package org.apache.wss4j.stax.impl;

import java.util.ArrayDeque;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Deque;
import java.util.Iterator;
import java.util.List;
import javax.xml.namespace.QName;
import org.apache.wss4j.common.bsp.BSPRule;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.stax.ext.WSInboundSecurityContext;
import org.apache.wss4j.stax.ext.WSSConstants;
import org.apache.wss4j.stax.securityEvent.HttpsTokenSecurityEvent;
import org.apache.wss4j.stax.securityEvent.WSSecurityEventConstants;
import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
import org.apache.wss4j.stax.utils.WSSUtils;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.impl.InboundSecurityContextImpl;
import org.apache.xml.security.stax.securityEvent.AlgorithmSuiteSecurityEvent;
import org.apache.xml.security.stax.securityEvent.ContentEncryptedElementSecurityEvent;
import org.apache.xml.security.stax.securityEvent.EncryptedElementSecurityEvent;
import org.apache.xml.security.stax.securityEvent.SecurityEvent;
import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;
import org.apache.xml.security.stax.securityEvent.SignedElementSecurityEvent;
import org.apache.xml.security.stax.securityEvent.TokenSecurityEvent;
import org.apache.xml.security.stax.securityToken.InboundSecurityToken;
import org.apache.xml.security.stax.securityToken.SecurityToken;
import org.apache.xml.security.stax.securityToken.SecurityTokenConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes4.dex */
public class InboundWSSecurityContextImpl extends InboundSecurityContextImpl implements WSInboundSecurityContext {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) InboundWSSecurityContextImpl.class);
    private boolean disableBSPEnforcement;
    private final Deque<SecurityEvent> securityEventQueue = new ArrayDeque();
    private boolean operationSecurityEventOccured = false;
    private boolean messageEncryptionTokenOccured = false;
    private boolean allowRSA15KeyTransportAlgorithm = false;
    private List<BSPRule> ignoredBSPRules = Collections.emptyList();

    private List<TokenSecurityEvent<? extends InboundSecurityToken>> addTokenSecurityEvent(TokenSecurityEvent<? extends InboundSecurityToken> tokenSecurityEvent, List<TokenSecurityEvent<? extends InboundSecurityToken>> list) {
        if (list == Collections.emptyList()) {
            list = new ArrayList<>();
        }
        list.add(tokenSecurityEvent);
        return list;
    }

    private boolean containsSecurityToken(List<TokenSecurityEvent<? extends InboundSecurityToken>> list, SecurityToken securityToken) {
        if (securityToken != null) {
            for (int i = 0; i < list.size(); i++) {
                if (list.get(i).getSecurityToken().getId().equals(securityToken.getId())) {
                    return true;
                }
            }
        }
        return false;
    }

    private boolean encryptsElement(TokenSecurityEvent<? extends SecurityToken> tokenSecurityEvent, List<QName> list, Deque<SecurityEvent> deque) throws XMLSecurityException {
        for (SecurityEvent securityEvent : deque) {
            if (WSSecurityEventConstants.EncryptedElement.equals(securityEvent.getSecurityEventType())) {
                EncryptedElementSecurityEvent encryptedElementSecurityEvent = (EncryptedElementSecurityEvent) securityEvent;
                if (encryptedElementSecurityEvent.isEncrypted() && encryptedElementSecurityEvent.getSecurityToken().getId().equals(tokenSecurityEvent.getSecurityToken().getId()) && WSSUtils.pathMatches(list, encryptedElementSecurityEvent.getElementPath(), true, false)) {
                    return true;
                }
            } else if (WSSecurityEventConstants.ContentEncrypted.equals(securityEvent.getSecurityEventType())) {
                ContentEncryptedElementSecurityEvent contentEncryptedElementSecurityEvent = (ContentEncryptedElementSecurityEvent) securityEvent;
                if (contentEncryptedElementSecurityEvent.isEncrypted() && contentEncryptedElementSecurityEvent.getSecurityToken().getId().equals(tokenSecurityEvent.getSecurityToken().getId()) && contentEncryptedElementSecurityEvent.getXmlSecEvent() == ((InboundSecurityToken) tokenSecurityEvent.getSecurityToken()).getXMLSecEvent() && WSSUtils.pathMatches(list, contentEncryptedElementSecurityEvent.getElementPath(), true, false)) {
                    return true;
                }
            } else {
                continue;
            }
        }
        return false;
    }

