package com.sun.xml.wss.impl.config;

import com.sun.xml.wss.XWSSecurityException;
import com.sun.xml.wss.impl.MessageConstants;
import com.sun.xml.wss.impl.PolicyTypeUtil;
import com.sun.xml.wss.impl.XMLUtil;
import com.sun.xml.wss.impl.configuration.StaticApplicationContext;
import com.sun.xml.wss.impl.policy.MLSPolicy;
import com.sun.xml.wss.impl.policy.PolicyGenerationException;
import com.sun.xml.wss.impl.policy.SecurityPolicy;
import com.sun.xml.wss.impl.policy.mls.AuthenticationTokenPolicy;
import com.sun.xml.wss.impl.policy.mls.DynamicSecurityPolicy;
import com.sun.xml.wss.impl.policy.mls.EncryptionPolicy;
import com.sun.xml.wss.impl.policy.mls.EncryptionTarget;
import com.sun.xml.wss.impl.policy.mls.MessagePolicy;
import com.sun.xml.wss.impl.policy.mls.Parameter;
import com.sun.xml.wss.impl.policy.mls.SignaturePolicy;
import com.sun.xml.wss.impl.policy.mls.SignatureTarget;
import com.sun.xml.wss.impl.policy.mls.SymmetricKeyBinding;
import com.sun.xml.wss.impl.policy.mls.Target;
import com.sun.xml.wss.impl.policy.mls.TimestampPolicy;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.io.PrintStream;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Random;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.xml.crypto.dsig.spec.XPathFilter2ParameterSpec;
import javax.xml.crypto.dsig.spec.XPathFilterParameterSpec;
import javax.xml.crypto.dsig.spec.XPathType;
import javax.xml.namespace.QName;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import org.w3c.dom.Attr;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NamedNodeMap;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;
import org.xml.sax.SAXParseException;
import org.xml.sax.helpers.DefaultHandler;

/* loaded from: input_file:spg-ui-war-2.1.38.war:WEB-INF/lib/xws-security-3.0.jar:com/sun/xml/wss/impl/config/SecurityConfigurationXmlReader.class */
public class SecurityConfigurationXmlReader implements ConfigurationConstants {
    protected static final Logger log = Logger.getLogger("javax.enterprise.resource.xml.webservices.security", "com.sun.xml.wss.logging.LogStrings");
    static Random rnd = new Random();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:spg-ui-war-2.1.38.war:WEB-INF/lib/xws-security-3.0.jar:com/sun/xml/wss/impl/config/SecurityConfigurationXmlReader$ErrorHandler.class */
    public static class ErrorHandler extends DefaultHandler {
        PrintStream out;

        public ErrorHandler(PrintStream printStream) {
            this.out = printStream;
        }

        @Override // org.xml.sax.helpers.DefaultHandler, org.xml.sax.ErrorHandler
        public void error(SAXParseException sAXParseException) throws SAXException {
            if (this.out != null) {
                this.out.println(sAXParseException);
            }
            throw sAXParseException;
        }

        @Override // org.xml.sax.helpers.DefaultHandler, org.xml.sax.ErrorHandler
        public void warning(SAXParseException sAXParseException) throws SAXException {
            if (this.out != null) {
                this.out.println(sAXParseException);
            }
        }

        @Override // org.xml.sax.helpers.DefaultHandler, org.xml.sax.ErrorHandler
        public void fatalError(SAXParseException sAXParseException) throws SAXException {
            if (this.out != null) {
                this.out.println(sAXParseException);
            }
            throw sAXParseException;
        }
    }

    private static Document parseXmlString(String str) throws Exception {
        return parseXmlStream(new ByteArrayInputStream(str.getBytes()));
    }

    private static void validateConfiguration(Element element) throws Exception {
        if (element.getElementsByTagNameNS(ConfigurationConstants.CONFIGURATION_URL, "Timestamp").getLength() > 1) {
            throw new IllegalStateException("More than one xwss:Timestamp element in security configuration file");
        }
        if (element.getElementsByTagNameNS(ConfigurationConstants.CONFIGURATION_URL, ConfigurationConstants.TIMESTAMP_REQUIREMENT_ELEMENT_NAME).getLength() > 1) {
            throw new IllegalStateException("More than one xwss:RequireTimestamp element in security configuration file");
        }
        if (element.getElementsByTagNameNS(ConfigurationConstants.CONFIGURATION_URL, "UsernameToken").getLength() > 1) {
            throw new IllegalStateException("More than one xwss:UsernameToken element in security configuration file");
        }
        if (element.getElementsByTagNameNS(ConfigurationConstants.CONFIGURATION_URL, ConfigurationConstants.USERNAMETOKEN_REQUIREMENT_ELEMENT_NAME).getLength() > 1) {
            throw new IllegalStateException("More than one xwss:RequireUsernameToken element in security configuration file");
        }
        if (element.getElementsByTagNameNS(ConfigurationConstants.CONFIGURATION_URL, ConfigurationConstants.OPTIONAL_TARGETS_ELEMENT_NAME).getLength() > 1) {
            throw new IllegalStateException("More than one xwss:OptionalTargets element in security configuration file");
        }
        if (element.getElementsByTagNameNS(ConfigurationConstants.CONFIGURATION_URL, ConfigurationConstants.SAML_ASSERTION_ELEMENT_NAME).getLength() > 1) {
            throw new IllegalStateException("More than one xwss:SAMLAssertion element in security configuration file");
        }
        checkIdUniqueness(element);
    }

    public static ApplicationSecurityConfiguration readApplicationSecurityConfigurationString(String str) throws Exception {
        return (ApplicationSecurityConfiguration) createSecurityConfiguration(parseXmlString(str).getDocumentElement());
    }

    private static Document parseXmlStream(InputStream inputStream) throws Exception {
        return parseXmlStream(inputStream, null);
    }

    private static Document parseXmlStream(InputStream inputStream, PrintStream printStream) throws Exception {
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        newInstance.setAttribute("http://apache.org/xml/features/validation/dynamic", Boolean.FALSE);
        newInstance.setAttribute("http://java.sun.com/xml/jaxp/properties/schemaLanguage", "http://www.w3.org/2001/XMLSchema");
        newInstance.setAttribute("http://java.sun.com/xml/jaxp/properties/schemaSource", SecurityConfigurationXmlReader.class.getResourceAsStream("xwssconfig.xsd"));
        newInstance.setValidating(true);
        newInstance.setIgnoringComments(true);
        newInstance.setNamespaceAware(true);
        DocumentBuilder newDocumentBuilder = newInstance.newDocumentBuilder();
        newDocumentBuilder.setErrorHandler(new ErrorHandler(printStream));
        Document parse = newDocumentBuilder.parse(inputStream);
        NodeList elementsByTagNameNS = parse.getElementsByTagNameNS(ConfigurationConstants.CONFIGURATION_URL, ConfigurationConstants.DECLARATIVE_CONFIGURATION_ELEMENT_NAME);
        for (int i = 0; i < elementsByTagNameNS.getLength(); i++) {
            validateConfiguration((Element) elementsByTagNameNS.item(i));
        }
        return parse;
    }

    public static void validate(InputStream inputStream, PrintStream printStream) throws Exception {
        parseXmlStream(inputStream, printStream);
    }

    public static DeclarativeSecurityConfiguration createDeclarativeConfiguration(InputStream inputStream) throws Exception {
        return readContainerForBaseConfigurationData(parseXmlStream(inputStream).getDocumentElement(), new DeclarativeSecurityConfiguration());
    }

    public static ApplicationSecurityConfiguration createApplicationSecurityConfiguration(InputStream inputStream) throws Exception {
        ApplicationSecurityConfiguration applicationSecurityConfiguration = (ApplicationSecurityConfiguration) createSecurityConfiguration(parseXmlStream(inputStream).getDocumentElement());
        applicationSecurityConfiguration.init();
        return applicationSecurityConfiguration;
    }

    private static DeclarativeSecurityConfiguration createDeclarativeConfiguration(Element element) throws Exception {
        DeclarativeSecurityConfiguration declarativeSecurityConfiguration = new DeclarativeSecurityConfiguration();
        readContainerForBaseConfigurationData(element, declarativeSecurityConfiguration);
        return declarativeSecurityConfiguration;
    }

    private static SecurityPolicy createSecurityConfiguration(Element element) throws Exception {
        QName qName = getQName(element);
        if (!JAXRPC_SECURITY_ELEMENT_QNAME.equals(qName)) {
            if (!DECLARATIVE_CONFIGURATION_ELEMENT_QNAME.equals(qName)) {
                log.log(Level.SEVERE, "WSS0413.illegal.configuration.element", element.getTagName());
                throw new IllegalStateException(element.getTagName() + " is not a recognized definition type");
            }
            if (dynamicPolicy(element)) {
                return new DynamicSecurityPolicy();
            }
            DeclarativeSecurityConfiguration declarativeSecurityConfiguration = new DeclarativeSecurityConfiguration();
            readContainerForBaseConfigurationData(element, declarativeSecurityConfiguration);
            return declarativeSecurityConfiguration;
        }
        ApplicationSecurityConfiguration applicationSecurityConfiguration = new ApplicationSecurityConfiguration();
        String securityEnvironmentHandler = getSecurityEnvironmentHandler(element);
        if (securityEnvironmentHandler != null) {
            applicationSecurityConfiguration.setSecurityEnvironmentHandler(securityEnvironmentHandler);
        }
        if (!configHasSingleService(element)) {
            throw new IllegalStateException("Single <xwss:Service> element expected under <xwss:JAXRPCSecurity> element");
        }
        applicationSecurityConfiguration.isOptimized(Boolean.valueOf(element.getAttribute(ConfigurationConstants.OPTIMIZE_ATTRIBUTE_NAME)).booleanValue());
        applicationSecurityConfiguration.retainSecurityHeader(Boolean.valueOf(element.getAttribute(ConfigurationConstants.RETAIN_SEC_HEADER)).booleanValue());
        Element element2 = null;
        int i = 0;
        HashMap hashMap = new HashMap();
        for (Element firstChildElement = getFirstChildElement(element); firstChildElement != null; firstChildElement = getNextElement(firstChildElement)) {
            QName qName2 = getQName(firstChildElement);
            if (SERVICE_ELEMENT_QNAME.equals(qName2)) {
                StaticApplicationContext staticApplicationContext = new StaticApplicationContext();
                String attribute = firstChildElement.getAttribute("name");
                if (hashMap.containsKey(attribute)) {
                    throw new IllegalStateException("Service Name " + attribute + " Already in use for another Service");
                }
                hashMap.put(attribute, null);
                readApplicationSecurityConfiguration(firstChildElement, applicationSecurityConfiguration, null, staticApplicationContext);
            } else {
                if (!SECURITY_ENVIRONMENT_HANDLER_ELEMENT_QNAME.equals(qName2)) {
                    log.log(Level.SEVERE, "WSS0413.illegal.configuration.element", firstChildElement.getTagName());
                    throw new IllegalStateException(firstChildElement.getTagName() + " is not a recognized definition type");
                }
                if (i == 1) {
                    throw new IllegalStateException("More than one xwss:SecurityEnvironmentHandler element in security configuration file");
                }
                i++;
            }
            element2 = firstChildElement;
        }
        if (!SECURITY_ENVIRONMENT_HANDLER_ELEMENT_QNAME.equals(getQName(element2))) {
            throw new IllegalStateException("The SecurityEnvironmentHandler must appear as the last Element inside a <xwss:JAXRPCSecurity>");
        }
        applicationSecurityConfiguration.singleServiceNoPorts(configHasSingleServiceAndNoPorts(element));
        applicationSecurityConfiguration.hasOperationPolicies(configHasOperations(element));
        return applicationSecurityConfiguration;
    }

