package com.ibm.ws.wssecurity.wssapi.token.impl;

import com.ibm.websphere.wssecurity.admin.PolicyAttributesConstants;
import com.ibm.websphere.wssecurity.callbackhandler.PropertyCallback;
import com.ibm.websphere.wssecurity.callbackhandler.SCTGenerateCallback;
import com.ibm.websphere.wssecurity.wssapi.WSSConsumingContext;
import com.ibm.websphere.wssecurity.wssapi.WSSGenerationContext;
import com.ibm.websphere.wssecurity.wssapi.token.SecurityToken;
import com.ibm.ws.wssecurity.common.Constants;
import com.ibm.ws.wssecurity.common.SCAndTrustConstants;
import com.ibm.ws.wssecurity.config.WSSGeneratorConfig;
import com.ibm.ws.wssecurity.confimpl.PrivateConsumerConfig;
import com.ibm.ws.wssecurity.confimpl.PrivateGeneratorConfig;
import com.ibm.ws.wssecurity.handler.PolicyConfigUtil;
import com.ibm.ws.wssecurity.handler.PolicyOutboundConfig;
import com.ibm.ws.wssecurity.impl.auth.callback.SCTCallback;
import com.ibm.ws.wssecurity.platform.auth.SecureConversationCacheHelper;
import com.ibm.ws.wssecurity.sc.SecureConversationImpl;
import com.ibm.ws.wssecurity.token.UTC;
import com.ibm.ws.wssecurity.trust.client.ITrustClient;
import com.ibm.ws.wssecurity.trust.client.ITrustRequestSecurityToken;
import com.ibm.ws.wssecurity.trust.client.ITrustRequestSecurityTokenResponse;
import com.ibm.ws.wssecurity.trust.client.ITrustRequestSecurityTokenResponseCollection;
import com.ibm.ws.wssecurity.trust.client.ITrustRequestSecurityTokenTemplate;
import com.ibm.ws.wssecurity.trust.client.impl.TrustClientFactory;
import com.ibm.ws.wssecurity.trust.client.impl.TrustException;
import com.ibm.ws.wssecurity.trust.ext.client.ITrustConstants;
import com.ibm.ws.wssecurity.util.Axis2Util;
import com.ibm.ws.wssecurity.util.ConfigUtil;
import com.ibm.ws.wssecurity.util.DOMUtils;
import com.ibm.ws.wssecurity.util.IdUtils;
import com.ibm.ws.wssecurity.util.SecurityUIDGenerator;
import com.ibm.ws.wssecurity.util.Tr;
import com.ibm.ws.wssecurity.util.TraceComponent;
import com.ibm.ws.wssecurity.util.WSSNonceGenerator;
import com.ibm.ws.wssecurity.util.WSSObjectUtils;
import com.ibm.ws.wssecurity.wssapi.OMStructure;
import com.ibm.ws.wssecurity.wssapi.WSSObjectStructureImpl;
import com.ibm.ws.wssecurity.wssapi.token.impl.SCT;
import com.ibm.ws.wssecurity.wssobject.impl.WSSObjectElementImpl;
import com.ibm.ws.wssecurity.wssobject.impl.wsc.SecurityContextToken;
import com.ibm.ws.wssecurity.wssobject.interfaces.WSSObject;
import com.ibm.ws.wssecurity.wssobject.interfaces.WSSObjectElement;
import com.ibm.ws.wssecurity.wssobject.util.VariablePartAttributeValue;
import com.ibm.ws.wssecurity.wssobject.util.VariablePartFactory;
import com.ibm.ws.wssecurity.wssobject.util.constants.Utf8ByteConstantsQNames;
import com.ibm.ws.wssecurity.xml.xss4j.dsig.util.Base64;
import com.ibm.wsspi.wssecurity.core.SoapSecurityException;
import com.ibm.wsspi.wssecurity.core.config.TokenGeneratorConfig;
import com.ibm.wsspi.wssecurity.core.token.SecurityTokenManager;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import javax.xml.namespace.QName;
import javax.xml.ws.BindingProvider;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMFactory;
import org.apache.axiom.om.OMNode;
import org.apache.axis2.client.ServiceClient;
import org.apache.axis2.context.ConfigurationContext;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.description.AxisService;
import org.apache.axis2.description.Parameter;
import org.apache.axis2.engine.AxisConfiguration;
import org.apache.axis2.jaxws.ClientConfigurationFactory;
import org.apache.axis2.jaxws.description.EndpointDescription;

/* loaded from: input_file:lib/com.ibm.wsfp.main.jar:com/ibm/ws/wssecurity/wssapi/token/impl/SCTGenerateLoginModule.class */
public class SCTGenerateLoginModule implements LoginModule {
    private static final String comp = "security.wssecurity";
    public static final String XMLDSIG_NAMESPACE = "http://www.w3.org/2000/09/xmldsig#";
    public static final String XMLENC_NS = "http://www.w3.org/2001/04/xmlenc#";
    public static final String TRIPLEDES_CBC = "http://www.w3.org/2001/04/xmlenc#tripledes-cbc";
    public static final String AES128_CBC = "http://www.w3.org/2001/04/xmlenc#aes128-cbc";
    public static final String AES192_CBC = "http://www.w3.org/2001/04/xmlenc#aes192-cbc";
    public static final String AES256_CBC = "http://www.w3.org/2001/04/xmlenc#aes256-cbc";
    public static final String HMAC = "http://www.w3.org/2000/09/xmldsig#hmac-sha1";
    public static final String RSA_1_5 = "http://www.w3.org/2001/04/xmlenc#rsa-1_5";
    public static final String KW_TRIPLEDES = "http://www.w3.org/2001/04/xmlenc#kw-tripledes";
    public static final String KWAES128 = "http://www.w3.org/2001/04/xmlenc#kw-aes128";
    public static final String KWAES192 = "http://www.w3.org/2001/04/xmlenc#kw-aes192";
    public static final String KWAES256 = "http://www.w3.org/2001/04/xmlenc#kw-aes256";
    public static final String RSA = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
    public static final String DSA = "http://www.w3.org/2000/09/xmldsig#dsa-sha1";
    private CallbackHandler _handler;
    private Map _sharedState;
    private List<SecurityToken> _processedTokens;
    private List<SecurityToken> _insertedTokens;
    private Object _referencedTokenElement;
    private SecurityTokenManager _securityTokenManager;
    private Map<Object, Object> _context;
    private boolean isWSSAPI = false;
    private QName _soapFault = null;
    private boolean _isOM = false;
    private boolean _isWSSObject = false;
    private static final TraceComponent tc = Tr.register(SCTGenerateLoginModule.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.wssmessages");
    private static final String clsName = SCTGenerateLoginModule.class.getName();
    private static final QName wsuQname = new QName(Constants.NS_WSU, "Id");
    static final KeyAlgorithm KA_HMAC = new KeyAlgorithm("HmacSHA1", 20);
    static final KeyAlgorithm KA_RSA = new KeyAlgorithm("SHA1withRSA", 20);
    static final KeyAlgorithm KA_DSA = new KeyAlgorithm("SHA1withDSA", 20);
    static final KeyAlgorithm KA_TRIPLEDES_CBC = new KeyAlgorithm("DESede", 24);
    static final KeyAlgorithm KA_AES128_CBC = new KeyAlgorithm("AES", 16);
    static final KeyAlgorithm KA_AES192_CBC = new KeyAlgorithm("AES", 24);
    static final KeyAlgorithm KA_AES256_CBC = new KeyAlgorithm("AES", 32);
    static final KeyAlgorithm KA_RSA_1_5 = new KeyAlgorithm("RSA", 16);
    static final KeyAlgorithm KA_KWAES128 = new KeyAlgorithm("DESede/CBC/NoPadding", 16);
    static final KeyAlgorithm KA_KWAES192 = new KeyAlgorithm("DESede/CBC/NoPadding", 24);
    static final KeyAlgorithm KA_KWAES256 = new KeyAlgorithm("DESede/CBC/NoPadding", 32);

