package com.ibm.ws.wssecurity.admin;

import com.ibm.security.krb5.wss.util.SecurityTokenReference;
import com.ibm.websphere.wssecurity.admin.PolicyAttributesConstants;
import com.ibm.ws.websvcs.transport.common.TransportConstants;
import com.ibm.ws.wssecurity.admin.sts.commands.Constants;
import com.ibm.ws.wssecurity.common.Constants0;
import com.ibm.ws.wssecurity.keyinfo.KeyInfoConsumer;
import com.ibm.ws.wssecurity.platform.audit.WSSAuditEventGenerator;
import com.ibm.ws.wssecurity.util.Tr;
import com.ibm.ws.wssecurity.util.TraceComponent;
import com.ibm.xmlns.prod.websphere._200710.ws_securitybinding.BasicAuth;
import com.ibm.xmlns.prod.websphere._200710.ws_securitybinding.CRL;
import com.ibm.xmlns.prod.websphere._200710.ws_securitybinding.CallbackHandler;
import com.ibm.xmlns.prod.websphere._200710.ws_securitybinding.Caller;
import com.ibm.xmlns.prod.websphere._200710.ws_securitybinding.CallerIdentity;
import com.ibm.xmlns.prod.websphere._200710.ws_securitybinding.CertPathSettings;
import com.ibm.xmlns.prod.websphere._200710.ws_securitybinding.CertStoreList;
import com.ibm.xmlns.prod.websphere._200710.ws_securitybinding.CertStoreRef;
import com.ibm.xmlns.prod.websphere._200710.ws_securitybinding.CollectionCertStores;
import com.ibm.xmlns.prod.websphere._200710.ws_securitybinding.Consumerbindingref;
import com.ibm.xmlns.prod.websphere._200710.ws_securitybinding.DataEncryptionKeyInfo;
import com.ibm.xmlns.prod.websphere._200710.ws_securitybinding.EncryptionInfo;
import com.ibm.xmlns.prod.websphere._200710.ws_securitybinding.EncryptionPartReference;
import com.ibm.xmlns.prod.websphere._200710.ws_securitybinding.Generatorbindingref;
import com.ibm.xmlns.prod.websphere._200710.ws_securitybinding.JAASConfig;
import com.ibm.xmlns.prod.websphere._200710.ws_securitybinding.Key;
import com.ibm.xmlns.prod.websphere._200710.ws_securitybinding.KeyEncryptionKeyInfo;
import com.ibm.xmlns.prod.websphere._200710.ws_securitybinding.KeyInfo;
import com.ibm.xmlns.prod.websphere._200710.ws_securitybinding.KeyStore;
import com.ibm.xmlns.prod.websphere._200710.ws_securitybinding.LdapCertStores;
import com.ibm.xmlns.prod.websphere._200710.ws_securitybinding.LdapServer;
import com.ibm.xmlns.prod.websphere._200710.ws_securitybinding.Properties;
import com.ibm.xmlns.prod.websphere._200710.ws_securitybinding.RequiredSigningPartReference;
import com.ibm.xmlns.prod.websphere._200710.ws_securitybinding.SecurityBinding;
import com.ibm.xmlns.prod.websphere._200710.ws_securitybinding.SecurityBindings;
import com.ibm.xmlns.prod.websphere._200710.ws_securitybinding.SecurityInboundBindingConfig;
import com.ibm.xmlns.prod.websphere._200710.ws_securitybinding.SecurityOutboundBindingConfig;
import com.ibm.xmlns.prod.websphere._200710.ws_securitybinding.SigningInfo;
import com.ibm.xmlns.prod.websphere._200710.ws_securitybinding.SigningKeyInfo;
import com.ibm.xmlns.prod.websphere._200710.ws_securitybinding.SigningPartReference;
import com.ibm.xmlns.prod.websphere._200710.ws_securitybinding.TimestampExpires;
import com.ibm.xmlns.prod.websphere._200710.ws_securitybinding.TokenConsumer;
import com.ibm.xmlns.prod.websphere._200710.ws_securitybinding.TokenGenerator;
import com.ibm.xmlns.prod.websphere._200710.ws_securitybinding.TokenReference;
import com.ibm.xmlns.prod.websphere._200710.ws_securitybinding.Transform;
import com.ibm.xmlns.prod.websphere._200710.ws_securitybinding.TrustAnchor;
import com.ibm.xmlns.prod.websphere._200710.ws_securitybinding.TrustAnchorRef;
import com.ibm.xmlns.prod.websphere._200710.ws_securitybinding.TrustedIdentity;
import com.ibm.xmlns.prod.websphere._200710.ws_securitybinding.ValueType;
import com.ibm.xmlns.prod.websphere._200710.ws_securitybinding.X509Certificates;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.regex.Pattern;

