package org.apache.cxf.ws.security.wss4j.policyvalidators;

import java.util.Collection;
import java.util.List;
import org.apache.cxf.message.Message;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.security.policy.SP12Constants;
import org.apache.cxf.ws.security.policy.SPConstants;
import org.apache.cxf.ws.security.policy.model.IssuedToken;
import org.apache.cxf.ws.security.policy.model.KerberosToken;
import org.apache.cxf.ws.security.policy.model.KeyValueToken;
import org.apache.cxf.ws.security.policy.model.SamlToken;
import org.apache.cxf.ws.security.policy.model.SecurityContextToken;
import org.apache.cxf.ws.security.policy.model.SupportingToken;
import org.apache.cxf.ws.security.policy.model.Token;
import org.apache.cxf.ws.security.policy.model.UsernameToken;
import org.apache.cxf.ws.security.policy.model.X509Token;
import org.apache.ws.security.WSSecurityEngineResult;

/* loaded from: input_file:wlp/lib/com.ibm.ws.org.apache.cxf.ws.security.2.6.2_1.0.3.jar:org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingTokenPolicyValidator.class */
public class EndorsingTokenPolicyValidator extends AbstractSupportingTokenPolicyValidator {
    public EndorsingTokenPolicyValidator() {
        setEndorsed(true);
    }

    @Override // org.apache.cxf.ws.security.wss4j.policyvalidators.SupportingTokenPolicyValidator
    public boolean validatePolicy(AssertionInfoMap assertionInfoMap, Message message, List<WSSecurityEngineResult> list, List<WSSecurityEngineResult> list2, List<WSSecurityEngineResult> list3) {
        Collection<AssertionInfo> collection = assertionInfoMap.get(SP12Constants.ENDORSING_SUPPORTING_TOKENS);
        if (collection == null || collection.isEmpty()) {
            return true;
        }
        setMessage(message);
        setResults(list);
        setSignedResults(list2);
        setEncryptedResults(list3);
        for (AssertionInfo assertionInfo : collection) {
            SupportingToken supportingToken = (SupportingToken) assertionInfo.getAssertion();
            if (SPConstants.SupportTokenType.SUPPORTING_TOKEN_ENDORSING == supportingToken.getTokenType()) {
                assertionInfo.setAsserted(true);
                setSignedParts(supportingToken.getSignedParts());
                setEncryptedParts(supportingToken.getEncryptedParts());
                setSignedElements(supportingToken.getSignedElements());
                setEncryptedElements(supportingToken.getEncryptedElements());
                for (Token token : supportingToken.getTokens()) {
                    if (isTokenRequired(token, message)) {
                        setDerived(token.isDerivedKeys());
                        boolean z = false;
                        if (token instanceof KerberosToken) {
                            if (!processKerberosTokens()) {
                                z = true;
                            }
                        } else if (token instanceof X509Token) {
                            if (!processX509Tokens()) {
                                z = true;
                            }
                        } else if (token instanceof KeyValueToken) {
                            if (!processKeyValueTokens()) {
                                z = true;
                            }
                        } else if (token instanceof UsernameToken) {
                            if (!processUsernameTokens()) {
                                z = true;
                            }
                        } else if (token instanceof SecurityContextToken) {
                            if (!processSCTokens()) {
                                z = true;
                            }
                        } else if (token instanceof SamlToken) {
                            if (!processSAMLTokens()) {
                                z = true;
                            }
                        } else if (!(token instanceof IssuedToken)) {
                            z = true;
                        }
                        if (z) {
                            assertionInfo.setNotAsserted("The received token does not match the endorsing supporting token requirement");
                            return false;
                        }
                    }
                }
            }
        }
        return true;
    }
}
