package org.apache.cxf.ws.security.wss4j;

import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Vector;
import java.util.concurrent.ConcurrentHashMap;
import javax.xml.namespace.QName;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPHeader;
import javax.xml.soap.SOAPMessage;
import javax.xml.stream.XMLStreamException;
import javax.xml.xpath.XPath;
import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathExpressionException;
import javax.xml.xpath.XPathFactory;
import org.apache.cxf.Bus;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.common.classloader.ClassLoaderUtils;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.endpoint.Endpoint;
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.helpers.MapNamespaceContext;
import org.apache.cxf.resource.ResourceManager;
import org.apache.cxf.service.model.EndpointInfo;
import org.apache.cxf.tools.corba.processors.idl.IDLTokenTypes;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.policy.PolicyAssertion;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.cxf.ws.security.policy.SP11Constants;
import org.apache.cxf.ws.security.policy.SP12Constants;
import org.apache.cxf.ws.security.policy.SPConstants;
import org.apache.cxf.ws.security.policy.model.AsymmetricBinding;
import org.apache.cxf.ws.security.policy.model.ContentEncryptedElements;
import org.apache.cxf.ws.security.policy.model.Header;
import org.apache.cxf.ws.security.policy.model.RequiredElements;
import org.apache.cxf.ws.security.policy.model.RequiredParts;
import org.apache.cxf.ws.security.policy.model.SignedEncryptedElements;
import org.apache.cxf.ws.security.policy.model.SignedEncryptedParts;
import org.apache.cxf.ws.security.policy.model.SymmetricBinding;
import org.apache.cxf.ws.security.policy.model.Token;
import org.apache.cxf.ws.security.policy.model.UsernameToken;
import org.apache.cxf.ws.security.policy.model.Wss11;
import org.apache.cxf.ws.security.policy.model.X509Token;
import org.apache.cxf.ws.security.wss4j.CryptoCoverageUtil;
import org.apache.ws.security.WSDataRef;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.WSUsernameTokenPrincipal;
import org.apache.ws.security.handler.RequestData;
import org.w3c.dom.NodeList;

/* loaded from: input_file:org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.class */
public class PolicyBasedWSS4JInInterceptor extends WSS4JInInterceptor {
    public static final String PROPERTIES_CACHE = "ws-security.properties.cache";
    public static final PolicyBasedWSS4JInInterceptor INSTANCE = new PolicyBasedWSS4JInInterceptor();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor$Protections.class */
    public enum Protections {
        NONE,
        SIGN,
        ENCRYPT,
        SIGN_ENCRYPT,
        ENCRYPT_SIGN,
        ENCRYPT_SIGN_PROTECT
    }

    public PolicyBasedWSS4JInInterceptor() {
        super(true);
    }

    protected static Map<Object, Properties> getPropertiesCache(SoapMessage soapMessage) {
        Map<Object, Properties> map;
        EndpointInfo endpointInfo = ((Endpoint) soapMessage.getExchange().get(Endpoint.class)).getEndpointInfo();
        synchronized (endpointInfo) {
            Map<Object, Properties> cast = CastUtils.cast((Map<?, ?>) soapMessage.getContextualProperty(PROPERTIES_CACHE));
            if (cast == null) {
                cast = new ConcurrentHashMap();
                endpointInfo.setProperty(PROPERTIES_CACHE, cast);
            }
            map = cast;
        }
        return map;
    }

    private static Properties getProps(Object obj, SoapMessage soapMessage) {
        Properties properties = getPropertiesCache(soapMessage).get(obj);
        if (properties != null) {
            return properties;
        }
        if (obj instanceof Properties) {
            properties = (Properties) obj;
        } else if (obj instanceof String) {
            URL url = (URL) ((ResourceManager) ((Bus) soapMessage.getExchange().get(Bus.class)).getExtension(ResourceManager.class)).resolveResource((String) obj, URL.class);
            if (url == null) {
                try {
                    url = ClassLoaderUtils.getResource((String) obj, AbstractWSS4JInterceptor.class);
                } catch (IOException e) {
                    properties = null;
                }
            }
            if (url != null) {
                properties = new Properties();
                InputStream openStream = url.openStream();
                properties.load(openStream);
                openStream.close();
            }
        } else if (obj instanceof URL) {
            properties = new Properties();
            try {
                InputStream openStream2 = ((URL) obj).openStream();
                properties.load(openStream2);
                openStream2.close();
            } catch (IOException e2) {
                properties = null;
            }
        }
        if (properties != null) {
            getPropertiesCache(soapMessage).put(obj, properties);
        }
        return properties;
    }

