package org.apache.wss4j.policy.stax.assertionStates;

import java.util.List;
import javax.xml.namespace.QName;
import org.apache.wss4j.common.WSSPolicyException;
import org.apache.wss4j.policy.AssertionState;
import org.apache.wss4j.policy.SPConstants;
import org.apache.wss4j.policy.model.AbstractSecurityAssertion;
import org.apache.wss4j.policy.model.AbstractSymmetricAsymmetricBinding;
import org.apache.wss4j.policy.stax.Assertable;
import org.apache.wss4j.policy.stax.DummyPolicyAsserter;
import org.apache.wss4j.policy.stax.PolicyAsserter;
import org.apache.wss4j.stax.securityEvent.EncryptedPartSecurityEvent;
import org.apache.wss4j.stax.securityEvent.SignedPartSecurityEvent;
import org.apache.wss4j.stax.securityEvent.WSSecurityEventConstants;
import org.apache.wss4j.stax.utils.WSSUtils;
import org.apache.xml.security.stax.ext.XMLSecurityConstants;
import org.apache.xml.security.stax.securityEvent.ContentEncryptedElementSecurityEvent;
import org.apache.xml.security.stax.securityEvent.EncryptedElementSecurityEvent;
import org.apache.xml.security.stax.securityEvent.SecurityEvent;
import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;
import org.apache.xml.security.stax.securityEvent.SignedElementSecurityEvent;

/* loaded from: input_file:lib/wss4j-ws-security-policy-stax-2.4.3.jar:org/apache/wss4j/policy/stax/assertionStates/ProtectionOrderAssertionState.class */
public class ProtectionOrderAssertionState extends AssertionState implements Assertable {
    private PolicyAsserter policyAsserter;

    public ProtectionOrderAssertionState(AbstractSecurityAssertion abstractSecurityAssertion, PolicyAsserter policyAsserter, boolean z) {
        super(abstractSecurityAssertion, z);
        this.policyAsserter = policyAsserter;
        if (this.policyAsserter == null) {
            this.policyAsserter = new DummyPolicyAsserter();
        }
        if (z) {
            String namespaceURI = getAssertion().getName().getNamespaceURI();
            switch (((AbstractSymmetricAsymmetricBinding) getAssertion()).getProtectionOrder()) {
                case SignBeforeEncrypting:
                    policyAsserter.assertPolicy(new QName(namespaceURI, SPConstants.SIGN_BEFORE_ENCRYPTING));
                    return;
                case EncryptBeforeSigning:
                    policyAsserter.assertPolicy(new QName(namespaceURI, SPConstants.ENCRYPT_BEFORE_SIGNING));
                    return;
                default:
                    return;
            }
        }
    }

    @Override // org.apache.wss4j.policy.stax.Assertable
    public SecurityEventConstants.Event[] getSecurityEventType() {
        return new SecurityEventConstants.Event[]{SecurityEventConstants.SignedElement, WSSecurityEventConstants.SIGNED_PART, WSSecurityEventConstants.EncryptedElement, WSSecurityEventConstants.ENCRYPTED_PART, WSSecurityEventConstants.ContentEncrypted};
    }