    private static void readApplicationSecurityConfiguration(Element element, SecurityPolicy securityPolicy, SecurityPolicy securityPolicy2, StaticApplicationContext staticApplicationContext) throws Exception {
        QName qName = getQName(element);
        if (SERVICE_ELEMENT_QNAME.equals(qName)) {
            String idAttribute = getIdAttribute(element);
            String attribute = element.getAttribute("name");
            String attribute2 = element.getAttribute(ConfigurationConstants.USECACHE_ATTRIBUTE_NAME);
            boolean bSPAttribute = getBSPAttribute(element, null);
            staticApplicationContext.isService(true);
            staticApplicationContext.setUUID(idAttribute);
            staticApplicationContext.setServiceIdentifier(attribute);
            if (!"".equals(attribute)) {
                staticApplicationContext.setApplicationContextRoot(attribute);
            } else if ("".equals(idAttribute)) {
                staticApplicationContext.setApplicationContextRoot(generateUUID());
            } else {
                staticApplicationContext.setApplicationContextRoot(idAttribute);
            }
            ApplicationSecurityConfiguration applicationSecurityConfiguration = new ApplicationSecurityConfiguration();
            applicationSecurityConfiguration.isBSP(bSPAttribute);
            applicationSecurityConfiguration.useCache(parseBoolean(ConfigurationConstants.USECACHE_ATTRIBUTE_NAME, attribute2));
            ((ApplicationSecurityConfiguration) securityPolicy).setSecurityPolicy(staticApplicationContext, applicationSecurityConfiguration);
            String securityEnvironmentHandler = getSecurityEnvironmentHandler(element);
            if (securityEnvironmentHandler != null) {
                applicationSecurityConfiguration.setSecurityEnvironmentHandler(securityEnvironmentHandler);
            } else {
                if (((ApplicationSecurityConfiguration) securityPolicy).getSecurityEnvironmentHandler() == null) {
                    throw new IllegalStateException("Missing <xwss:SecurityEnvironmentHandler> element for " + qName.getLocalPart());
                }
                applicationSecurityConfiguration.setSecurityEnvironmentHandler(((ApplicationSecurityConfiguration) securityPolicy).getSecurityEnvironmentHandler());
            }
            NodeList childNodes = element.getChildNodes();
            for (int i = 0; i < childNodes.getLength(); i++) {
                Node item = childNodes.item(i);
                if (item instanceof Element) {
                    readApplicationSecurityConfiguration((Element) item, securityPolicy, applicationSecurityConfiguration, staticApplicationContext);
                }
            }
            return;
        }
        if (PORT_ELEMENT_QNAME.equals(qName)) {
            if (securityPolicy2 == null) {
                throw new Exception("Unexpected <xwss:Port> element without a parent <xwss:Service> encountered");
            }
            String attribute3 = element.getAttribute("name");
            StaticApplicationContext staticApplicationContext2 = new StaticApplicationContext();
            staticApplicationContext2.copy(staticApplicationContext);
            staticApplicationContext2.isPort(true);
            staticApplicationContext2.isService(false);
            staticApplicationContext2.setPortIdentifier(attribute3);
            ApplicationSecurityConfiguration applicationSecurityConfiguration2 = new ApplicationSecurityConfiguration();
            applicationSecurityConfiguration2.isBSP(getBSPAttribute(element, (ApplicationSecurityConfiguration) securityPolicy2));
            applicationSecurityConfiguration2.setSecurityEnvironmentHandler(((ApplicationSecurityConfiguration) securityPolicy2).getSecurityEnvironmentHandler());
            ((ApplicationSecurityConfiguration) securityPolicy).setSecurityPolicy(staticApplicationContext2, applicationSecurityConfiguration2);
            ((ApplicationSecurityConfiguration) securityPolicy2).setSecurityPolicy(staticApplicationContext2, applicationSecurityConfiguration2);
            NodeList childNodes2 = element.getChildNodes();
            for (int i2 = 0; i2 < childNodes2.getLength(); i2++) {
                Node item2 = childNodes2.item(i2);
                if (item2 instanceof Element) {
                    readApplicationSecurityConfiguration((Element) item2, securityPolicy, applicationSecurityConfiguration2, staticApplicationContext2);
                }
            }
            return;
        }
        if (!OPERATION_ELEMENT_QNAME.equals(qName)) {
            if (!DECLARATIVE_CONFIGURATION_ELEMENT_QNAME.equals(qName)) {
                if (SECURITY_ENVIRONMENT_HANDLER_ELEMENT_QNAME.equals(qName) && !staticApplicationContext.isService()) {
                    throw new IllegalStateException("An <xwss:SecurityEnvironmentHandler> can only appearunder a <xwss:Service>/<xwss:JAXRPCSecurity> element");
                }
                return;
            } else {
                if (dynamicPolicy(element)) {
                    ((ApplicationSecurityConfiguration) securityPolicy2).setSecurityPolicy(staticApplicationContext, new DynamicSecurityPolicy());
                }
                DeclarativeSecurityConfiguration declarativeSecurityConfiguration = new DeclarativeSecurityConfiguration();
                declarativeSecurityConfiguration.isBSP(getBSPAttribute(element, (ApplicationSecurityConfiguration) securityPolicy2));
                ((ApplicationSecurityConfiguration) securityPolicy2).setSecurityPolicy(staticApplicationContext, declarativeSecurityConfiguration);
                readContainerForBaseConfigurationData(element, declarativeSecurityConfiguration, ((ApplicationSecurityConfiguration) securityPolicy2).getSecurityEnvironmentHandler());
                return;
            }
        }
        String attribute4 = element.getAttribute("name");
        StaticApplicationContext staticApplicationContext3 = new StaticApplicationContext();
        staticApplicationContext3.copy(staticApplicationContext);
        staticApplicationContext3.isOperation(true);
        staticApplicationContext3.isPort(false);
        staticApplicationContext3.setOperationIdentifier(attribute4);
        ApplicationSecurityConfiguration applicationSecurityConfiguration3 = new ApplicationSecurityConfiguration();
        ((ApplicationSecurityConfiguration) securityPolicy).setSecurityPolicy(staticApplicationContext3, applicationSecurityConfiguration3);
        ((ApplicationSecurityConfiguration) securityPolicy2).setSecurityPolicy(staticApplicationContext3, applicationSecurityConfiguration3);
        applicationSecurityConfiguration3.isBSP(getBSPAttribute(element, (ApplicationSecurityConfiguration) securityPolicy2));
        applicationSecurityConfiguration3.setSecurityEnvironmentHandler(((ApplicationSecurityConfiguration) securityPolicy2).getSecurityEnvironmentHandler());
        NodeList childNodes3 = element.getChildNodes();
        for (int i3 = 0; i3 < childNodes3.getLength(); i3++) {
            Node item3 = childNodes3.item(i3);
            if (item3 instanceof Element) {
                readApplicationSecurityConfiguration((Element) item3, securityPolicy, applicationSecurityConfiguration3, staticApplicationContext3);
            }
        }
    }

    private static DeclarativeSecurityConfiguration readContainerForBaseConfigurationData(Element element, DeclarativeSecurityConfiguration declarativeSecurityConfiguration) throws Exception {
        return readContainerForBaseConfigurationData(element, declarativeSecurityConfiguration, null);
    }

    private static DeclarativeSecurityConfiguration readContainerForBaseConfigurationData(Element element, DeclarativeSecurityConfiguration declarativeSecurityConfiguration, String str) throws Exception {
        if (!DECLARATIVE_CONFIGURATION_ELEMENT_QNAME.equals(getQName(element))) {
            log.log(Level.SEVERE, "WSS0413.illegal.configuration.element", element.getTagName());
            throw new IllegalStateException(element.getTagName() + " is not a recognized definition type");
        }
        NamedNodeMap attributes = element.getAttributes();
        int length = attributes.getLength();
        for (int i = 0; i < length; i++) {
            Attr attr = (Attr) attributes.item(i);
            String name = attr.getName();
            if (ConfigurationConstants.DUMP_MESSAGES_ATTRIBUTE_NAME.equalsIgnoreCase(name)) {
                declarativeSecurityConfiguration.setDumpMessages(parseBoolean(ConfigurationConstants.DUMP_MESSAGES_ATTRIBUTE_NAME, attr.getValue()));
            } else if ("http://www.w3.org/2000/xmlns/".equals(attr.getNamespaceURI())) {
                continue;
            } else if (ConfigurationConstants.ENABLE_DYNAMIC_POLICY_ATTRIBUTE_NAME.equalsIgnoreCase(name)) {
                declarativeSecurityConfiguration.enableDynamicPolicy(parseBoolean(ConfigurationConstants.ENABLE_DYNAMIC_POLICY_ATTRIBUTE_NAME, attr.getValue()));
            } else if (ConfigurationConstants.ENABLE_WSS11_POLICY_ATTRIBUTE_NAME.equalsIgnoreCase(name)) {
                boolean parseBoolean = parseBoolean(ConfigurationConstants.ENABLE_WSS11_POLICY_ATTRIBUTE_NAME, attr.getValue());
                declarativeSecurityConfiguration.senderSettings().enableWSS11Policy(parseBoolean);
                declarativeSecurityConfiguration.receiverSettings().enableWSS11Policy(parseBoolean);
            } else {
                if (!ConfigurationConstants.RETAIN_SEC_HEADER.equalsIgnoreCase(name)) {
                    log.log(Level.SEVERE, "WSS0412.illegal.attribute.name", new Object[]{name, element.getTagName()});
                    throw new IllegalStateException(name + " is not a recognized attribute of SecurityConfiguration");
                }
                declarativeSecurityConfiguration.retainSecurityHeader(Boolean.valueOf(attr.getValue()).booleanValue());
            }
        }
        readBaseConfigurationData(element, declarativeSecurityConfiguration, str);
        return declarativeSecurityConfiguration;
    }

