package org.apache.cxf.ws.security.wss4j;

import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.logging.Logger;
import javax.xml.namespace.QName;
import javax.xml.soap.SOAPException;
import javax.xml.stream.XMLStreamException;
import org.apache.cxf.binding.soap.SoapFault;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.common.i18n.Message;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.headers.Header;
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.rt.security.utils.SecurityUtils;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.cxf.ws.security.policy.PolicyUtils;
import org.apache.cxf.ws.security.wss4j.policyvalidators.PolicyValidatorParameters;
import org.apache.cxf.ws.security.wss4j.policyvalidators.SecurityPolicyValidator;
import org.apache.cxf.ws.security.wss4j.policyvalidators.ValidatorUtils;
import org.apache.wss4j.common.ConfigurationConstants;
import org.apache.wss4j.common.WSS4JConstants;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.PasswordEncryptor;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.dom.WSDataRef;
import org.apache.wss4j.dom.engine.WSSecurityEngineResult;
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.handler.WSHandlerResult;
import org.apache.wss4j.dom.message.token.Timestamp;
import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.apache.wss4j.policy.SP12Constants;
import org.apache.wss4j.policy.SP13Constants;
import org.apache.wss4j.policy.SPConstants;
import org.apache.wss4j.policy.model.AlgorithmSuite;
import org.apache.wss4j.policy.model.UsernameToken;
import org.apache.wss4j.policy.model.Wss11;
import org.w3c.dom.Attr;
import org.w3c.dom.Element;

/* loaded from: input_file:lib/cxf-rt-ws-security-3.3.8.jar:org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.class */
public class PolicyBasedWSS4JInInterceptor extends WSS4JInInterceptor {
    private static final Logger LOG = LogUtils.getL7dLogger(PolicyBasedWSS4JInInterceptor.class);

    public PolicyBasedWSS4JInInterceptor() {
        super(true);
    }

    @Override // org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor, org.apache.cxf.interceptor.Interceptor
    public void handleMessage(SoapMessage soapMessage) throws Fault {
        AssertionInfoMap assertionInfoMap = (AssertionInfoMap) soapMessage.get(AssertionInfoMap.class);
        boolean contextualBoolean = MessageUtils.getContextualBoolean(soapMessage, SecurityConstants.ENABLE_STREAMING_SECURITY);
        if (assertionInfoMap == null || contextualBoolean || soapMessage.containsKey(SECURITY_PROCESSED) || isGET(soapMessage) || soapMessage.getExchange() == null) {
            return;
        }
        try {
            String str = (String) getOption("actor");
            if (str == null) {
                str = (String) soapMessage.getContextualProperty(SecurityConstants.ACTOR);
            }
            if (containsSecurityHeader(soapMessage, str, soapMessage.getVersion().getVersion() != 1.1d)) {
                super.handleMessage(soapMessage);
                return;
            }
            LOG.fine("The request contains no security header, so the SAAJInInterceptor is not applied");
            computeAction(soapMessage, new RequestData());
            doResults(soapMessage, str, null, null, new WSHandlerResult(str, Collections.emptyList(), Collections.emptyMap()), MessageUtils.getContextualBoolean(soapMessage, SecurityConstants.VALIDATE_TOKEN, true));
            soapMessage.put(SECURITY_PROCESSED, (Object) Boolean.TRUE);
        } catch (SOAPException e) {
            throw new SoapFault(new Message("SAAJ_EX", LOG, new Object[0]), e, soapMessage.getVersion().getSender());
        } catch (XMLStreamException e2) {
            throw new SoapFault(new Message("STAX_EX", LOG, new Object[0]), e2, soapMessage.getVersion().getSender());
        } catch (WSSecurityException e3) {
            throw WSS4JUtils.createSoapFault(soapMessage, soapMessage.getVersion(), e3);
        }
    }

