package com.ibm.ws.wssecurity.internal;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.common.crypto.CryptoUtils;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.SecurityService;
import com.ibm.ws.ssl.KeyStoreService;
import com.ibm.ws.wssecurity.cxf.interceptor.WSSecurityLibertyPluginInterceptor;
import com.ibm.ws.wssecurity.cxf.validator.UsernameTokenValidator;
import com.ibm.wsspi.kernel.service.utils.AtomicServiceReference;
import com.ibm.wsspi.ssl.SSLSupport;
import java.io.File;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.util.Collections;
import java.util.Dictionary;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import org.osgi.framework.InvalidSyntaxException;
import org.osgi.framework.ServiceReference;
import org.osgi.service.cm.Configuration;
import org.osgi.service.cm.ConfigurationAdmin;
import org.osgi.service.cm.ConfigurationEvent;
import org.osgi.service.cm.ConfigurationListener;
import org.osgi.service.component.ComponentContext;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:com/ibm/ws/wssecurity/internal/WSSecurityConfiguration.class */
public class WSSecurityConfiguration implements ConfigurationListener {
    protected volatile ConfigurationAdmin configAdmin;
    private volatile SecurityService securityService;
    static final String CFG_KEY_USER = "user";
    static final String CFG_KEY_PASSWORD = "password";
    static final String CFG_KEY_PASSWORD_VALUE = "value";
    static final String CFG_KEY_CALLBACK = "callback";
    static final String CFG_KEY_NAME = "name";
    static final String CFG_KEY_PROVIDER = "provider";
    static final String CFG_KEY_ENTRY = "entry";
    static final String CFG_KEY_ENTRY_KEY = "key";
    static final String CFG_KEY_ENTRY_VALUE = "value";
    public static final String KEY_KEYSTORE_SERVICE = "keyStoreService";
    public static final String KEY_SSL_SUPPORT = "sslSupport";
    static final String KEY_samlToken = "samlToken";
    static final String KEY_wantAssertionsSigned = "wantAssertionsSigned";
    static final String KEY_clockSkew = "clockSkew";
    static final String KEY_requiredSubjectConfirmationMethod = "requiredSubjectConfirmationMethod";
    static final String KEY_timeToLive = "timeToLive";
    static final String KEY_audienceRestrictions = "audienceRestrictions";
    private volatile String cfgCallback;
    private volatile Map<String, Object> properties;
    static final long serialVersionUID = 7435720178429061485L;
    private static final TraceComponent tc = Tr.register(WSSecurityConfiguration.class, "WSSecurity", "com.ibm.ws.wssecurity.resources.WSSecurityMessages");
    static final String KEY_ID = "id";
    static final String[] SPECIAL_CFG_KEYS = {"component.name", "component.id", "config.source", "config.id", KEY_ID, "service.vendor", "service.factoryPid", "service.pid"};
    static Map<String, String> subjectConfirmationMethods = new HashMap();
    private final AtomicServiceReference<KeyStoreService> keyStoreServiceRef = new AtomicServiceReference<>(KEY_KEYSTORE_SERVICE);
    protected final AtomicServiceReference<SSLSupport> sslSupportRef = new AtomicServiceReference<>(KEY_SSL_SUPPORT);
    private volatile Map<String, Object> defaultConfigMap = Collections.synchronizedMap(new HashMap());
    private final Set<String> pids = new HashSet();
    private volatile Map<String, Object> samlTokenConfigMap = null;
    private volatile Map<String, Object> defaultSamlTokenConfigMap = null;

    protected void setConfigurationAdmin(ConfigurationAdmin configurationAdmin) {
        this.configAdmin = configurationAdmin;
    }

    protected void unsetConfigurationAdmin(ConfigurationAdmin configurationAdmin) {
        if (this.configAdmin == configurationAdmin) {
            this.configAdmin = null;
        }
    }

