package org.apache.wss4j.policy.stax.assertionStates;

import javax.xml.namespace.QName;
import org.apache.wss4j.common.WSSPolicyException;
import org.apache.wss4j.policy.SPConstants;
import org.apache.wss4j.policy.model.AbstractSecurityAssertion;
import org.apache.wss4j.policy.model.AbstractToken;
import org.apache.wss4j.policy.model.HttpsToken;
import org.apache.wss4j.policy.stax.PolicyAsserter;
import org.apache.wss4j.stax.securityEvent.HttpsTokenSecurityEvent;
import org.apache.wss4j.stax.securityEvent.WSSecurityEventConstants;
import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;
import org.apache.xml.security.stax.securityEvent.TokenSecurityEvent;
import org.apache.xml.security.stax.securityToken.SecurityToken;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-299.zip:modules/system/layers/fuse/org/apache/ws/security/2.1/wss4j-ws-security-policy-stax-2.1.7.jar:org/apache/wss4j/policy/stax/assertionStates/HttpsTokenAssertionState.class */
public class HttpsTokenAssertionState extends TokenAssertionState {
    public HttpsTokenAssertionState(AbstractSecurityAssertion abstractSecurityAssertion, boolean z, PolicyAsserter policyAsserter, boolean z2) {
        super(abstractSecurityAssertion, z, policyAsserter, z2);
        if (z) {
            HttpsToken httpsToken = (HttpsToken) getAssertion();
            String namespaceURI = httpsToken.getName().getNamespaceURI();
            if (httpsToken.getAuthenticationType() != null) {
                getPolicyAsserter().assertPolicy(new QName(namespaceURI, httpsToken.getAuthenticationType().name()));
            }
        }
    }

    @Override // org.apache.wss4j.policy.stax.Assertable
    public SecurityEventConstants.Event[] getSecurityEventType() {
        return new SecurityEventConstants.Event[]{WSSecurityEventConstants.HTTPS_TOKEN};
    }

    @Override // org.apache.wss4j.policy.stax.assertionStates.TokenAssertionState
    public boolean assertToken(TokenSecurityEvent<? extends SecurityToken> tokenSecurityEvent, AbstractToken abstractToken) throws WSSPolicyException {
        if (!(tokenSecurityEvent instanceof HttpsTokenSecurityEvent)) {
            throw new WSSPolicyException("Expected a HttpsTokenSecurityEvent but got " + tokenSecurityEvent.getClass().getName());
        }
        HttpsTokenSecurityEvent httpsTokenSecurityEvent = (HttpsTokenSecurityEvent) tokenSecurityEvent;
        HttpsToken httpsToken = (HttpsToken) abstractToken;
        if (httpsToken.getIssuerName() != null && !httpsToken.getIssuerName().equals(httpsTokenSecurityEvent.getIssuerName())) {
            setErrorMessage("IssuerName in Policy (" + httpsToken.getIssuerName() + ") didn't match with the one in the HttpsToken (" + httpsTokenSecurityEvent.getIssuerName() + ")");
            getPolicyAsserter().unassertPolicy(getAssertion(), getErrorMessage());
            return false;
        }
        if (!isInitiator() && httpsToken.getAuthenticationType() != null) {
            String namespaceURI = getAssertion().getName().getNamespaceURI();
            switch (httpsToken.getAuthenticationType()) {
                case HttpBasicAuthentication:
                    if (httpsTokenSecurityEvent.getAuthenticationType() == HttpsTokenSecurityEvent.AuthenticationType.HttpBasicAuthentication) {
                        getPolicyAsserter().assertPolicy(new QName(namespaceURI, SPConstants.HTTP_BASIC_AUTHENTICATION));
                        break;
                    } else {
                        setErrorMessage("Policy enforces HttpBasicAuthentication but we got " + httpsTokenSecurityEvent.getAuthenticationType());
                        getPolicyAsserter().unassertPolicy(new QName(namespaceURI, SPConstants.HTTP_BASIC_AUTHENTICATION), getErrorMessage());
                        return false;
                    }
                case HttpDigestAuthentication:
                    if (httpsTokenSecurityEvent.getAuthenticationType() == HttpsTokenSecurityEvent.AuthenticationType.HttpDigestAuthentication) {
                        getPolicyAsserter().assertPolicy(new QName(namespaceURI, SPConstants.HTTP_DIGEST_AUTHENTICATION));
                        break;
                    } else {
                        setErrorMessage("Policy enforces HttpDigestAuthentication but we got " + httpsTokenSecurityEvent.getAuthenticationType());
                        getPolicyAsserter().unassertPolicy(new QName(namespaceURI, SPConstants.HTTP_DIGEST_AUTHENTICATION), getErrorMessage());
                        return false;
                    }
                case RequireClientCertificate:
                    if (httpsTokenSecurityEvent.getAuthenticationType() == HttpsTokenSecurityEvent.AuthenticationType.HttpsClientCertificateAuthentication) {
                        getPolicyAsserter().assertPolicy(new QName(namespaceURI, SPConstants.REQUIRE_CLIENT_CERTIFICATE));
                        break;
                    } else {
                        setErrorMessage("Policy enforces HttpClientCertificateAuthentication but we got " + httpsTokenSecurityEvent.getAuthenticationType());
                        getPolicyAsserter().unassertPolicy(new QName(namespaceURI, SPConstants.REQUIRE_CLIENT_CERTIFICATE), getErrorMessage());
                        return false;
                    }
            }
        }
        getPolicyAsserter().assertPolicy(getAssertion());
        return true;
    }
}
