package com.ibm.ws.security.web.saml;

import com.ibm.websphere.security.UserRegistry;
import com.ibm.websphere.wssecurity.wssapi.token.SAMLToken;
import com.ibm.ws.security.ltpa.CrossRealmUtil;
import com.ibm.ws.security.web.saml.SAMLIdAssertionRule;
import com.ibm.ws.security.web.saml.util.Util;
import com.ibm.ws.wssecurity.saml.common.util.MessageHelper;
import com.ibm.ws.wssecurity.util.ConfigUtil;
import com.ibm.ws.wssecurity.util.Tr;
import com.ibm.ws.wssecurity.util.TraceComponent;
import com.ibm.wsspi.security.tai.TAIResult;
import com.ibm.wsspi.security.web.saml.NameIDMapping;
import com.ibm.wsspi.security.web.saml.UserMapping;
import com.ibm.wsspi.wssecurity.saml.data.SAMLAttribute;
import com.ibm.wsspi.wssecurity.saml.data.SAMLNameID;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.ListIterator;
import javax.security.auth.Subject;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.hyades.logging.events.cbe.ExtendedDataElement;

/* loaded from: input_file:lib/com.ibm.jaxws.thinclient_9.0.jar:com/ibm/ws/security/web/saml/CredentialMapUtil.class */
public class CredentialMapUtil {
    private static final String comp = "security.wssecurity";
    public static final String WAS_Web_SSO_Saml20_Tai = "Saml20TaiSsoPartners";
    private static final TraceComponent tc = Tr.register(CredentialMapUtil.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.wssmessages");
    private static final String clsName = CredentialMapUtil.class.getName();
    protected static final CredentialMapUtil credMapUtil = new CredentialMapUtil();

    public static CredentialMapUtil getInstance() {
        return credMapUtil;
    }