    protected void setSecurityService(SecurityService securityService) {
        this.securityService = securityService;
    }

    protected void unsetSecurityService(SecurityService securityService) {
        if (this.securityService == securityService) {
            this.securityService = null;
        }
    }

    protected void setKeyStoreService(ServiceReference<KeyStoreService> serviceReference) {
        this.keyStoreServiceRef.setReference(serviceReference);
    }

    protected void unsetKeyStoreService(ServiceReference<KeyStoreService> serviceReference) {
        this.keyStoreServiceRef.unsetReference(serviceReference);
    }

    protected void setSslSupport(ServiceReference<SSLSupport> serviceReference) {
        this.sslSupportRef.setReference(serviceReference);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "setSslSupport service.pid:" + serviceReference.getProperty("service.pid"), new Object[0]);
        }
    }

    protected void updatedSslSupport(ServiceReference<SSLSupport> serviceReference) {
        this.sslSupportRef.setReference(serviceReference);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "updatedtSslSupport service.pid:" + serviceReference.getProperty("service.pid"), new Object[0]);
        }
    }

    protected void unsetSslSupport(ServiceReference<SSLSupport> serviceReference) {
        this.sslSupportRef.unsetReference(serviceReference);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "unsetSslSupport service.pid:" + serviceReference.getProperty("service.pid"), new Object[0]);
        }
    }

    protected void activate(ComponentContext componentContext, Map<String, Object> map) {
        this.keyStoreServiceRef.activate(componentContext);
        this.sslSupportRef.activate(componentContext);
        this.properties = map;
        internalModify();
        UsernameTokenValidator.setSecurityService(this.securityService);
    }

    protected void modified(ComponentContext componentContext, Map<String, Object> map) {
        this.properties = map;
        internalModify();
    }

    protected void deactivate(ComponentContext componentContext) {
        this.keyStoreServiceRef.deactivate(componentContext);
        this.sslSupportRef.deactivate(componentContext);
        UsernameTokenValidator.setSecurityService(null);
        WSSecurityLibertyPluginInterceptor.setBindingsConfiguration(null);
        WSSecurityLibertyPluginInterceptor.setSamlTokenConfiguration(null);
        this.cfgCallback = null;
        this.defaultConfigMap.clear();
        if (this.defaultSamlTokenConfigMap == null) {
            this.defaultSamlTokenConfigMap = processDefaultSamlToken();
        }
        this.samlTokenConfigMap = this.defaultSamlTokenConfigMap;
    }

    private synchronized void internalModify() {
        this.cfgCallback = null;
        this.defaultConfigMap.clear();
        setAndValidateProperties();
        WSSecurityLibertyPluginInterceptor.setBindingsConfiguration(this.defaultConfigMap);
        try {
            processSamlToken();
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.wssecurity.internal.WSSecurityConfiguration", "207", this, new Object[0]);
        }
        WSSecurityLibertyPluginInterceptor.setSamlTokenConfiguration(this.samlTokenConfigMap);
    }

    void processSamlToken() {
        String str = (String) this.properties.get(KEY_samlToken);
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "samlToken pid:", new Object[]{str});
        }
        if (str == null || str.isEmpty()) {
            if (this.defaultSamlTokenConfigMap == null) {
                this.defaultSamlTokenConfigMap = processDefaultSamlToken();
            }
            this.samlTokenConfigMap = this.defaultSamlTokenConfigMap;
            return;
        }
        try {
            this.samlTokenConfigMap = Collections.unmodifiableMap(processSamlToken(str));
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.wssecurity.internal.WSSecurityConfiguration", "233", this, new Object[0]);
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Failed to initialize saml token configuration data: ", new Object[]{str, e});
            }
        }
    }

