package com.ebmwebsourcing.geasysecu.service.policy.clienttoserver;

import com.ebmwebsourcing.geasysecu.business.domain.securitypolicy.AbstractBindingTO;
import com.ebmwebsourcing.geasysecu.business.domain.securitypolicy.AsymmetricBindingTO;
import com.ebmwebsourcing.geasysecu.business.domain.securitypolicy.KerberosTokenTO;
import com.ebmwebsourcing.geasysecu.business.domain.securitypolicy.SecurityPolicyContentTO;
import com.ebmwebsourcing.geasysecu.business.domain.securitypolicy.SecurityTokenTO;
import com.ebmwebsourcing.geasysecu.business.domain.securitypolicy.SymmetricBindingTO;
import com.ebmwebsourcing.geasysecu.business.domain.securitypolicy.WSSecurityConstants;
import com.ebmwebsourcing.geasysecu.business.domain.securitypolicy.X509TokenTO;
import com.ebmwebsourcing.geasysecu.service.policy.addon.KerberosToken;
import com.ebmwebsourcing.geasysecu.service.policy.common.IPolicyBuilderComponent;
import com.google.inject.Inject;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.XMLStreamWriter;
import org.apache.cxf.ws.policy.PolicyBuilder;
import org.apache.cxf.ws.security.policy.SPConstants;
import org.apache.cxf.ws.security.policy.model.AlgorithmSuite;
import org.apache.cxf.ws.security.policy.model.AsymmetricBinding;
import org.apache.cxf.ws.security.policy.model.InitiatorToken;
import org.apache.cxf.ws.security.policy.model.ProtectionToken;
import org.apache.cxf.ws.security.policy.model.RecipientToken;
import org.apache.cxf.ws.security.policy.model.SignedEncryptedParts;
import org.apache.cxf.ws.security.policy.model.SymmetricAsymmetricBindingBase;
import org.apache.cxf.ws.security.policy.model.SymmetricBinding;
import org.apache.cxf.ws.security.policy.model.Token;
import org.apache.cxf.ws.security.policy.model.X509Token;
import org.apache.neethi.All;
import org.apache.neethi.Assertion;
import org.apache.neethi.ExactlyOne;
import org.apache.neethi.Policy;

/* loaded from: input_file:com/ebmwebsourcing/geasysecu/service/policy/clienttoserver/ClientToServerSecurityPolicyTranslator.class */
public class ClientToServerSecurityPolicyTranslator implements IClientToServerSecurityPolicyTranslator {
    private SPConstants version;
    private PolicyBuilder policyBuilder;

    @Inject
    public ClientToServerSecurityPolicyTranslator(IPolicyBuilderComponent iPolicyBuilderComponent) {
        this.version = iPolicyBuilderComponent.getVersion();
        this.policyBuilder = iPolicyBuilderComponent.getPolicyBuilder();
    }

    public AsymmetricBinding buildAssymetricBinding(AsymmetricBindingTO asymmetricBindingTO) {
        AsymmetricBinding asymmetricBinding = new AsymmetricBinding(this.version, this.policyBuilder);
        buildCommonPartSymmetricAssymetricToken(asymmetricBindingTO, asymmetricBinding);
        new InitiatorToken(this.version, this.policyBuilder).setToken(createToken(asymmetricBindingTO.getInitiatorToken()));
        new RecipientToken(this.version, this.policyBuilder).setToken(createToken(asymmetricBindingTO.getRecipientToken()));
        return asymmetricBinding;
    }

    public X509Token buildX509Token(X509TokenTO x509TokenTO) {
        X509Token x509Token = new X509Token(this.version);
        x509Token.setRequireEmbeddedTokenReference(x509TokenTO.isRequireEmbeddedTokenRef());
        x509Token.setRequireIssuerSerialReference(x509TokenTO.isRequireIssuerSerialRef());
        x509Token.setRequireKeyIdentifierReference(x509TokenTO.isRequireKeyIdentifierReference());
        x509Token.setRequireThumbprintReference(x509TokenTO.isRequireThumbprintRef());
        x509Token.setTokenVersionAndType(x509TokenTO.getTokenType());
        return x509Token;
    }

    private Token createToken(SecurityTokenTO securityTokenTO) {
        X509Token buildKerberosToken;
        if (securityTokenTO instanceof X509TokenTO) {
            buildKerberosToken = buildX509Token((X509TokenTO) securityTokenTO);
        } else {
            if (!(securityTokenTO instanceof KerberosTokenTO)) {
                throw new UnsupportedOperationException("Not supported yet");
            }
            buildKerberosToken = buildKerberosToken((KerberosTokenTO) securityTokenTO);
        }
        return buildKerberosToken;
    }

