package org.apache.cxf.ws.security.wss4j.policyvalidators;

import java.util.Collection;
import java.util.List;
import java.util.logging.Logger;
import javax.xml.namespace.QName;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.security.policy.PolicyUtils;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.engine.WSSecurityEngineResult;
import org.apache.wss4j.policy.SP11Constants;
import org.apache.wss4j.policy.SP12Constants;
import org.apache.wss4j.policy.SPConstants;
import org.apache.wss4j.policy.model.X509Token;
import org.opensaml.soap.wssecurity.KeyIdentifier;
import org.w3c.dom.Element;

/* loaded from: classes4.dex */
public class X509TokenPolicyValidator extends AbstractSecurityPolicyValidator {
    private static final Logger LOG = LogUtils.getL7dLogger(X509TokenPolicyValidator.class);
    private static final String PKI_VALUETYPE = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1";
    private static final String X509_V3_VALUETYPE = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";

    private void assertToken(X509Token x509Token, AssertionInfoMap assertionInfoMap) {
        String namespaceURI = x509Token.getName().getNamespaceURI();
        if (x509Token.isRequireIssuerSerialReference()) {
            PolicyUtils.assertPolicy(assertionInfoMap, new QName(namespaceURI, SPConstants.REQUIRE_ISSUER_SERIAL_REFERENCE));
        }
        if (x509Token.isRequireThumbprintReference()) {
            PolicyUtils.assertPolicy(assertionInfoMap, new QName(namespaceURI, SPConstants.REQUIRE_THUMBPRINT_REFERENCE));
        }
        if (x509Token.isRequireEmbeddedTokenReference()) {
            PolicyUtils.assertPolicy(assertionInfoMap, new QName(namespaceURI, SPConstants.REQUIRE_EMBEDDED_TOKEN_REFERENCE));
        }
        if (x509Token.isRequireKeyIdentifierReference()) {
            PolicyUtils.assertPolicy(assertionInfoMap, new QName(namespaceURI, SPConstants.REQUIRE_KEY_IDENTIFIER_REFERENCE));
        }
        X509Token.TokenType tokenType = x509Token.getTokenType();
        if (tokenType != null) {
            PolicyUtils.assertPolicy(assertionInfoMap, new QName(namespaceURI, tokenType.name()));
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:17:0x0031  */
    /* JADX WARN: Removed duplicated region for block: B:54:0x007e  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private boolean checkTokenType(org.apache.wss4j.policy.model.X509Token.TokenType r10, java.util.List<org.apache.wss4j.dom.engine.WSSecurityEngineResult> r11, java.util.List<org.apache.wss4j.dom.engine.WSSecurityEngineResult> r12) {
        /*
            r9 = this;
            r0 = 0
            if (r11 == 0) goto L9
            boolean r1 = r11.isEmpty()
            if (r1 == 0) goto L10
        L9:
            boolean r1 = r12.isEmpty()
            if (r1 == 0) goto L10
            return r0
        L10:
            org.apache.wss4j.policy.model.X509Token$TokenType r1 = org.apache.wss4j.policy.model.X509Token.TokenType.WssX509PkiPathV1Token10
            java.lang.String r2 = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
            r3 = 1
            if (r10 == r1) goto L2a
            org.apache.wss4j.policy.model.X509Token$TokenType r1 = org.apache.wss4j.policy.model.X509Token.TokenType.WssX509PkiPathV1Token11
            if (r10 != r1) goto L1c
            goto L2a
        L1c:
            org.apache.wss4j.policy.model.X509Token$TokenType r1 = org.apache.wss4j.policy.model.X509Token.TokenType.WssX509V3Token10
            if (r10 == r1) goto L27
            org.apache.wss4j.policy.model.X509Token$TokenType r1 = org.apache.wss4j.policy.model.X509Token.TokenType.WssX509V3Token11
            if (r10 != r1) goto L25
            goto L27
        L25:
            r10 = r2
            goto L2c
        L27:
            r10 = r2
            r1 = 1
            goto L2d
        L2a:
            java.lang.String r10 = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1"
        L2c:
            r1 = 0
        L2d:
            r4 = 3
            r5 = 0
            if (r11 == 0) goto L78
            java.util.Iterator r11 = r11.iterator()
        L35:
            boolean r6 = r11.hasNext()
            if (r6 == 0) goto L78
            java.lang.Object r6 = r11.next()
            org.apache.wss4j.dom.engine.WSSecurityEngineResult r6 = (org.apache.wss4j.dom.engine.WSSecurityEngineResult) r6
            java.lang.String r7 = "binary-security-token"
            java.lang.Object r6 = r6.get(r7)
            org.apache.wss4j.common.token.BinarySecurity r6 = (org.apache.wss4j.common.token.BinarySecurity) r6
            if (r6 == 0) goto L35
            java.lang.String r7 = r6.getValueType()
            boolean r7 = r10.equals(r7)
            if (r7 == 0) goto L35
            if (r1 == 0) goto L77
            boolean r7 = r6 instanceof org.apache.wss4j.common.token.X509Security
            if (r7 == 0) goto L77
            org.apache.wss4j.common.token.X509Security r6 = (org.apache.wss4j.common.token.X509Security) r6     // Catch: org.apache.wss4j.common.ext.WSSecurityException -> L6a
            java.security.cert.X509Certificate r6 = r6.getX509Certificate(r5)     // Catch: org.apache.wss4j.common.ext.WSSecurityException -> L6a
            if (r6 == 0) goto L35
            int r6 = r6.getVersion()     // Catch: org.apache.wss4j.common.ext.WSSecurityException -> L6a
            if (r6 != r4) goto L35
            return r3
        L6a:
            r6 = move-exception
            java.util.logging.Logger r7 = org.apache.cxf.ws.security.wss4j.policyvalidators.X509TokenPolicyValidator.LOG
            java.util.logging.Level r8 = java.util.logging.Level.FINE
            java.lang.String r6 = r6.getMessage()
            r7.log(r8, r6)
            goto L35
        L77:
            return r3
        L78:
            boolean r10 = r2.equals(r10)
            if (r10 == 0) goto Ld8
            java.util.Iterator r10 = r12.iterator()
        L82:
            boolean r11 = r10.hasNext()
            if (r11 == 0) goto Ld8
            java.lang.Object r11 = r10.next()
            org.apache.wss4j.dom.engine.WSSecurityEngineResult r11 = (org.apache.wss4j.dom.engine.WSSecurityEngineResult) r11
            java.lang.String r12 = "x509-reference-type"
            java.lang.Object r12 = r11.get(r12)
            org.apache.wss4j.dom.str.STRParser$REFERENCE_TYPE r12 = (org.apache.wss4j.dom.str.STRParser.REFERENCE_TYPE) r12
            org.apache.wss4j.dom.str.STRParser$REFERENCE_TYPE r1 = org.apache.wss4j.dom.str.STRParser.REFERENCE_TYPE.KEY_IDENTIFIER
            if (r1 != r12) goto L82
            java.lang.String r12 = "token-element"
            java.lang.Object r11 = r11.get(r12)
            org.w3c.dom.Element r11 = (org.w3c.dom.Element) r11
            org.w3c.dom.Element r11 = r9.getKeyIdentifier(r11)
            if (r11 == 0) goto L82
            java.lang.String r12 = "ValueType"
            java.lang.String r12 = r11.getAttributeNS(r5, r12)
            boolean r12 = r2.equals(r12)
            if (r12 == 0) goto L82
            org.apache.wss4j.common.token.X509Security r12 = new org.apache.wss4j.common.token.X509Security     // Catch: org.apache.wss4j.common.ext.WSSecurityException -> Lcb
            org.apache.wss4j.common.bsp.BSPEnforcer r1 = new org.apache.wss4j.common.bsp.BSPEnforcer     // Catch: org.apache.wss4j.common.ext.WSSecurityException -> Lcb
            r1.<init>(r3)     // Catch: org.apache.wss4j.common.ext.WSSecurityException -> Lcb
            r12.<init>(r11, r1)     // Catch: org.apache.wss4j.common.ext.WSSecurityException -> Lcb
            java.security.cert.X509Certificate r11 = r12.getX509Certificate(r5)     // Catch: org.apache.wss4j.common.ext.WSSecurityException -> Lcb
            if (r11 == 0) goto L82
            int r11 = r11.getVersion()     // Catch: org.apache.wss4j.common.ext.WSSecurityException -> Lcb
            if (r11 != r4) goto L82
            return r3
        Lcb:
            r11 = move-exception
            java.util.logging.Logger r12 = org.apache.cxf.ws.security.wss4j.policyvalidators.X509TokenPolicyValidator.LOG
            java.util.logging.Level r1 = java.util.logging.Level.FINE
            java.lang.String r11 = r11.getMessage()
            r12.log(r1, r11)
            goto L82
        Ld8:
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: org.apache.cxf.ws.security.wss4j.policyvalidators.X509TokenPolicyValidator.checkTokenType(org.apache.wss4j.policy.model.X509Token$TokenType, java.util.List, java.util.List):boolean");
    }

