package com.sun.xml.wss.impl.policy.verifier;

import com.sun.xml.wss.impl.FilterProcessingContext;
import com.sun.xml.wss.impl.MessageConstants;
import com.sun.xml.wss.impl.PolicyTypeUtil;
import com.sun.xml.wss.impl.PolicyViolationException;
import com.sun.xml.wss.impl.WSSAssertion;
import com.sun.xml.wss.impl.policy.SecurityPolicy;
import com.sun.xml.wss.impl.policy.mls.AuthenticationTokenPolicy;
import com.sun.xml.wss.impl.policy.mls.EncryptionPolicy;
import com.sun.xml.wss.impl.policy.spi.PolicyVerifier;

/* loaded from: input_file:spg-ui-war-2.1.44.war:WEB-INF/lib/xws-security-3.0.jar:com/sun/xml/wss/impl/policy/verifier/EncryptionPolicyVerifier.class */
public class EncryptionPolicyVerifier implements PolicyVerifier {
    FilterProcessingContext context;

    public EncryptionPolicyVerifier(FilterProcessingContext filterProcessingContext) {
        this.context = filterProcessingContext;
    }

    @Override // com.sun.xml.wss.impl.policy.spi.PolicyVerifier
    public void verifyPolicy(SecurityPolicy securityPolicy, SecurityPolicy securityPolicy2) throws PolicyViolationException {
        if (PolicyTypeUtil.encryptionPolicy(securityPolicy) && PolicyTypeUtil.encryptionPolicy(securityPolicy2)) {
            EncryptionPolicy.FeatureBinding featureBinding = (EncryptionPolicy.FeatureBinding) ((EncryptionPolicy) securityPolicy2).getFeatureBinding();
            EncryptionPolicy.FeatureBinding featureBinding2 = (EncryptionPolicy.FeatureBinding) ((EncryptionPolicy) securityPolicy).getFeatureBinding();
            String dataEncryptionAlgorithm = featureBinding.getDataEncryptionAlgorithm();
            String dataEncryptionAlgorithm2 = featureBinding2.getDataEncryptionAlgorithm();
            if (dataEncryptionAlgorithm2 != null && dataEncryptionAlgorithm2.length() > 0 && !dataEncryptionAlgorithm2.equals(dataEncryptionAlgorithm)) {
                throw new PolicyViolationException("Receiver side requirement verification failed, DataEncryptionAlgorithm specified in the receiver requirements did match with DataEncryptionAlgorithm used to encrypt the message.Configured DataEncryptionAlgorithm is " + dataEncryptionAlgorithm2 + "  DataEncryptionAlgorithm used in themessage is " + dataEncryptionAlgorithm);
            }
        }
    }

    private void checkSAMLAssertionBinding(AuthenticationTokenPolicy.SAMLAssertionBinding sAMLAssertionBinding, AuthenticationTokenPolicy.SAMLAssertionBinding sAMLAssertionBinding2) throws PolicyViolationException {
        String authorityIdentifier = sAMLAssertionBinding.getAuthorityIdentifier();
        String authorityIdentifier2 = sAMLAssertionBinding2.getAuthorityIdentifier();
        if (authorityIdentifier == null || authorityIdentifier.length() <= 0 || authorityIdentifier2 == null) {
            return;
        }
        _throwError(sAMLAssertionBinding, sAMLAssertionBinding2, authorityIdentifier.equals(authorityIdentifier2));
    }

    private void checkX509CertificateBinding(AuthenticationTokenPolicy.X509CertificateBinding x509CertificateBinding, AuthenticationTokenPolicy.X509CertificateBinding x509CertificateBinding2) throws PolicyViolationException {
        boolean z = true;
        AuthenticationTokenPolicy.X509CertificateBinding referenceType = setReferenceType(x509CertificateBinding);
        String keyAlgorithm = referenceType.getKeyAlgorithm();
        String keyAlgorithm2 = x509CertificateBinding2.getKeyAlgorithm();
        if (keyAlgorithm != null && keyAlgorithm.length() > 0 && keyAlgorithm2.length() > 0) {
            z = keyAlgorithm.equals(keyAlgorithm2);
        }
        _throwError(referenceType, x509CertificateBinding2, z);
        String valueType = referenceType.getValueType();
        String valueType2 = x509CertificateBinding2.getValueType();
        if (valueType != null && valueType.length() > 0) {
            z = valueType.equals(valueType2);
        }
        _throwError(referenceType, x509CertificateBinding2, z);
    }

    private final void _throwError(SecurityPolicy securityPolicy, SecurityPolicy securityPolicy2, boolean z) throws PolicyViolationException {
        if (!z) {
            throw new PolicyViolationException("KeyType used to Encrypt the message doesnot match with  the receiver side requirements. Configured KeyType is " + securityPolicy + " KeyType inferred from the message is  " + securityPolicy2);
        }
    }

    private AuthenticationTokenPolicy.X509CertificateBinding setReferenceType(AuthenticationTokenPolicy.X509CertificateBinding x509CertificateBinding) {
        if (x509CertificateBinding.policyTokenWasSet() && AuthenticationTokenPolicy.X509CertificateBinding.INCLUDE_NEVER.equals(x509CertificateBinding.getIncludeToken())) {
            WSSAssertion wSSAssertion = this.context.getWSSAssertion();
            if ("Direct".equals(x509CertificateBinding.getReferenceType())) {
                if (wSSAssertion == null) {
                    x509CertificateBinding.setReferenceType("Identifier");
                } else if (wSSAssertion.getRequiredProperties().contains(WSSAssertion.MUST_SUPPORT_REF_KEYIDENTIFIER)) {
                    x509CertificateBinding.setReferenceType("Identifier");
                } else if (wSSAssertion.getRequiredProperties().contains(WSSAssertion.MUSTSUPPORT_REF_THUMBPRINT)) {
                    x509CertificateBinding.setReferenceType(MessageConstants.THUMB_PRINT_TYPE);
                }
            }
        }
        return x509CertificateBinding;
    }
}
