package org.apache.wss4j.policy.stax.assertionStates;

import java.util.List;
import javax.xml.namespace.QName;
import org.apache.wss4j.common.WSSPolicyException;
import org.apache.wss4j.policy.AssertionState;
import org.apache.wss4j.policy.SPConstants;
import org.apache.wss4j.policy.model.AbstractSecurityAssertion;
import org.apache.wss4j.policy.model.AbstractToken;
import org.apache.wss4j.policy.model.EncryptionToken;
import org.apache.wss4j.policy.model.InitiatorEncryptionToken;
import org.apache.wss4j.policy.model.InitiatorSignatureToken;
import org.apache.wss4j.policy.model.InitiatorToken;
import org.apache.wss4j.policy.model.ProtectionToken;
import org.apache.wss4j.policy.model.RecipientEncryptionToken;
import org.apache.wss4j.policy.model.RecipientSignatureToken;
import org.apache.wss4j.policy.model.RecipientToken;
import org.apache.wss4j.policy.model.SignatureToken;
import org.apache.wss4j.policy.model.SupportingTokens;
import org.apache.wss4j.policy.model.TransportToken;
import org.apache.wss4j.policy.stax.Assertable;
import org.apache.wss4j.policy.stax.DummyPolicyAsserter;
import org.apache.wss4j.policy.stax.PolicyAsserter;
import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.securityEvent.SecurityEvent;
import org.apache.xml.security.stax.securityEvent.TokenSecurityEvent;
import org.apache.xml.security.stax.securityToken.InboundSecurityToken;
import org.apache.xml.security.stax.securityToken.SecurityToken;
import org.apache.xml.security.stax.securityToken.SecurityTokenConstants;

/* loaded from: classes4.dex */
public abstract class TokenAssertionState extends AssertionState implements Assertable {
    private boolean initiator;
    private PolicyAsserter policyAsserter;

    /* renamed from: org.apache.wss4j.policy.stax.assertionStates.TokenAssertionState$1, reason: invalid class name */
    /* loaded from: classes4.dex */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$wss4j$policy$SPConstants$IncludeTokenType;
        static final /* synthetic */ int[] $SwitchMap$org$apache$wss4j$policy$model$AbstractToken$DerivedKeys;

        static {
            int[] iArr = new int[AbstractToken.DerivedKeys.values().length];
            $SwitchMap$org$apache$wss4j$policy$model$AbstractToken$DerivedKeys = iArr;
            try {
                iArr[AbstractToken.DerivedKeys.RequireDerivedKeys.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$org$apache$wss4j$policy$model$AbstractToken$DerivedKeys[AbstractToken.DerivedKeys.RequireExplicitDerivedKeys.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$org$apache$wss4j$policy$model$AbstractToken$DerivedKeys[AbstractToken.DerivedKeys.RequireImpliedDerivedKeys.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            int[] iArr2 = new int[SPConstants.IncludeTokenType.values().length];
            $SwitchMap$org$apache$wss4j$policy$SPConstants$IncludeTokenType = iArr2;
            try {
                iArr2[SPConstants.IncludeTokenType.INCLUDE_TOKEN_NEVER.ordinal()] = 1;
            } catch (NoSuchFieldError unused4) {
            }
            try {
                $SwitchMap$org$apache$wss4j$policy$SPConstants$IncludeTokenType[SPConstants.IncludeTokenType.INCLUDE_TOKEN_ONCE.ordinal()] = 2;
            } catch (NoSuchFieldError unused5) {
            }
            try {
                $SwitchMap$org$apache$wss4j$policy$SPConstants$IncludeTokenType[SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT.ordinal()] = 3;
            } catch (NoSuchFieldError unused6) {
            }
            try {
                $SwitchMap$org$apache$wss4j$policy$SPConstants$IncludeTokenType[SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_INITIATOR.ordinal()] = 4;
            } catch (NoSuchFieldError unused7) {
            }
            try {
                $SwitchMap$org$apache$wss4j$policy$SPConstants$IncludeTokenType[SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS.ordinal()] = 5;
            } catch (NoSuchFieldError unused8) {
            }
        }
    }

