package org.apache.wss4j.policy.stax.enforcer;

import java.util.List;
import javax.xml.namespace.QName;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.events.Attribute;
import org.apache.wss4j.common.WSSPolicyException;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.stax.ext.WSSConstants;
import org.apache.wss4j.stax.ext.WSSSecurityProperties;
import org.apache.wss4j.stax.impl.processor.input.SecurityHeaderInputProcessor;
import org.apache.wss4j.stax.securityEvent.EncryptedPartSecurityEvent;
import org.apache.wss4j.stax.securityEvent.RequiredElementSecurityEvent;
import org.apache.wss4j.stax.securityEvent.RequiredPartSecurityEvent;
import org.apache.wss4j.stax.securityEvent.SignedPartSecurityEvent;
import org.apache.wss4j.stax.utils.WSSUtils;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.ext.AbstractInputProcessor;
import org.apache.xml.security.stax.ext.DocumentContext;
import org.apache.xml.security.stax.ext.InputProcessorChain;
import org.apache.xml.security.stax.ext.XMLSecurityConstants;
import org.apache.xml.security.stax.ext.XMLSecurityProperties;
import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
import org.apache.xml.security.stax.ext.stax.XMLSecStartElement;
import org.apache.xml.security.stax.securityEvent.ContentEncryptedElementSecurityEvent;
import org.apache.xml.security.stax.securityEvent.EncryptedElementSecurityEvent;
import org.apache.xml.security.stax.securityEvent.SignedElementSecurityEvent;

/* loaded from: input_file:org/apache/wss4j/policy/stax/enforcer/PolicyInputProcessor.class */
public class PolicyInputProcessor extends AbstractInputProcessor {
    private final PolicyEnforcer policyEnforcer;
    private boolean initDone;
    private boolean transportSecurityActive;

    public PolicyInputProcessor(PolicyEnforcer policyEnforcer, XMLSecurityProperties xMLSecurityProperties) {
        super(xMLSecurityProperties);
        this.initDone = false;
        this.transportSecurityActive = false;
        setPhase(XMLSecurityConstants.Phase.POSTPROCESSING);
        addBeforeProcessor(SecurityHeaderInputProcessor.class.getName());
        this.policyEnforcer = policyEnforcer;
    }

    @Override // org.apache.xml.security.stax.ext.InputProcessor
    public XMLSecEvent processHeaderEvent(InputProcessorChain inputProcessorChain) throws XMLStreamException, XMLSecurityException {
        XMLSecEvent processHeaderEvent = inputProcessorChain.processHeaderEvent();
        init(inputProcessorChain);
        List<QName> list = null;
        if (!this.transportSecurityActive) {
            list = processHeaderEvent.getElementPath();
            if (!inputProcessorChain.getDocumentContext().isInEncryptedContent() && WSSUtils.isInSecurityHeader(processHeaderEvent, list, ((WSSSecurityProperties) getSecurityProperties()).getActor())) {
                testEncryptionPolicy(processHeaderEvent, list);
            }
        }
        if (processHeaderEvent.getEventType() == 1) {
            XMLSecStartElement mo1956asStartElement = processHeaderEvent.mo1956asStartElement();
            if (list == null) {
                list = mo1956asStartElement.getElementPath();
            }
            int size = list.size();
            if (size == 3 && WSSUtils.isInSOAPHeader(list)) {
                RequiredPartSecurityEvent requiredPartSecurityEvent = new RequiredPartSecurityEvent();
                requiredPartSecurityEvent.setElementPath(list);
                this.policyEnforcer.registerSecurityEvent(requiredPartSecurityEvent);
                RequiredElementSecurityEvent requiredElementSecurityEvent = new RequiredElementSecurityEvent();
                requiredElementSecurityEvent.setElementPath(list);
                this.policyEnforcer.registerSecurityEvent(requiredElementSecurityEvent);
            } else if (size > 3) {
                RequiredElementSecurityEvent requiredElementSecurityEvent2 = new RequiredElementSecurityEvent();
                requiredElementSecurityEvent2.setElementPath(list);
                this.policyEnforcer.registerSecurityEvent(requiredElementSecurityEvent2);
            }
        }
        return processHeaderEvent;
    }

    @Override // org.apache.xml.security.stax.ext.InputProcessor
    public XMLSecEvent processEvent(InputProcessorChain inputProcessorChain) throws XMLStreamException, XMLSecurityException {
        XMLSecEvent processEvent = inputProcessorChain.processEvent();
        List<QName> list = null;
        if (1 == processEvent.getEventType()) {
            XMLSecStartElement mo1956asStartElement = processEvent.mo1956asStartElement();
            if (mo1956asStartElement.getDocumentLevel() > 3) {
                RequiredElementSecurityEvent requiredElementSecurityEvent = new RequiredElementSecurityEvent();
                list = mo1956asStartElement.getElementPath();
                requiredElementSecurityEvent.setElementPath(list);
                this.policyEnforcer.registerSecurityEvent(requiredElementSecurityEvent);
            }
        }
        if (!this.transportSecurityActive) {
            DocumentContext documentContext = inputProcessorChain.getDocumentContext();
            boolean isInEncryptedContent = documentContext.isInEncryptedContent();
            boolean isInSignedContent = documentContext.isInSignedContent();
            if (!isInEncryptedContent || !isInSignedContent) {
                if (list == null) {
                    list = processEvent.getElementPath();
                }
                if (!isInEncryptedContent && !WSSUtils.isInSecurityHeader(processEvent, list, ((WSSSecurityProperties) getSecurityProperties()).getActor())) {
                    testEncryptionPolicy(processEvent, list);
                }
                if (!isInSignedContent) {
                    testSignaturePolicy(processEvent, list);
                }
            }
        }
        return processEvent;
    }

