package com.ghc.a3.a3utils.wsplugins.wssecurity.securityactions;

import com.ghc.a3.a3utils.wsplugins.wssecurity.SignatureKeySourceType;
import com.ghc.a3.nls.GHMessages;
import com.ghc.config.Config;
import com.ghc.tags.TagUtils;
import com.ghc.tags.context.TagReplacingProcessingContext;
import com.ghc.wsSecurity.action.SAMLAssertionTokenAction;
import com.ghc.wsSecurity.action.SecurityAction;
import com.ghc.wsSecurity.action.UserNameTokenAction;
import com.ghc.wsSecurity.action.ValidateSignatureAction;
import com.ghc.wsSecurity.action.saml.SAMLUtils;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Set;

/* loaded from: input_file:com/ghc/a3/a3utils/wsplugins/wssecurity/securityactions/ValidateSignatureToken.class */
public class ValidateSignatureToken implements WSSecurityAction, WSSecurityActionConstants {
    @Override // com.ghc.a3.a3utils.wsplugins.wssecurity.securityactions.WSSecurityAction
    public SecurityAction getAction(TagReplacingProcessingContext tagReplacingProcessingContext, String str, String str2, Config config, ArrayList<SecurityAction> arrayList) {
        ValidateSignatureAction validateSignatureAction = new ValidateSignatureAction();
        ValidateSignatureTokenModel validateSignatureTokenModel = new ValidateSignatureTokenModel();
        validateSignatureAction.setName(validateSignatureTokenModel.getName());
        validateSignatureAction.setActor(WSSTagUtils.safeReplace(tagReplacingProcessingContext, validateSignatureTokenModel.getActor().getActor()));
        validateSignatureAction.setMustUnderstand(validateSignatureTokenModel.getActor().isMustUnderstand());
        SignatureKeySourceType type = validateSignatureTokenModel.getSignatureKeySource().getType();
        if (type == SignatureKeySourceType.USERNAME) {
            int i = -1;
            String username = validateSignatureTokenModel.getSignatureKeySource().getUsername();
            if (username == null || username.trim().length() == 0) {
                throw new RuntimeException(MessageFormat.format(GHMessages.SignatureToken_signActionException1, str));
            }
            int i2 = 0;
            while (true) {
                if (i2 >= arrayList.size()) {
                    break;
                }
                if (username.equals(arrayList.get(i2).getName())) {
                    try {
                        UserNameTokenAction userNameTokenAction = arrayList.get(i2);
                        if (!userNameTokenAction.isCreated() || !userNameTokenAction.isNonced()) {
                            throw new RuntimeException(MessageFormat.format(GHMessages.SignatureToken_userTokenActionException, username, str));
                        }
                        i = i2;
                    } catch (ClassCastException unused) {
                        throw new RuntimeException(MessageFormat.format(GHMessages.SignatureToken_signActionException2, str, username));
                    }
                } else {
                    i2++;
                }
            }
            if (i == -1) {
                throw new RuntimeException(MessageFormat.format(GHMessages.SignatureToken_signActionException3, str, username));
            }
            validateSignatureAction.setKeyIdentifierType(7);
        } else if (type == SignatureKeySourceType.KEYSTORE) {
            validateSignatureAction.setKeyStoreName(validateSignatureTokenModel.getKeySelection().getKeyStore());
            validateSignatureAction.setCertificateAlias(validateSignatureTokenModel.getKeySelection().getAlias());
            validateSignatureAction.setKeyIdentifierType(validateSignatureTokenModel.getKeySelection().getType());
        } else {
            if (type != SignatureKeySourceType.SAML) {
                throw new UnsupportedOperationException(GHMessages.SignatureToken_signTypeUnSupport);
            }
            int i3 = -1;
            String saml = validateSignatureTokenModel.getSignatureKeySource().getSAML();
            if (saml == null || saml.trim().length() == 0) {
                throw new RuntimeException(MessageFormat.format(GHMessages.SignatureToken_signActionException4, str));
            }
            int i4 = 0;
            while (true) {
                if (i4 >= arrayList.size()) {
                    break;
                }
                if (saml.equals(arrayList.get(i4).getName())) {
                    try {
                        SAMLAssertionTokenAction sAMLAssertionTokenAction = arrayList.get(i4);
                        if (sAMLAssertionTokenAction.getAssertion().getKeystoreName() == null) {
                            throw new RuntimeException(MessageFormat.format(GHMessages.SignatureToken_samlTokenActionException1, saml, str));
                        }
                        if (!SAMLUtils.isSenderVouches(sAMLAssertionTokenAction.getAssertion())) {
                            throw new RuntimeException(MessageFormat.format(GHMessages.SignatureToken_samlTokenActionException2, saml, str));
                        }
                        if (!SAMLUtils.subjectHoldsKey(sAMLAssertionTokenAction.getAssertion())) {
                            throw new RuntimeException(MessageFormat.format(GHMessages.SignatureToken_samlTokenActionException3, saml, str));
                        }
                        validateSignatureAction.setKeyStoreName(validateSignatureTokenModel.getKeySelection().getKeyStore());
                        validateSignatureAction.setCertificateAlias(validateSignatureTokenModel.getKeySelection().getAlias());
                        i3 = i4;
                    } catch (ClassCastException unused2) {
                        throw new RuntimeException(MessageFormat.format(GHMessages.SignatureToken_signActionException5, str, saml));
                    }
                } else {
                    i4++;
                }
            }
            if (i3 == -1) {
                throw new RuntimeException(MessageFormat.format(GHMessages.SignatureToken_signActionException6, str, saml));
            }
            validateSignatureAction.setKeyIdentifierType(123456789);
        }
        return validateSignatureAction;
    }

    @Override // com.ghc.a3.a3utils.wsplugins.wssecurity.securityactions.WSSecurityAction
    public Set<String> getTags(Config config) {
        HashSet hashSet = new HashSet();
        ValidateSignatureTokenModel validateSignatureTokenModel = new ValidateSignatureTokenModel();
        validateSignatureTokenModel.restoreState(config);
        TagUtils.extractTagNames(validateSignatureTokenModel.getActor().getActor(), hashSet);
        return hashSet;
    }
}
