package com.ibm.ws.wssecurity.admin;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.wssecurity.admin.PolicyAttributesConstants;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.xmlns.prod.websphere._200605.ws_securitypolicy_ext.WssCustomToken;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import javax.xml.bind.JAXBElement;
import org.oasis_open.docs.ws_sx.ws_securitypolicy._200512.HeaderType;
import org.oasis_open.docs.ws_sx.ws_securitypolicy._200512.NestedPolicyType;
import org.oasis_open.docs.ws_sx.ws_securitypolicy._200512.SePartsType;
import org.oasis_open.docs.ws_sx.ws_securitypolicy._200512.SecureConversationTokenType;
import org.oasis_open.docs.ws_sx.ws_securitypolicy._200512.SerElementsType;
import org.oasis_open.docs.ws_sx.ws_securitypolicy._200512.TokenAssertionType;
import org.xmlsoap.schemas.ws._2004._09.policy.Policy;

/* loaded from: input_file:lib/com.ibm.wsfp.main.jar:com/ibm/ws/wssecurity/admin/PolicyValidation.class */
class PolicyValidation implements PolicyAttributesConstants, PolicyValidationConstants {
    private static PolicyValidation instance = new PolicyValidation();
    private static TraceComponent tc = Tr.register(PolicyValidation.class, PolicyAttributesConstants.TRACE_GROUP, "com.ibm.ws.wssecurity.admin.resources.wssadminmsgs");
    protected String className = getClass().getName();
    private static final String FFDC_ID_1 = "FFDC-1";
    private static final String FFDC_ID_2 = "FFDC-2";
    private static final String FFDC_ID_3 = "FFDC-3";
    private static final String FFDC_ID_4 = "FFDC-4";
    private static final String FFDC_ID_5 = "FFDC-5";
    private static final String FFDC_ID_6 = "FFDC-6";

    public static PolicyValidation getInstance() {
        return instance;
    }

    public boolean validateFullPolicy(Policy policy, boolean z) {
        boolean z2 = true;
        int i = 0;
        int i2 = 0;
        int i3 = 0;
        int i4 = 0;
        boolean z3 = true;
        for (Object obj : policy.getPolicyOrAllOrExactlyOne()) {
            if (obj instanceof Policy) {
                z3 = validateProtection((Policy) obj);
            } else if (obj instanceof JAXBElement) {
                String localPart = ((JAXBElement) obj).getName().getLocalPart();
                Object value = ((JAXBElement) obj).getValue();
                if (!(value instanceof NestedPolicyType)) {
                    Tr.warning(tc, "CWWSI9001W", new Object[]{value.getClass().getName(), localPart});
                    z2 = false;
                } else if (PolicyAttributesConstants.ASYM_BINDING.equals(localPart)) {
                    z3 = validateBinding((NestedPolicyType) value, localPart, asymbinding_supportedTokens, false);
                    i++;
                } else if (PolicyAttributesConstants.SYM_BINDING.equals(localPart)) {
                    z3 = validateBinding((NestedPolicyType) value, localPart, symbinding_supportedTokens, z);
                    i++;
                    ArrayList arrayList = new ArrayList();
                    SecureConversationTokenType secureConversationToken = SecureConversationTokenHelper.getInstance().getSecureConversationToken(policy, arrayList);
                    if (!arrayList.isEmpty()) {
                        z3 = false;
                    } else if (secureConversationToken != null && !validateSCT(secureConversationToken)) {
                        z3 = false;
                    }
                } else if (PolicyAttributesConstants.WSS10.equals(localPart)) {
                    z3 = validateWssOrTrust(((NestedPolicyType) value).getPolicy(), localPart, wss10_supportedAssertions);
                    i2++;
                } else if (PolicyAttributesConstants.WSS11.equals(localPart)) {
                    z3 = validateWssOrTrust(((NestedPolicyType) value).getPolicy(), localPart, wss11_supportedAssertions);
                    i3++;
                } else if (PolicyAttributesConstants.TRUST10.equals(localPart)) {
                    z3 = validateWssOrTrust(((NestedPolicyType) value).getPolicy(), localPart, trust10_supportedAssertions);
                    i4++;
                } else if (PolicyAttributesConstants.SUPPORT_TOKENS.equals(localPart)) {
                    z3 = validateSupportTokens(((NestedPolicyType) value).getPolicy());
                } else {
                    Tr.warning(tc, "CWWSI9002W", new Object[]{localPart, PolicyAttributesConstants.TOP_ASSERTIONS});
                    z2 = false;
                }
            } else {
                Tr.warning(tc, "CWWSI9001W", new Object[]{obj.getClass().getName(), PolicyAttributesConstants.TOP_ASSERTIONS});
                z2 = false;
            }
            if (!z3) {
                z2 = false;
            }
        }
        if (i > 1) {
            Tr.warning(tc, "CWWSI9019W");
            z2 = false;
        }
        if (i2 > 1) {
            Tr.warning(tc, "CWWSI9020W", new Object[]{PolicyAttributesConstants.WSS10});
            z2 = false;
        }
        if (i3 > 1) {
            Tr.warning(tc, "CWWSI9020W", new Object[]{PolicyAttributesConstants.WSS11});
            z2 = false;
        }
        if (i4 > 1) {
            Tr.warning(tc, "CWWSI9020W", new Object[]{PolicyAttributesConstants.TRUST10});
            z2 = false;
        }
        return z2;
    }

