package org.apache.cxf.ws.security.wss4j;

import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.concurrent.ConcurrentHashMap;
import java.util.logging.Logger;
import javax.xml.namespace.QName;
import javax.xml.soap.SOAPException;
import javax.xml.stream.XMLStreamException;
import javax.xml.xpath.XPath;
import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathExpressionException;
import javax.xml.xpath.XPathFactory;
import org.apache.cxf.Bus;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.common.classloader.ClassLoaderUtils;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.endpoint.Endpoint;
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.helpers.MapNamespaceContext;
import org.apache.cxf.resource.ResourceManager;
import org.apache.cxf.service.model.EndpointInfo;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.cxf.ws.security.policy.SP11Constants;
import org.apache.cxf.ws.security.policy.SP12Constants;
import org.apache.cxf.ws.security.policy.model.ContentEncryptedElements;
import org.apache.cxf.ws.security.policy.model.Header;
import org.apache.cxf.ws.security.policy.model.RequiredElements;
import org.apache.cxf.ws.security.policy.model.RequiredParts;
import org.apache.cxf.ws.security.policy.model.SignedEncryptedElements;
import org.apache.cxf.ws.security.policy.model.SignedEncryptedParts;
import org.apache.cxf.ws.security.policy.model.Wss11;
import org.apache.cxf.ws.security.wss4j.CryptoCoverageUtil;
import org.apache.cxf.ws.security.wss4j.policyvalidators.AsymmetricBindingPolicyValidator;
import org.apache.cxf.ws.security.wss4j.policyvalidators.ConcreteSupportingTokenPolicyValidator;
import org.apache.cxf.ws.security.wss4j.policyvalidators.EncryptedTokenPolicyValidator;
import org.apache.cxf.ws.security.wss4j.policyvalidators.EndorsingEncryptedTokenPolicyValidator;
import org.apache.cxf.ws.security.wss4j.policyvalidators.EndorsingTokenPolicyValidator;
import org.apache.cxf.ws.security.wss4j.policyvalidators.SamlTokenPolicyValidator;
import org.apache.cxf.ws.security.wss4j.policyvalidators.SecurityContextTokenPolicyValidator;
import org.apache.cxf.ws.security.wss4j.policyvalidators.SignedEncryptedTokenPolicyValidator;
import org.apache.cxf.ws.security.wss4j.policyvalidators.SignedEndorsingEncryptedTokenPolicyValidator;
import org.apache.cxf.ws.security.wss4j.policyvalidators.SignedEndorsingTokenPolicyValidator;
import org.apache.cxf.ws.security.wss4j.policyvalidators.SignedTokenPolicyValidator;
import org.apache.cxf.ws.security.wss4j.policyvalidators.SymmetricBindingPolicyValidator;
import org.apache.cxf.ws.security.wss4j.policyvalidators.TransportBindingPolicyValidator;
import org.apache.cxf.ws.security.wss4j.policyvalidators.UsernameTokenPolicyValidator;
import org.apache.cxf.ws.security.wss4j.policyvalidators.WSS11PolicyValidator;
import org.apache.cxf.ws.security.wss4j.policyvalidators.X509TokenPolicyValidator;
import org.apache.ws.security.WSDataRef;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.handler.WSHandlerConstants;
import org.apache.ws.security.message.token.Timestamp;
import org.apache.ws.security.util.WSSecurityUtil;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:fuse-esb-7.0.1.fuse-SNAPSHOT/system/org/apache/cxf/cxf-bundle/2.5.0.fuse-70-079/cxf-bundle-2.5.0.fuse-70-079.jar:org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.class */
public class PolicyBasedWSS4JInInterceptor extends WSS4JInInterceptor {
    public static final String PROPERTIES_CACHE = "ws-security.properties.cache";
    public static final PolicyBasedWSS4JInInterceptor INSTANCE = new PolicyBasedWSS4JInInterceptor();
    private static final Logger LOG = LogUtils.getL7dLogger(PolicyBasedWSS4JInInterceptor.class);

