package weblogic.wsee.security.wss.plan;

import java.util.List;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import weblogic.wsee.jaxrpc.WLStub;
import weblogic.wsee.policy.util.PolicySelectionPreference;
import weblogic.wsee.security.policy.SecurityToken;
import weblogic.wsee.security.wss.plan.fact.SecurityTokenFactory;
import weblogic.wsee.security.wss.plan.helper.SecurityPolicyBlueprintHelper;
import weblogic.wsee.security.wss.plan.helper.TokenReferenceTypeHelper;
import weblogic.wsee.security.wss.policy.SecurityPolicyArchitectureException;
import weblogic.wsee.security.wssc.dk.DKClaims;
import weblogic.wsee.security.wssp.AsymmetricBindingInfo;
import weblogic.wsee.security.wssp.InitiatorTokenAssertion;
import weblogic.wsee.security.wssp.IntegrityAssertion;
import weblogic.wsee.security.wssp.ProtectionTokenAssertion;
import weblogic.wsee.security.wssp.RecipientTokenAssertion;
import weblogic.wsee.security.wssp.SamlTokenAssertion;
import weblogic.wsee.security.wssp.SecureConversationTokenAssertion;
import weblogic.wsee.security.wssp.SecurityPolicyAssertionInfo;
import weblogic.wsee.security.wssp.SupportingTokensAssertion;
import weblogic.wsee.security.wssp.SymmetricBindingInfo;
import weblogic.wsee.security.wssp.TransportBindingInfo;
import weblogic.wsee.security.wssp.X509TokenAssertion;
import weblogic.xml.crypto.encrypt.api.EncryptionMethod;
import weblogic.xml.crypto.wss.WSSecurityException;
import weblogic.xml.crypto.wss11.internal.SecurityBuilder;
import weblogic.xml.crypto.wss11.internal.SecurityValidator;
import weblogic.xml.crypto.wss11.internal.WSS11Constants;

/* loaded from: input_file:weblogic/wsee/security/wss/plan/SecurityPolicyBlueprintDesigner.class */
public class SecurityPolicyBlueprintDesigner {
    private static final Logger LOGGER = Logger.getLogger(SecurityPolicyBlueprintDesigner.class.getName());
    private static final int ITA = 3;
    private static final int IETA = 2;
    private static final int ISTA = 1;
    private static final int RTA = 12;
    private static final int RETA = 4;
    private static final int RSTA = 8;
    private SecurityPolicyBlueprintPlotter blueprintPlotter;

    public SecurityPolicyBlueprintDesigner(SecurityBuilder securityBuilder) {
        if (null == securityBuilder) {
            throw new IllegalArgumentException("Null security builder found");
        }
        this.blueprintPlotter = new SecurityPolicyBlueprintPlotter(securityBuilder);
    }

    public SecurityPolicyBlueprintDesigner(SecurityValidator securityValidator) {
        if (null == securityValidator) {
            throw new IllegalArgumentException("Null security builder found");
        }
        this.blueprintPlotter = new SecurityPolicyBlueprintPlotter(securityValidator);
    }

    public SecurityPolicyBlueprint getBlueprint() {
        return this.blueprintPlotter.getBlueprint();
    }

    public void designOutboundBlueprint(SecurityPolicyAssertionInfo securityPolicyAssertionInfo, Map<String, Object> map, boolean z) throws WSSecurityException, SecurityPolicyArchitectureException {
        if (null == securityPolicyAssertionInfo) {
            throw new IllegalArgumentException("Null SecurityPolicyAssertionInfo found");
        }
        this.blueprintPlotter.drawPolicySelectionPreference((PolicySelectionPreference) map.get("weblogic.wsee.policy.selection.preference"));
        this.blueprintPlotter.drawPolicyCompatibilityPreference((String) map.get(WLStub.POLICY_COMPATIBILITY_PREFERENCE), securityPolicyAssertionInfo.getNamespaceUri());
        this.blueprintPlotter.drawWss10Options(securityPolicyAssertionInfo.getWss10Options());
        this.blueprintPlotter.drawWss11Options(securityPolicyAssertionInfo.getWss11Options(), z);
        this.blueprintPlotter.drawTrustOptions(securityPolicyAssertionInfo.getWsTrustOptions());
        if (null != securityPolicyAssertionInfo.getTransportBindingInfo()) {
            processTransportBindingInfoPolicy(securityPolicyAssertionInfo, securityPolicyAssertionInfo.getTransportBindingInfo(), map);
        }
