package com.ibm.ws.wssecurity.wssapi.token.impl;

import com.ibm.websphere.wssecurity.callbackhandler.PropertyCallback;
import com.ibm.websphere.wssecurity.callbackhandler.X509GenerateCallback;
import com.ibm.websphere.wssecurity.wssapi.token.SecurityToken;
import com.ibm.websphere.wssecurity.wssapi.token.X509Token;
import com.ibm.ws.wssecurity.common.Constants0;
import com.ibm.ws.wssecurity.util.Axis2Util;
import com.ibm.ws.wssecurity.util.ConfigUtil;
import com.ibm.ws.wssecurity.util.DOMUtils;
import com.ibm.ws.wssecurity.util.IdUtils;
import com.ibm.ws.wssecurity.util.NamespaceUtil;
import com.ibm.ws.wssecurity.util.TokenUtils;
import com.ibm.ws.wssecurity.util.Tr;
import com.ibm.ws.wssecurity.util.TraceComponent;
import com.ibm.ws.wssecurity.util.WSSecurityFactoryBuilder;
import com.ibm.ws.wssecurity.wssapi.OMStructure;
import com.ibm.ws.wssecurity.wssapi.WSSObjectStructureImpl;
import com.ibm.ws.wssecurity.wssapi.token.impl.KeyStoreManager;
import com.ibm.ws.wssecurity.wssobject.impl.wsse10.BinarySecurityToken;
import com.ibm.ws.wssecurity.wssobject.interfaces.WSSObjectElement;
import com.ibm.ws.wssecurity.wssobject.util.VariablePartFactory;
import com.ibm.ws.wssecurity.wssobject.util.VariablePartTextValue;
import com.ibm.wsspi.wssecurity.core.Constants;
import com.ibm.wsspi.wssecurity.core.SoapSecurityException;
import com.ibm.wsspi.wssecurity.core.config.CallbackHandlerConfig;
import com.ibm.wsspi.wssecurity.core.config.TokenConsumerConfig;
import com.ibm.wsspi.wssecurity.core.config.TokenGeneratorConfig;
import com.ibm.wsspi.wssecurity.core.token.SecurityTokenManager;
import java.security.AccessController;
import java.security.Key;
import java.security.PrivilegedAction;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import javax.xml.namespace.QName;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMFactory;
import org.apache.axiom.om.OMNode;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.context.OperationContext;

/* loaded from: input_file:lib/com.ibm.wsfp.main.jar:com/ibm/ws/wssecurity/wssapi/token/impl/X509GenerateLoginModule.class */
public class X509GenerateLoginModule implements LoginModule {
    private static final String comp = "security.wssecurity";
    CallbackHandler _handler;
    List<SecurityToken> _processedTokens;
    List<SecurityToken> _insertedTokens;
    SecurityTokenManager _securityTokenManager;
    Map<Object, Object> _context;
    Map _sharedState;
    private static final TraceComponent tc = Tr.register(X509GenerateLoginModule.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.wssmessages");
    private static final String clsName = X509GenerateLoginModule.class.getName();
    private static final String VALUE_TYPE = "ValueType".intern();
    private static final String ENCODING_TYPE = "EncodingType".intern();
    private static String _factoryKey = (String) WSSecurityFactoryBuilder.getImplClassName("com.ibm.ws.wssecurity.platform.X509Token");
    private static TokenFactory _tokenFactory = TokenFactoryFactory.getTokenFactory(_factoryKey);

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initialize(Subject subject, CallbackHandler handler, Map sharedState, Map options)");
        }
        this._handler = callbackHandler;
        this._processedTokens = new ArrayList();
        this._insertedTokens = new ArrayList();
        this._sharedState = map;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "initialize(Subject, CallbackHandler, Map, Map)");
        }
    }