    public PolicyBasedWSS4JInInterceptor() {
        super(true);
    }

    protected static Map<Object, Properties> getPropertiesCache(SoapMessage soapMessage) {
        Map<Object, Properties> map;
        EndpointInfo endpointInfo = ((Endpoint) soapMessage.getExchange().get(Endpoint.class)).getEndpointInfo();
        synchronized (endpointInfo) {
            Map<Object, Properties> cast = CastUtils.cast((Map<?, ?>) soapMessage.getContextualProperty(PROPERTIES_CACHE));
            if (cast == null) {
                cast = new ConcurrentHashMap();
                endpointInfo.setProperty(PROPERTIES_CACHE, cast);
            }
            map = cast;
        }
        return map;
    }

    private static Properties getProps(Object obj, String str, URL url, SoapMessage soapMessage) {
        Properties properties = getPropertiesCache(soapMessage).get(str);
        if (properties != null) {
            return properties;
        }
        if (obj instanceof Properties) {
            properties = (Properties) obj;
        } else if (url != null) {
            try {
                properties = new Properties();
                InputStream openStream = url.openStream();
                properties.load(openStream);
                openStream.close();
            } catch (IOException e) {
                properties = null;
            }
        }
        if (properties != null) {
            getPropertiesCache(soapMessage).put(str, properties);
        }
        return properties;
    }

    private URL getPropertiesFileURL(Object obj, SoapMessage soapMessage) {
        if (!(obj instanceof String)) {
            if (obj instanceof URL) {
                return (URL) obj;
            }
            return null;
        }
        URL url = (URL) ((ResourceManager) ((Bus) soapMessage.getExchange().get(Bus.class)).getExtension(ResourceManager.class)).resolveResource((String) obj, URL.class);
        if (url == null) {
            try {
                url = ClassLoaderUtils.getResource((String) obj, AbstractWSS4JInterceptor.class);
            } catch (IOException e) {
                return null;
            }
        }
        if (url == null) {
            url = new URL((String) obj);
        }
        return url;
    }

    private void handleWSS11(AssertionInfoMap assertionInfoMap, SoapMessage soapMessage) {
        if (isRequestor(soapMessage)) {
            soapMessage.put(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION, "false");
            Collection<AssertionInfo> collection = assertionInfoMap.get(SP12Constants.WSS11);
            if (collection != null) {
                Iterator<AssertionInfo> it = collection.iterator();
                while (it.hasNext()) {
                    if (((Wss11) it.next().getAssertion()).isRequireSignatureConfirmation()) {
                        soapMessage.put(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION, "true");
                        return;
                    }
                }
            }
        }
    }

    private String addToAction(String str, String str2, boolean z) {
        return str.contains(str2) ? str : z ? str2 + " " + str : str + " " + str2;
    }

    private boolean assertPolicy(AssertionInfoMap assertionInfoMap, QName qName) {
        Collection<AssertionInfo> collection = assertionInfoMap.get(qName);
        if (collection == null || collection.isEmpty()) {
            return false;
        }
        Iterator<AssertionInfo> it = collection.iterator();
        while (it.hasNext()) {
            it.next().setAsserted(true);
        }
        return true;
    }

    private String checkAsymmetricBinding(AssertionInfoMap assertionInfoMap, String str, SoapMessage soapMessage) {
        Collection<AssertionInfo> collection = assertionInfoMap.get(SP12Constants.ASYMMETRIC_BINDING);
        if (collection == null || collection.isEmpty()) {
            return str;
        }
        String addToAction = addToAction(addToAction(str, "Signature", true), WSHandlerConstants.ENCRYPT, true);
        Object contextualProperty = soapMessage.getContextualProperty(SecurityConstants.SIGNATURE_CRYPTO);
        if (contextualProperty == null) {
            contextualProperty = soapMessage.getContextualProperty(SecurityConstants.SIGNATURE_PROPERTIES);
        }
        Object contextualProperty2 = soapMessage.getContextualProperty(SecurityConstants.ENCRYPT_CRYPTO);
        if (contextualProperty2 == null) {
            contextualProperty2 = soapMessage.getContextualProperty(SecurityConstants.ENCRYPT_PROPERTIES);
        }
        if (contextualProperty != null) {
            URL propertiesFileURL = getPropertiesFileURL(contextualProperty, soapMessage);
            String obj = contextualProperty.toString();
            if (propertiesFileURL != null) {
                obj = propertiesFileURL.getPath();
            }
            soapMessage.put(WSHandlerConstants.DEC_PROP_REF_ID, (Object) ("RefId-" + obj));
            if (contextualProperty instanceof Crypto) {
                soapMessage.put("RefId-" + obj, contextualProperty);
            } else {
                soapMessage.put("RefId-" + obj, (Object) getProps(contextualProperty, obj, propertiesFileURL, soapMessage));
            }
            if (contextualProperty2 == null) {
                contextualProperty2 = contextualProperty;
            }
        }
        if (contextualProperty2 != null) {
            URL propertiesFileURL2 = getPropertiesFileURL(contextualProperty2, soapMessage);
            String obj2 = contextualProperty2.toString();
            if (propertiesFileURL2 != null) {
                obj2 = propertiesFileURL2.getPath();
            }
            soapMessage.put(WSHandlerConstants.SIG_PROP_REF_ID, (Object) ("RefId-" + obj2));
            if (contextualProperty2 instanceof Crypto) {
                soapMessage.put("RefId-" + obj2, contextualProperty2);
            } else {
                soapMessage.put("RefId-" + obj2, (Object) getProps(contextualProperty2, obj2, propertiesFileURL2, soapMessage));
            }
        }
        return addToAction;
    }