        if (null != securityPolicyAssertionInfo.getAsymmetricBindingInfo()) {
            processAsymmetricBindingPolicy(securityPolicyAssertionInfo, map, z);
        }
        if (null != securityPolicyAssertionInfo.getSymmetricBindingInfo()) {
            processSymmetricBindingPolicy(securityPolicyAssertionInfo, map, z);
        }
        this.blueprintPlotter.drawIntegrity(securityPolicyAssertionInfo.getIntegrityAssertions());
        this.blueprintPlotter.drawConfidentiality(securityPolicyAssertionInfo.getConfidentialityAssertions());
        if (null != securityPolicyAssertionInfo.getSupportingTokensAssertion()) {
            processSupportingTokensAssertionPolicy(securityPolicyAssertionInfo);
        }
        this.blueprintPlotter.drawProtectionAssertion(securityPolicyAssertionInfo.getProtectionAssertions());
        verifyPolicy(securityPolicyAssertionInfo, z);
    }

    private void processAsymmetricBindingPolicy(SecurityPolicyAssertionInfo securityPolicyAssertionInfo, Map<String, Object> map, boolean z) throws WSSecurityException, SecurityPolicyArchitectureException {
        AsymmetricBindingInfo asymmetricBindingInfo = securityPolicyAssertionInfo.getAsymmetricBindingInfo();
        if (null == asymmetricBindingInfo) {
            return;
        }
        if (null != asymmetricBindingInfo.getAlgorithm()) {
            this.blueprintPlotter.drawAsymmetricBindingAlgorithm(securityPolicyAssertionInfo.getAlgorithmSuiteInfo());
        }
        if (asymmetricBindingInfo.isTokenProtectionRequired()) {
            if (!asymmetricBindingInfo.isTokenProtectionOptional() || this.blueprintPlotter.isSecurityFirst()) {
                this.blueprintPlotter.getBlueprint().getSigningPolicy().setTokenProtection(true);
                this.blueprintPlotter.getBlueprint().getEndorsingPolicy().setTokenProtection(true);
            } else {
                if (LOGGER.isLoggable(Level.FINE)) {
                    LOGGER.log(Level.FINE, "\"The TokenProtection is off  due to it is optional and security is not a preference");
                }
                this.blueprintPlotter.getBlueprint().getSigningPolicy().setTokenProtection(false);
                this.blueprintPlotter.getBlueprint().getEndorsingPolicy().setTokenProtection(false);
            }
        }
        if (asymmetricBindingInfo.isSignatureProtectionRequired()) {
            this.blueprintPlotter.drawSignatureProtection(asymmetricBindingInfo.isSignatureProtectionOptional());
        }
        if (asymmetricBindingInfo.isEncryptBeforeSigning()) {
            if (!asymmetricBindingInfo.isEncryptBeforeSigningOptional() || this.blueprintPlotter.isSecurityFirst()) {
                this.blueprintPlotter.drawEncryptBeforeSigning();
            } else if (LOGGER.isLoggable(Level.FINE)) {
                LOGGER.log(Level.FINE, "The Encrypt Before Signning is off due to it is optional and security is not a preference");
            }
        }
        this.blueprintPlotter.drawLayOut(asymmetricBindingInfo.getLayout());
        this.blueprintPlotter.drawTimestamp(asymmetricBindingInfo, map);
        this.blueprintPlotter.setAlgorithmSuiteInfo(securityPolicyAssertionInfo.getAlgorithmSuiteInfo());
        X509TokenAssertion x509TokenAssertion = null;
        SamlTokenAssertion samlTokenAssertion = null;
        X509TokenAssertion x509TokenAssertion2 = null;
        int i = 0;
        if (null != asymmetricBindingInfo.getInitiatorTokenAssertion()) {
            i = 0 | 3;
            x509TokenAssertion = asymmetricBindingInfo.getInitiatorTokenAssertion().getX509TokenAssertion();
            samlTokenAssertion = asymmetricBindingInfo.getInitiatorTokenAssertion().getSamlTokenAssertion();
        }
        if (null != asymmetricBindingInfo.getRecipientTokenAssertion()) {
            i |= 12;
            x509TokenAssertion2 = asymmetricBindingInfo.getRecipientTokenAssertion().getX509TokenAssertion();
        }
        if (null != asymmetricBindingInfo.getInitiatorEncryptionTokenAssertion()) {
            i |= 2;
            if (x509TokenAssertion != null) {