    private boolean containsSecurityHeader(SoapMessage soapMessage, String str, boolean z) throws WSSecurityException {
        String str2 = "actor";
        String str3 = "http://schemas.xmlsoap.org/soap/envelope/";
        if (z) {
            str2 = "role";
            str3 = "http://www.w3.org/2003/05/soap-envelope";
        }
        for (Header header : soapMessage.getHeaders()) {
            QName name = header.getName();
            if ("Security".equals(name.getLocalPart()) && (name.getNamespaceURI().equals("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd") || name.getNamespaceURI().equals(WSS4JConstants.OLD_WSSE_NS))) {
                Attr attributeNodeNS = ((Element) header.getObject()).getAttributeNodeNS(str3, str2);
                if (WSSecurityUtil.isActorEqual(str, attributeNodeNS != null ? attributeNodeNS.getValue() : null)) {
                    return true;
                }
            }
        }
        return false;
    }

    private void handleWSS11(AssertionInfoMap assertionInfoMap, SoapMessage soapMessage) {
        if (isRequestor(soapMessage)) {
            soapMessage.put(ConfigurationConstants.ENABLE_SIGNATURE_CONFIRMATION, "false");
            Collection<AssertionInfo> allAssertionsByLocalname = PolicyUtils.getAllAssertionsByLocalname(assertionInfoMap, SPConstants.WSS11);
            if (allAssertionsByLocalname.isEmpty()) {
                return;
            }
            Iterator<AssertionInfo> it = allAssertionsByLocalname.iterator();
            while (it.hasNext()) {
                if (((Wss11) it.next().getAssertion()).isRequireSignatureConfirmation()) {
                    soapMessage.put(ConfigurationConstants.ENABLE_SIGNATURE_CONFIRMATION, "true");
                    return;
                }
            }
        }
    }

    private String addToAction(String str, String str2, boolean z) {
        return str.contains(str2) ? str : z ? str2 + " " + str : str + " " + str2;
    }

    private String checkAsymmetricBinding(AssertionInfoMap assertionInfoMap, String str, SoapMessage soapMessage, RequestData requestData) throws WSSecurityException {
        if (PolicyUtils.getFirstAssertionByLocalname(assertionInfoMap, SPConstants.ASYMMETRIC_BINDING) == null) {
            return str;
        }
        String addToAction = addToAction(addToAction(str, "Signature", true), ConfigurationConstants.ENCRYPT, true);
        Object securityPropertyValue = SecurityUtils.getSecurityPropertyValue(org.apache.cxf.rt.security.SecurityConstants.SIGNATURE_CRYPTO, soapMessage);
        if (securityPropertyValue == null) {
            securityPropertyValue = SecurityUtils.getSecurityPropertyValue(org.apache.cxf.rt.security.SecurityConstants.SIGNATURE_PROPERTIES, soapMessage);
        }
        Object securityPropertyValue2 = SecurityUtils.getSecurityPropertyValue(org.apache.cxf.rt.security.SecurityConstants.ENCRYPT_CRYPTO, soapMessage);
        if (securityPropertyValue2 == null) {
            securityPropertyValue2 = SecurityUtils.getSecurityPropertyValue(org.apache.cxf.rt.security.SecurityConstants.ENCRYPT_PROPERTIES, soapMessage);
        }
        Object encryptionCrypto = getEncryptionCrypto(securityPropertyValue2, soapMessage, requestData);
        Object signatureCrypto = (securityPropertyValue2 == null || !securityPropertyValue2.equals(securityPropertyValue)) ? getSignatureCrypto(securityPropertyValue, soapMessage, requestData) : encryptionCrypto;
        String str2 = signatureCrypto != null ? "RefId-" + signatureCrypto.hashCode() : null;
        if (signatureCrypto != null) {
            soapMessage.put(ConfigurationConstants.DEC_PROP_REF_ID, (Object) str2);
            soapMessage.put(str2, signatureCrypto);
        }
        if (encryptionCrypto != null) {
            String str3 = "RefId-" + encryptionCrypto.hashCode();
            soapMessage.put(ConfigurationConstants.SIG_VER_PROP_REF_ID, (Object) str3);
            soapMessage.put(str3, encryptionCrypto);
        } else if (signatureCrypto != null) {
            soapMessage.put(ConfigurationConstants.SIG_VER_PROP_REF_ID, (Object) str2);
            soapMessage.put(str2, signatureCrypto);
        }
        return addToAction;
    }

