package com.sun.xml.wss.impl.policy.verifier;

import com.sun.xml.wss.impl.PolicyTypeUtil;
import com.sun.xml.wss.impl.PolicyViolationException;
import com.sun.xml.wss.impl.policy.SecurityPolicy;
import com.sun.xml.wss.impl.policy.mls.AuthenticationTokenPolicy;
import com.sun.xml.wss.impl.policy.mls.EncryptionPolicy;
import com.sun.xml.wss.impl.policy.mls.WSSPolicy;
import com.sun.xml.wss.impl.policy.spi.PolicyVerifier;

/* loaded from: input_file:com/sun/xml/wss/impl/policy/verifier/EncryptionPolicyVerifier.class */
public class EncryptionPolicyVerifier implements PolicyVerifier {
    @Override // com.sun.xml.wss.impl.policy.spi.PolicyVerifier
    public void verifyPolicy(SecurityPolicy securityPolicy, SecurityPolicy securityPolicy2) throws PolicyViolationException {
        if (PolicyTypeUtil.encryptionPolicy(securityPolicy) && PolicyTypeUtil.encryptionPolicy(securityPolicy2)) {
            EncryptionPolicy encryptionPolicy = (EncryptionPolicy) securityPolicy2;
            EncryptionPolicy encryptionPolicy2 = (EncryptionPolicy) securityPolicy;
            EncryptionPolicy.FeatureBinding featureBinding = (EncryptionPolicy.FeatureBinding) encryptionPolicy.getFeatureBinding();
            EncryptionPolicy.FeatureBinding featureBinding2 = (EncryptionPolicy.FeatureBinding) encryptionPolicy2.getFeatureBinding();
            String dataEncryptionAlgorithm = featureBinding.getDataEncryptionAlgorithm();
            String dataEncryptionAlgorithm2 = featureBinding2.getDataEncryptionAlgorithm();
            if (dataEncryptionAlgorithm2 != null && dataEncryptionAlgorithm2.length() > 0 && !dataEncryptionAlgorithm2.equals(dataEncryptionAlgorithm)) {
                throw new PolicyViolationException(new StringBuffer().append("Receiver side requirement verification failed, DataEncryptionAlgorithm specified in the receiver requirements did match with DataEncryptionAlgorithm used to encrypt the message.Configured DataEncryptionAlgorithm is ").append(dataEncryptionAlgorithm2).append("  DataEncryptionAlgorithm used in the").append("message is ").append(dataEncryptionAlgorithm).toString());
            }
            WSSPolicy wSSPolicy = (WSSPolicy) encryptionPolicy2.getKeyBinding();
            if (wSSPolicy != null) {
                String type = wSSPolicy.getType();
                WSSPolicy wSSPolicy2 = (WSSPolicy) encryptionPolicy.getKeyBinding();
                if (wSSPolicy2 == null) {
                    throw new PolicyViolationException(new StringBuffer().append("KeyType used to Encrypt the message doesnot match with  the receiver side requirements. Configured KeyType is ").append(wSSPolicy).append(" KeyType inferred from the message is  ").append(wSSPolicy2).toString());
                }
                if (wSSPolicy2.getType() != type) {
                    throw new PolicyViolationException(new StringBuffer().append("KeyType used to Encrypt the message doesnot match with  the receiver side requirements. Configured KeyType is ").append(wSSPolicy).append(" KeyType inferred from the message is  ").append(wSSPolicy2).toString());
                }
                if (type == PolicyTypeUtil.SAMLASSERTION_TYPE) {
                    checkSAMLAssertionBinding((AuthenticationTokenPolicy.SAMLAssertionBinding) wSSPolicy, (AuthenticationTokenPolicy.SAMLAssertionBinding) wSSPolicy2);
                } else if (type == PolicyTypeUtil.X509CERTIFICATE_TYPE) {
                    checkX509CertificateBinding((AuthenticationTokenPolicy.X509CertificateBinding) wSSPolicy, (AuthenticationTokenPolicy.X509CertificateBinding) wSSPolicy2);
                }
            }
        }
    }

    private void checkSAMLAssertionBinding(AuthenticationTokenPolicy.SAMLAssertionBinding sAMLAssertionBinding, AuthenticationTokenPolicy.SAMLAssertionBinding sAMLAssertionBinding2) throws PolicyViolationException {
        String authorityIdentifier = sAMLAssertionBinding.getAuthorityIdentifier();
        String authorityIdentifier2 = sAMLAssertionBinding2.getAuthorityIdentifier();
        if (authorityIdentifier == null || authorityIdentifier.length() <= 0 || authorityIdentifier2 == null) {
            return;
        }
        _throwError(sAMLAssertionBinding, sAMLAssertionBinding2, authorityIdentifier.equals(authorityIdentifier2));
    }

    private void checkX509CertificateBinding(AuthenticationTokenPolicy.X509CertificateBinding x509CertificateBinding, AuthenticationTokenPolicy.X509CertificateBinding x509CertificateBinding2) throws PolicyViolationException {
        boolean z = true;
        String keyAlgorithm = x509CertificateBinding.getKeyAlgorithm();
        String keyAlgorithm2 = x509CertificateBinding2.getKeyAlgorithm();
        if (keyAlgorithm != null && keyAlgorithm.length() > 0 && keyAlgorithm2.length() > 0) {
            z = keyAlgorithm.equals(keyAlgorithm2);
        }
        _throwError(x509CertificateBinding, x509CertificateBinding2, z);
        String referenceType = x509CertificateBinding.getReferenceType();
        String referenceType2 = x509CertificateBinding2.getReferenceType();
        if (referenceType != null && referenceType.length() > 0) {
            z = referenceType.equals(referenceType2);
        }
        _throwError(x509CertificateBinding, x509CertificateBinding2, z);
        String valueType = x509CertificateBinding.getValueType();
        String valueType2 = x509CertificateBinding2.getValueType();
        if (valueType != null && valueType.length() > 0) {
            z = valueType.equals(valueType2);
        }
        _throwError(x509CertificateBinding, x509CertificateBinding2, z);
    }

    private final void _throwError(SecurityPolicy securityPolicy, SecurityPolicy securityPolicy2, boolean z) throws PolicyViolationException {
        if (!z) {
            throw new PolicyViolationException(new StringBuffer().append("KeyType used to Encrypt the message doesnot match with  the receiver side requirements. Configured KeyType is ").append(securityPolicy).append(" KeyType inferred from the message is  ").append(securityPolicy2).toString());
        }
    }
}
