package weblogic.wsee.security.wss.plan;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.ListIterator;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import weblogic.wsee.jaxrpc.WLStub;
import weblogic.wsee.message.WlMessageContext;
import weblogic.wsee.policy.util.PolicySelectionPreference;
import weblogic.wsee.security.policy.SecurityToken;
import weblogic.wsee.security.policy12.assertions.Header;
import weblogic.wsee.security.policy12.assertions.IncludeTimestamp;
import weblogic.wsee.security.policy12.assertions.Layout;
import weblogic.wsee.security.policy12.assertions.RequiredElements;
import weblogic.wsee.security.policy12.assertions.RequiredParts;
import weblogic.wsee.security.policy12.assertions.SignedElements;
import weblogic.wsee.security.policy12.assertions.XPath;
import weblogic.wsee.security.policy12.internal.QNameExprImpl;
import weblogic.wsee.security.wss.plan.fact.SecurityTokenFactory;
import weblogic.wsee.security.wss.plan.helper.SecurityPolicyBlueprintHelper;
import weblogic.wsee.security.wss.policy.EncryptionPolicy;
import weblogic.wsee.security.wss.policy.GeneralPolicy;
import weblogic.wsee.security.wss.policy.SecurityPolicyArchitectureException;
import weblogic.wsee.security.wss.policy.SecurityPolicyBuilderConstants;
import weblogic.wsee.security.wss.policy.SignaturePolicy;
import weblogic.wsee.security.wss.policy.TimestampPolicy;
import weblogic.wsee.security.wssp.AlgorithmSuiteInfo;
import weblogic.wsee.security.wssp.AsymmetricBindingInfo;
import weblogic.wsee.security.wssp.ConfidentialityAssertion;
import weblogic.wsee.security.wssp.HttpsTokenAssertion;
import weblogic.wsee.security.wssp.IntegrityAssertion;
import weblogic.wsee.security.wssp.IssuedTokenAssertion;
import weblogic.wsee.security.wssp.KerberosTokenAssertion;
import weblogic.wsee.security.wssp.ProtectionAssertion;
import weblogic.wsee.security.wssp.QNameExpr;
import weblogic.wsee.security.wssp.SamlTokenAssertion;
import weblogic.wsee.security.wssp.SecureConversationTokenAssertion;
import weblogic.wsee.security.wssp.SecurityBindingPropertiesAssertion;
import weblogic.wsee.security.wssp.SecurityPolicyAssertionInfo;
import weblogic.wsee.security.wssp.SupportingTokensAssertion;
import weblogic.wsee.security.wssp.SymmetricBindingInfo;
import weblogic.wsee.security.wssp.TokenAssertion;
import weblogic.wsee.security.wssp.TransportBindingInfo;
import weblogic.wsee.security.wssp.UsernameTokenAssertion;
import weblogic.wsee.security.wssp.WsTrustOptions;
import weblogic.wsee.security.wssp.Wss10Options;
import weblogic.wsee.security.wssp.Wss11Options;
import weblogic.wsee.security.wssp.X509TokenAssertion;
import weblogic.xml.crypto.dsig.api.Transform;
import weblogic.xml.crypto.wss.WSSConstants;
import weblogic.xml.crypto.wss11.internal.SecurityBuilder;
import weblogic.xml.crypto.wss11.internal.SecurityValidator;
import weblogic.xml.dom.DOMUtils;

/* loaded from: input_file:weblogic/wsee/security/wss/plan/SecurityPolicyBlueprintPlotter.class */
public class SecurityPolicyBlueprintPlotter {
    private static final Logger LOGGER = Logger.getLogger(SecurityPolicyBlueprintPlotter.class.getName());
    private SecurityPolicyBlueprint blueprint;
    public static final boolean SUPPORT_DK_ENDORSING_WITH_DK = false;
    private static final String SP_NAMESPACE_2005_07 = "http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";
    private SecurityPolicyAssertionInfo policy = null;
    private AlgorithmSuiteInfo algorithmSuiteInfo = null;
    private boolean isCompatMSFT = false;
    private String policyNamespaceUri = null;

    public SecurityPolicyBlueprintPlotter(SecurityBuilder securityBuilder) {
        if (null == securityBuilder) {
            throw new IllegalArgumentException("Null security builder found");
        }
        this.blueprint = new SecurityPolicyBlueprint(securityBuilder);
    }

    public SecurityPolicyBlueprintPlotter(SecurityValidator securityValidator) {
        if (null == securityValidator) {
            throw new IllegalArgumentException("Null security validator found");
        }
        this.blueprint = new SecurityPolicyBlueprint(securityValidator);
        this.blueprint.setBuildingPlan(27);
    }

    protected SecurityPolicyBlueprintPlotter(SecurityPolicyBlueprint securityPolicyBlueprint) {
        this.blueprint = securityPolicyBlueprint;
    }

    public void setPolicyInfo(SecurityPolicyAssertionInfo securityPolicyAssertionInfo) {
        this.policy = securityPolicyAssertionInfo;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SecurityPolicyBlueprint getBlueprint() {
        return this.blueprint;
    }