    Map<String, Object> processDefaultSamlToken() {
        HashMap hashMap = new HashMap();
        hashMap.put("wantAssertionsSigned", true);
        hashMap.put("clockSkew", 300L);
        hashMap.put("requiredSubjectConfirmationMethod", subjectConfirmationMethods.get("bearer"));
        hashMap.put("timeToLive", 1800L);
        hashMap.put("audienceRestrictions", null);
        return Collections.unmodifiableMap(hashMap);
    }

    Map<String, Object> processSamlToken(String str) throws Exception {
        HashMap hashMap = new HashMap();
        try {
            Dictionary properties = this.configAdmin.getConfiguration(str).getProperties();
            hashMap.put("wantAssertionsSigned", properties.get("wantAssertionsSigned"));
            hashMap.put("clockSkew", Long.valueOf(((Long) properties.get("clockSkew")).longValue() / 1000));
            String trim = trim((String) properties.get("requiredSubjectConfirmationMethod"));
            if (!"bearer".equalsIgnoreCase(trim)) {
                trim = "bearer";
            }
            hashMap.put("requiredSubjectConfirmationMethod", subjectConfirmationMethods.get(trim));
            hashMap.put("timeToLive", Long.valueOf(((Long) properties.get("timeToLive")).longValue() / 1000));
            String[] trim2 = trim((String[]) properties.get("audienceRestrictions"));
            if (trim2 != null) {
                int i = 0;
                while (i < trim2.length) {
                    try {
                        trim2[i] = URLDecoder.decode(trim2[i], "UTF-8");
                        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                            Tr.debug(tc, "audienceRestriction[" + i + "] = " + trim2[i], new Object[0]);
                        }
                        i++;
                    } catch (UnsupportedEncodingException e) {
                        FFDCFilter.processException(e, "com.ibm.ws.wssecurity.internal.WSSecurityConfiguration", "292", this, new Object[]{str});
                        throw new Exception(e);
                    }
                }
                if (i == 0) {
                    trim2 = null;
                }
            }
            hashMap.put("audienceRestrictions", trim2);
            return hashMap;
        } catch (IOException e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.wssecurity.internal.WSSecurityConfiguration", "264", this, new Object[]{str});
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Invalid saml websso trust engine configuration", new Object[]{str});
            }
            return hashMap;
        }
    }

