package com.sonicsw.ws.security.policy;

import com.sonicsw.ws.axis.DebugObjects;
import com.sonicsw.ws.security.action.Encryption;
import com.sonicsw.ws.security.action.EncryptionSignatureBase;
import com.sonicsw.ws.security.action.Signature;
import com.sonicsw.ws.security.processingresult.EncryptionSignatureResult;
import com.sonicsw.ws.security.processingresult.SignatureResult;
import com.sonicsw.wsp.PolicyException;
import com.sonicsw.wsp.SecurityPolicyException;
import com.sonicsw.wsp.WSPUtils;
import java.util.regex.Pattern;
import javax.xml.namespace.QName;
import org.apache.axis.MessageContext;
import org.apache.ws.policy.Policy;
import org.apache.ws.security.policy.model.PolicyEngineData;
import org.apache.ws.security.policy.model.RootPolicyEngineData;
import org.apache.ws.security.policy.model.X509Token;
import org.apache.xmlbeans.SchemaType;
import org.apache.xmlbeans.XmlObject;
import org.xmlsoap.schemas.ws.x2002.x12.secext.ChallengeOrIntegrity;
import org.xmlsoap.schemas.ws.x2002.x12.secext.Confidentiality;
import org.xmlsoap.schemas.ws.x2002.x12.secext.ConfidentialityDocument;
import org.xmlsoap.schemas.ws.x2002.x12.secext.IntegrityDocument;
import org.xmlsoap.schemas.ws.x2002.x12.secext.MessageAgeDocument;
import org.xmlsoap.schemas.ws.x2002.x12.secext.MessageAgeType;
import org.xmlsoap.schemas.ws.x2002.x12.secext.SecurityHeaderDocument;
import org.xmlsoap.schemas.ws.x2002.x12.secext.SecurityTokenDocument;
import org.xmlsoap.schemas.ws.x2002.x12.secext.VisibilityDocument;
import org.xmlsoap.schemas.ws.x2004.x09.policy.OperatorContentType;
import org.xmlsoap.schemas.ws.x2004.x09.policy.PolicyDocument;

/* loaded from: input_file:com/sonicsw/ws/security/policy/WSSPUtils.class */
public class WSSPUtils {
    public static boolean match(QName qName, String str, String str2) {
        if (qName.equals(WSSPConstants.QN_MATCHTYPE_REGEXP)) {
            return Pattern.compile(str).matcher(str2).matches();
        }
        if (qName.equals(WSSPConstants.QN_MATCHTYPE_PREFIX)) {
            return str2.startsWith(str);
        }
        if (qName.equals(WSSPConstants.QN_MATCHTYPE_EXACT)) {
            return str2.equals(str);
        }
        throw new IllegalArgumentException("Invalid match type: " + qName);
    }

    public static IntegrityDocument[] getIntegrityAssertions(PolicyDocument policyDocument) {
        IntegrityDocument[] integrityDocumentArr = null;
        if (WSPUtils.isSingleton(policyDocument)) {
            integrityDocumentArr = (IntegrityDocument[]) WSPUtils.getAssertions(WSPUtils.getSingletonAll(policyDocument), IntegrityDocument.type.getName());
        }
        return integrityDocumentArr;
    }

    public static ConfidentialityDocument[] getConfidentialityAssertions(PolicyDocument policyDocument) {
        ConfidentialityDocument[] confidentialityDocumentArr = null;
        if (WSPUtils.isSingleton(policyDocument)) {
            confidentialityDocumentArr = (ConfidentialityDocument[]) WSPUtils.getAssertions(WSPUtils.getSingletonAll(policyDocument), ConfidentialityDocument.type.getName());
        }
        return confidentialityDocumentArr;
    }

    public static VisibilityDocument[] getVisibilityAssertions(PolicyDocument policyDocument) {
        VisibilityDocument[] visibilityDocumentArr = null;
        if (WSPUtils.isSingleton(policyDocument)) {
            visibilityDocumentArr = (VisibilityDocument[]) WSPUtils.getAssertions(WSPUtils.getSingletonAll(policyDocument), VisibilityDocument.type.getName());
        }
        return visibilityDocumentArr;
    }