    private List<InboundSecurityToken> getSigningToken(TokenSecurityEvent<? extends SecurityToken> tokenSecurityEvent, Deque<SecurityEvent> deque) throws XMLSecurityException {
        ArrayList arrayList = new ArrayList();
        for (SecurityEvent securityEvent : deque) {
            if (WSSecurityEventConstants.SignedElement.equals(securityEvent.getSecurityEventType())) {
                SignedElementSecurityEvent signedElementSecurityEvent = (SignedElementSecurityEvent) securityEvent;
                if (signedElementSecurityEvent.isSigned() && WSSUtils.pathMatches(signedElementSecurityEvent.getElementPath(), ((InboundSecurityToken) tokenSecurityEvent.getSecurityToken()).getElementPath(), true, false)) {
                    arrayList.add((InboundSecurityToken) signedElementSecurityEvent.getSecurityToken());
                }
            }
        }
        return arrayList;
    }

    private InboundSecurityToken getSupportingTokenSigningToken(List<TokenSecurityEvent<? extends InboundSecurityToken>> list, List<TokenSecurityEvent<? extends InboundSecurityToken>> list2, List<TokenSecurityEvent<? extends InboundSecurityToken>> list3, List<TokenSecurityEvent<? extends InboundSecurityToken>> list4, Deque<SecurityEvent> deque) throws XMLSecurityException {
        for (int i = 0; i < list.size(); i++) {
            List<InboundSecurityToken> signingToken = getSigningToken(list.get(i), deque);
            if (signingToken.size() == 1) {
                return signingToken.get(0);
            }
        }
        for (int i2 = 0; i2 < list2.size(); i2++) {
            List<InboundSecurityToken> signingToken2 = getSigningToken(list2.get(i2), deque);
            if (signingToken2.size() == 1) {
                return signingToken2.get(0);
            }
        }
        for (int i3 = 0; i3 < list3.size(); i3++) {
            List<InboundSecurityToken> signingToken3 = getSigningToken(list3.get(i3), deque);
            if (signingToken3.size() == 1) {
                return signingToken3.get(0);
            }
        }
        for (int i4 = 0; i4 < list4.size(); i4++) {
            List<InboundSecurityToken> signingToken4 = getSigningToken(list4.get(i4), deque);
            if (signingToken4.size() == 1) {
                return signingToken4.get(0);
            }
        }
        return null;
    }

    private TokenSecurityEvent<? extends InboundSecurityToken> getTokenSecurityEvent(InboundSecurityToken inboundSecurityToken, List<TokenSecurityEvent<? extends InboundSecurityToken>> list) throws XMLSecurityException {
        if (inboundSecurityToken == null) {
            return null;
        }
        for (int i = 0; i < list.size(); i++) {
            TokenSecurityEvent<? extends InboundSecurityToken> tokenSecurityEvent = list.get(i);
            if (tokenSecurityEvent.getSecurityToken().getId().equals(inboundSecurityToken.getId())) {
                return tokenSecurityEvent;
            }
        }
        return null;
    }