    private void setAndValidateProperties() {
        this.pids.clear();
        String str = (String) this.properties.get(KEY_ID);
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "Default config id = ", new Object[]{str});
        }
        for (Map.Entry<String, Object> entry : this.properties.entrySet()) {
            String key = entry.getKey();
            if ("signatureProperties".equals(key)) {
                try {
                    String str2 = (String) entry.getValue();
                    this.pids.add(str2);
                    Map<String, Object> convertToMap = convertToMap(str2);
                    if (convertToMap != null && !convertToMap.isEmpty()) {
                        for (String str3 : SPECIAL_CFG_KEYS) {
                            convertToMap.remove(str3);
                        }
                        if (newConfigSpecified(convertToMap)) {
                            convertToMap.remove(WSSecurityConstants.WSS4J_CRYPTO_PROVIDER);
                            convertToMap.putIfAbsent(WSSecurityConstants.WSS4J_2_CRYPTO_PROVIDER, WSSecurityConstants.WSS4J_2_CRYPTO_PROVIDER_NAME);
                            this.defaultConfigMap.put("security.signature.properties", convertToMap);
                        } else {
                            this.defaultConfigMap.put("ws-security.signature.properties", convertToMap);
                        }
                        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                            Tr.debug(tc, "signature configuration type = ", new Object[]{convertToMap.get(WSSecurityConstants.WSS4J_2_KS_TYPE) != null ? convertToMap.get(WSSecurityConstants.WSS4J_2_KS_TYPE) : convertToMap.get(WSSecurityConstants.WSS4J_KS_TYPE)});
                            Tr.debug(tc, "signature configuration alias = ", new Object[]{convertToMap.get(WSSecurityConstants.WSS4J_2_KS_ALIAS) != null ? convertToMap.get(WSSecurityConstants.WSS4J_2_KS_ALIAS) : convertToMap.get(WSSecurityConstants.WSS4J_KS_ALIAS)});
                            Tr.debug(tc, "signature configuration ks file = ", new Object[]{convertToMap.get(WSSecurityConstants.WSS4J_2_KS_FILE) != null ? convertToMap.get(WSSecurityConstants.WSS4J_2_KS_FILE) : convertToMap.get(WSSecurityConstants.WSS4J_KS_FILE)});
                            Tr.debug(tc, "signature configuration password = ", new Object[]{convertToMap.get(WSSecurityConstants.WSS4J_2_KS_PASSWORD) != null ? convertToMap.get(WSSecurityConstants.WSS4J_2_KS_PASSWORD) : convertToMap.get(WSSecurityConstants.WSS4J_KS_PASSWORD)});
                            Tr.debug(tc, "signature configuration provider = ", new Object[]{convertToMap.get(WSSecurityConstants.WSS4J_2_CRYPTO_PROVIDER) != null ? convertToMap.get(WSSecurityConstants.WSS4J_2_CRYPTO_PROVIDER) : convertToMap.get(WSSecurityConstants.WSS4J_CRYPTO_PROVIDER)});
                        }
                        String str4 = (String) convertToMap.get("signatureAlgorithm");
                        if (str4 == null || str4.isEmpty()) {
                            str4 = WSSecurityConstants.WSSEC_DEFAULT_SIGNATURE_ALGORITHM;
                        }
                        if (CryptoUtils.isAlgorithmInsecure(str4)) {
                            CryptoUtils.logInsecureAlgorithm("wsSecurityProvider.signatureProperties.signatureAlgorithm", str4);
                        }
                    } else if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "Empty ws-security provider signature configuration ", new Object[]{str2});
                    }
                } catch (IOException e) {
                    FFDCFilter.processException(e, "com.ibm.ws.wssecurity.internal.WSSecurityConfiguration", "366", this, new Object[0]);
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "Invalid ws-security provider signature configuration: " + e, new Object[0]);
                    }
                }
            } else if ("encryptionProperties".equals(key)) {
                try {
                    String str5 = (String) entry.getValue();
                    this.pids.add(str5);
                    Map<String, Object> convertToMap2 = convertToMap(str5);
                    if (convertToMap2 != null && !convertToMap2.isEmpty()) {
                        for (String str6 : SPECIAL_CFG_KEYS) {
                            convertToMap2.remove(str6);
                        }
                        if (newConfigSpecified(convertToMap2)) {
                            convertToMap2.remove(WSSecurityConstants.WSS4J_CRYPTO_PROVIDER);
                            convertToMap2.putIfAbsent(WSSecurityConstants.WSS4J_2_CRYPTO_PROVIDER, WSSecurityConstants.WSS4J_2_CRYPTO_PROVIDER_NAME);
                            this.defaultConfigMap.put("security.encryption.properties", convertToMap2);
                        } else {
                            this.defaultConfigMap.put("ws-security.encryption.properties", convertToMap2);
                        }
                        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                            Tr.debug(tc, "encryption configuration type = ", new Object[]{convertToMap2.get(WSSecurityConstants.WSS4J_2_KS_TYPE) != null ? convertToMap2.get(WSSecurityConstants.WSS4J_2_KS_TYPE) : convertToMap2.get(WSSecurityConstants.WSS4J_KS_TYPE)});
                            Tr.debug(tc, "encryption configuration alias = ", new Object[]{convertToMap2.get(WSSecurityConstants.WSS4J_2_KS_ALIAS) != null ? convertToMap2.get(WSSecurityConstants.WSS4J_2_KS_ALIAS) : convertToMap2.get(WSSecurityConstants.WSS4J_KS_ALIAS)});