    public TokenAssertionState(AbstractSecurityAssertion abstractSecurityAssertion, boolean z, PolicyAsserter policyAsserter, boolean z2) {
        super(abstractSecurityAssertion, z);
        this.initiator = z2;
        this.policyAsserter = policyAsserter;
        if (policyAsserter == null) {
            this.policyAsserter = new DummyPolicyAsserter();
        }
        if (z) {
            AbstractToken abstractToken = (AbstractToken) getAssertion();
            getPolicyAsserter().assertPolicy(abstractToken);
            if (abstractToken.getDerivedKeys() != null) {
                AbstractToken.DerivedKeys derivedKeys = abstractToken.getDerivedKeys();
                getPolicyAsserter().assertPolicy(new QName(abstractToken.getName().getNamespaceURI(), derivedKeys.name()));
            }
        }
    }

    public TokenAssertionState(AbstractSecurityAssertion abstractSecurityAssertion, boolean z, boolean z2) {
        this(abstractSecurityAssertion, z, null, z2);
    }

    @Override // org.apache.wss4j.policy.stax.Assertable
    public boolean assertEvent(SecurityEvent securityEvent) throws WSSPolicyException, XMLSecurityException {
        boolean z;
        if (isAsserted()) {
            return true;
        }
        TokenSecurityEvent<? extends SecurityToken> tokenSecurityEvent = (TokenSecurityEvent) securityEvent;
        AbstractToken abstractToken = (AbstractToken) getAssertion();
        AbstractSecurityAssertion parentAssertion = abstractToken.getParentAssertion();
        List<SecurityTokenConstants.TokenUsage> tokenUsages = tokenSecurityEvent.getSecurityToken().getTokenUsages();
        int i = 0;
        for (SecurityTokenConstants.TokenUsage tokenUsage : tokenUsages) {
            if (WSSecurityTokenConstants.TokenUsage_MainSignature.equals(tokenUsage)) {
                boolean z2 = this.initiator;
                if (z2) {
                    if (!(parentAssertion instanceof RecipientToken) && !(parentAssertion instanceof RecipientSignatureToken) && !(parentAssertion instanceof SignatureToken) && !(parentAssertion instanceof ProtectionToken) && !(parentAssertion instanceof TransportToken)) {
                        i++;
                    }
                }
                if (!z2 && !(parentAssertion instanceof InitiatorToken) && !(parentAssertion instanceof InitiatorSignatureToken) && !(parentAssertion instanceof SignatureToken) && !(parentAssertion instanceof ProtectionToken) && !(parentAssertion instanceof TransportToken)) {
                    i++;
                }
            } else {
                if (WSSecurityTokenConstants.TokenUsage_Signature.equals(tokenUsage)) {
                    throw new WSSPolicyException("Illegal token usage!");
                }
                if (WSSecurityTokenConstants.TokenUsage_MainEncryption.equals(tokenUsage)) {
                    boolean z3 = this.initiator;
                    if (z3) {
                        if (!(parentAssertion instanceof InitiatorToken) && !(parentAssertion instanceof InitiatorEncryptionToken) && !(parentAssertion instanceof EncryptionToken) && !(parentAssertion instanceof ProtectionToken) && !(parentAssertion instanceof TransportToken)) {
                            i++;
                        }
                    }
                    if (!z3 && !(parentAssertion instanceof RecipientToken) && !(parentAssertion instanceof RecipientEncryptionToken) && !(parentAssertion instanceof EncryptionToken) && !(parentAssertion instanceof ProtectionToken) && !(parentAssertion instanceof TransportToken)) {
                        i++;
                    }
                } else {
                    if (WSSecurityTokenConstants.TokenUsage_Encryption.equals(tokenUsage)) {
                        throw new WSSPolicyException("Illegal token usage!");
                    }
                    if (WSSecurityTokenConstants.TokenUsage_SupportingTokens.equals(tokenUsage) || WSSecurityTokenConstants.TokenUsage_SignedSupportingTokens.equals(tokenUsage) || WSSecurityTokenConstants.TokenUsage_EndorsingSupportingTokens.equals(tokenUsage) || WSSecurityTokenConstants.TokenUsage_SignedEndorsingSupportingTokens.equals(tokenUsage) || WSSecurityTokenConstants.TokenUsage_SignedEncryptedSupportingTokens.equals(tokenUsage) || WSSecurityTokenConstants.TokenUsage_EncryptedSupportingTokens.equals(tokenUsage) || WSSecurityTokenConstants.TokenUsage_EndorsingEncryptedSupportingTokens.equals(tokenUsage) || WSSecurityTokenConstants.TokenUsage_SignedEndorsingEncryptedSupportingTokens.equals(tokenUsage)) {
                        if (!(parentAssertion instanceof TransportToken)) {
                            if (parentAssertion instanceof SupportingTokens) {
                                String name = tokenUsage.getName();
                                String localPart = ((SupportingTokens) parentAssertion).getName().getLocalPart();