                throw new SecurityPolicyArchitectureException("Duplicate X509TokenAssertion in InitiatorTokenAssertion.");
            }
            x509TokenAssertion = asymmetricBindingInfo.getInitiatorEncryptionTokenAssertion().getX509TokenAssertion();
            if (samlTokenAssertion != null) {
                throw new SecurityPolicyArchitectureException("Duplicate SamlTokenAssertion in InitiatorTokenAssertion.");
            }
            samlTokenAssertion = asymmetricBindingInfo.getInitiatorEncryptionTokenAssertion().getSamlTokenAssertion();
        }
        if (null != asymmetricBindingInfo.getRecipientEncryptionTokenAssertion()) {
            i |= 4;
            if (x509TokenAssertion2 != null) {
                throw new SecurityPolicyArchitectureException("Duplicate X509TokenAssertion in RecipientTokenAssertion.");
            }
            x509TokenAssertion2 = asymmetricBindingInfo.getRecipientEncryptionTokenAssertion().getX509TokenAssertion();
        }
        if (null != asymmetricBindingInfo.getInitiatorSignatureTokenAssertion()) {
            i |= 1;
            if (x509TokenAssertion != null) {
                throw new SecurityPolicyArchitectureException("Duplicate X509TokenAssertion in InitiatorTokenAssertion.");
            }
            x509TokenAssertion = asymmetricBindingInfo.getInitiatorSignatureTokenAssertion().getX509TokenAssertion();
            if (samlTokenAssertion != null) {
                throw new SecurityPolicyArchitectureException("Duplicate SamlTokenAssertion in InitiatorTokenAssertion.");
            }
            samlTokenAssertion = asymmetricBindingInfo.getInitiatorSignatureTokenAssertion().getSamlTokenAssertion();
        }
        if (null != asymmetricBindingInfo.getRecipientSignatureTokenAssertion()) {
            i |= 8;
            if (x509TokenAssertion2 != null) {
                throw new SecurityPolicyArchitectureException("Duplicate X509TokenAssertion in RecipientTokenAssertion.");
            }
            x509TokenAssertion2 = asymmetricBindingInfo.getRecipientSignatureTokenAssertion().getX509TokenAssertion();
        }
        processInitiatorAndRecipientToken(x509TokenAssertion, samlTokenAssertion, x509TokenAssertion2, i, z);
        if (asymmetricBindingInfo.isEntireHeaderAndBodySignatureRequired() && this.blueprintPlotter.getBlueprint().getSigningPolicy().hasSignatureToken()) {
            if (!asymmetricBindingInfo.isEntireHeaderAndBodySignatureOptional() || this.blueprintPlotter.isSecurityFirst()) {
                this.blueprintPlotter.drawOneSignatureItem("Body");
                this.blueprintPlotter.drawOneSignatureItem("Header");
            } else if (LOGGER.isLoggable(Level.FINE)) {
                LOGGER.log(Level.FINE, "Skip the OnlySignEntrieHeaderAndBody assertion due to it is optional and security is not a preference");
            }
        }
        if (z) {
        }
    }

    private void processInitiatorAndRecipientToken(X509TokenAssertion x509TokenAssertion, SamlTokenAssertion samlTokenAssertion, X509TokenAssertion x509TokenAssertion2, int i, boolean z) throws SecurityPolicyArchitectureException {
        if (x509TokenAssertion2 == null) {
            if (LOGGER.isLoggable(Level.FINE)) {
                LOGGER.log(Level.FINE, "No X509TokenAssertion in RecipientTokenAssertion.");
            }
            if ((i & 2) == 2 || (i & 8) == 8) {
                throw new SecurityPolicyArchitectureException("Unable to find X509TokenAssertion in RecipientTokenAssertion.");
            }
        }
        if (x509TokenAssertion == null && samlTokenAssertion == null) {
            throw new SecurityPolicyArchitectureException("Unable to find X509TokenAssertion or SamlTokenAssertion in InitiatorTokenAssertion.");
        }
        SecurityToken securityToken = null;
        SecurityToken securityToken2 = null;
        if (z) {
            if ((i & 1) == 1) {
