package weblogic.wsee.security.policy;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import weblogic.wsee.policy.framework.NormalizedExpression;
import weblogic.wsee.policy.framework.PolicyAlternative;
import weblogic.wsee.policy.framework.PolicyException;
import weblogic.wsee.security.policy.assertions.ConfidentialityAssertion;
import weblogic.wsee.security.policy.assertions.IdentityAssertion;
import weblogic.wsee.security.policy.assertions.IntegrityAssertion;
import weblogic.wsee.security.policy.assertions.xbeans.SecurityTokenType;
import weblogic.wsee.security.policy.assertions.xbeans.SupportedTokensType;
import weblogic.wsee.security.policy12.assertions.AsymmetricBinding;
import weblogic.wsee.security.policy12.assertions.EncryptedElements;
import weblogic.wsee.security.policy12.assertions.EncryptedParts;
import weblogic.wsee.security.policy12.assertions.RequiredParts;
import weblogic.wsee.security.policy12.assertions.SignedElements;
import weblogic.wsee.security.policy12.assertions.SignedParts;
import weblogic.wsee.security.policy12.assertions.SupportingTokens;
import weblogic.wsee.security.policy12.assertions.SymmetricBinding;
import weblogic.wsee.security.policy12.assertions.X509Token;
import weblogic.wsee.security.wss.policy.SecurityInspectionErrorCode;
import weblogic.wsee.security.wssp.AsymmetricBindingInfo;
import weblogic.wsee.security.wssp.InitiatorTokenAssertion;
import weblogic.wsee.security.wssp.SamlTokenAssertion;
import weblogic.wsee.security.wssp.SecurityPolicyAssertionInfo;
import weblogic.wsee.security.wssp.SecurityPolicyAssertionInfoFactory;
import weblogic.wsee.security.wssp.SupportingTokensAssertion;
import weblogic.wsee.security.wssp.SymmetricBindingInfo;
import weblogic.wsee.security.wssp.TokenAssertion;
import weblogic.wsee.security.wssp.UsernameTokenAssertion;

/* loaded from: input_file:weblogic/wsee/security/policy/SecurityPolicyAssertionHelper.class */
public class SecurityPolicyAssertionHelper {
    private static final Logger LOGGER = Logger.getLogger(SecurityPolicyAssertionHelper.class.getName());
    private static final boolean DEBUG = false;

    public static List<String> getAllSupportedTokenTypes(PolicyAlternative policyAlternative) {
        ArrayList arrayList = new ArrayList();
        if (policyAlternative == null) {
            return arrayList;
        }
        Iterator it = policyAlternative.getAssertions(IdentityAssertion.class).iterator();
        while (it.hasNext()) {
            SupportedTokensType supportedTokens = ((IdentityAssertion) it.next()).getXbean().getIdentity().getSupportedTokens();
            if (supportedTokens != null) {
                addTokenType(arrayList, supportedTokens.getSecurityTokenArray());
            }
        }
        Iterator it2 = policyAlternative.getAssertions(ConfidentialityAssertion.class).iterator();
        while (it2.hasNext()) {
            addTokenType(arrayList, ((ConfidentialityAssertion) it2.next()).getXbean().getConfidentiality().getKeyInfo().getSecurityTokenArray());
        }
        Iterator it3 = policyAlternative.getAssertions(IntegrityAssertion.class).iterator();
        while (it3.hasNext()) {
            SupportedTokensType supportedTokens2 = ((IntegrityAssertion) it3.next()).getXbean().getIntegrity().getSupportedTokens();
            if (supportedTokens2 != null) {
                addTokenType(arrayList, supportedTokens2.getSecurityTokenArray());
            }
        }
        return arrayList;
    }