    protected AlgorithmSuiteInfo getAlgorithmSuiteInfo() {
        return this.algorithmSuiteInfo;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setAlgorithmSuiteInfo(AlgorithmSuiteInfo algorithmSuiteInfo) {
        this.algorithmSuiteInfo = algorithmSuiteInfo;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void drawPolicySelectionPreference(PolicySelectionPreference policySelectionPreference) {
        if (null == policySelectionPreference) {
            policySelectionPreference = new PolicySelectionPreference();
        }
        this.blueprint.getGeneralPolicy().setPreference(policySelectionPreference);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void drawPolicyCompatibilityPreference(String str, String str2) {
        if (str != null && str.equals(WLStub.POLICY_COMPATIBILITY_MSFT)) {
            this.isCompatMSFT = true;
        }
        this.policyNamespaceUri = str2;
        if (LOGGER.isLoggable(Level.FINE)) {
            LOGGER.log(Level.FINE, "isCompatMSFT set to " + this.isCompatMSFT);
            LOGGER.log(Level.FINE, "policyNamespaceUri is " + this.policyNamespaceUri);
        }
        this.blueprint.getGeneralPolicy().setCompatMSFT(this.isCompatMSFT);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void drawLayOut(Object obj) {
        GeneralPolicy generalPolicy = this.blueprint.getGeneralPolicy();
        if (null == obj) {
            if (generalPolicy.getLayout() == null) {
                generalPolicy.setLayoutToLax();
                return;
            }
            return;
        }
        if (!(obj instanceof Layout)) {
            if (obj.equals(SecurityBindingPropertiesAssertion.Layout.STRICT)) {
                generalPolicy.setLayoutToStrict();
                return;
            }
            if (obj.equals(SecurityBindingPropertiesAssertion.Layout.LAX_TIMESTAMP_FIRST)) {
                generalPolicy.setLayoutToLaxTimestampFirst();
                return;
            } else if (obj.equals(SecurityBindingPropertiesAssertion.Layout.LAX_TIMESTAMP_LAST)) {
                generalPolicy.setLayoutToLaxTimestampLast();
                return;
            } else {
                generalPolicy.setLayoutToLax();
                return;
            }
        }
        Layout layout = (Layout) obj;
        if (null != layout.getStrict()) {
            generalPolicy.setLayoutToStrict();
            return;
        }
        if (null != layout.getLaxTsFirst()) {
            generalPolicy.setLayoutToLaxTimestampFirst();
        } else if (null != layout.getLaxTsLast()) {
            generalPolicy.setLayoutToLaxTimestampLast();
        } else {
            generalPolicy.setLayoutToLax();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void drawTimestamp(Object obj, Map<String, Object> map) throws SecurityPolicyArchitectureException {
        TimestampPolicy timestampPolicy = this.blueprint.getTimestampPolicy();
        if (null == obj) {
            return;
        }
        if (map != null) {
            Object obj2 = map.get(WlMessageContext.WSS_MESSAGE_AGE);
            if (obj2 instanceof Integer) {
                timestampPolicy.setMessageAgeSeconds(((Integer) obj2).shortValue());
            }
        }
        if ("LaxTimestampFirst".equals(this.blueprint.getGeneralPolicy().getLayout()) || "LaxTimestampFirst".equals(this.blueprint.getGeneralPolicy().getLayout())) {
            timestampPolicy.setIncludeTimestamp(true);
            return;
        }
        if (obj instanceof AsymmetricBindingInfo) {
            AsymmetricBindingInfo asymmetricBindingInfo = (AsymmetricBindingInfo) obj;
            if (asymmetricBindingInfo.isTimestampRequired()) {
                if (!asymmetricBindingInfo.isTimestampOptional() || isSecurityFirst()) {
                    timestampPolicy.setIncludeTimestamp(true);
                    return;
                } else {
                    if (LOGGER.isLoggable(Level.FINE)) {
                        LOGGER.log(Level.FINE, "Skip the Timesptamp assertion due to it is optional and security is not a preference");
                        return;
                    }
                    return;
                }
            }
            return;
        }
        if (!(obj instanceof SymmetricBindingInfo)) {
            if (obj instanceof TransportBindingInfo) {
                if (((TransportBindingInfo) obj).isTimestampRequired()) {
                    timestampPolicy.setIncludeTimestamp(true);
                    return;
                }
                return;
            } else {
                if (!(obj instanceof IncludeTimestamp)) {
                    throw new SecurityPolicyArchitectureException("unknow object for Timestamp policy ");
                }
                timestampPolicy.setIncludeTimestamp(true);
                return;
            }
        }
        SymmetricBindingInfo symmetricBindingInfo = (SymmetricBindingInfo) obj;
        if (symmetricBindingInfo.isTimestampRequired()) {
            if (!symmetricBindingInfo.isTimestampOptional() || isSecurityFirst()) {
                timestampPolicy.setIncludeTimestamp(true);
            } else if (LOGGER.isLoggable(Level.FINE)) {
                LOGGER.log(Level.FINE, "Skip the Timesptamp assertion due to it is optional and security is not a preference");
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void drawTransportToken(HttpsTokenAssertion httpsTokenAssertion) {
        this.blueprint.getGeneralPolicy().setHttpsAssertion(httpsTokenAssertion);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void drawWss11Options(Wss11Options wss11Options, boolean z) throws SecurityPolicyArchitectureException {
        this.blueprint.setRequest(z);
        if (null != wss11Options) {
            GeneralPolicy generalPolicy = this.blueprint.getGeneralPolicy();
            generalPolicy.setWss11On();
            generalPolicy.setWss11OptionsAssertion(wss11Options);
            if (z || !wss11Options.isSignatureConfirmationRequired()) {
                generalPolicy.setRequireSignatureConfirmation(false);
            } else {
                addBlueprintAction(128);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addBlueprintAction(int i) {
        this.blueprint.addActionToBuildingPlan(i);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void drawEncyptedKeyAction() {
        this.blueprint.setEncryptedKeyRequired(true);
        if (this.blueprint.isRequest()) {
            addBlueprintAction(SecurityPolicyPlan.ACTION_SIGN_AND_ENCRYPT_REQUEST);
        } else {
            addBlueprintAction(SecurityPolicyPlan.ACTION_SIGN_AND_ENCRYPT_RESPONSE);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void drawWss10Options(Wss10Options wss10Options) throws SecurityPolicyArchitectureException {
        if (null != wss10Options) {
            this.blueprint.getGeneralPolicy().setWss10OptionsAssertion(wss10Options);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void drawAsymmetricBindingAlgorithm(AlgorithmSuiteInfo algorithmSuiteInfo) throws SecurityPolicyArchitectureException {
        SignaturePolicy signingPolicy = this.blueprint.getSigningPolicy();
        signingPolicy.setSignatureMethod(algorithmSuiteInfo.getAsymSigUri());
        signingPolicy.setCanonicalizationMethod(algorithmSuiteInfo.getC14nAlgUri());
        signingPolicy.setDigestMethod(algorithmSuiteInfo.getDigUri());
        EncryptionPolicy encryptionPolicy = this.blueprint.getEncryptionPolicy();
        encryptionPolicy.setEncryptionMethod(algorithmSuiteInfo.getEncUri());
        encryptionPolicy.setKeyWrapMethod(algorithmSuiteInfo.getAsymKwUri());
        encryptionPolicy.setCanonicalizationMethod();
        setEndorsingAlgo(algorithmSuiteInfo);
    }