    private void identifySecurityTokenDepenedenciesAndUsage(Deque<SecurityEvent> deque) throws XMLSecurityException {
        List<TokenSecurityEvent<? extends InboundSecurityToken>> list;
        List<TokenSecurityEvent<? extends InboundSecurityToken>> list2;
        List<TokenSecurityEvent<? extends InboundSecurityToken>> list3;
        List<TokenSecurityEvent<? extends InboundSecurityToken>> list4;
        List<TokenSecurityEvent<? extends InboundSecurityToken>> addTokenSecurityEvent;
        List<TokenSecurityEvent<? extends InboundSecurityToken>> addTokenSecurityEvent2;
        List<TokenSecurityEvent<? extends InboundSecurityToken>> addTokenSecurityEvent3;
        List<TokenSecurityEvent<? extends InboundSecurityToken>> addTokenSecurityEvent4;
        List<TokenSecurityEvent<? extends InboundSecurityToken>> list5;
        List<TokenSecurityEvent<? extends InboundSecurityToken>> list6;
        Deque<SecurityEvent> deque2 = deque;
        List<TokenSecurityEvent<? extends InboundSecurityToken>> emptyList = Collections.emptyList();
        List<TokenSecurityEvent<? extends InboundSecurityToken>> emptyList2 = Collections.emptyList();
        List<TokenSecurityEvent<? extends InboundSecurityToken>> emptyList3 = Collections.emptyList();
        List<TokenSecurityEvent<? extends InboundSecurityToken>> emptyList4 = Collections.emptyList();
        List<TokenSecurityEvent<? extends InboundSecurityToken>> emptyList5 = Collections.emptyList();
        List<TokenSecurityEvent<? extends InboundSecurityToken>> emptyList6 = Collections.emptyList();
        List<TokenSecurityEvent<? extends InboundSecurityToken>> emptyList7 = Collections.emptyList();
        List<TokenSecurityEvent<? extends InboundSecurityToken>> emptyList8 = Collections.emptyList();
        List<TokenSecurityEvent<? extends InboundSecurityToken>> emptyList9 = Collections.emptyList();
        List<TokenSecurityEvent<? extends InboundSecurityToken>> emptyList10 = Collections.emptyList();
        List<TokenSecurityEvent<? extends InboundSecurityToken>> arrayList = new ArrayList<>();
        HttpsTokenSecurityEvent httpsTokenSecurityEvent = null;
        for (SecurityEvent securityEvent : deque) {
            List<TokenSecurityEvent<? extends InboundSecurityToken>> list7 = emptyList3;
            if (securityEvent instanceof TokenSecurityEvent) {
                TokenSecurityEvent<? extends InboundSecurityToken> tokenSecurityEvent = (TokenSecurityEvent) securityEvent;
                list6 = emptyList4;
                if (WSSecurityEventConstants.HttpsToken.equals(securityEvent.getSecurityEventType())) {
                    HttpsTokenSecurityEvent httpsTokenSecurityEvent2 = (HttpsTokenSecurityEvent) tokenSecurityEvent;
                    httpsTokenSecurityEvent2.getSecurityToken().getTokenUsages().clear();
                    httpsTokenSecurityEvent2.getSecurityToken().addTokenUsage(WSSecurityTokenConstants.TokenUsage_MainSignature);
                    emptyList = addTokenSecurityEvent(httpsTokenSecurityEvent2, emptyList);
                    httpsTokenSecurityEvent = new HttpsTokenSecurityEvent();
                    httpsTokenSecurityEvent.setAuthenticationType(httpsTokenSecurityEvent2.getAuthenticationType());
                    httpsTokenSecurityEvent.setIssuerName(httpsTokenSecurityEvent2.getIssuerName());
                    httpsTokenSecurityEvent.setSecurityToken(httpsTokenSecurityEvent2.getSecurityToken());
                    httpsTokenSecurityEvent.getSecurityToken().addTokenUsage(WSSecurityTokenConstants.TokenUsage_MainEncryption);
                    emptyList2 = addTokenSecurityEvent(httpsTokenSecurityEvent2, emptyList2);
                } else {
                    arrayList.add(tokenSecurityEvent);
                }
            } else {
                list6 = emptyList4;
            }
            emptyList3 = list7;
            emptyList4 = list6;
        }
        List<TokenSecurityEvent<? extends InboundSecurityToken>> list8 = emptyList4;
        List<TokenSecurityEvent<? extends InboundSecurityToken>> list9 = emptyList3;
        int i = 0;
        while (i < arrayList.size()) {
            TokenSecurityEvent<? extends InboundSecurityToken> tokenSecurityEvent2 = arrayList.get(i);
            InboundSecurityToken inboundSecurityToken = (InboundSecurityToken) WSSUtils.getRootToken(tokenSecurityEvent2.getSecurityToken());
            if (containsSecurityToken(list9, inboundSecurityToken)) {
                list5 = emptyList;
            } else {
                list5 = emptyList;
                TokenSecurityEvent<? extends InboundSecurityToken> createTokenSecurityEvent = WSSUtils.createTokenSecurityEvent(inboundSecurityToken, tokenSecurityEvent2.getCorrelationID());
                List<TokenSecurityEvent<? extends InboundSecurityToken>> addTokenSecurityEvent5 = addTokenSecurityEvent(createTokenSecurityEvent, list9);
                deque2.offer(createTokenSecurityEvent);
                list9 = addTokenSecurityEvent5;
            }
            deque2.remove(tokenSecurityEvent2);
            i++;
            emptyList = list5;
        }
        List<TokenSecurityEvent<? extends InboundSecurityToken>> list10 = emptyList;
        Iterator<TokenSecurityEvent<? extends InboundSecurityToken>> it = list9.iterator();
        List<TokenSecurityEvent<? extends InboundSecurityToken>> list11 = emptyList7;
        List<TokenSecurityEvent<? extends InboundSecurityToken>> list12 = emptyList9;
        List<TokenSecurityEvent<? extends InboundSecurityToken>> list13 = emptyList10;
        List<TokenSecurityEvent<? extends InboundSecurityToken>> list14 = emptyList2;
        List<TokenSecurityEvent<? extends InboundSecurityToken>> list15 = emptyList5;
        List<TokenSecurityEvent<? extends InboundSecurityToken>> list16 = emptyList6;
        List<TokenSecurityEvent<? extends InboundSecurityToken>> list17 = emptyList8;
        List<TokenSecurityEvent<? extends InboundSecurityToken>> list18 = list10;
        List<TokenSecurityEvent<? extends InboundSecurityToken>> list19 = list8;
        while (true) {
            list = list9;
            if (!it.hasNext()) {
                break;
            }
            TokenSecurityEvent<? extends InboundSecurityToken> next = it.next();
            List<InboundSecurityToken> isSignedToken = isSignedToken(next, deque2, httpsTokenSecurityEvent);
            List<TokenSecurityEvent<? extends InboundSecurityToken>> list20 = arrayList;
            List<QName> arrayList2 = new ArrayList<>(4);
            arrayList2.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
            arrayList2.add(WSSConstants.TAG_dsig_Signature);
            boolean signsElement = signsElement(next, arrayList2, deque2);
            boolean encryptsElement = encryptsElement(next, arrayList2, deque2);
            List<TokenSecurityEvent<? extends InboundSecurityToken>> list21 = list17;
            List<TokenSecurityEvent<? extends InboundSecurityToken>> list22 = list19;
            List<QName> arrayList3 = new ArrayList<>(4);
            arrayList3.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
            arrayList3.add(WSSConstants.TAG_wsse11_SignatureConfirmation);
            boolean signsElement2 = signsElement(next, arrayList3, deque2);
            boolean encryptsElement2 = encryptsElement(next, arrayList3, deque2);
            List<TokenSecurityEvent<? extends InboundSecurityToken>> list23 = list11;
            List<TokenSecurityEvent<? extends InboundSecurityToken>> list24 = list15;
            List<QName> arrayList4 = new ArrayList<>(4);
            arrayList4.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
            arrayList4.add(WSSConstants.TAG_wsu_Timestamp);
            boolean signsElement3 = signsElement(next, arrayList4, deque2);
            List<TokenSecurityEvent<? extends InboundSecurityToken>> list25 = list16;
            List<QName> arrayList5 = new ArrayList<>(4);
            arrayList5.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
            arrayList5.add(WSSConstants.TAG_wsse_UsernameToken);
            boolean encryptsElement3 = encryptsElement(next, arrayList5, deque2);
            List<TokenSecurityEvent<? extends InboundSecurityToken>> list26 = list12;
            boolean z = Boolean.TRUE == get(WSSConstants.TRANSPORT_SECURITY_ACTIVE);
            List<InboundSecurityToken> isEncryptedToken = isEncryptedToken(next, deque2, httpsTokenSecurityEvent);
            boolean contains = ((InboundSecurityToken) next.getSecurityToken()).getTokenUsages().contains(WSSecurityTokenConstants.TokenUsage_Signature);
            HttpsTokenSecurityEvent httpsTokenSecurityEvent3 = httpsTokenSecurityEvent;
            boolean contains2 = ((InboundSecurityToken) next.getSecurityToken()).getTokenUsages().contains(WSSecurityTokenConstants.TokenUsage_Encryption);
            if (!z && signsElement2 && signsElement3 && !signsElement) {
                it.remove();
                addTokenSecurityEvent3 = addTokenSecurityEvent(next, list18);
                if (contains2) {
                    addTokenSecurityEvent4 = addTokenSecurityEvent(next, list14);
                    list14 = addTokenSecurityEvent4;
                }
                list18 = addTokenSecurityEvent3;