    private boolean validateProtection(Policy policy) {
        boolean z;
        try {
            z = validateID(policy.getId(), "Protection assertion");
            List<Object> policyOrAllOrExactlyOne = policy.getPolicyOrAllOrExactlyOne();
            for (int i = 0; i < policyOrAllOrExactlyOne.size(); i++) {
                if (policyOrAllOrExactlyOne.get(i) instanceof JAXBElement) {
                    JAXBElement jAXBElement = (JAXBElement) policyOrAllOrExactlyOne.get(i);
                    String localPart = jAXBElement.getName().getLocalPart();
                    if (!AttributesValidation.isSupported(localPart, supportedProtectionTokens)) {
                        Tr.warning(tc, "CWWSI9002W", new Object[]{localPart, "Protection assertion"});
                        z = false;
                    } else if (localPart.endsWith("Parts")) {
                        if (jAXBElement.getValue() instanceof SePartsType) {
                            z &= validateHeaderValue((SePartsType) jAXBElement.getValue(), policy.getId());
                        } else {
                            Tr.warning(tc, "CWWSI9001W", new Object[]{jAXBElement.getValue().getClass().getName(), localPart});
                            z = false;
                        }
                    } else if (localPart.endsWith("Elements")) {
                        if (jAXBElement.getValue() instanceof SerElementsType) {
                            z &= validateXPathValue((SerElementsType) jAXBElement.getValue(), policy.getId());
                        } else {
                            Tr.warning(tc, "CWWSI9001W", new Object[]{jAXBElement.getValue().getClass().getName(), localPart});
                            z = false;
                        }
                    }
                } else {
                    Tr.warning(tc, "CWWSI9001W", new Object[]{policyOrAllOrExactlyOne.get(i).getClass().getName(), "Protection assertion"});
                    z = false;
                }
            }
        } catch (Exception e) {
            FFDCFilter.processException(e, this.className + ".validateProtection", "FFDC-1");
            Tr.error(tc, "CWWSI9033E", e);
            z = false;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "validateProtection returns " + z);
        }
        return z;
    }

    private boolean validateHeaderValue(SePartsType sePartsType, String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "validateHeaderValue for " + str);
        }
        boolean z = true;
        HashMap hashMap = new HashMap();
        List<HeaderType> header = sePartsType.getHeader();
        for (int i = 0; i < header.size(); i++) {
            HeaderType headerType = header.get(i);
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("Namespace=").append(headerType.getNamespace());
            if (headerType.getName() != null) {
                stringBuffer.append(", Name=").append(headerType.getName());
            }
            String stringBuffer2 = stringBuffer.toString();
            if (hashMap.containsKey(stringBuffer2)) {
                Tr.warning(tc, "CWWSI9030W", "Header_" + ((Integer) hashMap.get(stringBuffer2)).intValue() + " and Header_" + i + " have same value: " + stringBuffer2 + ", under id " + str);
                z = false;
            } else {
                hashMap.put(stringBuffer2, new Integer(i));
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "validateHeaderValue returns " + z);
        }
        return z;
    }