                securityToken = x509TokenAssertion != null ? SecurityTokenFactory.makeSecurityTokenForSignature(x509TokenAssertion, SecurityPolicyBlueprintHelper.shouldIncludeToken(x509TokenAssertion.getTokenInclusion(), true), getBlueprint().getGeneralPolicy()) : SecurityTokenFactory.makeSecurityToken(samlTokenAssertion, SecurityPolicyBlueprintHelper.shouldIncludeToken(samlTokenAssertion.getTokenInclusion(), true), getBlueprint().getGeneralPolicy());
            }
            if ((i & 2) == 2) {
                securityToken2 = SecurityTokenFactory.makeSecurityToken(x509TokenAssertion2, SecurityPolicyBlueprintHelper.shouldIncludeToken(x509TokenAssertion2.getTokenInclusion(), true), getBlueprint().getGeneralPolicy());
            }
        } else {
            if ((i & 8) == 8) {
                securityToken = SecurityTokenFactory.makeSecurityTokenForSignatureResponse(x509TokenAssertion2, SecurityPolicyBlueprintHelper.shouldIncludeToken(x509TokenAssertion2.getTokenInclusion(), false), getBlueprint().getGeneralPolicy(), getBlueprint().isForValidator());
            }
            if ((i & 4) == 4) {
                securityToken2 = x509TokenAssertion != null ? SecurityTokenFactory.makeSecurityToken(x509TokenAssertion, SecurityPolicyBlueprintHelper.shouldIncludeToken(x509TokenAssertion.getTokenInclusion(), false), getBlueprint().getGeneralPolicy()) : SecurityTokenFactory.makeSecurityToken(samlTokenAssertion, SecurityPolicyBlueprintHelper.shouldIncludeToken(samlTokenAssertion.getTokenInclusion(), false), getBlueprint().getGeneralPolicy());
            }
        }
        if (null != securityToken) {
            this.blueprintPlotter.getBlueprint().getSigningPolicy().addSignatureToken(securityToken);
        }
        if (null != securityToken2) {
            this.blueprintPlotter.getBlueprint().getEncryptionPolicy().addEncryptionToken(securityToken2);
        }
    }

    private boolean processInitiatorAndRecipientToken(AsymmetricBindingInfo asymmetricBindingInfo, boolean z) throws WSSecurityException, SecurityPolicyArchitectureException {
        SecurityToken makeSecurityTokenForSignatureResponse;
        SecurityToken makeSecurityToken;
        InitiatorTokenAssertion initiatorTokenAssertion = asymmetricBindingInfo.getInitiatorTokenAssertion();
        RecipientTokenAssertion recipientTokenAssertion = asymmetricBindingInfo.getRecipientTokenAssertion();
        if (initiatorTokenAssertion == null || recipientTokenAssertion == null) {
            return false;
        }
        X509TokenAssertion x509TokenAssertion = initiatorTokenAssertion.getX509TokenAssertion();
        SamlTokenAssertion samlTokenAssertion = initiatorTokenAssertion.getSamlTokenAssertion();
        X509TokenAssertion x509TokenAssertion2 = recipientTokenAssertion.getX509TokenAssertion();
        if (x509TokenAssertion2 == null) {
            throw new SecurityPolicyArchitectureException("Unable to find X509TokenAssertion in RecipientTokenAssertion.");
        }
        if (z) {
            if (x509TokenAssertion != null) {
                makeSecurityTokenForSignatureResponse = SecurityTokenFactory.makeSecurityTokenForSignature(x509TokenAssertion, SecurityPolicyBlueprintHelper.shouldIncludeToken(x509TokenAssertion.getTokenInclusion(), true), getBlueprint().getGeneralPolicy());
            } else {
                if (samlTokenAssertion == null) {
                    throw new SecurityPolicyArchitectureException("Unable to find X509TokenAssertion or SamlTokenAssertion in InitiatorTokenAssertion.");
                }
                makeSecurityTokenForSignatureResponse = SecurityTokenFactory.makeSecurityToken(samlTokenAssertion, SecurityPolicyBlueprintHelper.shouldIncludeToken(samlTokenAssertion.getTokenInclusion(), true), getBlueprint().getGeneralPolicy());
            }
            makeSecurityToken = SecurityTokenFactory.makeSecurityToken(x509TokenAssertion2, SecurityPolicyBlueprintHelper.shouldIncludeToken(x509TokenAssertion2.getTokenInclusion(), true), getBlueprint().getGeneralPolicy());
        } else {
            makeSecurityTokenForSignatureResponse = SecurityTokenFactory.makeSecurityTokenForSignatureResponse(x509TokenAssertion2, SecurityPolicyBlueprintHelper.shouldIncludeToken(x509TokenAssertion2.getTokenInclusion(), false), getBlueprint().getGeneralPolicy(), getBlueprint().isForValidator());