    private String checkTransportBinding(AssertionInfoMap assertionInfoMap, String str, SoapMessage soapMessage) {
        Collection<AssertionInfo> collection = assertionInfoMap.get(SP12Constants.TRANSPORT_BINDING);
        if (collection == null || collection.isEmpty()) {
            return str;
        }
        String addToAction = addToAction(addToAction(str, "Signature", true), WSHandlerConstants.ENCRYPT, true);
        Object contextualProperty = soapMessage.getContextualProperty(SecurityConstants.SIGNATURE_CRYPTO);
        if (contextualProperty == null) {
            contextualProperty = soapMessage.getContextualProperty(SecurityConstants.SIGNATURE_PROPERTIES);
        }
        Object contextualProperty2 = soapMessage.getContextualProperty(SecurityConstants.ENCRYPT_CRYPTO);
        if (contextualProperty2 == null) {
            contextualProperty2 = soapMessage.getContextualProperty(SecurityConstants.ENCRYPT_PROPERTIES);
        }
        if (contextualProperty != null) {
            URL propertiesFileURL = getPropertiesFileURL(contextualProperty, soapMessage);
            String obj = contextualProperty.toString();
            if (propertiesFileURL != null) {
                obj = propertiesFileURL.getPath();
            }
            soapMessage.put(WSHandlerConstants.DEC_PROP_REF_ID, (Object) ("RefId-" + obj));
            if (contextualProperty instanceof Crypto) {
                soapMessage.put("RefId-" + obj, contextualProperty);
            } else {
                soapMessage.put("RefId-" + obj, (Object) getProps(contextualProperty, obj, propertiesFileURL, soapMessage));
            }
            if (contextualProperty2 == null) {
                contextualProperty2 = contextualProperty;
            }
        }
        if (contextualProperty2 != null) {
            URL propertiesFileURL2 = getPropertiesFileURL(contextualProperty2, soapMessage);
            String obj2 = contextualProperty2.toString();
            if (propertiesFileURL2 != null) {
                obj2 = propertiesFileURL2.getPath();
            }
            soapMessage.put(WSHandlerConstants.SIG_PROP_REF_ID, (Object) ("RefId-" + obj2));
            if (contextualProperty2 instanceof Crypto) {
                soapMessage.put("RefId-" + obj2, contextualProperty2);
            } else {
                soapMessage.put("RefId-" + obj2, (Object) getProps(contextualProperty2, obj2, propertiesFileURL2, soapMessage));
            }
        }
        return addToAction;
    }