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initialize(Subject subject, CallbackHandler handler, Map sharedState, Map options)");
        }
        this._handler = callbackHandler;
        this._sharedState = map;
        this._processedTokens = new ArrayList();
        this._insertedTokens = new ArrayList();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "initialize(Subject, CallbackHandler, Map, Map)");
        }
    }

    public boolean login() throws LoginException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "login()");
        }
        PropertyCallback propertyCallback = new PropertyCallback(null);
        SCTCallback sCTCallback = new SCTCallback();
        SCTGenerateCallback sCTGenerateCallback = new SCTGenerateCallback();
        try {
            this._handler.handle(new Callback[]{sCTCallback, sCTGenerateCallback, propertyCallback});
            this._context = propertyCallback.getProperties();
            this._securityTokenManager = (SecurityTokenManager) this._context.get(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_SECURITY_TOKEN_MANAGER);
            this.isWSSAPI = !sCTCallback.isExist();
            if (this.isWSSAPI) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "WSSAPI for WS-SC enables.");
                }
                loginForWSSAPI(sCTGenerateCallback, this._securityTokenManager);
            } else {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "The policy set for WS-SC enables.");
                }
                loginForPolicyset(sCTCallback, this._securityTokenManager);
            }
            if (!tc.isEntryEnabled()) {
                return true;
            }
            Tr.exit(tc, "login() returns.");
            return true;
        } catch (Exception e) {
            if (!(e instanceof IOException)) {
                throw new LoginException(ConfigUtil.getMessage("security.wssecurity.BSTokenLoginModule.s01", new String[]{e.toString()}));
            }
            if (e.getMessage() != null) {
            }
            throw new LoginException(e.getMessage());
        }
    }

    private final void loginForWSSAPI(SCTGenerateCallback sCTGenerateCallback, SecurityTokenManager securityTokenManager) throws LoginException {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("loginForWSSAPI(");
            stringBuffer.append("SCTGenerateCallback sctGenerateCallback, ");
            stringBuffer.append("SecurityTokenManager securityTokenManager)");
            Tr.entry(tc, stringBuffer.toString());
        }
        SCTWrapper sCTWrapper = null;
        if (isExistedBootstrapPolicy(sCTGenerateCallback.getBindingProvider())) {
            if (tc.isEntryEnabled()) {
                StringBuffer stringBuffer2 = new StringBuffer("loginForWSSAPI(");
                stringBuffer2.append("SCTCallback, SCTGenerateCallback)");
                Tr.exit(tc, stringBuffer2.toString());
                return;
            }
            return;
        }
        SCT sct = (SCT) sCTGenerateCallback.getToken();
        if (sct == null) {
            SCTWrapper requestSCTusingWSSAPI = requestSCTusingWSSAPI(sCTGenerateCallback.getWSSGenerationContext(), sCTGenerateCallback.getWSSConsumingContext(), sCTGenerateCallback.getServiceEndpointAddress(), sCTGenerateCallback);
            sCTGenerateCallback.setToken(requestSCTusingWSSAPI);
            this._processedTokens.add(requestSCTusingWSSAPI);
            if (tc.isEntryEnabled()) {
                StringBuffer stringBuffer3 = new StringBuffer("loginForWSSAPI(");
                stringBuffer3.append("SCTCallback, SCTGenerateCallback)");
                Tr.exit(tc, stringBuffer3.toString());
                return;
            }
            return;
        }
        String str = null;
        if (sct instanceof SCTWrapper) {
            sCTWrapper = (SCTWrapper) sct;
            sct = sCTWrapper.getSCT();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "SCT Generate callback getToken returns SCTWrapper");
                Tr.debug(tc, "SCT configuration map = " + sCTWrapper.getSCT().getMap().toString());
                Tr.debug(tc, "Instance=" + sct.getInstances());
            }
        } else if (sct instanceof SCT) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "SCT Generate callback getToken returns SCT");
                Tr.debug(tc, "SCT configuration map = " + sct.getMap().toString());
            }
            String[] instances = sct.getInstances();
            if (instances != null && instances.length > 0) {
                str = instances[instances.length - 1];
            }
            sCTWrapper = createSCTWrapper(sct, str);
            sCTWrapper.setSCT(sct);
        }
        String str2 = Constants.NS_WSC_SCT_13;
        String str3 = Constants.NS_WSC_SC_13;
        String localPart = sct.getValueType().getLocalPart();
        QName valueType = sct.getValueType();
        if (Constants.NS_WSC_SCT.equals(localPart)) {
            str3 = Constants.NS_WSC_SC;
        }
        String currentInstance = sCTWrapper.getCurrentInstance();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "SCT uuid = " + sct.getUUID() + " and SCT instance = " + currentInstance);
        }
        if (sct == null || sct.isCancelled() || !sct.isValid(currentInstance, 0L)) {
            this._soapFault = generateSoapFault("invalidSCT", localPart);
            this._context.put(SCAndTrustConstants.SC_FAULT_CODE, this._soapFault);
            throw new LoginException(ConfigUtil.getMessage("security.wssecurity.SCTGenerateLoginModule.invalidSCT"));
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Security context token is a valid token");
        }
        TokenGeneratorConfig tokenGeneratorConfig = (TokenGeneratorConfig) this._context.get(TokenGeneratorConfig.CONFIG_KEY);
        String str4 = (String) this._context.get(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEYINFO_TYPE);
        if (str4 != null) {
            ConfigUtil.isKeyInfoStrref(str4);
        }
        int i = 0;
        Object obj = this._context.get(Constants.WSS_VERSION);
        if (obj != null && (obj instanceof Integer)) {
            i = ((Integer) obj).intValue();
        }
        try {
            boolean checkToken = checkToken(tokenGeneratorConfig, str4, sCTWrapper, this._securityTokenManager);
            Object obj2 = this._context.get("com.ibm.ws.wssecurity.constants.processingElement");
            if (obj2 instanceof WSSObjectElement) {
                this._isWSSObject = true;
            } else {
                this._isOM = true;
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, " Looking for the SCT element in the message.. ");
            }
            boolean z = false;
            Object sCTChild = getSCTChild(obj2, str3);
            if (sCTChild != null) {
                if (getIdentifier(sCTChild, str3).equals(sct.getUUID())) {
                    this._referencedTokenElement = sCTChild;
                    z = true;
                }
                getSCTId(sCTChild);
            } else {
                this._processedTokens.add(sCTWrapper);
                this._insertedTokens.add(sCTWrapper);
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "SCT element exists in the message: " + z);
            }
            if (!checkToken) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "SCT doesn't exist in the subject. ");
                }
                Object obj3 = null;
                if (!z) {
                    String str5 = null;
                    if (sct.getInstances() != null && sct.getInstances().length > 1) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "SCT has more than one instance,instance should be included in the message. ");
                        }
                        str5 = sCTWrapper.getCurrentInstance();
                    }
                    String makeUniqueId = IdUtils.getInstance().makeUniqueId(this._context, "sct_");
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Using SCT id = " + makeUniqueId + ", to create SCT token.");
                    }
                    obj3 = createTokenObject(obj2, valueType, makeUniqueId, sct.getIdentifier(), str5, i);
                    if (this._isWSSObject) {
                        sCTWrapper.setXML(new WSSObjectStructureImpl((WSSObjectElement) obj3));
                    } else if (this._isOM) {
                        sCTWrapper.setXML(new OMStructure((OMElement) obj3));
                    }
                    sCTWrapper.setId(makeUniqueId);
                }
                if (tc.isDebugEnabled()) {
                    if (this._isWSSObject) {
                        Tr.debug(tc, "security context token WSSObjectElement looks like = " + obj3);
                    } else if (this._isOM) {
                        Tr.debug(tc, "security context token OMElement looks like = " + DOMUtils.toString((OMElement) obj3));
                    }
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Found SCT in the subject. ");
            }
            this._sharedState.put(com.ibm.wsspi.wssecurity.core.Constants.EXTERNAL_TOKEN_REFERENCE, sct.getUUID());
            if (sct.getInstances().length > 1) {
                this._sharedState.put(com.ibm.wsspi.wssecurity.core.Constants.BASE_TOKEN_INSTANCE, sCTWrapper.getCurrentInstance());
            }
            if (0 == 0) {
                this._sharedState.put(com.ibm.wsspi.wssecurity.core.Constants.INTERNAL_TOKEN_REFERENCE, sCTWrapper.getId());
            }
            this._sharedState.put(com.ibm.wsspi.wssecurity.core.Constants.BASE_TOKEN_VALUE_TYPE, sct.getValueType());
            this._sharedState.put(com.ibm.wsspi.wssecurity.core.Constants.BASE_TOKEN_CLIENT_SECRET, sct.getClientSecret(sCTWrapper.getCurrentInstance()));
            this._sharedState.put(com.ibm.wsspi.wssecurity.core.Constants.BASE_TOKEN_SERVER_SECRET, sct.getServerSecret(sCTWrapper.getCurrentInstance()));
            this._sharedState.put(com.ibm.wsspi.wssecurity.core.Constants.BASE_TOKEN_KEY_BYTES, sct.getSecret(sCTWrapper.getCurrentInstance()));
            this._sharedState.put(com.ibm.wsspi.wssecurity.core.Constants.BASE_TOKEN_IDENTIFIER_TYPE, com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_REFERENCE);
            this._sharedState.put(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_TOKEN_PROCESSED, this._processedTokens);
            this._sharedState.put(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_TOKEN_TO_BE_INSERTED, this._insertedTokens);
            if (tc.isEntryEnabled()) {
                StringBuffer stringBuffer4 = new StringBuffer("loginForWSSAPI(");
                stringBuffer4.append("SCTGenerateCallback, SecurityTokenManager)");
                Tr.exit(tc, stringBuffer4.toString());
            }
        } catch (SoapSecurityException e) {
            Tr.processException(e, clsName + ".login", "384");
            throw new LoginException(e.toString());
        }
    }