            if (x509TokenAssertion != null) {
                makeSecurityToken = SecurityTokenFactory.makeSecurityToken(x509TokenAssertion, SecurityPolicyBlueprintHelper.shouldIncludeToken(x509TokenAssertion.getTokenInclusion(), false), getBlueprint().getGeneralPolicy());
            } else {
                if (samlTokenAssertion == null) {
                    throw new SecurityPolicyArchitectureException("Unable to find X509TokenAssertion or SamlTokenAssertion in InitiatorTokenAssertion.");
                }
                makeSecurityToken = SecurityTokenFactory.makeSecurityToken(samlTokenAssertion, SecurityPolicyBlueprintHelper.shouldIncludeToken(samlTokenAssertion.getTokenInclusion(), false), getBlueprint().getGeneralPolicy());
            }
        }
        this.blueprintPlotter.getBlueprint().getSigningPolicy().addSignatureToken(makeSecurityTokenForSignatureResponse);
        this.blueprintPlotter.getBlueprint().getEncryptionPolicy().addEncryptionToken(makeSecurityToken);
        return true;
    }

    private void processSymmetricBindingPolicy(SecurityPolicyAssertionInfo securityPolicyAssertionInfo, Map<String, Object> map, boolean z) throws WSSecurityException, SecurityPolicyArchitectureException {
        X509TokenAssertion x509TokenAssertion;
        X509TokenAssertion x509TokenAssertion2;
        SymmetricBindingInfo symmetricBindingInfo = securityPolicyAssertionInfo.getSymmetricBindingInfo();
        if (null == symmetricBindingInfo) {
            return;
        }
        getBlueprint().setSymmeticPlan(true);
        this.blueprintPlotter.setAlgorithmSuiteInfo(securityPolicyAssertionInfo.getAlgorithmSuiteInfo());
        if (null != symmetricBindingInfo.getProtectionTokenAssertion()) {
            ProtectionTokenAssertion protectionTokenAssertion = symmetricBindingInfo.getProtectionTokenAssertion();
            X509TokenAssertion x509TokenAssertion3 = protectionTokenAssertion.getX509TokenAssertion();
            if (null != x509TokenAssertion3) {
                boolean shouldIncludeToken = SecurityPolicyBlueprintHelper.shouldIncludeToken(x509TokenAssertion3.getTokenInclusion(), z);
                if (null == x509TokenAssertion3.getX509TokenType()) {
                    throw new SecurityPolicyArchitectureException("Missing TokenType assertion");
                }
                SecurityToken makeSecurityToken = SecurityTokenFactory.makeSecurityToken(x509TokenAssertion3, shouldIncludeToken, getBlueprint().getGeneralPolicy());
                this.blueprintPlotter.getBlueprint().getSigningPolicy().addSignatureToken(makeSecurityToken);
                this.blueprintPlotter.getBlueprint().getEncryptionPolicy().addEncryptionToken(makeSecurityToken);
                boolean z2 = false;
                if (x509TokenAssertion3.requireDerivedKey()) {
                    boolean z3 = true;
                    if (x509TokenAssertion3.isDerivedKeyOptional()) {
                        if (!z && map.get(SecurityPolicyPlan.DERIVED_KEY_TOKEN) == null) {
                            z3 = false;
                            if (LOGGER.isLoggable(Level.FINE)) {
                                LOGGER.log(Level.FINE, "Skip the DK assertion due to it is optional with <sp:RequireDerivedKeys wsp:Optional=\"true\" /> and the DK token is not in the request");
                            }
                        } else if (!this.blueprintPlotter.isSecurityFirst()) {
                            z3 = false;
                            if (LOGGER.isLoggable(Level.FINE)) {
                                LOGGER.log(Level.FINE, "Skip the DK assertion due to it is optional with <sp:RequireDerivedKeys wsp:Optional=\"true\" /> and security is not a preference");
                            }
                        }
                    }
                    if (z3) {
                        makeSecurityToken.setTokenTypeUri(x509TokenAssertion3.getDerivedKeyTokenType(this.blueprintPlotter.getBlueprint().getGeneralPolicy().isWssc13())[0]);