            } else if (!z && signsElement2 && !signsElement) {
                it.remove();
                addTokenSecurityEvent3 = addTokenSecurityEvent(next, list18);
                if (contains2) {
                    addTokenSecurityEvent4 = addTokenSecurityEvent(next, list14);
                    list14 = addTokenSecurityEvent4;
                }
                list18 = addTokenSecurityEvent3;
            } else if (!z && signsElement3 && !signsElement) {
                it.remove();
                addTokenSecurityEvent3 = addTokenSecurityEvent(next, list18);
                if (contains2) {
                    addTokenSecurityEvent4 = addTokenSecurityEvent(next, list14);
                    list14 = addTokenSecurityEvent4;
                }
                list18 = addTokenSecurityEvent3;
            } else if (z || !(encryptsElement || encryptsElement2 || encryptsElement3)) {
                if (signsElement && isSignedToken.size() > 0 && isEncryptedToken.size() > 0) {
                    it.remove();
                    addTokenSecurityEvent2 = addTokenSecurityEvent(next, list13);
                } else if (z && signsElement3 && isSignedToken.size() > 0 && isEncryptedToken.size() > 0) {
                    it.remove();
                    addTokenSecurityEvent2 = addTokenSecurityEvent(next, list13);
                } else if (signsElement && isSignedToken.size() == 0 && isEncryptedToken.size() > 0) {
                    it.remove();
                    list12 = addTokenSecurityEvent(next, list26);
                    list17 = list21;
                    list19 = list22;
                    list11 = list23;
                    list15 = list24;
                    list16 = list25;
                    deque2 = deque;
                    list9 = list;
                    arrayList = list20;
                    httpsTokenSecurityEvent = httpsTokenSecurityEvent3;
                } else {
                    if (signsElement && isSignedToken.size() > 0) {
                        it.remove();
                        addTokenSecurityEvent = addTokenSecurityEvent(next, list25);
                    } else if (!contains || isSignedToken.size() <= 0) {
                        if (signsElement) {
                            it.remove();
                            list16 = list25;
                            list12 = list26;
                            list17 = list21;
                            list19 = list22;
                            list11 = list23;
                            list15 = addTokenSecurityEvent(next, list24);
                        } else if (isSignedToken.size() > 0 && isEncryptedToken.size() > 0) {
                            it.remove();
                            list11 = addTokenSecurityEvent(next, list23);
                            list12 = list26;
                            list15 = list24;
                            list17 = list21;
                            list16 = list25;
                            list19 = list22;
                        } else if (isSignedToken.size() > 0) {
                            it.remove();
                            list12 = list26;
                            list15 = list24;
                            list11 = list23;
                            list17 = list21;
                            list16 = list25;
                            list19 = addTokenSecurityEvent(next, list22);
                        } else {
                            if (isEncryptedToken.size() > 0) {
                                it.remove();
                                list17 = addTokenSecurityEvent(next, list21);
                            } else {
                                list17 = list21;
                            }
                            list12 = list26;
                            list15 = list24;
                            list11 = list23;
                            list16 = list25;
                            list19 = list22;
                        }
                        deque2 = deque;
                        list9 = list;
                        arrayList = list20;
                        httpsTokenSecurityEvent = httpsTokenSecurityEvent3;
                    } else {
                        it.remove();
                        addTokenSecurityEvent = addTokenSecurityEvent(next, list25);
                    }
                    list16 = addTokenSecurityEvent;
                    list12 = list26;
                    list17 = list21;
                    list19 = list22;
                    list11 = list23;
                    list15 = list24;
                    deque2 = deque;
                    list9 = list;
                    arrayList = list20;
                    httpsTokenSecurityEvent = httpsTokenSecurityEvent3;
                }
                list13 = addTokenSecurityEvent2;
            } else {
                it.remove();
                list14 = addTokenSecurityEvent(next, list14);
            }
            list12 = list26;
            list17 = list21;
            list19 = list22;
            list11 = list23;
            list15 = list24;
            list16 = list25;
            deque2 = deque;
            list9 = list;
            arrayList = list20;
            httpsTokenSecurityEvent = httpsTokenSecurityEvent3;
        }
        List<TokenSecurityEvent<? extends InboundSecurityToken>> list27 = list19;
        List<TokenSecurityEvent<? extends InboundSecurityToken>> list28 = list16;
        List<TokenSecurityEvent<? extends InboundSecurityToken>> list29 = arrayList;
        List<TokenSecurityEvent<? extends InboundSecurityToken>> list30 = list11;
        List<TokenSecurityEvent<? extends InboundSecurityToken>> list31 = list15;
        List<TokenSecurityEvent<? extends InboundSecurityToken>> list32 = list12;
        if (list18.isEmpty()) {
            list2 = list13;
            list3 = list17;
            TokenSecurityEvent<? extends InboundSecurityToken> tokenSecurityEvent3 = getTokenSecurityEvent(getSupportingTokenSigningToken(list27, list28, list30, list2, deque), list29);
            list4 = list;
            if (tokenSecurityEvent3 != null) {
                removeTokenSecurityEvent(tokenSecurityEvent3, list4);
                removeTokenSecurityEvent(tokenSecurityEvent3, list27);
                removeTokenSecurityEvent(tokenSecurityEvent3, list31);
                removeTokenSecurityEvent(tokenSecurityEvent3, list28);
                removeTokenSecurityEvent(tokenSecurityEvent3, list30);
                removeTokenSecurityEvent(tokenSecurityEvent3, list3);
                removeTokenSecurityEvent(tokenSecurityEvent3, list32);
                removeTokenSecurityEvent(tokenSecurityEvent3, list2);
                list18 = addTokenSecurityEvent(tokenSecurityEvent3, list18);
            }
        } else {
            list2 = list13;
            list3 = list17;
            list4 = list;
        }
        if (list18.isEmpty()) {
            Iterator<TokenSecurityEvent<? extends InboundSecurityToken>> it2 = list4.iterator();
            while (true) {
                if (!it2.hasNext()) {
                    break;
                }
                TokenSecurityEvent<? extends InboundSecurityToken> next2 = it2.next();
                if (((InboundSecurityToken) next2.getSecurityToken()).getTokenUsages().contains(WSSecurityTokenConstants.TokenUsage_Signature)) {
                    it2.remove();
                    list18 = addTokenSecurityEvent(next2, list18);
                    break;
                }
            }
        }
        if (list14.isEmpty()) {
            Iterator<TokenSecurityEvent<? extends InboundSecurityToken>> it3 = list4.iterator();
            while (true) {
                if (!it3.hasNext()) {
                    break;
                }
                TokenSecurityEvent<? extends InboundSecurityToken> next3 = it3.next();
                if (((InboundSecurityToken) next3.getSecurityToken()).getTokenUsages().contains(WSSecurityTokenConstants.TokenUsage_Encryption)) {
                    it3.remove();
                    list14 = addTokenSecurityEvent(next3, list14);
                    break;
                }
            }
        }
        if (!list14.isEmpty()) {
            this.messageEncryptionTokenOccured = true;
        }
        setTokenUsage(list18, WSSecurityTokenConstants.TokenUsage_MainSignature);
        setTokenUsage(list14, WSSecurityTokenConstants.TokenUsage_MainEncryption);
        setTokenUsage(list4, WSSecurityTokenConstants.TokenUsage_SupportingTokens);
        setTokenUsage(list27, WSSecurityTokenConstants.TokenUsage_SignedSupportingTokens);
        setTokenUsage(list31, WSSecurityTokenConstants.TokenUsage_EndorsingSupportingTokens);
        setTokenUsage(list28, WSSecurityTokenConstants.TokenUsage_SignedEndorsingSupportingTokens);
        setTokenUsage(list30, WSSecurityTokenConstants.TokenUsage_SignedEncryptedSupportingTokens);
        setTokenUsage(list3, WSSecurityTokenConstants.TokenUsage_EncryptedSupportingTokens);
        setTokenUsage(list32, WSSecurityTokenConstants.TokenUsage_EndorsingEncryptedSupportingTokens);
        setTokenUsage(list2, WSSecurityTokenConstants.TokenUsage_SignedEndorsingEncryptedSupportingTokens);
    }