    private String checkSymmetricBinding(AssertionInfoMap assertionInfoMap, String str, SoapMessage soapMessage) {
        Collection<AssertionInfo> collection = assertionInfoMap.get(SP12Constants.SYMMETRIC_BINDING);
        if (collection == null || collection.isEmpty()) {
            return str;
        }
        String addToAction = addToAction(addToAction(str, "Signature", true), WSHandlerConstants.ENCRYPT, true);
        Object contextualProperty = soapMessage.getContextualProperty(SecurityConstants.SIGNATURE_CRYPTO);
        if (contextualProperty == null) {
            contextualProperty = soapMessage.getContextualProperty(SecurityConstants.SIGNATURE_PROPERTIES);
        }
        Object contextualProperty2 = soapMessage.getContextualProperty(SecurityConstants.ENCRYPT_CRYPTO);
        if (contextualProperty2 == null) {
            contextualProperty2 = soapMessage.getContextualProperty(SecurityConstants.ENCRYPT_PROPERTIES);
        }
        if (contextualProperty2 != null && contextualProperty == null) {
            contextualProperty = contextualProperty2;
        } else if (contextualProperty != null && contextualProperty2 == null) {
            contextualProperty2 = contextualProperty;
        }
        if (isRequestor(soapMessage)) {
            if (contextualProperty2 != null) {
                URL propertiesFileURL = getPropertiesFileURL(contextualProperty2, soapMessage);
                String obj = contextualProperty2.toString();
                if (propertiesFileURL != null) {
                    obj = propertiesFileURL.getPath();
                }
                soapMessage.put(WSHandlerConstants.SIG_PROP_REF_ID, (Object) ("RefId-" + obj));
                if (contextualProperty2 instanceof Crypto) {
                    soapMessage.put("RefId-" + obj, contextualProperty2);
                } else {
                    soapMessage.put("RefId-" + obj, (Object) getProps(contextualProperty2, obj, propertiesFileURL, soapMessage));
                }
            }
            if (contextualProperty != null) {
                URL propertiesFileURL2 = getPropertiesFileURL(contextualProperty, soapMessage);
                String obj2 = contextualProperty.toString();
                if (propertiesFileURL2 != null) {
                    obj2 = propertiesFileURL2.getPath();
                }
                soapMessage.put(WSHandlerConstants.DEC_PROP_REF_ID, (Object) ("RefId-" + obj2));
                if (contextualProperty instanceof Crypto) {
                    soapMessage.put("RefId-" + obj2, contextualProperty);
                } else {
                    soapMessage.put("RefId-" + obj2, (Object) getProps(contextualProperty, obj2, propertiesFileURL2, soapMessage));
                }
            }
        } else {
            if (contextualProperty != null) {
                URL propertiesFileURL3 = getPropertiesFileURL(contextualProperty, soapMessage);
                String obj3 = contextualProperty.toString();
                if (propertiesFileURL3 != null) {
                    obj3 = propertiesFileURL3.getPath();
                }
                soapMessage.put(WSHandlerConstants.SIG_PROP_REF_ID, (Object) ("RefId-" + obj3));
                if (contextualProperty instanceof Crypto) {
                    soapMessage.put("RefId-" + obj3, contextualProperty);
                } else {
                    soapMessage.put("RefId-" + obj3, (Object) getProps(contextualProperty, obj3, propertiesFileURL3, soapMessage));
                }
            }
            if (contextualProperty2 != null) {
                URL propertiesFileURL4 = getPropertiesFileURL(contextualProperty2, soapMessage);
                String obj4 = contextualProperty2.toString();
                if (propertiesFileURL4 != null) {
                    obj4 = propertiesFileURL4.getPath();
                }
                soapMessage.put(WSHandlerConstants.DEC_PROP_REF_ID, (Object) ("RefId-" + obj4));
                if (contextualProperty2 instanceof Crypto) {
                    soapMessage.put("RefId-" + obj4, contextualProperty2);
                } else {
                    soapMessage.put("RefId-" + obj4, (Object) getProps(contextualProperty2, obj4, propertiesFileURL4, soapMessage));
                }
            }
        }
        return addToAction;
    }

    private boolean assertXPathTokens(AssertionInfoMap assertionInfoMap, QName qName, Collection<WSDataRef> collection, SoapMessage soapMessage, Element element, CryptoCoverageUtil.CoverageType coverageType, CryptoCoverageUtil.CoverageScope coverageScope) throws SOAPException {
        Map<String, String> declaredNamespaces;
        List<String> xPathExpressions;
        Collection<AssertionInfo> collection2 = assertionInfoMap.get(qName);
        if (collection2 == null) {
            return true;
        }
        for (AssertionInfo assertionInfo : collection2) {
            assertionInfo.setAsserted(true);
            if (CryptoCoverageUtil.CoverageScope.CONTENT.equals(coverageScope)) {
                ContentEncryptedElements contentEncryptedElements = (ContentEncryptedElements) assertionInfo.getAssertion();
                declaredNamespaces = contentEncryptedElements.getDeclaredNamespaces();
                xPathExpressions = contentEncryptedElements.getXPathExpressions();
            } else {
                SignedEncryptedElements signedEncryptedElements = (SignedEncryptedElements) assertionInfo.getAssertion();
                declaredNamespaces = signedEncryptedElements.getDeclaredNamespaces();
                xPathExpressions = signedEncryptedElements.getXPathExpressions();
            }
            if (xPathExpressions != null) {
                for (String str : xPathExpressions) {
                    try {
                        CryptoCoverageUtil.checkCoverage(element, collection, declaredNamespaces, str, coverageType, coverageScope);
                    } catch (WSSecurityException e) {
                        assertionInfo.setNotAsserted("No " + coverageType + " element found matching XPath " + str);
                        return false;
                    }
                }
            }
        }
        return true;
    }