    public boolean login() throws LoginException {
        KeyStoreManager.KeyInformation keyInformation;
        boolean isKeyInfoKeyname;
        boolean isKeyInfoKeyid;
        boolean isKeyInfoStrref;
        boolean isKeyInfoEmb;
        boolean isKeyInfoX509issuer;
        boolean isKeyInfoThumbprint;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "login()");
        }
        X509GenerateCallback x509GenerateCallback = new X509GenerateCallback();
        PropertyCallback propertyCallback = new PropertyCallback(null);
        try {
            this._handler.handle(new Callback[]{x509GenerateCallback, propertyCallback});
            this._context = propertyCallback.getProperties();
            MessageContext messageContext = (MessageContext) this._context.get(Constants.WSSECURITY_MESSAGE_CONTEXT);
            this._securityTokenManager = (SecurityTokenManager) this._context.get(Constants.WSSECURITY_SECURITY_TOKEN_MANAGER);
            TokenGeneratorConfig tokenGeneratorConfig = (TokenGeneratorConfig) this._context.get(TokenGeneratorConfig.CONFIG_KEY);
            Boolean valueOf = Boolean.valueOf(getUseErrata(messageContext, tokenGeneratorConfig));
            X509TokenImpl customerX509Token = getCustomerX509Token(messageContext, this._context, this._sharedState, true);
            if (customerX509Token != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "An overriding token was found.");
                }
                keyInformation = getCustomTokenKeyInformation(customerX509Token, tokenGeneratorConfig);
                if (valueOf.booleanValue()) {
                    customerX509Token.setTokenToErrata10();
                }
            } else {
                KeyStoreManager keyStoreManager = KeyStoreManager.getInstance();
                if (x509GenerateCallback.isUsedIdentityAssertion()) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Checking the certificate of initial sender...");
                    }
                    if (messageContext == null) {
                        throw new LoginException(ConfigUtil.getMessage("security.wssecurity.WSEC6836E"));
                    }
                    Object property = messageContext.getProperty(Constants.WSSECURITY_INITIAL_SENDER_CERT);
                    if (property == null || !(property instanceof X509Certificate)) {
                        throw new LoginException(ConfigUtil.getMessage("security.wssecurity.WSEC6836E"));
                    }
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "The certificate of initial sender is used.");
                    }
                    try {
                        keyInformation = keyStoreManager.getKeyInformation((X509Certificate) property);
                    } catch (SoapSecurityException e) {
                        Tr.processException(e, clsName + ".login", "182", this);
                        throw new LoginException(e.toString());
                    }
                } else if (x509GenerateCallback.isUsedRequestorCertificate()) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Checking the certificate of requestor...");
                    }
                    if (messageContext == null) {
                        throw new LoginException(ConfigUtil.getMessage("security.wssecurity.WSEC6808E"));
                    }
                    Object property2 = Axis2Util.getProperty(messageContext, Constants0.REQUEST_CERT);
                    if (property2 == null || !(property2 instanceof X509Certificate)) {
                        throw new LoginException(ConfigUtil.getMessage("security.wssecurity.WSEC6808E"));
                    }
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "The certificate of requestor is used.");
                    }
                    try {
                        keyInformation = keyStoreManager.getKeyInformation((X509Certificate) property2);
                    } catch (SoapSecurityException e2) {
                        Tr.processException(e2, clsName + ".login", "206", this);
                        throw new LoginException(e2.toString());
                    }
                } else {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Getting the key information using the configuration...");
                    }
                    try {
                        String keyStorePath = x509GenerateCallback.getKeyStorePath();
                        if (keyStorePath == null) {
                            keyStorePath = x509GenerateCallback.getKeyStoreReference();
                        }
                        keyInformation = keyStoreManager.getKeyInformation(keyStorePath, x509GenerateCallback.getKeyStoreType(), x509GenerateCallback.getKeyStorePassword(), x509GenerateCallback.getKeyStoreReference(), x509GenerateCallback.getAlias(), x509GenerateCallback.getKeyPassword(), x509GenerateCallback.getKeyName());
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "The key information got with the configuration is used.");
                        }
                    } catch (SoapSecurityException e3) {
                        Tr.processException(e3, clsName + ".login", "222", this);
                        throw new LoginException(e3.toString());
                    }