/* loaded from: input_file:lib/com.ibm.wsfp.main.jar:com/ibm/ws/wssecurity/admin/BindingValidation.class */
public class BindingValidation implements PolicyAttributesConstants, BindingPropertyConstants {
    private static TraceComponent tc = Tr.register(BindingValidation.class, PolicyAttributesConstants.TRACE_GROUP, "com.ibm.ws.wssecurity.admin.resources.wssadminmsgs");
    private static BindingValidation instance = new BindingValidation();
    private HashMap tokenTypeMap = new HashMap();
    protected String className = getClass().getName();
    private HashMap orderMap = new HashMap();

    public static BindingValidation getInstance() {
        return instance;
    }

    public boolean validate(SecurityBindings securityBindings, String str) {
        boolean z = true;
        if (securityBindings.getSecurityBinding().isEmpty()) {
            Tr.warning(tc, "CWWSI9027W", new Object[]{"securityBinding", "SecurityBindings"});
            z = false;
        }
        Iterator<SecurityBinding> it = securityBindings.getSecurityBinding().iterator();
        while (it.hasNext()) {
            z &= validate(it.next(), str);
        }
        return z;
    }

    private boolean validate(SecurityBinding securityBinding, String str) {
        return true & (securityBinding.getSecurityInboundBindingConfig() == null || validate(securityBinding.getSecurityInboundBindingConfig(), str)) & (securityBinding.getSecurityOutboundBindingConfig() == null || validate(securityBinding.getSecurityOutboundBindingConfig(), str));
    }

    private boolean validate(SecurityOutboundBindingConfig securityOutboundBindingConfig, String str) {
        boolean z;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "validate SecurityOutboundBindingConfig", new Object[]{securityOutboundBindingConfig, str});
        }
        boolean z2 = true;
        this.orderMap.clear();
        if (securityOutboundBindingConfig.getGeneratorbindingref() != null) {
            z = true & validate(securityOutboundBindingConfig.getGeneratorbindingref());
            if (!securityOutboundBindingConfig.getSigningInfo().isEmpty() || !securityOutboundBindingConfig.getEncryptionInfo().isEmpty() || !securityOutboundBindingConfig.getKeyInfo().isEmpty() || !securityOutboundBindingConfig.getTokenGenerator().isEmpty() || securityOutboundBindingConfig.getCertStoreList() != null || securityOutboundBindingConfig.getTimestampExpires() != null || !securityOutboundBindingConfig.getProperties().isEmpty()) {
                Tr.warning(tc, "CWWSI9016W", new Object[]{"signingInfo", "generatorbindingref"});
                z = false;
            }
        } else {
            Iterator<SigningInfo> it = securityOutboundBindingConfig.getSigningInfo().iterator();
            while (it.hasNext()) {
                z2 &= validate(it.next(), true);
            }
            Iterator<EncryptionInfo> it2 = securityOutboundBindingConfig.getEncryptionInfo().iterator();
            while (it2.hasNext()) {
                z2 &= validate(it2.next(), true);
            }
            List<KeyInfo> arrayList = new ArrayList<>();
            for (KeyInfo keyInfo : securityOutboundBindingConfig.getKeyInfo()) {
                arrayList.add(keyInfo);
                z2 &= validate(keyInfo, false);
            }
            List arrayList2 = new ArrayList();
            HashMap hashMap = new HashMap();
            for (TokenGenerator tokenGenerator : securityOutboundBindingConfig.getTokenGenerator()) {
                z2 = z2 & validateUniqueToken(tokenGenerator, hashMap, arrayList2, arrayList) & validate(tokenGenerator);
            }
            if (z2 && arrayList2.size() > 1 && isDefaultNamedBindings(str)) {
                z2 &= validateUNTHasIDAssertion(arrayList2, securityOutboundBindingConfig);
            }
            z = z2 & (securityOutboundBindingConfig.getCertStoreList() == null || validate(securityOutboundBindingConfig.getCertStoreList())) & (securityOutboundBindingConfig.getTimestampExpires() == null || validate(securityOutboundBindingConfig.getTimestampExpires()));
        }
        Iterator<Properties> it3 = securityOutboundBindingConfig.getProperties().iterator();
        while (it3.hasNext()) {
            z &= validate(it3.next());
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "validate SecurityOutboundBindingConfig", Boolean.valueOf(z));
        }
        return z;
    }

    private boolean validateUniqueToken(Object obj, HashMap hashMap, List list, List<KeyInfo> list2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "validateUniqueToken", new Object[]{obj, hashMap, list, list2});
        }
        String str = "";
        ValueType valueType = null;
        boolean z = false;
        if (obj instanceof TokenGenerator) {
            TokenGenerator tokenGenerator = (TokenGenerator) obj;
            str = tokenGenerator.getName();
            valueType = tokenGenerator.getValueType();
        } else if (obj instanceof TokenConsumer) {
            TokenConsumer tokenConsumer = (TokenConsumer) obj;
            str = tokenConsumer.getName();
            valueType = tokenConsumer.getValueType();
        }
        if (valueType != null) {
            String localName = valueType.getLocalName();
            String str2 = localName + valueType.getUri();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "key: " + str2 + ". Name: " + str);
            }
            if (localName.endsWith("#UsernameToken")) {
                list.add(obj);
                z = true;
            } else if (hashMap.containsKey(str2)) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Duplicate Token entry.  Continue chekcing if referenced.");
                }
                boolean z2 = false;
                boolean z3 = false;
                String str3 = (String) hashMap.get(str2);
                Iterator<KeyInfo> it = list2.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    TokenReference tokenReference = it.next().getTokenReference();
                    if (tokenReference != null && tokenReference.getReference().equals(str)) {
                        z2 = true;
                    }
                    if (tokenReference != null && tokenReference.getReference().equals(str3)) {
                        z3 = true;
                    }
                    if (z2 && z3) {
                        z = true;
                        break;
                    }
                }
                if (!z) {
                    Tr.warning(tc, "CWWSI9103W", new Object[]{str, str3});
                    z = true;
                }
            } else {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Not a dup key entry.  Add to the list");
                }
                hashMap.put(str2, str);
                z = true;
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "validateUniqueToken", new Object[]{Boolean.valueOf(z), hashMap, list});
        }
        return z;
    }

