package com.sun.xml.wss.filter;

import com.sun.org.apache.xpath.internal.XPathAPI;
import com.sun.xml.wss.ExtendedMessageFilter;
import com.sun.xml.wss.PolicyViolationException;
import com.sun.xml.wss.SecurableSoapMessage;
import com.sun.xml.wss.Target;
import com.sun.xml.wss.XMLUtil;
import com.sun.xml.wss.XWSSecurityException;
import com.sun.xml.wss.XWSSecurityRuntimeException;
import com.sun.xml.wss.configuration.AllowEncryption;
import com.sun.xml.wss.configuration.AllowSignature;
import com.sun.xml.wss.configuration.DecryptRequirement;
import com.sun.xml.wss.configuration.SecurityRequirement;
import com.sun.xml.wss.configuration.SecurityRequirements;
import com.sun.xml.wss.configuration.UsernamePasswordRequirement;
import com.sun.xml.wss.configuration.VerifyRequirement;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Set;
import java.util.logging.Level;
import javax.xml.transform.TransformerException;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:119167-12/SUNWascmn/reloc/appserver/lib/appserv-rt.jar:com/sun/xml/wss/filter/JAXRPCSecurityFilter.class */
public class JAXRPCSecurityFilter extends FilterBase implements ExtendedMessageFilter {
    int currentIdx = 0;
    SecurityRequirements receiverRequirements;
    private static final String alwSigClsName = "com.sun.xml.wss.configuration.AllowSignature";
    private static final String alwEncClsName = "com.sun.xml.wss.configuration.AllowEncryption";
    private static final String sigReqClsName = "com.sun.xml.wss.configuration.VerifyRequirement";
    private static final String encReqClsName = "com.sun.xml.wss.configuration.DecryptRequirement";
    private static final String upwReqClsName = "com.sun.xml.wss.configuration.UsernamePasswordRequirement";

    @Override // com.sun.xml.wss.MessageFilter
    public void process(SecurableSoapMessage securableSoapMessage) throws XWSSecurityException {
        this.currentIdx = 0;
        if (this.receiverRequirements != null) {
            Iterator it = this.receiverRequirements.iterator();
            while (it.hasNext()) {
                SecurityRequirement securityRequirement = (SecurityRequirement) it.next();
                if (securityRequirement.getClass().getName().equals(upwReqClsName)) {
                    verifyUsernameTokenReferences(securityRequirement, securableSoapMessage);
                } else if (securityRequirement.getClass().getName().equals(sigReqClsName)) {
                    verifySignatureReferences(securityRequirement, securableSoapMessage, true);
                } else if (securityRequirement.getClass().getName().equals(encReqClsName)) {
                    verifyEncryptionReferences(securityRequirement, securableSoapMessage, true);
                } else if (securityRequirement.getClass().getName().equals(alwSigClsName)) {
                    verifySignatureReferences(securityRequirement, securableSoapMessage, false);
                } else if (securityRequirement.getClass().getName().equals(alwEncClsName)) {
                    verifyEncryptionReferences(securityRequirement, securableSoapMessage, false);
                }
            }
            if (this.currentIdx != securableSoapMessage.getOperationsLog().size()) {
                throw new PolicyViolationException("Message does not strictly conform to the requirements");
            }
        }
    }