    private boolean assertTokens(AssertionInfoMap assertionInfoMap, QName qName, Collection<WSDataRef> collection, SoapMessage soapMessage, Element element, Element element2, CryptoCoverageUtil.CoverageType coverageType) throws SOAPException {
        Collection<AssertionInfo> collection2 = assertionInfoMap.get(qName);
        if (collection2 == null) {
            return true;
        }
        for (AssertionInfo assertionInfo : collection2) {
            assertionInfo.setAsserted(true);
            SignedEncryptedParts signedEncryptedParts = (SignedEncryptedParts) assertionInfo.getAssertion();
            if (signedEncryptedParts.isBody()) {
                try {
                    if (CryptoCoverageUtil.CoverageType.SIGNED.equals(coverageType)) {
                        CryptoCoverageUtil.checkBodyCoverage(element2, collection, coverageType, CryptoCoverageUtil.CoverageScope.ELEMENT);
                    } else {
                        CryptoCoverageUtil.checkBodyCoverage(element2, collection, coverageType, CryptoCoverageUtil.CoverageScope.CONTENT);
                    }
                } catch (WSSecurityException e) {
                    assertionInfo.setNotAsserted(soapMessage.getVersion().getBody() + " not " + coverageType);
                    return false;
                }
            }
            for (Header header : signedEncryptedParts.getHeaders()) {
                try {
                    CryptoCoverageUtil.checkHeaderCoverage(element, collection, header.getNamespace(), header.getName(), coverageType, CryptoCoverageUtil.CoverageScope.ELEMENT);
                } catch (WSSecurityException e2) {
                    assertionInfo.setNotAsserted(header.getQName() + " not + " + coverageType);
                    return false;
                }
            }
        }
        return true;
    }

    @Override // org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor
    protected void computeAction(SoapMessage soapMessage, RequestData requestData) {
        String string = getString("action", soapMessage);
        if (string == null) {
            string = "";
        }
        AssertionInfoMap assertionInfoMap = (AssertionInfoMap) soapMessage.get(AssertionInfoMap.class);
        if (assertionInfoMap != null) {
            handleWSS11(assertionInfoMap, soapMessage);
            String checkTransportBinding = checkTransportBinding(assertionInfoMap, checkSymmetricBinding(assertionInfoMap, checkAsymmetricBinding(assertionInfoMap, string, soapMessage), soapMessage), soapMessage);
            assertPolicy(assertionInfoMap, SP12Constants.KEYVALUE_TOKEN);
            soapMessage.put("action", (Object) checkTransportBinding.trim());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor
    public void doResults(SoapMessage soapMessage, String str, Element element, Element element2, List<WSSecurityEngineResult> list, boolean z) throws SOAPException, XMLStreamException, WSSecurityException {
        AssertionInfoMap assertionInfoMap = (AssertionInfoMap) soapMessage.get(AssertionInfoMap.class);
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        ArrayList arrayList = new ArrayList();
        WSSecurityUtil.fetchAllActionResults(list, 2, arrayList);
        WSSecurityUtil.fetchAllActionResults(list, 64, arrayList);
        Iterator<WSSecurityEngineResult> it = arrayList.iterator();
        while (it.hasNext()) {
            List cast = CastUtils.cast((List<?>) it.next().get(WSSecurityEngineResult.TAG_DATA_REF_URIS));
            if (cast != null) {
                Iterator it2 = cast.iterator();
                while (it2.hasNext()) {
                    hashSet.add((WSDataRef) it2.next());
                }
            }
        }
        ArrayList arrayList2 = new ArrayList();
        WSSecurityUtil.fetchAllActionResults(list, 4, arrayList2);
        Iterator<WSSecurityEngineResult> it3 = arrayList2.iterator();
        while (it3.hasNext()) {
            List cast2 = CastUtils.cast((List<?>) it3.next().get(WSSecurityEngineResult.TAG_DATA_REF_URIS));
            if (cast2 != null) {
                Iterator it4 = cast2.iterator();
                while (it4.hasNext()) {
                    hashSet2.add((WSDataRef) it4.next());
                }
            }
        }
        if (!checkSignedEncryptedCoverage(assertionInfoMap, soapMessage, element, element2, hashSet, hashSet2)) {
            LOG.fine("Incoming request failed signed-encrypted policy validation");
        }
        if (!checkTokenCoverage(assertionInfoMap, soapMessage, element2, list, arrayList)) {
            LOG.fine("Incoming request failed token policy validation");
        }
        if (!checkBindingCoverage(assertionInfoMap, soapMessage, element2, list, arrayList, arrayList2)) {
            LOG.fine("Incoming request failed binding policy validation");
        }
        if (!checkSupportingTokenCoverage(assertionInfoMap, soapMessage, list, arrayList, arrayList2, z)) {
            LOG.fine("Incoming request failed supporting token policy validation");
        }
        assertPolicy(assertionInfoMap, SP12Constants.LAYOUT);
        assertPolicy(assertionInfoMap, SP12Constants.WSS10);
        assertPolicy(assertionInfoMap, SP12Constants.TRUST_13);
        assertPolicy(assertionInfoMap, SP11Constants.TRUST_10);
        super.doResults(soapMessage, str, element, element2, list, z);
    }