    private final void loginForPolicyset(SCTCallback sCTCallback, SecurityTokenManager securityTokenManager) throws LoginException {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("loginForPolicyset(");
            stringBuffer.append("SCTCallback sctCallback, ");
            stringBuffer.append("SecurityTokenManager securityTokenManager)");
            Tr.entry(tc, stringBuffer.toString());
        }
        SCT token = sCTCallback.getToken();
        SCTWrapper wrapperToken = sCTCallback.getWrapperToken();
        MessageContext messageContext = (MessageContext) this._context.get(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_MESSAGE_CONTEXT);
        try {
            boolean isServiceProvider = Axis2Util.isServiceProvider(messageContext);
            TokenGeneratorConfig tokenGeneratorConfig = (TokenGeneratorConfig) this._context.get(TokenGeneratorConfig.CONFIG_KEY);
            WSSGeneratorConfig wSSGeneratorConfig = (WSSGeneratorConfig) this._context.get("com.ibm.wsspi.wssecurity.config.wssGenerator.configKey");
            String str = (String) this._context.get(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEYINFO_TYPE);
            if (str != null) {
                ConfigUtil.isKeyInfoStrref(str);
            }
            int i = 0;
            Object obj = this._context.get(Constants.WSS_VERSION);
            if (obj != null && (obj instanceof Integer)) {
                i = ((Integer) obj).intValue();
            }
            String str2 = Constants.NS_WSC_SCT_13;
            String str3 = Constants.NS_WSC_SC_13;
            if (messageContext.getProperty(Constants.SCT_TOKEN_VALUE_TYPE) != null) {
                str2 = (String) messageContext.getProperty(Constants.SCT_TOKEN_VALUE_TYPE);
                messageContext.setProperty(Constants.SCT_TOKEN_VALUE_TYPE, (Object) null);
            }
            if (Constants.NS_WSC_SCT.equals(str2)) {
                str3 = Constants.NS_WSC_SC;
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "SCT Token Value Type = " + str2);
            }
            try {
                boolean checkToken = checkToken(tokenGeneratorConfig, str, wrapperToken, securityTokenManager);
                Object obj2 = this._context.get("com.ibm.ws.wssecurity.constants.processingElement");
                if (obj2 instanceof WSSObjectElement) {
                    this._isWSSObject = true;
                } else {
                    this._isOM = true;
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, " Looking for the SCT element in the message.. ");
                }
                boolean z = false;
                boolean z2 = false;
                if (((PolicyOutboundConfig) wSSGeneratorConfig).isTargetBindingsUsing10NS() || ((PolicyOutboundConfig) wSSGeneratorConfig).isDefaultBindingsUsing10NS()) {
                    z = true;
                } else {
                    String str4 = (String) tokenGeneratorConfig.getProperties().get(com.ibm.wsspi.wssecurity.core.Constants.PRE_V7_FORMAT_OF_INCLUDING_SCT_IN_MESSAGE);
                    if (str4 != null && str4.equals("true")) {
                        z2 = true;
                    }
                }
                boolean z3 = false;
                if (z || z2) {
                    if (isServiceProvider) {
                        String str5 = (String) tokenGeneratorConfig.getProperties().get(com.ibm.wsspi.wssecurity.core.Constants.INCLUDE_SCT_IN_RESPONSE);
                        if (str5 == null || "false".equalsIgnoreCase(str5)) {
                            z3 = true;
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Do not include SCT in response message.");
                            }
                        }
                    } else {
                        String str6 = (String) tokenGeneratorConfig.getProperties().get(com.ibm.wsspi.wssecurity.core.Constants.INCLUDE_SCT_IN_REQUEST);
                        if (str6 != null && str6.equalsIgnoreCase("false")) {
                            z3 = true;
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Do not include SCT in request message.");
                            }
                        }
                    }
                } else if (tokenGeneratorConfig.getProperties().get(Constants.EXTERNAL_URI_REFERENCE) != null && ((Boolean) tokenGeneratorConfig.getProperties().get(Constants.EXTERNAL_URI_REFERENCE)).booleanValue()) {
                    z3 = true;
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "External URI reference = true ");
                    }
                }
                boolean z4 = false;
                Object sCTChild = getSCTChild(obj2, str3);
                if (sCTChild != null) {
                    if (getIdentifier(sCTChild, str3).equals(token.getUUID())) {
                        z4 = true;
                        this._referencedTokenElement = sCTChild;
                    }
                    getSCTId(sCTChild);
                } else {
                    this._processedTokens.add(wrapperToken);
                    if (!z3) {
                        this._insertedTokens.add(wrapperToken);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Include SCT in the message.");
                        }
                    }
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "SCT element exists in the message: " + z4);
                }
                if (!checkToken) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "SCT doesn't exist in the subject. ");
                    }
                    Object obj3 = null;
                    if (!z4) {
                        String str7 = null;
                        if (token.getInstances() != null && token.getInstances().length > 1) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "SCT has more than one instance,instance should be included in the message. ");
                            }
                            str7 = wrapperToken.getCurrentInstance();
                        }
                        String str8 = "sct_" + IdUtils.getInstance().makeUniqueId(this._context).getStringValue();
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Using SCT id = " + str8 + ", to create SCT token.");
                        }
                        obj3 = createTokenObject(obj2, token.getValueType(), str8, token.getIdentifier(), str7, i);
                        if (this._isWSSObject) {
                            wrapperToken.setXML(new WSSObjectStructureImpl((WSSObjectElement) obj3));
                        } else if (this._isOM) {
                            wrapperToken.setXML(new OMStructure((OMElement) obj3));
                        }
                        wrapperToken.setId(str8);
                    }
                    if (tc.isDebugEnabled()) {
                        if (this._isWSSObject) {
                            Tr.debug(tc, "security context token WSSObjectElement looks like = " + obj3);
                        } else if (this._isOM) {
                            Tr.debug(tc, "security context token OMElement looks like = " + DOMUtils.toString((OMElement) obj3));
                        }
                    }
                } else if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Found SCT in the subject. ");
                }
                this._sharedState.put(com.ibm.wsspi.wssecurity.core.Constants.EXTERNAL_TOKEN_REFERENCE, token.getUUID());
                if (token.getInstances().length > 1) {
                    this._sharedState.put(com.ibm.wsspi.wssecurity.core.Constants.BASE_TOKEN_INSTANCE, wrapperToken.getCurrentInstance());
                }
                if (!z3) {
                    this._sharedState.put(com.ibm.wsspi.wssecurity.core.Constants.INTERNAL_TOKEN_REFERENCE, wrapperToken.getId());
                }
                this._sharedState.put(com.ibm.wsspi.wssecurity.core.Constants.BASE_TOKEN_VALUE_TYPE, token.getValueType());
                this._sharedState.put(com.ibm.wsspi.wssecurity.core.Constants.BASE_TOKEN_CLIENT_SECRET, token.getClientSecret(wrapperToken.getCurrentInstance()));
                this._sharedState.put(com.ibm.wsspi.wssecurity.core.Constants.BASE_TOKEN_SERVER_SECRET, token.getServerSecret(wrapperToken.getCurrentInstance()));
                this._sharedState.put(com.ibm.wsspi.wssecurity.core.Constants.BASE_TOKEN_KEY_BYTES, token.getSecret(wrapperToken.getCurrentInstance()));
                this._sharedState.put(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_TOKEN_PROCESSED, this._processedTokens);
                this._sharedState.put(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_TOKEN_TO_BE_INSERTED, this._insertedTokens);
                this._sharedState.put(com.ibm.wsspi.wssecurity.core.Constants.BASE_TOKEN_IDENTIFIER_TYPE, com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_REFERENCE);
                if (tc.isEntryEnabled()) {
                    StringBuffer stringBuffer2 = new StringBuffer("loginForPolicyset(");
                    stringBuffer2.append("SCTCallback, SCTGenerateCallback, SecurirityTokenManager)");
                    Tr.exit(tc, stringBuffer2.toString());
                }
            } catch (SoapSecurityException e) {
                Tr.processException(e, clsName + ".login", "717", this);
                throw new LoginException(e.toString());
            }
        } catch (Exception e2) {
            throw new LoginException(e2.getMessage());
        }
    }