    @Override // org.apache.wss4j.policy.stax.Assertable
    public boolean assertEvent(SecurityEvent securityEvent) throws WSSPolicyException {
        AbstractSymmetricAsymmetricBinding.ProtectionOrder protectionOrder = ((AbstractSymmetricAsymmetricBinding) getAssertion()).getProtectionOrder();
        SecurityEventConstants.Event securityEventType = securityEvent.getSecurityEventType();
        if (WSSecurityEventConstants.SignedElement.equals(securityEventType)) {
            SignedElementSecurityEvent signedElementSecurityEvent = (SignedElementSecurityEvent) securityEvent;
            if (!signedElementSecurityEvent.isSigned()) {
                return true;
            }
            testProtectionOrder(protectionOrder, signedElementSecurityEvent.getProtectionOrder(), signedElementSecurityEvent.getElementPath());
        } else if (WSSecurityEventConstants.SIGNED_PART.equals(securityEventType)) {
            SignedPartSecurityEvent signedPartSecurityEvent = (SignedPartSecurityEvent) securityEvent;
            if (!signedPartSecurityEvent.isSigned()) {
                return true;
            }
            testProtectionOrder(protectionOrder, signedPartSecurityEvent.getProtectionOrder(), signedPartSecurityEvent.getElementPath());
        } else if (WSSecurityEventConstants.EncryptedElement.equals(securityEventType)) {
            EncryptedElementSecurityEvent encryptedElementSecurityEvent = (EncryptedElementSecurityEvent) securityEvent;
            if (!encryptedElementSecurityEvent.isEncrypted()) {
                return true;
            }
            testProtectionOrder(protectionOrder, encryptedElementSecurityEvent.getProtectionOrder(), encryptedElementSecurityEvent.getElementPath());
        } else if (WSSecurityEventConstants.ENCRYPTED_PART.equals(securityEventType)) {
            EncryptedPartSecurityEvent encryptedPartSecurityEvent = (EncryptedPartSecurityEvent) securityEvent;
            if (!encryptedPartSecurityEvent.isEncrypted()) {
                return true;
            }
            testProtectionOrder(protectionOrder, encryptedPartSecurityEvent.getProtectionOrder(), encryptedPartSecurityEvent.getElementPath());
        } else if (WSSecurityEventConstants.ContentEncrypted.equals(securityEventType)) {
            ContentEncryptedElementSecurityEvent contentEncryptedElementSecurityEvent = (ContentEncryptedElementSecurityEvent) securityEvent;
            if (!contentEncryptedElementSecurityEvent.isEncrypted()) {
                return true;
            }
            testProtectionOrder(protectionOrder, contentEncryptedElementSecurityEvent.getProtectionOrder(), contentEncryptedElementSecurityEvent.getElementPath());
        }
        return isAsserted();
    }

    private void testProtectionOrder(AbstractSymmetricAsymmetricBinding.ProtectionOrder protectionOrder, List<XMLSecurityConstants.ContentType> list, List<QName> list2) {
        String namespaceURI = getAssertion().getName().getNamespaceURI();
        switch (protectionOrder) {
            case SignBeforeEncrypting:
                int lastIndexOf = list.lastIndexOf(XMLSecurityConstants.ContentType.SIGNATURE);
                int indexOf = list.indexOf(XMLSecurityConstants.ContentType.ENCRYPTION);
                if (indexOf < 0 || indexOf >= lastIndexOf) {
                    this.policyAsserter.assertPolicy(new QName(namespaceURI, SPConstants.SIGN_BEFORE_ENCRYPTING));
                    return;
                }
                setAsserted(false);
                setErrorMessage("Policy enforces " + protectionOrder + " but the " + WSSUtils.pathAsString(list2) + " was encrypted and then signed");
                this.policyAsserter.unassertPolicy(new QName(namespaceURI, SPConstants.SIGN_BEFORE_ENCRYPTING), getErrorMessage());
                return;
            case EncryptBeforeSigning:
                int lastIndexOf2 = list.lastIndexOf(XMLSecurityConstants.ContentType.ENCRYPTION);
                int indexOf2 = list.indexOf(XMLSecurityConstants.ContentType.SIGNATURE);
                if (indexOf2 < 0 || indexOf2 >= lastIndexOf2) {
                    this.policyAsserter.assertPolicy(new QName(namespaceURI, SPConstants.ENCRYPT_BEFORE_SIGNING));
                    return;
                }
                setAsserted(false);
                setErrorMessage("Policy enforces " + protectionOrder + " but the " + WSSUtils.pathAsString(list2) + " was signed and then encrypted");
                this.policyAsserter.unassertPolicy(new QName(namespaceURI, SPConstants.ENCRYPT_BEFORE_SIGNING), getErrorMessage());
                return;
            default:
                return;
        }
    }
}
