package org.apache.wss4j.policy.stax.assertionStates;

import org.apache.wss4j.policy.WSSPolicyException;
import org.apache.wss4j.policy.model.AbstractSecurityAssertion;
import org.apache.wss4j.policy.model.AbstractToken;
import org.apache.wss4j.policy.model.UsernameToken;
import org.apache.wss4j.stax.ext.WSSConstants;
import org.apache.wss4j.stax.securityEvent.UsernameTokenSecurityEvent;
import org.apache.wss4j.stax.securityEvent.WSSecurityEventConstants;
import org.apache.wss4j.stax.securityToken.UsernameSecurityToken;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;
import org.apache.xml.security.stax.securityEvent.TokenSecurityEvent;
import org.apache.xml.security.stax.securityToken.SecurityToken;

/* loaded from: input_file:org/apache/wss4j/policy/stax/assertionStates/UsernameTokenAssertionState.class */
public class UsernameTokenAssertionState extends TokenAssertionState {

    /* renamed from: org.apache.wss4j.policy.stax.assertionStates.UsernameTokenAssertionState$1, reason: invalid class name */
    /* loaded from: input_file:org/apache/wss4j/policy/stax/assertionStates/UsernameTokenAssertionState$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$wss4j$policy$model$UsernameToken$PasswordType;
        static final /* synthetic */ int[] $SwitchMap$org$apache$wss4j$policy$model$UsernameToken$UsernameTokenType = new int[UsernameToken.UsernameTokenType.values().length];

        static {
            try {
                $SwitchMap$org$apache$wss4j$policy$model$UsernameToken$UsernameTokenType[UsernameToken.UsernameTokenType.WssUsernameToken10.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$apache$wss4j$policy$model$UsernameToken$UsernameTokenType[UsernameToken.UsernameTokenType.WssUsernameToken11.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            $SwitchMap$org$apache$wss4j$policy$model$UsernameToken$PasswordType = new int[UsernameToken.PasswordType.values().length];
            try {
                $SwitchMap$org$apache$wss4j$policy$model$UsernameToken$PasswordType[UsernameToken.PasswordType.NoPassword.ordinal()] = 1;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$apache$wss4j$policy$model$UsernameToken$PasswordType[UsernameToken.PasswordType.HashPassword.ordinal()] = 2;
            } catch (NoSuchFieldError e4) {
            }
        }
    }

    public UsernameTokenAssertionState(AbstractSecurityAssertion abstractSecurityAssertion, boolean z, boolean z2) {
        super(abstractSecurityAssertion, z, z2);
    }

    @Override // org.apache.wss4j.policy.stax.Assertable
    public SecurityEventConstants.Event[] getSecurityEventType() {
        return new SecurityEventConstants.Event[]{WSSecurityEventConstants.UsernameToken};
    }

    @Override // org.apache.wss4j.policy.stax.assertionStates.TokenAssertionState
    public boolean assertToken(TokenSecurityEvent<? extends SecurityToken> tokenSecurityEvent, AbstractToken abstractToken) throws WSSPolicyException, XMLSecurityException {
        if (!(tokenSecurityEvent instanceof UsernameTokenSecurityEvent)) {
            throw new WSSPolicyException("Expected a UsernameSecurityTokenEvent but got " + tokenSecurityEvent.getClass().getName());
        }
        UsernameSecurityToken securityToken = tokenSecurityEvent.getSecurityToken();
        UsernameTokenSecurityEvent usernameTokenSecurityEvent = (UsernameTokenSecurityEvent) tokenSecurityEvent;
        UsernameToken usernameToken = (UsernameToken) abstractToken;
        if (usernameToken.getPasswordType() != null) {
            switch (AnonymousClass1.$SwitchMap$org$apache$wss4j$policy$model$UsernameToken$PasswordType[usernameToken.getPasswordType().ordinal()]) {
                case 1:
                    if (usernameTokenSecurityEvent.getUsernameTokenPasswordType() != WSSConstants.UsernameTokenPasswordType.PASSWORD_NONE) {
                        setErrorMessage("UsernameToken contains a password but the policy prohibits it");
                        return false;
                    }
                    break;
                case 2:
                    if (usernameTokenSecurityEvent.getUsernameTokenPasswordType() != WSSConstants.UsernameTokenPasswordType.PASSWORD_DIGEST) {
                        setErrorMessage("UsernameToken does not contain a hashed password");
                        return false;
                    }
                    break;
            }
        } else {
            if (usernameTokenSecurityEvent.getUsernameTokenPasswordType() == WSSConstants.UsernameTokenPasswordType.PASSWORD_NONE) {
                setErrorMessage("UsernameToken must contain a password");
                return false;
            }
            if (usernameTokenSecurityEvent.getUsernameTokenPasswordType() == WSSConstants.UsernameTokenPasswordType.PASSWORD_DIGEST) {
                setErrorMessage("UsernameToken password must not be hashed");
                return false;
            }
        }
        if (usernameToken.isCreated() && (securityToken.getCreatedTime() == null || usernameTokenSecurityEvent.getUsernameTokenPasswordType() != WSSConstants.UsernameTokenPasswordType.PASSWORD_TEXT)) {
            setErrorMessage("UsernameToken does not contain a created timestamp or password is not plain text");
            return false;
        }
        if (usernameToken.isNonce() && (securityToken.getNonce() == null || usernameTokenSecurityEvent.getUsernameTokenPasswordType() != WSSConstants.UsernameTokenPasswordType.PASSWORD_TEXT)) {
            setErrorMessage("UsernameToken does not contain a nonce or password is not plain text");
            return false;
        }
        if (usernameToken.getUsernameTokenType() == null || usernameTokenSecurityEvent.getUsernameTokenProfile() == null) {
            return true;
        }
        switch (AnonymousClass1.$SwitchMap$org$apache$wss4j$policy$model$UsernameToken$UsernameTokenType[usernameToken.getUsernameTokenType().ordinal()]) {
            case 1:
                if (!usernameTokenSecurityEvent.getUsernameTokenProfile().equals("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0")) {
                    return true;
                }
                setErrorMessage("Policy enforces UsernameToken profile 1.0 but we got 1.1");
                return false;
            case 2:
                if (usernameTokenSecurityEvent.getUsernameTokenProfile().equals("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0")) {
                    return true;
                }
                setErrorMessage("Policy enforces UsernameToken profile 1.1 but we got 1.0");
                return false;
            default:
                return true;
        }
    }
}