    private final SCTWrapper requestSCTusingWSSAPI(WSSGenerationContext wSSGenerationContext, WSSConsumingContext wSSConsumingContext, String str, SCTGenerateCallback sCTGenerateCallback) throws LoginException {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("requestSCTusingWSSAPI(");
            stringBuffer.append("WSSGenerationContext gencont, WSSConsumingContext concont, ");
            stringBuffer.append("String serviceEndpointAddress[").append(str).append("], ");
            stringBuffer.append("SCTGenerateCallback sctGenerateCallback)");
            Tr.entry(tc, stringBuffer.toString());
        }
        String str2 = "http://schemas.xmlsoap.org/ws/2005/02/trust";
        SCT sct = null;
        String str3 = Constants.NS_SOAP;
        String localPart = ((QName) this._context.get(Constants.SCT_TOKEN_VALUE_TYPE)) != null ? ((QName) this._context.get(Constants.SCT_TOKEN_VALUE_TYPE)).getLocalPart() : Constants.NS_WSC_SCT_13;
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Token Value Type = " + localPart);
        }
        String str4 = (String) this._context.get(com.ibm.wsspi.wssecurity.core.Constants.TOLERATE_WSFP_TRUST_REQUEST);
        String str5 = null;
        String str6 = null;
        if (Constants.NS_WSC_SCT_13.equals(localPart)) {
            str2 = SCAndTrustConstants.SC_TRUST_NAMESPACES[0][2];
            str5 = SCAndTrustConstants.SC_TRUST_ACTION_NAMESPACES[0][0];
            str6 = SCAndTrustConstants.SC_TRUST_ACTION_NAMESPACES[0][1];
        } else if (Constants.NS_WSC_SCT.equals(localPart)) {
            str2 = SCAndTrustConstants.SC_TRUST_NAMESPACES[1][2];
            str5 = SCAndTrustConstants.SC_TRUST_ACTION_NAMESPACES[4][0];
            str6 = SCAndTrustConstants.SC_TRUST_ACTION_NAMESPACES[4][1];
        }
        int i = 32;
        String encyptionAlgorithm = sCTGenerateCallback.getEncyptionAlgorithm();
        if (encyptionAlgorithm != null) {
            KeyAlgorithm keyAlgorithm = getKeyAlgorithm(encyptionAlgorithm, false, false, false, true);
            String str7 = keyAlgorithm.algorithm;
            i = keyAlgorithm.keyLength;
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Encryption algorithm (JCE mapping) and key length are = " + str7 + ", " + i);
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Using WSSAPI, key length to use = " + i);
        }
        String num = Integer.toString(i * 8);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Using WSSAPI, key size in bits = " + num);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Using Trust Level = " + str2);
        }
        try {
            ITrustClient trustClient = TrustClientFactory.getTrustClient(str2);
            ITrustRequestSecurityTokenTemplate sTSRequestSecurityTokenTemplate = trustClient.getSTSRequestSecurityTokenTemplate();
            String str8 = Constants.NS_WSADDRS[0];
            sTSRequestSecurityTokenTemplate.setWSANamespace(str8);
            sTSRequestSecurityTokenTemplate.addTokenType(localPart);
            sTSRequestSecurityTokenTemplate.addRequestType(str5);
            sTSRequestSecurityTokenTemplate.addKeySize(num);
            byte[] generateBytes = WSSNonceGenerator.generateBytes(i);
            sTSRequestSecurityTokenTemplate.addEntropyNonce(Base64.encode(generateBytes));
            sTSRequestSecurityTokenTemplate.setTo(str);
            sTSRequestSecurityTokenTemplate.setAction(str6);
            String createUID = SecurityUIDGenerator.createUID();
            sTSRequestSecurityTokenTemplate.setMessageID(createUID);
            HashMap hashMap = new HashMap();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Setting final WS-Addressing level in the trust service request." + str8);
            }
            try {
                hashMap.put("MESSAGE_ID", createUID);
                hashMap.put("MESSAGE_TO", str);
                hashMap.put("MESSAGE_ACTION", str6);
                hashMap.put("SOAP_LEVEL", str3);
                hashMap.put("ADDRESSING_LEVEL", str8);
                hashMap.put("TRUST_LEVEL", str2);
                hashMap.put("KeySize", num);
                hashMap.put("TokenType", localPart);
                hashMap.put("CONTEXT_URI", "http://www.ibm.com/login/");
                hashMap.put("STS_NAME", ITrustConstants.STS_NAME_DEFAULT);
                if (str4 != null) {
                    hashMap.put("com.ibm.ws.wsspi.wssecurity.trust.tolerateFeaturePackMessages", str4);
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "serviceEndpointAddress: " + str);
                }
                ClientConfigurationFactory newInstance = ClientConfigurationFactory.newInstance();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "ClientConfigurationFactory.newInstance(): " + newInstance);
                }
                if (newInstance == null) {
                    Tr.error(tc, "security.wssecurity.SCTGenerateLoginModule.getClientConfigurationFactory");
                    throw SoapSecurityException.format("security.wssecurity.SCTGenerateLoginModule.getClientConfigurationFactory");
                }
                ConfigurationContext clientConfigurationContext = newInstance.getClientConfigurationContext();
                if (clientConfigurationContext == null) {
                    Tr.error(tc, "security.wssecurity.SCTGenerateLoginModule.getConfigurationContext");
                    throw SoapSecurityException.format("security.wssecurity.SCTGenerateLoginModule.getConfigurationContext");
                }
                AxisConfiguration axisConfiguration = clientConfigurationContext.getAxisConfiguration();
                if (axisConfiguration == null) {
                    Tr.error(tc, "security.wssecurity.SCTGenerateLoginModule.getAxisConfiguration");
                    throw SoapSecurityException.format("security.wssecurity.SCTGenerateLoginModule.getAxisConfiguration");
                }
                if (axisConfiguration.getService(str) == null) {
                    AxisService axisService = new AxisService(str);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "AxisService: " + axisService);
                    }
                    if (axisService == null) {
                        Tr.warning(tc, "security.wssecurity.SCTGenerateLoginModule.getAxisService", new Object[]{str});
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "creating an empty AxisService.");
                        }
                        axisService = new AxisService();
                        if (axisService == null) {
                            Tr.error(tc, "UNABLE TO CREATE EMPTY AxisService");
                        }
                    }
                    axisConfiguration.addService(axisService);