                }
            }
            String str = (String) this._context.get(Constants.WSSECURITY_KEYINFO_TYPE);
            try {
                X509Certificate x509Certificate = (X509Certificate) keyInformation.getCertificate();
                String subjectDN = keyInformation.getSubjectDN();
                SecurityToken token = getToken(tokenGeneratorConfig, str, x509Certificate, this._securityTokenManager);
                boolean z = true;
                String str2 = (String) tokenGeneratorConfig.getProperties().get(Constants.TOKEN_FORWARDABLE);
                if (str2 != null && str2.equalsIgnoreCase("false")) {
                    z = false;
                }
                boolean isStandAlone = tokenGeneratorConfig.isStandAlone();
                if (str == null) {
                    isKeyInfoThumbprint = false;
                    isKeyInfoX509issuer = false;
                    isKeyInfoEmb = false;
                    isKeyInfoStrref = false;
                    isKeyInfoKeyid = false;
                    isKeyInfoKeyname = false;
                } else {
                    isKeyInfoKeyname = ConfigUtil.isKeyInfoKeyname(str);
                    isKeyInfoKeyid = ConfigUtil.isKeyInfoKeyid(str);
                    isKeyInfoStrref = ConfigUtil.isKeyInfoStrref(str);
                    isKeyInfoEmb = ConfigUtil.isKeyInfoEmb(str);
                    isKeyInfoX509issuer = ConfigUtil.isKeyInfoX509issuer(str);
                    isKeyInfoThumbprint = ConfigUtil.isKeyInfoThumbprint(str);
                }
                if (token == null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "There is no token [" + subjectDN + "] stored in the Subject.");
                    }
                    Object obj = this._context.get("com.ibm.ws.wssecurity.constants.processingElement");
                    X509TokenImpl x509TokenImpl = customerX509Token != null ? customerX509Token : (X509TokenImpl) _tokenFactory.getToken(z);
                    if (valueOf.booleanValue()) {
                        x509TokenImpl.setTokenToErrata10();
                    }
                    try {
                        if (isStandAlone) {
                            x509TokenImpl.setId(IdUtils.getInstance().makeUniqueId(this._context, "x509bst_"));
                            createTokenElement(obj, tokenGeneratorConfig.getType(), keyInformation, x509TokenImpl, true, this._context);
                            this._processedTokens.add(x509TokenImpl);
                            this._insertedTokens.add(x509TokenImpl);
                        } else if (isKeyInfoStrref) {
                            String makeUniqueId = IdUtils.getInstance().makeUniqueId(this._context, "x509bst_");
                            x509TokenImpl.setId(makeUniqueId);
                            x509TokenImpl.setReferenceURI("#" + makeUniqueId);
                            createTokenElement(obj, tokenGeneratorConfig.getType(), keyInformation, x509TokenImpl, true, this._context);
                            this._processedTokens.add(x509TokenImpl);
                            this._insertedTokens.add(x509TokenImpl);
                        } else if (isKeyInfoEmb) {
                            x509TokenImpl.setId(IdUtils.getInstance().makeUniqueId(this._context, "x509bst_"));
                            createTokenElement(obj, tokenGeneratorConfig.getType(), keyInformation, x509TokenImpl, false, this._context);
                            this._processedTokens.add(x509TokenImpl);
                            this._insertedTokens.add(x509TokenImpl);
                        } else if (isKeyInfoKeyid) {
                            QName qNameFromContextString = getQNameFromContextString(this._context, Constants.WSSECURITY_KEY_ENCODING);
                            String keyIdentifier = getKeyIdentifier(keyInformation, qNameFromContextString, getQNameFromContextString(this._context, Constants.WSSECURITY_KEY_IDTYPE));
                            x509TokenImpl.setId(keyIdentifier);
                            x509TokenImpl.setKeyIdentifier(keyIdentifier);
                            x509TokenImpl.setKeyIdentifierEncodingType(qNameFromContextString);
                            this._processedTokens.add(x509TokenImpl);
                        } else if (isKeyInfoThumbprint) {
                            QName qName = (QName) this._context.get(Constants.WSSECURITY_KEY_ENCODING);
                            if (qName == null) {
                                qName = com.ibm.ws.wssecurity.common.Constants.BASE64_BINARY;
                            }
                            String thumbprint = getThumbprint(keyInformation, qName);
                            x509TokenImpl.setId(thumbprint);
                            x509TokenImpl.setThumbprint(thumbprint);
                            x509TokenImpl.setThumbprintEncodingType(qName);
                            x509TokenImpl.setThumbprintValueType(com.ibm.ws.wssecurity.common.Constants.THUMBPRINTSHA1);
                            this._processedTokens.add(x509TokenImpl);
                        } else if (isKeyInfoKeyname) {
                            String subjectDN2 = keyInformation.getSubjectDN();