    private boolean containsPolicy(AssertionInfoMap assertionInfoMap, QName qName) {
        Collection<AssertionInfo> assertionInfo = assertionInfoMap.getAssertionInfo(qName);
        return (assertionInfo == null || assertionInfo.isEmpty()) ? false : true;
    }

    private void handleWSS11(AssertionInfoMap assertionInfoMap, SoapMessage soapMessage) {
        if (!isRequestor(soapMessage)) {
            assertPolicy(assertionInfoMap, SP12Constants.WSS11);
            return;
        }
        soapMessage.put("enableSignatureConfirmation", "false");
        Collection<AssertionInfo> collection = assertionInfoMap.get(SP12Constants.WSS11);
        if (collection != null) {
            for (AssertionInfo assertionInfo : collection) {
                if (((Wss11) assertionInfo.getAssertion()).isRequireSignatureConfirmation()) {
                    soapMessage.put("enableSignatureConfirmation", "true");
                } else {
                    assertionInfo.setAsserted(true);
                }
            }
        }
    }

    private String addToAction(String str, String str2, boolean z) {
        return str.contains(str2) ? str : z ? str2 + " " + str : str + " " + str2;
    }

    private boolean assertPolicy(AssertionInfoMap assertionInfoMap, QName qName) {
        Collection<AssertionInfo> collection = assertionInfoMap.get(qName);
        if (collection == null || collection.isEmpty()) {
            return false;
        }
        Iterator<AssertionInfo> it = collection.iterator();
        while (it.hasNext()) {
            it.next().setAsserted(true);
        }
        return true;
    }

    private void assertPolicy(AssertionInfoMap assertionInfoMap, Token token, boolean z) {
        if (!z && (token instanceof X509Token) && token.isDerivedKeys()) {
            notAssertPolicy(assertionInfoMap, token, "No derived keys found.");
        }
    }

    private void assertPolicy(AssertionInfoMap assertionInfoMap, PolicyAssertion policyAssertion) {
        Collection<AssertionInfo> collection = assertionInfoMap.get(policyAssertion.getName());
        if (collection == null || collection.isEmpty()) {
            return;
        }
        for (AssertionInfo assertionInfo : collection) {
            if (assertionInfo.getAssertion() == policyAssertion) {
                assertionInfo.setAsserted(true);
            }
        }
    }

    private void notAssertPolicy(AssertionInfoMap assertionInfoMap, PolicyAssertion policyAssertion, String str) {
        Collection<AssertionInfo> collection = assertionInfoMap.get(policyAssertion.getName());
        if (collection == null || collection.isEmpty()) {
            return;
        }
        for (AssertionInfo assertionInfo : collection) {
            if (assertionInfo.getAssertion() == policyAssertion) {
                assertionInfo.setNotAsserted(str);
            }
        }
    }

    private String checkAsymetricBinding(AssertionInfoMap assertionInfoMap, String str, SoapMessage soapMessage) {
        Collection<AssertionInfo> collection = assertionInfoMap.get(SP12Constants.ASYMMETRIC_BINDING);
        if (collection != null) {
            Iterator<AssertionInfo> it = collection.iterator();
            while (it.hasNext()) {
                str = ((AsymmetricBinding) it.next().getAssertion()).getProtectionOrder() == SPConstants.ProtectionOrder.EncryptBeforeSigning ? addToAction(addToAction(str, "Signature", true), "Encrypt", true) : addToAction(addToAction(str, "Encrypt", true), "Signature", true);
                Object contextualProperty = soapMessage.getContextualProperty(SecurityConstants.SIGNATURE_PROPERTIES);
                Object contextualProperty2 = soapMessage.getContextualProperty(SecurityConstants.ENCRYPT_PROPERTIES);
                if (contextualProperty != null) {
                    soapMessage.put("decryptionPropRefId", (Object) ("RefId-" + contextualProperty.toString()));
                    soapMessage.put("RefId-" + contextualProperty.toString(), (Object) getProps(contextualProperty, soapMessage));
                    if (contextualProperty2 == null) {
                        contextualProperty2 = contextualProperty;
                    }
                }
                if (contextualProperty2 != null) {
                    soapMessage.put("SignaturePropRefId", (Object) ("RefId-" + contextualProperty2.toString()));
                    soapMessage.put("RefId-" + contextualProperty2.toString(), (Object) getProps(contextualProperty2, soapMessage));
                }
            }
        }
        return str;
    }