    public TAIResult doIdAssertion(SAMLToken sAMLToken, Subject subject, SAMLIdAssertionRule sAMLIdAssertionRule, PostBindingConfig postBindingConfig, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "doIdAssertion samlToken[" + ConfigUtil.getObjState(sAMLToken) + "], subject[" + ConfigUtil.getObjState(subject) + "], rule[" + sAMLIdAssertionRule + "], pbc,req,res)");
        }
        boolean z = false;
        boolean z2 = false;
        boolean z3 = false;
        String str = null;
        String str2 = null;
        String str3 = null;
        List<SAMLAttribute> sAMLAttributes = sAMLToken.getSAMLAttributes();
        ArrayList arrayList = new ArrayList();
        for (SAMLAttribute sAMLAttribute : sAMLAttributes) {
            String name = sAMLAttribute.getName();
            if (name != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "attName [" + name + "]");
                }
                if (name.equalsIgnoreCase(sAMLIdAssertionRule.getPrincipalName())) {
                    str2 = extractPrincipalFromAttribute(str2, sAMLAttribute, name);
                    z2 = true;
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "useAttributeAsPrincipal [" + z2 + "]");
                }
                if (sAMLIdAssertionRule.getUseRealm() == null && name.equalsIgnoreCase(sAMLIdAssertionRule.getRealmName())) {
                    if (sAMLIdAssertionRule.getRealmNameRange() == null || sAMLIdAssertionRule.getRealmNameRange().isEmpty()) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "realm range is required if using Attribute value for realm.");
                        }
                        throw new Exception(ConfigUtil.getMessage("security.wssecurity.CWWSS8038E"));
                    }
                    z = true;
                    str = extractRealmFromAttribute(str, sAMLAttribute, name, sAMLIdAssertionRule.getRealmNameRange());
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "useAttributeAsRealm [" + z + "]");
                }
                if (name.equalsIgnoreCase(sAMLIdAssertionRule.getUniqueId())) {
                    z3 = true;
                    str3 = extractUniqueIdFromAttribute(str3, sAMLAttribute, name);
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "useAttributeUniqueId [" + z3 + "]");
                    Tr.debug(tc, "uniqueId [" + str3 + "]");
                }
                if (name.equalsIgnoreCase(sAMLIdAssertionRule.getGroups())) {
                    String[] stringAttributeValue = sAMLAttribute.getStringAttributeValue();
                    if (stringAttributeValue != null) {
                        if (sAMLIdAssertionRule.getIDMapOption().equals(SAMLIdAssertionRule.IDMapOption.ASSERTION_ADD_LOCAL_GROUP) || sAMLIdAssertionRule.getIDMapOption().equals(SAMLIdAssertionRule.IDMapOption.LOCAL_REALM_THEN_ASSERTION_ADD_LOCAL_GROUP)) {
                            stringAttributeValue = addNestedGroups(stringAttributeValue, true);
                        } else if (sAMLIdAssertionRule.getIDMapOption().equals(SAMLIdAssertionRule.IDMapOption.ASSERTION_AND_LOCAL_GROUP) || sAMLIdAssertionRule.getIDMapOption().equals(SAMLIdAssertionRule.IDMapOption.LOCAL_REALM_THEN_ASSERTION_AND_LOCAL_GROUP)) {
                            stringAttributeValue = addNestedGroups(stringAttributeValue, false);
                        }
                        for (String str4 : stringAttributeValue) {
                            arrayList.add(str4);
                        }
                    }
                }
            }
        }
        if (sAMLIdAssertionRule.getUseRealm() != null) {
            str = sAMLIdAssertionRule.getUseRealm();
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "samlRealm [" + str + "]");
        }
        if (str == null) {
            if (z) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "There is no attribute could be used as realm.");
                }
                throw new Exception(ConfigUtil.getMessage("security.wssecurity.CWWSS8039E"));
            }
            str = sAMLIdAssertionRule.isIssuerForDefaultRealm() ? sAMLToken.getSAMLIssuerName() : sAMLIdAssertionRule.isDomainRealm() ? getDomainRealm() : getSamlNameQualifier(sAMLToken);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "samlRealm [" + str + "]");
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "samlPrincipal [" + str2 + "]");
        }
        if (str2 == null) {
            if (z2) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "There is no attribute could be used as principal.");
                }
                throw new Exception(ConfigUtil.getMessage("security.wssecurity.CWWSS8040E"));
            }
            UserMapping userMapping = sAMLIdAssertionRule.getUserMapping();
            str2 = userMapping != null ? userMapping instanceof NameIDMapping ? ((NameIDMapping) userMapping).mapSAMLAssertionToPrincipal(sAMLToken, httpServletRequest, httpServletResponse, null) : userMapping.mapSAMLAssertionToName(sAMLToken) : getSamlName(sAMLToken);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "samlPrincipal [" + str2 + "]");
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "uniqueId [" + str3 + "]");
        }
        if (str3 == null) {
            if (z3) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "There is no attribute could be used as UniqueId.");
                }
                throw new Exception(ConfigUtil.getMessage("security.wssecurity.CWWSS8041E"));
            }
            str3 = str2;
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "uniqueId [" + str3 + "]");
            }
        }
        String str5 = str + "/" + str3;
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "username = " + str2 + "  uniqueId = " + str5);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Adding groups");
        }
        ArrayList arrayList2 = new ArrayList();
        if (arrayList != null && !arrayList.isEmpty()) {
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                String str6 = (String) it.next();
                if (!str6.startsWith(str)) {
                    str6 = str + "/" + str6;
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "group:" + str6);
                }
                arrayList2.add("group:" + str6);
            }
        }
        String cacheKey = getCacheKey(sAMLToken, postBindingConfig);
        Hashtable hashtable = new Hashtable();
        hashtable.put("com.ibm.wsspi.security.cred.uniqueId", str5);
        hashtable.put("com.ibm.wsspi.security.cred.securityName", str2);
        hashtable.put("com.ibm.wsspi.security.cred.groups", arrayList2);
        hashtable.put("com.ibm.wsspi.security.cred.realm", str);
        if (sAMLIdAssertionRule.includeCacheKeyInSubject()) {
            hashtable.put("com.ibm.wsspi.security.cred.cacheKey", cacheKey);
        }
        if (postBindingConfig.getPostBindingSPConfig().enforceTaiCookie()) {
            hashtable.put(WAS_Web_SSO_Saml20_Tai, Util.getCacheKeyPrefix(postBindingConfig));
        }
        addToSubjectAsPrivateCredentials(subject, hashtable);
        if (sAMLIdAssertionRule.includeTokenInSubject()) {
            addToSubjectAsPrivateCredentials(subject, sAMLToken);
        }
        TAIResult create = TAIResult.create(200, sAMLToken.getPrincipal(), subject);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "doIdAssertion");
        }
        return create;
    }