    private static void addTokenType(List<String> list, SecurityTokenType[] securityTokenTypeArr) {
        for (SecurityTokenType securityTokenType : securityTokenTypeArr) {
            String tokenType = securityTokenType.getTokenType();
            if (!list.contains(tokenType)) {
                list.add(tokenType);
            }
            if (securityTokenType.isSetDerivedFromTokenType()) {
                String derivedFromTokenType = securityTokenType.getDerivedFromTokenType();
                if (!list.contains(derivedFromTokenType)) {
                    list.add(derivedFromTokenType);
                }
            }
        }
    }

    public static void checkLogicalError(NormalizedExpression normalizedExpression) throws PolicyException {
        if (normalizedExpression.getPolicyAlternatives() == null) {
            return;
        }
        int i = 0;
        Iterator it = normalizedExpression.getPolicyAlternatives().iterator();
        while (it.hasNext()) {
            int policyLogicalErrorDetector = policyLogicalErrorDetector((PolicyAlternative) it.next());
            if (policyLogicalErrorDetector == 0) {
                return;
            } else {
                i = policyLogicalErrorDetector;
            }
        }
        if (LOGGER.isLoggable(Level.FINE)) {
            LOGGER.log(Level.FINE, "Policy Error code = " + i + " Policy :\n" + normalizedExpression);
            System.err.println("Policy Error code = " + i + " Error Policy :\n" + normalizedExpression);
        }
        throw new PolicyException("Policy logical error found,  error code =" + i);
    }

    public static int policyLogicalErrorDetector(PolicyAlternative policyAlternative) {
        return policyLogicalErrorDetector(policyAlternative, false);
    }

    public static int policyLogicalErrorDetectorRuntime(PolicyAlternative policyAlternative) {
        return policyLogicalErrorDetector(policyAlternative, true);
    }

    private static int policyLogicalErrorDetector(PolicyAlternative policyAlternative, boolean z) {
        int checkTokenInclusion;
        int checkPartsError;
        if (null == policyAlternative) {
            throw new IllegalArgumentException("Null Policy Alternative");
        }
        if (policyAlternative.isEmpty()) {
            return 0;
        }
        if (z && (checkPartsError = checkPartsError(policyAlternative)) != 0) {
            return checkPartsError;
        }
        SecurityPolicyAssertionInfo securityPolicyAssertionInfo = SecurityPolicyAssertionInfoFactory.getSecurityPolicyAssertionInfo(policyAlternative);
        if (securityPolicyAssertionInfo == null || !securityPolicyAssertionInfo.isMessageSecurityEnabled()) {
            return 0;
        }
        return (!z || (checkTokenInclusion = checkTokenInclusion(securityPolicyAssertionInfo.getAsymmetricBindingInfo())) == 0) ? checkSamlError(securityPolicyAssertionInfo) : checkTokenInclusion;
    }