    private void setEndorsingAlgo(AlgorithmSuiteInfo algorithmSuiteInfo) throws SecurityPolicyArchitectureException {
        SignaturePolicy endorsingPolicy = this.blueprint.getEndorsingPolicy();
        endorsingPolicy.setSignatureMethod(algorithmSuiteInfo.getAsymSigUri());
        endorsingPolicy.setCanonicalizationMethod(algorithmSuiteInfo.getC14nAlgUri());
        endorsingPolicy.setDigestMethod(algorithmSuiteInfo.getDigUri());
    }

    public void setSymmetricEndorsingAlgo(AlgorithmSuiteInfo algorithmSuiteInfo) throws SecurityPolicyArchitectureException {
        if (LOGGER.isLoggable(Level.FINE)) {
            LOGGER.log(Level.FINE, "Setting the Endorsing signing algorithm to symmetric signing algorithm ");
        }
        SignaturePolicy endorsingPolicy = this.blueprint.getEndorsingPolicy();
        endorsingPolicy.setSignatureMethod(algorithmSuiteInfo.getSymSigUri());
        endorsingPolicy.setCanonicalizationMethod(algorithmSuiteInfo.getC14nAlgUri());
        endorsingPolicy.setDigestMethod(algorithmSuiteInfo.getDigUri());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void drawSymmetricBindingAlgorithm(AlgorithmSuiteInfo algorithmSuiteInfo, boolean z) throws SecurityPolicyArchitectureException {
        SignaturePolicy signingPolicy = this.blueprint.getSigningPolicy();
        signingPolicy.setSignatureMethod(algorithmSuiteInfo.getSymSigUri());
        signingPolicy.setCanonicalizationMethod(algorithmSuiteInfo.getC14nAlgUri());
        signingPolicy.setDigestMethod(algorithmSuiteInfo.getDigUri());
        EncryptionPolicy encryptionPolicy = this.blueprint.getEncryptionPolicy();
        encryptionPolicy.setEncryptionMethod(algorithmSuiteInfo.getEncUri());
        if (z) {
            encryptionPolicy.setKeyWrapMethod(algorithmSuiteInfo.getAsymKwUri());
        }
        encryptionPolicy.setCanonicalizationMethod();
        setEndorsingAlgo(algorithmSuiteInfo);
        this.algorithmSuiteInfo = algorithmSuiteInfo;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void drawOneSignatureItem(String str) {
        if (this.blueprint.hasTransportSecuirity()) {
            return;
        }
        this.blueprint.getSigningPolicy().addSignatureNode(str, null);
    }

    protected void drawOneEndorseItem(String str) {
        this.blueprint.getEndorsingPolicy().addSignatureNode(str, null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void drawEncryptBeforeSigning() {
        this.blueprint.getGeneralPolicy().setEncryptBeforeSigning(true);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void drawSignatureProtection(boolean z) {
        if (!z || isSecurityFirst()) {
            drawOneEncryptionItem("EncryptSignature");
        } else if (LOGGER.isLoggable(Level.FINE)) {
            LOGGER.log(Level.FINE, "Skip the TokenProtection assertion due to it is optional and security is not a preference");
        }
    }