    private static void addToSubjectAsPrivateCredentials(final Subject subject, final Object obj) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "addToSubject");
        }
        if (obj != null) {
            AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: com.ibm.ws.security.web.saml.CredentialMapUtil.1
                @Override // java.security.PrivilegedAction
                public Object run() {
                    subject.getPrivateCredentials().add(obj);
                    return null;
                }
            });
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "addToSubject");
        }
    }

    private static String extractPrincipalFromAttribute(String str, SAMLAttribute sAMLAttribute, String str2) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "extractPrincipalFromAttribute");
        }
        String[] qualifiedAttributeValues = getQualifiedAttributeValues(sAMLAttribute, str2, null);
        if (isMoreThanOne(qualifiedAttributeValues)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Can not use more than one attribute values as principal.");
            }
            throw new Exception(ConfigUtil.getMessage("security.wssecurity.CWWSS7557E"));
        }
        if (isExactOne(qualifiedAttributeValues)) {
            if (str != null && !str.equals(qualifiedAttributeValues[0])) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "The principal exists already.");
                }
                throw new Exception(ConfigUtil.getMessage("security.wssecurity.CWWSS7558E"));
            }
            str = qualifiedAttributeValues[0];
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Found principal name:" + str);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "extractPrincipalFromAttribute returns [" + str + "]");
        }
        return str;
    }

    private static String extractRealmFromAttribute(String str, SAMLAttribute sAMLAttribute, String str2, String str3) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "extractRealmFromAttribute");
        }
        String[] qualifiedAttributeValues = getQualifiedAttributeValues(sAMLAttribute, str2, str3);
        if (isMoreThanOne(qualifiedAttributeValues)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Can not use more than one attribute values as realm.");
            }
            throw new Exception(ConfigUtil.getMessage("security.wssecurity.CWWSS7559E"));
        }
        if (isExactOne(qualifiedAttributeValues)) {
            if (str != null && !str.equals(qualifiedAttributeValues[0])) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "The realm exists already.");
                }
                throw new Exception(ConfigUtil.getMessage("security.wssecurity.CWWSS7560E"));
            }
            str = qualifiedAttributeValues[0];
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Found Realm name:" + str);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "extractRealmFromAttribute returns [" + str + "]");
        }
        return str;
    }

    private static String extractUniqueIdFromAttribute(String str, SAMLAttribute sAMLAttribute, String str2) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "extractUniqueIdFromAttribute");
        }
        String[] qualifiedAttributeValues = getQualifiedAttributeValues(sAMLAttribute, str2, null);
        if (isMoreThanOne(qualifiedAttributeValues)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Can not use more than one attribute values as unique ID.");
            }
            throw new Exception(ConfigUtil.getMessage("security.wssecurity.CWWSS7561E"));
        }
        if (isExactOne(qualifiedAttributeValues)) {
            if (str != null && !str.equals(qualifiedAttributeValues[0])) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "The uniqueId exists already.");
                }
                throw new Exception(ConfigUtil.getMessage("security.wssecurity.CWWSS7562E"));
            }
            str = qualifiedAttributeValues[0];
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Found uniqueId name:" + str);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "extractUniqueIdFromAttribute returns [" + str + "]");
        }
        return str;
    }

