package org.apache.cxf.ws.security.wss4j.policyvalidators;

import java.security.cert.Certificate;
import java.util.List;
import org.apache.cxf.message.Message;
import org.apache.cxf.message.MessageUtils;
import org.apache.wss4j.common.saml.SAMLKeyInfo;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.dom.WSSecurityEngineResult;
import org.apache.wss4j.dom.saml.DOMSAMLUtil;
import org.apache.wss4j.policy.SPConstants;
import org.apache.wss4j.policy.model.AbstractToken;

/* loaded from: input_file:lib/cxf-rt-ws-security-3.0.13.jar:org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSamlPolicyValidator.class */
public abstract class AbstractSamlPolicyValidator extends AbstractTokenPolicyValidator {
    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.cxf.ws.security.wss4j.policyvalidators.AbstractTokenPolicyValidator
    public boolean isTokenRequired(AbstractToken abstractToken, Message message) {
        SPConstants.IncludeTokenType includeTokenType = abstractToken.getIncludeTokenType();
        if (includeTokenType == SPConstants.IncludeTokenType.INCLUDE_TOKEN_NEVER) {
            return false;
        }
        if (includeTokenType == SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS) {
            return true;
        }
        boolean isRequestor = MessageUtils.isRequestor(message);
        if (isRequestor && includeTokenType == SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_INITIATOR) {
            return true;
        }
        if (isRequestor) {
            return false;
        }
        return includeTokenType == SPConstants.IncludeTokenType.INCLUDE_TOKEN_ONCE || includeTokenType == SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT;
    }

    public boolean checkHolderOfKey(SamlAssertionWrapper samlAssertionWrapper, List<WSSecurityEngineResult> list, Certificate[] certificateArr) {
        return DOMSAMLUtil.checkHolderOfKey(samlAssertionWrapper, list, certificateArr);
    }

    protected boolean compareCredentials(SAMLKeyInfo sAMLKeyInfo, List<WSSecurityEngineResult> list, Certificate[] certificateArr) {
        return DOMSAMLUtil.compareCredentials(sAMLKeyInfo, list, certificateArr);
    }
}