    protected void drawOneEncryptionItem(String str) {
        if (this.blueprint.hasTransportSecuirity()) {
            return;
        }
        this.blueprint.getEncryptionPolicy().addNode(str, null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void drawIntegrity(List<IntegrityAssertion> list) throws SecurityPolicyArchitectureException {
        SignedElements signedElementsPolicy;
        Set<XPath> xPathExpressions;
        if (this.blueprint.hasTransportSecuirity() || null == list || list.size() == 0) {
            return;
        }
        for (IntegrityAssertion integrityAssertion : list) {
            SignaturePolicy signingPolicy = this.blueprint.getSigningPolicy();
            if (integrityAssertion.isSignedBodyRequired()) {
                if (!integrityAssertion.isSignedBodyOptional() || isSecurityFirst()) {
                    drawOneSignatureItem("Body");
                } else if (LOGGER.isLoggable(Level.FINE)) {
                    LOGGER.log(Level.FINE, "Skip the Body Signatre assertion due to it is optional and security is not a preference");
                }
            }
            if (null != integrityAssertion.getSigningParts() && integrityAssertion.getSigningParts().size() > 0) {
                Map signingNodeMap = signingPolicy.getSigningNodeMap();
                if (!signingNodeMap.containsKey("Header") || null != signingNodeMap.get("Header")) {
                    for (QNameExpr qNameExpr : integrityAssertion.getSigningParts()) {
                        if (qNameExpr != null) {
                            signingPolicy.addQNameExprNode("Header", qNameExpr);
                        }
                    }
                } else if (LOGGER.isLoggable(Level.FINE)) {
                    LOGGER.log(Level.FINE, "isEntireHeaderAndBodySignatureRequired() == true, all header elements will be signed");
                }
            }
            if (integrityAssertion.getSignedElementsPolicy() != null && (xPathExpressions = (signedElementsPolicy = integrityAssertion.getSignedElementsPolicy()).getXPathExpressions()) != null && xPathExpressions.size() > 0) {
                if (Transform.XPATH2_URI.equals(signedElementsPolicy.getXPathVersion())) {
                    signingPolicy.addXPathFilter2NodeList(SecurityPolicyPlan.ELEMENT, new ArrayList(xPathExpressions));
                } else {
                    Iterator<XPath> it = xPathExpressions.iterator();
                    while (it.hasNext()) {
                        signingPolicy.addXPathNode(SecurityPolicyPlan.ELEMENT, it.next());
                    }
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void drawConfidentiality(List<ConfidentialityAssertion> list) throws SecurityPolicyArchitectureException {
        if (this.blueprint.hasTransportSecuirity() || null == list || list.size() == 0) {
            return;
        }
        EncryptionPolicy encryptionPolicy = this.blueprint.getEncryptionPolicy();
        for (ConfidentialityAssertion confidentialityAssertion : list) {
            if (confidentialityAssertion.isEncryptedBodyRequired()) {
                if (!confidentialityAssertion.isEncryptedBodyOptional() || isSecurityFirst()) {
                    drawOneEncryptionItem("Body");
                } else if (LOGGER.isLoggable(Level.FINE)) {
                    LOGGER.log(Level.FINE, "Skip the Body encryption due to optional and security is not a preference");
                }
            }
            if (confidentialityAssertion.isEncryptedHeaderRequired()) {
                boolean z = false;
                if (null != confidentialityAssertion.getEncryptingParts() && confidentialityAssertion.getEncryptingParts().size() > 0) {
                    for (QNameExpr qNameExpr : confidentialityAssertion.getEncryptingParts()) {
                        if (qNameExpr != null) {
                            if (!qNameExpr.isOptional() || isSecurityFirst()) {
                                z = true;
                                encryptionPolicy.addQNameExprNode("Header", qNameExpr);
                            } else if (LOGGER.isLoggable(Level.FINE)) {
                                LOGGER.log(Level.FINE, "Skip the Body encryption due to optional and security is not a preference");
                            }
                        }
                    }
                }
                if (!z) {
                    drawOneEncryptionItem("Header");
                }
            }
            if (confidentialityAssertion.getEncryptedElementsPolicy() != null) {
                Iterator<XPath> it = confidentialityAssertion.getEncryptedElementsPolicy().getXPathExpressions().iterator();
                while (it.hasNext()) {
                    encryptionPolicy.addXPathNode(SecurityPolicyPlan.ELEMENT, it.next());
                }
            }
            if (confidentialityAssertion.getContentEncryptedElementsPolicy() != null) {
                Iterator<XPath> it2 = confidentialityAssertion.getContentEncryptedElementsPolicy().getXPathExpressions().iterator();
                while (it2.hasNext()) {
                    encryptionPolicy.addXPathNode(SecurityPolicyPlan.ELEMENT, it2.next());
                }
            }
        }
    }

    protected void drawUsernameToken(UsernameTokenAssertion usernameTokenAssertion, int i, boolean z) throws SecurityPolicyArchitectureException {
        if (null == usernameTokenAssertion) {
            return;
        }
        boolean shouldIncludeToken = SecurityPolicyBlueprintHelper.shouldIncludeToken(usernameTokenAssertion.getTokenInclusion(), z);
        if (z || shouldIncludeToken) {
            SecurityToken makeSecurityToken = SecurityTokenFactory.makeSecurityToken(usernameTokenAssertion, shouldIncludeToken);
            if (usernameTokenAssertion.getIssuer() != null) {
                makeSecurityToken.setTokenIssuer(usernameTokenAssertion.getIssuer());
            } else {
                makeSecurityToken.setIssuerName(usernameTokenAssertion.getIssuerName());
            }
            boolean isSignedSupportingToken = isSignedSupportingToken(i);
            boolean isEncryptedSupportingToken = isEncryptedSupportingToken(i);
            boolean isEndorsingSupportingToken = isEndorsingSupportingToken(i);
            if (!isEncryptedSupportingToken && isSignedSupportingToken && ((this.blueprint.getGeneralPolicy().isCompatMSFT() && "http://schemas.xmlsoap.org/ws/2005/07/securitypolicy".equals(this.policyNamespaceUri)) || ((this.blueprint.getGeneralPolicy().hasTrustOptions() && !usernameTokenAssertion.isHashPasswordRequired()) || ("http://schemas.xmlsoap.org/ws/2005/07/securitypolicy".equals(this.policyNamespaceUri) && !usernameTokenAssertion.isHashPasswordRequired())))) {
                if (LOGGER.isLoggable(Level.FINE)) {
                    LOGGER.log(Level.FINE, "Forcing encryption for Signed Supporting Username token");
                }
                isEncryptedSupportingToken = true;
            }
            if (isEncryptedSupportingToken) {
                if (LOGGER.isLoggable(Level.FINE)) {
                    LOGGER.log(Level.FINE, "Supporting Username token is Encrypted");
                }
                drawOneEncryptionItem(SecurityPolicyPlan.USERNAME_TOKEN);
            }
            if (usernameTokenAssertion.isCreatedRequired() || usernameTokenAssertion.isNonceRequired()) {
                Node claims = makeSecurityToken.getClaims();
                Element element = null;
                if (null != claims) {
                    element = DOMUtils.getFirstElement(claims, SecurityPolicyBuilderConstants.POLICY_USE_PASSWD);
                }
                if (null != element) {
                    if (usernameTokenAssertion.isCreatedRequired() && usernameTokenAssertion.isNonceRequired()) {
                        weblogic.xml.crypto.utils.DOMUtils.addAttribute(element, SecurityPolicyBuilderConstants.POLICY_PASSWD_ATTR, WSSConstants.PASSWORD_TYPE_NONCE_CREATE);
                    } else if (usernameTokenAssertion.isCreatedRequired()) {
                        weblogic.xml.crypto.utils.DOMUtils.addAttribute(element, SecurityPolicyBuilderConstants.POLICY_PASSWD_ATTR, WSSConstants.PASSWORD_TYPE_CREATE);
                    } else {
                        weblogic.xml.crypto.utils.DOMUtils.addAttribute(element, SecurityPolicyBuilderConstants.POLICY_PASSWD_ATTR, WSSConstants.PASSWORD_TYPE_NONCE);
                    }
                }
            } else if (!this.blueprint.isForValidator() && !usernameTokenAssertion.isHashPasswordRequired() && !usernameTokenAssertion.requireDerivedKey() && !usernameTokenAssertion.noPasswordRequried() && isSecurityFirst() && !isSignedSupportingToken && !isEndorsingSupportingToken) {
                Node claims2 = makeSecurityToken.getClaims();
                Element element2 = null;
                if (null != claims2) {
                    element2 = DOMUtils.getFirstElement(claims2, SecurityPolicyBuilderConstants.POLICY_USE_PASSWD);
                }
                if (null != element2) {
                    weblogic.xml.crypto.utils.DOMUtils.addAttribute(element2, SecurityPolicyBuilderConstants.POLICY_PASSWD_ATTR, WSSConstants.PASSWORD_TYPE_NONCE_CREATE);
                }
            }
            if (isSignedSupportingToken) {
                if (LOGGER.isLoggable(Level.FINE)) {
                    LOGGER.log(Level.FINE, "Supporting Username token is Signed");
                }
                drawOneSignatureItem(SecurityPolicyPlan.USERNAME_TOKEN);
            }
            if (!isEndorsingSupportingToken) {
                this.blueprint.getIdentityPolicy().addIdentityToken(makeSecurityToken);
            } else {
                if (LOGGER.isLoggable(Level.FINE)) {
                    LOGGER.log(Level.FINE, "Supporting Username token is Endorsing");
                }
                throw new SecurityPolicyArchitectureException("Endorsing Supporting Username Token not supported");
            }
        }
    }