                            x509TokenImpl.setId(subjectDN2);
                            x509TokenImpl.setKeyName(subjectDN2);
                            this._processedTokens.add(x509TokenImpl);
                        } else if (isKeyInfoX509issuer) {
                            String issuerDN = keyInformation.getIssuerDN();
                            String issuerSerial = keyInformation.getIssuerSerial();
                            x509TokenImpl.setId(issuerDN + ":" + issuerSerial);
                            x509TokenImpl.setIssuerName(issuerDN);
                            x509TokenImpl.setIssuerSerial(issuerSerial);
                            this._processedTokens.add(x509TokenImpl);
                        }
                        final X509TokenImpl x509TokenImpl2 = x509TokenImpl;
                        final X509Certificate x509Certificate2 = (X509Certificate) keyInformation.getCertificate();
                        final byte[] binary = keyInformation.getBinary();
                        AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: com.ibm.ws.wssecurity.wssapi.token.impl.X509GenerateLoginModule.1
                            @Override // java.security.PrivilegedAction
                            public Object run() {
                                x509TokenImpl2.setCertificate(x509Certificate2);
                                x509TokenImpl2.setBinary(binary);
                                return null;
                            }
                        });
                        x509TokenImpl.setKey(62, keyInformation.getPublicOrSecretKey());
                        x509TokenImpl.setKey(61, keyInformation.getPrivateOrSecretKey());
                    } catch (SoapSecurityException e4) {
                        Tr.processException(e4, clsName + ".login", "368", this);
                        throw new LoginException(e4.toString());
                    }
                } else {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "There is the token [" + token.getId() + "] stored in the Subject.");
                    }
                    if (isStandAlone) {
                        this._processedTokens.add(token);
                    } else if (isKeyInfoStrref) {
                        this._processedTokens.add(token);
                    } else if (isKeyInfoEmb) {
                        final X509TokenImpl x509TokenImpl3 = (X509TokenImpl) _tokenFactory.getToken(z);
                        if (valueOf.booleanValue()) {
                            x509TokenImpl3.setTokenToErrata10();
                        }
                        try {
                            x509TokenImpl3.setId(IdUtils.getInstance().makeUniqueId(this._context, "x509bst_"));
                            final X509Certificate x509Certificate3 = (X509Certificate) keyInformation.getCertificate();
                            final byte[] binary2 = keyInformation.getBinary();
                            AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: com.ibm.ws.wssecurity.wssapi.token.impl.X509GenerateLoginModule.2
                                @Override // java.security.PrivilegedAction
                                public Object run() {
                                    x509TokenImpl3.setCertificate(x509Certificate3);
                                    x509TokenImpl3.setBinary(binary2);
                                    return null;
                                }
                            });
                            x509TokenImpl3.setKey(62, keyInformation.getPublicOrSecretKey());
                            x509TokenImpl3.setKey(61, keyInformation.getPrivateOrSecretKey());
                            this._processedTokens.add(x509TokenImpl3);
                            this._insertedTokens.add(x509TokenImpl3);
                        } catch (SoapSecurityException e5) {
                            Tr.processException(e5, clsName + ".login", "399", this);
                            throw new LoginException(e5.toString());
                        }
                    } else if (isKeyInfoKeyid) {
                        this._processedTokens.add(token);
                    } else if (isKeyInfoThumbprint) {
                        this._processedTokens.add(token);
                    } else if (isKeyInfoKeyname) {
                        this._processedTokens.add(token);
                    } else if (isKeyInfoX509issuer) {
                        this._processedTokens.add(token);
                    }
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "login()");
                }
                TokenUtils.putTokenToSharedState(this._sharedState, this._processedTokens, true);
                return true;
            } catch (SoapSecurityException e6) {
                Tr.processException(e6, clsName + ".login", "242", this);
                throw new LoginException(e6.toString());
            }
        } catch (Exception e7) {
            Tr.processException(e7, clsName + ".login", "138", this);
            Tr.error(tc, "security.wssecurity.BSTokenLoginModule.s01", e7);
            throw new LoginException(ConfigUtil.getMessage("security.wssecurity.BSTokenLoginModule.s01", new String[]{e7.toString()}));
        }
    }