    private String checkDefaultBinding(String str, SoapMessage soapMessage, RequestData requestData) throws WSSecurityException {
        String addToAction = addToAction(addToAction(str, "Signature", true), ConfigurationConstants.ENCRYPT, true);
        Object securityPropertyValue = SecurityUtils.getSecurityPropertyValue(org.apache.cxf.rt.security.SecurityConstants.SIGNATURE_CRYPTO, soapMessage);
        if (securityPropertyValue == null) {
            securityPropertyValue = SecurityUtils.getSecurityPropertyValue(org.apache.cxf.rt.security.SecurityConstants.SIGNATURE_PROPERTIES, soapMessage);
        }
        Object securityPropertyValue2 = SecurityUtils.getSecurityPropertyValue(org.apache.cxf.rt.security.SecurityConstants.ENCRYPT_CRYPTO, soapMessage);
        if (securityPropertyValue2 == null) {
            securityPropertyValue2 = SecurityUtils.getSecurityPropertyValue(org.apache.cxf.rt.security.SecurityConstants.ENCRYPT_PROPERTIES, soapMessage);
        }
        Object encryptionCrypto = getEncryptionCrypto(securityPropertyValue2, soapMessage, requestData);
        Object signatureCrypto = (securityPropertyValue2 == null || !securityPropertyValue2.equals(securityPropertyValue)) ? getSignatureCrypto(securityPropertyValue, soapMessage, requestData) : encryptionCrypto;
        String str2 = signatureCrypto != null ? "RefId-" + signatureCrypto.hashCode() : null;
        if (signatureCrypto != null) {
            soapMessage.put(ConfigurationConstants.DEC_PROP_REF_ID, (Object) str2);
            soapMessage.put(str2, signatureCrypto);
        }
        if (encryptionCrypto != null) {
            String str3 = "RefId-" + encryptionCrypto.hashCode();
            soapMessage.put(ConfigurationConstants.SIG_VER_PROP_REF_ID, (Object) str3);
            soapMessage.put(str3, encryptionCrypto);
        } else if (signatureCrypto != null) {
            soapMessage.put(ConfigurationConstants.SIG_VER_PROP_REF_ID, (Object) str2);
            soapMessage.put(str2, signatureCrypto);
        }
        return addToAction;
    }

    @Override // org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor
    protected boolean isNonceCacheRequired(List<Integer> list, SoapMessage soapMessage) {
        AssertionInfoMap assertionInfoMap = (AssertionInfoMap) soapMessage.get(AssertionInfoMap.class);
        return (assertionInfoMap == null || PolicyUtils.getFirstAssertionByLocalname(assertionInfoMap, "UsernameToken") == null) ? false : true;
    }

    @Override // org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor
    protected boolean isTimestampCacheRequired(List<Integer> list, SoapMessage soapMessage) {
        AssertionInfoMap assertionInfoMap = (AssertionInfoMap) soapMessage.get(AssertionInfoMap.class);
        return (assertionInfoMap == null || PolicyUtils.getFirstAssertionByLocalname(assertionInfoMap, SPConstants.INCLUDE_TIMESTAMP) == null) ? false : true;
    }

    @Override // org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor
    protected boolean isSamlCacheRequired(List<Integer> list, SoapMessage soapMessage) {
        AssertionInfoMap assertionInfoMap = (AssertionInfoMap) soapMessage.get(AssertionInfoMap.class);
        return (assertionInfoMap == null || PolicyUtils.getFirstAssertionByLocalname(assertionInfoMap, SPConstants.SAML_TOKEN) == null) ? false : true;
    }

    private void checkUsernameToken(AssertionInfoMap assertionInfoMap, SoapMessage soapMessage) throws WSSecurityException {
        Collection<AssertionInfo> allAssertionsByLocalname = PolicyUtils.getAllAssertionsByLocalname(assertionInfoMap, "UsernameToken");
        if (allAssertionsByLocalname.isEmpty()) {
            return;
        }
        Iterator<AssertionInfo> it = allAssertionsByLocalname.iterator();
        while (it.hasNext()) {
            if (((UsernameToken) it.next().getAssertion()).getPasswordType() == UsernameToken.PasswordType.NoPassword) {
                soapMessage.put(ConfigurationConstants.ALLOW_USERNAMETOKEN_NOPASSWORD, "true");
            }
        }
    }