    public static MessageAgeDocument[] getMessageAgeAssertions(PolicyDocument policyDocument) {
        MessageAgeDocument[] messageAgeDocumentArr = null;
        if (WSPUtils.isSingleton(policyDocument)) {
            messageAgeDocumentArr = (MessageAgeDocument[]) WSPUtils.getAssertions(WSPUtils.getSingletonAll(policyDocument), MessageAgeDocument.type.getName());
        }
        return messageAgeDocumentArr;
    }

    public static SecurityTokenDocument[] getSecurityTokenAssertions(PolicyDocument policyDocument) {
        SecurityTokenDocument[] securityTokenDocumentArr = null;
        if (WSPUtils.isSingleton(policyDocument)) {
            securityTokenDocumentArr = (SecurityTokenDocument[]) WSPUtils.getAssertions(WSPUtils.getSingletonAll(policyDocument), SecurityTokenDocument.type.getName());
        }
        return securityTokenDocumentArr;
    }

    public static XmlObject[] getAllSecurityAssertions(OperatorContentType operatorContentType) {
        return operatorContentType.selectPath(WSPUtils.childElementXPath("http://schemas.xmlsoap.org/ws/2002/12/secext"));
    }

    public static boolean isIntegrityAssertion(XmlObject xmlObject) {
        SchemaType schemaType;
        return (xmlObject == null || (schemaType = xmlObject.schemaType()) == null || schemaType.getName() == null || !schemaType.getName().equals(WSSPConstants.QN_CHALLENGE_OR_INTEGRITY)) ? false : true;
    }

    public static boolean isSecurityTokenAssertion(XmlObject xmlObject) {
        SchemaType schemaType;
        return (xmlObject == null || (schemaType = xmlObject.schemaType()) == null || schemaType.getName() == null || !schemaType.getName().equals(WSSPConstants.QN_SECURITY_TOKEN_TYPE)) ? false : true;
    }

    public static boolean isUsernameTokenAssertion(SecurityTokenAssertion securityTokenAssertion) {
        QName tokenType;
        return (securityTokenAssertion == null || (tokenType = securityTokenAssertion.getTokenType()) == null || !tokenType.equals(WSSPConstants.QN_TOKENTYPE_USERNAME)) ? false : true;
    }

    public static boolean isX509v3TokenAssertion(SecurityTokenAssertion securityTokenAssertion) {
        QName tokenType;
        return (securityTokenAssertion == null || (tokenType = securityTokenAssertion.getTokenType()) == null || !tokenType.equals(WSSPConstants.QN_TOKENTYPE_X509V3)) ? false : true;
    }

    public static boolean isConfidentialityAssertion(XmlObject xmlObject) {
        SchemaType schemaType;
        return (xmlObject == null || (schemaType = xmlObject.schemaType()) == null || schemaType.getName() == null || !schemaType.getName().equals(WSSPConstants.QN_CONFIDENTIALITY)) ? false : true;
    }

    public static boolean isVisibilityAssertion(XmlObject xmlObject) {
        SchemaType schemaType;
        return (xmlObject == null || (schemaType = xmlObject.schemaType()) == null || schemaType.getName() == null || !schemaType.getName().equals(VisibilityDocument.type)) ? false : true;
    }

    public static boolean isSecurityHeaderAssertion(XmlObject xmlObject) {
        SchemaType schemaType;
        return (xmlObject == null || (schemaType = xmlObject.schemaType()) == null || schemaType.getName() == null || !schemaType.getName().equals(SecurityHeaderDocument.type)) ? false : true;
    }

    public static boolean isMessageAgeAssertion(XmlObject xmlObject) {
        SchemaType schemaType;
        return (xmlObject == null || (schemaType = xmlObject.schemaType()) == null || schemaType.getName() == null || !schemaType.getName().equals(WSSPConstants.QN_MESSAGE_AGE)) ? false : true;
    }

    public static Assertion createAssertionObject(String str, XmlObject xmlObject) throws PolicyException {
        if (isSecurityTokenAssertion(xmlObject)) {
            return new SecurityTokenAssertion(xmlObject);
        }
        if (isIntegrityAssertion(xmlObject)) {
            return new IntegrityAssertion(str, (ChallengeOrIntegrity) xmlObject);
        }
        if (isConfidentialityAssertion(xmlObject)) {
            return new ConfidentialityAssertion(str, (Confidentiality) xmlObject);
        }
        if (isMessageAgeAssertion(xmlObject)) {
            return new MessageAgeAssertion((MessageAgeType) xmlObject);
        }
        throw new IllegalArgumentException("Unsupported Assertion Type: " + xmlObject.schemaType().getName());
    }