                            Tr.debug(tc, "encryption configuration ks file = ", new Object[]{convertToMap2.get(WSSecurityConstants.WSS4J_2_KS_FILE) != null ? convertToMap2.get(WSSecurityConstants.WSS4J_2_KS_FILE) : convertToMap2.get(WSSecurityConstants.WSS4J_KS_FILE)});
                            Tr.debug(tc, "encryption configuration password = ", new Object[]{convertToMap2.get(WSSecurityConstants.WSS4J_2_KS_PASSWORD) != null ? convertToMap2.get(WSSecurityConstants.WSS4J_2_KS_PASSWORD) : convertToMap2.get(WSSecurityConstants.WSS4J_KS_PASSWORD)});
                            Tr.debug(tc, "encryption configuration provider = ", new Object[]{convertToMap2.get(WSSecurityConstants.WSS4J_2_CRYPTO_PROVIDER) != null ? convertToMap2.get(WSSecurityConstants.WSS4J_2_CRYPTO_PROVIDER) : convertToMap2.get(WSSecurityConstants.WSS4J_CRYPTO_PROVIDER)});
                        }
                    } else if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "Empty ws-security provider encryption configuration ", new Object[]{str5});
                    }
                } catch (IOException e2) {
                    FFDCFilter.processException(e2, "com.ibm.ws.wssecurity.internal.WSSecurityConfiguration", "408", this, new Object[0]);
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "Invalid ws-security provider encryption configuration: " + e2, new Object[0]);
                    }
                }
            } else if ("callerToken".equals(key)) {
                try {
                    String[] strArr = (String[]) entry.getValue();
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        for (int length = strArr.length; length > 0; length--) {
                            Tr.debug(tc, "caller configuration  = ", new Object[]{strArr[length - 1]});
                        }
                    }
                    this.pids.add(strArr[0]);
                    Map<String, Object> convertToMap3 = convertToMap(strArr[0]);
                    if (convertToMap3 != null && !convertToMap3.isEmpty()) {
                        for (String str7 : SPECIAL_CFG_KEYS) {
                            convertToMap3.remove(str7);
                        }
                        if (convertToMap3.get("name") != null) {
                            String str8 = (String) convertToMap3.get("name");
                            if (!str8.isEmpty()) {
                                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                                    Tr.debug(tc, "caller configuration name = ", new Object[]{str8});
                                }
                                if (!WSSecurityConstants.UNT_CALLER_NAME.equalsIgnoreCase(str8) && !WSSecurityConstants.X509_CALLER_NAME.equalsIgnoreCase(str8) && !WSSecurityConstants.SAML_CALLER_NAME.equalsIgnoreCase(str8)) {
                                    StringBuffer stringBuffer = new StringBuffer();
                                    stringBuffer.append(WSSecurityConstants.UNT_CALLER_NAME).append(", ").append(WSSecurityConstants.X509_CALLER_NAME).append(KEY_samlToken);
                                    Tr.error(tc, "UNKNOWN_CALLER_TOKEN_NAME", new Object[]{str8, stringBuffer.toString()});
                                }
                                this.defaultConfigMap.put(WSSecurityConstants.CALLER_CONFIG, convertToMap3);
                            }
                        }
                    } else if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "Empty ws-security provider caller configuration ", new Object[0]);
                    }
                } catch (IOException e3) {
                    FFDCFilter.processException(e3, "com.ibm.ws.wssecurity.internal.WSSecurityConfiguration", "456", this, new Object[0]);
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "Invalid ws-security provider caller configuration: " + e3, new Object[0]);
                    }
                }
            } else if (!key.startsWith(".") && !key.startsWith("config.") && !key.startsWith("service.") && !key.equals(KEY_ID) && !key.startsWith("osgi.ds.")) {
                Object value = entry.getValue();
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "ws-security provider configuration entry key = ", new Object[]{key});
                    Tr.debug(tc, "ws-security provider configuration entry value = ", new Object[]{value});
                }
                if (value != null) {
                    if (WSSecurityConstants.CXF_NONCE_CACHE_CONFIG_FILE.equals(key) || WSSecurityConstants.SEC_NONCE_CACHE_CONFIG_FILE.equals(key)) {
                        String str9 = (String) entry.getValue();
                        if (str9 != null && !str9.isEmpty()) {
                            String replace = str9.replace('\\', '/');
                            if (new File(replace).exists()) {
                                StringBuffer stringBuffer2 = new StringBuffer("file:///");
                                stringBuffer2.append(replace);
                                this.defaultConfigMap.put(key, stringBuffer2.toString());
                            } else {
                                this.defaultConfigMap.put(key, replace);
                            }
                        }
                    } else {
                        this.defaultConfigMap.put(key, value);
                    }
                    if (WSSecurityConstants.CXF_CBH.equals(key)) {
                        this.cfgCallback = (String) value;
                    }
                }
            }
        }
        if (this.defaultConfigMap.isEmpty()) {
            Tr.info(tc, "WSSECURITY_NO_CONFIG_DEFINED_PROV", new Object[0]);
        }
    }