    private String checkSymmetricBinding(AssertionInfoMap assertionInfoMap, String str, SoapMessage soapMessage, RequestData requestData) throws WSSecurityException {
        if (PolicyUtils.getFirstAssertionByLocalname(assertionInfoMap, SPConstants.SYMMETRIC_BINDING) == null) {
            return str;
        }
        String addToAction = addToAction(addToAction(str, "Signature", true), ConfigurationConstants.ENCRYPT, true);
        Object securityPropertyValue = SecurityUtils.getSecurityPropertyValue(org.apache.cxf.rt.security.SecurityConstants.SIGNATURE_CRYPTO, soapMessage);
        if (securityPropertyValue == null) {
            securityPropertyValue = SecurityUtils.getSecurityPropertyValue(org.apache.cxf.rt.security.SecurityConstants.SIGNATURE_PROPERTIES, soapMessage);
        }
        Object securityPropertyValue2 = SecurityUtils.getSecurityPropertyValue(org.apache.cxf.rt.security.SecurityConstants.ENCRYPT_CRYPTO, soapMessage);
        if (securityPropertyValue2 == null) {
            securityPropertyValue2 = SecurityUtils.getSecurityPropertyValue(org.apache.cxf.rt.security.SecurityConstants.ENCRYPT_PROPERTIES, soapMessage);
        }
        Object encryptionCrypto = getEncryptionCrypto(securityPropertyValue2, soapMessage, requestData);
        Object signatureCrypto = (securityPropertyValue2 == null || !securityPropertyValue2.equals(securityPropertyValue)) ? getSignatureCrypto(securityPropertyValue, soapMessage, requestData) : encryptionCrypto;
        if (isRequestor(soapMessage)) {
            Object obj = encryptionCrypto;
            if (obj == null) {
                obj = signatureCrypto;
            }
            if (obj != null) {
                String str2 = "RefId-" + obj.hashCode();
                soapMessage.put(ConfigurationConstants.SIG_VER_PROP_REF_ID, (Object) str2);
                soapMessage.put(str2, obj);
            }
            Object obj2 = signatureCrypto;
            if (obj2 == null) {
                obj2 = encryptionCrypto;
            }
            if (obj2 != null) {
                String str3 = "RefId-" + obj2.hashCode();
                soapMessage.put(ConfigurationConstants.DEC_PROP_REF_ID, (Object) str3);
                soapMessage.put(str3, obj2);
            }
        } else {
            Object obj3 = signatureCrypto;
            if (obj3 == null) {
                obj3 = encryptionCrypto;
            }
            if (obj3 != null) {
                String str4 = "RefId-" + obj3.hashCode();
                soapMessage.put(ConfigurationConstants.SIG_VER_PROP_REF_ID, (Object) str4);
                soapMessage.put(str4, obj3);
            }
            Object obj4 = encryptionCrypto;
            if (obj4 == null) {
                obj4 = signatureCrypto;
            }
            if (obj4 != null) {
                String str5 = "RefId-" + obj4.hashCode();
                soapMessage.put(ConfigurationConstants.DEC_PROP_REF_ID, (Object) str5);
                soapMessage.put(str5, obj4);
            }
        }
        return addToAction;
    }

    private Crypto getEncryptionCrypto(Object obj, SoapMessage soapMessage, RequestData requestData) throws WSSecurityException {
        return WSS4JUtils.getEncryptionCrypto(obj, soapMessage, getPasswordEncryptor(soapMessage, requestData));
    }

    private PasswordEncryptor getPasswordEncryptor(SoapMessage soapMessage, RequestData requestData) {
        PasswordEncryptor passwordEncryptor = (PasswordEncryptor) soapMessage.getContextualProperty(SecurityConstants.PASSWORD_ENCRYPTOR_INSTANCE);
        return passwordEncryptor != null ? passwordEncryptor : super.getPasswordEncryptor(requestData);
    }

    private Crypto getSignatureCrypto(Object obj, SoapMessage soapMessage, RequestData requestData) throws WSSecurityException {
        return WSS4JUtils.getSignatureCrypto(obj, soapMessage, getPasswordEncryptor(soapMessage, requestData));
    }

