package org.apache.cxf.ws.security.wss4j.policyvalidators;

import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import org.apache.cxf.message.Message;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.security.policy.SP12Constants;
import org.apache.cxf.ws.security.policy.model.SymmetricBinding;
import org.apache.ws.security.WSSecurityEngineResult;
import org.w3c.dom.Element;

/* loaded from: input_file:WEB-INF/lib/cxf-rt-ws-security-2.7.19-MULE-002.jar:org/apache/cxf/ws/security/wss4j/policyvalidators/SymmetricBindingPolicyValidator.class */
public class SymmetricBindingPolicyValidator extends AbstractBindingPolicyValidator {
    @Override // org.apache.cxf.ws.security.wss4j.policyvalidators.BindingPolicyValidator
    public boolean validatePolicy(AssertionInfoMap assertionInfoMap, Message message, Element element, List<WSSecurityEngineResult> list, List<WSSecurityEngineResult> list2, List<WSSecurityEngineResult> list3) {
        Collection<AssertionInfo> collection = assertionInfoMap.get(SP12Constants.SYMMETRIC_BINDING);
        if (collection == null || collection.isEmpty()) {
            return true;
        }
        boolean z = false;
        Iterator<WSSecurityEngineResult> it = list.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            if (((Integer) it.next().get("action")).intValue() == 2048) {
                z = true;
                break;
            }
        }
        for (AssertionInfo assertionInfo : collection) {
            SymmetricBinding symmetricBinding = (SymmetricBinding) assertionInfo.getAssertion();
            assertionInfo.setAsserted(true);
            if (checkProtectionOrder(symmetricBinding, assertionInfo, list) && checkProperties(symmetricBinding, assertionInfo, assertionInfoMap, list, list2, message) && !checkTokens(symmetricBinding, assertionInfo, assertionInfoMap, z, list2, list3)) {
            }
        }
        return true;
    }

    private boolean checkTokens(SymmetricBinding symmetricBinding, AssertionInfo assertionInfo, AssertionInfoMap assertionInfoMap, boolean z, List<WSSecurityEngineResult> list, List<WSSecurityEngineResult> list2) {
        if (symmetricBinding.getEncryptionToken() != null) {
            assertPolicy(assertionInfoMap, symmetricBinding.getEncryptionToken());
            if (!checkDerivedKeys(symmetricBinding.getEncryptionToken(), z, list, list2)) {
                assertionInfo.setNotAsserted("Message fails the DerivedKeys requirement");
                return false;
            }
        }
        if (symmetricBinding.getSignatureToken() != null) {
            assertPolicy(assertionInfoMap, symmetricBinding.getSignatureToken());
            if (!checkDerivedKeys(symmetricBinding.getSignatureToken(), z, list, list2)) {
                assertionInfo.setNotAsserted("Message fails the DerivedKeys requirement");
                return false;
            }
        }
        if (symmetricBinding.getProtectionToken() == null) {
            return true;
        }
        assertPolicy(assertionInfoMap, symmetricBinding.getProtectionToken());
        if (checkDerivedKeys(symmetricBinding.getProtectionToken(), z, list, list2)) {
            return true;
        }
        assertionInfo.setNotAsserted("Message fails the DerivedKeys requirement");
        return false;
    }
}