                        makeSecurityToken.setDerivedFromTokenType(WSS11Constants.ENC_KEY_TOKEN_TYPE);
                        makeSecurityToken.setClaims(DKClaims.makeDKClaimsNode(this.blueprintPlotter.getBlueprint().getGeneralPolicy(), null, securityPolicyAssertionInfo.getAlgorithmSuiteInfo()));
                        this.blueprintPlotter.addBlueprintAction(512);
                        this.blueprintPlotter.drawSymmetricBindingAlgorithm(securityPolicyAssertionInfo.getAlgorithmSuiteInfo(), true);
                        makeSecurityToken.setEncryptionMethod(this.blueprintPlotter.getBlueprint().getEncryptionPolicy().getEncryptionMethod());
                        makeSecurityToken.setKeyWrapMethod(this.blueprintPlotter.getBlueprint().getEncryptionPolicy().getKeyWrapMethod());
                        this.blueprintPlotter.getBlueprint().getEncryptionPolicy().setKeyWrapMethod((EncryptionMethod) null);
                        makeSecurityToken.setStrTypesForDKBaseToken(makeSecurityToken.getStrTypes());
                        makeSecurityToken.setStrTypes(TokenReferenceTypeHelper.getSTRTypesForDK(makeSecurityToken.getTokenTypeUri()));
                        makeSecurityToken.setIncludeInMessage(true);
                        z2 = true;
                    }
                }
                if (!z2) {
                    if (symmetricBindingInfo.isEncryptedKeyRequired()) {
                        this.blueprintPlotter.drawEncyptedKeyAction();
                    }
                    if (null != symmetricBindingInfo.getAlgorithm()) {
                        this.blueprintPlotter.drawSymmetricBindingAlgorithm(securityPolicyAssertionInfo.getAlgorithmSuiteInfo(), true);
                    }
                }
            }
            SamlTokenAssertion samlTokenAssertion = protectionTokenAssertion.getSamlTokenAssertion();
            if (samlTokenAssertion != null) {
                SecurityToken makeSecurityToken2 = SecurityTokenFactory.makeSecurityToken(samlTokenAssertion, true, getBlueprint().getGeneralPolicy());
                this.blueprintPlotter.getBlueprint().getSigningPolicy().addSignatureToken(makeSecurityToken2);
                this.blueprintPlotter.getBlueprint().getEncryptionPolicy().addEncryptionToken(makeSecurityToken2);
                if (null != symmetricBindingInfo.getAlgorithm()) {
                    this.blueprintPlotter.drawSymmetricBindingAlgorithm(securityPolicyAssertionInfo.getAlgorithmSuiteInfo(), true);
                }
            }
            SecureConversationTokenAssertion secureConversationTokenAssertion = protectionTokenAssertion.getSecureConversationTokenAssertion();
            if (secureConversationTokenAssertion != null) {
                SecurityToken makeSecurityToken3 = SecurityTokenFactory.makeSecurityToken(secureConversationTokenAssertion, SecurityPolicyBlueprintHelper.shouldIncludeToken(secureConversationTokenAssertion.getTokenInclusion(), z), getBlueprint().getGeneralPolicy(), securityPolicyAssertionInfo.getAlgorithmSuiteInfo());
                this.blueprintPlotter.getBlueprint().getSigningPolicy().addSignatureToken(makeSecurityToken3);
                this.blueprintPlotter.getBlueprint().getEncryptionPolicy().addEncryptionToken(makeSecurityToken3);
                if (null != symmetricBindingInfo.getAlgorithm()) {
                    this.blueprintPlotter.drawSymmetricBindingAlgorithm(securityPolicyAssertionInfo.getAlgorithmSuiteInfo(), false);
                }
            }
        } else {
            if (null != symmetricBindingInfo.getEncryptionTokenAssertion() && null != (x509TokenAssertion2 = symmetricBindingInfo.getEncryptionTokenAssertion().getX509TokenAssertion())) {
                boolean shouldIncludeToken2 = SecurityPolicyBlueprintHelper.shouldIncludeToken(x509TokenAssertion2.getTokenInclusion(), z);
                if (null == x509TokenAssertion2.getX509TokenType()) {
                    throw new SecurityPolicyArchitectureException("Missing TokenType assertion");
                }