    private boolean validateXPathValue(SerElementsType serElementsType, String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "validateXPathValue for " + str);
        }
        boolean z = true;
        HashMap hashMap = new HashMap();
        List<String> xPath = serElementsType.getXPath();
        for (int i = 0; i < xPath.size(); i++) {
            String str2 = xPath.get(i);
            if (hashMap.containsKey(str2)) {
                Tr.warning(tc, "CWWSI9029W", "XPath_" + ((Integer) hashMap.get(str2)).intValue() + " and XPath_" + i + " have same value " + str2 + ", under id " + str);
                z = false;
            } else {
                hashMap.put(str2, new Integer(i));
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "validateXPathValue returns " + z);
        }
        return z;
    }

    private boolean validateWssOrTrust(Policy policy, String str, String[] strArr) {
        boolean z;
        try {
            z = validateJAXBElementList(policy.getPolicyOrAllOrExactlyOne(), str, strArr, false);
        } catch (Exception e) {
            FFDCFilter.processException(e, this.className + ".validateWssOrTrust", "FFDC-2");
            Tr.error(tc, "CWWSI9033E", e);
            z = false;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "validateWssOrTrust returns " + z);
        }
        return z;
    }

    private boolean validateSupportTokens(Policy policy) {
        boolean z = true;
        try {
            if (!validateID(policy.getId(), "SupportingToken")) {
                z = false;
            }
            List<Object> policyOrAllOrExactlyOne = policy.getPolicyOrAllOrExactlyOne();
            if (validateJAXBElementList(policyOrAllOrExactlyOne, PolicyAttributesConstants.SUPPORT_TOKENS, supportingTokens_supportedSubTokens, true)) {
                JAXBElement jAXBElement = (JAXBElement) policyOrAllOrExactlyOne.get(0);
                if (!validateTokenAssertion(jAXBElement.getValue(), jAXBElement.getName().getLocalPart(), null)) {
                    z = false;
                }
            } else {
                z = false;
            }
        } catch (Exception e) {
            e.printStackTrace();
            FFDCFilter.processException(e, this.className + ".validateSupportTokens", "FFDC-3");
            Tr.error(tc, "CWWSI9033E", e);
            z = false;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "validateSupportTokens returns " + z);
        }
        return z;
    }

    private boolean validateBinding(NestedPolicyType nestedPolicyType, String str, String[] strArr, boolean z) {
        boolean z2 = true;
        try {
            boolean z3 = PolicyAttributesConstants.SYM_BINDING.equals(str);
            List<Object> policyOrAllOrExactlyOne = nestedPolicyType.getPolicy().getPolicyOrAllOrExactlyOne();
            if (validateJAXBElementList(policyOrAllOrExactlyOne, str, strArr, false)) {
                for (int i = 0; i < policyOrAllOrExactlyOne.size(); i++) {
                    if (policyOrAllOrExactlyOne.get(i) instanceof JAXBElement) {
                        JAXBElement jAXBElement = (JAXBElement) policyOrAllOrExactlyOne.get(i);
                        String localPart = jAXBElement.getName().getLocalPart();
                        if (PolicyAttributesConstants.ALGORITHM_SUITE.equals(localPart)) {
                            if (!validateJAXBElementList(((NestedPolicyType) jAXBElement.getValue()).getPolicy().getPolicyOrAllOrExactlyOne(), PolicyAttributesConstants.ALGORITHM_SUITE, algorithmSuite_supportedValues, false)) {
                                z2 = false;
                            }
                        } else if (PolicyAttributesConstants.LAYOUT.equals(localPart)) {
                            if (!validateJAXBElementList(((NestedPolicyType) jAXBElement.getValue()).getPolicy().getPolicyOrAllOrExactlyOne(), PolicyAttributesConstants.LAYOUT, layout_supportedValues, true)) {
                                z2 = false;
                            }
                        } else if (!PolicyAttributesConstants.INCLUDE_TIME_STAMP.equals(localPart) && !validateSubTokens((NestedPolicyType) jAXBElement.getValue(), str, localPart, z3, z)) {
                            z2 = false;
                        }
                    }
                }
            } else {
                z2 = false;
            }
        } catch (Exception e) {
            FFDCFilter.processException(e, this.className + ".validateBinding", "FFDC-4");
            Tr.error(tc, "CWWSI9033E", e);
            z2 = false;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "validateBinding returns " + z2);
        }
        return z2;
    }