    protected void drawX509Token(X509TokenAssertion x509TokenAssertion, int i, boolean z) throws SecurityPolicyArchitectureException {
        if (null == x509TokenAssertion) {
            return;
        }
        boolean shouldIncludeToken = SecurityPolicyBlueprintHelper.shouldIncludeToken(x509TokenAssertion.getTokenInclusion(), z);
        SecurityToken makeSecurityTokenForSignature = (i == 2 || i == 3) ? SecurityTokenFactory.makeSecurityTokenForSignature(x509TokenAssertion, shouldIncludeToken, this.blueprint.getGeneralPolicy()) : SecurityTokenFactory.makeSecurityToken(x509TokenAssertion, shouldIncludeToken, this.blueprint.getGeneralPolicy());
        if (x509TokenAssertion.getIssuer() != null) {
            makeSecurityTokenForSignature.setTokenIssuer(x509TokenAssertion.getIssuer());
        } else {
            makeSecurityTokenForSignature.setIssuerName(x509TokenAssertion.getIssuerName());
        }
        if (x509TokenAssertion.requireDerivedKey()) {
        }
        switch (i) {
            case 0:
            case 5:
                if (shouldIncludeToken) {
                    this.blueprint.getIdentityPolicy().addIdentityToken(makeSecurityTokenForSignature);
                    return;
                }
                return;
            case 1:
                if (shouldIncludeToken) {
                    drawOneSignatureItem("X509Token");
                    this.blueprint.getIdentityPolicy().addIdentityToken(makeSecurityTokenForSignature);
                    return;
                }
                return;
            case 2:
                if (shouldIncludeToken) {
                    drawOneEndorseItem(SecurityPolicyPlan.ENDORSE_SIGNATURE);
                    this.blueprint.getEndorsingPolicy().addSignatureToken(makeSecurityTokenForSignature);
                    return;
                }
                return;
            case 3:
            case 7:
                drawOneSignatureItem("X509Token");
                if (shouldIncludeToken) {
                    drawOneEndorseItem(SecurityPolicyPlan.ENDORSE_SIGNATURE);
                    this.blueprint.getEndorsingPolicy().addSignatureToken(makeSecurityTokenForSignature);
                    return;
                }
                return;
            case 4:
            case 6:
            default:
                return;
        }
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Removed duplicated region for block: B:19:0x009a  */
    /* JADX WARN: Removed duplicated region for block: B:22:0x00ab  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    protected void drawSamlToken(weblogic.wsee.security.wssp.SamlTokenAssertion r5, int r6, boolean r7, weblogic.wsee.security.wssp.AlgorithmSuiteInfo r8) throws weblogic.wsee.security.wss.policy.SecurityPolicyArchitectureException {
        /*
            r4 = this;
            r0 = 0
            r1 = r5
            if (r0 != r1) goto L6
            return
        L6:
            r0 = r5
            weblogic.wsee.security.wssp.TokenAssertion$TokenInclusion r0 = r0.getTokenInclusion()
            r9 = r0
            r0 = r9
            r1 = r7
            boolean r0 = weblogic.wsee.security.wss.plan.helper.SecurityPolicyBlueprintHelper.shouldIncludeToken(r0, r1)
            r10 = r0
            r0 = r7
            if (r0 != 0) goto L20
            r0 = r10
            if (r0 != 0) goto L20
            return
        L20:
            r0 = r5
            r1 = r10
            r2 = r4
            weblogic.wsee.security.wss.plan.SecurityPolicyBlueprint r2 = r2.getBlueprint()
            weblogic.wsee.security.wss.policy.GeneralPolicy r2 = r2.getGeneralPolicy()
            weblogic.wsee.security.policy.SecurityToken r0 = weblogic.wsee.security.wss.plan.fact.SecurityTokenFactory.makeSecurityToken(r0, r1, r2)
            r11 = r0
            r0 = r5
            java.lang.String r0 = r0.getIssuer()
            if (r0 == 0) goto L46
            r0 = r11
            r1 = r5
            java.lang.String r1 = r1.getIssuer()
            r0.setTokenIssuer(r1)
            goto L51
        L46:
            r0 = r11
            r1 = r5
            java.lang.String r1 = r1.getIssuerName()
            r0.setIssuerName(r1)
        L51:
            r0 = 0
            r12 = r0
            r0 = r6
            switch(r0) {
                case 0: goto Lf5;
                case 1: goto Le9;
                case 2: goto L90;
                case 3: goto L8a;
                case 4: goto Lcc;
                case 5: goto Lf8;
                case 6: goto Lf8;
                case 7: goto L84;
                default: goto Lf8;
            }
        L84:
            r0 = r4
            java.lang.String r1 = "SamlToken"
            r0.drawOneEncryptionItem(r1)
        L8a:
            r0 = r4
            java.lang.String r1 = "SamlToken"
            r0.drawOneSignatureItem(r1)
        L90:
            r0 = r4
            weblogic.wsee.security.wss.plan.SecurityPolicyBlueprint r0 = r0.blueprint
            boolean r0 = r0.hasTransportSecuirity()
            if (r0 == 0) goto La6
            r0 = r4
            r1 = r8
            r0.setEndorsingAlgo(r1)
            r0 = r4
            java.lang.String r1 = "TimeStamp"
            r0.drawOneEndorseItem(r1)
        La6:
            r0 = r10