                this.blueprintPlotter.getBlueprint().getEncryptionPolicy().addEncryptionToken(SecurityTokenFactory.makeSecurityToken(x509TokenAssertion2, shouldIncludeToken2, getBlueprint().getGeneralPolicy()));
            }
            if (null != symmetricBindingInfo.getSignatureTokenAssertion() && null != (x509TokenAssertion = symmetricBindingInfo.getSignatureTokenAssertion().getX509TokenAssertion())) {
                boolean shouldIncludeToken3 = SecurityPolicyBlueprintHelper.shouldIncludeToken(x509TokenAssertion.getTokenInclusion(), z);
                if (null == x509TokenAssertion.getX509TokenType()) {
                    throw new SecurityPolicyArchitectureException("Missing TokenType assertion");
                }
                this.blueprintPlotter.getBlueprint().getEncryptionPolicy().addEncryptionToken(SecurityTokenFactory.makeSecurityToken(x509TokenAssertion, shouldIncludeToken3, getBlueprint().getGeneralPolicy()));
            }
        }
        if (symmetricBindingInfo.isEntireHeaderAndBodySignatureRequired()) {
            if (!symmetricBindingInfo.isEntireHeaderAndBodySignatureOptional() || this.blueprintPlotter.isSecurityFirst()) {
                this.blueprintPlotter.drawOneSignatureItem("Body");
                this.blueprintPlotter.drawOneSignatureItem("Header");
            } else if (LOGGER.isLoggable(Level.FINE)) {
                LOGGER.log(Level.FINE, "Skip the OnlySignEntrieHeaderAndBody assertion due to it is optional and security is not a preference");
            }
        }
        if (symmetricBindingInfo.isTokenProtectionRequired()) {
            if (!symmetricBindingInfo.isTokenProtectionOptional() || this.blueprintPlotter.isSecurityFirst()) {
                this.blueprintPlotter.getBlueprint().getSigningPolicy().setTokenProtection(true);
                this.blueprintPlotter.getBlueprint().getEndorsingPolicy().setTokenProtection(true);
            } else {
                if (LOGGER.isLoggable(Level.FINE)) {
                    LOGGER.log(Level.FINE, "The TokenProtection is off due to it is optional and security is not a preference");
                }
                this.blueprintPlotter.getBlueprint().getSigningPolicy().setTokenProtection(false);
                this.blueprintPlotter.getBlueprint().getEndorsingPolicy().setTokenProtection(false);
            }
        }
        if (symmetricBindingInfo.isSignatureProtectionRequired()) {
            if (!symmetricBindingInfo.isSignatureProtectionOptional() || this.blueprintPlotter.isSecurityFirst()) {
                this.blueprintPlotter.drawSignatureProtection(symmetricBindingInfo.isSignatureProtectionOptional());
                this.blueprintPlotter.addBlueprintAction(8192);
            } else if (LOGGER.isLoggable(Level.FINE)) {
                LOGGER.log(Level.FINE, "The SignatureProtection is off due to it is optional and security is not a preference");
            }
        }
        if (symmetricBindingInfo.isEncryptBeforeSigning()) {
            if (!symmetricBindingInfo.isEncryptBeforeSigningOptional() || this.blueprintPlotter.isSecurityFirst()) {
                this.blueprintPlotter.drawEncryptBeforeSigning();
                this.blueprintPlotter.addBlueprintAction(4096);
            } else if (LOGGER.isLoggable(Level.FINE)) {
                LOGGER.log(Level.FINE, "The Encrypt Before Signning is off due to it is optional and security is not a preference");
            }
        }
        this.blueprintPlotter.drawLayOut(symmetricBindingInfo.getLayout());
        this.blueprintPlotter.drawTimestamp(symmetricBindingInfo, map);
    }

    private void processSupportingTokensAssertionPolicy(SecurityPolicyAssertionInfo securityPolicyAssertionInfo) throws WSSecurityException, SecurityPolicyArchitectureException {
        this.blueprintPlotter.setPolicyInfo(securityPolicyAssertionInfo);
        SupportingTokensAssertion supportingTokensAssertion = securityPolicyAssertionInfo.getSupportingTokensAssertion();
        if (supportingTokensAssertion.hasSupportingTokens()) {