    private static int checkTokenInclusion(AsymmetricBindingInfo asymmetricBindingInfo) {
        if (null == asymmetricBindingInfo) {
            return 0;
        }
        TokenAssertion.TokenInclusion tokenInclusion = null;
        TokenAssertion.TokenInclusion tokenInclusion2 = null;
        if (asymmetricBindingInfo.getRecipientTokenAssertion() != null) {
            if (asymmetricBindingInfo.getRecipientTokenAssertion().getX509TokenAssertion() != null) {
                tokenInclusion2 = asymmetricBindingInfo.getRecipientTokenAssertion().getX509TokenAssertion().getTokenInclusion();
            }
        } else if (asymmetricBindingInfo.getRecipientSignatureTokenAssertion() != null) {
            if (asymmetricBindingInfo.getRecipientSignatureTokenAssertion().getX509TokenAssertion() != null) {
                tokenInclusion2 = asymmetricBindingInfo.getRecipientSignatureTokenAssertion().getX509TokenAssertion().getTokenInclusion();
            }
        } else if (asymmetricBindingInfo.getRecipientEncryptionTokenAssertion() != null && asymmetricBindingInfo.getRecipientEncryptionTokenAssertion().getX509TokenAssertion() != null) {
            tokenInclusion2 = asymmetricBindingInfo.getRecipientEncryptionTokenAssertion().getX509TokenAssertion().getTokenInclusion();
        }
        if (!TokenAssertion.TokenInclusion.TO_INITIATOR_ONLY.equals(tokenInclusion2) && !TokenAssertion.TokenInclusion.TO_RECIPIENT_ONLY.equals(tokenInclusion2)) {
            return 0;
        }
        if (asymmetricBindingInfo.getInitiatorTokenAssertion() != null) {
            if (asymmetricBindingInfo.getInitiatorTokenAssertion().getX509TokenAssertion() != null) {
                tokenInclusion = asymmetricBindingInfo.getInitiatorTokenAssertion().getX509TokenAssertion().getTokenInclusion();
            } else if (asymmetricBindingInfo.getInitiatorTokenAssertion().getSamlTokenAssertion() != null) {
                tokenInclusion = asymmetricBindingInfo.getInitiatorTokenAssertion().getSamlTokenAssertion().getTokenInclusion();
            }
        } else if (asymmetricBindingInfo.getInitiatorSignatureTokenAssertion() != null) {
            if (asymmetricBindingInfo.getInitiatorSignatureTokenAssertion().getX509TokenAssertion() != null) {
                tokenInclusion = asymmetricBindingInfo.getInitiatorSignatureTokenAssertion().getX509TokenAssertion().getTokenInclusion();
            } else if (asymmetricBindingInfo.getInitiatorSignatureTokenAssertion().getSamlTokenAssertion() != null) {
                tokenInclusion = asymmetricBindingInfo.getInitiatorSignatureTokenAssertion().getSamlTokenAssertion().getTokenInclusion();
            }
        } else if (asymmetricBindingInfo.getInitiatorEncryptionTokenAssertion() != null) {
            if (asymmetricBindingInfo.getInitiatorEncryptionTokenAssertion().getX509TokenAssertion() != null) {
                tokenInclusion = asymmetricBindingInfo.getInitiatorEncryptionTokenAssertion().getX509TokenAssertion().getTokenInclusion();
            } else if (asymmetricBindingInfo.getInitiatorEncryptionTokenAssertion().getSamlTokenAssertion() != null) {
                tokenInclusion = asymmetricBindingInfo.getInitiatorEncryptionTokenAssertion().getSamlTokenAssertion().getTokenInclusion();
            }
        }
        if (!tokenInclusion.equals(tokenInclusion2)) {
            return 0;
        }
        if (!LOGGER.isLoggable(Level.FINE)) {
            return SecurityInspectionErrorCode.POLICY_ERROR_X509_TOKEN_WRONG_INCLUSION;
        }
        LOGGER.log(Level.FINE, "Inititiator Token = " + tokenInclusion + " and Reciptient Token = " + tokenInclusion2);
        return SecurityInspectionErrorCode.POLICY_ERROR_X509_TOKEN_WRONG_INCLUSION;
    }

