package org.apache.cxf.ws.security.wss4j;

import java.util.Iterator;
import java.util.List;
import java.util.logging.Logger;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.phase.Phase;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.stax.ext.WSSConstants;
import org.apache.wss4j.stax.securityEvent.OperationSecurityEvent;
import org.apache.wss4j.stax.securityEvent.WSSecurityEventConstants;
import org.apache.xml.security.stax.ext.XMLSecurityConstants;
import org.apache.xml.security.stax.securityEvent.SecurityEvent;
import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.2.1.redhat-216-05.zip:modules/system/layers/fuse/org/apache/cxf/3.0/cxf-rt-ws-security-3.0.4.redhat-621216-05.jar:org/apache/cxf/ws/security/wss4j/StaxActionInInterceptor.class */
public class StaxActionInInterceptor extends AbstractPhaseInterceptor<SoapMessage> {
    private static final Logger LOG = LogUtils.getL7dLogger(StaxActionInInterceptor.class);
    private final List<XMLSecurityConstants.Action> inActions;

    public StaxActionInInterceptor(List<XMLSecurityConstants.Action> list) {
        super(Phase.PRE_PROTOCOL);
        this.inActions = list;
        getBefore().add(StaxSecurityContextInInterceptor.class.getName());
    }

    @Override // org.apache.cxf.interceptor.Interceptor
    public void handleMessage(SoapMessage soapMessage) throws Fault {
        OperationSecurityEvent operationSecurityEvent;
        if (this.inActions == null || this.inActions.size() == 0) {
            return;
        }
        List<SecurityEvent> list = (List) soapMessage.get(SecurityEvent.class.getName() + ".in");
        if (list == null) {
            LOG.warning("Security processing failed (actions mismatch)");
            throw WSS4JUtils.createSoapFault(soapMessage, soapMessage.getVersion(), new WSSecurityException(WSSecurityException.ErrorCode.SECURITY_ERROR));
        }
        if (MessageUtils.isRequestor(soapMessage) && isEventInResults(WSSecurityEventConstants.NoSecurity, list) && (operationSecurityEvent = (OperationSecurityEvent) findEvent(WSSecurityEventConstants.Operation, list)) != null && soapMessage.getVersion().getFault().equals(operationSecurityEvent.getOperation())) {
            LOG.warning("Request does not contain Security header, but it's a fault.");
            return;
        }
        for (XMLSecurityConstants.Action action : this.inActions) {
            SecurityEventConstants.Event event = null;
            if (WSSConstants.TIMESTAMP.equals(action)) {
                event = WSSecurityEventConstants.Timestamp;
            } else if (WSSConstants.USERNAMETOKEN.equals(action)) {
                event = WSSecurityEventConstants.UsernameToken;
            } else if (WSSConstants.SIGNATURE.equals(action)) {
                event = WSSecurityEventConstants.SignatureValue;
            } else if (WSSConstants.SAML_TOKEN_SIGNED.equals(action) || WSSConstants.SAML_TOKEN_UNSIGNED.equals(action)) {
                event = WSSecurityEventConstants.SamlToken;
            }
            if (event != null && !isEventInResults(event, list)) {
                LOG.warning("Security processing failed (actions mismatch)");
                throw WSS4JUtils.createSoapFault(soapMessage, soapMessage.getVersion(), new WSSecurityException(WSSecurityException.ErrorCode.SECURITY_ERROR));
            }
            if (WSSConstants.ENCRYPT.equals(action)) {
                boolean isEventInResults = isEventInResults(WSSecurityEventConstants.EncryptedPart, list);
                if (!isEventInResults) {
                    isEventInResults = isEventInResults(WSSecurityEventConstants.EncryptedElement, list);
                }
                if (!isEventInResults) {
                    LOG.warning("Security processing failed (actions mismatch)");
                    throw WSS4JUtils.createSoapFault(soapMessage, soapMessage.getVersion(), new WSSecurityException(WSSecurityException.ErrorCode.SECURITY_ERROR));
                }
            }
        }
    }

    private boolean isEventInResults(SecurityEventConstants.Event event, List<SecurityEvent> list) {
        Iterator<SecurityEvent> it = list.iterator();
        while (it.hasNext()) {
            if (event == it.next().getSecurityEventType()) {
                return true;
            }
        }
        return false;
    }

    private SecurityEvent findEvent(SecurityEventConstants.Event event, List<SecurityEvent> list) {
        for (SecurityEvent securityEvent : list) {
            if (event == securityEvent.getSecurityEventType()) {
                return securityEvent;
            }
        }
        return null;
    }
}