    private static void readBaseConfigurationData(Element element, DeclarativeSecurityConfiguration declarativeSecurityConfiguration, String str) throws PolicyGenerationException, XWSSecurityException {
        boolean z = false;
        boolean enableDynamicPolicy = declarativeSecurityConfiguration.senderSettings().enableDynamicPolicy();
        boolean enableDynamicPolicy2 = declarativeSecurityConfiguration.receiverSettings().enableDynamicPolicy();
        boolean isBSP = declarativeSecurityConfiguration.receiverSettings().isBSP();
        boolean isBSP2 = declarativeSecurityConfiguration.senderSettings().isBSP();
        for (Element firstChildElement = getFirstChildElement(element); firstChildElement != null; firstChildElement = getNextElement(firstChildElement)) {
            QName qName = getQName(firstChildElement);
            if (TIMESTAMP_ELEMENT_QNAME.equals(qName)) {
                if (z) {
                    log.log(Level.SEVERE, "WSS0516.duplicate.configuration.element", new Object[]{qName, element.getLocalName()});
                    throw new IllegalStateException("Duplicate Timestamp element");
                }
                TimestampPolicy timestampPolicy = new TimestampPolicy();
                readTimestampSettings(timestampPolicy, firstChildElement);
                applyDefaults(timestampPolicy, enableDynamicPolicy);
                declarativeSecurityConfiguration.senderSettings().append(timestampPolicy);
                z = true;
            } else if (ENCRYPT_OPERATION_ELEMENT_QNAME.equals(qName)) {
                EncryptionPolicy encryptionPolicy = new EncryptionPolicy();
                readEncryptionSettings(encryptionPolicy, firstChildElement);
                applyDefaults(encryptionPolicy, enableDynamicPolicy);
                declarativeSecurityConfiguration.senderSettings().append(encryptionPolicy);
            } else if (SIGN_OPERATION_ELEMENT_QNAME.equals(qName)) {
                SignaturePolicy signaturePolicy = new SignaturePolicy();
                readSigningSettings(signaturePolicy, firstChildElement, enableDynamicPolicy);
                SignaturePolicy.FeatureBinding featureBinding = (SignaturePolicy.FeatureBinding) signaturePolicy.getFeatureBinding();
                if (featureBinding != null) {
                    featureBinding.isBSP(isBSP2);
                }
                if (getBooleanValue(firstChildElement.getAttribute(ConfigurationConstants.INCLUDE_TIMESTAMP_ATTRIBUTE_NAME)) && !hasTimestampSiblingPolicy(firstChildElement)) {
                    TimestampPolicy timestampPolicy2 = new TimestampPolicy();
                    timestampPolicy2.setMaxClockSkew(300000L);
                    timestampPolicy2.setTimestampFreshness(300000L);
                    applyDefaults(timestampPolicy2, enableDynamicPolicy);
                    declarativeSecurityConfiguration.senderSettings().append(timestampPolicy2);
                }
                declarativeSecurityConfiguration.senderSettings().append(signaturePolicy);
            } else if (USERNAME_PASSWORD_AUTHENTICATION_ELEMENT_QNAME.equals(qName)) {
                try {
                    AuthenticationTokenPolicy authenticationTokenPolicy = new AuthenticationTokenPolicy();
                    AuthenticationTokenPolicy.UsernameTokenBinding usernameTokenBinding = (AuthenticationTokenPolicy.UsernameTokenBinding) authenticationTokenPolicy.newUsernameTokenFeatureBinding();
                    usernameTokenBinding.newTimestampFeatureBinding();
                    readUsernamePasswordSettings(usernameTokenBinding, firstChildElement);
                    applyDefaults(usernameTokenBinding, enableDynamicPolicy);
                    declarativeSecurityConfiguration.senderSettings().append(authenticationTokenPolicy);
                } catch (PolicyGenerationException e) {
                    throw new IllegalStateException(e.getMessage());
                }
            } else if (SAML_ELEMENT_QNAME.equals(qName)) {
                try {
                    AuthenticationTokenPolicy authenticationTokenPolicy2 = new AuthenticationTokenPolicy();
                    AuthenticationTokenPolicy.SAMLAssertionBinding sAMLAssertionBinding = (AuthenticationTokenPolicy.SAMLAssertionBinding) authenticationTokenPolicy2.newSAMLAssertionFeatureBinding();
                    readSAMLTokenSettings(sAMLAssertionBinding, firstChildElement);
                    applyDefaults(sAMLAssertionBinding, enableDynamicPolicy);
                    declarativeSecurityConfiguration.senderSettings().append(authenticationTokenPolicy2);
                } catch (PolicyGenerationException e2) {
                    throw new IllegalStateException(e2.getMessage());
                }
            } else if (SIGNATURE_REQUIREMENT_ELEMENT_QNAME.equals(qName)) {
                SignaturePolicy signaturePolicy2 = new SignaturePolicy();
                readVerifySettings(signaturePolicy2, firstChildElement, isBSP, enableDynamicPolicy2);
                declarativeSecurityConfiguration.receiverSettings().append(signaturePolicy2);
                if (getBooleanValue(firstChildElement.getAttribute(ConfigurationConstants.TIMESTAMP_REQUIRED_ATTRIBUTE_NAME)) && !hasTimestampSiblingPolicy(firstChildElement)) {
                    TimestampPolicy timestampPolicy3 = new TimestampPolicy();
                    applyReceiverDefaults(timestampPolicy3, isBSP, str, enableDynamicPolicy2);
                    declarativeSecurityConfiguration.receiverSettings().append(timestampPolicy3);
                }
            } else if (ENCRYPTION_REQUIREMENT_ELEMENT_QNAME.equals(qName)) {
                EncryptionPolicy encryptionPolicy2 = new EncryptionPolicy();
                readDecryptionSettings(encryptionPolicy2, firstChildElement);
                applyReceiverDefaults(encryptionPolicy2, isBSP, enableDynamicPolicy2);
                declarativeSecurityConfiguration.receiverSettings().append(encryptionPolicy2);
            } else if (USERNAMETOKEN_REQUIREMENT_ELEMENT_QNAME.equals(qName)) {
                try {
                    AuthenticationTokenPolicy authenticationTokenPolicy3 = new AuthenticationTokenPolicy();
                    AuthenticationTokenPolicy.UsernameTokenBinding usernameTokenBinding2 = (AuthenticationTokenPolicy.UsernameTokenBinding) authenticationTokenPolicy3.newUsernameTokenFeatureBinding();
                    usernameTokenBinding2.newTimestampFeatureBinding();
                    readUsernamePasswordRequirementSettings(usernameTokenBinding2, firstChildElement);
                    applyReceiverDefaults(usernameTokenBinding2, isBSP, str, enableDynamicPolicy2);
                    declarativeSecurityConfiguration.receiverSettings().append(authenticationTokenPolicy3);
                } catch (PolicyGenerationException e3) {
                    throw new IllegalStateException(e3.getMessage());
                }
            } else if (TIMESTAMP_REQUIREMENT_ELEMENT_QNAME.equals(qName)) {
                TimestampPolicy timestampPolicy4 = new TimestampPolicy();
                readTimestampRequirementSettings(timestampPolicy4, firstChildElement);
                applyReceiverDefaults(timestampPolicy4, isBSP, str, enableDynamicPolicy2);
                declarativeSecurityConfiguration.receiverSettings().append(timestampPolicy4);
            } else if (SAML_REQUIREMENT_ELEMENT_QNAME.equals(qName)) {
                try {
                    AuthenticationTokenPolicy authenticationTokenPolicy4 = new AuthenticationTokenPolicy();
                    AuthenticationTokenPolicy.SAMLAssertionBinding sAMLAssertionBinding2 = (AuthenticationTokenPolicy.SAMLAssertionBinding) authenticationTokenPolicy4.newSAMLAssertionFeatureBinding();
                    readRequireSAMLTokenSettings(sAMLAssertionBinding2, firstChildElement);
                    applyReceiverDefaults(sAMLAssertionBinding2, isBSP, enableDynamicPolicy2);
                    declarativeSecurityConfiguration.receiverSettings().append(authenticationTokenPolicy4);
                } catch (PolicyGenerationException e4) {
                    throw new IllegalStateException(e4.getMessage());
                }
            } else {
                if (!OPTIONAL_TARGETS_ELEMENT_QNAME.equals(qName)) {
                    log.log(Level.SEVERE, "WSS0513.illegal.configuration.element", qName.toString());
                    throw new IllegalStateException(qName + " is not a recognized definition type");
                }
                readOptionalTargetSettings(declarativeSecurityConfiguration.receiverSettings(), firstChildElement);
            }
        }
    }

    private static void readVerifySettings(SignaturePolicy signaturePolicy, Element element, boolean z, boolean z2) {
        readVerifySettings(signaturePolicy, element);
        applyReceiverDefaults(signaturePolicy, z, z2);
        if (getBooleanValue(element.getAttribute(ConfigurationConstants.TIMESTAMP_REQUIRED_ATTRIBUTE_NAME))) {
            SignatureTarget signatureTarget = new SignatureTarget();
            signatureTarget.setType("qname");
            signatureTarget.setValue(MessageConstants.TIMESTAMP_QNAME);
            signatureTarget.setDigestAlgorithm(MessageConstants.SHA1_DIGEST);
            ((SignaturePolicy.FeatureBinding) signaturePolicy.getFeatureBinding()).addTargetBinding(signatureTarget);
        }
        signaturePolicy.isBSP(z);
    }

    private static void readVerifySettings(SignaturePolicy signaturePolicy, Element element) {
        readSigningSettings(signaturePolicy, element);
    }

    private static void readSigningSettings(SignaturePolicy signaturePolicy, Element element, boolean z) {
        readSigningSettings(signaturePolicy, element);
        applyDefaults(signaturePolicy, z);
        if (getBooleanValue(element.getAttribute(ConfigurationConstants.INCLUDE_TIMESTAMP_ATTRIBUTE_NAME))) {
            SignatureTarget signatureTarget = new SignatureTarget();
            signatureTarget.setType("qname");
            signatureTarget.setDigestAlgorithm(MessageConstants.SHA1_DIGEST);
            signatureTarget.setValue(MessageConstants.TIMESTAMP_QNAME);
            ((SignaturePolicy.FeatureBinding) signaturePolicy.getFeatureBinding()).addTargetBinding(signatureTarget);
        }
    }

    private static boolean hasTimestampSiblingPolicy(Element element) {
        if (ConfigurationConstants.SIGN_OPERATION_ELEMENT_NAME.equals(element.getLocalName())) {
            return ((Element) element.getParentNode()).getElementsByTagNameNS(ConfigurationConstants.CONFIGURATION_URL, "Timestamp").getLength() > 0;
        }
        if (((Element) element.getParentNode()).getElementsByTagNameNS(ConfigurationConstants.CONFIGURATION_URL, ConfigurationConstants.TIMESTAMP_REQUIREMENT_ELEMENT_NAME).getLength() > 0) {
            return true;
        }
        Node previousSibling = element.getPreviousSibling();
        while (true) {
            Node node = previousSibling;
            if (node == null) {
                return false;
            }
            if (ConfigurationConstants.SIGNATURE_REQUIREMENT_ELEMENT_NAME.equals(node.getLocalName()) && "true".equalsIgnoreCase(node.getAttributes().getNamedItem(ConfigurationConstants.TIMESTAMP_REQUIRED_ATTRIBUTE_NAME).getLocalName())) {
                return true;
            }
            previousSibling = node.getPreviousSibling();
        }
    }

