package com.ibm.ws.wssecurity.wssapi.token.impl;

import com.ibm.websphere.wssecurity.callbackhandler.SCTGenerateCallbackHandler;
import com.ibm.websphere.wssecurity.wssapi.WSSConsumingContext;
import com.ibm.websphere.wssecurity.wssapi.WSSException;
import com.ibm.websphere.wssecurity.wssapi.WSSGenerationContext;
import com.ibm.websphere.wssecurity.wssapi.token.DerivedKeyToken;
import com.ibm.ws.wssecurity.admin.BindingPropertyConstants;
import com.ibm.ws.wssecurity.token.CacheableToken;
import com.ibm.ws.wssecurity.token.UTC;
import com.ibm.ws.wssecurity.trust.server.sts.Util.STSUriUtil;
import com.ibm.ws.wssecurity.util.CacheConfigFactory;
import com.ibm.ws.wssecurity.util.DerivedKeyUtil;
import com.ibm.ws.wssecurity.util.Tr;
import com.ibm.ws.wssecurity.util.TraceComponent;
import com.ibm.ws.wssecurity.wssapi.DefaultValueManager;
import java.io.ByteArrayOutputStream;
import java.io.Externalizable;
import java.io.IOException;
import java.io.ObjectInput;
import java.io.ObjectOutput;
import java.io.ObjectOutputStream;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.SecurityPermission;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import org.apache.axis2.util.ObjectStateUtils;

/* loaded from: input_file:lib/com.ibm.jaxws.thinclient_9.0.jar:com/ibm/ws/wssecurity/wssapi/token/impl/SCT.class */
public class SCT extends SecureConversationToken implements CacheableToken {
    private static final long serialVersionUID = 1710253288493106515L;
    private WSSGenerationContext wssGenerationContext;
    private WSSConsumingContext wssConsumingContext;
    private Map _map;
    private static final String comp = "security.wssecurity";
    private SecurityTokenManagerImpl securityTokenManager;
    private Map dkgMap;
    public static final String SERIALIZATION_DESCRIPTION_UUID = "SCT.uuid";
    public static final String SERIALIZATION_DESCRIPTION_CLIENT_ID = "SCT.clientID";
    public static final String SERIALIZATION_DESCRIPTION_TOKEN_ID = "SCT.tokenID";
    public static final String SERIALIZATION_DESCRIPTION_CURRENT_INSTANCE = "SCT.currentInstance";
    public static final String SERIALIZATION_DESCRIPTION_KEY_MAP = "SCT.keyMap";
    public static final String SERIALIZATION_DESCRIPTION_APPLIES_TO = "SCT.appliesTo";
    public static final String SERIALIZATION_DESCRIPTION_ALGORITHM = "SCT.algorithm";
    public static final String SERIALIZATION_DESCRIPTION_PROVIDER = "SCT.provider";
    public static final String SERIALIZATION_DESCRIPTION_ISSUER = "SCT.issuer";
    public static final String SERIALIZATION_DESCRIPTION_INSTANCES = "SCT.instances";
    private String uuid;
    private String clientID;
    private String tokenID;
    private boolean isCancelled;
    private HashMap<String, KeyHistoryEntry> keyMap;
    private ArrayList appliesToList;
    private String issuer;
    private boolean renewable;
    private boolean renewableAfterExpiration;
    private ArrayList allKeyInstances;
    private String algorithm;
    private String provider;
    private int keySize;
    private byte[] serializedBytes;
    private static final TraceComponent tc = Tr.register(SCT.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.wssmessages");
    private static final SecurityPermission RENEW_PERM = new SecurityPermission("wssapi.SCT.renew");
    private static final SecurityPermission CANCEL_PERM = new SecurityPermission("wssapi.SCT.cancel");
    private static final String clsName = SCT.class.getName();
    private static final String CLASS_NAME = SCT.class.getName();