    public boolean commit() throws LoginException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "commit()");
        }
        int size = this._processedTokens.size();
        for (int i = 0; i < size; i++) {
            this._securityTokenManager.addToken(this._processedTokens.get(i));
        }
        this._context.put(Constants.WSSECURITY_TOKEN_PROCESSED, this._processedTokens);
        this._context.put(Constants.WSSECURITY_TOKEN_TO_BE_INSERTED, this._insertedTokens);
        if (!tc.isEntryEnabled()) {
            return true;
        }
        Tr.exit(tc, "commit()");
        return true;
    }

    public boolean abort() throws LoginException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "abort()");
        }
        if (!tc.isEntryEnabled()) {
            return false;
        }
        Tr.exit(tc, "abort()");
        return false;
    }

    public boolean logout() throws LoginException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "logout()");
        }
        if (!tc.isEntryEnabled()) {
            return false;
        }
        Tr.exit(tc, "logout()");
        return false;
    }

    private static final SecurityToken getToken(TokenGeneratorConfig tokenGeneratorConfig, String str, Certificate certificate, SecurityTokenManager securityTokenManager) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("getToken(");
            stringBuffer.append("TokenGeneratorConfig config, ");
            stringBuffer.append("String keyInfoType[").append(str).append("], ");
            stringBuffer.append("Certificate cert, SecurityTokenManager securityTokenManager)");
            Tr.entry(tc, stringBuffer.toString());
        }
        SecurityToken securityToken = null;
        Collection<SecurityToken> tokens = securityTokenManager.getTokens(tokenGeneratorConfig, str);
        if (tokens != null && tokens.size() > 0) {
            Iterator<SecurityToken> it = tokens.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                SecurityToken next = it.next();
                if ((next instanceof X509Token) && ((X509Token) next).getCertificate().equals(certificate)) {
                    securityToken = next;
                    break;
                }
            }
        }
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer2 = new StringBuffer("getToken(");
            stringBuffer2.append("Map, TokenGeneratorConfig, String, Certificate)");
            stringBuffer2.append(" returns SecurityToken[").append(securityToken).append("]");
            Tr.exit(tc, stringBuffer2.toString());
        }
        return securityToken;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static final String getKeyIdentifier(KeyStoreManager.KeyInformation keyInformation, QName qName, QName qName2) throws LoginException {
        String b64KeyId;
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("getKeyIdentifier(");
            stringBuffer.append("KeyInformation keyInformation, ");
            stringBuffer.append("QName etype[").append(qName).append("], ");
            stringBuffer.append("QName idtype[").append(qName2).append("])");
            Tr.entry(tc, stringBuffer.toString());
        }
        if (qName == null || NamespaceUtil.equals(qName, com.ibm.ws.wssecurity.common.Constants.BASE64_BINARY)) {
            if (qName2 == null || NamespaceUtil.equals(qName2, com.ibm.ws.wssecurity.common.Constants.ITSHA1)) {
                try {
                    b64KeyId = keyInformation.getB64KeyId();
                } catch (SoapSecurityException e) {
                    Tr.processException(e, clsName + ".getKeyIdentifier", "555");
                    throw new LoginException(e.toString());
                }
            } else {
                if (!NamespaceUtil.equals(qName2, com.ibm.ws.wssecurity.common.Constants.IT60SHA1)) {
                    throw new LoginException(ConfigUtil.getMessage("security.wssecurity.WSEC6804E", new String[]{qName2.toString()}));
                }
                try {
                    b64KeyId = keyInformation.getB64KeyId60();
                } catch (SoapSecurityException e2) {
                    Tr.processException(e2, clsName + ".getKeyIdentifier", "563");
                    throw new LoginException(e2.toString());
                }
            }
        } else {
            if (!NamespaceUtil.equals(qName, com.ibm.ws.wssecurity.common.Constants.HEX_BINARY)) {
                throw new LoginException(ConfigUtil.getMessage("security.wssecurity.BinaryTokenReceiver.token15", new String[]{qName.toString()}));
            }
            if (qName2 == null || NamespaceUtil.equals(qName2, com.ibm.ws.wssecurity.common.Constants.ITSHA1)) {
                try {
                    b64KeyId = keyInformation.getHexKeyId();
                } catch (SoapSecurityException e3) {
                    Tr.processException(e3, clsName + ".getKeyIdentifier", "579");
                    throw new LoginException(e3.toString());
                }
            } else {
                if (!NamespaceUtil.equals(qName2, com.ibm.ws.wssecurity.common.Constants.IT60SHA1)) {
                    throw new LoginException(ConfigUtil.getMessage("security.wssecurity.WSEC6804E", new String[]{qName2.toString()}));
                }
                try {
                    b64KeyId = keyInformation.getHexKeyId60();
                } catch (SoapSecurityException e4) {
                    Tr.processException(e4, clsName + ".getKeyIdentifier", "508");
                    throw new LoginException(e4.toString());
                }
            }
        }
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer2 = new StringBuffer("getKeyIdentifier(");
            stringBuffer2.append("KeyInformation, QName, QName)");
            stringBuffer2.append(" returns String[").append(b64KeyId).append("]");
            Tr.exit(tc, stringBuffer2.toString());
        }
        return b64KeyId;
    }

    private static final String getThumbprint(KeyStoreManager.KeyInformation keyInformation, QName qName) throws LoginException {
        String b64Thumbprint;
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("getThumbprint(");
            stringBuffer.append("KeyInformation keyInformation, ");
            stringBuffer.append("QName etype[").append(qName).append("])");
            Tr.entry(tc, stringBuffer.toString());
        }
        if (NamespaceUtil.equals(qName, com.ibm.ws.wssecurity.common.Constants.BASE64_BINARY)) {
            try {
                b64Thumbprint = keyInformation.getB64Thumbprint();
            } catch (SoapSecurityException e) {
                Tr.processException(e, clsName + ".getThumbprint", "628");
                throw new LoginException(e.toString());
            }
        } else {
            if (!NamespaceUtil.equals(qName, com.ibm.ws.wssecurity.common.Constants.HEX_BINARY)) {
                throw new LoginException(ConfigUtil.getMessage("security.wssecurity.BinaryTokenReceiver.token15", new String[]{qName.toString()}));
            }
            try {
                b64Thumbprint = keyInformation.getHexThumbprint();
            } catch (SoapSecurityException e2) {
                Tr.processException(e2, clsName + ".getThumbprint", "636");
                throw new LoginException(e2.toString());
            }
        }
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer2 = new StringBuffer("getThumbprint(");
            stringBuffer2.append("KeyInformation, QName)");
            stringBuffer2.append(" returns String[").append(b64Thumbprint).append("]");
            Tr.exit(tc, stringBuffer2.toString());
        }
        return b64Thumbprint;
    }