    private boolean checkSignedEncryptedCoverage(AssertionInfoMap assertionInfoMap, SoapMessage soapMessage, Element element, Element element2, Collection<WSDataRef> collection, Collection<WSDataRef> collection2) throws SOAPException {
        CryptoCoverageUtil.reconcileEncryptedSignedRefs(collection, collection2);
        boolean z = true;
        if (!isTransportBinding(assertionInfoMap)) {
            z = true & assertTokens(assertionInfoMap, SP12Constants.SIGNED_PARTS, collection, soapMessage, element, element2, CryptoCoverageUtil.CoverageType.SIGNED) & assertTokens(assertionInfoMap, SP12Constants.ENCRYPTED_PARTS, collection2, soapMessage, element, element2, CryptoCoverageUtil.CoverageType.ENCRYPTED);
        }
        Element documentElement = element.getOwnerDocument().getDocumentElement();
        return z & assertXPathTokens(assertionInfoMap, SP12Constants.SIGNED_ELEMENTS, collection, soapMessage, documentElement, CryptoCoverageUtil.CoverageType.SIGNED, CryptoCoverageUtil.CoverageScope.ELEMENT) & assertXPathTokens(assertionInfoMap, SP12Constants.ENCRYPTED_ELEMENTS, collection2, soapMessage, documentElement, CryptoCoverageUtil.CoverageType.ENCRYPTED, CryptoCoverageUtil.CoverageScope.ELEMENT) & assertXPathTokens(assertionInfoMap, SP12Constants.CONTENT_ENCRYPTED_ELEMENTS, collection2, soapMessage, documentElement, CryptoCoverageUtil.CoverageType.ENCRYPTED, CryptoCoverageUtil.CoverageScope.CONTENT) & assertHeadersExists(assertionInfoMap, soapMessage, element);
    }

    private boolean checkTokenCoverage(AssertionInfoMap assertionInfoMap, SoapMessage soapMessage, Element element, List<WSSecurityEngineResult> list, List<WSSecurityEngineResult> list2) {
        return true & new X509TokenPolicyValidator().validatePolicy(assertionInfoMap, soapMessage, element, list, list2) & new UsernameTokenPolicyValidator().validatePolicy(assertionInfoMap, soapMessage, element, list, list2) & new SamlTokenPolicyValidator().validatePolicy(assertionInfoMap, soapMessage, element, list, list2) & new SecurityContextTokenPolicyValidator().validatePolicy(assertionInfoMap, soapMessage, element, list, list2) & new WSS11PolicyValidator().validatePolicy(assertionInfoMap, soapMessage, element, list, list2);
    }