    private boolean validateUNTHasIDAssertion(List list, Object obj) {
        CallbackHandler callbackHandler;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "validateUNTHasIDAssertion", new Object[]{list, obj});
        }
        boolean z = false;
        boolean z2 = false;
        if (list.size() > 2) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "More than 2 username token exists.");
            }
            Tr.warning(tc, "CWWSI9101W");
            z = false;
        } else {
            for (Object obj2 : list) {
                if (obj2 instanceof TokenGenerator) {
                    TokenGenerator tokenGenerator = (TokenGenerator) obj2;
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Checking TokenGenerator entry: " + tokenGenerator.getName());
                    }
                    callbackHandler = tokenGenerator.getCallbackHandler();
                } else {
                    TokenConsumer tokenConsumer = (TokenConsumer) obj2;
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Checking TokenConsumer entry: " + tokenConsumer.getName());
                    }
                    callbackHandler = tokenConsumer.getCallbackHandler();
                }
                if (callbackHandler != null) {
                    Iterator<Properties> it = callbackHandler.getProperties().iterator();
                    while (true) {
                        if (it.hasNext()) {
                            Properties next = it.next();
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Property Name: " + next.getName() + ".  Property Value: " + next.getValue());
                            }
                            if (next.getName().equals("com.ibm.wsspi.wssecurity.token.IDAssertion.isUsed") && next.getValue().equalsIgnoreCase("true")) {
                                if (z2) {
                                    Tr.warning(tc, "CWWSI9100W");
                                    z = false;
                                    break;
                                }
                                z = true;
                                z2 = true;
                            }
                        }
                    }
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "validateUNTHasIDAssertion", Boolean.valueOf(z));
        }
        return z;
    }

    private boolean validateTokenConsumerCallers(TokenConsumer tokenConsumer, Object obj) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "validateTokenConsumerCallers", new Object[]{tokenConsumer, obj});
        }
        boolean z = true;
        SecurityInboundBindingConfig securityInboundBindingConfig = (SecurityInboundBindingConfig) obj;
        if (securityInboundBindingConfig.getCaller().isEmpty()) {
            Tr.warning(tc, "CWWSI9096W", "This configuration is only valid only when using the Username token as a caller with trusted identity");
            z = true;
        } else {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Caller found.  Continue checking trusted/caller identity");
            }
            ValueType valueType = tokenConsumer.getValueType();
            String localName = valueType.getLocalName();
            String uri = valueType.getUri();
            for (Caller caller : securityInboundBindingConfig.getCaller()) {
                TrustedIdentity trustedIdentity = caller.getTrustedIdentity();
                if (trustedIdentity != null) {
                    String localName2 = trustedIdentity.getLocalName();
                    String uri2 = trustedIdentity.getUri();
                    if (!localName2.equals(localName) || !uri2.equals(uri)) {
                        z = false;
                        break;
                    }
                }
                if (z) {
                    CallerIdentity callerIdentity = caller.getCallerIdentity();
                    if (callerIdentity != null) {
                        String localName3 = callerIdentity.getLocalName();
                        String uri3 = callerIdentity.getUri();
                        if (!localName3.equals(localName) || !uri3.equals(uri)) {
                            z = false;
                            break;
                        }
                    } else {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Missing callerIdentity from Caller");
                        }
                        Tr.warning(tc, "CWWSI9027W", new Object[]{"callerIdentity", "Caller"});
                        z = false;
                    }
                }
            }
        }
        if (!z) {
            Tr.warning(tc, "CWWSI9097W");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "validateTokenConsumerCallers", Boolean.valueOf(z));
        }
        return z;
    }

    private boolean isDefaultNamedBindings(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isDefaultNamedBinding", str);
        }
        boolean z = false;
        String replace = str.replace('\\', '/');
        int indexOf = replace.indexOf("/cells/");
        if (indexOf > -1) {
            String substring = replace.substring(indexOf);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Real String to Evaluate is " + substring);
            }
            z = Pattern.compile("/cells/[^/]*/bindings/.*").matcher(substring).matches();
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isDefaultNamedBindings", Boolean.valueOf(z));
        }
        return z;
    }

    private boolean validate(Generatorbindingref generatorbindingref) {
        boolean z = true;
        if (generatorbindingref.getName() == null) {
            Tr.warning(tc, "CWWSI9027W", new Object[]{"name", "Generatorbindingref"});
            z = false;
        }
        if (generatorbindingref.getReference() == null) {
            Tr.warning(tc, "CWWSI9027W", new Object[]{SecurityTokenReference.REFERENCE, "Generatorbindingref"});
            z = false;
        }
        Iterator<Properties> it = generatorbindingref.getProperties().iterator();
        while (it.hasNext()) {
            z &= validate(it.next());
        }
        return z;
    }