    private static void readSigningSettings(SignaturePolicy signaturePolicy, Element element) {
        signaturePolicy.setUUID(getIdAttribute(element));
        NamedNodeMap attributes = element.getAttributes();
        int length = attributes.getLength();
        for (int i = 0; i < length; i++) {
            String name = ((Attr) attributes.item(i)).getName();
            if (!"id".equalsIgnoreCase(name) && ((!ConfigurationConstants.INCLUDE_TIMESTAMP_ATTRIBUTE_NAME.equalsIgnoreCase(name) || !ConfigurationConstants.SIGN_OPERATION_ELEMENT_NAME.equals(element.getLocalName())) && (!ConfigurationConstants.TIMESTAMP_REQUIRED_ATTRIBUTE_NAME.equalsIgnoreCase(name) || !ConfigurationConstants.SIGNATURE_REQUIREMENT_ELEMENT_NAME.equals(element.getLocalName())))) {
                log.log(Level.SEVERE, "WSS0512.illegal.attribute.name", new Object[]{name, element.getTagName()});
                throw new IllegalStateException(name + " is not a recognized attribute of " + element.getTagName());
            }
        }
        int i2 = 0;
        for (Element firstChildElement = getFirstChildElement(element); firstChildElement != null; firstChildElement = getNextElement(firstChildElement)) {
            QName qName = getQName(firstChildElement);
            if (TARGET_QNAME.equals(qName)) {
                ((SignaturePolicy.FeatureBinding) signaturePolicy.getFeatureBinding()).addTargetBinding(readTargetSettings(firstChildElement, true));
            } else if (X509TOKEN_ELEMENT_QNAME.equals(qName)) {
                if (i2 > 0) {
                    log.log(Level.SEVERE, "WSS0520.illegal.configuration.state");
                    throw new IllegalStateException("Atmost one of X509token/SymmetricKey/SAMLAssertion  key bindings can be configured for an Sign/RequireSignature operation");
                }
                i2++;
                readX509TokenSettings((AuthenticationTokenPolicy.X509CertificateBinding) signaturePolicy.newX509CertificateKeyBinding(), firstChildElement);
            } else if (SYMMETRIC_KEY_ELEMENT_QNAME.equals(qName)) {
                if (i2 > 0) {
                    log.log(Level.SEVERE, "WSS0520.illegal.configuration.state");
                    throw new IllegalStateException("Atmost one of X509token/SymmetricKey/SAMLAssertion  key bindings can be configured for an Sign/RequireSignature operation");
                }
                i2++;
                readSymmetricKeySettings((SymmetricKeyBinding) signaturePolicy.newSymmetricKeyBinding(), firstChildElement);
            } else if (SAML_ELEMENT_QNAME.equals(qName)) {
                if (i2 > 0) {
                    log.log(Level.SEVERE, "WSS0520.illegal.configuration.state");
                    throw new IllegalStateException("Atmost one of X509token/SymmetricKey/SAMLAssertion  key bindings can be configured for an Sign/RequireSignature operation");
                }
                i2++;
                readSAMLTokenSettings((AuthenticationTokenPolicy.SAMLAssertionBinding) signaturePolicy.newSAMLAssertionKeyBinding(), firstChildElement);
            } else if (SIGNATURE_TARGET_ELEMENT_QNAME.equals(qName)) {
                ((SignaturePolicy.FeatureBinding) signaturePolicy.getFeatureBinding()).addTargetBinding(readSignatureTargetSettings(firstChildElement));
            } else if (CANONICALIZATION_METHOD_ELEMENT_QNAME.equals(qName)) {
                readCanonMethodSettings(signaturePolicy, firstChildElement);
            } else {
                if (!SIGNATURE_METHOD_ELEMENT_QNAME.equals(qName)) {
                    log.log(Level.SEVERE, "WSS0513.illegal.configuration.element", qName.toString());
                    throw new IllegalStateException(qName + " is not a recognized sub-element of Sign/RequireSignature");
                }
                readSigMethodSettings(signaturePolicy, firstChildElement);
            }
        }
    }

    private static void readSymmetricKeySettings(SymmetricKeyBinding symmetricKeyBinding, Element element) {
        NamedNodeMap attributes = element.getAttributes();
        int length = attributes.getLength();
        if (length == 0) {
            throw new IllegalStateException("A SymmetricKey must specify keyAlias, certAlias or useReceivedSecret as an attribute");
        }
        for (int i = 0; i < length; i++) {
            Attr attr = (Attr) attributes.item(i);
            String name = attr.getName();
            if (ConfigurationConstants.SYMMETRIC_KEY_ALIAS_ATTRIBUTE_NAME.equalsIgnoreCase(name)) {
                symmetricKeyBinding.setKeyIdentifier(attr.getValue());
            } else if ("certAlias".equalsIgnoreCase(name)) {
                symmetricKeyBinding.setCertAlias(attr.getValue());
            } else {
                if (!"useReceivedSecret".equalsIgnoreCase(name)) {
                    log.log(Level.SEVERE, "WSS0512.illegal.attribute.name", new Object[]{name, "xwss:SymmetricKey"});
                    throw new IllegalStateException(name + " is not a recognized attribute of SymmetricKey");
                }
                try {
                    symmetricKeyBinding.setUseReceivedSecret(parseBoolean(name, attr.getValue()));
                } catch (Exception e) {
                    e.printStackTrace();
                }
            }
        }
    }

    private static void readX509TokenSettings(AuthenticationTokenPolicy.X509CertificateBinding x509CertificateBinding, Element element) {
        x509CertificateBinding.newPrivateKeyBinding();
        x509CertificateBinding.setUUID(getIdAttribute(element));
        NamedNodeMap attributes = element.getAttributes();
        int length = attributes.getLength();
        for (int i = 0; i < length; i++) {
            Attr attr = (Attr) attributes.item(i);
            String name = attr.getName();
            if (!"id".equalsIgnoreCase(name)) {
                if (ConfigurationConstants.KEY_REFERENCE_TYPE_ATTRIBUTE_NAME.equalsIgnoreCase(name)) {
                    x509CertificateBinding.setReferenceType(attr.getValue());
                } else if (ConfigurationConstants.CERTIFICATE_ALIAS_ATTRIBUTE_NAME.equalsIgnoreCase(name)) {
                    x509CertificateBinding.setCertificateIdentifier(attr.getValue());
                } else if (ConfigurationConstants.ENCODING_TYPE_ATTRIBUTE_NAME.equalsIgnoreCase(name)) {
                    x509CertificateBinding.setEncodingType(attr.getValue());
                } else if ("ValueType".equalsIgnoreCase(name)) {
                    x509CertificateBinding.setValueType(attr.getValue());
                } else {
                    if (!ConfigurationConstants.STRID.equalsIgnoreCase(name)) {
                        log.log(Level.SEVERE, "WSS0512.illegal.attribute.name", new Object[]{name, "xwss:X509Token"});
                        throw new IllegalStateException(name + " is not a recognized attribute of X509Token");
                    }
                    x509CertificateBinding.setSTRID(attr.getValue());
                }
            }
        }
    }

    private static void readOptionalTargetSettings(MessagePolicy messagePolicy, Element element) throws XWSSecurityException {
        ArrayList arrayList = new ArrayList();
        Element firstChildElement = getFirstChildElement(element);
        while (true) {
            Element element2 = firstChildElement;
            if (element2 == null) {
                messagePolicy.addOptionalTargets(arrayList);
                messagePolicy.iterator();
                return;
            }
            QName qName = getQName(element2);
            if (!TARGET_QNAME.equals(qName)) {
                log.log(Level.SEVERE, "WSS0513.illegal.configuration.element", qName.toString());
                throw new IllegalStateException(qName + " is not a recognized sub-element of OptionalTargets");
            }
            Target target = new Target();
            target.setEnforce(false);
            arrayList.add(readTargetSettings(element2, target));
            firstChildElement = getNextElement(element2);
        }
    }

    private static void readDecryptionSettings(EncryptionPolicy encryptionPolicy, Element element) {
        readEncryptionSettings(encryptionPolicy, element);
    }

    private static void readEncryptionSettings(EncryptionPolicy encryptionPolicy, Element element) {
        encryptionPolicy.setUUID(getIdAttribute(element));
        NamedNodeMap attributes = element.getAttributes();
        int length = attributes.getLength();
        for (int i = 0; i < length; i++) {
            String name = ((Attr) attributes.item(i)).getName();
            if (!"id".equalsIgnoreCase(name)) {
                log.log(Level.SEVERE, "WSS0512.illegal.attribute.name", new Object[]{name, element.getTagName()});
                throw new IllegalStateException(name + " is not a recognized attribute of " + element.getTagName());
            }
        }
        int i2 = 0;
        Element firstChildElement = getFirstChildElement(element);
        while (true) {
            Element element2 = firstChildElement;
            if (element2 == null) {
                return;
            }
            QName qName = getQName(element2);
            if (TARGET_QNAME.equals(qName)) {
                ((EncryptionPolicy.FeatureBinding) encryptionPolicy.getFeatureBinding()).addTargetBinding(readTargetSettings(element2, false));
            } else if (X509TOKEN_ELEMENT_QNAME.equals(qName)) {
                if (i2 > 0) {
                    log.log(Level.SEVERE, "WSS0520.illegal.configuration.state");
                    throw new IllegalStateException("Atmost one of X509token/SymmetricKey/SAMLAssertion  key bindings can be configured for an Encrypt/RequireEncryption operation");
                }
                i2++;
                readX509TokenSettings((AuthenticationTokenPolicy.X509CertificateBinding) encryptionPolicy.newX509CertificateKeyBinding(), element2);
            } else if (SYMMETRIC_KEY_ELEMENT_QNAME.equals(qName)) {
                if (i2 > 0) {
                    log.log(Level.SEVERE, "WSS0520.illegal.configuration.state");
                    throw new IllegalStateException("Atmost one of X509token/SymmetricKey/SAMLAssertion  key bindings can be configured for an Encrypt/RequireEncryption operation");
                }
                i2++;
                readSymmetricKeySettings((SymmetricKeyBinding) encryptionPolicy.newSymmetricKeyBinding(), element2);
            } else if (SAML_ELEMENT_QNAME.equals(qName)) {
                if (i2 > 0) {
                    log.log(Level.SEVERE, "WSS0520.illegal.configuration.state");
                    throw new IllegalStateException("Atmost one of X509token/SymmetricKey/SAMLAssertion  key bindings can be configured for an Encrypt/RequireEncryption operation");
                }
                i2++;
                readSAMLTokenSettings((AuthenticationTokenPolicy.SAMLAssertionBinding) encryptionPolicy.newSAMLAssertionKeyBinding(), element2);
            } else if (ENCRYPTION_TARGET_ELEMENT_QNAME.equals(qName)) {
                ((EncryptionPolicy.FeatureBinding) encryptionPolicy.getFeatureBinding()).addTargetBinding(readEncryptionTargetSettings(element2));
            } else if (KEY_ENCRYPTION_METHOD_ELEMENT_QNAME.equals(qName)) {
                readKeyEncMethodSettings(encryptionPolicy, element2);
            } else {
                if (!DATA_ENCRYPTION_METHOD_ELEMENT_QNAME.equals(qName)) {
                    log.log(Level.SEVERE, "WSS0513.illegal.configuration.element", qName.toString());
                    throw new IllegalStateException(qName + " is not a recognized sub-element of Encrypt/RequireEncryption");
                }
                readDataEncMethodSettings(encryptionPolicy, element2);
            }
            firstChildElement = getNextElement(element2);
        }
    }

