package weblogic.wsee.security.policy12.assertions;

import java.util.List;
import javax.xml.namespace.QName;
import org.w3c.dom.Node;
import weblogic.wsee.security.wss.plan.helper.XpathNodesHelper;
import weblogic.wsee.security.wss.policy.SecurityPolicyArchitectureException;

/* loaded from: input_file:weblogic/wsee/security/policy12/assertions/EncryptedElements.class */
public class EncryptedElements extends XPathElements {
    public static final String ENCRYPTED_ELEMENTS = "EncryptedElements";

    @Override // weblogic.wsee.security.policy12.assertions.XPathElements
    public boolean isRequired() {
        return false;
    }

    @Override // weblogic.wsee.policy.framework.PolicyAssertion
    public QName getName() {
        return new QName(getNamespace(), ENCRYPTED_ELEMENTS, SecurityPolicy12Constants.SP_PREFIX);
    }

    public static void isValidElement(List<Node> list, boolean z) throws SecurityPolicyArchitectureException {
        for (int i = 0; i < list.size(); i++) {
            isValidElement(list.get(i), z);
        }
    }

    public static void isValidElement(Node node, boolean z) throws SecurityPolicyArchitectureException {
        String elementPath = XpathNodesHelper.getElementPath(node);
        if (elementPath == null) {
            return;
        }
        if (!elementPath.startsWith("/http://schemas.xmlsoap.org/soap/envelope/:Envelope/") && !elementPath.startsWith("/http://www.w3.org/2003/05/soap-envelope:Envelope/")) {
            throw new SecurityPolicyArchitectureException("Error validating EncryptedElement assertion for element <" + elementPath + ">: nodelist does not contain a SOAP Envelope element");
        }
        if (!z && (elementPath.compareTo("/http://schemas.xmlsoap.org/soap/envelope/:Envelope/http://schemas.xmlsoap.org/soap/envelope/:Body") == 0 || elementPath.compareTo("/http://www.w3.org/2003/05/soap-envelope:Envelope/http://www.w3.org/2003/05/soap-envelope:Body") == 0)) {
            throw new SecurityPolicyArchitectureException("Error validating EncryptedElement assertion for element <" + elementPath + ">: EncryptedElement assertion may not encrypt the entire SOAPBody element");
        }
        if (elementPath.compareTo("/http://schemas.xmlsoap.org/soap/envelope/:Envelope/http://schemas.xmlsoap.org/soap/envelope/:Header") == 0 || elementPath.compareTo("/http://www.w3.org/2003/05/soap-envelope:Envelope/http://www.w3.org/2003/05/soap-envelope:Header") == 0) {
            throw new SecurityPolicyArchitectureException("Error validating EncryptedElement assertion for element <" + elementPath + ">: EncryptedElement assertion may not encrypt the entire SOAPHeader element");
        }
        if ((elementPath.startsWith("/http://schemas.xmlsoap.org/soap/envelope/:Envelope/http://schemas.xmlsoap.org/soap/envelope/:Header") || elementPath.startsWith("/http://www.w3.org/2003/05/soap-envelope:Envelope/http://www.w3.org/2003/05/soap-envelope:Header")) && node.getLocalName().compareTo("Security") == 0 && node.getNamespaceURI().compareTo("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd") == 0) {
            throw new SecurityPolicyArchitectureException("Error validating EncryptedElement assertion for element <" + elementPath + ">: the wsse:Security header may not be encrypted");
        }
    }
}