    private boolean validate(SigningInfo signingInfo, boolean z) {
        boolean z2 = true;
        if (signingInfo.getName() == null) {
            Tr.warning(tc, "CWWSI9027W", new Object[]{"name", "signingInfo"});
            z2 = false;
        }
        if (z) {
            String order = signingInfo.getOrder();
            if (order == null) {
                z2 = false;
            } else if (this.orderMap.get(order) == null) {
                this.orderMap.put(order, signingInfo.getName());
            } else {
                Tr.warning(tc, "CWWSI9098W", new Object[]{signingInfo.getName(), order, (String) this.orderMap.get(order)});
                z2 = false;
            }
        }
        Iterator<SigningKeyInfo> it = signingInfo.getSigningKeyInfo().iterator();
        while (it.hasNext()) {
            z2 &= validate(it.next());
        }
        Iterator<SigningPartReference> it2 = signingInfo.getSigningPartReference().iterator();
        while (it2.hasNext()) {
            z2 &= validate(it2.next());
        }
        Iterator<Properties> it3 = signingInfo.getProperties().iterator();
        while (it3.hasNext()) {
            z2 &= validate(it3.next());
        }
        return z2;
    }

    private boolean validate(EncryptionInfo encryptionInfo, boolean z) {
        boolean z2 = true;
        if (encryptionInfo.getName() == null) {
            Tr.warning(tc, "CWWSI9027W", new Object[]{"name", "encryptionInfo"});
            z2 = false;
        }
        if (z) {
            String order = encryptionInfo.getOrder();
            if (order == null) {
                z2 = false;
            } else if (this.orderMap.get(order) == null) {
                this.orderMap.put(order, encryptionInfo.getName());
            } else {
                Tr.warning(tc, "CWWSI9099W", new Object[]{encryptionInfo.getName(), order, (String) this.orderMap.get(order)});
                z2 = false;
            }
        }
        boolean z3 = z2 & (encryptionInfo.getEncryptionPartReference() == null || validate(encryptionInfo.getEncryptionPartReference()));
        Iterator<KeyEncryptionKeyInfo> it = encryptionInfo.getKeyEncryptionKeyInfo().iterator();
        while (it.hasNext()) {
            z3 &= validate(it.next());
        }
        Iterator<Properties> it2 = encryptionInfo.getProperties().iterator();
        while (it2.hasNext()) {
            z3 &= validate(it2.next());
        }
        return z3;
    }

    private boolean validate(EncryptionPartReference encryptionPartReference) {
        boolean z = true;
        Iterator<DataEncryptionKeyInfo> it = encryptionPartReference.getDataEncryptionKeyInfo().iterator();
        while (it.hasNext()) {
            z &= validate(it.next());
        }
        return z;
    }

    private boolean validate(KeyEncryptionKeyInfo keyEncryptionKeyInfo) {
        boolean z = true;
        if (keyEncryptionKeyInfo.getReference() == null) {
            Tr.warning(tc, "CWWSI9027W", new Object[]{SecurityTokenReference.REFERENCE, "KeyEncryptionKeyInfo"});
            z = false;
        }
        return z;
    }

    private boolean validate(DataEncryptionKeyInfo dataEncryptionKeyInfo) {
        boolean z = true;
        if (dataEncryptionKeyInfo.getReference() == null) {
            Tr.warning(tc, "CWWSI9027W", new Object[]{SecurityTokenReference.REFERENCE, "DataEncryptionKeyInfo"});
            z = false;
        }
        return z;
    }

    private boolean validate(KeyInfo keyInfo, boolean z) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "BindingValidation.validate(KeyInfo)", new Object[]{keyInfo.getName(), keyInfo.getType(), Boolean.valueOf(z)});
        }
        boolean z2 = true;
        if (keyInfo.getName() == null) {
            Tr.warning(tc, "CWWSI9027W", new Object[]{"name", "KeyInfo"});
            z2 = false;
        }
        if (keyInfo.getType() == null || keyInfo.getType().equals("")) {
            if (!z) {
                Tr.warning(tc, "CWWSI9027W", new Object[]{"type", "KeyInfo"});
                z2 = false;
            }
        } else if (!keyInfo.getType().equals(KeyInfoConsumer.EMB) && !keyInfo.getType().equals(KeyInfoConsumer.THUMBPRINT) && !keyInfo.getType().equals(KeyInfoConsumer.KEYID) && !keyInfo.getType().equals(KeyInfoConsumer.STRREF) && !keyInfo.getType().equals(KeyInfoConsumer.X509ISSUER)) {
            Tr.warning(tc, "CWWSI9010W", new Object[]{"Type", "KeyInfo"});
            z2 = false;
        }
        if (keyInfo.getClassname() == null) {
            Tr.warning(tc, "CWWSI9027W", new Object[]{"classname", "KeyInfo"});
            z2 = false;
        }
        boolean z3 = z2 & (keyInfo.getTokenReference() == null || validate(keyInfo.getTokenReference()));
        Iterator<Properties> it = keyInfo.getProperties().iterator();
        while (it.hasNext()) {
            z3 &= validate(it.next());
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "BindingValidation.validate(KeyInfo), return " + z3);
        }
        return z3;
    }