    private void verifyUsernameTokenReferences(SecurityRequirement securityRequirement, SecurableSoapMessage securableSoapMessage) throws XWSSecurityException {
        if (securableSoapMessage.getOperationsLog().size() == this.currentIdx) {
            throw new PolicyViolationException("Expected wsse:UsernameToken not found");
        }
        ArrayList operationsLog = securableSoapMessage.getOperationsLog();
        int i = this.currentIdx;
        this.currentIdx = i + 1;
        SecurableSoapMessage.OperationsLogItem operationsLogItem = (SecurableSoapMessage.OperationsLogItem) operationsLog.get(i);
        if (operationsLogItem.getType() != 2) {
            throw new PolicyViolationException("Expected wsse:UsernameToken not found");
        }
        Set references = operationsLogItem.getReferences();
        UsernamePasswordRequirement usernamePasswordRequirement = (UsernamePasswordRequirement) securityRequirement;
        UsernamePasswordRequirement usernamePasswordRequirement2 = (UsernamePasswordRequirement) references.toArray()[0];
        boolean z = usernamePasswordRequirement.getNonceRequired() == usernamePasswordRequirement2.getNonceRequired();
        boolean z2 = usernamePasswordRequirement.getPasswordDigestRequired() == usernamePasswordRequirement2.getPasswordDigestRequired();
        if (!z) {
            log.log(Level.SEVERE, "WSS0213.policy.violation.exception");
            throw new PolicyViolationException("Receiver Requirement for nonce has not been met");
        }
        if (z2) {
            return;
        }
        log.log(Level.SEVERE, "WSS0212.policy.violation.exception");
        throw new PolicyViolationException("Receiver Requirement for Digested Password has not been met");
    }

    private void verifySignatureReferences(SecurityRequirement securityRequirement, SecurableSoapMessage securableSoapMessage, boolean z) throws XWSSecurityException {
        if (securableSoapMessage.getOperationsLog().size() == this.currentIdx) {
            if (z) {
                throw new PolicyViolationException("Expected ds:Signature element not found");
            }
            return;
        }
        ArrayList operationsLog = securableSoapMessage.getOperationsLog();
        int i = this.currentIdx;
        this.currentIdx = i + 1;
        SecurableSoapMessage.OperationsLogItem operationsLogItem = (SecurableSoapMessage.OperationsLogItem) operationsLog.get(i);
        if (operationsLogItem.getType() != 0) {
            if (z) {
                throw new PolicyViolationException("Expected ds:Signature element not found");
            }
            this.currentIdx--;
        } else {
            try {
                validateReferences(securableSoapMessage, z ? ((VerifyRequirement) securityRequirement).getTargets() : ((AllowSignature) securityRequirement).getTargets(), operationsLogItem.getReferences(), true);
            } catch (PolicyViolationException e) {
                if (z) {
                    throw e;
                }
                this.currentIdx--;
            }
        }
    }

    private void verifyEncryptionReferences(SecurityRequirement securityRequirement, SecurableSoapMessage securableSoapMessage, boolean z) throws XWSSecurityException {
        if (securableSoapMessage.getOperationsLog().size() == this.currentIdx) {
            if (z) {
                throw new PolicyViolationException("Expected xenc:Encryption element not found");
            }
            return;
        }
        ArrayList operationsLog = securableSoapMessage.getOperationsLog();
        int i = this.currentIdx;
        this.currentIdx = i + 1;
        SecurableSoapMessage.OperationsLogItem operationsLogItem = (SecurableSoapMessage.OperationsLogItem) operationsLog.get(i);
        if (operationsLogItem.getType() != 1) {
            if (z) {
                throw new PolicyViolationException("Expected xenc:Encryption element not found");
            }
            this.currentIdx--;
        } else {
            try {
                validateReferences(securableSoapMessage, z ? ((DecryptRequirement) securityRequirement).getTargets() : ((AllowEncryption) securityRequirement).getTargets(), operationsLogItem.getReferences(), false);
            } catch (PolicyViolationException e) {
                if (z) {
                    throw e;
                }
                this.currentIdx--;
            }
        }
    }

    private void validateReferences(SecurableSoapMessage securableSoapMessage, ArrayList arrayList, Set set, boolean z) throws XWSSecurityException {
        int i = 0;
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            i += validateReference(securableSoapMessage, (Target) it.next(), set, z);
        }
        if (i != set.size()) {
            throw new PolicyViolationException(new StringBuffer().append("Not all requirements for ").append(z ? "signature " : "encryption ").append("have been met").toString());
        }
    }