    private List<InboundSecurityToken> isEncryptedToken(TokenSecurityEvent<? extends SecurityToken> tokenSecurityEvent, Deque<SecurityEvent> deque, HttpsTokenSecurityEvent httpsTokenSecurityEvent) throws XMLSecurityException {
        ArrayList arrayList = new ArrayList();
        if (httpsTokenSecurityEvent != null) {
            arrayList.add(httpsTokenSecurityEvent.getSecurityToken());
            return arrayList;
        }
        for (SecurityEvent securityEvent : deque) {
            if (WSSecurityEventConstants.EncryptedElement.equals(securityEvent.getSecurityEventType())) {
                EncryptedElementSecurityEvent encryptedElementSecurityEvent = (EncryptedElementSecurityEvent) securityEvent;
                if (encryptedElementSecurityEvent.isEncrypted() && tokenSecurityEvent.getSecurityToken() != null && encryptedElementSecurityEvent.getXmlSecEvent() != null && encryptedElementSecurityEvent.getXmlSecEvent() == ((InboundSecurityToken) tokenSecurityEvent.getSecurityToken()).getXMLSecEvent() && !arrayList.contains((InboundSecurityToken) encryptedElementSecurityEvent.getSecurityToken())) {
                    arrayList.add((InboundSecurityToken) encryptedElementSecurityEvent.getSecurityToken());
                }
            }
        }
        return arrayList;
    }