    private boolean validate(TokenReference tokenReference) {
        boolean z = true;
        if (tokenReference.getReference() == null) {
            Tr.warning(tc, "CWWSI9027W", new Object[]{SecurityTokenReference.REFERENCE, "TokenReference"});
            z = false;
        }
        return z;
    }

    private boolean validate(TokenGenerator tokenGenerator) {
        boolean validate;
        boolean validate2;
        boolean validateCallbackHandler;
        boolean z = true;
        if (tokenGenerator.getName() == null) {
            Tr.warning(tc, "CWWSI9027W", new Object[]{"name", "TokenGenerator"});
            z = false;
        }
        if (tokenGenerator.getValueType() == null) {
            Tr.warning(tc, "CWWSI9027W", new Object[]{"valueType", "TokenGenerator"});
            validate = false;
        } else {
            validate = z & validate(tokenGenerator.getValueType());
        }
        boolean z2 = validate & (tokenGenerator.getSecurityTokenReference() == null || validate(tokenGenerator.getSecurityTokenReference()));
        if (tokenGenerator.getJAASConfig() == null) {
            Tr.warning(tc, "CWWSI9027W", new Object[]{"jAASConfig", "TokenGenerator"});
            validate2 = false;
        } else {
            validate2 = z2 & validate(tokenGenerator.getJAASConfig());
        }
        if (tokenGenerator.getCallbackHandler() == null) {
            Tr.warning(tc, "CWWSI9027W", new Object[]{Constants.PARAM_CALLBACK_HANDLER, "TokenGenerator"});
            validateCallbackHandler = false;
        } else {
            validateCallbackHandler = validate2 & validateCallbackHandler(tokenGenerator.getCallbackHandler(), BindingPropertyConstants.TOKEN_GENERATOR, tokenGenerator.getName(), tokenGenerator.getValueType());
        }
        Iterator<Properties> it = tokenGenerator.getProperties().iterator();
        while (it.hasNext()) {
            validateCallbackHandler &= validate(it.next());
        }
        return validateCallbackHandler;
    }

    private boolean validate(ValueType valueType) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "validate valueType", valueType);
        }
        boolean z = true;
        String localName = valueType.getLocalName();
        String uri = valueType.getUri();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "localName: " + localName + ". URI: " + uri);
        }
        if (localName == null) {
            Tr.warning(tc, "CWWSI9027W", new Object[]{"localName", "ValueType"});
            z = false;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "validate valueType", Boolean.valueOf(z));
        }
        return z;
    }

    private boolean validate(com.ibm.xmlns.prod.websphere._200710.ws_securitybinding.SecurityTokenReference securityTokenReference) {
        boolean z = true;
        if (securityTokenReference.getReference() == null) {
            Tr.warning(tc, "CWWSI9027W", new Object[]{SecurityTokenReference.REFERENCE, "SecurityTokenReference"});
            z = false;
        }
        return z;
    }

    private boolean validate(JAASConfig jAASConfig) {
        boolean z = true;
        if (jAASConfig.getConfigName() == null) {
            Tr.warning(tc, "CWWSI9027W", new Object[]{"configName", "JAASConfig"});
            z = false;
        }
        Iterator<Properties> it = jAASConfig.getProperties().iterator();
        while (it.hasNext()) {
            z &= validate(it.next());
        }
        return z;
    }

    private boolean validateCallbackHandler(CallbackHandler callbackHandler, String str, String str2, ValueType valueType) {
        String localName;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "validateCallbackHandler", new Object[]{str, str2});
        }
        boolean z = true;
        if (callbackHandler.getClassname() == null) {
            Tr.warning(tc, "CWWSI9027W", new Object[]{"classname", "CallbackHandler"});
            z = false;
        }
        boolean z2 = z & (callbackHandler.getKeyStore() == null || validate(callbackHandler.getKeyStore())) & (callbackHandler.getKey() == null || validate(callbackHandler.getKey())) & (callbackHandler.getCertPathSettings() == null || validate(callbackHandler.getCertPathSettings()));
        boolean z3 = true;
        if (str.equals(BindingPropertyConstants.TOKEN_CONSUMER)) {
            z3 = false;
        } else if (str.equals(BindingPropertyConstants.TOKEN_GENERATOR) && valueType != null && (localName = valueType.getLocalName()) != null && localName.equals(BindingPropertyConstants.LTPA_PROPAGATION)) {
            z3 = false;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "validateCallbackHandler, parentElement=" + str + ", tokenName=" + str2 + ", basicAuthIsValid=" + z3);
        }
        if (z3) {
            z2 &= callbackHandler.getBasicAuth() == null || validate(callbackHandler.getBasicAuth());
        } else if (str.equals(BindingPropertyConstants.TOKEN_CONSUMER) && callbackHandler.getBasicAuth() != null) {
            Tr.warning(tc, "CWWSI9107W", new Object[]{str2});
        } else if (str.equals(BindingPropertyConstants.TOKEN_GENERATOR) && callbackHandler.getBasicAuth() != null) {
            Tr.warning(tc, "CWWSI9106W", new Object[]{str2});
        }
        Iterator<Properties> it = callbackHandler.getProperties().iterator();
        while (it.hasNext()) {
            z2 &= validate(it.next());
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "validateCallbackHandler", new Object[]{str, str2, new Boolean(z2)});
        }
        return z2;
    }