    /* loaded from: input_file:lib/com.ibm.jaxws.thinclient_9.0.jar:com/ibm/ws/wssecurity/wssapi/token/impl/SCT$KeyHistoryEntry.class */
    public static class KeyHistoryEntry implements Externalizable {
        public static final String SERIALIZATION_DESCRIPTION_INSTANCE = "KHE.instance";
        public static final String SERIALIZATION_DESCRIPTION_CLIENT_SECRET = "KHE.clientSecret";
        public static final String SERIALIZATION_DESCRIPTION_SERVER_SECRET = "KHE.serverSecret";
        public static final String SERIALIZATION_DESCRIPTION_SECRET = "KHE.secret";
        public static final String SERIALIZATION_DESCRIPTION_VALID_TIME_START = "KHE.validTimeStart";
        public static final String SERIALIZATION_DESCRIPTION_VALID_TIME_END = "KHE.validTimeEnd";
        public static final String SERIALIZATION_DESCRIPTION_STATE = "KHE.state";
        private String instance;
        private byte[] clientSecret;
        private byte[] serverSecret;
        private byte[] secret;
        private Date validTimeStart;
        private Date validTimeEnd;
        private SCTState state;
        private static final long serialVersionUID = 4800424159027149133L;
        private static final TraceComponent tc = Tr.register(KeyHistoryEntry.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.wssmessages");

        public KeyHistoryEntry() {
            this.instance = "";
            this.clientSecret = new byte[0];
            this.serverSecret = new byte[0];
            this.secret = new byte[0];
            this.validTimeStart = new Date(0L);
            this.validTimeEnd = new Date(0L);
            this.state = SCTState.NULL;
        }

        public KeyHistoryEntry(String str, byte[] bArr, byte[] bArr2, Date date, Date date2, SCTState sCTState) {
            this.instance = str;
            this.clientSecret = copyOf(bArr);
            this.serverSecret = copyOf(bArr2);
            this.validTimeStart = (Date) date.clone();
            this.validTimeEnd = (Date) date2.clone();
            this.state = sCTState;
            this.secret = createDerivedKeyByte(this.clientSecret, this.serverSecret);
        }

        private byte[] createDerivedKeyByte(byte[] bArr, byte[] bArr2) {
            byte[] bArr3 = null;
            try {
                bArr3 = DerivedKeyUtil.createDerivedKeyByte(bArr, "", bArr2, bArr.length, 0, 0, "HmacSha1");
            } catch (Exception e) {
                Tr.processException(e, SCT.CLASS_NAME + ".createDerivedKeyByte", "%C", this);
            }
            return bArr3;
        }

        public String getInstance() {
            return this.instance;
        }

        public byte[] getClientSecret() {
            return copyOf(this.clientSecret);
        }

        public byte[] getServerSecret() {
            return copyOf(this.serverSecret);
        }

        public byte[] getSecret() {
            return copyOf(this.secret);
        }

        public Date getCreated() {
            return (Date) this.validTimeStart.clone();
        }

        public Date getExpires() {
            return (Date) this.validTimeEnd.clone();
        }

        public SCTState getState() {
            return this.state;
        }

        public void setInstance(String str) {
            this.instance = str;
        }

        public void setClientSecret(byte[] bArr) {
            this.clientSecret = copyOf(bArr);
        }

        public void setServerSecret(byte[] bArr) {
            this.serverSecret = copyOf(bArr);
        }

        public void setSecret(byte[] bArr) {
            this.secret = copyOf(bArr);
        }

        public void setCreated(Date date) {
            this.validTimeStart = (Date) date.clone();
        }

        public void setExpires(Date date) {
            this.validTimeEnd = (Date) date.clone();
        }

        public void setState(SCTState sCTState) {
            this.state = sCTState;
        }

        @Override // java.io.Externalizable
        public void readExternal(ObjectInput objectInput) throws IOException, ClassNotFoundException {
            objectInput.readInt();
            readExternalVersion1(objectInput);
        }