    private String checkTransportBinding(AssertionInfoMap assertionInfoMap, String str, SoapMessage soapMessage) {
        if (isRequestor(soapMessage) && StringUtils.isEmpty(str)) {
            assertPolicy(assertionInfoMap, SP12Constants.TRANSPORT_BINDING);
            assertPolicy(assertionInfoMap, SP12Constants.TRANSPORT_TOKEN);
            assertPolicy(assertionInfoMap, SP12Constants.SUPPORTING_TOKENS);
        }
        return str;
    }

    private String checkSymetricBinding(AssertionInfoMap assertionInfoMap, String str, SoapMessage soapMessage) {
        Collection<AssertionInfo> collection = assertionInfoMap.get(SP12Constants.SYMMETRIC_BINDING);
        if (collection != null) {
            Iterator<AssertionInfo> it = collection.iterator();
            while (it.hasNext()) {
                SymmetricBinding symmetricBinding = (SymmetricBinding) it.next().getAssertion();
                str = symmetricBinding.getProtectionOrder() == SPConstants.ProtectionOrder.EncryptBeforeSigning ? addToAction(addToAction(str, "Signature", true), "Encrypt", true) : addToAction(addToAction(str, "Encrypt", true), "Signature", true);
                Object contextualProperty = soapMessage.getContextualProperty(SecurityConstants.SIGNATURE_PROPERTIES);
                Object contextualProperty2 = soapMessage.getContextualProperty(SecurityConstants.ENCRYPT_PROPERTIES);
                if (symmetricBinding.getProtectionToken() != null) {
                    if (contextualProperty2 != null && contextualProperty == null) {
                        contextualProperty = contextualProperty2;
                    } else if (contextualProperty != null && contextualProperty2 == null) {
                        contextualProperty2 = contextualProperty;
                    }
                }
                if (isRequestor(soapMessage)) {
                    if (contextualProperty2 != null) {
                        soapMessage.put("SignaturePropRefId", (Object) ("RefId-" + contextualProperty2.toString()));
                        soapMessage.put("RefId-" + contextualProperty2.toString(), (Object) getProps(contextualProperty2, soapMessage));
                    }
                    if (contextualProperty != null) {
                        soapMessage.put("decryptionPropRefId", (Object) ("RefId-" + contextualProperty.toString()));
                        soapMessage.put("RefId-" + contextualProperty.toString(), (Object) getProps(contextualProperty, soapMessage));
                    }
                } else {
                    if (contextualProperty != null) {
                        soapMessage.put("SignaturePropRefId", (Object) ("RefId-" + contextualProperty.toString()));
                        soapMessage.put("RefId-" + contextualProperty.toString(), (Object) getProps(contextualProperty, soapMessage));
                    }
                    if (contextualProperty2 != null) {
                        soapMessage.put("decryptionPropRefId", (Object) ("RefId-" + contextualProperty2.toString()));
                        soapMessage.put("RefId-" + contextualProperty2.toString(), (Object) getProps(contextualProperty2, soapMessage));
                    }
                }
            }
        }
        return str;
    }