    private List<InboundSecurityToken> isSignedToken(TokenSecurityEvent<? extends SecurityToken> tokenSecurityEvent, Deque<SecurityEvent> deque, HttpsTokenSecurityEvent httpsTokenSecurityEvent) throws XMLSecurityException {
        ArrayList arrayList = new ArrayList();
        if (httpsTokenSecurityEvent != null) {
            arrayList.add(httpsTokenSecurityEvent.getSecurityToken());
            return arrayList;
        }
        for (SecurityEvent securityEvent : deque) {
            if (WSSecurityEventConstants.SignedElement.equals(securityEvent.getSecurityEventType())) {
                SignedElementSecurityEvent signedElementSecurityEvent = (SignedElementSecurityEvent) securityEvent;
                if (signedElementSecurityEvent.isSigned() && tokenSecurityEvent.getSecurityToken() != null && signedElementSecurityEvent.getXmlSecEvent() != null && signedElementSecurityEvent.getXmlSecEvent() == ((InboundSecurityToken) tokenSecurityEvent.getSecurityToken()).getXMLSecEvent() && !arrayList.contains((InboundSecurityToken) signedElementSecurityEvent.getSecurityToken())) {
                    arrayList.add((InboundSecurityToken) signedElementSecurityEvent.getSecurityToken());
                }
            }
        }
        return arrayList;
    }