    private boolean newConfigSpecified(Map<String, Object> map) {
        Iterator<String> it = map.keySet().iterator();
        while (it.hasNext()) {
            if (it.next().contains(WSSecurityConstants.WSS4J_2)) {
                return true;
            }
        }
        return false;
    }

    String getCallback() {
        return this.cfgCallback;
    }

    Map<String, Object> getDefaultConfiguration() {
        return this.defaultConfigMap;
    }

    private Map<String, Object> convertToMap(String str) throws IOException {
        Dictionary properties;
        HashMap hashMap = new HashMap();
        try {
            Configuration[] listConfigurations = this.configAdmin.listConfigurations("(service.pid=" + str + ")");
            if (listConfigurations != null && listConfigurations.length != 0 && (properties = this.configAdmin.getConfiguration(str).getProperties()) != null) {
                Enumeration keys = properties.keys();
                while (keys.hasMoreElements()) {
                    String str2 = (String) keys.nextElement();
                    hashMap.put(str2, properties.get(str2));
                }
                return hashMap;
            }
        } catch (InvalidSyntaxException e) {
            FFDCFilter.processException(e, "com.ibm.ws.wssecurity.internal.WSSecurityConfiguration", "561", this, new Object[]{str});
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Syntax error accesssing configuration for pid " + str + ": " + e.getMessage(), new Object[0]);
            }
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "No configuration for pid " + str, new Object[0]);
        }
        return hashMap;
    }

    public synchronized void configurationEvent(ConfigurationEvent configurationEvent) {
        if (configurationEvent.getType() == 1 && this.pids.contains(configurationEvent.getPid())) {
            internalModify();
        }
    }

    String[] trim(String[] strArr) {
        if (strArr == null || strArr.length == 0) {
            return null;
        }
        String[] strArr2 = new String[strArr.length];
        int i = 0;
        for (String str : strArr) {
            String trim = trim(str);
            if (trim != null) {
                int i2 = i;
                i++;
                strArr2[i2] = trim;
            }
        }
        if (i == 0) {
            return null;
        }
        String[] strArr3 = new String[i];
        System.arraycopy(strArr2, 0, strArr3, 0, i);
        return strArr3;
    }

    String trim(String str) {
        if (str == null) {
            return null;
        }
        String trim = str.trim();
        if (trim.isEmpty()) {
            return null;
        }
        return trim;
    }

    static {
        subjectConfirmationMethods.put("bearer", "urn:oasis:names:tc:SAML:2.0:cm:bearer");
        subjectConfirmationMethods.put("sender-vouches", "urn:oasis:names:tc:SAML:2.0:cm:sender-vouches");
        subjectConfirmationMethods.put("holder-of-key", "urn:oasis:names:tc:SAML:2.0:cm:holder-of-key");
    }
}