    private void assertXPathTokens(AssertionInfoMap assertionInfoMap, QName qName, Collection<WSDataRef> collection, SoapMessage soapMessage, SOAPMessage sOAPMessage, CryptoCoverageUtil.CoverageType coverageType, CryptoCoverageUtil.CoverageScope coverageScope) throws SOAPException {
        Map<String, String> declaredNamespaces;
        List<String> xPathExpressions;
        Collection<AssertionInfo> collection2 = assertionInfoMap.get(qName);
        if (collection2 != null) {
            for (AssertionInfo assertionInfo : collection2) {
                assertionInfo.setAsserted(true);
                if (CryptoCoverageUtil.CoverageScope.CONTENT.equals(coverageScope)) {
                    ContentEncryptedElements contentEncryptedElements = (ContentEncryptedElements) assertionInfo.getAssertion();
                    declaredNamespaces = contentEncryptedElements.getDeclaredNamespaces();
                    xPathExpressions = contentEncryptedElements.getXPathExpressions();
                } else {
                    SignedEncryptedElements signedEncryptedElements = (SignedEncryptedElements) assertionInfo.getAssertion();
                    declaredNamespaces = signedEncryptedElements.getDeclaredNamespaces();
                    xPathExpressions = signedEncryptedElements.getXPathExpressions();
                }
                if (xPathExpressions != null) {
                    for (String str : xPathExpressions) {
                        try {
                            CryptoCoverageUtil.checkCoverage(sOAPMessage, collection, declaredNamespaces, str, coverageType, coverageScope);
                        } catch (WSSecurityException e) {
                            assertionInfo.setNotAsserted("No " + coverageType + " element found matching XPath " + str);
                        }
                    }
                }
            }
        }
    }

    private void assertTokens(AssertionInfoMap assertionInfoMap, QName qName, Collection<WSDataRef> collection, SoapMessage soapMessage, SOAPMessage sOAPMessage, CryptoCoverageUtil.CoverageType coverageType) throws SOAPException {
        Collection<AssertionInfo> collection2 = assertionInfoMap.get(qName);
        if (collection2 != null) {
            for (AssertionInfo assertionInfo : collection2) {
                assertionInfo.setAsserted(true);
                SignedEncryptedParts signedEncryptedParts = (SignedEncryptedParts) assertionInfo.getAssertion();
                if (signedEncryptedParts.isBody()) {
                    try {
                        if (CryptoCoverageUtil.CoverageType.SIGNED.equals(coverageType)) {
                            CryptoCoverageUtil.checkBodyCoverage(sOAPMessage, collection, coverageType, CryptoCoverageUtil.CoverageScope.ELEMENT);
                        } else {
                            CryptoCoverageUtil.checkBodyCoverage(sOAPMessage, collection, coverageType, CryptoCoverageUtil.CoverageScope.CONTENT);
                        }
                    } catch (WSSecurityException e) {
                        assertionInfo.setNotAsserted(soapMessage.getVersion().getBody() + " not " + coverageType);
                    }
                }
                for (Header header : signedEncryptedParts.getHeaders()) {
                    try {
                        CryptoCoverageUtil.checkHeaderCoverage(sOAPMessage, collection, header.getNamespace(), header.getName(), coverageType, CryptoCoverageUtil.CoverageScope.ELEMENT);
                    } catch (WSSecurityException e2) {
                        assertionInfo.setNotAsserted(header.getQName() + " not + " + coverageType);
                    }
                }
            }
        }
    }

    @Override // org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor
    protected void computeAction(SoapMessage soapMessage, RequestData requestData) {
        AssertionInfoMap assertionInfoMap = (AssertionInfoMap) soapMessage.get(AssertionInfoMap.class);
        String string = getString("action", soapMessage);
        if (string == null) {
            string = "";
        }
        if (assertionInfoMap != null) {
            if (containsPolicy(assertionInfoMap, SP12Constants.INCLUDE_TIMESTAMP)) {
                string = addToAction(string, "Timestamp", true);
            }
            if (containsPolicy(assertionInfoMap, SP12Constants.USERNAME_TOKEN)) {
                if (isRequestor(soapMessage)) {
                    assertPolicy(assertionInfoMap, SP12Constants.USERNAME_TOKEN);
                } else {
                    string = addToAction(string, SPConstants.USERNAME_TOKEN, true);
                }
            }
            assertPolicy(assertionInfoMap, SP12Constants.LAYOUT);
            assertPolicy(assertionInfoMap, SP12Constants.WSS10);
            assertPolicy(assertionInfoMap, SP12Constants.TRUST_13);
            assertPolicy(assertionInfoMap, SP11Constants.TRUST_10);
            handleWSS11(assertionInfoMap, soapMessage);
            String checkTransportBinding = checkTransportBinding(assertionInfoMap, checkSymetricBinding(assertionInfoMap, checkAsymetricBinding(assertionInfoMap, string, soapMessage), soapMessage), soapMessage);
            assertPolicy(assertionInfoMap, SP12Constants.KEYVALUE_TOKEN);
            assertPolicy(assertionInfoMap, SP12Constants.X509_TOKEN);
            soapMessage.put("action", (Object) checkTransportBinding.trim());
        }
    }