    @Override // org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor
    protected void setAlgorithmSuites(SoapMessage soapMessage, RequestData requestData) throws WSSecurityException {
        new AlgorithmSuiteTranslater().translateAlgorithmSuites((AssertionInfoMap) soapMessage.get(AssertionInfoMap.class), requestData);
        boolean z = false;
        String str = (String) soapMessage.getContextualProperty(SecurityConstants.ASYMMETRIC_SIGNATURE_ALGORITHM);
        if (str != null && requestData.getAlgorithmSuite() != null) {
            requestData.getAlgorithmSuite().getSignatureMethods().clear();
            requestData.getAlgorithmSuite().getSignatureMethods().add(str);
            z = true;
        }
        String str2 = (String) soapMessage.getContextualProperty(SecurityConstants.SYMMETRIC_SIGNATURE_ALGORITHM);
        if (str2 == null || requestData.getAlgorithmSuite() == null) {
            return;
        }
        if (!z) {
            requestData.getAlgorithmSuite().getSignatureMethods().clear();
        }
        requestData.getAlgorithmSuite().getSignatureMethods().add(str2);
    }

    @Override // org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor
    protected void computeAction(SoapMessage soapMessage, RequestData requestData) throws WSSecurityException {
        String string = getString("action", soapMessage);
        if (string == null) {
            string = "";
        }
        AssertionInfoMap assertionInfoMap = (AssertionInfoMap) soapMessage.get(AssertionInfoMap.class);
        if (assertionInfoMap != null) {
            handleWSS11(assertionInfoMap, soapMessage);
            String checkSymmetricBinding = checkSymmetricBinding(assertionInfoMap, checkAsymmetricBinding(assertionInfoMap, string, soapMessage, requestData), soapMessage, requestData);
            Collection<AssertionInfo> collection = assertionInfoMap.get(SP12Constants.TRANSPORT_BINDING);
            if ("".equals(checkSymmetricBinding) || (collection != null && !collection.isEmpty())) {
                checkSymmetricBinding = checkDefaultBinding(checkSymmetricBinding, soapMessage, requestData);
            }
            String str = (String) soapMessage.getContextualProperty(SecurityConstants.ASYMMETRIC_SIGNATURE_ALGORITHM);
            String str2 = (String) soapMessage.getContextualProperty(SecurityConstants.SYMMETRIC_SIGNATURE_ALGORITHM);
            if (str != null || str2 != null) {
                Collection<AssertionInfo> allAssertionsByLocalname = PolicyUtils.getAllAssertionsByLocalname(assertionInfoMap, SPConstants.ALGORITHM_SUITE);
                if (!allAssertionsByLocalname.isEmpty()) {
                    Iterator<AssertionInfo> it = allAssertionsByLocalname.iterator();
                    while (it.hasNext()) {
                        AlgorithmSuite algorithmSuite = (AlgorithmSuite) it.next().getAssertion();
                        if (str != null) {
                            algorithmSuite.setAsymmetricSignature(str);
                        }
                        if (str2 != null) {
                            algorithmSuite.setSymmetricSignature(str2);
                        }
                    }
                }
            }
            checkUsernameToken(assertionInfoMap, soapMessage);
            PolicyUtils.assertPolicy(assertionInfoMap, SPConstants.KEY_VALUE_TOKEN);
            PolicyUtils.assertPolicy(assertionInfoMap, SPConstants.RSA_KEY_VALUE);
            Collection<AssertionInfo> allAssertionsByLocalname2 = PolicyUtils.getAllAssertionsByLocalname(assertionInfoMap, SPConstants.WSS10);
            if (!allAssertionsByLocalname2.isEmpty()) {
                Iterator<AssertionInfo> it2 = allAssertionsByLocalname2.iterator();
