package org.apache.cxf.ws.security.wss4j;

import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.Map;
import javax.xml.xpath.XPath;
import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathExpressionException;
import javax.xml.xpath.XPathFactory;
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.helpers.MapNamespaceContext;
import org.apache.ws.security.WSDataRef;
import org.apache.ws.security.WSSecurityException;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;

/* loaded from: input_file:plugins/cxf-bundle-2.6.1.wso2v1.jar:org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.class */
public final class CryptoCoverageUtil {

    /* loaded from: input_file:plugins/cxf-bundle-2.6.1.wso2v1.jar:org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil$CoverageScope.class */
    public enum CoverageScope {
        CONTENT,
        ELEMENT
    }

    /* loaded from: input_file:plugins/cxf-bundle-2.6.1.wso2v1.jar:org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil$CoverageType.class */
    public enum CoverageType {
        ENCRYPTED,
        SIGNED
    }

    private CryptoCoverageUtil() {
    }

    public static void reconcileEncryptedSignedRefs(Collection<WSDataRef> collection, Collection<WSDataRef> collection2) {
        LinkedList linkedList = new LinkedList();
        for (WSDataRef wSDataRef : collection2) {
            for (WSDataRef wSDataRef2 : collection) {
                if (isSignedEncryptionRef(wSDataRef, wSDataRef2)) {
                    WSDataRef wSDataRef3 = new WSDataRef();
                    wSDataRef3.setWsuId(wSDataRef2.getWsuId());
                    wSDataRef3.setContent(false);
                    wSDataRef3.setName(wSDataRef.getName());
                    wSDataRef3.setProtectedElement(wSDataRef.getProtectedElement());
                    wSDataRef3.setXpath(wSDataRef.getXpath());
                    linkedList.add(wSDataRef3);
                }
            }
        }
        collection.addAll(linkedList);
    }

    public static void checkBodyCoverage(Element element, Collection<WSDataRef> collection, CoverageType coverageType, CoverageScope coverageScope) throws WSSecurityException {
        if (!matchElement(collection, coverageType, coverageScope, element)) {
            throw new WSSecurityException("The " + getCoverageTypeString(coverageType) + " does not cover the required elements (soap:Body).");
        }
    }

    public static void checkHeaderCoverage(Element element, Collection<WSDataRef> collection, String str, String str2, CoverageType coverageType, CoverageScope coverageScope) throws WSSecurityException {
        Iterator<Element> it = (str2 == null ? DOMUtils.getChildrenWithNamespace(element, str) : DOMUtils.getChildrenWithName(element, str, str2)).iterator();
        while (it.hasNext()) {
            if (!matchElement(collection, coverageType, coverageScope, it.next())) {
                throw new WSSecurityException("The " + getCoverageTypeString(coverageType) + " does not cover the required elements ({" + str + "}" + str2 + ").");
            }
        }
    }

    public static void checkCoverage(Element element, Collection<WSDataRef> collection, Map<String, String> map, String str, CoverageType coverageType, CoverageScope coverageScope) throws WSSecurityException {
        checkCoverage(element, collection, map, Arrays.asList(str), coverageType, coverageScope);
    }

    public static void checkCoverage(Element element, Collection<WSDataRef> collection, Map<String, String> map, Collection<String> collection2, CoverageType coverageType, CoverageScope coverageScope) throws WSSecurityException {
        XPath newXPath = XPathFactory.newInstance().newXPath();
        if (map != null) {
            newXPath.setNamespaceContext(new MapNamespaceContext(map));
        }
        for (String str : collection2) {
            try {
                NodeList nodeList = (NodeList) newXPath.evaluate(str, element, XPathConstants.NODESET);
                if (nodeList.getLength() != 0) {
                    for (int i = 0; i < nodeList.getLength(); i++) {
                        if (!matchElement(collection, coverageType, coverageScope, (Element) nodeList.item(i))) {
                            throw new WSSecurityException("The " + getCoverageTypeString(coverageType) + " does not cover the required elements (" + str + ").");
                        }
                    }
                }
            } catch (XPathExpressionException e) {
                throw new WSSecurityException(0);
            }
        }
    }

    private static boolean isSignedEncryptionRef(WSDataRef wSDataRef, WSDataRef wSDataRef2) {
        if (!"http://www.w3.org/2001/04/xmlenc#".equals(wSDataRef2.getProtectedElement().getNamespaceURI())) {
            return false;
        }
        if (wSDataRef2.getWsuId().equals(wSDataRef.getWsuId()) || wSDataRef2.getWsuId().equals("#" + wSDataRef.getWsuId())) {
            return true;
        }
        String attributeNS = wSDataRef2.getProtectedElement().getAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Id");
        return wSDataRef2.getWsuId().equals(attributeNS) || wSDataRef2.getWsuId().equals(new StringBuilder().append("#").append(attributeNS).toString());
    }

    private static boolean matchElement(Collection<WSDataRef> collection, CoverageType coverageType, CoverageScope coverageScope, Element element) {
        boolean z;
        switch (coverageScope) {
            case CONTENT:
                z = true;
                break;
            case ELEMENT:
            default:
                z = false;
                break;
        }
        for (WSDataRef wSDataRef : collection) {
            if (wSDataRef.getProtectedElement() == element && wSDataRef.isContent() == z) {
                return true;
            }
        }
        return false;
    }

    private static String getCoverageTypeString(CoverageType coverageType) {
        String str;
        switch (coverageType) {
            case SIGNED:
                str = "signature";
                break;
            case ENCRYPTED:
                str = "encryption";
                break;
            default:
                str = "crpytography";
                break;
        }
        return str;
    }
}
