package org.apache.wss4j.stax.impl.processor.input;

import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import java.time.format.DateTimeParseException;
import java.time.temporal.ChronoField;
import java.util.Deque;
import java.util.List;
import javax.xml.bind.JAXBElement;
import javax.xml.namespace.QName;
import org.apache.wss4j.binding.wsu10.TimestampType;
import org.apache.wss4j.common.bsp.BSPRule;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.stax.ext.WSInboundSecurityContext;
import org.apache.wss4j.stax.ext.WSSConstants;
import org.apache.wss4j.stax.ext.WSSSecurityProperties;
import org.apache.wss4j.stax.securityEvent.TimestampSecurityEvent;
import org.apache.wss4j.stax.validate.TimestampValidator;
import org.apache.wss4j.stax.validate.TimestampValidatorImpl;
import org.apache.wss4j.stax.validate.TokenContext;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.ext.AbstractInputSecurityHeaderHandler;
import org.apache.xml.security.stax.ext.InputProcessorChain;
import org.apache.xml.security.stax.ext.XMLSecurityProperties;
import org.apache.xml.security.stax.ext.XMLSecurityUtils;
import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
import org.apache.xml.security.stax.impl.util.IDGenerator;

/* loaded from: input_file:lib/wss4j-ws-security-stax-2.4.3.jar:org/apache/wss4j/stax/impl/processor/input/TimestampInputHandler.class */
public class TimestampInputHandler extends AbstractInputSecurityHeaderHandler {
    @Override // org.apache.xml.security.stax.ext.XMLSecurityHeaderHandler
    public void handle(InputProcessorChain inputProcessorChain, XMLSecurityProperties xMLSecurityProperties, Deque<XMLSecEvent> deque, Integer num) throws XMLSecurityException {
        WSSSecurityProperties wSSSecurityProperties = (WSSSecurityProperties) xMLSecurityProperties;
        WSInboundSecurityContext wSInboundSecurityContext = (WSInboundSecurityContext) inputProcessorChain.getSecurityContext();
        if (Boolean.TRUE.equals((Boolean) wSInboundSecurityContext.get(WSSConstants.TIMESTAMP_PROCESSED))) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, "invalidTimestamp", new Object[]{"Message contains two or more timestamps"});
        }
        wSInboundSecurityContext.put(WSSConstants.TIMESTAMP_PROCESSED, Boolean.TRUE);
        TimestampType timestampType = (TimestampType) ((JAXBElement) parseStructure(deque, num.intValue(), xMLSecurityProperties)).getValue();
        List<XMLSecEvent> responsibleXMLSecEvents = getResponsibleXMLSecEvents(deque, num.intValue());
        List<QName> elementPath = getElementPath(deque);
        checkBSPCompliance(inputProcessorChain, timestampType, responsibleXMLSecEvents);
        if (timestampType.getId() == null) {
            timestampType.setId(IDGenerator.generateID(null));
        }
        TimestampValidator timestampValidator = (TimestampValidator) wSSSecurityProperties.getValidator(WSSConstants.TAG_WSU_TIMESTAMP);
        if (timestampValidator == null) {
            timestampValidator = new TimestampValidatorImpl();
        }
        timestampValidator.validate(timestampType, new TokenContext(wSSSecurityProperties, wSInboundSecurityContext, responsibleXMLSecEvents, elementPath));
        TimestampSecurityEvent timestampSecurityEvent = new TimestampSecurityEvent();
        if (timestampType.getCreated() != null) {
            try {
                timestampSecurityEvent.setCreated(timestampType.getCreated().getAsZonedDateTime().toInstant());
            } catch (IllegalArgumentException e) {
            }
        }
        if (timestampType.getExpires() != null) {
            try {
                timestampSecurityEvent.setExpires(timestampType.getExpires().getAsZonedDateTime().toInstant());
            } catch (IllegalArgumentException e2) {
            }
        }
        timestampSecurityEvent.setCorrelationID(timestampType.getId());
        wSInboundSecurityContext.registerSecurityEvent(timestampSecurityEvent);
        wSInboundSecurityContext.put(WSSConstants.PROP_TIMESTAMP_SECURITYEVENT, timestampSecurityEvent);
    }