    private static void readKeyEncMethodSettings(EncryptionPolicy encryptionPolicy, Element element) {
        String attribute = element.getAttribute(ConfigurationConstants.ALGORITHM_ATTRIBUTE_NAME);
        if ("".equals(attribute)) {
            throw new IllegalArgumentException("Empty/Missing algorithm attribute on " + element.getTagName());
        }
        checkCompatibility(attribute, element);
        MLSPolicy keyBinding = encryptionPolicy.getKeyBinding();
        if (keyBinding == null) {
            keyBinding = encryptionPolicy.newX509CertificateKeyBinding();
            ((AuthenticationTokenPolicy.X509CertificateBinding) keyBinding).setReferenceType("Direct");
        }
        setKeyAlgorithm(keyBinding, attribute);
    }

    private static void checkCompatibility(String str, Element element) {
        if ("http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p".equals(str) || MessageConstants.RSA_15_KEY_TRANSPORT.equals(str)) {
            if (hasSymmetricKeySibling(element)) {
                throw new IllegalStateException("Invalid SymmetricKey association specified for KeyEncryptionMethod " + str + ", required X509Token/SAML key association");
            }
        } else {
            if (!MessageConstants.TRIPLE_DES_KEY_WRAP.equals(str) && !str.startsWith("http://www.w3.org/2001/04/xmlenc#kw-aes")) {
                throw new IllegalArgumentException("Invalid/Unsupported Algorithm " + str + " specified for " + ConfigurationConstants.KEY_ENCRYPTION_METHOD_ELEMENT_NAME);
            }
            if (!hasSymmetricKeySibling(element)) {
                throw new IllegalStateException("Missing SymmetricKey association  for KeyEncryptionMethod " + str);
            }
            if (hasX509Sibling(element)) {
                throw new IllegalStateException("Invalid X509Token/SAML key association specified for KeyEncryptionMethod " + str + ",  required SymmetricKey association");
            }
        }
    }

    private static boolean hasX509Sibling(Element element) {
        return ((Element) element.getParentNode()).getElementsByTagNameNS(ConfigurationConstants.CONFIGURATION_URL, ConfigurationConstants.X509TOKEN_ELEMENT_NAME).getLength() > 0;
    }

    private static boolean hasSymmetricKeySibling(Element element) {
        return ((Element) element.getParentNode()).getElementsByTagNameNS(ConfigurationConstants.CONFIGURATION_URL, ConfigurationConstants.SYMMETRIC_KEY_ELEMENT_NAME).getLength() > 0;
    }

    private static void setDefaultKeyAlgorithm(SecurityPolicy securityPolicy, String str) {
        if (PolicyTypeUtil.samlTokenPolicy(securityPolicy)) {
            AuthenticationTokenPolicy.SAMLAssertionBinding sAMLAssertionBinding = (AuthenticationTokenPolicy.SAMLAssertionBinding) securityPolicy;
            if ("".equals(sAMLAssertionBinding.getKeyAlgorithm())) {
                sAMLAssertionBinding.setKeyAlgorithm(str);
                return;
            }
            return;
        }
        if (PolicyTypeUtil.x509CertificateBinding(securityPolicy)) {
            AuthenticationTokenPolicy.X509CertificateBinding x509CertificateBinding = (AuthenticationTokenPolicy.X509CertificateBinding) securityPolicy;
            if ("".equals(x509CertificateBinding.getKeyAlgorithm())) {
                x509CertificateBinding.setKeyAlgorithm(str);
                return;
            }
            return;
        }
        if (!PolicyTypeUtil.symmetricKeyBinding(securityPolicy)) {
            throw new IllegalArgumentException("Unknown Key Type " + securityPolicy.getClass().getName());
        }
        SymmetricKeyBinding symmetricKeyBinding = (SymmetricKeyBinding) securityPolicy;
        if ("".equals(symmetricKeyBinding.getKeyAlgorithm())) {
            symmetricKeyBinding.setKeyAlgorithm(str);
        }
    }

    private static void setKeyAlgorithm(SecurityPolicy securityPolicy, String str) {
        if (PolicyTypeUtil.samlTokenPolicy(securityPolicy)) {
            ((AuthenticationTokenPolicy.SAMLAssertionBinding) securityPolicy).setKeyAlgorithm(str);
            return;
        }
        if (!PolicyTypeUtil.x509CertificateBinding(securityPolicy)) {
            if (!PolicyTypeUtil.symmetricKeyBinding(securityPolicy)) {
                throw new IllegalArgumentException("Unknown Key Type " + securityPolicy.getClass().getName());
            }
            ((SymmetricKeyBinding) securityPolicy).setKeyAlgorithm(str);
            return;
        }
        AuthenticationTokenPolicy.X509CertificateBinding x509CertificateBinding = (AuthenticationTokenPolicy.X509CertificateBinding) securityPolicy;
        x509CertificateBinding.setKeyAlgorithm(str);
        if (MessageConstants.HMAC_SHA1_SIGMETHOD.equals(str)) {
            String certificateIdentifier = x509CertificateBinding.getCertificateIdentifier();
            if (certificateIdentifier == null || certificateIdentifier.equals("")) {
                throw new IllegalArgumentException("The certificate Alias should be set when algorithm is:" + str);
            }
        }
    }

    private static void readDataEncMethodSettings(EncryptionPolicy encryptionPolicy, Element element) {
        String attribute = element.getAttribute(ConfigurationConstants.ALGORITHM_ATTRIBUTE_NAME);
        if ("".equals(attribute)) {
            throw new IllegalArgumentException("Empty/Missing algorithm attribute on " + element.getTagName());
        }
        ((EncryptionPolicy.FeatureBinding) encryptionPolicy.getFeatureBinding()).setDataEncryptionAlgorithm(attribute);
    }

    private static void readCanonMethodSettings(SignaturePolicy signaturePolicy, Element element) {
        String attribute = element.getAttribute(ConfigurationConstants.ALGORITHM_ATTRIBUTE_NAME);
        boolean z = false;
        try {
            z = parseBoolean(ConfigurationConstants.DISABLE_INCLUSIVE_PREFIX, element.getAttribute(ConfigurationConstants.DISABLE_INCLUSIVE_PREFIX));
        } catch (Exception e) {
            e.printStackTrace();
        }
        if ("".equals(attribute)) {
            throw new IllegalArgumentException("Empty/Missing algorithm attribute on " + element.getTagName());
        }
        SignaturePolicy.FeatureBinding featureBinding = (SignaturePolicy.FeatureBinding) signaturePolicy.getFeatureBinding();
        featureBinding.setCanonicalizationAlgorithm(attribute);
        featureBinding.setDisbaleInclusivePrefix(z);
    }

    private static void readSigMethodSettings(SignaturePolicy signaturePolicy, Element element) {
        String attribute = element.getAttribute(ConfigurationConstants.ALGORITHM_ATTRIBUTE_NAME);
        if ("".equals(attribute)) {
            throw new IllegalArgumentException("Empty/Missing algorithm attribute on " + element.getTagName());
        }
        MLSPolicy keyBinding = signaturePolicy.getKeyBinding();
        if (keyBinding == null) {
            keyBinding = signaturePolicy.newX509CertificateKeyBinding();
            ((AuthenticationTokenPolicy.X509CertificateBinding) keyBinding).setReferenceType("Direct");
        }
        setKeyAlgorithm(keyBinding, attribute);
    }

    private static QName getQName(Node node) {
        return new QName(node.getNamespaceURI(), node.getLocalName());
    }

    private static Element getFirstChildElement(Node node) {
        Node node2;
        Node firstChild = node.getFirstChild();
        while (true) {
            node2 = firstChild;
            if (node2 == null || (node2 instanceof Element)) {
                break;
            }
            firstChild = node2.getNextSibling();
        }
        return (Element) node2;
    }

    private static Element getNextElement(Node node) {
        Node node2 = node;
        while (node2 != null) {
            node2 = node2.getNextSibling();
            if (node2 instanceof Element) {
                break;
            }
        }
        return (Element) node2;
    }

    private static boolean parseBoolean(String str, String str2) throws Exception {
        if ("1".equals(str2) || "true".equalsIgnoreCase(str2)) {
            return true;
        }
        if ("0".equals(str2) || "false".equalsIgnoreCase(str2)) {
            return false;
        }
        log.log(Level.SEVERE, "WSS0511.illegal.boolean.value", str2);
        throw new Exception("Boolean attribute " + str + " has value other than 'true' or 'false'");
    }

    private static long parseLong(String str) {
        if ("".equals(str)) {
            return 0L;
        }
        String str2 = str;
        int indexOf = str.indexOf(".");
        if (indexOf > 0) {
            str2 = str.substring(0, indexOf);
        }
        return Long.parseLong(str2);
    }

    private static void readTimestampSettings(TimestampPolicy timestampPolicy, Element element) {
        timestampPolicy.setUUID(getIdAttribute(element));
        timestampPolicy.setTimeout(parseLong(element.getAttribute(ConfigurationConstants.TIMEOUT_ATTRIBUTE_NAME)) * 1000);
        Element firstChildElement = getFirstChildElement(element);
        if (firstChildElement != null) {
            log.log(Level.SEVERE, "WSS0513.illegal.configuration.element", getQName(firstChildElement));
            throw new IllegalStateException(getQName(firstChildElement) + " is not a recognized sub-element of Timestamp");
        }
    }

    private static void readTimestampRequirementSettings(TimestampPolicy timestampPolicy, Element element) {
        timestampPolicy.setUUID(getIdAttribute(element));
        String attribute = element.getAttribute(ConfigurationConstants.MAX_CLOCK_SKEW);
        String attribute2 = element.getAttribute(ConfigurationConstants.TIMESTAMP_FRESHNESS_LIMIT);
        timestampPolicy.setMaxClockSkew(parseLong(attribute) * 1000);
        timestampPolicy.setTimestampFreshness(parseLong(attribute2) * 1000);
        Element firstChildElement = getFirstChildElement(element);
        if (firstChildElement != null) {
            log.log(Level.SEVERE, "WSS0513.illegal.configuration.element", getQName(firstChildElement));
            throw new IllegalStateException(getQName(firstChildElement) + " is not a recognized sub-element of RequireTimestamp");
        }
    }

    private static void readUsernamePasswordSettings(AuthenticationTokenPolicy.UsernameTokenBinding usernameTokenBinding, Element element) {
        usernameTokenBinding.setUUID(getIdAttribute(element));
        NamedNodeMap attributes = element.getAttributes();
        int length = attributes.getLength();
        for (int i = 0; i < length; i++) {
            Attr attr = (Attr) attributes.item(i);
            String name = attr.getName();
            if ("id".equalsIgnoreCase(name)) {
                usernameTokenBinding.setUUID(attr.getValue());
            } else if ("name".equalsIgnoreCase(name)) {
                usernameTokenBinding.setUsername(attr.getValue());
            } else if ("password".equalsIgnoreCase(name)) {
                usernameTokenBinding.setPassword(attr.getValue());
            } else if (ConfigurationConstants.USE_NONCE_ATTRIBUTE_NAME.equalsIgnoreCase(name)) {
                usernameTokenBinding.setUseNonce(getBooleanValue(attr.getValue()));
            } else {
                if (!ConfigurationConstants.DIGEST_PASSWORD_ATTRIBUTE_NAME.equalsIgnoreCase(name)) {
                    log.log(Level.SEVERE, "WSS0512.illegal.attribute.name", new Object[]{name, element.getTagName()});
                    throw new IllegalStateException(name + " is not a recognized attribute of UsernameToken");
                }
                usernameTokenBinding.setDigestOn(getBooleanValue(attr.getValue()));
            }
        }
        if (usernameTokenBinding.getDigestOn() && !usernameTokenBinding.getUseNonce()) {
            throw new IllegalStateException("useNonce attribute must be true if digestPassword is true");
        }
        Element firstChildElement = getFirstChildElement(element);
        if (firstChildElement != null) {
            log.log(Level.SEVERE, "WSS0513.illegal.configuration.element", getQName(firstChildElement));
            throw new IllegalStateException(getQName(firstChildElement) + " is not a recognized sub-element of UsernameToken");
        }
    }