        public void readExternalVersion1(ObjectInput objectInput) throws IOException, ClassNotFoundException {
            Object obj;
            this.instance = ObjectStateUtils.readString(objectInput, SERIALIZATION_DESCRIPTION_INSTANCE);
            Object readObject = ObjectStateUtils.readObject(objectInput, SERIALIZATION_DESCRIPTION_CLIENT_SECRET);
            if (readObject != null) {
                this.clientSecret = (byte[]) readObject;
            }
            Object readObject2 = ObjectStateUtils.readObject(objectInput, SERIALIZATION_DESCRIPTION_SERVER_SECRET);
            if (readObject2 != null) {
                this.serverSecret = (byte[]) readObject2;
            }
            Object readObject3 = ObjectStateUtils.readObject(objectInput, SERIALIZATION_DESCRIPTION_VALID_TIME_START);
            if (readObject3 != null) {
                this.validTimeStart = (Date) readObject3;
            }
            Object readObject4 = ObjectStateUtils.readObject(objectInput, SERIALIZATION_DESCRIPTION_VALID_TIME_END);
            if (readObject4 != null) {
                this.validTimeEnd = (Date) readObject4;
            }
            Object readObject5 = ObjectStateUtils.readObject(objectInput, SERIALIZATION_DESCRIPTION_STATE);
            if (readObject5 != null) {
                this.state = (SCTState) readObject5;
            }
            try {
                obj = ObjectStateUtils.readObject(objectInput, SERIALIZATION_DESCRIPTION_SECRET);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "SERIALIZATION_DESCRIPTION_SECRET");
                }
            } catch (Throwable th) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Cannot deserialize combined secret = " + th.getMessage());
                }
                obj = null;
            }
            if (obj != null) {
                this.secret = (byte[]) obj;
                return;
            }
            this.secret = createDerivedKeyByte(this.clientSecret, this.serverSecret);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "createDerivedKeyByte");
            }
        }

        @Override // java.io.Externalizable
        public void writeExternal(ObjectOutput objectOutput) throws IOException {
            objectOutput.writeInt(1);
            ObjectStateUtils.writeString(objectOutput, this.instance, SERIALIZATION_DESCRIPTION_INSTANCE);
            ObjectStateUtils.writeObject(objectOutput, this.clientSecret, SERIALIZATION_DESCRIPTION_CLIENT_SECRET);
            ObjectStateUtils.writeObject(objectOutput, this.serverSecret, SERIALIZATION_DESCRIPTION_SERVER_SECRET);
            ObjectStateUtils.writeObject(objectOutput, this.validTimeStart, SERIALIZATION_DESCRIPTION_VALID_TIME_START);
            ObjectStateUtils.writeObject(objectOutput, this.validTimeEnd, SERIALIZATION_DESCRIPTION_VALID_TIME_END);
            ObjectStateUtils.writeObject(objectOutput, this.state, SERIALIZATION_DESCRIPTION_STATE);
            ObjectStateUtils.writeObject(objectOutput, this.secret, SERIALIZATION_DESCRIPTION_SECRET);
        }

        private static byte[] copyOf(byte[] bArr) {
            byte[] bArr2 = null;
            if (bArr != null) {
                bArr2 = new byte[bArr.length];
                System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
            }
            return bArr2;
        }
    }

    /* loaded from: input_file:lib/com.ibm.jaxws.thinclient_9.0.jar:com/ibm/ws/wssecurity/wssapi/token/impl/SCT$SCTState.class */
    public enum SCTState {
        NULL,
        ISSUED,
        CANCELLED,
        RENEWED,
        AMENDED
    }

    public SCT() {
        this.securityTokenManager = null;
        this.dkgMap = null;
        this.allKeyInstances = new ArrayList();
        this.uuid = "";
        this.clientID = "";
        this.tokenID = "";
        this.isCancelled = false;
        this.keyMap = new HashMap<>();
        this.appliesToList = new ArrayList();
        this.renewable = false;
        this.renewableAfterExpiration = false;
        this.algorithm = "";
        this.provider = "";
        this.keySize = 0;
        this.serializedBytes = null;
    }

    public SCT(String str) {
        this();
        this.uuid = str;
    }

    public SCT(String str, KeyHistoryEntry[] keyHistoryEntryArr) {
        this(str);
        for (KeyHistoryEntry keyHistoryEntry : keyHistoryEntryArr) {
            addKeyInstance(keyHistoryEntry.getInstance(), keyHistoryEntry);
        }
    }

    @Override // com.ibm.websphere.wssecurity.wssapi.token.SecurityContextToken, com.ibm.websphere.wssecurity.wssapi.token.SecurityContextToken13, com.ibm.ws.wssecurity.token.CacheableToken
    public String getIdentifier() {
        return getUUID();
    }

    public String getUUID() {
        return this.uuid;
    }

    public String getClientID() {
        return this.clientID;
    }

    public String getTokenID() {
        return this.tokenID;
    }

    @Override // com.ibm.websphere.wssecurity.wssapi.token.SecurityContextToken, com.ibm.websphere.wssecurity.wssapi.token.SecurityContextToken13
    public String[] getInstances() {
        String[] strArr = new String[this.allKeyInstances.size()];
        this.allKeyInstances.toArray(strArr);
        return strArr;
    }