    private void checkBSPCompliance(InputProcessorChain inputProcessorChain, TimestampType timestampType, List<XMLSecEvent> list) throws WSSecurityException {
        WSInboundSecurityContext wSInboundSecurityContext = (WSInboundSecurityContext) inputProcessorChain.getSecurityContext();
        if (timestampType.getCreated() == null) {
            wSInboundSecurityContext.handleBSPRule(BSPRule.R3203);
        }
        int i = -1;
        int i2 = -1;
        for (int i3 = 0; i3 < list.size(); i3++) {
            XMLSecEvent xMLSecEvent = list.get(i3);
            if (xMLSecEvent.getEventType() == 1) {
                QName name = xMLSecEvent.mo8097asStartElement().getName();
                if (!name.equals(WSSConstants.TAG_WSU_TIMESTAMP)) {
                    if (name.equals(WSSConstants.TAG_WSU_CREATED)) {
                        if (i != -1) {
                            wSInboundSecurityContext.handleBSPRule(BSPRule.R3203);
                        }
                        if (i2 != -1) {
                            wSInboundSecurityContext.handleBSPRule(BSPRule.R3221);
                        }
                        i = i3;
                    } else if (name.equals(WSSConstants.TAG_WSU_EXPIRES)) {
                        if (i2 != -1) {
                            wSInboundSecurityContext.handleBSPRule(BSPRule.R3224);
                        }
                        if (i == -1) {
                            wSInboundSecurityContext.handleBSPRule(BSPRule.R3221);
                        }
                        i2 = i3;
                    } else {
                        wSInboundSecurityContext.handleBSPRule(BSPRule.R3222);
                    }
                }
            }
        }
        if (timestampType.getCreated() != null) {
            try {
                ZonedDateTime asZonedDateTime = timestampType.getCreated().getAsZonedDateTime();
                if (!ZoneOffset.UTC.equals(asZonedDateTime.getZone())) {
                    wSInboundSecurityContext.handleBSPRule(BSPRule.R3217);
                }
                if (asZonedDateTime.getNano() > 0 && asZonedDateTime.get(ChronoField.MILLI_OF_SECOND) * 1000000 != asZonedDateTime.getNano()) {
                    wSInboundSecurityContext.handleBSPRule(BSPRule.R3220);
                }
                if (XMLSecurityUtils.getQNameAttribute(timestampType.getCreated().getOtherAttributes(), WSSConstants.ATT_NULL_VALUE_TYPE) != null) {
                    wSInboundSecurityContext.handleBSPRule(BSPRule.R3225);
                }
            } catch (DateTimeParseException e) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, e);
            }
        } else {
            wSInboundSecurityContext.handleBSPRule(BSPRule.R3203);
        }
        if (timestampType.getExpires() != null) {
            try {
                ZonedDateTime asZonedDateTime2 = timestampType.getExpires().getAsZonedDateTime();
                if (!ZoneOffset.UTC.equals(asZonedDateTime2.getZone())) {
                    wSInboundSecurityContext.handleBSPRule(BSPRule.R3223);
                }
                if (asZonedDateTime2.getNano() > 0 && asZonedDateTime2.get(ChronoField.MILLI_OF_SECOND) * 1000000 != asZonedDateTime2.getNano()) {
                    wSInboundSecurityContext.handleBSPRule(BSPRule.R3229);
                }
                if (XMLSecurityUtils.getQNameAttribute(timestampType.getExpires().getOtherAttributes(), WSSConstants.ATT_NULL_VALUE_TYPE) != null) {
                    wSInboundSecurityContext.handleBSPRule(BSPRule.R3226);
                }
            } catch (DateTimeParseException e2) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, e2);
            }
        }
    }
}