    private static void readUsernamePasswordRequirementSettings(AuthenticationTokenPolicy.UsernameTokenBinding usernameTokenBinding, Element element) {
        usernameTokenBinding.setUUID(getIdAttribute(element));
        try {
            TimestampPolicy timestampPolicy = (TimestampPolicy) usernameTokenBinding.newTimestampFeatureBinding();
            NamedNodeMap attributes = element.getAttributes();
            int length = attributes.getLength();
            for (int i = 0; i < length; i++) {
                Attr attr = (Attr) attributes.item(i);
                String name = attr.getName();
                if (!"id".equalsIgnoreCase(name)) {
                    if (ConfigurationConstants.NONCE_REQUIRED_ATTRIBUTE_NAME.equalsIgnoreCase(name)) {
                        usernameTokenBinding.setUseNonce(getBooleanValue(attr.getValue()));
                    } else if (ConfigurationConstants.PASSWORD_DIGEST_REQUIRED_ATTRIBUTE_NAME.equalsIgnoreCase(name)) {
                        usernameTokenBinding.setDigestOn(getBooleanValue(attr.getValue()));
                    } else if (ConfigurationConstants.MAX_CLOCK_SKEW.equalsIgnoreCase(name)) {
                        timestampPolicy.setMaxClockSkew(parseLong(attr.getValue()) * 1000);
                    } else if (ConfigurationConstants.TIMESTAMP_FRESHNESS_LIMIT.equalsIgnoreCase(name)) {
                        timestampPolicy.setTimestampFreshness(parseLong(attr.getValue()) * 1000);
                    } else {
                        if (!ConfigurationConstants.MAX_NONCE_AGE.equalsIgnoreCase(name)) {
                            log.log(Level.SEVERE, "WSS0512.illegal.attribute.name", new Object[]{name, "xwss:RequireUsernameToken"});
                            throw new IllegalStateException(name + " is not a recognized attribute of RequireUsernameToken");
                        }
                        usernameTokenBinding.setMaxNonceAge(parseLong(attr.getValue()) * 1000);
                    }
                }
            }
            Element firstChildElement = getFirstChildElement(element);
            if (firstChildElement != null) {
                log.log(Level.SEVERE, "WSS0513.illegal.configuration.element", getQName(firstChildElement));
                throw new IllegalStateException(getQName(firstChildElement) + " is not a recognized sub-element of RequireUsernameToken");
            }
            if (usernameTokenBinding.getDigestOn() && !usernameTokenBinding.getUseNonce()) {
                throw new IllegalStateException("nonceRequired attribute must be true if passwordDigestRequired is true");
            }
        } catch (Exception e) {
            throw new IllegalStateException(e.getMessage());
        }
    }

    private static void readSAMLTokenSettings(AuthenticationTokenPolicy.SAMLAssertionBinding sAMLAssertionBinding, Element element) {
        sAMLAssertionBinding.setUUID(getIdAttribute(element));
        validateSAMLType(element.getAttribute("type"), element);
        NamedNodeMap attributes = element.getAttributes();
        int length = attributes.getLength();
        for (int i = 0; i < length; i++) {
            Attr attr = (Attr) attributes.item(i);
            String name = attr.getName();
            if (!"id".equalsIgnoreCase(name)) {
                if ("type".equalsIgnoreCase(name)) {
                    sAMLAssertionBinding.setAssertionType(attr.getValue());
                } else if (ConfigurationConstants.SAML_AUTHORITY_ID_ATTRIBUTE_NAME.equalsIgnoreCase(name)) {
                    sAMLAssertionBinding.setAuthorityIdentifier(attr.getValue());
                } else if (ConfigurationConstants.SAML_KEYIDENTIFIER_ATTRIBUTE_NAME.equalsIgnoreCase(name)) {
                    sAMLAssertionBinding.setKeyIdentifier(attr.getValue());
                } else if (ConfigurationConstants.KEY_REFERENCE_TYPE_ATTRIBUTE_NAME.equalsIgnoreCase(name)) {
                    String value = attr.getValue();
                    validateSAMLKeyReferenceType(value);
                    sAMLAssertionBinding.setReferenceType(value);
                } else {
                    if (!ConfigurationConstants.STRID.equalsIgnoreCase(name)) {
                        log.log(Level.SEVERE, "WSS0512.illegal.attribute.name", new Object[]{name, "xwss:SAMLAssertion"});
                        throw new IllegalStateException(name + " is not a recognized attribute of SAMLAssertion");
                    }
                    sAMLAssertionBinding.setSTRID(attr.getValue());
                }
            }
        }
    }

    private static void readRequireSAMLTokenSettings(AuthenticationTokenPolicy.SAMLAssertionBinding sAMLAssertionBinding, Element element) {
        sAMLAssertionBinding.setUUID(getIdAttribute(element));
        validateRequireSAMLType(element.getAttribute("type"), element);
        NamedNodeMap attributes = element.getAttributes();
        int length = attributes.getLength();
        for (int i = 0; i < length; i++) {
            Attr attr = (Attr) attributes.item(i);
            String name = attr.getName();
            if (!"id".equalsIgnoreCase(name)) {
                if ("type".equalsIgnoreCase(name)) {
                    sAMLAssertionBinding.setAssertionType(attr.getValue());
                } else if (ConfigurationConstants.SAML_AUTHORITY_ID_ATTRIBUTE_NAME.equalsIgnoreCase(name)) {
                    sAMLAssertionBinding.setAuthorityIdentifier(attr.getValue());
                } else if (ConfigurationConstants.KEY_REFERENCE_TYPE_ATTRIBUTE_NAME.equalsIgnoreCase(name)) {
                    String value = attr.getValue();
                    validateSAMLKeyReferenceType(value);
                    sAMLAssertionBinding.setReferenceType(value);
                } else {
                    if (!ConfigurationConstants.STRID.equalsIgnoreCase(name)) {
                        log.log(Level.SEVERE, "WSS0512.illegal.attribute.name", new Object[]{name, "xwss:RequireSAMLAssertion"});
                        throw new IllegalStateException(name + " is not a recognized attribute of RequireSAMLAssertion");
                    }
                    sAMLAssertionBinding.setSTRID(attr.getValue());
                }
            }
        }
    }

    private static EncryptionTarget readEncryptionTargetSettings(Element element) {
        EncryptionTarget encryptionTarget = new EncryptionTarget();
        NamedNodeMap attributes = element.getAttributes();
        int length = attributes.getLength();
        for (int i = 0; i < length; i++) {
            Attr attr = (Attr) attributes.item(i);
            String name = attr.getName();
            if ("type".equalsIgnoreCase(name)) {
                String value = attr.getValue();
                if ("qname".equalsIgnoreCase(value)) {
                    encryptionTarget.setType("qname");
                } else if ("xpath".equalsIgnoreCase(value)) {
                    encryptionTarget.setType("xpath");
                } else {
                    if (!"uri".equalsIgnoreCase(value)) {
                        log.log(Level.SEVERE, "WSS0519.illegal.attribute.value", "xwss:Target@Type");
                        throw new IllegalStateException(value + " is not a recognized type of Target");
                    }
                    encryptionTarget.setType("uri");
                }
            } else if (ConfigurationConstants.CONTENT_ONLY_ATTRIBUTE_NAME.equalsIgnoreCase(name)) {
                encryptionTarget.setContentOnly(getBooleanValue(attr.getValue()));
            } else if (ConfigurationConstants.ENFORCE_ATTRIBUTE_NAME.equalsIgnoreCase(name)) {
                encryptionTarget.setEnforce(Boolean.valueOf(attr.getValue()).booleanValue());
            } else if (!"value".equalsIgnoreCase(name)) {
                log.log(Level.SEVERE, "WSS0512.illegal.attribute.name", new Object[]{name, "xwss:Target"});
                throw new IllegalStateException(name + " is not a recognized attribute of Target");
            }
        }
        String attribute = element.getAttribute("value");
        if (attribute == null) {
            throw new IllegalStateException("value attribute of the EncryptionTarget element missing/empty");
        }
        if (attribute.startsWith("#")) {
            attribute = attribute.substring(1);
        }
        encryptionTarget.setValue(attribute);
        Element firstChildElement = getFirstChildElement(element);
        while (true) {
            Element element2 = firstChildElement;
            if (element2 == null) {
                return encryptionTarget;
            }
            QName qName = getQName(element2);
            if (!TRANSFORM_ELEMENT_QNAME.equals(qName)) {
                log.log(Level.SEVERE, "WSS0513.illegal.configuration.element", qName.toString());
                throw new IllegalStateException(qName + " is not a recognized sub-element of EncryptionTarget");
            }
            encryptionTarget.addCipherReferenceTransform(readEncTransform(element2));
            firstChildElement = getNextElement(element2);
        }
    }

    private static Target readTargetSettings(Element element, boolean z) {
        if (!z) {
            return readTargetSettings(element, new EncryptionTarget());
        }
        SignatureTarget signatureTarget = new SignatureTarget();
        signatureTarget.setDigestAlgorithm(MessageConstants.SHA1_DIGEST);
        return readTargetSettings(element, signatureTarget);
    }

    private static Target readTargetSettings(Element element, Target target) {
        NamedNodeMap attributes = element.getAttributes();
        int length = attributes.getLength();
        for (int i = 0; i < length; i++) {
            Attr attr = (Attr) attributes.item(i);
            String name = attr.getName();
            if ("type".equalsIgnoreCase(name)) {
                String value = attr.getValue();
                if ("qname".equalsIgnoreCase(value)) {
                    target.setType("qname");
                } else if ("xpath".equalsIgnoreCase(value)) {
                    target.setType("xpath");
                } else {
                    if (!"uri".equalsIgnoreCase(value)) {
                        log.log(Level.SEVERE, "WSS0519.illegal.attribute.value", "xwss:Target@Type");
                        throw new IllegalStateException(value + " is not a recognized type of Target");
                    }
                    target.setType("uri");
                }
            } else if (ConfigurationConstants.CONTENT_ONLY_ATTRIBUTE_NAME.equalsIgnoreCase(name)) {
                if (attr.getSpecified()) {
                    validateTargetContentOnly(element);
                }
                target.setContentOnly(getBooleanValue(attr.getValue()));
            } else {
                if (!ConfigurationConstants.ENFORCE_ATTRIBUTE_NAME.equalsIgnoreCase(name)) {
                    log.log(Level.SEVERE, "WSS0512.illegal.attribute.name", new Object[]{name, "xwss:Target"});
                    throw new IllegalStateException(name + " is not a recognized attribute of Target");
                }
                boolean booleanValue = getBooleanValue(attr.getValue());
                if (!ConfigurationConstants.OPTIONAL_TARGETS_ELEMENT_NAME.equals(element.getParentNode().getLocalName())) {
                    target.setEnforce(booleanValue);
                } else if (attr.getSpecified() && booleanValue) {
                    log.warning("WSS0760.warning.optionaltarget.enforce.ignored");
                }
            }
        }
        String fullTextFromChildren = XMLUtil.getFullTextFromChildren(element);
        if (fullTextFromChildren == null || fullTextFromChildren.equals("")) {
            throw new IllegalStateException("Value of the Target element is required to be specified");
        }
        if (fullTextFromChildren.startsWith("#")) {
            fullTextFromChildren = fullTextFromChildren.substring(1);
        }
        target.setValue(fullTextFromChildren);
        return target;
    }