    public KeyHistoryEntry getKeyHistoryEntry(String str) {
        return this.keyMap.get(str);
    }

    public byte[] getClientSecret(String str) {
        KeyHistoryEntry keyHistoryEntry = this.keyMap.get(str);
        byte[] clientSecret = keyHistoryEntry == null ? null : keyHistoryEntry.getClientSecret();
        if (this.readOnly && clientSecret != null) {
            int length = clientSecret.length;
            byte[] bArr = new byte[length];
            System.arraycopy(clientSecret, 0, bArr, 0, length);
            clientSecret = bArr;
        }
        return clientSecret;
    }

    public byte[] getServerSecret(String str) {
        KeyHistoryEntry keyHistoryEntry = this.keyMap.get(str);
        byte[] serverSecret = keyHistoryEntry == null ? null : keyHistoryEntry.getServerSecret();
        if (this.readOnly && serverSecret != null) {
            int length = serverSecret.length;
            byte[] bArr = new byte[length];
            System.arraycopy(serverSecret, 0, bArr, 0, length);
            serverSecret = bArr;
        }
        return serverSecret;
    }

    public byte[] getSecret(String str) {
        KeyHistoryEntry keyHistoryEntry = this.keyMap.get(str);
        byte[] secret = keyHistoryEntry == null ? null : keyHistoryEntry.getSecret();
        if (this.readOnly && secret != null) {
            int length = secret.length;
            byte[] bArr = new byte[length];
            System.arraycopy(secret, 0, bArr, 0, length);
            secret = bArr;
        }
        return secret;
    }

    @Override // com.ibm.websphere.wssecurity.wssapi.token.SecurityContextToken, com.ibm.websphere.wssecurity.wssapi.token.SecurityContextToken13
    public Date getCreation(String str) {
        KeyHistoryEntry keyHistoryEntry = this.keyMap.get(str);
        Date created = keyHistoryEntry == null ? null : keyHistoryEntry.getCreated();
        if (this.readOnly && created != null) {
            created = (Date) created.clone();
        }
        return created;
    }

    @Override // com.ibm.websphere.wssecurity.wssapi.token.SecurityContextToken, com.ibm.websphere.wssecurity.wssapi.token.SecurityContextToken13
    public Date getExpiration(String str) {
        KeyHistoryEntry keyHistoryEntry = this.keyMap.get(str);
        Date expires = keyHistoryEntry == null ? null : keyHistoryEntry.getExpires();
        if (this.readOnly && expires != null) {
            expires = (Date) expires.clone();
        }
        return expires;
    }

    public SCTState getState(String str) {
        KeyHistoryEntry keyHistoryEntry = this.keyMap.get(str);
        if (keyHistoryEntry == null) {
            return null;
        }
        return keyHistoryEntry.getState();
    }

    public ArrayList getAppliesToList() {
        return (ArrayList) this.appliesToList.clone();
    }

    public String getAppliesTo(int i) {
        return (String) this.appliesToList.get(i);
    }

    public boolean isRenewable() {
        return this.renewable;
    }

    public boolean isRenewableAfterExpiration() {
        return this.renewableAfterExpiration;
    }

    public String getAlgorithm() {
        return this.algorithm;
    }

    public String getProvider() {
        return this.provider;
    }

    public int getKeySize() {
        return this.keySize;
    }

    public String getIssuer() {
        return this.issuer;
    }

    public void setUUID(String str) {
        if (this.readOnly) {
            return;
        }
        this.uuid = str;
    }

    public void setClientID(String str) {
        if (this.readOnly) {
            return;
        }
        this.clientID = str;
    }

    public void setTokenID(String str) {
        if (this.readOnly) {
            return;
        }
        this.tokenID = str;
    }

    public void setIssuer(String str) {
        if (this.readOnly) {
            return;
        }
        this.issuer = str;
    }

    public void setKeyHistoryEntry(KeyHistoryEntry keyHistoryEntry) {
        if (this.readOnly) {
            return;
        }
        addKeyInstance(keyHistoryEntry.getInstance(), keyHistoryEntry);
    }

    public void setClientSecret(String str, byte[] bArr) {
        KeyHistoryEntry keyHistoryEntry;
        if (this.readOnly || (keyHistoryEntry = this.keyMap.get(str)) == null) {
            return;
        }
        keyHistoryEntry.setClientSecret(bArr);
    }