    private static boolean isMoreThanOne(String[] strArr) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isMoreThanOne");
        }
        boolean z = false;
        if (strArr != null && strArr.length > 1) {
            z = true;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isMoreThanOne returns [" + z + "]");
        }
        return z;
    }

    private static boolean isExactOne(String[] strArr) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isExactOne");
        }
        boolean z = false;
        if (strArr != null && strArr.length == 1) {
            z = true;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isExactOne returns [" + z + "]");
        }
        return z;
    }

    private static boolean noValue(String[] strArr) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, ExtendedDataElement.TYPE_NO_VALUE);
        }
        boolean z = true;
        if (strArr != null && strArr.length > 0) {
            z = false;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "noValue returns [" + z + "]");
        }
        return z;
    }

    private static String[] getQualifiedAttributeValues(SAMLAttribute sAMLAttribute, String str, String str2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getQualifiedAttributeValues");
        }
        String[] stringAttributeValue = sAMLAttribute.getStringAttributeValue();
        int length = stringAttributeValue != null ? stringAttributeValue.length : 0;
        boolean z = (str2 == null || str2.trim().isEmpty()) ? false : true;
        String[] strArr = new String[length];
        String[] strArr2 = new String[length];
        String name = sAMLAttribute.getName();
        boolean z2 = false;
        if (str != null && str.equalsIgnoreCase(name)) {
            z2 = true;
        }
        if (z2 && length > 0) {
            int i = 0;
            if (length > 0) {
                for (int i2 = 0; i2 < length; i2++) {
                    if (stringAttributeValue[i2] != null && !stringAttributeValue[i2].trim().isEmpty()) {
                        if (z) {
                            strArr2[i] = stringAttributeValue[i2];
                        } else {
                            strArr[i] = stringAttributeValue[i2];
                        }
                        i++;
                    }
                }
            }
            if (i > 0 && z) {
                int i3 = i;
                i = 0;
                for (int i4 = 0; i4 < i3; i4++) {
                    if (str2.contains(strArr2[i4]) || str2.equals("*")) {
                        strArr[i] = strArr2[i4];
                        i++;
                    }
                    strArr2[i4] = null;
                }
            }
            strArr2 = new String[i];
            for (int i5 = 0; i5 < i; i5++) {
                strArr2[i5] = strArr[i5];
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getQualifiedAttributeValues");
        }
        return strArr2;
    }

    public TAIResult doNameIdMapping(SAMLToken sAMLToken, Subject subject, SAMLIdAssertionRule sAMLIdAssertionRule, PostBindingConfig postBindingConfig, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "doNameIdMapping samlToken[" + ConfigUtil.getObjState(sAMLToken) + "], subject[" + ConfigUtil.getObjState(subject) + "], rule[" + sAMLIdAssertionRule + "], pbc,req,res)");
        }
        TAIResult tAIResult = null;
        if (sAMLToken != null) {
            String principal = sAMLToken.getPrincipal();
            if (sAMLIdAssertionRule.getPrincipalName() != null && !sAMLIdAssertionRule.getPrincipalName().isEmpty()) {
                Iterator<SAMLAttribute> it = sAMLToken.getSAMLAttributes().iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    SAMLAttribute next = it.next();
                    String name = next.getName();
                    if (sAMLIdAssertionRule.getPrincipalName().equalsIgnoreCase(name)) {
                        principal = extractPrincipalFromAttribute(null, next, name);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Subject principal is [" + principal + "]");
                        }
                    }
                }
            }
            UserMapping userMapping = sAMLIdAssertionRule.getUserMapping();
            if (userMapping != null) {
                principal = userMapping instanceof NameIDMapping ? ((NameIDMapping) userMapping).mapSAMLAssertionToPrincipal(sAMLToken, httpServletRequest, httpServletResponse, null) : userMapping.mapSAMLAssertionToName(sAMLToken);
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "authName after user mapping [" + principal + "]");
            }
            boolean z = true;
            if (!sAMLIdAssertionRule.getIDMapOption().equals(SAMLIdAssertionRule.IDMapOption.LOCAL_REALM)) {
                z = isValidateUser(principal);
            }
            if (z) {
                String cacheKey = getCacheKey(sAMLToken, postBindingConfig);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "cachekey [" + cacheKey + "]");
                }
                Hashtable hashtable = new Hashtable();
                if (sAMLIdAssertionRule.includeCacheKeyInSubject()) {
                    hashtable.put("com.ibm.wsspi.security.cred.cacheKey", cacheKey);
                }
                if (postBindingConfig.getPostBindingSPConfig().enforceTaiCookie()) {
                    hashtable.put(WAS_Web_SSO_Saml20_Tai, Util.getCacheKeyPrefix(postBindingConfig));
                }
                addToSubjectAsPrivateCredentials(subject, hashtable);
                if (sAMLIdAssertionRule.includeTokenInSubject()) {
                    addToSubjectAsPrivateCredentials(subject, sAMLToken);
                }
                tAIResult = TAIResult.create(200, principal, subject);
            } else {
                tAIResult = getInstance().doIdAssertion(sAMLToken, subject, sAMLIdAssertionRule, postBindingConfig, httpServletRequest, httpServletResponse);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "doNameIdMapping");
        }
        return tAIResult;
    }

