package org.apache.cxf.ws.security.wss4j.policyvalidators;

import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.message.Message;
import org.apache.cxf.security.transport.TLSSessionInfo;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.security.policy.SP12Constants;
import org.apache.ws.security.WSDataRef;
import org.apache.ws.security.WSSecurityEngine;
import org.apache.ws.security.WSSecurityEngineResult;

/* loaded from: input_file:WEB-INF/bundle/cxf-bundle-minimal-2.4.1.jar:org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingTokenPolicyValidator.class */
public class EndorsingTokenPolicyValidator {
    private List<WSSecurityEngineResult> signedResults;
    private Message message;

    public EndorsingTokenPolicyValidator(List<WSSecurityEngineResult> list, Message message) {
        this.signedResults = list;
        this.message = message;
    }

    public boolean validatePolicy(AssertionInfoMap assertionInfoMap) {
        Collection<AssertionInfo> collection = assertionInfoMap.get(SP12Constants.ENDORSING_SUPPORTING_TOKENS);
        if (collection == null || collection.isEmpty()) {
            return true;
        }
        for (AssertionInfo assertionInfo : collection) {
            assertionInfo.setAsserted(true);
            if (!checkEndorsed(((TLSSessionInfo) this.message.get(TLSSessionInfo.class)) != null)) {
                assertionInfo.setNotAsserted("Message fails endorsing supporting tokens requirements");
                return false;
            }
        }
        return true;
    }

    private boolean checkEndorsed(boolean z) {
        return z ? checkTimestampIsSigned() : checkSignatureIsSigned();
    }

    private boolean checkTimestampIsSigned() {
        Iterator<WSSecurityEngineResult> it = this.signedResults.iterator();
        while (it.hasNext()) {
            List cast = CastUtils.cast((List<?>) it.next().get(WSSecurityEngineResult.TAG_DATA_REF_URIS));
            if (cast != null) {
                Iterator it2 = cast.iterator();
                while (it2.hasNext()) {
                    if (WSSecurityEngine.TIMESTAMP.equals(((WSDataRef) it2.next()).getName())) {
                        return true;
                    }
                }
            }
        }
        return false;
    }

    private boolean checkSignatureIsSigned() {
        Iterator<WSSecurityEngineResult> it = this.signedResults.iterator();
        while (it.hasNext()) {
            List cast = CastUtils.cast((List<?>) it.next().get(WSSecurityEngineResult.TAG_DATA_REF_URIS));
            if (cast != null) {
                Iterator it2 = cast.iterator();
                while (it2.hasNext()) {
                    if (WSSecurityEngine.SIGNATURE.equals(((WSDataRef) it2.next()).getName())) {
                        return true;
                    }
                }
            }
        }
        return false;
    }
}
