package org.apache.cxf.ws.security.wss4j.policyvalidators;

import java.util.Collection;
import java.util.List;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.security.policy.PolicyUtils;
import org.apache.wss4j.dom.engine.WSSecurityEngineResult;
import org.apache.wss4j.policy.SP11Constants;
import org.apache.wss4j.policy.SP12Constants;
import org.apache.wss4j.policy.model.SymmetricBinding;

/* loaded from: input_file:BOOT-INF/lib/cxf-rt-ws-security-3.2.4.jar:org/apache/cxf/ws/security/wss4j/policyvalidators/SymmetricBindingPolicyValidator.class */
public class SymmetricBindingPolicyValidator extends AbstractBindingPolicyValidator {
    @Override // org.apache.cxf.ws.security.wss4j.policyvalidators.SecurityPolicyValidator
    public boolean canValidatePolicy(AssertionInfo assertionInfo) {
        return assertionInfo.getAssertion() != null && (SP12Constants.SYMMETRIC_BINDING.equals(assertionInfo.getAssertion().getName()) || SP11Constants.SYMMETRIC_BINDING.equals(assertionInfo.getAssertion().getName()));
    }

    @Override // org.apache.cxf.ws.security.wss4j.policyvalidators.SecurityPolicyValidator
    public void validatePolicies(PolicyValidatorParameters policyValidatorParameters, Collection<AssertionInfo> collection) {
        boolean containsKey = policyValidatorParameters.getResults().getActionResults().containsKey(2048);
        for (AssertionInfo assertionInfo : collection) {
            SymmetricBinding symmetricBinding = (SymmetricBinding) assertionInfo.getAssertion();
            assertionInfo.setAsserted(true);
            if (checkProtectionOrder(symmetricBinding, policyValidatorParameters.getAssertionInfoMap(), assertionInfo, policyValidatorParameters.getResults().getResults()) && checkProperties(symmetricBinding, assertionInfo, policyValidatorParameters.getAssertionInfoMap(), policyValidatorParameters.getResults(), policyValidatorParameters.getSignedResults(), policyValidatorParameters.getMessage()) && !checkTokens(symmetricBinding, assertionInfo, policyValidatorParameters.getAssertionInfoMap(), containsKey, policyValidatorParameters.getSignedResults(), policyValidatorParameters.getEncryptedResults())) {
            }
        }
    }

    private boolean checkTokens(SymmetricBinding symmetricBinding, AssertionInfo assertionInfo, AssertionInfoMap assertionInfoMap, boolean z, List<WSSecurityEngineResult> list, List<WSSecurityEngineResult> list2) {
        if (symmetricBinding.getEncryptionToken() != null) {
            PolicyUtils.assertPolicy(assertionInfoMap, symmetricBinding.getEncryptionToken().getName());
            if (!checkDerivedKeys(symmetricBinding.getEncryptionToken(), z, list, list2)) {
                assertionInfo.setNotAsserted("Message fails the DerivedKeys requirement");
                return false;
            }
            assertDerivedKeys(symmetricBinding.getEncryptionToken().getToken(), assertionInfoMap);
        }
        if (symmetricBinding.getSignatureToken() != null) {
            PolicyUtils.assertPolicy(assertionInfoMap, symmetricBinding.getSignatureToken().getName());
            if (!checkDerivedKeys(symmetricBinding.getSignatureToken(), z, list, list2)) {
                assertionInfo.setNotAsserted("Message fails the DerivedKeys requirement");
                return false;
            }
            assertDerivedKeys(symmetricBinding.getSignatureToken().getToken(), assertionInfoMap);
        }
        if (symmetricBinding.getProtectionToken() == null) {
            return true;
        }
        PolicyUtils.assertPolicy(assertionInfoMap, symmetricBinding.getProtectionToken().getName());
        if (checkDerivedKeys(symmetricBinding.getProtectionToken(), z, list, list2)) {
            assertDerivedKeys(symmetricBinding.getProtectionToken().getToken(), assertionInfoMap);
            return true;
        }
        assertionInfo.setNotAsserted("Message fails the DerivedKeys requirement");
        return false;
    }
}