    protected static String getCacheKey(SAMLToken sAMLToken, PostBindingConfig postBindingConfig) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getCacheKey");
        }
        String str = null;
        if (sAMLToken != null) {
            StringBuffer stringBuffer = new StringBuffer(Util.getCacheKeyPrefix(postBindingConfig));
            int hashCode = sAMLToken.getSAMLIssuerName().hashCode();
            if (hashCode < 0) {
                stringBuffer.append("n").append(hashCode * (-1));
            } else {
                stringBuffer.append(hashCode);
            }
            int hashCode2 = sAMLToken.getSamlID().hashCode();
            if (hashCode2 < 0) {
                stringBuffer.append("n").append(hashCode2 * (-1));
            } else {
                stringBuffer.append(hashCode2);
            }
            str = stringBuffer.toString();
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getCacheKey returns [" + str + "]");
        }
        return str;
    }

    public UserRegistry getCurrentUserRegistry() {
        return CrossRealmUtil.getUserRegistry();
    }

    public boolean isValidateUser(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isValidateUser user[" + str + "]");
        }
        boolean z = false;
        try {
            z = getCurrentUserRegistry().isValidUser(str);
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Not a valid user in local user registry");
                Tr.debug(tc, e.getMessage());
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isValidateUser returns [" + z + "]");
        }
        return z;
    }

    public String[] addNestedGroups(String[] strArr, boolean z) {
        if (strArr == null) {
            strArr = new String[0];
        }
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "addNestedGroups members[" + (strArr.length > 0 ? strArr[0] : "empty") + "]");
        }
        ArrayList arrayList = new ArrayList();
        for (String str : strArr) {
            if (z) {
                arrayList.add(str);
            }
            try {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "search group:" + str);
                }
                String nameWithoutRealm = getNameWithoutRealm(getCurrentUserRegistry().getUniqueGroupId(str));
                arrayList.add(nameWithoutRealm);
                ListIterator<String> listIterator = getCurrentUserRegistry().getUniqueGroupIds(nameWithoutRealm).listIterator();
                while (listIterator.hasNext()) {
                    String nameWithoutRealm2 = getNameWithoutRealm(listIterator.next());
                    arrayList.add(nameWithoutRealm2);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "add group:" + nameWithoutRealm2);
                    }
                }
            } catch (Exception e) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "No parent groups found for group:" + str);
                    Tr.debug(tc, "Exception from addNestedGroups:" + e.getLocalizedMessage());
                }
            }
        }
        String[] strArr2 = new String[arrayList.size()];
        arrayList.toArray(strArr2);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "addNestedGroups returns [" + strArr2 + "]");
        }
        return strArr2;
    }