                                if (!name.equals(localPart)) {
                                    if (localPart.contains("Endorsing")) {
                                        if (!name.contains("Endorsing")) {
                                        }
                                    }
                                    if (localPart.startsWith("Signed")) {
                                        if (!name.startsWith("Signed")) {
                                        }
                                    }
                                    if (localPart.contains("Encrypted") && !name.contains("Encrypted")) {
                                    }
                                }
                            }
                            i++;
                        }
                    }
                }
            }
        }
        if (i >= tokenUsages.size()) {
            return true;
        }
        SPConstants.IncludeTokenType includeTokenType = abstractToken.getIncludeTokenType();
        boolean isIncludedInMessage = ((InboundSecurityToken) tokenSecurityEvent.getSecurityToken()).isIncludedInMessage();
        int i2 = AnonymousClass1.$SwitchMap$org$apache$wss4j$policy$SPConstants$IncludeTokenType[includeTokenType.ordinal()];
        if (i2 == 1) {
            if (isIncludedInMessage) {
                setErrorMessage("Token must not be included");
                z = false;
            }
            z = true;
        } else if (i2 == 3) {
            boolean z4 = this.initiator;
            if (z4 && isIncludedInMessage) {
                setErrorMessage("Token must not be included");
            } else {
                if (!z4 && !isIncludedInMessage) {
                    setErrorMessage("Token must be included");
                }
                z = true;
            }
            z = false;
        } else if (i2 != 4) {
            if (i2 == 5 && !isIncludedInMessage) {
                setErrorMessage("Token must be included");
                z = false;
            }
            z = true;
        } else {
            boolean z5 = this.initiator;
            if (!z5 || isIncludedInMessage) {
                if (!z5 && isIncludedInMessage) {
                    setErrorMessage("Token must not be included");
                }
                z = true;
            } else {
                setErrorMessage("Token must be included");
            }
            z = false;
        }
        boolean hasDerivedKeys = hasDerivedKeys(tokenSecurityEvent.getSecurityToken());
        String namespaceURI = getAssertion().getName().getNamespaceURI();
        if (abstractToken.getDerivedKeys() != null) {
            AbstractToken.DerivedKeys derivedKeys = abstractToken.getDerivedKeys();
            int i3 = AnonymousClass1.$SwitchMap$org$apache$wss4j$policy$model$AbstractToken$DerivedKeys[derivedKeys.ordinal()];
            if (i3 == 1 || i3 == 2 || i3 == 3) {
                if (hasDerivedKeys) {
                    getPolicyAsserter().assertPolicy(new QName(namespaceURI, derivedKeys.name()));
                } else {
                    setErrorMessage("Derived key must be used");
                    getPolicyAsserter().unassertPolicy(new QName(namespaceURI, derivedKeys.name()), "Derived key must be used");
                    z = false;
                }
            }
        } else if (hasDerivedKeys) {
            setErrorMessage("Derived key must not be used");
            z = false;
        }
        boolean assertToken = assertToken(tokenSecurityEvent, abstractToken) & z;
        if (assertToken) {
            setAsserted(true);
        }
        return assertToken || !(tokenUsages.contains(WSSecurityTokenConstants.TokenUsage_MainSignature) || tokenUsages.contains(WSSecurityTokenConstants.TokenUsage_MainEncryption));
    }

    public abstract boolean assertToken(TokenSecurityEvent<? extends SecurityToken> tokenSecurityEvent, AbstractToken abstractToken) throws WSSPolicyException, XMLSecurityException;

    /* JADX INFO: Access modifiers changed from: protected */
    public PolicyAsserter getPolicyAsserter() {
        return this.policyAsserter;
    }

    protected boolean hasDerivedKeys(SecurityToken securityToken) throws XMLSecurityException {
        if (securityToken == null) {
            return false;
        }
        boolean z = true;
        if (WSSecurityTokenConstants.DerivedKeyToken.equals(securityToken.getTokenType())) {
            return true;
        }
        if (securityToken.getWrappedTokens().size() == 0) {
            return false;
        }
        for (int i = 0; i < securityToken.getWrappedTokens().size(); i++) {
            z &= hasDerivedKeys(securityToken.getWrappedTokens().get(i));
        }
        return z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isInitiator() {
        return this.initiator;
    }
}