    private boolean validateSubTokens(NestedPolicyType nestedPolicyType, String str, String str2, boolean z, boolean z2) {
        String[] strArr;
        boolean z3 = true;
        try {
            HashMap hashMap = null;
            if (PolicyAttributesConstants.SYM_BINDING.equals(str)) {
                strArr = symbinding_supportedSubTokens;
            } else {
                strArr = asymbinding_supportedSubTokens;
                hashMap = new HashMap();
            }
            List<Object> policyOrAllOrExactlyOne = nestedPolicyType.getPolicy().getPolicyOrAllOrExactlyOne();
            if (validateJAXBElementList(policyOrAllOrExactlyOne, str2, strArr, z)) {
                for (int i = 0; i < policyOrAllOrExactlyOne.size(); i++) {
                    if (policyOrAllOrExactlyOne.get(i) instanceof JAXBElement) {
                        JAXBElement jAXBElement = (JAXBElement) policyOrAllOrExactlyOne.get(i);
                        String localPart = jAXBElement.getName().getLocalPart();
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "validateSubTokens, type=" + str + ", subToken=" + str2 + ", name=" + localPart);
                        }
                        if (PolicyAttributesConstants.SC_TOKEN.equals(localPart)) {
                            if (!z2 && PolicyAttributesConstants.SYM_BINDING.equals(str)) {
                                Tr.warning(tc, "CWWSI9011W");
                                z3 = false;
                            }
                        } else if (!validateTokenAssertion(jAXBElement.getValue(), localPart, hashMap)) {
                            z3 = false;
                        }
                    }
                }
            } else {
                z3 = false;
            }
        } catch (Exception e) {
            FFDCFilter.processException(e, this.className + ".validateSubTokens", "FFDC-6");
            Tr.error(tc, "CWWSI9033E", e);
            z3 = false;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "validateSubTokens returns " + z3 + " type=" + str + ", subTokne=" + str2);
        }
        return z3;
    }

    private boolean validateSCT(SecureConversationTokenType secureConversationTokenType) {
        boolean z = true;
        try {
            List<Object> any = secureConversationTokenType.getAny();
            for (int i = 0; i < any.size(); i++) {
                Object obj = any.get(i);
                if (obj instanceof Policy) {
                    List<Object> policyOrAllOrExactlyOne = ((Policy) obj).getPolicyOrAllOrExactlyOne();
                    if (!validateJAXBElementList(policyOrAllOrExactlyOne, PolicyAttributesConstants.SC_TOKEN, sct_supportedSubAssertions, false)) {
                        z = false;
                    }
                    for (int i2 = 0; i2 < policyOrAllOrExactlyOne.size(); i2++) {
                        if (policyOrAllOrExactlyOne.get(i2) instanceof JAXBElement) {
                            JAXBElement jAXBElement = (JAXBElement) policyOrAllOrExactlyOne.get(i2);
                            if (jAXBElement.getValue() instanceof NestedPolicyType) {
                                if (!PolicyAttributesConstants.BOOTSTRAP.equals(jAXBElement.getName().getLocalPart())) {
                                    Tr.warning(tc, "CWWSI9002W", new Object[]{jAXBElement.getName().getLocalPart(), PolicyAttributesConstants.SC_TOKEN});
                                    z = false;
                                } else if (!validateFullPolicy(((NestedPolicyType) jAXBElement.getValue()).getPolicy(), false)) {
                                    z = false;
                                }
                            }
                        }
                    }
                } else {
                    Tr.warning(tc, "CWWSI9001W", new Object[]{obj.getClass().getName(), PolicyAttributesConstants.SC_TOKEN});
                    z = false;
                }
            }
        } catch (Exception e) {
            FFDCFilter.processException(e, this.className + ".validateSecureConversationTokens", "FFDC-5");
            Tr.error(tc, "CWWSI9033E", e);
            z = false;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "validateSCT returns " + z);
        }
        return z;
    }