    private boolean matchesTokenOrWrappedTokenId(SecurityToken securityToken, String str, SecurityTokenConstants.TokenUsage tokenUsage) throws XMLSecurityException {
        if (securityToken.getId().equals(str) && securityToken.getTokenUsages().contains(tokenUsage)) {
            return true;
        }
        List<? extends SecurityToken> wrappedTokens = securityToken.getWrappedTokens();
        for (int i = 0; i < wrappedTokens.size(); i++) {
            boolean matchesTokenOrWrappedTokenId = matchesTokenOrWrappedTokenId(wrappedTokens.get(i), str, tokenUsage);
            if (matchesTokenOrWrappedTokenId) {
                return matchesTokenOrWrappedTokenId;
            }
        }
        return false;
    }

    private void removeTokenSecurityEvent(TokenSecurityEvent<? extends InboundSecurityToken> tokenSecurityEvent, List<TokenSecurityEvent<? extends InboundSecurityToken>> list) {
        for (int i = 0; i < list.size(); i++) {
            TokenSecurityEvent<? extends InboundSecurityToken> tokenSecurityEvent2 = list.get(i);
            if (tokenSecurityEvent2.getSecurityToken().getId().equals(tokenSecurityEvent.getSecurityToken().getId())) {
                list.remove(tokenSecurityEvent2);
                return;
            }
        }
    }

    private void setTokenUsage(List<TokenSecurityEvent<? extends InboundSecurityToken>> list, SecurityTokenConstants.TokenUsage tokenUsage) throws XMLSecurityException {
        for (int i = 0; i < list.size(); i++) {
            setTokenUsage(list.get(i), tokenUsage);
        }
    }

    private void setTokenUsage(TokenSecurityEvent<? extends InboundSecurityToken> tokenSecurityEvent, SecurityTokenConstants.TokenUsage tokenUsage) throws XMLSecurityException {
        tokenSecurityEvent.getSecurityToken().getTokenUsages().remove(WSSecurityTokenConstants.TokenUsage_SupportingTokens);
        tokenSecurityEvent.getSecurityToken().getTokenUsages().remove(WSSecurityTokenConstants.TokenUsage_Signature);
        tokenSecurityEvent.getSecurityToken().getTokenUsages().remove(WSSecurityTokenConstants.TokenUsage_Encryption);
        tokenSecurityEvent.getSecurityToken().addTokenUsage(tokenUsage);
    }

    private boolean signsElement(TokenSecurityEvent<? extends SecurityToken> tokenSecurityEvent, List<QName> list, Deque<SecurityEvent> deque) throws XMLSecurityException {
        for (SecurityEvent securityEvent : deque) {
            if (WSSecurityEventConstants.SignedElement.equals(securityEvent.getSecurityEventType())) {
                SignedElementSecurityEvent signedElementSecurityEvent = (SignedElementSecurityEvent) securityEvent;
                if (signedElementSecurityEvent.isSigned() && matchesTokenOrWrappedTokenId(tokenSecurityEvent.getSecurityToken(), signedElementSecurityEvent.getSecurityToken().getId(), SecurityTokenConstants.TokenUsage_Signature) && WSSUtils.pathMatches(list, signedElementSecurityEvent.getElementPath(), true, false)) {
                    return true;
                }
            }
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.xml.security.stax.impl.InboundSecurityContextImpl, org.apache.xml.security.stax.impl.AbstractSecurityContextImpl
    public void forwardSecurityEvent(SecurityEvent securityEvent) throws XMLSecurityException {
        if (!this.allowRSA15KeyTransportAlgorithm && SecurityEventConstants.AlgorithmSuite.equals(securityEvent.getSecurityEventType())) {
            AlgorithmSuiteSecurityEvent algorithmSuiteSecurityEvent = (AlgorithmSuiteSecurityEvent) securityEvent;
            Boolean bool = (Boolean) get(WSSConstants.PROP_ALLOW_RSA15_KEYTRANSPORT_ALGORITHM);
            if ((bool == null || !bool.booleanValue()) && "http://www.w3.org/2001/04/xmlenc#rsa-1_5".equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK, WSSConstants.PROP_ALLOW_RSA15_KEYTRANSPORT_ALGORITHM);
            }
        }
        try {
            super.forwardSecurityEvent(securityEvent);
        } catch (WSSecurityException e) {
            throw e;
        } catch (XMLSecurityException e2) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK, e2);
        }
    }