    @Override // org.apache.xml.security.stax.ext.AbstractInputProcessor, org.apache.xml.security.stax.ext.InputProcessor
    public void doFinal(InputProcessorChain inputProcessorChain) throws XMLStreamException, XMLSecurityException {
        super.doFinal(inputProcessorChain);
        try {
            this.policyEnforcer.doFinal();
        } catch (WSSPolicyException e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, e);
        }
    }

    private void testSignaturePolicy(XMLSecEvent xMLSecEvent, List<QName> list) throws WSSecurityException {
        if (xMLSecEvent.getEventType() == 1) {
            int size = list.size();
            if (size == 3 && WSSUtils.isInSOAPHeader(list)) {
                SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(null, false, null);
                signedPartSecurityEvent.setElementPath(list);
                this.policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
            } else if (size == 2 && WSSUtils.isInSOAPBody(list)) {
                SignedPartSecurityEvent signedPartSecurityEvent2 = new SignedPartSecurityEvent(null, false, null);
                signedPartSecurityEvent2.setElementPath(list);
                this.policyEnforcer.registerSecurityEvent(signedPartSecurityEvent2);
            } else if (size > 3) {
                SignedElementSecurityEvent signedElementSecurityEvent = new SignedElementSecurityEvent(null, false, null);
                signedElementSecurityEvent.setElementPath(list);
                this.policyEnforcer.registerSecurityEvent(signedElementSecurityEvent);
            }
        }
    }

    private void testEncryptionPolicy(XMLSecEvent xMLSecEvent, List<QName> list) throws WSSecurityException {
        switch (xMLSecEvent.getEventType()) {
            case 1:
                int size = list.size();
                if (size == 3 && WSSUtils.isInSOAPHeader(list)) {
                    EncryptedPartSecurityEvent encryptedPartSecurityEvent = new EncryptedPartSecurityEvent(null, false, null);
                    encryptedPartSecurityEvent.setElementPath(list);
                    this.policyEnforcer.registerSecurityEvent(encryptedPartSecurityEvent);
                    return;
                }
                if (size == 3 && WSSUtils.isInSOAPBody(list)) {
                    EncryptedPartSecurityEvent encryptedPartSecurityEvent2 = new EncryptedPartSecurityEvent(null, false, null);
                    encryptedPartSecurityEvent2.setElementPath(list);
                    this.policyEnforcer.registerSecurityEvent(encryptedPartSecurityEvent2);
                    return;
                } else {
                    if (size > 3) {
                        EncryptedElementSecurityEvent encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(null, false, null);
                        encryptedElementSecurityEvent.setCorrelationID(getId(xMLSecEvent));
                        encryptedElementSecurityEvent.setElementPath(list);
                        this.policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
                        ContentEncryptedElementSecurityEvent contentEncryptedElementSecurityEvent = new ContentEncryptedElementSecurityEvent(null, false, null);
                        contentEncryptedElementSecurityEvent.setElementPath(xMLSecEvent.getParentXMLSecStartElement().getElementPath());
                        this.policyEnforcer.registerSecurityEvent(contentEncryptedElementSecurityEvent);
                        return;
                    }
                    return;
                }
            case 2:
            case 5:
            case 6:
            case 7:
            case 8:
            default:
                return;
            case 3:
            case 4:
            case 9:
                ContentEncryptedElementSecurityEvent contentEncryptedElementSecurityEvent2 = new ContentEncryptedElementSecurityEvent(null, false, null);
                contentEncryptedElementSecurityEvent2.setElementPath(xMLSecEvent.getElementPath());
                this.policyEnforcer.registerSecurityEvent(contentEncryptedElementSecurityEvent2);
                return;
        }
    }

    protected String getId(XMLSecEvent xMLSecEvent) {
        XMLSecStartElement mo1956asStartElement = xMLSecEvent.mo1956asStartElement();
        if (mo1956asStartElement.getOnElementDeclaredAttributes().isEmpty()) {
            return null;
        }
        Attribute attributeByName = mo1956asStartElement.getAttributeByName(WSSConstants.ATT_WSU_ID);
        if (attributeByName != null) {
            return attributeByName.getValue();
        }
        Attribute attributeByName2 = mo1956asStartElement.getAttributeByName(WSSConstants.ATT_NULL_Id);
        if (attributeByName2 != null) {
            return attributeByName2.getValue();
        }
        Attribute attributeByName3 = mo1956asStartElement.getAttributeByName(WSSConstants.ATT_NULL_ID);
        if (attributeByName3 != null) {
            return attributeByName3.getValue();
        }
        Attribute attributeByName4 = mo1956asStartElement.getAttributeByName(WSSConstants.ATT_NULL_ASSERTION_ID);
        if (attributeByName4 != null) {
            return attributeByName4.getValue();
        }
        return null;
    }

    protected void init(InputProcessorChain inputProcessorChain) {
        if (this.initDone) {
            return;
        }
        this.initDone = true;
        this.transportSecurityActive = Boolean.TRUE.equals(inputProcessorChain.getSecurityContext().get(WSSConstants.TRANSPORT_SECURITY_ACTIVE));
        inputProcessorChain.getSecurityContext().put(WSSConstants.PROP_ALLOW_RSA15_KEYTRANSPORT_ALGORITHM, Boolean.TRUE);
        inputProcessorChain.getSecurityContext().put(WSSConstants.PROP_ALLOW_USERNAMETOKEN_NOPASSWORD, Boolean.TRUE.toString());
    }
}