    private boolean validateID(String str, String str2) {
        if (str != null && (str.startsWith("request:") || str.startsWith("response:"))) {
            return true;
        }
        Tr.warning(tc, "CWWSI9009W", new Object[]{str, str2});
        return false;
    }

    private boolean validateJAXBElementList(List list, String str, String[] strArr, boolean z) {
        boolean z2 = true;
        if (list.isEmpty()) {
            Tr.warning(tc, "CWWSI9003W", new Object[]{str});
            z2 = false;
        } else if (z && list.size() > 1) {
            Tr.warning(tc, "CWWSI9004W", new Object[]{str});
            z2 = false;
        }
        for (int i = 0; i < list.size(); i++) {
            Object obj = list.get(i);
            if (obj instanceof JAXBElement) {
                String localPart = ((JAXBElement) obj).getName().getLocalPart();
                if (strArr != null && !AttributesValidation.isSupported(localPart, strArr)) {
                    Tr.warning(tc, "CWWSI9002W", new Object[]{localPart, str});
                    z2 = false;
                }
            } else {
                Tr.warning(tc, "CWWSI9001W", new Object[]{obj.getClass().getName(), str});
                z2 = false;
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "validateJAXBElementList returns " + z2 + " for " + str);
        }
        return z2;
    }

    private boolean validateTokenAssertion(Object obj, String str, HashMap hashMap) {
        boolean z = true;
        if (obj instanceof TokenAssertionType) {
            TokenAssertionType tokenAssertionType = (TokenAssertionType) obj;
            if (!AttributesValidation.isSupported(tokenAssertionType.getIncludeToken(), includeToken_supportedValues)) {
                Tr.warning(tc, "CWWSI9010W", new Object[]{PolicyAttributesConstants.INCLUDE_TOKEN, str});
                z = false;
            }
            List<Object> any = tokenAssertionType.getAny();
            if (!any.isEmpty()) {
                List<Object> policyOrAllOrExactlyOne = ((Policy) any.get(0)).getPolicyOrAllOrExactlyOne();
                if (PolicyAttributesConstants.CUSTOM_TOKEN.equals(str)) {
                    if (policyOrAllOrExactlyOne.isEmpty()) {
                        Tr.warning(tc, "CWWSI9003W", str);
                        z = false;
                    } else if (!(policyOrAllOrExactlyOne.get(0) instanceof WssCustomToken)) {
                        Tr.warning(tc, "CWWSI9001W", new Object[]{PolicyAttributesConstants.CUSTOM_TOKEN});
                        z = false;
                    }
                } else if ("UsernameToken".equals(str)) {
                    if (!validateJAXBElementList(policyOrAllOrExactlyOne, str, usernameToken_supportedSubAssertions, false)) {
                        z = false;
                    }
                } else if (PolicyAttributesConstants.X509TOKEN.equals(str)) {
                    if (!validateJAXBElementList(policyOrAllOrExactlyOne, str, x509Token_supportedSubAssertions, false)) {
                        z = false;
                    }
                    if (hashMap != null && !policyOrAllOrExactlyOne.isEmpty() && (policyOrAllOrExactlyOne.get(0) instanceof JAXBElement)) {
                        String localPart = ((JAXBElement) policyOrAllOrExactlyOne.get(0)).getName().getLocalPart();
                        if (hashMap.containsKey(localPart)) {
                            Tr.warning(tc, "CWWSI9020W", new Object[]{localPart, str});
                            z = false;
                        } else {
                            hashMap.put(localPart, localPart);
                        }
                    }
                }
            } else if (!PolicyAttributesConstants.LTPA_TOKEN.equals(str) && !PolicyAttributesConstants.LTPA_PROPGATION_TOKEN.equals(str)) {
                Tr.warning(tc, "CWWSI9003W", str);
                z = false;
            }
        } else {
            Tr.warning(tc, "CWWSI9001W", new Object[]{str + ".TokenAssertionType"});
            z = false;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "validateTokenAssertion returns " + z + " for " + str);
        }
        return z;
    }
}