    public void setServerSecret(String str, byte[] bArr) {
        KeyHistoryEntry keyHistoryEntry;
        if (this.readOnly || (keyHistoryEntry = this.keyMap.get(str)) == null) {
            return;
        }
        keyHistoryEntry.setServerSecret(bArr);
    }

    public void setSecret(String str, byte[] bArr) {
        KeyHistoryEntry keyHistoryEntry;
        if (this.readOnly || (keyHistoryEntry = this.keyMap.get(str)) == null) {
            return;
        }
        keyHistoryEntry.setSecret(bArr);
    }

    public void setCreation(String str, Date date) {
        KeyHistoryEntry keyHistoryEntry;
        if (this.readOnly || (keyHistoryEntry = this.keyMap.get(str)) == null) {
            return;
        }
        keyHistoryEntry.setCreated(date);
    }

    public void setExpiration(String str, Date date) {
        KeyHistoryEntry keyHistoryEntry;
        if (this.readOnly || (keyHistoryEntry = this.keyMap.get(str)) == null) {
            return;
        }
        keyHistoryEntry.setExpires(date);
    }

    public void setState(String str, SCTState sCTState) {
        KeyHistoryEntry keyHistoryEntry;
        if (this.readOnly || (keyHistoryEntry = this.keyMap.get(str)) == null) {
            return;
        }
        keyHistoryEntry.setState(sCTState);
    }

    public void setRenewable(boolean z) {
        if (this.readOnly) {
            return;
        }
        this.renewable = z;
    }

    public void setRenewableAfterExpiration(boolean z) {
        if (this.readOnly) {
            return;
        }
        this.renewableAfterExpiration = z;
    }

    public void setAlgorithm(String str) {
        if (this.readOnly) {
            return;
        }
        this.algorithm = str;
    }

    public void setProvider(String str) {
        if (this.readOnly) {
            return;
        }
        this.provider = str;
    }

    public void setKeySize(int i) {
        if (this.readOnly) {
            return;
        }
        this.keySize = i;
    }

    public void setAppliesTo(String str) {
        if (this.readOnly) {
            return;
        }
        this.appliesToList.clear();
        addAppliesTo(str);
    }

    public void addAppliesTo(String str) {
        if (this.readOnly) {
            return;
        }
        try {
            URL url = new URL(str);
            if (url != null) {
                String str2 = url.getProtocol() + "://" + url.getHost() + ":" + url.getPort() + url.getPath();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "setAppliesTo(" + str + ") stored as: " + str2);
                }
                this.appliesToList.add(str2);
                if (url.getPort() == url.getDefaultPort()) {
                    String str3 = url.getProtocol() + "://" + url.getHost() + url.getPath();
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "setAppliesTo(" + str + ") also stored as: " + str3);
                    }
                    this.appliesToList.add(str3);
                }
            } else {
                Tr.warning(tc, "url == null, invalid appliesTo: " + str);
                this.appliesToList.add(str);
            }
        } catch (MalformedURLException e) {
            Tr.warning(tc, "invalid appliesTo: " + str);
            this.appliesToList.add(str);
        }
    }

    public void setAppliesTo(ArrayList arrayList) {
        if (this.readOnly) {
            return;
        }
        this.appliesToList = arrayList;
    }

    public boolean isCancelled() {
        return this.isCancelled;
    }

    public void setCancelState() {
        if (this.readOnly) {
            return;
        }
        this.isCancelled = true;
    }

    public static final Date parseDateTime(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "parseDateTime( " + str + " )");
        }
        if (str == null) {
            return null;
        }
        try {
            Date parse = UTC.parse(str);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "parseDateTime( " + str + " )");
            }
            return parse;
        } catch (Exception e) {
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.entry(tc, "parseDateTime( " + str + " ) returns null");
            return null;
        }
    }

    public WSSConsumingContext getWssConsumingContext() {
        return this.wssConsumingContext;
    }

    public void setWssConsumingContext(WSSConsumingContext wSSConsumingContext) {
        this.wssConsumingContext = wSSConsumingContext;
    }

    public WSSGenerationContext getWssGenerationContext() {
        return this.wssGenerationContext;
    }

    public void setWssGenerationContext(WSSGenerationContext wSSGenerationContext) {
        this.wssGenerationContext = wSSGenerationContext;
    }

    public Map getMap() {
        return this._map;
    }

    public void setMap(Map map) {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "saving the configuration needed for trust client APIs");
        }
        this._map = map;
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "SCT configuration map = " + this._map.toString());
        }
    }

    public void setSecurityTokenManagerImpl(SecurityTokenManagerImpl securityTokenManagerImpl) {
        this.securityTokenManager = securityTokenManagerImpl;
    }

