package org.apache.cxf.ws.security.wss4j.policyvalidators;

import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.List;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.message.Message;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.wss4j.common.saml.SAMLKeyInfo;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.dom.WSDataRef;
import org.apache.wss4j.dom.WSSecurityEngineResult;
import org.apache.wss4j.dom.message.token.BinarySecurity;
import org.apache.wss4j.dom.message.token.PKIPathSecurity;
import org.apache.wss4j.dom.message.token.X509Security;
import org.apache.wss4j.policy.SPConstants;
import org.apache.wss4j.policy.model.Layout;
import org.w3c.dom.Element;

/* loaded from: input_file:lib/open/cxf/wssec/cxf-rt-ws-security-3.0.3.jar:org/apache/cxf/ws/security/wss4j/policyvalidators/LayoutPolicyValidator.class */
public class LayoutPolicyValidator extends AbstractTokenPolicyValidator {
    public boolean validatePolicy(AssertionInfoMap assertionInfoMap, Message message, Element element, List<WSSecurityEngineResult> list, List<WSSecurityEngineResult> list2) {
        Collection<AssertionInfo> allAssertionsByLocalname = getAllAssertionsByLocalname(assertionInfoMap, "Layout");
        if (allAssertionsByLocalname.isEmpty()) {
            return true;
        }
        parsePolicies(assertionInfoMap, allAssertionsByLocalname, message, list, list2);
        return true;
    }

    private void parsePolicies(AssertionInfoMap assertionInfoMap, Collection<AssertionInfo> collection, Message message, List<WSSecurityEngineResult> list, List<WSSecurityEngineResult> list2) {
        for (AssertionInfo assertionInfo : collection) {
            Layout layout = (Layout) assertionInfo.getAssertion();
            assertionInfo.setAsserted(true);
            if (!validatePolicy(layout, list, list2)) {
                assertionInfo.setNotAsserted("Layout does not match the requirements");
            }
        }
        assertPolicy(assertionInfoMap, "Lax");
        assertPolicy(assertionInfoMap, SPConstants.LAYOUT_LAX_TIMESTAMP_FIRST);
        assertPolicy(assertionInfoMap, SPConstants.LAYOUT_LAX_TIMESTAMP_LAST);
        assertPolicy(assertionInfoMap, "Strict");
    }

    public boolean validatePolicy(Layout layout, List<WSSecurityEngineResult> list, List<WSSecurityEngineResult> list2) {
        boolean z = layout.getLayoutType() == Layout.LayoutType.LaxTsFirst;
        boolean z2 = layout.getLayoutType() == Layout.LayoutType.LaxTsLast;
        boolean z3 = layout.getLayoutType() == Layout.LayoutType.Strict;
        if (z) {
            return !list.isEmpty() && ((Integer) list.get(list.size() - 1).get("action")).intValue() == 32;
        }
        if (z2) {
            return !list.isEmpty() && ((Integer) list.get(0).get("action")).intValue() == 32;
        }
        if (z3) {
            return validateStrictSignaturePlacement(list, list2) && validateStrictSignatureTokenPlacement(list) && checkSignatureIsSignedPlacement(list2);
        }
        return true;
    }

    private boolean validateStrictSignaturePlacement(List<WSSecurityEngineResult> list, List<WSSecurityEngineResult> list2) {
        for (WSSecurityEngineResult wSSecurityEngineResult : list2) {
            List<WSDataRef> cast = CastUtils.cast((List<?>) wSSecurityEngineResult.get("data-ref-uris"));
            Integer num = (Integer) wSSecurityEngineResult.get("action");
            if (cast != null && 16 != num.intValue()) {
                for (WSDataRef wSDataRef : cast) {
                    String xpath = wSDataRef.getXpath();
                    if (xpath != null && StringUtils.split(xpath, "/").length == 5) {
                        Element protectedElement = wSDataRef.getProtectedElement();
                        boolean z = false;
                        for (WSSecurityEngineResult wSSecurityEngineResult2 : list) {
                            Element element = (Element) wSSecurityEngineResult2.get("token-element");
                            if (element == protectedElement) {
                                z = true;
                            }
                            if (z && wSSecurityEngineResult2 == wSSecurityEngineResult) {
                                return false;
                            }
                            if (element == null || wSSecurityEngineResult2 != wSSecurityEngineResult) {
                            }
                        }
                    }
                }
            }
        }
        return true;
    }

    private boolean validateStrictSignatureTokenPlacement(List<WSSecurityEngineResult> list) {
        int findCorrespondingTokenIndex;
        for (int i = 0; i < list.size(); i++) {
            WSSecurityEngineResult wSSecurityEngineResult = list.get(i);
            if (((Integer) wSSecurityEngineResult.get("action")).intValue() == 2 && (findCorrespondingTokenIndex = findCorrespondingTokenIndex(wSSecurityEngineResult, list)) > 0 && findCorrespondingTokenIndex < i) {
                return false;
            }
        }
        return true;
    }