            this.blueprintPlotter.drawSupportingToken(supportingTokensAssertion.getSupportingTokens(), supportingTokensAssertion.getSecurityInfoOfSupportingTokens(), 0);
        }
        if (supportingTokensAssertion.hasEncryptedSupportingTokens()) {
            this.blueprintPlotter.drawSupportingToken(supportingTokensAssertion.getEncryptedSupportingTokens(), supportingTokensAssertion.getSecurityInfoOfSignedEncryptedSupportingTokens(), 5);
        }
        if (supportingTokensAssertion.hasSignedSupportingTokens()) {
            this.blueprintPlotter.drawSupportingToken(supportingTokensAssertion.getSignedSupportingTokens(), supportingTokensAssertion.getSecurityInfoOfSignedSupportingTokens(), 1);
        }
        if (supportingTokensAssertion.hasEndorsingSupportingTokens()) {
            this.blueprintPlotter.drawSupportingToken(supportingTokensAssertion.getEndorsingSupportingTokens(), supportingTokensAssertion.getSecurityInfoOfEndorsingSupportingTokens(), 2);
            this.blueprintPlotter.addBlueprintAction(1024);
        }
        if (supportingTokensAssertion.hasSignedEndorsingSupportingTokens()) {
            this.blueprintPlotter.drawSupportingToken(supportingTokensAssertion.getSignedEndorsingSupportingTokens(), supportingTokensAssertion.getSecurityInfoOfSignedEndorsingSupportingTokens(), 3);
            this.blueprintPlotter.addBlueprintAction(3072);
        }
        if (supportingTokensAssertion.hasSignedEncryptedSupportingTokens()) {
            this.blueprintPlotter.drawSupportingToken(supportingTokensAssertion.getSignedEncryptedSupportingTokens(), supportingTokensAssertion.getSecurityInfoOfSignedEncryptedSupportingTokens(), 4);
        }
    }

    private void processTransportBindingInfoPolicy(SecurityPolicyAssertionInfo securityPolicyAssertionInfo, TransportBindingInfo transportBindingInfo, Map<String, Object> map) throws WSSecurityException, SecurityPolicyArchitectureException {
        this.blueprintPlotter.drawTimestamp(transportBindingInfo, map);
        this.blueprintPlotter.drawLayOut(transportBindingInfo.getLayout());
        this.blueprintPlotter.drawTransportToken(transportBindingInfo.getHttpsTokenAssertion());
        this.blueprintPlotter.setAlgorithmSuiteInfo(securityPolicyAssertionInfo.getAlgorithmSuiteInfo());
    }

    private void verifyPolicy(SecurityPolicyAssertionInfo securityPolicyAssertionInfo, boolean z) throws SecurityPolicyArchitectureException {
        List<IntegrityAssertion> integrityAssertions;
        if (!getBlueprint().getEncryptionPolicy().isPolicyValid()) {
            throw new SecurityPolicyArchitectureException("Invalid encryption policy");
        }
        if (!getBlueprint().getEndorsingPolicy().isPolicyValid()) {
            throw new SecurityPolicyArchitectureException("Invalid endorsing policy");
        }
        if (getBlueprint().getSigningPolicy().isPolicyValid() || (integrityAssertions = securityPolicyAssertionInfo.getIntegrityAssertions()) == null || integrityAssertions.size() <= 0) {
            return;
        }
        if (null != securityPolicyAssertionInfo.getAsymmetricBindingInfo() && null != securityPolicyAssertionInfo.getAsymmetricBindingInfo().getInitiatorSignatureTokenAssertion() && ((null == securityPolicyAssertionInfo.getAsymmetricBindingInfo().getRecipientTokenAssertion() || null == securityPolicyAssertionInfo.getAsymmetricBindingInfo().getRecipientSignatureTokenAssertion()) && !z)) {
            if (LOGGER.isLoggable(Level.FINE)) {
                LOGGER.log(Level.FINE, "The Signature policy is not verified, due to this is a response on InitiatorSignatureTokenAssertion only");
                return;
            }
            return;
        }
        for (IntegrityAssertion integrityAssertion : integrityAssertions) {
            if (integrityAssertion != null && (integrityAssertion.isSignedBodyRequired() || integrityAssertion.isSignedWsaHeadersRequired() || integrityAssertion.getSigningElements() != null || integrityAssertion.getSigningParts() != null)) {
                throw new SecurityPolicyArchitectureException("Invalid signing policy");
            }
        }
    }
}