    private boolean validate(KeyStore keyStore) {
        boolean z = true;
        if (keyStore.getKeyStoreRef() == null && (keyStore.getPath() == null || keyStore.getStorepass() == null || keyStore.getType() == null)) {
            Tr.warning(tc, "CWWSI9028W");
            z = false;
        }
        return z;
    }

    private boolean validate(Key key) {
        boolean z = true;
        if (key.getAlias() == null) {
            Tr.warning(tc, "CWWSI9027W", new Object[]{"alias", "Key"});
            z = false;
        }
        if (key.getName() == null) {
            Tr.warning(tc, "CWWSI9027W", new Object[]{"name", "Key"});
            z = false;
        }
        return z;
    }

    private boolean validate(CertPathSettings certPathSettings) {
        return true & (certPathSettings.getTrustAnchorRef() == null || validate(certPathSettings.getTrustAnchorRef())) & (certPathSettings.getCertStoreRef() == null || validate(certPathSettings.getCertStoreRef()));
    }

    private boolean validate(TrustAnchorRef trustAnchorRef) {
        boolean z = true;
        if (trustAnchorRef.getReference() == null) {
            Tr.warning(tc, "CWWSI9027W", new Object[]{SecurityTokenReference.REFERENCE, "TrustAnchorRef"});
            z = false;
        }
        return z;
    }

    private boolean validate(CertStoreRef certStoreRef) {
        boolean z = true;
        if (certStoreRef.getReference() == null) {
            Tr.warning(tc, "CWWSI9027W", new Object[]{SecurityTokenReference.REFERENCE, "CertStoreRef"});
            z = false;
        }
        return z;
    }

    private boolean validate(BasicAuth basicAuth) {
        boolean z = true;
        if (basicAuth.getUserid() == null) {
            Tr.warning(tc, "CWWSI9027W", new Object[]{TransportConstants.USER_ID, Constants0.STR_BASIC});
            z = false;
        }
        return z;
    }

    private boolean validate(CertStoreList certStoreList) {
        boolean z = true;
        for (Object obj : certStoreList.getLdapCertStoresOrCollectionCertStores()) {
            if (obj instanceof LdapCertStores) {
                z &= validate((LdapCertStores) obj);
            } else if (obj instanceof CollectionCertStores) {
                z &= validate((CollectionCertStores) obj);
            }
        }
        return z;
    }

    private boolean validate(LdapCertStores ldapCertStores) {
        boolean validate;
        boolean z = true;
        if (ldapCertStores.getName() == null) {
            Tr.warning(tc, "CWWSI9027W", new Object[]{"name", "LdapCertStores"});
            z = false;
        }
        if (ldapCertStores.getProvider() == null) {
            Tr.warning(tc, "CWWSI9027W", new Object[]{"provider", "LdapCertStores"});
            z = false;
        }
        if (ldapCertStores.getLdapServer() == null) {
            Tr.warning(tc, "CWWSI9027W", new Object[]{"ldapServer", "LdapCertStores"});
            validate = false;
        } else {
            validate = z & validate(ldapCertStores.getLdapServer());
        }
        return validate;
    }

    private boolean validate(LdapServer ldapServer) {
        boolean z = true;
        if (ldapServer.getHost() == null) {
            Tr.warning(tc, "CWWSI9027W", new Object[]{TransportConstants.HOST, "LdapServer"});
            z = false;
        }
        if (ldapServer.getPort() == null) {
            Tr.warning(tc, "CWWSI9027W", new Object[]{TransportConstants.PORT, "LdapServer"});
            z = false;
        }
        Iterator<Properties> it = ldapServer.getProperties().iterator();
        while (it.hasNext()) {
            z &= validate(it.next());
        }
        return z;
    }

    private boolean validate(Properties properties) {
        boolean z = true;
        if (properties.getName() == null) {
            Tr.warning(tc, "CWWSI9027W", new Object[]{"name", "Properties"});
            z = false;
        }
        if (properties.getValue() == null) {
            Tr.warning(tc, "CWWSI9027W", new Object[]{"value", "Properties"});
            z = false;
        }
        return z;
    }

    private boolean validate(CollectionCertStores collectionCertStores) {
        boolean z = true;
        if (collectionCertStores.getName() == null) {
            Tr.warning(tc, "CWWSI9027W", new Object[]{"name", "CollectionCertStores"});
            z = false;
        }
        if (collectionCertStores.getProvider() == null) {
            Tr.warning(tc, "CWWSI9027W", new Object[]{"provider", "CollectionCertStores"});
            z = false;
        }
        for (Object obj : collectionCertStores.getX509CertificatesOrCRL()) {
            if (obj instanceof X509Certificates) {
                z &= validate((X509Certificates) obj);
            } else if (obj instanceof CRL) {
                z &= validate((CRL) obj);
            }
        }
        return z;
    }