    static final void createOMTokenElement(OMFactory oMFactory, OMElement oMElement, QName qName, KeyStoreManager.KeyInformation keyInformation, X509TokenImpl x509TokenImpl, boolean z, Map<Object, Object> map) throws LoginException {
        String id;
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("createOMTokenElement(");
            stringBuffer.append("OMFactory factory, ");
            stringBuffer.append("OMElement parent[").append(DOMUtils.getDisplayName((OMNode) oMElement)).append("], ");
            stringBuffer.append("QName valueType[").append(qName).append("], ");
            stringBuffer.append("KeyInformation keyInformation, X509TokenImpl token, ");
            stringBuffer.append("boolean insertId[").append(z).append("], ");
            stringBuffer.append("Map context)");
            Tr.entry(tc, stringBuffer.toString());
        }
        int i = 0;
        Object obj = map.get(com.ibm.ws.wssecurity.common.Constants.WSS_VERSION);
        if (obj != null && (obj instanceof Integer)) {
            i = ((Integer) obj).intValue();
        }
        String str = com.ibm.ws.wssecurity.common.Constants.NAMESPACES[0][i];
        String str2 = com.ibm.ws.wssecurity.common.Constants.NAMESPACES[1][i];
        boolean z2 = false;
        String str3 = null;
        if (oMElement != null) {
            str3 = DOMUtils.getNamespacePrefix(oMElement, str);
        }
        if (str3 == null) {
            z2 = true;
            str3 = "wsse";
        }
        OMElement createOMElement = oMFactory.createOMElement("BinarySecurityToken", str, str3);
        if (z2) {
            createOMElement.declareNamespace(str, str3);
        }
        if (z && (id = x509TokenImpl.getId()) != null) {
            boolean z3 = false;
            String namespacePrefix = DOMUtils.getNamespacePrefix(oMElement, str2);
            if (namespacePrefix == null) {
                z3 = true;
                namespacePrefix = "wsu";
            }
            if (z3) {
                createOMElement.declareNamespace(str2, namespacePrefix);
            }
            createOMElement.addAttribute("Id", id, createOMElement.getOMFactory().createOMNamespace(str2, namespacePrefix));
        }
        DOMUtils.setQNameAttr(createOMElement, null, ENCODING_TYPE, com.ibm.ws.wssecurity.common.Constants.BASE64_BINARY, i);
        DOMUtils.setQNameAttr(createOMElement, null, VALUE_TYPE, qName, i);
        try {
            String encodedBinary = keyInformation.getEncodedBinary();
            if (encodedBinary != null) {
                createOMElement.addChild(oMFactory.createOMText(encodedBinary));
            }
            x509TokenImpl.setXML(new OMStructure(createOMElement));
            if (tc.isEntryEnabled()) {
                StringBuffer stringBuffer2 = new StringBuffer("createOMTokenElement(");
                stringBuffer2.append("OMFactory, OMElement, QName, KeyInformation, ");
                stringBuffer2.append("X509TokenImpl, boolean, Map)");
                stringBuffer2.append(" returns OMElement [").append(createOMElement).append("]");
                Tr.exit(tc, stringBuffer2.toString());
            }
        } catch (SoapSecurityException e) {
            Tr.processException(e, clsName + ".login", "720");
            throw new LoginException(e.toString());
        }
    }