                    newInstance.completeAxis2Configuration(axisService);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "ccf.completeAxis2Configuration(): " + newInstance);
                    }
                } else if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Found Target axisService from AxisConfiguration.");
                }
                HashMap hashMap2 = new HashMap();
                hashMap2.put("STSCONFIGURATION", hashMap);
                hashMap2.put("RSTTEMPLATE", sTSRequestSecurityTokenTemplate);
                hashMap2.put(com.ibm.ws.wssecurity.trust.client.ITrustConstants.CONFIG_CONTEXT, clientConfigurationContext);
                HashMap hashMap3 = new HashMap();
                hashMap3.put(Constants.WSSAPI_CONFIG_KEY_GENERATOR, wSSGenerationContext);
                hashMap3.put(Constants.WSSAPI_CONFIG_KEY_CONSUMER, wSSConsumingContext);
                hashMap2.put("AXIS2_MESSAGECONTEXT_PROPERTYMAP", hashMap3);
                HashMap hashMap4 = new HashMap();
                hashMap4.putAll(hashMap2);
                ITrustRequestSecurityToken createRequestSecurityToken = trustClient.createRequestSecurityToken(sTSRequestSecurityTokenTemplate, hashMap2);
                AxisService axisService2 = createRequestSecurityToken.getAxisService();
                if (axisService2 != null) {
                    axisService2.addParameter(new Parameter("Sandesha2UnreliableMessage", "true"));
                }
                ServiceClient serviceClient = createRequestSecurityToken.getServiceClient();
                wSSGenerationContext.process(serviceClient);
                wSSConsumingContext.process(serviceClient);
                byte[] bArr = null;
                String str9 = null;
                String str10 = null;
                Date date = null;
                Date date2 = null;
                String str11 = "true";
                String str12 = "false";
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "About to call Trust client with Issue request.");
                }
                ITrustRequestSecurityTokenResponseCollection issue = trustClient.issue(createRequestSecurityToken);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Trust client Issue is successful.");
                }
                OMElement oMElement = null;
                Iterator<ITrustRequestSecurityTokenResponse> rSTRCollection = issue.getRSTRCollection();
                if (rSTRCollection.hasNext()) {
                    ITrustRequestSecurityTokenResponse next = rSTRCollection.next();
                    oMElement = next.getSecurityContextTokenElement();
                    str9 = next.getUUID();
                    str10 = next.getInstance();
                    bArr = next.getServerSecretBytes();
                    date = next.getCreatedDate();
                    date2 = next.getExpiresDate();
                    Integer keySize = next.getKeySize();
                    if (keySize != null) {
                        i = keySize.intValue();
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Key Size from the RSTR = " + i);
                        }
                    }
                    str11 = next.getRenewable();
                    str12 = next.getRenewableAfterExpiration();
                }
                SCT.KeyHistoryEntry keyHistoryEntry = new SCT.KeyHistoryEntry(str10, generateBytes, bArr, date, date2, SCT.SCTState.ISSUED);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "RSTR returns with Requested Security Token: uuid = " + str9 + ", created = " + date.toString() + ", expires = " + date2.toString() + ", and instance = " + str10 + ", serverSecret = " + Base64.encode(bArr) + ", clientEntropy = " + Base64.encode(generateBytes));
                }
                if (Constants.NS_WSC_SCT_13.equals(localPart)) {
                    sct = new SCT13(str9);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Token Value Type = " + sct.getValueType().getLocalPart());
                    }
                } else if (Constants.NS_WSC_SCT.equals(localPart)) {
                    sct = new SCT(str9);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Token Value Type = " + sct.getValueType().getLocalPart());
                    }
                }
                sct.setKeyHistoryEntry(keyHistoryEntry);
                sct.setClientID(str9);
                sct.setXML(new OMStructure(oMElement));
                sct.setMap(hashMap4);
                sct.setWssConsumingContext(wSSConsumingContext);
                sct.setWssGenerationContext(wSSGenerationContext);
                sct.setUsedForSigAndEnc(true);
                sct.setKeySize(i);
                sct.setRenewable(Boolean.valueOf(str11).booleanValue());
                sct.setRenewableAfterExpiration(Boolean.valueOf(str12).booleanValue());
                SCTWrapper createSCTWrapper = createSCTWrapper(sct, str10);
                createSCTWrapper.setSCT(sct);
                createSCTWrapper.setXML(new OMStructure(oMElement));
                createSCTWrapper.setWssGenerationContext(wSSGenerationContext);
                createSCTWrapper.setWssConsumingContext(wSSConsumingContext);
                createSCTWrapper.setMap(hashMap4);
                SecureConversationCacheHelper.setSecurityContextTokenToCache(str9, null, sct, null);
                serviceClient.cleanup();
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "requestSCTusingWSSAPI(WSSGenerationContext gencont, WSSConsumingContext concont, String serviceEndpointAddress)");
                }
                return createSCTWrapper;
            } catch (Exception e) {
                Tr.processException(e, clsName, ".requestSCTusingWSSAPI", "%C");
                Tr.error(tc, "security.wssecurity.SCTGenerateLoginModule.issueSCT", new Object[]{e});
                throw new LoginException(ConfigUtil.getMessage("security.wssecurity.SCTGenerateLoginModule.issueSCT", new String[]{e.toString()}));
            } catch (Throwable th) {
                Tr.processException(th, clsName, ".requestSCTusingWSSAPI", "%C");
                Tr.error(tc, "security.wssecurity.SCTGenerateLoginModule.issueSCT", new Object[]{th});
                throw new LoginException(ConfigUtil.getMessage("security.wssecurity.SCTGenerateLoginModule.issueSCT", new String[]{th.toString()}));
            }
        } catch (TrustException e2) {
            Tr.processException(e2, clsName, ".requestSCTusingWSSAPI", "%C");
            Tr.error(tc, "security.wssecurity.SCTGenerateLoginModule.issueSCT", new Object[]{e2});
            throw new LoginException(ConfigUtil.getMessage("security.wssecurity.SCTGenerateLoginModule.issueSCT", new String[]{e2.toString()}));
        }
    }