    private static SignatureTarget readSignatureTargetSettings(Element element) {
        SignatureTarget signatureTarget = new SignatureTarget();
        NamedNodeMap attributes = element.getAttributes();
        int length = attributes.getLength();
        for (int i = 0; i < length; i++) {
            Attr attr = (Attr) attributes.item(i);
            String name = attr.getName();
            if ("type".equalsIgnoreCase(name)) {
                String value = attr.getValue();
                if ("qname".equalsIgnoreCase(value)) {
                    signatureTarget.setType("qname");
                } else if ("xpath".equalsIgnoreCase(value)) {
                    signatureTarget.setType("xpath");
                } else {
                    if (!"uri".equalsIgnoreCase(value)) {
                        log.log(Level.SEVERE, "WSS0519.illegal.attribute.value", "xwss:Target@Type");
                        throw new IllegalStateException(value + " is not a recognized type of Target");
                    }
                    signatureTarget.setType("uri");
                }
            } else if (ConfigurationConstants.CONTENT_ONLY_ATTRIBUTE_NAME.equalsIgnoreCase(name)) {
                if (attr.getSpecified()) {
                    throw new IllegalStateException("invalid contentOnly attribute in a xwss:SignatureTarget");
                }
            } else if (ConfigurationConstants.ENFORCE_ATTRIBUTE_NAME.equalsIgnoreCase(name)) {
                signatureTarget.setEnforce(getBooleanValue(attr.getValue()));
            } else if (!"value".equalsIgnoreCase(name)) {
                log.log(Level.SEVERE, "WSS0512.illegal.attribute.name", new Object[]{name, "xwss:Target"});
                throw new IllegalStateException(name + " is not a recognized attribute of Target");
            }
        }
        String attribute = element.getAttribute("value");
        if (attribute == null) {
            throw new IllegalStateException("value attribute of the SignatureTarget element missing/empty");
        }
        signatureTarget.setValue(attribute);
        boolean z = false;
        Element firstChildElement = getFirstChildElement(element);
        while (true) {
            Element element2 = firstChildElement;
            if (element2 == null) {
                if ("".equals(signatureTarget.getDigestAlgorithm())) {
                    signatureTarget.setDigestAlgorithm(MessageConstants.SHA1_DIGEST);
                }
                if ((signatureTarget.getValue().startsWith("cid") || signatureTarget.getValue().startsWith("CID") || signatureTarget.getValue().startsWith(MessageConstants.ATTACHMENTREF)) && !z) {
                    throw new IllegalStateException("Missing Transform specification for Attachment Target " + signatureTarget.getValue());
                }
                return signatureTarget;
            }
            QName qName = getQName(element2);
            if (DIGEST_METHOD_ELEMENT_QNAME.equals(qName)) {
                signatureTarget.setDigestAlgorithm(readDigestMethod(element2));
            } else {
                if (!TRANSFORM_ELEMENT_QNAME.equals(qName)) {
                    log.log(Level.SEVERE, "WSS0513.illegal.configuration.element", qName.toString());
                    throw new IllegalStateException(qName + " is not a recognized sub-element of SignatureTarget");
                }
                SignatureTarget.Transform readSigTransform = readSigTransform(element2);
                if (readSigTransform.getTransform().equals(MessageConstants.ATTACHMENT_CONTENT_ONLY_TRANSFORM_URI) || readSigTransform.getTransform().equals(MessageConstants.ATTACHMENT_COMPLETE_TRANSFORM_URI)) {
                    z = true;
                }
                signatureTarget.addTransform(readSigTransform);
            }
            firstChildElement = getNextElement(element2);
        }
    }

    private static String readDigestMethod(Element element) {
        String attribute = element.getAttribute(ConfigurationConstants.ALGORITHM_ATTRIBUTE_NAME);
        if ("".equals(attribute)) {
            throw new IllegalArgumentException("Empty/missing algorithm attribute on SignatureTarget");
        }
        return attribute;
    }

    private static SignatureTarget.Transform readSigTransform(Element element) {
        String attribute = element.getAttribute(ConfigurationConstants.ALGORITHM_ATTRIBUTE_NAME);
        boolean z = false;
        try {
            z = parseBoolean(ConfigurationConstants.DISABLE_INCLUSIVE_PREFIX, element.getAttribute(ConfigurationConstants.DISABLE_INCLUSIVE_PREFIX));
        } catch (Exception e) {
            e.printStackTrace();
        }
        if ("".equals(attribute)) {
            throw new IllegalStateException(" Empty/Missing algorithm attribute on xwss:Transform element");
        }
        Element firstChildElement = getFirstChildElement(element);
        SignatureTarget.Transform transform = new SignatureTarget.Transform();
        transform.setTransform(attribute);
        transform.setDisbaleInclusivePrefix(z);
        if (attribute.equals("http://www.w3.org/TR/1999/REC-xpath-19991116")) {
            fillXPATHTransformParams(firstChildElement, transform);
        } else if (attribute.equals(MessageConstants.TRANSFORM_FILTER2)) {
            fillXPATH2TransformParams(firstChildElement, transform);
        } else if (attribute.equals(MessageConstants.STR_TRANSFORM_URI)) {
            fillSTRTransformParams(firstChildElement, transform);
        } else if (log.getLevel() == Level.FINE) {
            log.log(Level.FINE, "Algorithm Parameters not supportedfor transform", attribute);
        }
        return transform;
    }

    private static void fillXPATHTransformParams(Element element, SignatureTarget.Transform transform) {
        QName qName = getQName(element);
        if (!ALGORITHM_PARAMETER_ELEMENT_QNAME.equals(qName)) {
            log.log(Level.SEVERE, "WSS0513.illegal.configuration.element", qName.toString());
            throw new IllegalStateException(qName + " is not a recognized sub-element of Transform");
        }
        String attribute = element.getAttribute("name");
        String attribute2 = element.getAttribute("value");
        if (!attribute.equals("XPATH")) {
            throw new IllegalStateException("XPATH Transform must have XPATH attribute name and an XPATH Expression as value");
        }
        transform.setAlgorithmParameters(new XPathFilterParameterSpec(attribute2));
    }

    private static void fillXPATH2TransformParams(Element element, SignatureTarget.Transform transform) {
        ArrayList arrayList = new ArrayList();
        while (element != null) {
            QName qName = getQName(element);
            if (!ALGORITHM_PARAMETER_ELEMENT_QNAME.equals(qName)) {
                log.log(Level.SEVERE, "WSS0513.illegal.configuration.element", qName.toString());
                throw new IllegalStateException(qName + " is not a recognized sub-element of Transform");
            }
            String attribute = element.getAttribute("name");
            String attribute2 = element.getAttribute("value");
            if (attribute.equalsIgnoreCase("UNION")) {
                arrayList.add(new XPathType(attribute2, XPathType.Filter.UNION));
            } else if (attribute.equalsIgnoreCase("INTERSECT")) {
                arrayList.add(new XPathType(attribute2, XPathType.Filter.INTERSECT));
            } else {
                if (!attribute.equalsIgnoreCase("SUBTRACT")) {
                    throw new IllegalStateException("XPATH2 Transform AlgorithmParameter name attribute should be one of UNION,INTERSECT,SUBTRACT");
                }
                arrayList.add(new XPathType(attribute2, XPathType.Filter.SUBTRACT));
            }
            element = getNextElement(element);
        }
        transform.setAlgorithmParameters(new XPathFilter2ParameterSpec(arrayList));
    }

    private static void fillSTRTransformParams(Element element, SignatureTarget.Transform transform) {
        QName qName = getQName(element);
        if (ALGORITHM_PARAMETER_ELEMENT_QNAME.equals(qName)) {
            transform.setAlgorithmParameters(new Parameter(element.getAttribute("name"), element.getAttribute("value")));
        } else {
            log.log(Level.SEVERE, "WSS0513.illegal.configuration.element", qName.toString());
            throw new IllegalStateException(qName + " is not a recognized sub-element of Transform");
        }
    }

    private static EncryptionTarget.Transform readEncTransform(Element element) {
        String attribute = element.getAttribute(ConfigurationConstants.ALGORITHM_ATTRIBUTE_NAME);
        if ("".equals(attribute)) {
            throw new IllegalStateException(" Empty/Missing algorithm attribute on xwss:Transform element");
        }
        EncryptionTarget.Transform transform = new EncryptionTarget.Transform();
        transform.setTransform(attribute);
        return transform;
    }

    private static void validateContentOnly(Element element) {
        String localName = element.getParentNode().getLocalName();
        if (ConfigurationConstants.SIGNATURE_REQUIREMENT_ELEMENT_NAME.equalsIgnoreCase(localName) || ConfigurationConstants.SIGN_OPERATION_ELEMENT_NAME.equalsIgnoreCase(localName)) {
            String attribute = element.getAttribute("value");
            if (!"uri".equalsIgnoreCase(element.getAttribute("type"))) {
                throw new IllegalStateException("invalid contentOnly attribute in a SignatureTarget");
            }
            if (!attribute.startsWith("cid") && !attribute.startsWith("CID")) {
                throw new IllegalStateException("invalid contentOnly attribute on a non-attachment SignatureTarget");
            }
        }
        if (!ConfigurationConstants.ENCRYPT_OPERATION_ELEMENT_NAME.equalsIgnoreCase(localName) && !ConfigurationConstants.ENCRYPTION_REQUIREMENT_ELEMENT_NAME.equalsIgnoreCase(localName)) {
            throw new IllegalStateException("contentOnly attribute not allowed on Targets under element " + localName);
        }
    }

    private static void validateSAMLKeyReferenceType(String str) {
        if (!"Identifier".equalsIgnoreCase(str) && !"Embedded".equalsIgnoreCase(str)) {
            throw new IllegalStateException("Reference Type " + str + " not allowed for SAMLAssertion References");
        }
    }

    private static void validateRequireSAMLType(String str, Element element) {
        if (!"SV".equals(str)) {
            throw new IllegalStateException("Allowed Assertion Types for <xwss:RequireSAMLAssertion> is SV only");
        }
        Node parentNode = element.getParentNode();
        if (parentNode == null) {
            throw new IllegalStateException("<xwss:RequireSAMLAssertion> cannot occur at this position");
        }
        String localName = parentNode.getLocalName();
        if (!ConfigurationConstants.DECLARATIVE_CONFIGURATION_ELEMENT_NAME.equals(localName)) {
            throw new IllegalStateException("<xwss:RequireSAMLAssertion> of Type=SV cannot occur as child of " + localName);
        }
    }

