package com.ibm.ws.wssecurity.cxf.validator;

import com.ibm.websphere.crypto.PasswordUtil;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.wssecurity.internal.WSSecurityConstants;
import com.ibm.wsspi.kernel.service.utils.SerializableProtectedString;
import java.util.Iterator;
import java.util.Map;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.security.wss4j.WSS4JUtils;
import org.apache.wss4j.common.cache.ReplayCache;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.policy.SP12Constants;
import org.apache.wss4j.policy.model.UsernameToken;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:com/ibm/ws/wssecurity/cxf/validator/Utils.class */
public class Utils {
    private static final TraceComponent tc = Tr.register(Utils.class, "WSSecurity", "com.ibm.ws.wssecurity.resources.WSSecurityMessages");
    static final long serialVersionUID = 3855154204939726376L;

    public static ReplayCache getReplayCache(@Sensitive SoapMessage soapMessage, String str, String str2) throws WSSecurityException {
        return WSS4JUtils.getReplayCache(soapMessage, str, str2);
    }

    public static Object getSecurityPropertyValue(String str, SoapMessage soapMessage) {
        Object contextualProperty = soapMessage.getContextualProperty(str);
        return contextualProperty != null ? contextualProperty : soapMessage.getContextualProperty("ws-" + str);
    }

    public static boolean checkPolicyNoPassword(@Sensitive SoapMessage soapMessage) throws WSSecurityException {
        boolean z = false;
        Iterator it = ((AssertionInfoMap) soapMessage.get(AssertionInfoMap.class)).getAssertionInfo(SP12Constants.USERNAME_TOKEN).iterator();
        while (it.hasNext()) {
            if (UsernameToken.PasswordType.NoPassword.equals(((AssertionInfo) it.next()).getAssertion().getPasswordType())) {
                z = true;
            }
        }
        return z;
    }

    @Sensitive
    public static String changePasswordType(SerializableProtectedString serializableProtectedString) {
        String str = null;
        if (serializableProtectedString != null) {
            char[] chars = serializableProtectedString.getChars();
            if (chars.length > 0) {
                StringBuilder sb = new StringBuilder();
                for (char c : chars) {
                    sb.append(c);
                }
                str = PasswordUtil.passwordDecode(sb.toString());
            }
        }
        return str;
    }

    @Sensitive
    public static void modifyConfigMap(Map<String, Object> map) {
        if (map.containsKey(WSSecurityConstants.CXF_USER_PASSWORD)) {
            map.put(WSSecurityConstants.CXF_USER_PASSWORD, changePasswordType((SerializableProtectedString) map.get(WSSecurityConstants.CXF_USER_PASSWORD)));
        }
        if (map.containsKey(WSSecurityConstants.WSS4J_KEY_PASSWORD)) {
            map.put(WSSecurityConstants.WSS4J_KEY_PASSWORD, changePasswordType((SerializableProtectedString) map.get(WSSecurityConstants.WSS4J_KEY_PASSWORD)));
        }
        if (map.containsKey(WSSecurityConstants.WSS4J_2_KEY_PASSWORD)) {
            map.put(WSSecurityConstants.WSS4J_2_KEY_PASSWORD, PasswordUtil.passwordDecode((String) map.get(WSSecurityConstants.WSS4J_2_KEY_PASSWORD)));
        }
        if (map.containsKey(WSSecurityConstants.WSS4J_KS_PASSWORD)) {
            map.put(WSSecurityConstants.WSS4J_KS_PASSWORD, changePasswordType((SerializableProtectedString) map.get(WSSecurityConstants.WSS4J_KS_PASSWORD)));
        }
        if (map.containsKey(WSSecurityConstants.WSS4J_2_KS_PASSWORD)) {
            map.put(WSSecurityConstants.WSS4J_2_KS_PASSWORD, PasswordUtil.passwordDecode((String) map.get(WSSecurityConstants.WSS4J_2_KS_PASSWORD)));
        }
        if (map.containsKey(WSSecurityConstants.WSS4J_TS_PASSWORD)) {
            map.put(WSSecurityConstants.WSS4J_TS_PASSWORD, changePasswordType((SerializableProtectedString) map.get(WSSecurityConstants.WSS4J_TS_PASSWORD)));
        }
        if (map.containsKey(WSSecurityConstants.WSS4J_2_TS_PASSWORD)) {
            map.put(WSSecurityConstants.WSS4J_2_TS_PASSWORD, PasswordUtil.passwordDecode((String) map.get(WSSecurityConstants.WSS4J_2_TS_PASSWORD)));
        }
    }
}