    @Override // com.ibm.websphere.wssecurity.wssapi.token.SecurityContextToken, com.ibm.websphere.wssecurity.wssapi.token.SecurityContextToken13
    public DerivedKeyToken getDerivedKeyToken(String str, String str2, String str3) throws WSSException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getDerivedKeyToken( " + str + ", " + str2 + ", " + str3 + ")");
        }
        if (str2 == null) {
            str2 = "Default";
        }
        if (str3 == null) {
            str3 = "Default";
        }
        Map<String, Object> keyAlgorithm = getKeyAlgorithm(str);
        SCTGenerateCallbackHandler sCTGenerateCallbackHandler = ((Boolean) keyAlgorithm.get("isSignature")).booleanValue() ? new SCTGenerateCallbackHandler(this, this.wssGenerationContext, this.wssConsumingContext, (String) keyAlgorithm.get("algorithm"), ((Integer) keyAlgorithm.get(DefaultValueManager.KEY_KEYLENGTH)).intValue(), null, 0, str2, str3) : new SCTGenerateCallbackHandler(this, this.wssGenerationContext, this.wssConsumingContext, null, 0, (String) keyAlgorithm.get("algorithm"), ((Integer) keyAlgorithm.get(DefaultValueManager.KEY_KEYLENGTH)).intValue(), str2, str3);
        DKToken dKToken = new DKToken();
        this.securityTokenManager.addTokenWrapper(new SecurityTokenWrapper(dKToken, sCTGenerateCallbackHandler, BindingPropertyConstants.SCT_JAAS_CONFIG_VALUE));
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getDerivedKeyToken(String, String )");
        }
        return dKToken;
    }

    public DerivedKeyToken getDerivedKeyToken(String str, int i, String str2, String str3) throws WSSException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getDerivedKeyToken( " + str + ", " + i + " , " + str2 + " , " + str3 + ")");
        }
        Map<String, Object> keyAlgorithm = getKeyAlgorithm(str);
        if (str2 == null) {
            str2 = "Default";
        }
        if (str3 == null) {
            str3 = "Default";
        }
        SCTGenerateCallbackHandler sCTGenerateCallbackHandler = ((Boolean) keyAlgorithm.get("isSignature")).booleanValue() ? new SCTGenerateCallbackHandler(this, this.wssGenerationContext, this.wssConsumingContext, (String) keyAlgorithm.get("algorithm"), i, null, 0, str2, str3) : new SCTGenerateCallbackHandler(this, this.wssGenerationContext, this.wssConsumingContext, null, 0, (String) keyAlgorithm.get("algorithm"), i, str2, str3);
        DKToken dKToken = new DKToken();
        this.securityTokenManager.addTokenWrapper(new SecurityTokenWrapper(dKToken, sCTGenerateCallbackHandler, BindingPropertyConstants.SCT_JAAS_CONFIG_VALUE));
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getDerivedKeyToken(String, int, String)");
        }
        return dKToken;
    }

    private Map<String, Object> getKeyAlgorithm(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getKeyAlgorithm(String algName): algName=" + str);
        }
        Map<String, Object> map = DefaultValueManager.getInstance().getSignatureAlgorithmMap().get(str);
        if (map != null) {
            map.put("isSignature", Boolean.TRUE);
        }
        if (map == null) {
            map = DefaultValueManager.getInstance().getEncryptionAlgorithmMap().get(str);
            if (map != null) {
                map.put("isSignature", Boolean.FALSE);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getKeyAlgorithm(String algName, int keyBytesLength) returns map" + map);
        }
        return map;
    }