    private boolean checkBindingCoverage(AssertionInfoMap assertionInfoMap, SoapMessage soapMessage, Element element, List<WSSecurityEngineResult> list, List<WSSecurityEngineResult> list2, List<WSSecurityEngineResult> list3) {
        return true & new TransportBindingPolicyValidator().validatePolicy(assertionInfoMap, soapMessage, element, list, list2, list3) & new SymmetricBindingPolicyValidator().validatePolicy(assertionInfoMap, soapMessage, element, list, list2, list3) & new AsymmetricBindingPolicyValidator().validatePolicy(assertionInfoMap, soapMessage, element, list, list2, list3);
    }

    private boolean checkSupportingTokenCoverage(AssertionInfoMap assertionInfoMap, SoapMessage soapMessage, List<WSSecurityEngineResult> list, List<WSSecurityEngineResult> list2, List<WSSecurityEngineResult> list3, boolean z) {
        ArrayList arrayList = new ArrayList();
        WSSecurityUtil.fetchAllActionResults(list, 1, arrayList);
        WSSecurityUtil.fetchAllActionResults(list, 8192, arrayList);
        ArrayList arrayList2 = new ArrayList();
        WSSecurityUtil.fetchAllActionResults(list, 16, arrayList2);
        WSSecurityUtil.fetchAllActionResults(list, 8, arrayList2);
        WSSecurityEngineResult fetchActionResult = WSSecurityUtil.fetchActionResult(list, 32);
        Element element = null;
        if (fetchActionResult != null) {
            element = ((Timestamp) fetchActionResult.get("timestamp")).getElement();
        }
        ConcreteSupportingTokenPolicyValidator concreteSupportingTokenPolicyValidator = new ConcreteSupportingTokenPolicyValidator();
        concreteSupportingTokenPolicyValidator.setUsernameTokenResults(arrayList, z);
        concreteSupportingTokenPolicyValidator.setSAMLTokenResults(arrayList2);
        concreteSupportingTokenPolicyValidator.setTimestampElement(element);
        boolean validatePolicy = true & concreteSupportingTokenPolicyValidator.validatePolicy(assertionInfoMap, soapMessage, list, list2, list3);
        SignedTokenPolicyValidator signedTokenPolicyValidator = new SignedTokenPolicyValidator();
        signedTokenPolicyValidator.setUsernameTokenResults(arrayList, z);
        signedTokenPolicyValidator.setSAMLTokenResults(arrayList2);
        signedTokenPolicyValidator.setTimestampElement(element);
        boolean validatePolicy2 = validatePolicy & signedTokenPolicyValidator.validatePolicy(assertionInfoMap, soapMessage, list, list2, list3);
        EndorsingTokenPolicyValidator endorsingTokenPolicyValidator = new EndorsingTokenPolicyValidator();
        endorsingTokenPolicyValidator.setUsernameTokenResults(arrayList, z);
        endorsingTokenPolicyValidator.setSAMLTokenResults(arrayList2);
        endorsingTokenPolicyValidator.setTimestampElement(element);
        boolean validatePolicy3 = validatePolicy2 & endorsingTokenPolicyValidator.validatePolicy(assertionInfoMap, soapMessage, list, list2, list3);
        SignedEndorsingTokenPolicyValidator signedEndorsingTokenPolicyValidator = new SignedEndorsingTokenPolicyValidator();
        signedEndorsingTokenPolicyValidator.setUsernameTokenResults(arrayList, z);
        signedEndorsingTokenPolicyValidator.setSAMLTokenResults(arrayList2);
        signedEndorsingTokenPolicyValidator.setTimestampElement(element);
        boolean validatePolicy4 = validatePolicy3 & signedEndorsingTokenPolicyValidator.validatePolicy(assertionInfoMap, soapMessage, list, list2, list3);
        SignedEncryptedTokenPolicyValidator signedEncryptedTokenPolicyValidator = new SignedEncryptedTokenPolicyValidator();
        signedEncryptedTokenPolicyValidator.setUsernameTokenResults(arrayList, z);
        signedEncryptedTokenPolicyValidator.setSAMLTokenResults(arrayList2);
        signedEncryptedTokenPolicyValidator.setTimestampElement(element);
        boolean validatePolicy5 = validatePolicy4 & signedEncryptedTokenPolicyValidator.validatePolicy(assertionInfoMap, soapMessage, list, list2, list3);
        EncryptedTokenPolicyValidator encryptedTokenPolicyValidator = new EncryptedTokenPolicyValidator();
        encryptedTokenPolicyValidator.setUsernameTokenResults(arrayList, z);
        encryptedTokenPolicyValidator.setSAMLTokenResults(arrayList2);
        encryptedTokenPolicyValidator.setTimestampElement(element);
        boolean validatePolicy6 = validatePolicy5 & encryptedTokenPolicyValidator.validatePolicy(assertionInfoMap, soapMessage, list, list2, list3);
        EndorsingEncryptedTokenPolicyValidator endorsingEncryptedTokenPolicyValidator = new EndorsingEncryptedTokenPolicyValidator();
        endorsingEncryptedTokenPolicyValidator.setUsernameTokenResults(arrayList, z);
        endorsingEncryptedTokenPolicyValidator.setSAMLTokenResults(arrayList2);
        endorsingEncryptedTokenPolicyValidator.setTimestampElement(element);
        boolean validatePolicy7 = validatePolicy6 & endorsingEncryptedTokenPolicyValidator.validatePolicy(assertionInfoMap, soapMessage, list, list2, list3);
        SignedEndorsingEncryptedTokenPolicyValidator signedEndorsingEncryptedTokenPolicyValidator = new SignedEndorsingEncryptedTokenPolicyValidator();
        signedEndorsingEncryptedTokenPolicyValidator.setUsernameTokenResults(arrayList, z);
        signedEndorsingEncryptedTokenPolicyValidator.setSAMLTokenResults(arrayList2);
        signedEndorsingEncryptedTokenPolicyValidator.setTimestampElement(element);
        return validatePolicy7 & signedEndorsingEncryptedTokenPolicyValidator.validatePolicy(assertionInfoMap, soapMessage, list, list2, list3);
    }