    static final void createWSSObjectTokenElement(WSSObjectElement wSSObjectElement, QName qName, KeyStoreManager.KeyInformation keyInformation, X509TokenImpl x509TokenImpl, boolean z, Map<Object, Object> map) throws LoginException {
        String id;
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("createWSSObjectTokenElement(");
            stringBuffer.append("WSSObjectElement parent[").append(wSSObjectElement.getQName()).append("], ");
            stringBuffer.append("QName valueType[").append(qName).append("], ");
            stringBuffer.append("KeyInformation keyInformation, X509TokenImpl token, ");
            stringBuffer.append("boolean insertId[").append(z).append("], ");
            stringBuffer.append("Map context)");
            Tr.entry(tc, stringBuffer.toString());
        }
        BinarySecurityToken binarySecurityToken = new BinarySecurityToken(wSSObjectElement.getWSSObjectDocument());
        if (z && (id = x509TokenImpl.getId()) != null && !id.isEmpty()) {
            binarySecurityToken.setWsuId(VariablePartFactory.getInstance().createAttrValueWithString(id));
        }
        binarySecurityToken.setEncodingType(VariablePartFactory.getInstance().createAttrValueWithString(com.ibm.ws.wssecurity.common.Constants.BASE64_BINARY_STRING));
        binarySecurityToken.setValueType(VariablePartFactory.getInstance().createAttrValueWithString(qName.toString()));
        try {
            byte[] binary = keyInformation.getBinary();
            if (binary != null) {
                VariablePartTextValue createTextValueWithByteToBeBase64Encoded = VariablePartFactory.getInstance().createTextValueWithByteToBeBase64Encoded(binary);
                binarySecurityToken.setContent(createTextValueWithByteToBeBase64Encoded);
                createTextValueWithByteToBeBase64Encoded.calcCache();
            }
            x509TokenImpl.setXML(new WSSObjectStructureImpl(binarySecurityToken));
            if (tc.isEntryEnabled()) {
                StringBuffer stringBuffer2 = new StringBuffer("createOMTokenElement(");
                stringBuffer2.append("WSSObjectElement, QName, KeyInformation, ");
                stringBuffer2.append("X509TokenImpl, boolean, Map)");
                stringBuffer2.append(" returns WSSObjectElement [").append(binarySecurityToken.getQName()).append("]");
                Tr.exit(tc, stringBuffer2.toString());
            }
        } catch (Exception e) {
            Tr.processException(e, clsName + ".login", "903");
            throw new LoginException(e.toString());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static final void createTokenElement(Object obj, QName qName, KeyStoreManager.KeyInformation keyInformation, X509TokenImpl x509TokenImpl, boolean z, Map<Object, Object> map) throws LoginException {
        if (obj instanceof WSSObjectElement) {
            createWSSObjectTokenElement((WSSObjectElement) obj, qName, keyInformation, x509TokenImpl, z, map);
        } else {
            createOMTokenElement(((OMElement) obj).getOMFactory(), (OMElement) obj, qName, keyInformation, x509TokenImpl, z, map);
        }
    }

    private static QName getQNameFromContextString(Map map, String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getQNameFromContextString(" + str + ")");
        }
        QName qName = null;
        if (map != null && str != null) {
            String str2 = (String) map.get(str);
            if (ConfigUtil.hasValue(str2)) {
                qName = new QName("", str2);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getQNameFromContextString(" + str + ") returns " + qName);
        }
        return qName;
    }

    private static boolean getUseErrata(MessageContext messageContext, TokenGeneratorConfig tokenGeneratorConfig) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getUseErrata(messageContext[" + ConfigUtil.getObjState(messageContext) + "], config[" + ConfigUtil.getObjState(tokenGeneratorConfig) + "])");
        }
        boolean z = false;
        if (messageContext != null) {
            OperationContext operationContext = messageContext.getOperationContext();
            if (operationContext == null) {
                operationContext = (OperationContext) messageContext.getProperty("unverifiedOperationContext");
            }
            if (operationContext != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Valid operation context to look for USE_X509ERRATA_10 property");
                }
                Iterator it = operationContext.getMessageContexts().entrySet().iterator();
                Object obj = null;
                while (it.hasNext()) {
                    Map.Entry entry = (Map.Entry) it.next();
                    MessageContext messageContext2 = (MessageContext) entry.getValue();
                    HashMap hashMap = (HashMap) messageContext2.getProperty(com.ibm.ws.wssecurity.common.Constants.WSS_PROPERTYMAP);
                    if (hashMap != null) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Found the WSS_PROPERTYMAP in the msg ctx with key: " + entry.getKey());
                        }
                        obj = hashMap.get(com.ibm.ws.wssecurity.common.Constants.GENERATE_X509ERRATA_10);
                        if (obj != null) {
                            z = ((Boolean) obj).booleanValue();
                            messageContext2.setProperty(com.ibm.ws.wssecurity.common.Constants.WSS_PROPERTYMAP, hashMap);
                        } else if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Did NOT find USE_X509ERRATA_10 in WSS_PROPERTYMAP property map.");
                        }
                    }
                }
                if (obj == null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Did not find USE_X509ERRATA_10 or the WSS_PROPERTYMAP in any message context.Try to find WSS_RAMP_PROPERTYMAP. ");
                    }
                    while (it.hasNext()) {
                        Map.Entry entry2 = (Map.Entry) it.next();
                        MessageContext messageContext3 = (MessageContext) entry2.getValue();
                        HashMap hashMap2 = (HashMap) messageContext3.getProperty(com.ibm.ws.wssecurity.common.Constants.WSS_RAMP_PROPERTYMAP);
                        if (hashMap2 != null) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Found the WSS_RAMP_PROPERTYMAP in the msg ctx with key: " + entry2.getKey());
                            }
                            Object obj2 = hashMap2.get(com.ibm.ws.wssecurity.common.Constants.GENERATE_X509ERRATA_10);
                            if (obj2 != null) {
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "Found USE_X509ERRATA_10 in WSS_RAMP_PROPERTYMAP property map.");
                                }
                                z = ((Boolean) obj2).booleanValue();
                                messageContext3.setProperty(com.ibm.ws.wssecurity.common.Constants.WSS_RAMP_PROPERTYMAP, hashMap2);
                            } else if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Did NOT find USE_X509ERRATA_10 in WSS_RAMP_PROPERTYMAP property map.");
                            }
                        }
                    }
                } else if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "OperationContext was null, cannot look for USE_X509ERRATA_10 in WSS_PROPERTYMAP.");
                }
            }
            String str = (String) tokenGeneratorConfig.getProperties().get(com.ibm.ws.wssecurity.common.Constants.GENERATE_X509ERRATA_10);
            tokenGeneratorConfig.getType();
            if (z) {
                QName qName = com.ibm.ws.wssecurity.common.Constants.X509V3;
            } else if (str != null && str.equals("true")) {
                QName qName2 = com.ibm.ws.wssecurity.common.Constants.X509V3;
                z = true;
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getUseErrata returns [" + z + "]");
        }
        return z;
    }