    public Token buildKerberosToken(KerberosTokenTO kerberosTokenTO) {
        KerberosToken kerberosToken = new KerberosToken(this.version);
        kerberosToken.setGssV5ApReqToken11(kerberosTokenTO.getTokenType().equals("WssKerberosV5ApReqToken11"));
        kerberosToken.setRequireKeyIdentifierReference(kerberosTokenTO.isRequireKeyIdentifierReference());
        kerberosToken.setV5ApReqToken11(kerberosTokenTO.getTokenType().equals("WssKerberosV5ApReqToken11"));
        return kerberosToken;
    }

    private void buildCommonPartSymmetricAssymetricToken(AbstractBindingTO abstractBindingTO, SymmetricAsymmetricBindingBase symmetricAsymmetricBindingBase) {
        AlgorithmSuite algorithmSuite = new AlgorithmSuite(this.version);
        algorithmSuite.setAlgorithmSuite(abstractBindingTO.getAlgorithmSuite());
        symmetricAsymmetricBindingBase.setAlgorithmSuite(algorithmSuite);
        symmetricAsymmetricBindingBase.setIncludeTimestamp(abstractBindingTO.isIncludeTimestamp());
        symmetricAsymmetricBindingBase.setEntireHeadersAndBodySignatures(abstractBindingTO.isOnlySignEntireHeadersAndBody());
        symmetricAsymmetricBindingBase.setSignatureProtection(abstractBindingTO.isEncryptSignature());
        symmetricAsymmetricBindingBase.setTokenProtection(abstractBindingTO.isProtectTokens());
        symmetricAsymmetricBindingBase.setProtectionOrder(abstractBindingTO.isEncryptBeforeSigning() ? SPConstants.ProtectionOrder.EncryptBeforeSigning : SPConstants.ProtectionOrder.SignBeforeEncrypting);
    }

    public SymmetricBinding buildSymmetricBinding(SymmetricBindingTO symmetricBindingTO) {
        SymmetricBinding symmetricBinding = new SymmetricBinding(this.version, this.policyBuilder);
        buildCommonPartSymmetricAssymetricToken(symmetricBindingTO, symmetricBinding);
        ProtectionToken protectionToken = new ProtectionToken(this.version, this.policyBuilder);
        protectionToken.setProtectionToken(createToken(symmetricBindingTO.getProtectionToken()));
        symmetricBinding.setProtectionToken(protectionToken);
        return symmetricBinding;
    }

    @Override // com.ebmwebsourcing.geasysecu.service.policy.clienttoserver.IClientToServerSecurityPolicyTranslator
    public Policy buildPolicy(SecurityPolicyContentTO securityPolicyContentTO, String str) {
        Policy policy = new Policy();
        policy.setId(str);
        ExactlyOne exactlyOne = new ExactlyOne();
        All all = new All();
        exactlyOne.addPolicyComponent(all);
        policy.addPolicyComponent(exactlyOne);
        all.addAssertion(createBindingAssertion(securityPolicyContentTO.getBinding()));
        if (securityPolicyContentTO.getEncryptedParts() != WSSecurityConstants.SignatureOrEncryptionParts.NONE) {
            SignedEncryptedParts signedEncryptedParts = new SignedEncryptedParts(false, this.version);
            signedEncryptedParts.setBody(securityPolicyContentTO.getEncryptedParts() == WSSecurityConstants.SignatureOrEncryptionParts.BODY || securityPolicyContentTO.getEncryptedParts() == WSSecurityConstants.SignatureOrEncryptionParts.BODY_AND_HEADER);
            all.addAssertion(signedEncryptedParts);
        }
        if (securityPolicyContentTO.getSignedParts() != WSSecurityConstants.SignatureOrEncryptionParts.NONE) {
            SignedEncryptedParts signedEncryptedParts2 = new SignedEncryptedParts(true, this.version);
            signedEncryptedParts2.setBody(securityPolicyContentTO.getEncryptedParts() == WSSecurityConstants.SignatureOrEncryptionParts.BODY || securityPolicyContentTO.getEncryptedParts() == WSSecurityConstants.SignatureOrEncryptionParts.BODY_AND_HEADER);
            all.addAssertion(signedEncryptedParts2);
        }
        return policy;
    }

    private Assertion createBindingAssertion(AbstractBindingTO abstractBindingTO) {
        AsymmetricBinding buildSymmetricBinding;
        if (abstractBindingTO instanceof AsymmetricBindingTO) {
            buildSymmetricBinding = buildAssymetricBinding((AsymmetricBindingTO) abstractBindingTO);
        } else {
            if (!(abstractBindingTO instanceof SymmetricBindingTO)) {
                throw new UnsupportedOperationException("Not implemented yet");
            }
            buildSymmetricBinding = buildSymmetricBinding((SymmetricBindingTO) abstractBindingTO);
        }
        return buildSymmetricBinding;
    }

    @Override // com.ebmwebsourcing.geasysecu.service.policy.clienttoserver.IClientToServerSecurityPolicyTranslator
    public void serialize(XMLStreamWriter xMLStreamWriter, SecurityPolicyContentTO securityPolicyContentTO, String str) throws XMLStreamException {
        buildPolicy(securityPolicyContentTO, str).serialize(xMLStreamWriter);
    }
}
