package com.ibm.ws.wssecurity.cxf.validator;

import com.ibm.websphere.crypto.PasswordUtil;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.wsspi.kernel.service.utils.SerializableProtectedString;
import java.util.Iterator;
import java.util.Map;
import java.util.Properties;
import net.sf.ehcache.constructs.CacheDecoratorFactory;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.endpoint.Endpoint;
import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.service.model.EndpointInfo;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.security.cache.ReplayCacheFactory;
import org.apache.cxf.ws.security.policy.SP12Constants;
import org.apache.cxf.ws.security.policy.model.UsernameToken;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.cache.ReplayCache;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoFactory;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:wlp/lib/com.ibm.ws.wssecurity_1.0.16.jar:com/ibm/ws/wssecurity/cxf/validator/Utils.class */
public class Utils {
    private static final TraceComponent tc = Tr.register(Utils.class, "WSSecurity", "com.ibm.ws.wssecurity.resources.WSSecurityMessages");
    static final long serialVersionUID = 754683423761430230L;

    public static ReplayCache getReplayCache(@Sensitive SoapMessage soapMessage, String str, String str2) {
        Endpoint endpoint;
        ReplayCache replayCache;
        boolean z = false;
        Object contextualProperty = soapMessage.getContextualProperty(str);
        if (contextualProperty != null) {
            if (!MessageUtils.isTrue(contextualProperty)) {
                return null;
            }
            z = true;
        }
        if ((!z && MessageUtils.isRequestor(soapMessage)) || (endpoint = (Endpoint) soapMessage.getExchange().get(Endpoint.class)) == null || endpoint.getEndpointInfo() == null) {
            return null;
        }
        EndpointInfo endpointInfo = endpoint.getEndpointInfo();
        synchronized (endpointInfo) {
            ReplayCache replayCache2 = (ReplayCache) soapMessage.getContextualProperty(str2);
            if (replayCache2 == null) {
                replayCache2 = (ReplayCache) endpointInfo.getProperty(str2);
            }
            if (replayCache2 == null) {
                ReplayCacheFactory newInstance = ReplayCacheFactory.newInstance();
                String str3 = str2;
                if (endpointInfo.getName() != null) {
                    str3 = str3 + CacheDecoratorFactory.DASH + endpointInfo.getName().toString().hashCode();
                }
                replayCache2 = newInstance.newReplayCache(str3, soapMessage);
                endpointInfo.setProperty(str2, replayCache2);
            }
            replayCache = replayCache2;
        }
        return replayCache;
    }

    public static boolean checkPolicyNoPassword(@Sensitive SoapMessage soapMessage) throws WSSecurityException {
        boolean z = false;
        Iterator<AssertionInfo> it = ((AssertionInfoMap) soapMessage.get(AssertionInfoMap.class)).getAssertionInfo(SP12Constants.USERNAME_TOKEN).iterator();
        while (it.hasNext()) {
            if (((UsernameToken) it.next().getAssertion()).isNoPassword()) {
                z = true;
            }
        }
        return z;
    }

    @Sensitive
    public static Crypto getCrypto(Properties properties) {
        Crypto crypto = null;
        if (properties != null) {
            try {
                crypto = CryptoFactory.getInstance(properties);
            } catch (WSSecurityException e) {
                FFDCFilter.processException(e, "com.ibm.ws.wssecurity.cxf.validator.Utils", "121", (Object) null, new Object[]{properties});
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "cannot create a Crypto, please double check the key properties (" + e + ")", new Object[0]);
                }
            }
        }
        return crypto;
    }

    @Sensitive
    public static String changePasswordType(SerializableProtectedString serializableProtectedString) {
        String str = null;
        if (serializableProtectedString != null) {
            char[] chars = serializableProtectedString.getChars();
            if (chars.length > 0) {
                StringBuilder sb = new StringBuilder();
                for (char c : chars) {
                    sb.append(c);
                }
                str = PasswordUtil.passwordDecode(sb.toString());
            }
        }
        return str;
    }

    @Sensitive
    public static void modifyConfigMap(Map<String, Object> map) {
        if (map.containsKey("ws-security.password")) {
            map.put("ws-security.password", changePasswordType((SerializableProtectedString) map.get("ws-security.password")));
        }
        if (map.containsKey("org.apache.ws.security.crypto.merlin.keystore.private.password")) {
            map.put("org.apache.ws.security.crypto.merlin.keystore.private.password", changePasswordType((SerializableProtectedString) map.get("org.apache.ws.security.crypto.merlin.keystore.private.password")));
        }
        if (map.containsKey("org.apache.ws.security.crypto.merlin.keystore.password")) {
            map.put("org.apache.ws.security.crypto.merlin.keystore.password", changePasswordType((SerializableProtectedString) map.get("org.apache.ws.security.crypto.merlin.keystore.password")));
        }
        if (map.containsKey("org.apache.ws.security.crypto.merlin.truststore.password")) {
            map.put("org.apache.ws.security.crypto.merlin.truststore.password", changePasswordType((SerializableProtectedString) map.get("org.apache.ws.security.crypto.merlin.truststore.password")));
        }
    }
}