    public boolean isValid(String str, long j) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "Enter isValid()...");
        }
        if (!this.keyMap.containsKey(str)) {
            if (!tc.isEntryEnabled()) {
                return false;
            }
            Tr.exit(tc, "Exit isValid()..., false");
            return false;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "SCT instance = " + str + ", cushion = " + j);
        }
        Date creation = getCreation(str);
        Date expiration = getExpiration(str);
        Date date = new Date();
        boolean z = true;
        long clockSkewToleranceMilliseconds = CacheConfigFactory.getInstance().getClockSkewToleranceMilliseconds();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Current time = " + date.toString() + "(" + date.getTime() + " ms), SCT creation time = " + creation.toString() + "(" + creation.getTime() + " ms), Expiration time =  " + expiration.toString() + "(" + expiration.getTime() + " ms), Clock Skew tolerance = " + clockSkewToleranceMilliseconds + " ms.");
        }
        if (clockSkewToleranceMilliseconds != 0) {
            if (creation != null && creation.getTime() > date.getTime() && creation.getTime() > date.getTime() + clockSkewToleranceMilliseconds) {
                z = false;
            }
            if (z && expiration != null && expiration.getTime() - j < date.getTime() && expiration.getTime() - j < date.getTime() - clockSkewToleranceMilliseconds) {
                z = false;
            }
        } else {
            if (creation != null) {
                z = creation.getTime() <= date.getTime();
            }
            if (expiration != null) {
                z = z && date.getTime() < expiration.getTime() - j;
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "Exit isValid()..., " + z);
        }
        return z;
    }

    public boolean validateAppliesToURI(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "validateAppliesToURI(" + str + ")");
        }
        boolean z = false;
        if (str == null || this.appliesToList == null) {
            return false;
        }
        for (int i = 0; i < this.appliesToList.size() && !z; i++) {
            String str2 = (String) this.appliesToList.get(i);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "appliesTo in SCT: " + str2);
                Tr.debug(tc, "appliesTo incoming: " + str);
            }
            z = STSUriUtil.URICompare(str2, str) == 0;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "validateAppliesToURI(" + str + ") returns " + z);
        }
        return z;
    }

    public byte[] getSerializationBytes() {
        String str = CLASS_NAME + ".getSerializationBytes()";
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, str);
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            ObjectOutputStream objectOutputStream = new ObjectOutputStream(byteArrayOutputStream);
            writeExternal(objectOutputStream);
            objectOutputStream.close();
            byteArrayOutputStream.close();
            this.serializedBytes = byteArrayOutputStream.toByteArray();
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Fail to serialize SCT. ", e.getStackTrace());
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, str);
        }
        return this.serializedBytes;
    }

    @Override // com.ibm.websphere.wssecurity.wssapi.token.SecurityContextToken, com.ibm.websphere.wssecurity.wssapi.token.SecurityContextToken13
    public int getStatus(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getStatus(" + str + ")");
        }
        SCTState state = getState(str);
        if (state.equals(SCTState.ISSUED)) {
            if (!tc.isEntryEnabled()) {
                return 81;
            }
            Tr.exit(tc, "getStatus(" + str + ")");
            return 81;
        }
        if (state.equals(SCTState.CANCELLED)) {
            if (!tc.isEntryEnabled()) {
                return 83;
            }
            Tr.exit(tc, "getStatus(" + str + ")");
            return 83;
        }
        if (state.equals(SCTState.RENEWED)) {
            if (!tc.isEntryEnabled()) {
                return 82;
            }
            Tr.exit(tc, "getStatus(" + str + ")");
            return 82;
        }
        if (!tc.isEntryEnabled()) {
            return -1;
        }
        Tr.exit(tc, "getStatus(" + str + ")");
        return -1;
    }

    @Override // com.ibm.websphere.wssecurity.wssapi.token.SecurityContextToken, com.ibm.websphere.wssecurity.wssapi.token.SecurityContextToken13
    public void cancel() throws WSSException {
    }

    @Override // com.ibm.websphere.wssecurity.wssapi.token.SecurityContextToken, com.ibm.websphere.wssecurity.wssapi.token.SecurityContextToken13
    public void cancel(WSSGenerationContext wSSGenerationContext, WSSConsumingContext wSSConsumingContext) throws WSSException {
    }

    @Override // com.ibm.websphere.wssecurity.wssapi.token.SecurityContextToken, com.ibm.websphere.wssecurity.wssapi.token.SecurityContextToken13
    public boolean validate() throws WSSException {
        return false;
    }

    @Override // com.ibm.websphere.wssecurity.wssapi.token.SecurityContextToken, com.ibm.websphere.wssecurity.wssapi.token.SecurityContextToken13
    public boolean validate(WSSGenerationContext wSSGenerationContext, WSSConsumingContext wSSConsumingContext) throws WSSException {
        return false;
    }

