package org.apache.cxf.ws.security.wss4j.policyvalidators;

import java.util.Collection;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.wss4j.policy.SP11Constants;
import org.apache.wss4j.policy.SP12Constants;
import org.apache.wss4j.policy.model.AbstractToken;
import org.apache.wss4j.policy.model.IssuedToken;
import org.apache.wss4j.policy.model.KerberosToken;
import org.apache.wss4j.policy.model.KeyValueToken;
import org.apache.wss4j.policy.model.SamlToken;
import org.apache.wss4j.policy.model.SecurityContextToken;
import org.apache.wss4j.policy.model.SpnegoContextToken;
import org.apache.wss4j.policy.model.SupportingTokens;
import org.apache.wss4j.policy.model.UsernameToken;
import org.apache.wss4j.policy.model.X509Token;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-464.zip:modules/system/layers/fuse/org/apache/cxf/3.1/cxf-rt-ws-security-3.1.5.redhat-630464.jar:org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingTokenPolicyValidator.class */
public class SignedEndorsingTokenPolicyValidator extends AbstractSupportingTokenPolicyValidator {
    @Override // org.apache.cxf.ws.security.wss4j.policyvalidators.SecurityPolicyValidator
    public boolean canValidatePolicy(AssertionInfo assertionInfo) {
        return assertionInfo.getAssertion() != null && (SP12Constants.SIGNED_ENDORSING_SUPPORTING_TOKENS.equals(assertionInfo.getAssertion().getName()) || SP11Constants.SIGNED_ENDORSING_SUPPORTING_TOKENS.equals(assertionInfo.getAssertion().getName()));
    }

    @Override // org.apache.cxf.ws.security.wss4j.policyvalidators.SecurityPolicyValidator
    public void validatePolicies(PolicyValidatorParameters policyValidatorParameters, Collection<AssertionInfo> collection) {
        for (AssertionInfo assertionInfo : collection) {
            SupportingTokens supportingTokens = (SupportingTokens) assertionInfo.getAssertion();
            assertionInfo.setAsserted(true);
            setSignedParts(supportingTokens.getSignedParts());
            setEncryptedParts(supportingTokens.getEncryptedParts());
            setSignedElements(supportingTokens.getSignedElements());
            setEncryptedElements(supportingTokens.getEncryptedElements());
            for (AbstractToken abstractToken : supportingTokens.getTokens()) {
                if (isTokenRequired(abstractToken, policyValidatorParameters.getMessage())) {
                    boolean z = abstractToken.getDerivedKeys() == AbstractToken.DerivedKeys.RequireDerivedKeys;
                    boolean z2 = false;
                    if (abstractToken instanceof KerberosToken) {
                        if (!processKerberosTokens(policyValidatorParameters, z)) {
                            z2 = true;
                        }
                    } else if (abstractToken instanceof SamlToken) {
                        if (!processSAMLTokens(policyValidatorParameters)) {
                            z2 = true;
                        }
                    } else if (abstractToken instanceof X509Token) {
                        if (!processX509Tokens(policyValidatorParameters, z)) {
                            z2 = true;
                        }
                    } else if (abstractToken instanceof KeyValueToken) {
                        if (!processKeyValueTokens(policyValidatorParameters)) {
                            z2 = true;
                        }
                    } else if (abstractToken instanceof UsernameToken) {
                        if (!processUsernameTokens(policyValidatorParameters, z)) {
                            z2 = true;
                        }
                    } else if ((abstractToken instanceof SecurityContextToken) || (abstractToken instanceof SpnegoContextToken)) {
                        if (!processSCTokens(policyValidatorParameters, z)) {
                            z2 = true;
                        }
                    } else if (!(abstractToken instanceof IssuedToken)) {
                        z2 = true;
                    }
                    if (z2) {
                        assertionInfo.setNotAsserted("The received token does not match the signed endorsing supporting token requirement");
                    }
                } else {
                    assertSecurePartsIfTokenNotRequired(supportingTokens, policyValidatorParameters.getAssertionInfoMap());
                }
            }
        }
    }

    @Override // org.apache.cxf.ws.security.wss4j.policyvalidators.AbstractSupportingTokenPolicyValidator
    protected boolean isSigned() {
        return true;
    }

    @Override // org.apache.cxf.ws.security.wss4j.policyvalidators.AbstractSupportingTokenPolicyValidator
    protected boolean isEncrypted() {
        return false;
    }

    @Override // org.apache.cxf.ws.security.wss4j.policyvalidators.AbstractSupportingTokenPolicyValidator
    protected boolean isEndorsing() {
        return true;
    }
}