            if (r0 == 0) goto Lbb
            r0 = r4
            weblogic.wsee.security.wss.plan.SecurityPolicyBlueprint r0 = r0.getBlueprint()
            boolean r0 = r0.hasTransportSecuirity()
            if (r0 != 0) goto Lbb
            r0 = r4
            java.lang.String r1 = "EndoseSignature"
            r0.drawOneEndorseItem(r1)
        Lbb:
            r0 = r4
            weblogic.wsee.security.wss.plan.SecurityPolicyBlueprint r0 = r0.blueprint
            weblogic.wsee.security.wss.policy.SignaturePolicy r0 = r0.getEndorsingPolicy()
            r1 = r11
            r0.addSignatureToken(r1)
            goto Lf8
        Lcc:
            java.util.logging.Logger r0 = weblogic.wsee.security.wss.plan.SecurityPolicyBlueprintPlotter.LOGGER
            java.util.logging.Level r1 = java.util.logging.Level.FINE
            boolean r0 = r0.isLoggable(r1)
            if (r0 == 0) goto Le3
            java.util.logging.Logger r0 = weblogic.wsee.security.wss.plan.SecurityPolicyBlueprintPlotter.LOGGER
            java.util.logging.Level r1 = java.util.logging.Level.FINE
            java.lang.String r2 = "SAML token will be Encrypted"
            r0.log(r1, r2)
        Le3:
            r0 = r4
            java.lang.String r1 = "SamlToken"
            r0.drawOneEncryptionItem(r1)
        Le9:
            r0 = r4
            java.lang.String r1 = "SamlToken"
            r0.drawOneSignatureItem(r1)
            r0 = 1
            r12 = r0
            goto Lf8
        Lf5:
            r0 = 1
            r12 = r0
        Lf8:
            r0 = r12
            if (r0 == 0) goto L10b
            r0 = r4
            weblogic.wsee.security.wss.plan.SecurityPolicyBlueprint r0 = r0.blueprint
            weblogic.wsee.security.wss.policy.IdentityPolicy r0 = r0.getIdentityPolicy()
            r1 = r11
            r0.addIdentityToken(r1)
        L10b:
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: weblogic.wsee.security.wss.plan.SecurityPolicyBlueprintPlotter.drawSamlToken(weblogic.wsee.security.wssp.SamlTokenAssertion, int, boolean, weblogic.wsee.security.wssp.AlgorithmSuiteInfo):void");
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:15:0x007d. Please report as an issue. */
    protected void drawWsscToken(SecureConversationTokenAssertion secureConversationTokenAssertion, int i, boolean z, AlgorithmSuiteInfo algorithmSuiteInfo) throws SecurityPolicyArchitectureException {
        if (null == secureConversationTokenAssertion) {
            return;
        }
        boolean shouldIncludeToken = SecurityPolicyBlueprintHelper.shouldIncludeToken(secureConversationTokenAssertion.getTokenInclusion(), z);
        if (algorithmSuiteInfo == null) {
            algorithmSuiteInfo = this.policy.getAlgorithmSuiteInfo();
        }
        setEndorsingAlgo(algorithmSuiteInfo);
        if (this.blueprint.hasTransportSecuirity()) {
            this.blueprint.getEndorsingPolicy().setSignatureMethod(algorithmSuiteInfo.getSymSigUri());
        }
        SecurityToken makeSecurityToken = SecurityTokenFactory.makeSecurityToken(secureConversationTokenAssertion, shouldIncludeToken, getBlueprint().getGeneralPolicy(), algorithmSuiteInfo);
        if (secureConversationTokenAssertion.getIssuer() != null) {
            makeSecurityToken.setTokenIssuer(secureConversationTokenAssertion.getIssuer());
        } else {
            makeSecurityToken.setIssuerName(secureConversationTokenAssertion.getIssuerName());
        }
        switch (i) {
            case 0:
                this.blueprint.getIdentityPolicy().addIdentityToken(makeSecurityToken);
                return;
            case 1:
                drawOneSignatureItem(SecurityPolicyPlan.WSSC_TOKEN);
                this.blueprint.getIdentityPolicy().addIdentityToken(makeSecurityToken);
                return;
            case 7:
                if (shouldIncludeToken) {
                    drawOneEncryptionItem(SecurityPolicyPlan.WSSC_TOKEN);
                }
            case 3:
                if (shouldIncludeToken) {
                    drawOneSignatureItem(SecurityPolicyPlan.WSSC_TOKEN);
                }
            case 2:
                if (shouldIncludeToken) {
                    this.blueprint.getEndorsingPolicy().addSignatureToken(makeSecurityToken);
                    drawOneEndorseItem(SecurityPolicyPlan.TIME_STAMP);
                    return;
                }
                return;
            case 4:
            case 5:
            case 6:
            default:
                return;
        }
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Removed duplicated region for block: B:20:0x00de  */
    /* JADX WARN: Removed duplicated region for block: B:29:0x0113  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    protected void drawIssuedToken(weblogic.wsee.security.wssp.IssuedTokenAssertion r7, int r8, boolean r9, weblogic.wsee.security.wssp.AlgorithmSuiteInfo r10) throws weblogic.wsee.security.wss.policy.SecurityPolicyArchitectureException {
        /*
            Method dump skipped, instructions count: 351
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: weblogic.wsee.security.wss.plan.SecurityPolicyBlueprintPlotter.drawIssuedToken(weblogic.wsee.security.wssp.IssuedTokenAssertion, int, boolean, weblogic.wsee.security.wssp.AlgorithmSuiteInfo):void");
    }