    public static void buildActions(Policy policy, SecurityPolicyAlternative securityPolicyAlternative) throws PolicyException {
        if (policy == null) {
            return;
        }
        if (!policy.isNormalized()) {
            throw new RuntimeException("Policy is not in normalized format");
        }
        int numberOfPolicyAlternatives = WSPUtils.getNumberOfPolicyAlternatives(policy);
        if (numberOfPolicyAlternatives > 1) {
            throw new PolicyException("Policy contains " + numberOfPolicyAlternatives + " alternatives. Outbound policy must contain only one alternative.");
        }
        SecurityPolicyProcessor securityPolicyProcessor = new SecurityPolicyProcessor();
        try {
            securityPolicyProcessor.setup();
            buildActions(policy, securityPolicyAlternative, securityPolicyProcessor);
        } catch (Exception e) {
            if (!(e instanceof PolicyException)) {
                throw new PolicyException(e);
            }
            throw ((PolicyException) e);
        }
    }

    public static SecurityPolicyAlternative[] getPolicyAlternatives(Policy policy) throws PolicyException {
        if (policy == null) {
            return null;
        }
        Policy[] policyAlternatives = WSPUtils.getPolicyAlternatives(policy);
        SecurityPolicyAlternative[] securityPolicyAlternativeArr = new SecurityPolicyAlternative[policyAlternatives.length];
        SecurityPolicyProcessor securityPolicyProcessor = new SecurityPolicyProcessor();
        try {
            securityPolicyProcessor.setup();
            for (int i = 0; i < policyAlternatives.length; i++) {
                securityPolicyAlternativeArr[i] = new SecurityPolicyAlternative();
                buildActions(policyAlternatives[i], securityPolicyAlternativeArr[i], securityPolicyProcessor);
            }
            return securityPolicyAlternativeArr;
        } catch (NoSuchMethodException e) {
            throw new PolicyException(e);
        }
    }

    private static void buildActions(Policy policy, SecurityPolicyAlternative securityPolicyAlternative, SecurityPolicyProcessor securityPolicyProcessor) throws PolicyException {
        securityPolicyProcessor.processPolicy(policy);
        PolicyEngineData readCurrentPolicyEngineData = securityPolicyProcessor.secProcessorContext.readCurrentPolicyEngineData();
        if (!(readCurrentPolicyEngineData instanceof RootPolicyEngineData)) {
            throw new PolicyException("Unexpected PolicyEngineData during processing of security assertions.  Expected RootPolicyEngineData, found " + readCurrentPolicyEngineData);
        }
        securityPolicyAlternative.buildActions((RootPolicyEngineData) readCurrentPolicyEngineData);
    }

    public static boolean isClient(MessageContext messageContext) {
        return messageContext.isClient();
    }

    public static String getOutboundTokenRef(EncryptionSignatureBase encryptionSignatureBase, MessageContext messageContext) throws SecurityPolicyException {
        boolean isClient = isClient(messageContext);
        X509Token token = getToken(encryptionSignatureBase, isClient);
        String requiredTokenRef = getRequiredTokenRef(token);
        String tokenInclusion = getTokenInclusion(token, isClient);
        String str = null;
        if (SSPConstants.LN_TOKEN_REF_MODEL_INCLUDE.equals(tokenInclusion)) {
            if (requiredTokenRef != null) {
                throw new SecurityPolicyException("Inconsistent token reference models. Required external reference model " + requiredTokenRef + ", but token must be included.");
            }
            str = tokenInclusion;
        } else if (requiredTokenRef == null) {
            if (encryptionSignatureBase instanceof Signature) {
                if (encryptionSignatureBase.getMustSupportRefIssuerSerial()) {
                    str = SSPConstants.LN_TOKEN_REF_MODEL_ISSUERSERIAL;
                } else if (encryptionSignatureBase.getMustSupportRefKeyIdentifier()) {
                    str = SSPConstants.LN_TOKEN_REF_MODEL_KEYIDENTIFIER;
                }
            } else if (encryptionSignatureBase.getMustSupportRefKeyIdentifier()) {
                str = SSPConstants.LN_TOKEN_REF_MODEL_KEYIDENTIFIER;
            } else if (encryptionSignatureBase.getMustSupportRefIssuerSerial()) {
                str = SSPConstants.LN_TOKEN_REF_MODEL_ISSUERSERIAL;
            }
            if (str == null) {
                throw new SecurityPolicyException("Inconsistent token reference models. Token must not be included but there is no required or supported external token reference model.");
            }
        } else {
            boolean z = false;
            if (SSPConstants.LN_TOKEN_REF_MODEL_ISSUERSERIAL.equals(requiredTokenRef)) {
                z = encryptionSignatureBase.getMustSupportRefIssuerSerial();
            } else if (SSPConstants.LN_TOKEN_REF_MODEL_KEYIDENTIFIER.equals(requiredTokenRef)) {
                z = encryptionSignatureBase.getMustSupportRefKeyIdentifier();
            }
            if (!z) {
                throw new SecurityPolicyException("Inconsistent token reference models. Required external reference model " + requiredTokenRef + " is not supported. ");
            }
            str = requiredTokenRef;
        }
        return str;
    }