    private static int checkSamlError(SecurityPolicyAssertionInfo securityPolicyAssertionInfo) {
        SupportingTokensAssertion supportingTokensAssertion = securityPolicyAssertionInfo.getSupportingTokensAssertion();
        if (null == supportingTokensAssertion) {
            return 0;
        }
        AsymmetricBindingInfo asymmetricBindingInfo = securityPolicyAssertionInfo.getAsymmetricBindingInfo();
        SamlTokenAssertion samlTokenAssertion = null;
        SamlTokenAssertion samlTokenAssertion2 = null;
        UsernameTokenAssertion usernameTokenAssertion = null;
        if (asymmetricBindingInfo == null) {
            SymmetricBindingInfo symmetricBindingInfo = securityPolicyAssertionInfo.getSymmetricBindingInfo();
            if (symmetricBindingInfo != null) {
                if (symmetricBindingInfo.getProtectionTokenAssertion() != null) {
                    samlTokenAssertion = symmetricBindingInfo.getProtectionTokenAssertion().getSamlTokenAssertion();
                } else if (symmetricBindingInfo.getSignatureTokenAssertion() != null) {
                    samlTokenAssertion = symmetricBindingInfo.getSignatureTokenAssertion().getSamlTokenAssertion();
                }
            }
        } else {
            InitiatorTokenAssertion initiatorTokenAssertion = asymmetricBindingInfo.getInitiatorTokenAssertion();
            if (initiatorTokenAssertion != null) {
                samlTokenAssertion = initiatorTokenAssertion.getSamlTokenAssertion();
            } else if (asymmetricBindingInfo.getInitiatorSignatureTokenAssertion() != null) {
                samlTokenAssertion = asymmetricBindingInfo.getInitiatorSignatureTokenAssertion().getSamlTokenAssertion();
            }
        }
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(supportingTokensAssertion.getSignedSupportingTokens());
        arrayList.addAll(supportingTokensAssertion.getSupportingTokens());
        arrayList.addAll(supportingTokensAssertion.getSignedEncryptedSupportingTokens());
        arrayList.addAll(supportingTokensAssertion.getEncryptedSupportingTokens());
        if (arrayList.isEmpty()) {
            return 0;
        }
        for (int i = 0; i < arrayList.size(); i++) {
            if (arrayList.get(i) instanceof SamlTokenAssertion) {
                samlTokenAssertion2 = (SamlTokenAssertion) arrayList.get(i);
            }
            if (arrayList.get(i) instanceof UsernameTokenAssertion) {
                usernameTokenAssertion = (UsernameTokenAssertion) arrayList.get(i);
            }
        }
        if (samlTokenAssertion != null && samlTokenAssertion2 != null) {
            return SecurityInspectionErrorCode.POLICY_ERROR_SAML_TOKEN_DUPLICATE;
        }
        if ((samlTokenAssertion == null && samlTokenAssertion2 == null) || usernameTokenAssertion == null) {
            return 0;
        }
        return SecurityInspectionErrorCode.POLICY_ERROR_UNT_TOKEN_NOT_REQUIRED;
    }

    private static int checkPartsError(PolicyAlternative policyAlternative) {
        int i = 0;
        Set<RequiredParts> assertions = policyAlternative.getAssertions(RequiredParts.class);
        if (!assertions.isEmpty()) {
            for (RequiredParts requiredParts : assertions) {
                if (requiredParts.getBody() != null) {
                    if (LOGGER.isLoggable(Level.FINE)) {
                        LOGGER.log(Level.FINE, "Invalid policy for required body part");
                    }
                    i = 8416;
                }
                if (requiredParts.getUnknown() != null) {
                    if (LOGGER.isLoggable(Level.FINE)) {
                        LOGGER.log(Level.FINE, "Invalid policy for unknown required parts");
                    }
                    i = 8418;
                }
            }
        }
        Set assertions2 = policyAlternative.getAssertions(SignedParts.class);
        if (!assertions2.isEmpty()) {
            Iterator it = assertions2.iterator();
            while (it.hasNext()) {
                if (((SignedParts) it.next()).getUnknown() != null) {
                    if (LOGGER.isLoggable(Level.FINE)) {
                        LOGGER.log(Level.FINE, "Invalid policy for unkown signature part");
                    }
                    i = 8438;
                }
            }
        }
        Set assertions3 = policyAlternative.getAssertions(EncryptedParts.class);
        if (!assertions3.isEmpty()) {
            Iterator it2 = assertions3.iterator();
            while (it2.hasNext()) {
                if (((EncryptedParts) it2.next()).getUnknown() != null) {
                    if (LOGGER.isLoggable(Level.FINE)) {
                        LOGGER.log(Level.FINE, "Invalid policy for encryption unknow parts");
                    }
                    i = 8458;
                }
            }
        }
        return i;
    }