    private Protections addSign(Protections protections) {
        return protections == Protections.NONE ? Protections.SIGN : protections == Protections.ENCRYPT ? Protections.ENCRYPT_SIGN : protections;
    }

    private Protections addEncrypt(Protections protections) {
        return protections == Protections.NONE ? Protections.ENCRYPT : protections == Protections.SIGN ? Protections.SIGN_ENCRYPT : (protections == Protections.ENCRYPT_SIGN || protections == Protections.SIGN_ENCRYPT) ? Protections.ENCRYPT_SIGN_PROTECT : protections;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor
    public void doResults(SoapMessage soapMessage, String str, SOAPMessage sOAPMessage, Vector vector, boolean z) throws SOAPException, XMLStreamException, WSSecurityException {
        AssertionInfoMap assertionInfoMap = (AssertionInfoMap) soapMessage.get(AssertionInfoMap.class);
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        boolean z2 = false;
        boolean z3 = false;
        Protections protections = Protections.NONE;
        for (int i = 0; i < vector.size(); i++) {
            WSSecurityEngineResult wSSecurityEngineResult = (WSSecurityEngineResult) vector.get(i);
            switch (((Integer) wSSecurityEngineResult.get("action")).intValue()) {
                case 1:
                    Collection<AssertionInfo> collection = assertionInfoMap.get(SP12Constants.USERNAME_TOKEN);
                    if (collection != null) {
                        Iterator<AssertionInfo> it = collection.iterator();
                        while (it.hasNext()) {
                            it.next().setAsserted(true);
                        }
                        if (z) {
                            WSUsernameTokenPrincipal wSUsernameTokenPrincipal = (WSUsernameTokenPrincipal) wSSecurityEngineResult.get("principal");
                            for (AssertionInfo assertionInfo : collection) {
                                if (((UsernameToken) assertionInfo.getAssertion()).isHashPassword() != wSUsernameTokenPrincipal.isPasswordDigest()) {
                                    assertionInfo.setNotAsserted("Password hashing policy not enforced");
                                }
                            }
                            break;
                        } else {
                            break;
                        }
                    } else {
                        break;
                    }
                case 2:
                    List cast = CastUtils.cast((List<?>) wSSecurityEngineResult.get("data-ref-uris"));
                    if (cast == null) {
                        break;
                    } else if (cast.size() != 1 || !((WSDataRef) cast.get(0)).getName().equals(new QName("http://www.w3.org/2000/09/xmldsig#", "Signature"))) {
                        Iterator it2 = cast.iterator();
                        while (it2.hasNext()) {
                            hashSet.add((WSDataRef) it2.next());
                        }
                        protections = addSign(protections);
                        break;
                    } else {
                        z3 = true;
                        break;
                    }
                case 4:
                    List cast2 = CastUtils.cast((List<?>) wSSecurityEngineResult.get("data-ref-uris"));
                    if (cast2 != null) {
                        Iterator it3 = cast2.iterator();
                        while (it3.hasNext()) {
                            hashSet2.add((WSDataRef) it3.next());
                        }
                        protections = addEncrypt(protections);
                        break;
                    } else {
                        break;
                    }
                case IDLTokenTypes.RSHIFT /* 32 */:
                    assertPolicy(assertionInfoMap, SP12Constants.INCLUDE_TIMESTAMP);
                    break;
                case 128:
                    assertPolicy(assertionInfoMap, SP12Constants.WSS11);
                    break;
                case 2048:
                    z2 = true;
                    break;
            }
        }
        CryptoCoverageUtil.reconcileEncryptedSignedRefs(hashSet, hashSet2);
        assertTokens(assertionInfoMap, SP12Constants.SIGNED_PARTS, hashSet, soapMessage, sOAPMessage, CryptoCoverageUtil.CoverageType.SIGNED);
        assertTokens(assertionInfoMap, SP12Constants.ENCRYPTED_PARTS, hashSet2, soapMessage, sOAPMessage, CryptoCoverageUtil.CoverageType.ENCRYPTED);
        assertXPathTokens(assertionInfoMap, SP12Constants.SIGNED_ELEMENTS, hashSet, soapMessage, sOAPMessage, CryptoCoverageUtil.CoverageType.SIGNED, CryptoCoverageUtil.CoverageScope.ELEMENT);
        assertXPathTokens(assertionInfoMap, SP12Constants.ENCRYPTED_ELEMENTS, hashSet2, soapMessage, sOAPMessage, CryptoCoverageUtil.CoverageType.ENCRYPTED, CryptoCoverageUtil.CoverageScope.ELEMENT);
        assertXPathTokens(assertionInfoMap, SP12Constants.CONTENT_ENCRYPTED_ELEMENTS, hashSet2, soapMessage, sOAPMessage, CryptoCoverageUtil.CoverageType.ENCRYPTED, CryptoCoverageUtil.CoverageScope.CONTENT);
        assertHeadersExists(assertionInfoMap, soapMessage, sOAPMessage);
        assertAsymetricBinding(assertionInfoMap, soapMessage, sOAPMessage, protections, z2);
        assertSymetricBinding(assertionInfoMap, soapMessage, sOAPMessage, protections, z2);
        assertTransportBinding(assertionInfoMap);
        assertPolicy(assertionInfoMap, SP12Constants.SIGNED_SUPPORTING_TOKENS);
        assertPolicy(assertionInfoMap, SP12Constants.SIGNED_ENCRYPTED_SUPPORTING_TOKENS);
        assertPolicy(assertionInfoMap, SP12Constants.SUPPORTING_TOKENS);
        assertPolicy(assertionInfoMap, SP12Constants.ENCRYPTED_SUPPORTING_TOKENS);
        if (z3 || isRequestor(soapMessage)) {
            assertPolicy(assertionInfoMap, SP12Constants.ENDORSING_SUPPORTING_TOKENS);
            assertPolicy(assertionInfoMap, SP12Constants.SIGNED_ENDORSING_SUPPORTING_TOKENS);
            assertPolicy(assertionInfoMap, SP12Constants.ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
            assertPolicy(assertionInfoMap, SP12Constants.SIGNED_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
        }
        super.doResults(soapMessage, str, sOAPMessage, vector, z);
    }

