package weblogic.wsee.security.policy;

import com.bea.xml.XmlException;
import java.math.BigInteger;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.w3c.dom.Element;
import weblogic.wsee.policy.framework.PolicyAlternative;
import weblogic.wsee.policy.framework.PolicyException;
import weblogic.wsee.policy.framework.PolicyStatement;
import weblogic.wsee.policy.runtime.PolicyCustomizer;
import weblogic.wsee.security.configuration.WssConfiguration;
import weblogic.wsee.security.configuration.WssConfigurationException;
import weblogic.wsee.security.policy.assertions.ConfidentialityAssertion;
import weblogic.wsee.security.policy.assertions.IdentityAssertion;
import weblogic.wsee.security.policy.assertions.IntegrityAssertion;
import weblogic.wsee.security.policy.assertions.MessageAgeAssertion;
import weblogic.wsee.security.policy.assertions.SecurityPolicyConstants;
import weblogic.wsee.security.policy.assertions.xbeans.KeyInfoType;
import weblogic.wsee.security.policy.assertions.xbeans.MessageAgeDocument;
import weblogic.wsee.security.policy.assertions.xbeans.SecurityTokenType;
import weblogic.xml.crypto.utils.DOMUtils;
import weblogic.xml.crypto.wss.WSSecurityConfigurationException;
import weblogic.xml.crypto.wss.provider.Purpose;
import weblogic.xml.crypto.wss.provider.SecurityTokenPolicyInfo;

/* loaded from: input_file:weblogic/wsee/security/policy/SecurityPolicyCustomizer.class */
public class SecurityPolicyCustomizer implements PolicyCustomizer {
    private static final Logger LOGGER = Logger.getLogger(SecurityPolicyCustomizer.class.getName());
    private SecurityTokenPolicyInfo[] supportedTokenTypes = null;
    private WssConfiguration wssConfig;

    public SecurityPolicyCustomizer(WssConfiguration wssConfiguration) {
        this.wssConfig = wssConfiguration;
    }

    private void init() throws PolicyException {
        if (this.supportedTokenTypes == null) {
            try {
                List supprotedTokens = this.wssConfig.getSupprotedTokens();
                ArrayList arrayList = new ArrayList();
                for (Object obj : supprotedTokens) {
                    if (obj instanceof SecurityTokenPolicyInfo) {
                        if (LOGGER.isLoggable(Level.FINE)) {
                            LOGGER.log(Level.FINE, "Adding " + obj.getClass().getName() + " to customized list since it implements SecurityTokenPolicyInfo");
                        }
                        arrayList.add(obj);
                    }
                }
                this.supportedTokenTypes = (SecurityTokenPolicyInfo[]) arrayList.toArray(new SecurityTokenPolicyInfo[0]);
            } catch (WssConfigurationException e) {
                throw new PolicyException(e);
            }
        }
    }

    @Override // weblogic.wsee.policy.runtime.PolicyCustomizer
    public void process(String str, PolicyStatement policyStatement) throws PolicyException {
        init();
        PolicyAlternative policyAlternative = getPolicyAlternative(str, policyStatement);
        if (policyAlternative == null) {
            return;
        }
        handleIdentity(policyAlternative);
        handleIntegrity(policyAlternative);
        handlConfidentiality(policyAlternative);
        handleMessageAge(policyAlternative);
    }

    public static boolean isSecurityPolicyAbstract(String str, PolicyStatement policyStatement) throws PolicyException {
        PolicyAlternative policyAlternative = getPolicyAlternative(str, policyStatement);
        if (policyAlternative == null) {
            return false;
        }
        Iterator it = policyAlternative.getAssertions(IdentityAssertion.class).iterator();
        while (it.hasNext()) {
            if (isIdentityAbstract((IdentityAssertion) it.next())) {
                return true;
            }
        }
        Iterator it2 = policyAlternative.getAssertions(IntegrityAssertion.class).iterator();
        while (it2.hasNext()) {
            if (isIntegrityAbstract((IntegrityAssertion) it2.next())) {
                return true;
            }
        }
        Iterator it3 = policyAlternative.getAssertions(ConfidentialityAssertion.class).iterator();
        while (it3.hasNext()) {
            if (isConfidentialityAbstract((ConfidentialityAssertion) it3.next())) {
                return true;
            }
        }
        Iterator it4 = policyAlternative.getAssertions(MessageAgeAssertion.class).iterator();
        while (it4.hasNext()) {
            if (isMessageAgeAbstract(((MessageAgeAssertion) it4.next()).getXbean().getMessageAge())) {
                return true;
            }
        }
        return false;
    }

    private static PolicyAlternative getPolicyAlternative(String str, PolicyStatement policyStatement) throws PolicyException {
        return policyStatement.normalize().getPolicyAlternative();
    }

    public static boolean isIdentityAbstract(IdentityAssertion identityAssertion) {
        return identityAssertion.getXbean().getIdentity().getSupportedTokens() == null;
    }