    private boolean validate(X509Certificates x509Certificates) {
        boolean z = true;
        if (x509Certificates.getPath() == null) {
            Tr.warning(tc, "CWWSI9027W", new Object[]{"Path", "X509Certificates"});
            z = false;
        }
        return z;
    }

    private boolean validate(CRL crl) {
        boolean z = true;
        if (crl.getPath() == null) {
            Tr.warning(tc, "CWWSI9027W", new Object[]{"Path", "CRL"});
            z = false;
        }
        return z;
    }

    private boolean validate(TimestampExpires timestampExpires) {
        boolean z = true;
        Iterator<Properties> it = timestampExpires.getProperties().iterator();
        while (it.hasNext()) {
            z &= validate(it.next());
        }
        return z;
    }

    private boolean validate(SigningKeyInfo signingKeyInfo) {
        boolean z = true;
        if (signingKeyInfo.getReference() == null) {
            Tr.warning(tc, "CWWSI9027W", new Object[]{SecurityTokenReference.REFERENCE, "SigningKeyInfo"});
            z = false;
        }
        return z;
    }

    private boolean validate(SigningPartReference signingPartReference) {
        boolean z = true;
        Iterator<Transform> it = signingPartReference.getTransform().iterator();
        while (it.hasNext()) {
            z &= validate(it.next());
        }
        return z;
    }

    private boolean validate(Transform transform) {
        boolean z = true;
        if (transform.getAlgorithm() == null) {
            Tr.warning(tc, "CWWSI9027W", new Object[]{"Algorithm", "Transform"});
            z = false;
        }
        Iterator<Properties> it = transform.getProperties().iterator();
        while (it.hasNext()) {
            z &= validate(it.next());
        }
        return z;
    }

    private boolean validate(SecurityInboundBindingConfig securityInboundBindingConfig, String str) {
        boolean validate;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "validate SecurityInboundBindingConfig", new Object[]{securityInboundBindingConfig, str});
        }
        boolean z = true;
        if (securityInboundBindingConfig.getConsumerbindingref() != null) {
            validate = true & validate(securityInboundBindingConfig.getConsumerbindingref());
            if (!securityInboundBindingConfig.getSigningInfo().isEmpty() || !securityInboundBindingConfig.getEncryptionInfo().isEmpty() || !securityInboundBindingConfig.getKeyInfo().isEmpty() || !securityInboundBindingConfig.getTokenConsumer().isEmpty() || !securityInboundBindingConfig.getTrustAnchor().isEmpty() || securityInboundBindingConfig.getCertStoreList() != null || securityInboundBindingConfig.getCaller() != null || !securityInboundBindingConfig.getProperties().isEmpty()) {
                Tr.warning(tc, "CWWSI9016W", new Object[]{"signingInfo", "consumerbindingref"});
                validate = false;
            }
        } else {
            Iterator<SigningInfo> it = securityInboundBindingConfig.getSigningInfo().iterator();
            while (it.hasNext()) {
                z &= validate(it.next(), false);
            }
            Iterator<EncryptionInfo> it2 = securityInboundBindingConfig.getEncryptionInfo().iterator();
            while (it2.hasNext()) {
                z &= validate(it2.next(), false);
            }
            List<KeyInfo> arrayList = new ArrayList<>();
            for (KeyInfo keyInfo : securityInboundBindingConfig.getKeyInfo()) {
                arrayList.add(keyInfo);
                z &= validate(keyInfo, true);
            }
            List arrayList2 = new ArrayList();
            HashMap hashMap = new HashMap();
            for (TokenConsumer tokenConsumer : securityInboundBindingConfig.getTokenConsumer()) {
                z = z & validateUniqueToken(tokenConsumer, hashMap, arrayList2, arrayList) & validate(tokenConsumer);
            }
            if (z && arrayList2.size() > 1 && isDefaultNamedBindings(str)) {
                z &= validateUNTHasIDAssertion(arrayList2, securityInboundBindingConfig);
                if (z) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Continue checking trusted/caller identity for the TokenConsumers");
                    }
                    z &= validateTokenConsumerCallers((TokenConsumer) arrayList2.get(0), securityInboundBindingConfig);
                }
            }
            Iterator<TrustAnchor> it3 = securityInboundBindingConfig.getTrustAnchor().iterator();
            while (it3.hasNext()) {
                z &= validate(it3.next());
            }
            validate = z & (securityInboundBindingConfig.getCertStoreList() == null || validate(securityInboundBindingConfig.getCertStoreList())) & validate(securityInboundBindingConfig.getCaller());
        }
        Iterator<Properties> it4 = securityInboundBindingConfig.getProperties().iterator();
        while (it4.hasNext()) {
            validate &= validate(it4.next());
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "validate SecurityInboundBindingConfig", Boolean.valueOf(validate));
        }
        return validate;
    }

    private boolean validate(Consumerbindingref consumerbindingref) {
        boolean z = true;
        if (consumerbindingref.getName() == null) {
            Tr.warning(tc, "CWWSI9027W", new Object[]{"Name", "Consumerbindingref"});
            z = false;
        }
        if (consumerbindingref.getReference() == null) {
            Tr.warning(tc, "CWWSI9027W", new Object[]{SecurityTokenReference.REFERENCE, "Consumerbindingref"});
            z = false;
        }
        Iterator<Properties> it = consumerbindingref.getProperties().iterator();
        while (it.hasNext()) {
            z &= validate(it.next());
        }
        return z;
    }