                while (it2.hasNext()) {
                    it2.next().setAsserted(true);
                }
                PolicyUtils.assertPolicy(assertionInfoMap, SPConstants.MUST_SUPPORT_REF_KEY_IDENTIFIER);
                PolicyUtils.assertPolicy(assertionInfoMap, SPConstants.MUST_SUPPORT_REF_ISSUER_SERIAL);
                PolicyUtils.assertPolicy(assertionInfoMap, SPConstants.MUST_SUPPORT_REF_EXTERNAL_URI);
                PolicyUtils.assertPolicy(assertionInfoMap, SPConstants.MUST_SUPPORT_REF_EMBEDDED_TOKEN);
            }
            Collection<AssertionInfo> allAssertionsByLocalname3 = PolicyUtils.getAllAssertionsByLocalname(assertionInfoMap, SPConstants.TRUST_10);
            boolean z = false;
            if (!allAssertionsByLocalname3.isEmpty()) {
                Iterator<AssertionInfo> it3 = allAssertionsByLocalname3.iterator();
                while (it3.hasNext()) {
                    it3.next().setAsserted(true);
                }
                PolicyUtils.assertPolicy(assertionInfoMap, SPConstants.MUST_SUPPORT_CLIENT_CHALLENGE);
                PolicyUtils.assertPolicy(assertionInfoMap, SPConstants.MUST_SUPPORT_SERVER_CHALLENGE);
                PolicyUtils.assertPolicy(assertionInfoMap, SPConstants.REQUIRE_CLIENT_ENTROPY);
                PolicyUtils.assertPolicy(assertionInfoMap, SPConstants.REQUIRE_SERVER_ENTROPY);
                PolicyUtils.assertPolicy(assertionInfoMap, SPConstants.MUST_SUPPORT_ISSUED_TOKENS);
                z = true;
            }
            Collection<AssertionInfo> allAssertionsByLocalname4 = PolicyUtils.getAllAssertionsByLocalname(assertionInfoMap, SPConstants.TRUST_13);
            if (!allAssertionsByLocalname4.isEmpty()) {
                Iterator<AssertionInfo> it4 = allAssertionsByLocalname4.iterator();
                while (it4.hasNext()) {
                    it4.next().setAsserted(true);
                }
                PolicyUtils.assertPolicy(assertionInfoMap, SP12Constants.REQUIRE_REQUEST_SECURITY_TOKEN_COLLECTION);
                PolicyUtils.assertPolicy(assertionInfoMap, SP12Constants.REQUIRE_APPLIES_TO);
                PolicyUtils.assertPolicy(assertionInfoMap, SP13Constants.SCOPE_POLICY_15);
                PolicyUtils.assertPolicy(assertionInfoMap, SP13Constants.MUST_SUPPORT_INTERACTIVE_CHALLENGE);
                if (!z) {
                    PolicyUtils.assertPolicy(assertionInfoMap, SPConstants.MUST_SUPPORT_CLIENT_CHALLENGE);
                    PolicyUtils.assertPolicy(assertionInfoMap, SPConstants.MUST_SUPPORT_SERVER_CHALLENGE);
                    PolicyUtils.assertPolicy(assertionInfoMap, SPConstants.REQUIRE_CLIENT_ENTROPY);
                    PolicyUtils.assertPolicy(assertionInfoMap, SPConstants.REQUIRE_SERVER_ENTROPY);
                    PolicyUtils.assertPolicy(assertionInfoMap, SPConstants.MUST_SUPPORT_ISSUED_TOKENS);
                }
            }
            soapMessage.put("action", (Object) checkSymmetricBinding.trim());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor
    public void doResults(SoapMessage soapMessage, String str, Element element, Element element2, WSHandlerResult wSHandlerResult, boolean z) throws SOAPException, XMLStreamException, WSSecurityException {
        ArrayList arrayList = new ArrayList();
        if (wSHandlerResult.getActionResults().containsKey(2)) {
            arrayList.addAll(wSHandlerResult.getActionResults().get(2));
        }
        if (wSHandlerResult.getActionResults().containsKey(64)) {
            arrayList.addAll(wSHandlerResult.getActionResults().get(64));
        }
        if (wSHandlerResult.getActionResults().containsKey(16)) {