    private static void validateSAMLType(String str, Element element) {
        if (!"SV".equals(str) && !"HOK".equals(str)) {
            throw new IllegalStateException(str + " not a valid SAML Assertion Type, require one of HOK|SV");
        }
        if ("SV".equals(str)) {
            Node parentNode = element.getParentNode();
            if (parentNode == null) {
                throw new IllegalStateException("SAML Assertion cannot occur at this position");
            }
            String localName = parentNode.getLocalName();
            if (!ConfigurationConstants.DECLARATIVE_CONFIGURATION_ELEMENT_NAME.equals(localName)) {
                throw new IllegalStateException("SAML Assertion of Type=SV cannot occur as child of " + localName);
            }
        }
    }

    private static boolean dynamicPolicy(Element element) {
        String attribute = element.getAttribute(ConfigurationConstants.ENABLE_DYNAMIC_POLICY_ATTRIBUTE_NAME);
        NodeList elementsByTagName = element.getElementsByTagName("*");
        if ("".equals(attribute) || "false".equals(attribute) || "0".equals(attribute)) {
            return false;
        }
        return ("true".equals(attribute) || "1".equals(attribute)) && elementsByTagName.getLength() == 0;
    }

    private static boolean getBSPAttribute(Element element, ApplicationSecurityConfiguration applicationSecurityConfiguration) {
        String attribute = element.getAttribute(ConfigurationConstants.CONFORMANCE_ATTRIBUTE_NAME);
        if (ConfigurationConstants.BSP_CONFORMANCE.equals(attribute)) {
            return true;
        }
        if (!"".equals(attribute) || applicationSecurityConfiguration == null) {
            return false;
        }
        return applicationSecurityConfiguration.isBSP();
    }

    private static String getIdAttribute(Element element) {
        String attribute = element.getAttribute("id");
        if (attribute.startsWith("#")) {
            throw new IllegalArgumentException("Illegal id attribute " + attribute + ", id attributes on policy elements cannot begin with a '#' character");
        }
        if ("".equals(attribute)) {
            attribute = generateUUID();
        }
        return attribute;
    }

    private static String generateUUID() {
        return "XWSSGID-" + String.valueOf(System.currentTimeMillis()) + String.valueOf(rnd.nextInt());
    }

    private static void validateTargetContentOnly(Element element) {
        String localName = element.getParentNode().getLocalName();
        if (!ConfigurationConstants.ENCRYPT_OPERATION_ELEMENT_NAME.equalsIgnoreCase(localName) && !ConfigurationConstants.ENCRYPTION_REQUIREMENT_ELEMENT_NAME.equalsIgnoreCase(localName)) {
            throw new IllegalStateException("contentOnly attribute not allowed on Targets under element " + localName);
        }
    }

    private static String getSecurityEnvironmentHandler(Element element) {
        int i = 0;
        String str = null;
        for (Element firstChildElement = getFirstChildElement(element); firstChildElement != null; firstChildElement = getNextElement(firstChildElement)) {
            if (SECURITY_ENVIRONMENT_HANDLER_ELEMENT_QNAME.equals(getQName(firstChildElement))) {
                if (i > 0) {
                    throw new IllegalStateException("More than one <xwss:SecurityEnvironmentHandler> element under " + element.getTagName());
                }
                i++;
                str = XMLUtil.getFullTextFromChildren(firstChildElement);
                if (str == null || str.equals("")) {
                    throw new IllegalStateException("A Handler class name has to be specified in security configuration file");
                }
            }
        }
        return str;
    }

    private static void readAlgorithmProperties(HashMap hashMap, Element element) {
        hashMap.put(element.getAttribute("name"), element.getAttribute("value"));
    }

    private static boolean getBooleanValue(String str) {
        if ("0".equals(str) || "false".equalsIgnoreCase(str)) {
            return false;
        }
        if ("1".equals(str) || "true".equalsIgnoreCase(str)) {
            return true;
        }
        log.log(Level.SEVERE, "WSS0511.illegal.boolean.value", str);
        throw new IllegalArgumentException(str + " is not a valid boolean value");
    }

    private static void applyDefaults(TimestampPolicy timestampPolicy, boolean z) {
        if (timestampPolicy.getTimeout() == 0) {
            timestampPolicy.setTimeout(5000L);
        }
    }

    private static void applyDefaults(EncryptionPolicy encryptionPolicy, boolean z) {
        EncryptionPolicy.FeatureBinding featureBinding = (EncryptionPolicy.FeatureBinding) encryptionPolicy.getFeatureBinding();
        boolean z2 = featureBinding.getTargetBindings().size() == 0;
        if (!z && z2) {
            featureBinding.addTargetBinding((Target) new EncryptionTarget());
        }
        if (encryptionPolicy.getKeyBinding() == null) {
            ((AuthenticationTokenPolicy.X509CertificateBinding) encryptionPolicy.newX509CertificateKeyBinding()).setReferenceType("Direct");
        }
    }

    private static void applyDefaults(SignaturePolicy signaturePolicy, boolean z) {
        SignaturePolicy.FeatureBinding featureBinding = (SignaturePolicy.FeatureBinding) signaturePolicy.getFeatureBinding();
        boolean z2 = featureBinding.getTargetBindings().size() == 0;
        if (!z && z2) {
            SignatureTarget signatureTarget = new SignatureTarget();
            signatureTarget.setDigestAlgorithm(MessageConstants.SHA1_DIGEST);
            featureBinding.addTargetBinding(signatureTarget);
        }
        if (signaturePolicy.getKeyBinding() == null) {
            AuthenticationTokenPolicy.X509CertificateBinding x509CertificateBinding = (AuthenticationTokenPolicy.X509CertificateBinding) signaturePolicy.newX509CertificateKeyBinding();
            x509CertificateBinding.newPrivateKeyBinding();
            x509CertificateBinding.setReferenceType("Direct");
        }
        if (PolicyTypeUtil.symmetricKeyBinding(signaturePolicy.getKeyBinding())) {
            setDefaultKeyAlgorithm(signaturePolicy.getKeyBinding(), MessageConstants.HMAC_SHA1_SIGMETHOD);
        } else {
            setDefaultKeyAlgorithm(signaturePolicy.getKeyBinding(), MessageConstants.RSA_SHA1_SIGMETHOD);
        }
        if ("".equals(featureBinding.getCanonicalizationAlgorithm())) {
            featureBinding.setCanonicalizationAlgorithm("http://www.w3.org/2001/10/xml-exc-c14n#");
        }
    }

    private static void applyDefaults(AuthenticationTokenPolicy.UsernameTokenBinding usernameTokenBinding, boolean z) {
    }

    private static void applyDefaults(AuthenticationTokenPolicy.SAMLAssertionBinding sAMLAssertionBinding, boolean z) {
        if ("".equals(sAMLAssertionBinding.getReferenceType())) {
            sAMLAssertionBinding.setReferenceType("Identifier");
        }
    }

    private static void applyReceiverDefaults(SignaturePolicy signaturePolicy, boolean z, boolean z2) {
        SignaturePolicy.FeatureBinding featureBinding = (SignaturePolicy.FeatureBinding) signaturePolicy.getFeatureBinding();
        boolean z3 = featureBinding.getTargetBindings().size() == 0;
        if (!z2 && z3) {
            SignatureTarget signatureTarget = new SignatureTarget();
            signatureTarget.setDigestAlgorithm(MessageConstants.SHA1_DIGEST);
            featureBinding.addTargetBinding(signatureTarget);
        }
        signaturePolicy.isBSP(z);
    }

    private static void applyReceiverDefaults(EncryptionPolicy encryptionPolicy, boolean z, boolean z2) {
        EncryptionPolicy.FeatureBinding featureBinding = (EncryptionPolicy.FeatureBinding) encryptionPolicy.getFeatureBinding();
        boolean z3 = featureBinding.getTargetBindings().size() == 0;
        if (!z2 && z3) {
            featureBinding.addTargetBinding((Target) new EncryptionTarget());
        }
        encryptionPolicy.isBSP(z);
    }

    private static void applyReceiverDefaults(AuthenticationTokenPolicy.UsernameTokenBinding usernameTokenBinding, boolean z, String str, boolean z2) throws PolicyGenerationException {
        usernameTokenBinding.isBSP(z);
    }

    private static void applyReceiverDefaults(TimestampPolicy timestampPolicy, boolean z, String str, boolean z2) {
        if (timestampPolicy.getMaxClockSkew() == 0) {
            timestampPolicy.setMaxClockSkew(300000L);
        }
        if (timestampPolicy.getTimestampFreshness() == 0) {
            timestampPolicy.setTimestampFreshness(300000L);
        }
        timestampPolicy.isBSP(z);
    }

    private static void applyReceiverDefaults(AuthenticationTokenPolicy.SAMLAssertionBinding sAMLAssertionBinding, boolean z, boolean z2) {
        if ("".equals(sAMLAssertionBinding.getReferenceType())) {
            sAMLAssertionBinding.setReferenceType("Identifier");
        }
        sAMLAssertionBinding.isBSP(z);
    }

    private static boolean configHasSingleService(Element element) {
        NodeList elementsByTagNameNS = element.getElementsByTagNameNS(ConfigurationConstants.CONFIGURATION_URL, ConfigurationConstants.SERVICE_ELEMENT_NAME);
        return elementsByTagNameNS.getLength() <= 1 && elementsByTagNameNS.getLength() != 0;
    }

    private static boolean configHasSingleServiceAndNoPorts(Element element) {
        NodeList elementsByTagNameNS = element.getElementsByTagNameNS(ConfigurationConstants.CONFIGURATION_URL, ConfigurationConstants.SERVICE_ELEMENT_NAME);
        return elementsByTagNameNS.getLength() <= 1 && elementsByTagNameNS.getLength() != 0 && element.getElementsByTagNameNS(ConfigurationConstants.CONFIGURATION_URL, ConfigurationConstants.PORT_ELEMENT_NAME).getLength() == 0;
    }

    private static boolean configHasOperations(Element element) {
        return element.getElementsByTagNameNS(ConfigurationConstants.CONFIGURATION_URL, ConfigurationConstants.OPERATION_ELEMENT_NAME).getLength() > 0;
    }

    private static void checkIdUniqueness(Element element) {
        NodeList elementsByTagNameNS = element.getElementsByTagNameNS(ConfigurationConstants.CONFIGURATION_URL, "*");
        int length = elementsByTagNameNS.getLength();
        HashMap hashMap = new HashMap();
        for (int i = 0; i < length; i++) {
            Element element2 = (Element) elementsByTagNameNS.item(i);
            String attribute = element2.getAttribute("id");
            if (!"".equals(attribute)) {
                if (hashMap.containsKey(attribute)) {
                    throw new IllegalArgumentException("id attribute value '" + attribute + "' not unique");
                }
                hashMap.put(attribute, attribute);
            }
            String attribute2 = element2.getAttribute(ConfigurationConstants.STRID);
            if (!"".equals(attribute2)) {
                if (hashMap.containsKey(attribute2)) {
                    throw new IllegalArgumentException("strId/id attribute value '" + attribute2 + "' not unique");
                }
                hashMap.put(attribute2, attribute2);
            }
        }
    }
}
