetchAllActionResults.isEmpty()))) {
                assertionInfo.setNotAsserted("Signature Confirmation policy validation failed");
            }
        }
    }
}