    public static X509TokenImpl getCustomerX509Token(MessageContext messageContext, Map map, Map map2, boolean z) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getCustomerX509Token");
        }
        X509TokenImpl x509TokenImpl = null;
        CallbackHandlerConfig callbackHandlerConfig = null;
        if (map != null) {
            callbackHandlerConfig = (CallbackHandlerConfig) map.get(CallbackHandlerConfig.CONFIG_KEY);
        }
        SecurityToken customerToken = TokenUtils.getCustomerToken(messageContext, map2, callbackHandlerConfig, X509Token.ValueType, z);
        if (customerToken != null) {
            if (customerToken instanceof X509TokenImpl) {
                x509TokenImpl = (X509TokenImpl) customerToken;
            } else {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Token is not an X509TokenImpl; discarding.");
                }
                x509TokenImpl = null;
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getCustomerX509Token returns [" + (x509TokenImpl != null ? x509TokenImpl.getClass().getName() : "null") + "]");
        }
        return x509TokenImpl;
    }

    public static KeyStoreManager.KeyInformation getCustomTokenKeyInformation(X509TokenImpl x509TokenImpl, Object obj) throws LoginException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getCustomTokenKeyInformation(customerToken[" + (x509TokenImpl != null ? x509TokenImpl.getClass().getName() : "null") + "], tokenConfigObject[" + (obj != null ? obj.getClass().getName() : "null") + "])");
        }
        KeyStoreManager.KeyInformation keyInformation = null;
        if (x509TokenImpl != null) {
            try {
                keyInformation = KeyStoreManager.getInstance().getKeyInformation(x509TokenImpl.getCertificate());
                if (keyInformation == null) {
                    throw new LoginException("Error obtaining keyInformation from x509 custom token.  KeyInformation is null.");
                }
                if (obj != null) {
                    if (obj instanceof TokenGeneratorConfig) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "processing TokenGeneratorConfig");
                        }
                        if (((TokenGeneratorConfig) obj).isUsedForSigning()) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "key is used for signing");
                            }
                            try {
                                Key key = x509TokenImpl.getKey(61);
                                if (key == null) {
                                    throw new LoginException("There is no private key in the customer token and the token is used for signing where a private key is required.");
                                }
                                keyInformation.setPrivateKey(key);
                            } catch (Exception e) {
                                Tr.processException(e, clsName + ".getCustomTokenKeyInformation", "1105");
                                throw new LoginException("Error obtaining private key from x509 customer token [" + e + "]");
                            }
                        }
                    }
                    if (obj instanceof TokenConsumerConfig) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "processing TokenConsumerConfig");
                        }
                        if (((TokenConsumerConfig) obj).isUsedForDecryption()) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "key is used for decryption");
                            }
                            try {
                                Key key2 = x509TokenImpl.getKey(64);
                                if (key2 == null) {
                                    throw new LoginException("There is no private key in the customer token and the token is used for decryption where a private key is required.");
                                }
                                keyInformation.setPrivateKey(key2);
                            } catch (Exception e2) {
                                Tr.processException(e2, clsName + ".getCustomTokenKeyInformation", "1133");
                                throw new LoginException("Error obtaining private key from x509 customer token [" + e2 + "]");
                            }
                        }
                    }
                }
            } catch (Exception e3) {
                Tr.processException(e3, clsName + ".getCustomTokenKeyInformation", "1078");
                throw new LoginException("Error obtaining keyInformation from x509 customer token [" + e3 + "]");
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getCustomTokenKeyInformation returns [" + (keyInformation != null ? keyInformation.getClass().getName() : "null") + "]");
        }
        return keyInformation;
    }
}