    public static boolean isIntegrityAbstract(IntegrityAssertion integrityAssertion) {
        return integrityAssertion.getXbean().getIntegrity().getSupportedTokens() == null;
    }

    public static boolean isConfidentialityAbstract(ConfidentialityAssertion confidentialityAssertion) {
        SecurityTokenType[] securityTokenArray;
        KeyInfoType keyInfo = confidentialityAssertion.getXbean().getConfidentiality().getKeyInfo();
        return keyInfo == null || (securityTokenArray = keyInfo.getSecurityTokenArray()) == null || securityTokenArray.length == 0;
    }

    public static boolean isMessageAgeAbstract(MessageAgeDocument.MessageAge messageAge) {
        return !messageAge.isSetAge();
    }

    private void handleIdentity(PolicyAlternative policyAlternative) throws PolicyException {
        for (IdentityAssertion identityAssertion : policyAlternative.getAssertions(IdentityAssertion.class)) {
            if (isIdentityAbstract(identityAssertion)) {
                Element element = IdentityAssertion.getElement(identityAssertion.getXbean());
                Element createAndAddElement = DOMUtils.createAndAddElement(element, SecurityPolicyConstants.SUPPORTED_TOKENS_QNAME, DOMUtils.getPrefix("http://www.bea.com/wls90/security/policy", element));
                handleAbstractAssertions(createAndAddElement, Purpose.IDENTITY);
                element.appendChild(createAndAddElement);
                try {
                    identityAssertion.load(element);
                } catch (XmlException e) {
                    throw new PolicyException((Throwable) e);
                }
            }
        }
    }

    private void handleIntegrity(PolicyAlternative policyAlternative) throws PolicyException {
        for (IntegrityAssertion integrityAssertion : policyAlternative.getAssertions(IntegrityAssertion.class)) {
            if (isIntegrityAbstract(integrityAssertion)) {
                Element element = IntegrityAssertion.getElement(integrityAssertion.getXbean());
                Element createAndAddElement = DOMUtils.createAndAddElement(element, SecurityPolicyConstants.SUPPORTED_TOKENS_QNAME, DOMUtils.getPrefix("http://www.bea.com/wls90/security/policy", element));
                handleAbstractAssertions(createAndAddElement, Purpose.SIGN);
                element.appendChild(createAndAddElement);
                try {
                    integrityAssertion.load(element);
                } catch (XmlException e) {
                    throw new PolicyException((Throwable) e);
                }
            }
        }
    }

    private void handlConfidentiality(PolicyAlternative policyAlternative) throws PolicyException {
        for (ConfidentialityAssertion confidentialityAssertion : policyAlternative.getAssertions(ConfidentialityAssertion.class)) {
            if (isConfidentialityAbstract(confidentialityAssertion) || isTrustEnable(confidentialityAssertion)) {
                Element element = ConfidentialityAssertion.getElement(confidentialityAssertion.getXbean());
                handleAbstractAssertions((Element) DOMUtils.findNode(element, "KeyInfo"), Purpose.ENCRYPT);
                try {
                    confidentialityAssertion.load(element);
                } catch (XmlException e) {
                    throw new PolicyException((Throwable) e);
                }
            }
        }
    }

    private void handleMessageAge(PolicyAlternative policyAlternative) {
        Iterator it = policyAlternative.getAssertions(MessageAgeAssertion.class).iterator();
        while (it.hasNext()) {
            MessageAgeDocument.MessageAge messageAge = ((MessageAgeAssertion) it.next()).getXbean().getMessageAge();
            if (isMessageAgeAbstract(messageAge)) {
                messageAge.setAge(BigInteger.valueOf(this.wssConfig.getTimestampConfig().getMessageAge()));
            }
        }
    }

    private Element handleAbstractAssertions(Element element, Purpose purpose) throws PolicyException {
        ArrayList supportedTokenTypes = getSupportedTokenTypes(purpose);
        if (supportedTokenTypes.size() > 0) {
            for (int i = 0; i < supportedTokenTypes.size(); i++) {
                try {
                    ((SecurityTokenPolicyInfo) supportedTokenTypes.get(i)).getSecurityTokenAssertion(element, purpose, this.wssConfig.getContextHandler());
                } catch (WSSecurityConfigurationException e) {
                    throw new PolicyException("Failed to fill abstract token assertion.", e);
                }
            }
        }
        return element;
    }

    private ArrayList getSupportedTokenTypes(Purpose purpose) {
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < this.supportedTokenTypes.length; i++) {
            if (this.supportedTokenTypes[i].supports(purpose)) {
                arrayList.add(this.supportedTokenTypes[i]);
            }
        }
        return arrayList;
    }

    private boolean isTrustEnable(ConfidentialityAssertion confidentialityAssertion) {
        return confidentialityAssertion.getXbean().getConfidentiality().getSupportTrust10();
    }
}