    private boolean validate(TokenConsumer tokenConsumer) {
        boolean validate;
        boolean validate2;
        boolean z = true;
        if (tokenConsumer.getName() == null) {
            Tr.warning(tc, "CWWSI9027W", new Object[]{"name", BindingPropertyConstants.TOKEN_CONSUMER});
            z = false;
        }
        if (tokenConsumer.getValueType() == null) {
            Tr.warning(tc, "CWWSI9027W", new Object[]{"valueType", BindingPropertyConstants.TOKEN_CONSUMER});
            validate = false;
        } else {
            validate = z & validate(tokenConsumer.getValueType());
        }
        boolean z2 = validate & (tokenConsumer.getSecurityTokenReference() == null || validate(tokenConsumer.getSecurityTokenReference()));
        if (tokenConsumer.getJAASConfig() == null) {
            Tr.warning(tc, "CWWSI9027W", new Object[]{"jAASConfig", BindingPropertyConstants.TOKEN_CONSUMER});
            validate2 = false;
        } else {
            validate2 = z2 & validate(tokenConsumer.getJAASConfig());
        }
        boolean z3 = validate2 & (tokenConsumer.getCallbackHandler() == null || validateCallbackHandler(tokenConsumer.getCallbackHandler(), BindingPropertyConstants.TOKEN_CONSUMER, tokenConsumer.getName(), tokenConsumer.getValueType()));
        Iterator<Properties> it = tokenConsumer.getProperties().iterator();
        while (it.hasNext()) {
            z3 &= validate(it.next());
        }
        return z3;
    }

    private boolean validate(TrustAnchor trustAnchor) {
        boolean validate;
        boolean z = true;
        if (trustAnchor.getName() == null) {
            Tr.warning(tc, "CWWSI9027W", new Object[]{"Name", "TrustAnchor"});
            z = false;
        }
        if (trustAnchor.getKeyStore() == null) {
            Tr.warning(tc, "CWWSI9027W", new Object[]{WSSAuditEventGenerator.KEYSTORE, "TrustAnchor"});
            validate = false;
        } else {
            validate = z & validate(trustAnchor.getKeyStore());
        }
        return validate;
    }

    /* JADX WARN: Code restructure failed: missing block: B:41:0x009a, code lost:
    
        if (com.ibm.ws.wssecurity.admin.BindingValidation.tc.isDebugEnabled() == false) goto L18;
     */
    /* JADX WARN: Code restructure failed: missing block: B:42:0x009d, code lost:
    
        com.ibm.ws.wssecurity.util.Tr.debug(com.ibm.ws.wssecurity.admin.BindingValidation.tc, "No order attribute found");
     */
    /* JADX WARN: Code restructure failed: missing block: B:43:0x00a6, code lost:
    
        com.ibm.ws.wssecurity.util.Tr.warning(com.ibm.ws.wssecurity.admin.BindingValidation.tc, "CWWSI9109W", new java.lang.Object[]{r0.getName()});
        r9 = false;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private boolean validate(java.util.List<com.ibm.xmlns.prod.websphere._200710.ws_securitybinding.Caller> r8) {
        /*
            Method dump skipped, instructions count: 346
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ws.wssecurity.admin.BindingValidation.validate(java.util.List):boolean");
    }

    private boolean validate(Caller caller) {
        boolean validate;
        boolean validate2;
        boolean z = true;
        if (caller.getName() == null) {
            Tr.warning(tc, "CWWSI9027W", new Object[]{"Name", "caller"});
            z = false;
        }
        if (caller.getJAASConfig() == null) {
            Tr.warning(tc, "CWWSI9027W", new Object[]{"jAASConfig", "caller"});
            validate = false;
        } else {
            validate = z & validate(caller.getJAASConfig());
        }
        boolean z2 = validate & (caller.getCallbackHandler() == null || validateCallbackHandler(caller.getCallbackHandler(), "caller", caller.getName(), null));
        if (caller.getCallerIdentity() == null) {
            Tr.warning(tc, "CWWSI9027W", new Object[]{"callerIdentity", "caller"});
            validate2 = false;
        } else {
            validate2 = z2 & validate(caller.getCallerIdentity());
        }
        return validate2 & (caller.getTrustedIdentity() == null || validate(caller.getTrustedIdentity())) & (caller.getRequiredSigningPartReference() == null || validate(caller.getRequiredSigningPartReference()));
    }

    private boolean validate(CallerIdentity callerIdentity) {
        boolean z = true;
        if (callerIdentity.getLocalName() == null) {
            Tr.warning(tc, "CWWSI9027W", new Object[]{"localName", "caller"});
            z = false;
        }
        return z;
    }

    private boolean validate(TrustedIdentity trustedIdentity) {
        return true;
    }

    private boolean validate(RequiredSigningPartReference requiredSigningPartReference) {
        boolean z = true;
        if (requiredSigningPartReference.getReference() == null) {
            Tr.warning(tc, "CWWSI9027W", new Object[]{SecurityTokenReference.REFERENCE, "requiredSigningPartReference"});
            z = false;
        }
        return z;
    }
}