    public static final Date parseDateTime(String str) {
        if (str == null) {
            return null;
        }
        try {
            return UTC.parse(str);
        } catch (Exception e) {
            return null;
        }
    }

    public boolean commit() throws LoginException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "commit()");
        }
        int size = this._processedTokens.size();
        for (int i = 0; i < size; i++) {
            this._securityTokenManager.addToken(this._processedTokens.get(i));
        }
        this._context.put(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_TOKEN_PROCESSED, this._processedTokens);
        this._context.put(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_TOKEN_TO_BE_INSERTED, this._insertedTokens);
        this._context.put(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_TOKENELEMENT_REFERENCED, this._referencedTokenElement);
        if (!tc.isEntryEnabled()) {
            return true;
        }
        Tr.exit(tc, "commit()");
        return true;
    }

    public boolean abort() throws LoginException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "abort()");
        }
        if (!tc.isEntryEnabled()) {
            return false;
        }
        Tr.exit(tc, "abort()");
        return false;
    }

    public boolean logout() throws LoginException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "logout()");
        }
        if (!tc.isEntryEnabled()) {
            return false;
        }
        Tr.exit(tc, "logout()");
        return false;
    }

    private static final boolean checkToken(TokenGeneratorConfig tokenGeneratorConfig, String str, SecurityToken securityToken, SecurityTokenManager securityTokenManager) throws SoapSecurityException {
        String uuid;
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("checkToken(");
            stringBuffer.append("TokenGenratorConfig config, ");
            stringBuffer.append("String keyInfoType[").append(str).append("], ");
            stringBuffer.append("SecurityToken token, SecurityTokenManager securityTokenManager)");
            Tr.entry(tc, stringBuffer.toString());
        }
        boolean z = false;
        String str2 = null;
        if (securityToken instanceof SCTWrapper) {
            uuid = ((SCTWrapper) securityToken).getSCT().getUUID();
            str2 = ((SCTWrapper) securityToken).getCurrentInstance();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "uuid = " + uuid + ", instance = " + str2);
            }
        } else {
            uuid = ((SCT) securityToken).getUUID();
        }
        Collection<SecurityToken> tokens = securityTokenManager.getTokens(tokenGeneratorConfig, str);
        if (tokens != null && tokens.size() > 0) {
            Iterator<SecurityToken> it = tokens.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                SecurityToken next = it.next();
                if (!(next instanceof SCTWrapper)) {
                    if ((next instanceof SCT) && ((SCT) next).getUUID().equals(uuid)) {
                        z = true;
                        break;
                    }
                } else {
                    SCTWrapper sCTWrapper = (SCTWrapper) next;
                    String uuid2 = sCTWrapper.getUUID();
                    String currentInstance = sCTWrapper.getCurrentInstance();
                    if (uuid2.equals(uuid) && currentInstance.equals(str2)) {
                        z = true;
                        break;
                    }
                }
            }
        }
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer2 = new StringBuffer("checkToken(");
            stringBuffer2.append("TokenGenratorConfig, String, SecurityToken, SecurityTokenManager)");
            stringBuffer2.append(" return boolean[").append(z).append("]");
            Tr.exit(tc, stringBuffer2.toString());
        }
        return z;
    }

    private final Object createTokenObject(Object obj, QName qName, String str, String str2, String str3, int i) {
        WSSObjectElement wSSObjectElement = null;
        if (this._isWSSObject) {
            wSSObjectElement = createTokenWSSObject(obj, qName, str, str2, str3, i);
        } else if (this._isOM) {
            wSSObjectElement = createTokenElement(((OMElement) obj).getOMFactory(), (OMElement) obj, qName, str, str2, str3, i);
        }
        return wSSObjectElement;
    }

    private final WSSObjectElement createTokenWSSObject(Object obj, QName qName, String str, String str2, String str3, int i) {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("createTokenWSSObject(");
            stringBuffer.append("Object parent[").append(obj).append("], ");
            stringBuffer.append("QName valueType[").append(qName).append("], ");
            stringBuffer.append("String refId[").append(str).append("], ");
            stringBuffer.append("String uuid[").append(str2).append("], ");
            stringBuffer.append("String curInstance[").append(str3).append("], ");
            stringBuffer.append("int wssVersion[").append(i).append("])");
            Tr.entry(tc, stringBuffer.toString());
        }
        WSSObjectElementImpl wSSObjectElementImpl = (WSSObjectElementImpl) obj;
        String localPart = qName.getLocalPart();
        if (localPart != null && tc.isDebugEnabled()) {
            Tr.debug(tc, "SCT NS =  [" + localPart + "].");
        }
        com.ibm.ws.wssecurity.wssobject.util.QName qName2 = null;
        if (Constants.NS_WSC_SCT_13.equals(localPart)) {
            qName2 = Utf8ByteConstantsQNames.WSC_13.QN_SECURITY_CONTEXT_TOKEN;
        } else if (Constants.NS_WSC_SCT.equals(localPart)) {
            qName2 = Utf8ByteConstantsQNames.WSC.QN_SECURITY_CONTEXT_TOKEN;
        }
        SecurityContextToken securityContextToken = new SecurityContextToken(wSSObjectElementImpl.getWSSObjectDocument(), qName2);
        securityContextToken.setWsuId(IdUtils.getInstance().getVariablePart(str));
        securityContextToken.setIdentifier(VariablePartFactory.getInstance().createTextValueWithString(str2));
        if (str3 != null && !str3.isEmpty()) {
            securityContextToken.setInstance(VariablePartFactory.getInstance().createTextValueWithString(str3));
        }
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer2 = new StringBuffer("createTokenWSSObject(");
            stringBuffer2.append("Object, QName, String, String, String, int)");
            stringBuffer2.append(" returns WSSObjectElement [").append(securityContextToken).append("]");
            Tr.exit(tc, stringBuffer2.toString());
        }
        return securityContextToken;
    }