    private Element getKeyIdentifier(Element element) {
        Element directChildElement;
        Element directChildElement2;
        if (element == null || (directChildElement = XMLUtils.getDirectChildElement(element, "KeyInfo", "http://www.w3.org/2000/09/xmldsig#")) == null || (directChildElement2 = XMLUtils.getDirectChildElement(directChildElement, "SecurityTokenReference", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd")) == null) {
            return null;
        }
        return XMLUtils.getDirectChildElement(directChildElement2, KeyIdentifier.ELEMENT_LOCAL_NAME, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
    }

    @Override // org.apache.cxf.ws.security.wss4j.policyvalidators.SecurityPolicyValidator
    public boolean canValidatePolicy(AssertionInfo assertionInfo) {
        return assertionInfo.getAssertion() != null && (SP12Constants.X509_TOKEN.equals(assertionInfo.getAssertion().getName()) || SP11Constants.X509_TOKEN.equals(assertionInfo.getAssertion().getName()));
    }

    @Override // org.apache.cxf.ws.security.wss4j.policyvalidators.SecurityPolicyValidator
    public void validatePolicies(PolicyValidatorParameters policyValidatorParameters, Collection<AssertionInfo> collection) {
        List<WSSecurityEngineResult> list = policyValidatorParameters.getResults().getActionResults().get(4096);
        for (AssertionInfo assertionInfo : collection) {
            X509Token x509Token = (X509Token) assertionInfo.getAssertion();
            assertionInfo.setAsserted(true);
            assertToken(x509Token, policyValidatorParameters.getAssertionInfoMap());
            if (isTokenRequired(x509Token, policyValidatorParameters.getMessage())) {
                if ((list == null || list.isEmpty()) && policyValidatorParameters.getSignedResults().isEmpty()) {
                    assertionInfo.setNotAsserted("The received token does not match the token inclusion requirement");
                } else if (!checkTokenType(x509Token.getTokenType(), list, policyValidatorParameters.getSignedResults())) {
                    assertionInfo.setNotAsserted("An incorrect X.509 Token Type is detected");
                }
            }
        }
    }
}