    protected void drawKerberosToken(KerberosTokenAssertion kerberosTokenAssertion, int i, boolean z) throws SecurityPolicyArchitectureException {
        if (null == kerberosTokenAssertion) {
            return;
        }
        SecurityToken makeSecurityToken = SecurityTokenFactory.makeSecurityToken(kerberosTokenAssertion, SecurityPolicyBlueprintHelper.shouldIncludeToken(kerberosTokenAssertion.getTokenInclusion(), z), getBlueprint().getGeneralPolicy());
        if (kerberosTokenAssertion.getIssuer() != null) {
            makeSecurityToken.setTokenIssuer(kerberosTokenAssertion.getIssuer());
        } else {
            makeSecurityToken.setIssuerName(kerberosTokenAssertion.getIssuerName());
        }
        switch (i) {
            case 1:
                drawOneSignatureItem("KerberosToken");
                break;
            case 2:
                drawOneEndorseItem("KerberosToken");
                break;
            case 7:
                drawOneEncryptionItem("KerberosToken");
            case 3:
                drawOneSignatureItem("KerberosToken");
                break;
        }
        this.blueprint.getIdentityPolicy().addIdentityToken(makeSecurityToken);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void drawSupportingToken(List list, SupportingTokensAssertion.SecurityInfo securityInfo, int i) throws SecurityPolicyArchitectureException {
        boolean z = false;
        Object obj = null;
        boolean isRequest = this.blueprint.isRequest();
        ListIterator listIterator = list.listIterator();
        while (listIterator.hasNext()) {
            Object next = listIterator.next();
            if (!(next instanceof TokenAssertion)) {
                obj = next;
                LOGGER.log(Level.FINE, "Found Unknown Token Assertion =" + next.toString());
            } else if (((TokenAssertion) next).isOptional() && !isSecurityFirst()) {
                LOGGER.log(Level.FINE, "Optional token will not getnerated without security preference set for Token Assertion =" + next.toString());
                z = true;
            } else if (next instanceof UsernameTokenAssertion) {
                drawUsernameToken((UsernameTokenAssertion) next, i, isRequest);
                z = true;
            } else if (next instanceof X509TokenAssertion) {
                drawX509Token((X509TokenAssertion) next, i, isRequest);
                z = true;
            } else if (next instanceof SamlTokenAssertion) {
                drawSamlToken((SamlTokenAssertion) next, i, isRequest, this.algorithmSuiteInfo);
                z = true;
            } else if (next instanceof SecureConversationTokenAssertion) {
                drawWsscToken((SecureConversationTokenAssertion) next, i, isRequest, this.algorithmSuiteInfo);
                z = true;
            } else if (next instanceof IssuedTokenAssertion) {
                drawIssuedToken((IssuedTokenAssertion) next, i, isRequest, this.algorithmSuiteInfo);
                z = true;
            } else if (next instanceof KerberosTokenAssertion) {
                drawKerberosToken((KerberosTokenAssertion) next, i, isRequest);
                z = true;
            } else {
                obj = next;
                LOGGER.log(Level.FINE, "Found Unknown Token Assertion" + next.toString());
            }
        }
        if (!z) {
            throw new SecurityPolicyArchitectureException("Unknown Token found -" + obj.toString());
        }
        SignaturePolicy signingPolicy = this.blueprint.getSigningPolicy();
        EncryptionPolicy encryptionPolicy = this.blueprint.getEncryptionPolicy();
        SignaturePolicy endorsingPolicy = this.blueprint.getEndorsingPolicy();
        EncryptionPolicy encryptionPolicy2 = this.blueprint.getEncryptionPolicy();
        String signedXPathVersion = securityInfo.getSignedXPathVersion();
        securityInfo.getEncryptedXPathVersion();
        List<QNameExpr> signedParts = securityInfo.getSignedParts();
        List<XPath> signedElements = securityInfo.getSignedElements();
        List<QNameExpr> encryptedParts = securityInfo.getEncryptedParts();
        List<XPath> encryptedElements = securityInfo.getEncryptedElements();
        if (securityInfo.isSignedBodyRequired()) {
            if (!securityInfo.isSignedBodyOptional() || isSecurityFirst()) {
                if (i == 2 || i == 6) {
                    if (endorsingPolicy.hasSignatureToken()) {
                        endorsingPolicy.addSignatureNode("Body", null);
                    }
                } else if (!this.blueprint.hasTransportSecuirity() && signingPolicy.hasSignatureToken()) {
                    signingPolicy.addSignatureNode("Body", null);
                }
            } else if (LOGGER.isLoggable(Level.FINE)) {
                LOGGER.log(Level.FINE, "For supporting tokens, skip the Body Signatre assertion due to it is optional and security is not a preference");
            }
        }
        if (signedParts != null && !signedParts.isEmpty()) {
            Map signingNodeMap = signingPolicy.getSigningNodeMap();
            if (!signingNodeMap.containsKey("Header") || null != signingNodeMap.get("Header")) {
                for (QNameExpr qNameExpr : signedParts) {
                    if (qNameExpr != null) {
                        if (i == 2 || i == 6) {
                            if (endorsingPolicy.hasSignatureToken()) {
                                endorsingPolicy.addQNameExprNode("Header", qNameExpr);
                            }