    @Override // com.ibm.websphere.wssecurity.wssapi.token.SecurityContextToken, com.ibm.websphere.wssecurity.wssapi.token.SecurityContextToken13
    public void renew() throws WSSException {
    }

    @Override // com.ibm.websphere.wssecurity.wssapi.token.SecurityContextToken, com.ibm.websphere.wssecurity.wssapi.token.SecurityContextToken13
    public void renew(WSSGenerationContext wSSGenerationContext, WSSConsumingContext wSSConsumingContext) throws WSSException {
    }

    @Override // com.ibm.ws.wssecurity.wssapi.token.impl.SecurityTokenImpl, java.io.Externalizable
    public void readExternal(ObjectInput objectInput) throws IOException, ClassNotFoundException {
        super.readExternal(objectInput);
        objectInput.readInt();
        readExternalVersion1(objectInput);
    }

    private void readExternalVersion1(ObjectInput objectInput) throws IOException, ClassNotFoundException {
        this.uuid = ObjectStateUtils.readString(objectInput, SERIALIZATION_DESCRIPTION_UUID);
        this.clientID = ObjectStateUtils.readString(objectInput, SERIALIZATION_DESCRIPTION_CLIENT_ID);
        this.tokenID = ObjectStateUtils.readString(objectInput, SERIALIZATION_DESCRIPTION_TOKEN_ID);
        this.isCancelled = objectInput.readBoolean();
        this.keyMap = ObjectStateUtils.readHashMap(objectInput, SERIALIZATION_DESCRIPTION_KEY_MAP);
        this.appliesToList = ObjectStateUtils.readArrayList(objectInput, SERIALIZATION_DESCRIPTION_APPLIES_TO);
        this.renewable = objectInput.readBoolean();
        this.renewableAfterExpiration = objectInput.readBoolean();
        this.algorithm = ObjectStateUtils.readString(objectInput, SERIALIZATION_DESCRIPTION_ALGORITHM);
        this.provider = ObjectStateUtils.readString(objectInput, SERIALIZATION_DESCRIPTION_PROVIDER);
        this.keySize = objectInput.readInt();
        this.issuer = ObjectStateUtils.readString(objectInput, SERIALIZATION_DESCRIPTION_ISSUER);
        this.allKeyInstances = ObjectStateUtils.readArrayList(objectInput, SERIALIZATION_DESCRIPTION_INSTANCES);
    }

    @Override // com.ibm.ws.wssecurity.wssapi.token.impl.SecurityTokenImpl, java.io.Externalizable
    public void writeExternal(ObjectOutput objectOutput) throws IOException {
        super.writeExternal(objectOutput);
        objectOutput.writeInt(1);
        ObjectStateUtils.writeString(objectOutput, this.uuid, SERIALIZATION_DESCRIPTION_UUID);
        ObjectStateUtils.writeString(objectOutput, this.clientID, SERIALIZATION_DESCRIPTION_CLIENT_ID);
        ObjectStateUtils.writeString(objectOutput, this.tokenID, SERIALIZATION_DESCRIPTION_TOKEN_ID);
        objectOutput.writeBoolean(this.isCancelled);
        ObjectStateUtils.writeHashMap(objectOutput, this.keyMap, SERIALIZATION_DESCRIPTION_KEY_MAP);
        ObjectStateUtils.writeArrayList(objectOutput, this.appliesToList, SERIALIZATION_DESCRIPTION_APPLIES_TO);
        objectOutput.writeBoolean(this.renewable);
        objectOutput.writeBoolean(this.renewableAfterExpiration);
        ObjectStateUtils.writeString(objectOutput, this.algorithm, SERIALIZATION_DESCRIPTION_ALGORITHM);
        ObjectStateUtils.writeString(objectOutput, this.provider, SERIALIZATION_DESCRIPTION_PROVIDER);
        objectOutput.writeInt(this.keySize);
        ObjectStateUtils.writeString(objectOutput, this.issuer, SERIALIZATION_DESCRIPTION_ISSUER);
        ObjectStateUtils.writeArrayList(objectOutput, this.allKeyInstances, SERIALIZATION_DESCRIPTION_INSTANCES);
    }

    private synchronized void addKeyInstance(String str, KeyHistoryEntry keyHistoryEntry) {
        this.keyMap.put(str, keyHistoryEntry);
        this.allKeyInstances.add(str);
    }
}
