package org.apache.cxf.ws.security.wss4j.policyvalidators;

import java.util.Collection;
import org.apache.cxf.message.Message;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.security.policy.SP12Constants;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.message.token.UsernameToken;

/* loaded from: input_file:org/apache/cxf/ws/security/wss4j/policyvalidators/UsernameTokenPolicyValidator.class */
public class UsernameTokenPolicyValidator extends AbstractTokenPolicyValidator {
    private Message message;

    public UsernameTokenPolicyValidator(Message message) {
        this.message = message;
    }

    public boolean validatePolicy(AssertionInfoMap assertionInfoMap, WSSecurityEngineResult wSSecurityEngineResult) {
        Collection<AssertionInfo> collection = assertionInfoMap.get(SP12Constants.USERNAME_TOKEN);
        if (collection == null || collection.isEmpty()) {
            return true;
        }
        for (AssertionInfo assertionInfo : collection) {
            UsernameToken usernameToken = (UsernameToken) wSSecurityEngineResult.get(WSSecurityEngineResult.TAG_USERNAME_TOKEN);
            org.apache.cxf.ws.security.policy.model.UsernameToken usernameToken2 = (org.apache.cxf.ws.security.policy.model.UsernameToken) assertionInfo.getAssertion();
            assertionInfo.setAsserted(true);
            boolean isTokenRequired = isTokenRequired(usernameToken2, this.message);
            if (isTokenRequired && usernameToken == null) {
                assertionInfo.setNotAsserted("The received token does not match the token inclusion requirement");
                return false;
            }
            if (isTokenRequired) {
                if (usernameToken2.isHashPassword() != usernameToken.isHashed()) {
                    assertionInfo.setNotAsserted("Password hashing policy not enforced");
                    return false;
                }
                if (usernameToken2.isNoPassword() && usernameToken.getPassword() != null) {
                    assertionInfo.setNotAsserted("Username Token NoPassword policy not enforced");
                    return false;
                }
                if (usernameToken2.isRequireCreated() && (usernameToken.getCreated() == null || usernameToken.isHashed())) {
                    assertionInfo.setNotAsserted("Username Token Created policy not enforced");
                    return false;
                }
                if (usernameToken2.isRequireNonce() && (usernameToken.getNonce() == null || usernameToken.isHashed())) {
                    assertionInfo.setNotAsserted("Username Token Nonce policy not enforced");
                    return false;
                }
            }
        }
        return true;
    }
}