                        } else if (!this.blueprint.hasTransportSecuirity() && signingPolicy.hasSignatureToken()) {
                            signingPolicy.addQNameExprNode("Header", qNameExpr);
                        }
                    }
                }
            } else if (LOGGER.isLoggable(Level.FINE)) {
                LOGGER.log(Level.FINE, "For supporting tokens, isEntireHeaderAndBodySignatureRequired() == true, all header elements will be signed");
            }
        }
        if (signedElements != null && !signedElements.isEmpty()) {
            if (Transform.XPATH2_URI.equals(signedXPathVersion)) {
                signingPolicy.addXPathFilter2NodeList(SecurityPolicyPlan.ELEMENT, new ArrayList(signedElements));
            } else {
                for (XPath xPath : signedElements) {
                    if (i == 2 || i == 6) {
                        if (endorsingPolicy.hasSignatureToken()) {
                            endorsingPolicy.addXPathNode(SecurityPolicyPlan.ELEMENT, xPath);
                        }
                    } else if (!this.blueprint.hasTransportSecuirity() && signingPolicy.hasSignatureToken()) {
                        signingPolicy.addXPathNode(SecurityPolicyPlan.ELEMENT, xPath);
                    }
                }
            }
        }
        if (securityInfo.isEncryptedBodyRequired()) {
            if (!securityInfo.isEncryptedBodyOptional() || isSecurityFirst()) {
                if (i == 2 || i == 6) {
                    if (encryptionPolicy2.hasEncryptionToken()) {
                        encryptionPolicy2.addNode("Body", null);
                    }
                } else if (!this.blueprint.hasTransportSecuirity() && encryptionPolicy.hasEncryptionToken()) {
                    encryptionPolicy.addNode("Body", null);
                }
            } else if (LOGGER.isLoggable(Level.FINE)) {
                LOGGER.log(Level.FINE, "For supporting tokens, skip the Body encryption due to optional and security is not a preference");
            }
        }
        if (encryptedParts != null && !encryptedParts.isEmpty()) {
            for (QNameExpr qNameExpr2 : encryptedParts) {
                if (qNameExpr2 != null) {
                    if (!qNameExpr2.isOptional() || isSecurityFirst()) {
                        if (i == 2 || i == 6) {
                            if (encryptionPolicy2.hasEncryptionToken()) {
                                encryptionPolicy2.addQNameExprNode("Header", qNameExpr2);
                            }
                        } else if (!this.blueprint.hasTransportSecuirity() && encryptionPolicy.hasEncryptionToken()) {
                            encryptionPolicy.addQNameExprNode("Header", qNameExpr2);
                        }
                    } else if (LOGGER.isLoggable(Level.FINE)) {
                        LOGGER.log(Level.FINE, "For supporting tokens, skip the Body encryption due to optional and security is not a preference");
                    }
                }
            }
        }
        if (encryptedElements == null || encryptedElements.isEmpty()) {
            return;
        }
        for (XPath xPath2 : encryptedElements) {
            if (i == 2 || i == 6) {
                if (encryptionPolicy2.hasEncryptionToken()) {
                    encryptionPolicy2.addXPathNode(SecurityPolicyPlan.ELEMENT, xPath2);
                }
            } else if (!this.blueprint.hasTransportSecuirity() && encryptionPolicy.hasEncryptionToken()) {
                encryptionPolicy.addXPathNode(SecurityPolicyPlan.ELEMENT, xPath2);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void drawTrustOptions(WsTrustOptions wsTrustOptions) {
        this.blueprint.getGeneralPolicy().setTrustOptions(wsTrustOptions);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void drawProtectionAssertion(List<ProtectionAssertion> list) {
        if (list == null || list.size() == 0) {
            return;
        }
        for (ProtectionAssertion protectionAssertion : list) {
            RequiredParts requiredPartsPolicy = protectionAssertion.getRequiredPartsPolicy();
            if (requiredPartsPolicy != null) {
                for (Header header : requiredPartsPolicy.getHeaders()) {
                    this.blueprint.addRequiredPart(new QNameExprImpl(header.getHeaderName(), header.getHeaderNamespaceUri(), header.isOptional() || requiredPartsPolicy.isOptional()));
                }
            }
            RequiredElements requiredElementsPolicy = protectionAssertion.getRequiredElementsPolicy();
            if (requiredElementsPolicy != null) {
                Iterator<XPath> it = requiredElementsPolicy.getXPathExpressions().iterator();
                while (it.hasNext()) {
                    this.blueprint.addRequiredElement(it.next());
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isSecurityFirst() {
        if (null == this.blueprint.getGeneralPolicy().getPreference() || this.blueprint.getGeneralPolicy().getPreference().isDefaut()) {
            return true;
        }
        return this.blueprint.getGeneralPolicy().getPreference().isSecurityFirst();
    }

    private boolean isSignedSupportingToken(int i) {
        return i == 1 || i == 3 || i == 4 || i == 7;
    }

    private boolean isEncryptedSupportingToken(int i) {
        return i == 5 || i == 4 || i == 6 || i == 7;
    }

    private boolean isEndorsingSupportingToken(int i) {
        return i == 2 || i == 3 || i == 6 || i == 7;
    }
}