    public static final OMElement createTokenElement(OMFactory oMFactory, OMElement oMElement, QName qName, String str, String str2, String str3, int i) {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("createTokenElement(");
            stringBuffer.append("OMFactory factory, ");
            stringBuffer.append("OMElement parent[").append(DOMUtils.getDisplayName((OMNode) oMElement)).append("], ");
            stringBuffer.append("QName valueType[").append(qName).append("], ");
            stringBuffer.append("String refId[").append(str).append("], ");
            stringBuffer.append("String uuid[").append(str2).append("], ");
            stringBuffer.append("String curInstance[").append(str3).append("], ");
            stringBuffer.append("int wssVersion[").append(i).append("])");
            Tr.entry(tc, stringBuffer.toString());
        }
        String localPart = qName.getLocalPart();
        if (localPart != null && tc.isDebugEnabled()) {
            Tr.debug(tc, "SCT NS =  [" + localPart + "].");
        }
        String str4 = Constants.NS_WSC_SC_13;
        if (Constants.NS_WSC_SCT_13.equals(localPart)) {
            str4 = Constants.NS_WSC_SC_13;
        } else if (Constants.NS_WSC_SCT.equals(localPart)) {
            str4 = Constants.NS_WSC_SC;
        }
        String str5 = Constants.NAMESPACES[1][i];
        boolean z = false;
        String str6 = null;
        if (oMElement != null) {
            str6 = DOMUtils.getNamespacePrefix(oMElement, str4);
        }
        if (str6 == null) {
            z = true;
            str6 = "wsc";
        }
        OMElement createOMElement = oMFactory.createOMElement("SecurityContextToken", str4, str6);
        if (z) {
            createOMElement.declareNamespace(str4, "wsc");
        }
        boolean z2 = false;
        String str7 = null;
        if (oMElement != null) {
            str7 = DOMUtils.getNamespacePrefix(oMElement, str5);
        }
        if (str7 == null) {
            z2 = true;
            str7 = "wsu";
        }
        if (z2) {
            createOMElement.declareNamespace(str5, "wsu");
        }
        createOMElement.addAttribute("Id", str, createOMElement.getOMFactory().createOMNamespace(str5, str7));
        OMElement createOMElement2 = oMFactory.createOMElement("Identifier", str4, str6);
        createOMElement2.addChild(oMFactory.createOMText(str2));
        createOMElement.addChild(createOMElement2);
        if (str3 != null) {
            OMElement createOMElement3 = oMFactory.createOMElement("Instance", str4, str6);
            createOMElement3.addChild(oMFactory.createOMText(str3));
            createOMElement.addChild(createOMElement3);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Adding instance = " + str3);
                Tr.debug(tc, "After adding instance, = " + DOMUtils.toString(createOMElement));
            }
        }
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer2 = new StringBuffer("createTokenElement(");
            stringBuffer2.append("OMFactory, OMElement, QName, String, String, String, int)");
            stringBuffer2.append(" returns OMElement [").append(createOMElement).append("]");
            Tr.exit(tc, stringBuffer2.toString());
        }
        return createOMElement;
    }

    private static final int getKeyLength(boolean z, WSSGeneratorConfig wSSGeneratorConfig, TokenGeneratorConfig tokenGeneratorConfig) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "(boolean sig, String algorithmSuite, TokenGeneratorConfig config)");
        }
        String algorithmSuite = ((PolicyOutboundConfig) wSSGeneratorConfig).getAlgorithmSuite();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "The Algorithm Suite = " + algorithmSuite);
        }
        String str = (String) tokenGeneratorConfig.getProperties().get(com.ibm.wsspi.wssecurity.core.Constants.DERIVED_KEY_LENGTH);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "The specified Dervived Key Length is " + str);
        }
        return getKeyLength(z, algorithmSuite, str);
    }

    public static final int getKeyLength(boolean z, String str, String str2) {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("getKeyLength(boolean sig [");
            stringBuffer.append(z).append("], String algorithmSuite [").append(str).append("], String keyLengthInBinding [");
            stringBuffer.append(str2).append("])");
            Tr.entry(tc, stringBuffer.toString());
        }
        String minimumSymmetricKeyLength = PolicyConfigUtil.getMinimumSymmetricKeyLength(str);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Minimum Dervived Key Length for " + str + " is " + minimumSymmetricKeyLength);
        }
        int parseInt = Integer.parseInt(minimumSymmetricKeyLength) / 8;
        int i = parseInt;
        if (str2 != null && str2.length() > 0) {
            i = Integer.parseInt(str2);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "The specified Dervived Key Length is " + i);
            }
            if (i < parseInt) {
                i = parseInt;
            }
            if (i > 32) {
                i = 32;
            }
        } else if (i == 16 && z) {
            i = 20;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "The resulted Dervived Key Length is " + i);
        }
        return i;
    }

    public static final KeyAlgorithm getKeyAlgorithm(String str, boolean z, boolean z2, boolean z3, boolean z4) {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("getKeyAlgorithm(");
            stringBuffer.append("String algName[").append(str).append("], ");
            stringBuffer.append("boolean isV[").append(z).append("], ");
            stringBuffer.append("boolean isD[").append(z2).append("], ");
            stringBuffer.append("boolean isS[").append(z3).append("], ");
            stringBuffer.append("boolean isE[").append(z4).append("])");
            Tr.entry(tc, stringBuffer.toString());
        }
        if (z || z3) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "isV: " + z + ", isS: " + z3 + PolicyAttributesConstants.DELIMITER);
            }
            if ("http://www.w3.org/2000/09/xmldsig#hmac-sha1".equals(str)) {
                return KA_HMAC;
            }
            if ("http://www.w3.org/2000/09/xmldsig#rsa-sha1".equals(str)) {
                return KA_RSA;
            }
            if ("http://www.w3.org/2000/09/xmldsig#dsa-sha1".equals(str)) {
                return KA_DSA;
            }
            return null;
        }
        if (!z2 && !z4) {
            return null;
        }
        if ("http://www.w3.org/2001/04/xmlenc#tripledes-cbc".equals(str)) {
            return KA_TRIPLEDES_CBC;
        }
        if ("http://www.w3.org/2001/04/xmlenc#aes128-cbc".equals(str)) {
            return KA_AES128_CBC;
        }
        if ("http://www.w3.org/2001/04/xmlenc#aes192-cbc".equals(str)) {
            return KA_AES192_CBC;
        }
        if ("http://www.w3.org/2001/04/xmlenc#aes256-cbc".equals(str)) {
            return KA_AES256_CBC;
        }
        if ("http://www.w3.org/2001/04/xmlenc#rsa-1_5".equalsIgnoreCase(str)) {
            return KA_RSA_1_5;
        }
        if ("http://www.w3.org/2001/04/xmlenc#kw-aes128".equalsIgnoreCase(str)) {
            return KA_KWAES128;
        }
        if ("http://www.w3.org/2001/04/xmlenc#kw-aes192".equalsIgnoreCase(str)) {
            return KA_KWAES192;
        }
        if ("http://www.w3.org/2001/04/xmlenc#kw-aes256".equalsIgnoreCase(str)) {
            return KA_KWAES256;
        }
        return null;
    }