    private void assertHeadersExists(AssertionInfoMap assertionInfoMap, SoapMessage soapMessage, SOAPMessage sOAPMessage) throws SOAPException {
        SOAPHeader sOAPHeader = sOAPMessage.getSOAPHeader();
        Collection<AssertionInfo> collection = assertionInfoMap.get(SP12Constants.REQUIRED_PARTS);
        if (collection != null) {
            for (AssertionInfo assertionInfo : collection) {
                RequiredParts requiredParts = (RequiredParts) assertionInfo.getAssertion();
                assertionInfo.setAsserted(true);
                for (Header header : requiredParts.getHeaders()) {
                    if (sOAPHeader == null || DOMUtils.getFirstChildWithName(sOAPHeader, header.getQName()) == null) {
                        assertionInfo.setNotAsserted("No header element of name " + header.getQName() + " found.");
                    }
                }
            }
        }
        Collection<AssertionInfo> collection2 = assertionInfoMap.get(SP12Constants.REQUIRED_ELEMENTS);
        if (collection2 != null) {
            for (AssertionInfo assertionInfo2 : collection2) {
                RequiredElements requiredElements = (RequiredElements) assertionInfo2.getAssertion();
                assertionInfo2.setAsserted(true);
                Map<String, String> declaredNamespaces = requiredElements.getDeclaredNamespaces();
                XPathFactory newInstance = XPathFactory.newInstance();
                for (String str : requiredElements.getXPathExpressions()) {
                    XPath newXPath = newInstance.newXPath();
                    if (declaredNamespaces != null) {
                        newXPath.setNamespaceContext(new MapNamespaceContext(declaredNamespaces));
                    }
                    try {
                        if (((NodeList) newXPath.evaluate(str, sOAPHeader, XPathConstants.NODESET)).getLength() == 0) {
                            assertionInfo2.setNotAsserted("No header element matching XPath " + str + " found.");
                        }
                    } catch (XPathExpressionException e) {
                        assertionInfo2.setNotAsserted("Invalid XPath expression " + str + " " + e.getMessage());
                    }
                }
            }
        }
    }