    public static boolean hasOptionalAttribute(PolicyAlternative policyAlternative) {
        Set assertions;
        X509Token x509Token;
        if (null == policyAlternative) {
            throw new IllegalArgumentException("Null Policy Alternative");
        }
        if (policyAlternative.isEmpty() || (assertions = policyAlternative.getAssertions()) == null || assertions.isEmpty()) {
            return false;
        }
        for (Object obj : assertions) {
            if (obj instanceof SymmetricBinding) {
                SymmetricBinding symmetricBinding = (SymmetricBinding) obj;
                if (symmetricBinding.getProtectionToken() != null && (x509Token = symmetricBinding.getProtectionToken().getX509Token()) != null && x509Token.getRequireDerivedKeys() != null && x509Token.getRequireDerivedKeys().isOptional()) {
                    return true;
                }
            } else if (obj instanceof SupportingTokens) {
                SupportingTokens supportingTokens = (SupportingTokens) obj;
                if (supportingTokens.getX509Token() != null && supportingTokens.getX509Token().getRequireDerivedKeys() != null && supportingTokens.getX509Token().getRequireDerivedKeys().isOptional()) {
                    return true;
                }
            } else if (obj instanceof EncryptedParts) {
            } else if (obj instanceof SignedParts) {
            }
        }
        return false;
    }

    public static PolicyAlternative getPolicyAlternativeWithoutOption(PolicyAlternative policyAlternative) {
        PolicyAlternative m619clone;
        Set assertions;
        X509Token x509Token;
        if (!hasOptionalAttribute(policyAlternative) || null == (m619clone = policyAlternative.m619clone()) || (assertions = m619clone.getAssertions()) == null || assertions.isEmpty()) {
            return null;
        }
        for (Object obj : assertions) {
            if (obj instanceof SymmetricBinding) {
                SymmetricBinding symmetricBinding = (SymmetricBinding) obj;
                if (symmetricBinding.getProtectionToken() != null && (x509Token = symmetricBinding.getProtectionToken().getX509Token()) != null && x509Token.getRequireDerivedKeys() != null) {
                    x509Token.setOptional(false);
                    x509Token.getRequireDerivedKeys().setOptional(false);
                }
            } else if (obj instanceof AsymmetricBinding) {
                AsymmetricBinding asymmetricBinding = (AsymmetricBinding) obj;
                if (asymmetricBinding.getInitiatorToken() != null && asymmetricBinding.getInitiatorToken().getX509Token() != null && asymmetricBinding.getInitiatorToken().getX509Token().getRequireDerivedKeys() != null) {
                    asymmetricBinding.getInitiatorToken().getX509Token().setOptional(false);
                    asymmetricBinding.getInitiatorToken().getX509Token().getRequireDerivedKeys().setOptional(false);
                }
            } else if (obj instanceof SupportingTokens) {
                SupportingTokens supportingTokens = (SupportingTokens) obj;
                supportingTokens.setOptional(false);
                if (supportingTokens.getX509Token() != null && supportingTokens.getX509Token().getRequireDerivedKeys() != null) {
                    supportingTokens.getX509Token().setOptional(false);
                    supportingTokens.getX509Token().getRequireDerivedKeys().setOptional(false);
                } else if (supportingTokens.getUsernameToken() != null) {
                    supportingTokens.getUsernameToken().setOptional(false);
                } else if (supportingTokens.getSamlToken() != null) {
                    supportingTokens.getSamlToken().setOptional(false);
                } else if (supportingTokens.getSecureConversationToken() != null) {
                    supportingTokens.getSecureConversationToken().setOptional(false);
                }
            } else if (obj instanceof EncryptedParts) {
                EncryptedParts encryptedParts = (EncryptedParts) obj;
                encryptedParts.setOptional(false);
                encryptedParts.setBodyOptional(false);
            } else if (obj instanceof SignedParts) {
                SignedParts signedParts = (SignedParts) obj;
                signedParts.setBodyOptional(false);
                signedParts.setOptional(false);
            } else if (obj instanceof EncryptedElements) {
                ((EncryptedElements) obj).setOptional(false);
            } else if (obj instanceof SignedElements) {
                ((SignedElements) obj).setOptional(false);
            }
        }
        return m619clone;
    }
}