    public static boolean validateInboundTokenRef(EncryptionSignatureBase encryptionSignatureBase, MessageContext messageContext, String str, EncryptionSignatureResult encryptionSignatureResult) {
        boolean z = true;
        boolean z2 = !isClient(messageContext);
        X509Token token = getToken(encryptionSignatureBase, z2);
        String requiredTokenRef = getRequiredTokenRef(token);
        String tokenInclusion = getTokenInclusion(token, z2);
        DebugObjects.getHandlerDebug().debug("WSSPUtils.validateInboundTokenRef():  action = " + (encryptionSignatureBase instanceof Encryption ? "Encryption" : "Signature") + ", fromInitiator = " + z2 + ", detected token ref = " + str + ", token inclusion =  " + tokenInclusion + ", required model = " + requiredTokenRef);
        if (SSPConstants.LN_TOKEN_REF_MODEL_INCLUDE.equals(tokenInclusion)) {
            if (!SSPConstants.LN_TOKEN_REF_MODEL_INCLUDE.equals(str)) {
                z = false;
                encryptionSignatureResult.setStatus("Invalid token reference model. Expected: " + tokenInclusion + ",  detected " + str);
            } else if (requiredTokenRef != null) {
                z = false;
                encryptionSignatureResult.setStatus("Invalid token reference model. Expected: " + tokenInclusion + ", detected: " + str);
            }
        } else if (requiredTokenRef == null) {
            if (SSPConstants.LN_TOKEN_REF_MODEL_INCLUDE.equals(str)) {
                z = false;
                encryptionSignatureResult.setStatus("Invalid token reference model. Expected: any supported external token reference model, detected: " + str);
            }
        } else if (!requiredTokenRef.equals(str)) {
            z = false;
            encryptionSignatureResult.setStatus("Invalid token reference model. Expected: " + requiredTokenRef + ", detected: " + str);
        }
        if (!z) {
            DebugObjects.getPolicyDebug().debug((encryptionSignatureResult instanceof SignatureResult ? "Signature" : "Encryption") + "Result: " + encryptionSignatureResult.getStatus());
        }
        return z;
    }

    private static X509Token getToken(EncryptionSignatureBase encryptionSignatureBase, boolean z) {
        return (!((encryptionSignatureBase instanceof Signature) && z) && (!(encryptionSignatureBase instanceof Encryption) || z)) ? encryptionSignatureBase.getRecipientToken().getRecipientToken() : (X509Token) encryptionSignatureBase.getInitiatorToken().getInitiatorToken();
    }

    private static String getRequiredTokenRef(X509Token x509Token) {
        if (x509Token.isRequireIssuerSerialReference()) {
            return SSPConstants.LN_TOKEN_REF_MODEL_ISSUERSERIAL;
        }
        if (x509Token.isRequireKeyIdentifierReference()) {
            return SSPConstants.LN_TOKEN_REF_MODEL_KEYIDENTIFIER;
        }
        return null;
    }

    private static String getTokenInclusion(X509Token x509Token, boolean z) {
        if (x509Token.getInclusion().equals("http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always")) {
            return SSPConstants.LN_TOKEN_REF_MODEL_INCLUDE;
        }
        if (z && x509Token.getInclusion().equals("http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient")) {
            return SSPConstants.LN_TOKEN_REF_MODEL_INCLUDE;
        }
        return null;
    }
}