    private static final boolean isExistedBootstrapPolicy(BindingProvider bindingProvider) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isExistedBootstrapPolicy(BindingProvider bp)");
        }
        if (bindingProvider == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "bp is null. The bootstrap policy does not exist.");
            }
            if (!tc.isEntryEnabled()) {
                return false;
            }
            Tr.exit(tc, "isExistedBootstrapPolicy(BindingPolicy) returns false");
            return false;
        }
        EndpointDescription endpointDescription = null;
        if (bindingProvider instanceof org.apache.axis2.jaxws.spi.BindingProvider) {
            endpointDescription = ((org.apache.axis2.jaxws.spi.BindingProvider) bindingProvider).getEndpointDescription();
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "BindingProvider not an instance of org.apache.axis2.jaxws.spi.BindingProvider, is instance of " + bindingProvider.getClass().getName());
        }
        AxisService axisService = null;
        if (endpointDescription != null) {
            axisService = endpointDescription.getAxisService();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "AxisService from the binding provider = " + axisService);
            }
        }
        PrivateGeneratorConfig generatorConfigFromService = SecureConversationImpl.getGeneratorConfigFromService(axisService);
        PrivateConsumerConfig consumerConfigFromService = SecureConversationImpl.getConsumerConfigFromService(axisService);
        if (generatorConfigFromService != null && consumerConfigFromService != null && tc.isDebugEnabled()) {
            Tr.debug(tc, "bootstrap policy exists.");
        }
        if (!tc.isEntryEnabled()) {
            return true;
        }
        Tr.exit(tc, "isExistedBootstrapPolicy(BindingPolicy) returns true");
        return true;
    }

    public static final SCTWrapper createSCTWrapper(SCT sct, String str) {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("createSCTWrapper(");
            stringBuffer.append("SCT sctoken, String instance)");
            Tr.entry(tc, stringBuffer.toString());
        }
        String[] instances = sct.getInstances();
        SCT.KeyHistoryEntry[] keyHistoryEntryArr = new SCT.KeyHistoryEntry[instances.length];
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Instances in the list = " + instances.length);
        }
        for (int i = 0; i < instances.length; i++) {
            keyHistoryEntryArr[i] = sct.getKeyHistoryEntry(instances[i]);
        }
        SCTWrapper sCTWrapper = new SCTWrapper(sct.getUUID(), keyHistoryEntryArr, sct.getId(), str);
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer2 = new StringBuffer("createSCTWrapper(SCT, String)");
            stringBuffer2.append(" returns SCTWrapper [");
            stringBuffer2.append(sCTWrapper == null ? null : sCTWrapper.getCurrentInstance());
            stringBuffer2.append("]");
            Tr.exit(tc, stringBuffer2.toString());
        }
        return sCTWrapper;
    }

    private Object getSCTChild(Object obj, String str) {
        WSSObject wSSObject = null;
        if (this._isWSSObject) {
            ArrayList<WSSObject> children = ((WSSObjectElement) obj).getChildren();
            if (children.size() > 0) {
                Iterator<WSSObject> it = children.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    WSSObject next = it.next();
                    if (next instanceof SecurityContextToken) {
                        wSSObject = next;
                        break;
                    }
                }
            }
        } else if (this._isOM) {
            wSSObject = DOMUtils.getChildElement((OMElement) obj, str, "SecurityContextToken");
        }
        return wSSObject;
    }

    private String getIdentifier(Object obj, String str) {
        OMElement childElement;
        String str2 = null;
        if (this._isWSSObject) {
            str2 = ((SecurityContextToken) obj).getIdentifier().toString();
        } else if (this._isOM && (childElement = DOMUtils.getChildElement((OMElement) obj, str, "Identifier")) != null) {
            str2 = DOMUtils.getStringValue(childElement);
        }
        return str2;
    }

    private String getSCTId(Object obj) {
        String str = null;
        if (this._isWSSObject) {
            VariablePartAttributeValue attribute = WSSObjectUtils.getAttribute((WSSObjectElement) obj, wsuQname);
            if (attribute != null) {
                str = attribute.toString();
            }
        } else if (this._isOM) {
            QName idAttributeName = IdUtils.getInstance().getIdAttributeName((OMElement) obj);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "The identifier attribute QName of the target element is [" + idAttributeName + "].");
            }
            if (idAttributeName != null) {
                str = ((OMElement) obj).getAttributeValue(idAttributeName);
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "The Id attribute of the target element is [" + str + "].");
        }
        return str;
    }

    public static QName generateSoapFault(String str, String str2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "generateFault(String, String) " + str + ": " + str2);
        }
        QName qName = null;
        String str3 = Constants.NS_WSC_SC_13;
        if (Constants.NS_WSC_SCT.equals(str2)) {
            str3 = Constants.NS_WSC_SC;
        }
        if ("invalidSCT".equals(str)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Expired SCT. " + str);
            }
            return new QName(str3, Constants.SC_FAULT_RENEW_NEEDED_TXT, "wsc");
        }
        if ("invalidSCT02".equals(str) || "invalidSCT03".equals(str)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Cannot get valid SCT from trust service/client cache..Login Exception = " + str);
            }
            return new QName(str3, Constants.SC_FAULT_BAD_CONTEXT_TOKEN_TXT, "wsc");
        }
        if ("invalidSCT04".equals(str)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Cannot support this SCT. " + str);
            }
            return new QName(str3, Constants.SC_FAULT_UNSUPPORTED_CONTEXT_TOKEN_TXT, "wsc");
        }
        if ("expiredSCT02".equals(str)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Unable to renew. " + str);
            }
            return new QName(str3, "UnableToRenew", "wsc");
        }
        if (str.compareTo(ConfigUtil.getMessage("security.wssecurity.SCTConsumeLoginModule.invalidSCT02")) == 0 || str.compareTo(ConfigUtil.getMessage("security.wssecurity.SCTConsumeLoginModule.invalidSCT03")) == 0) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Cannot get valid SCT from trust service/client cache..Login Exception = " + str);
            }
            qName = new QName(str3, Constants.SC_FAULT_BAD_CONTEXT_TOKEN_TXT, "wsc");
        } else if (str.compareTo(ConfigUtil.getMessage("security.wssecurity.SCTGenerateLoginModule.invalidSCT")) == 0) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Expired SCT. " + str);
            }
            qName = new QName(str3, Constants.SC_FAULT_RENEW_NEEDED_TXT, "wsc");
        } else if (str.compareTo(ConfigUtil.getMessage("security.wssecurity.SCTConsumeLoginModule.invalidSCT04")) == 0) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Cannot support this SCT. " + str);
            }
            qName = new QName(str3, Constants.SC_FAULT_UNSUPPORTED_CONTEXT_TOKEN_TXT, "wsc");
        } else if (str.compareTo(ConfigUtil.getMessage("security.wssecurity.WSTrustCallbackHandler.expiredSCT02")) == 0) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Unable to renew. " + str);
            }
            qName = new QName(str3, "UnableToRenew", "wsc");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "generateFault(String, String)");
        }
        return qName;
    }
}