    /* JADX WARN: Code restructure failed: missing block: B:31:0x003e, code lost:
    
        continue;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private boolean checkSignatureIsSignedPlacement(java.util.List<org.apache.wss4j.dom.WSSecurityEngineResult> r4) {
        /*
            r3 = this;
            r0 = 0
            r5 = r0
        L2:
            r0 = r5
            r1 = r4
            int r1 = r1.size()
            if (r0 >= r1) goto Lc0
            r0 = r4
            r1 = r5
            java.lang.Object r0 = r0.get(r1)
            org.apache.wss4j.dom.WSSecurityEngineResult r0 = (org.apache.wss4j.dom.WSSecurityEngineResult) r0
            r6 = r0
            r0 = r6
            java.lang.String r1 = "data-ref-uris"
            java.lang.Object r0 = r0.get(r1)
            java.util.List r0 = (java.util.List) r0
            java.util.List r0 = org.apache.cxf.helpers.CastUtils.cast(r0)
            r7 = r0
            r0 = r7
            if (r0 == 0) goto Lba
            r0 = r7
            int r0 = r0.size()
            r1 = 1
            if (r0 < r1) goto Lba
            r0 = r7
            java.util.Iterator r0 = r0.iterator()
            r8 = r0
        L3e:
            r0 = r8
            boolean r0 = r0.hasNext()
            if (r0 == 0) goto Lba
            r0 = r8
            java.lang.Object r0 = r0.next()
            org.apache.wss4j.dom.WSDataRef r0 = (org.apache.wss4j.dom.WSDataRef) r0
            r9 = r0
            r0 = r9
            javax.xml.namespace.QName r0 = r0.getName()
            r10 = r0
            javax.xml.namespace.QName r0 = org.apache.wss4j.dom.WSSecurityEngine.SIGNATURE
            r1 = r10
            boolean r0 = r0.equals(r1)
            if (r0 == 0) goto Lb7
            r0 = r9
            org.w3c.dom.Element r0 = r0.getProtectedElement()
            r11 = r0
            r0 = 0
            r12 = r0
            r0 = r4
            java.util.Iterator r0 = r0.iterator()
            r13 = r0
        L78:
            r0 = r13
            boolean r0 = r0.hasNext()
            if (r0 == 0) goto Lb7
            r0 = r13
            java.lang.Object r0 = r0.next()
            org.apache.wss4j.dom.WSSecurityEngineResult r0 = (org.apache.wss4j.dom.WSSecurityEngineResult) r0
            r14 = r0
            r0 = r14
            r1 = r6
            if (r0 != r1) goto L97
            r0 = 1
            r12 = r0
        L97:
            r0 = r14
            java.lang.String r1 = "token-element"
            java.lang.Object r0 = r0.get(r1)
            org.w3c.dom.Element r0 = (org.w3c.dom.Element) r0
            r15 = r0
            r0 = r15
            r1 = r11
            if (r0 != r1) goto Lb4
            r0 = r12
            if (r0 == 0) goto Lb2
            goto Lb7
        Lb2:
            r0 = 0
            return r0
        Lb4:
            goto L78
        Lb7:
            goto L3e
        Lba:
            int r5 = r5 + 1
            goto L2
        Lc0:
            r0 = 1
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: org.apache.cxf.ws.security.wss4j.policyvalidators.LayoutPolicyValidator.checkSignatureIsSignedPlacement(java.util.List):boolean");
    }

    private int findCorrespondingTokenIndex(WSSecurityEngineResult wSSecurityEngineResult, List<WSSecurityEngineResult> list) {
        X509Certificate x509Certificate = (X509Certificate) wSSecurityEngineResult.get("x509-certificate");
        PublicKey publicKey = (PublicKey) wSSecurityEngineResult.get("public-key");
        for (int i = 0; i < list.size(); i++) {
            WSSecurityEngineResult wSSecurityEngineResult2 = list.get(i);
            Integer num = (Integer) wSSecurityEngineResult2.get("action");
            if (num.intValue() != 2) {
                BinarySecurity binarySecurity = (BinarySecurity) wSSecurityEngineResult2.get("binary-security-token");
                PublicKey publicKey2 = (PublicKey) wSSecurityEngineResult2.get("public-key");
                if ((binarySecurity instanceof X509Security) || (binarySecurity instanceof PKIPathSecurity)) {
                    if (((X509Certificate) wSSecurityEngineResult2.get("x509-certificate")).equals(x509Certificate)) {
                        return i;
                    }
                } else if (num.intValue() == 16 || num.intValue() == 8) {
                    SAMLKeyInfo subjectKeyInfo = ((SamlAssertionWrapper) wSSecurityEngineResult2.get("saml-assertion")).getSubjectKeyInfo();
                    if (subjectKeyInfo != null) {
                        X509Certificate[] certs = subjectKeyInfo.getCerts();
                        PublicKey publicKey3 = subjectKeyInfo.getPublicKey();
                        if ((x509Certificate != null && certs != null && x509Certificate.equals(certs[0])) || (publicKey3 != null && publicKey3.equals(publicKey))) {
                            return i;
                        }
                    } else {
                        continue;
                    }
                } else if (publicKey != null && publicKey.equals(publicKey2)) {
                    return i;
                }
            }
        }
        return -1;
    }
}