            arrayList.addAll(wSHandlerResult.getActionResults().get(16));
        }
        HashSet hashSet = new HashSet();
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            List cast = CastUtils.cast((List<?>) ((WSSecurityEngineResult) it.next()).get(WSSecurityEngineResult.TAG_DATA_REF_URIS));
            if (cast != null) {
                Iterator it2 = cast.iterator();
                while (it2.hasNext()) {
                    hashSet.add((WSDataRef) it2.next());
                }
            }
        }
        List<WSSecurityEngineResult> list = wSHandlerResult.getActionResults().get(4);
        HashSet hashSet2 = new HashSet();
        if (list != null) {
            Iterator<WSSecurityEngineResult> it3 = list.iterator();
            while (it3.hasNext()) {
                List cast2 = CastUtils.cast((List<?>) it3.next().get(WSSecurityEngineResult.TAG_DATA_REF_URIS));
                if (cast2 != null) {
                    Iterator it4 = cast2.iterator();
                    while (it4.hasNext()) {
                        hashSet2.add((WSDataRef) it4.next());
                    }
                }
            }
        }
        CryptoCoverageUtil.reconcileEncryptedSignedRefs(hashSet, hashSet2);
        PolicyValidatorParameters policyValidatorParameters = new PolicyValidatorParameters();
        AssertionInfoMap assertionInfoMap = (AssertionInfoMap) soapMessage.get(AssertionInfoMap.class);
        policyValidatorParameters.setAssertionInfoMap(assertionInfoMap);
        policyValidatorParameters.setMessage(soapMessage);
        policyValidatorParameters.setSoapBody(element2);
        policyValidatorParameters.setSoapHeader(element);
        policyValidatorParameters.setResults(wSHandlerResult);
        policyValidatorParameters.setSignedResults(arrayList);
        policyValidatorParameters.setEncryptedResults(list);
        policyValidatorParameters.setUtWithCallbacks(z);
        policyValidatorParameters.setSigned(hashSet);
        policyValidatorParameters.setEncrypted(hashSet2);
        ArrayList arrayList2 = new ArrayList();
        if (wSHandlerResult.getActionResults().containsKey(1)) {
            arrayList2.addAll(wSHandlerResult.getActionResults().get(1));
        }
        if (wSHandlerResult.getActionResults().containsKey(8192)) {
            arrayList2.addAll(wSHandlerResult.getActionResults().get(8192));
        }
        policyValidatorParameters.setUsernameTokenResults(arrayList2);
        ArrayList arrayList3 = new ArrayList();
        if (wSHandlerResult.getActionResults().containsKey(16)) {
            arrayList3.addAll(wSHandlerResult.getActionResults().get(16));
        }
        if (wSHandlerResult.getActionResults().containsKey(8)) {
            arrayList3.addAll(wSHandlerResult.getActionResults().get(8));
        }
        policyValidatorParameters.setSamlResults(arrayList3);
        WSSecurityEngineResult wSSecurityEngineResult = wSHandlerResult.getActionResults().containsKey(32) ? wSHandlerResult.getActionResults().get(32).get(0) : null;
        policyValidatorParameters.setTimestampElement(wSSecurityEngineResult != null ? ((Timestamp) wSSecurityEngineResult.get("timestamp")).getElement() : null);
        Map<QName, SecurityPolicyValidator> securityPolicyValidators = ValidatorUtils.getSecurityPolicyValidators(soapMessage);
        for (Map.Entry<QName, Collection<AssertionInfo>> entry : assertionInfoMap.entrySet()) {
            if (securityPolicyValidators.containsKey(entry.getKey())) {
                securityPolicyValidators.get(entry.getKey()).validatePolicies(policyValidatorParameters, entry.getValue());
            }
        }
        super.doResults(soapMessage, str, element, element2, wSHandlerResult, z);
    }
}