    public String getDomainRealm() throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getDomainRealm");
        }
        try {
            String realm = getCurrentUserRegistry().getRealm();
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getDomainRealm returns [" + realm + "]");
            }
            return realm;
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Can not get realm name");
                Tr.debug(tc, e.getMessage());
            }
            Exception exc = new Exception(e.getMessage());
            exc.initCause(e.getCause());
            throw exc;
        }
    }

    public String getNameWithoutRealm(String str) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getNameWithoutRealm");
        }
        try {
            String realm = getCurrentUserRegistry().getRealm();
            int indexOf = str.indexOf(realm);
            if (indexOf > 0) {
                str = str.substring(indexOf + realm.length() + 1);
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getNameWithoutRealm returns [" + str + "]");
            }
            return str;
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Can not remove realm for name: " + str);
                Tr.debug(tc, e.getMessage());
            }
            Exception exc = new Exception(e.getMessage());
            exc.initCause(e.getCause());
            throw exc;
        }
    }

    private SAMLNameID getSamlNameId(SAMLToken sAMLToken) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSamlNameId samlToken [" + ConfigUtil.getObjState(sAMLToken) + "]");
        }
        if (sAMLToken.getSAMLNameID() != null) {
            SAMLNameID sAMLNameID = sAMLToken.getSAMLNameID();
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getSamlNameId returns [" + ConfigUtil.getObjState(sAMLNameID) + "]");
            }
            return sAMLNameID;
        }
        if (tc.isDebugEnabled() && sAMLToken.getSAMLNameID() == null) {
            Tr.debug(tc, "The NameID element is missing from the Subject.");
        }
        String message = MessageHelper.getMessage("security.wssecurity.CWSML7010E", new String[]{"NameID", "Subject"});
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, message);
        }
        throw new Exception(message);
    }

    private String getSamlName(SAMLToken sAMLToken) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSamlName samlToken [" + ConfigUtil.getObjState(sAMLToken) + "]");
        }
        SAMLNameID samlNameId = getSamlNameId(sAMLToken);
        if (samlNameId.getValue() != null && samlNameId.getValue().trim().length() != 0) {
            String value = samlNameId.getValue();
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getSamlNameId returns [" + value + "]");
            }
            return value;
        }
        if (tc.isDebugEnabled()) {
            if (samlNameId.getValue() == null) {
                Tr.debug(tc, "The value for the NameID element in the Subject is missing.");
            } else if (samlNameId.getValue().trim().length() == 0) {
                Tr.debug(tc, "The value for the NameID element in the Subject is an empty string [" + samlNameId.getValue() + "]");
            }
        }
        String message = MessageHelper.getMessage("security.wssecurity.CWSML7010E", new String[]{"NameID", "Subject"});
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, message);
        }
        throw new Exception(message);
    }

    private String getSamlNameQualifier(SAMLToken sAMLToken) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSamlNameQualifier samlToken [" + ConfigUtil.getObjState(sAMLToken) + "]");
        }
        SAMLNameID samlNameId = getSamlNameId(sAMLToken);
        if (samlNameId.getNameQualifier() != null && samlNameId.getNameQualifier().trim().length() != 0) {
            String nameQualifier = samlNameId.getNameQualifier();
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getSamlNameQualifier returns [" + nameQualifier + "]");
            }
            return nameQualifier;
        }
        if (tc.isDebugEnabled()) {
            if (samlNameId.getNameQualifier() == null) {
                Tr.debug(tc, "The value for the NameQualifier attribute on the NameID element in the Subject is missing.");
            } else if (samlNameId.getNameQualifier().trim().length() == 0) {
                Tr.debug(tc, "The value for the NameQualifier attribute on the NameID element in the Subject is an empty string [" + samlNameId.getNameQualifier() + "]");
            }
        }
        String message = MessageHelper.getMessage("security.wssecurity.CWSML7006E", new String[]{"NameQualifier", "NameID"});
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, message);
        }
        throw new Exception(message);
    }
}