    private boolean assertSymetricBinding(AssertionInfoMap assertionInfoMap, SoapMessage soapMessage, SOAPMessage sOAPMessage, Protections protections, boolean z) {
        Collection<AssertionInfo> collection = assertionInfoMap.get(SP12Constants.SYMMETRIC_BINDING);
        if (collection == null) {
            return true;
        }
        for (AssertionInfo assertionInfo : collection) {
            SymmetricBinding symmetricBinding = (SymmetricBinding) assertionInfo.getAssertion();
            assertionInfo.setAsserted(true);
            if (symmetricBinding.getProtectionOrder() == SPConstants.ProtectionOrder.EncryptBeforeSigning) {
                if (symmetricBinding.isSignatureProtection()) {
                    if (protections == Protections.ENCRYPT_SIGN || protections == Protections.SIGN_ENCRYPT) {
                        assertionInfo.setNotAsserted("Not encrypted before signed and then protected");
                    }
                } else if (protections == Protections.SIGN_ENCRYPT) {
                    assertionInfo.setNotAsserted("Not encrypted before signed");
                }
            } else if (protections == Protections.ENCRYPT_SIGN) {
                assertionInfo.setNotAsserted("Not signed before encrypted");
            }
            if (symmetricBinding.getEncryptionToken() != null) {
                assertPolicy(assertionInfoMap, symmetricBinding.getEncryptionToken());
                assertPolicy(assertionInfoMap, symmetricBinding.getEncryptionToken().getToken(), z);
            }
            if (symmetricBinding.getSignatureToken() != null) {
                assertPolicy(assertionInfoMap, symmetricBinding.getSignatureToken());
                assertPolicy(assertionInfoMap, symmetricBinding.getSignatureToken().getToken(), z);
            }
            if (symmetricBinding.getProtectionToken() != null) {
                assertPolicy(assertionInfoMap, symmetricBinding.getProtectionToken());
                assertPolicy(assertionInfoMap, symmetricBinding.getProtectionToken().getToken(), z);
            }
        }
        return true;
    }

    private boolean assertAsymetricBinding(AssertionInfoMap assertionInfoMap, SoapMessage soapMessage, SOAPMessage sOAPMessage, Protections protections, boolean z) {
        Collection<AssertionInfo> collection = assertionInfoMap.get(SP12Constants.ASYMMETRIC_BINDING);
        if (collection == null) {
            return true;
        }
        for (AssertionInfo assertionInfo : collection) {
            AsymmetricBinding asymmetricBinding = (AsymmetricBinding) assertionInfo.getAssertion();
            assertionInfo.setAsserted(true);
            if (asymmetricBinding.getProtectionOrder() == SPConstants.ProtectionOrder.EncryptBeforeSigning) {
                if (asymmetricBinding.isSignatureProtection()) {
                    if (protections == Protections.ENCRYPT_SIGN || protections == Protections.SIGN_ENCRYPT) {
                        assertionInfo.setNotAsserted("Not encrypted before signed and then protected");
                    }
                } else if (protections == Protections.SIGN_ENCRYPT) {
                    assertionInfo.setNotAsserted("Not encrypted before signed");
                }
            } else if (protections == Protections.ENCRYPT_SIGN) {
                assertionInfo.setNotAsserted("Not signed before encrypted");
            }
            assertPolicy(assertionInfoMap, asymmetricBinding.getInitiatorToken());
            assertPolicy(assertionInfoMap, asymmetricBinding.getRecipientToken());
            assertPolicy(assertionInfoMap, asymmetricBinding.getInitiatorToken().getToken(), z);
            assertPolicy(assertionInfoMap, asymmetricBinding.getRecipientToken().getToken(), z);
        }
        return true;
    }

    private boolean assertTransportBinding(AssertionInfoMap assertionInfoMap) {
        if (assertionInfoMap.get(SP12Constants.TRANSPORT_BINDING) == null) {
            return true;
        }
        assertPolicy(assertionInfoMap, SP12Constants.TRANSPORT_TOKEN);
        assertPolicy(assertionInfoMap, SP12Constants.ENCRYPTED_PARTS);
        assertPolicy(assertionInfoMap, SP12Constants.SIGNED_PARTS);
        return !assertPolicy(assertionInfoMap, SP12Constants.TRANSPORT_BINDING);
    }
}