    private int validateReference(SecurableSoapMessage securableSoapMessage, Target target, Set set, boolean z) throws XWSSecurityException {
        int i = 0;
        String type = target.getType();
        String value = target.getValue();
        if (type.equals(Target.TARGET_TYPE_VALUE_QNAME)) {
            try {
                NodeList selectNodeList = XPathAPI.selectNodeList(securableSoapMessage.getSOAPPart(), XMLUtil.convertToXpath(value), securableSoapMessage.getNSContext());
                if (selectNodeList == null || selectNodeList.getLength() == 0) {
                    throw new PolicyViolationException(new StringBuffer().append("Target for ").append(z ? "signature: " : "encryption: ").append(value).append(" does not meet the requirement").toString());
                }
                verify(securableSoapMessage, convertToArrayList(selectNodeList), set, z);
                i = selectNodeList.getLength();
            } catch (TransformerException e) {
                throw new XWSSecurityRuntimeException(e);
            }
        } else if (type.equals("xpath")) {
            try {
                NodeList selectNodeList2 = XPathAPI.selectNodeList(securableSoapMessage.getSOAPPart(), value, securableSoapMessage.getNSContext());
                if (selectNodeList2 == null || selectNodeList2.getLength() == 0) {
                    throw new PolicyViolationException(new StringBuffer().append("Target for ").append(z ? "signature: " : "encryption: ").append(value).append(" does not meet the requirement").toString());
                }
                verify(securableSoapMessage, convertToArrayList(selectNodeList2), set, z);
                i = selectNodeList2.getLength();
            } catch (TransformerException e2) {
                throw new XWSSecurityRuntimeException(e2);
            }
        } else if (type.equals("uri")) {
            Element elementById = securableSoapMessage.getElementById(value);
            if (elementById == null) {
                throw new PolicyViolationException(new StringBuffer().append("Target for ").append(z ? "signature: " : "encryption: ").append(value).append(" does not meet the requirement").toString());
            }
            ArrayList arrayList = new ArrayList();
            arrayList.add(elementById);
            verify(securableSoapMessage, arrayList, set, z);
            i = 0 + 1;
        }
        return i;
    }

    @Override // com.sun.xml.wss.ExtendedMessageFilter
    public void setReceiverRequirements(SecurityRequirements securityRequirements) {
        if (securityRequirements.isEmpty()) {
            return;
        }
        this.receiverRequirements = securityRequirements;
    }

    private void verify(SecurableSoapMessage securableSoapMessage, ArrayList arrayList, Set set, boolean z) throws XWSSecurityException {
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            Node node = (Node) it.next();
            if (!set.contains(node)) {
                try {
                    throw new PolicyViolationException(new StringBuffer().append("Target for ").append(z ? "signature: " : "encryption: ").append(XMLUtil.resolveXPath(node)).append(" does not meet the requirement").toString());
                } catch (Exception e) {
                    throw new XWSSecurityRuntimeException(e);
                }
            }
        }
    }

    private ArrayList convertToArrayList(NodeList nodeList) {
        ArrayList arrayList = new ArrayList();
        if (nodeList != null) {
            for (int i = 0; i < nodeList.getLength(); i++) {
                arrayList.add(nodeList.item(i));
            }
        }
        return arrayList;
    }

    @Override // com.sun.xml.wss.ExtendedMessageFilter
    public void setReceiverRequirement(SecurityRequirement securityRequirement) throws UnsupportedOperationException {
        log.log(Level.SEVERE, "WSS0207.unsupported.operation.exception");
        throw new UnsupportedOperationException("Operation not supported");
    }

    @Override // com.sun.xml.wss.ExtendedMessageFilter
    public void enableOperationsLog(boolean z) throws UnsupportedOperationException {
        log.log(Level.SEVERE, "WSS0207.unsupported.operation.exception");
        throw new UnsupportedOperationException("Operation not supported");
    }
}