    private boolean assertHeadersExists(AssertionInfoMap assertionInfoMap, SoapMessage soapMessage, Node node) throws SOAPException {
        Collection<AssertionInfo> collection = assertionInfoMap.get(SP12Constants.REQUIRED_PARTS);
        if (collection != null) {
            for (AssertionInfo assertionInfo : collection) {
                RequiredParts requiredParts = (RequiredParts) assertionInfo.getAssertion();
                assertionInfo.setAsserted(true);
                for (Header header : requiredParts.getHeaders()) {
                    if (node == null || DOMUtils.getFirstChildWithName((Element) node, header.getQName()) == null) {
                        assertionInfo.setNotAsserted("No header element of name " + header.getQName() + " found.");
                        return false;
                    }
                }
            }
        }
        Collection<AssertionInfo> collection2 = assertionInfoMap.get(SP12Constants.REQUIRED_ELEMENTS);
        if (collection2 == null) {
            return true;
        }
        for (AssertionInfo assertionInfo2 : collection2) {
            RequiredElements requiredElements = (RequiredElements) assertionInfo2.getAssertion();
            assertionInfo2.setAsserted(true);
            Map<String, String> declaredNamespaces = requiredElements.getDeclaredNamespaces();
            XPathFactory newInstance = XPathFactory.newInstance();
            for (String str : requiredElements.getXPathExpressions()) {
                XPath newXPath = newInstance.newXPath();
                if (declaredNamespaces != null) {
                    newXPath.setNamespaceContext(new MapNamespaceContext(declaredNamespaces));
                }
                try {
                    if (((NodeList) newXPath.evaluate(str, node, XPathConstants.NODESET)).getLength() == 0) {
                        assertionInfo2.setNotAsserted("No header element matching XPath " + str + " found.");
                        return false;
                    }
                } catch (XPathExpressionException e) {
                    assertionInfo2.setNotAsserted("Invalid XPath expression " + str + " " + e.getMessage());
                    return false;
                }
            }
        }
        return true;
    }

    private boolean isTransportBinding(AssertionInfoMap assertionInfoMap) {
        Collection<AssertionInfo> collection = assertionInfoMap.get(SP12Constants.TRANSPORT_BINDING);
        if (collection == null || collection.size() <= 0) {
            return false;
        }
        Collection<AssertionInfo> collection2 = assertionInfoMap.get(SP12Constants.SYMMETRIC_BINDING);
        if (collection2 != null && collection2.size() > 0) {
            return false;
        }
        Collection<AssertionInfo> collection3 = assertionInfoMap.get(SP12Constants.ASYMMETRIC_BINDING);
        return collection3 == null || collection3.size() <= 0;
    }
}