    @Override // org.apache.wss4j.stax.ext.WSInboundSecurityContext
    public void handleBSPRule(BSPRule bSPRule) throws WSSecurityException {
        if (this.disableBSPEnforcement) {
            return;
        }
        if (!this.ignoredBSPRules.contains(bSPRule)) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, "empty", new Object[]{"BSP:" + bSPRule.name() + ": " + bSPRule.getMsg()});
        }
        LOG.warn("BSP:" + bSPRule.name() + ": " + bSPRule.getMsg());
    }

    @Override // org.apache.wss4j.stax.ext.WSInboundSecurityContext
    public void ignoredBSPRules(List<BSPRule> list) {
        this.ignoredBSPRules = new ArrayList(list);
    }

    public boolean isAllowRSA15KeyTransportAlgorithm() {
        return this.allowRSA15KeyTransportAlgorithm;
    }

    public boolean isDisableBSPEnforcement() {
        return this.disableBSPEnforcement;
    }

    @Override // org.apache.xml.security.stax.impl.AbstractSecurityContextImpl, org.apache.xml.security.stax.securityEvent.SecurityEventListener
    public synchronized void registerSecurityEvent(SecurityEvent securityEvent) throws XMLSecurityException {
        if (WSSecurityEventConstants.AlgorithmSuite.equals(securityEvent.getSecurityEventType())) {
            forwardSecurityEvent(securityEvent);
            return;
        }
        if (!this.operationSecurityEventOccured) {
            if (!WSSecurityEventConstants.Operation.equals(securityEvent.getSecurityEventType())) {
                this.securityEventQueue.push(securityEvent);
                return;
            }
            this.operationSecurityEventOccured = true;
            identifySecurityTokenDepenedenciesAndUsage(this.securityEventQueue);
            Iterator<SecurityEvent> descendingIterator = this.securityEventQueue.descendingIterator();
            while (descendingIterator.hasNext()) {
                forwardSecurityEvent(descendingIterator.next());
            }
            forwardSecurityEvent(securityEvent);
            this.securityEventQueue.clear();
            return;
        }
        SecurityEvent securityEvent2 = securityEvent;
        if (!this.messageEncryptionTokenOccured) {
            boolean z = securityEvent instanceof TokenSecurityEvent;
            securityEvent2 = securityEvent;
            if (z) {
                TokenSecurityEvent tokenSecurityEvent = (TokenSecurityEvent) securityEvent;
                securityEvent2 = securityEvent;
                if (((InboundSecurityToken) tokenSecurityEvent.getSecurityToken()).getTokenUsages().contains(WSSecurityTokenConstants.TokenUsage_Encryption)) {
                    TokenSecurityEvent<? extends InboundSecurityToken> createTokenSecurityEvent = WSSUtils.createTokenSecurityEvent((InboundSecurityToken) WSSUtils.getRootToken(tokenSecurityEvent.getSecurityToken()), tokenSecurityEvent.getCorrelationID());
                    setTokenUsage(createTokenSecurityEvent, WSSecurityTokenConstants.TokenUsage_MainEncryption);
                    this.messageEncryptionTokenOccured = true;
                    securityEvent2 = createTokenSecurityEvent;
                }
            }
        }
        forwardSecurityEvent(securityEvent2);
    }

    public void setAllowRSA15KeyTransportAlgorithm(boolean z) {
        this.allowRSA15KeyTransportAlgorithm = z;
    }

    public void setDisableBSPEnforcement(boolean z) {
        this.disableBSPEnforcement = z;
    }
}
