package com.ibm.ws.wssecurity.wssapi.token.impl;

import com.ibm.websphere.wssecurity.callbackhandler.PropertyCallback;
import com.ibm.websphere.wssecurity.wssapi.token.SecurityToken;
import com.ibm.ws.wssecurity.common.Constants;
import com.ibm.ws.wssecurity.config.DerivedKeyInfoConfig;
import com.ibm.ws.wssecurity.config.EncryptionGeneratorConfig;
import com.ibm.ws.wssecurity.config.KeyInfoContentGeneratorConfig;
import com.ibm.ws.wssecurity.config.SignatureGeneratorConfig;
import com.ibm.ws.wssecurity.config.WSSGeneratorConfig;
import com.ibm.ws.wssecurity.handler.PolicyOutboundConfig;
import com.ibm.ws.wssecurity.keyinfo.WSSKeyInfoComponent;
import com.ibm.ws.wssecurity.util.ConfigUtil;
import com.ibm.ws.wssecurity.util.DOMUtils;
import com.ibm.ws.wssecurity.util.DerivedKeyUtil;
import com.ibm.ws.wssecurity.util.IdAttributeValue;
import com.ibm.ws.wssecurity.util.IdUtils;
import com.ibm.ws.wssecurity.util.Tr;
import com.ibm.ws.wssecurity.util.TraceComponent;
import com.ibm.ws.wssecurity.util.WSSNonceGenerator;
import com.ibm.ws.wssecurity.wssapi.OMStructure;
import com.ibm.ws.wssecurity.wssapi.WSSObjectStructureImpl;
import com.ibm.ws.wssecurity.wssobject.impl.WSSObjectDocumentImpl;
import com.ibm.ws.wssecurity.wssobject.impl.wsc.DerivedKeyToken;
import com.ibm.ws.wssecurity.wssobject.impl.wsse10.KeyIdentifier;
import com.ibm.ws.wssecurity.wssobject.impl.wsse10.Reference;
import com.ibm.ws.wssecurity.wssobject.impl.wsse10.SecurityTokenReference;
import com.ibm.ws.wssecurity.wssobject.interfaces.WSSObjectElement;
import com.ibm.ws.wssecurity.wssobject.util.VariablePartAttributeValue;
import com.ibm.ws.wssecurity.wssobject.util.VariablePartFactory;
import com.ibm.ws.wssecurity.wssobject.util.constants.Utf8ByteConstantsQNames;
import com.ibm.ws.wssecurity.wssobject.util.constants.Utf8ByteConstantsVariableParts;
import com.ibm.ws.wssecurity.xml.xss4j.dsig.util.Base64;
import com.ibm.wsspi.wssecurity.core.SoapSecurityException;
import com.ibm.wsspi.wssecurity.core.config.Configuration;
import com.ibm.wsspi.wssecurity.core.config.TokenGeneratorConfig;
import com.ibm.wsspi.wssecurity.core.token.SecurityTokenManager;
import java.io.IOException;
import java.security.AccessController;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.crypto.SecretKey;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import javax.xml.namespace.QName;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMFactory;
import org.apache.axiom.om.OMNode;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.context.OperationContext;

/* loaded from: input_file:lib/com.ibm.jaxws.thinclient_9.0.jar:com/ibm/ws/wssecurity/wssapi/token/impl/DKTGenerateLoginModule.class */
public class DKTGenerateLoginModule implements LoginModule {
    private static final String comp = "security.wssecurity";
    public static final String XMLDSIG_NAMESPACE = "http://www.w3.org/2000/09/xmldsig#";
    public static final String XMLENC_NS = "http://www.w3.org/2001/04/xmlenc#";
    public static final String TRIPLEDES_CBC = "http://www.w3.org/2001/04/xmlenc#tripledes-cbc";
    public static final String AES128_CBC = "http://www.w3.org/2001/04/xmlenc#aes128-cbc";
    public static final String AES192_CBC = "http://www.w3.org/2001/04/xmlenc#aes192-cbc";
    public static final String AES256_CBC = "http://www.w3.org/2001/04/xmlenc#aes256-cbc";
    public static final String HMAC = "http://www.w3.org/2000/09/xmldsig#hmac-sha1";
    public static final String RSA_1_5 = "http://www.w3.org/2001/04/xmlenc#rsa-1_5";
    public static final String KW_TRIPLEDES = "http://www.w3.org/2001/04/xmlenc#kw-tripledes";
    public static final String KWAES128 = "http://www.w3.org/2001/04/xmlenc#kw-aes128";
    public static final String KWAES192 = "http://www.w3.org/2001/04/xmlenc#kw-aes192";
    public static final String KWAES256 = "http://www.w3.org/2001/04/xmlenc#kw-aes256";
    public static final String RSA = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
    public static final String DSA = "http://www.w3.org/2000/09/xmldsig#dsa-sha1";
    private CallbackHandler _handler;
    private Map _sharedState;
    private List<SecurityToken> _processedTokens;
    private List<SecurityToken> _insertedTokens;
    private OMNode _referencedTokenElement;
    private SecurityTokenManager _securityTokenManager;
    private Map<Object, Object> _context;
    private boolean _isOM = false;
    private boolean _isWSSObject = false;
    private static final TraceComponent tc = Tr.register(DKTGenerateLoginModule.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.wssmessages");
    private static final String clsName = DKTGenerateLoginModule.class.getName();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:lib/com.ibm.jaxws.thinclient_9.0.jar:com/ibm/ws/wssecurity/wssapi/token/impl/DKTGenerateLoginModule$DKTContent.class */
    public static class DKTContent {
        String sLabel;
        String cLabel;
        String refTokenUUID;
        String refTokenId;
        QName refTokenType;
        QName tokenType;
        QName tokenQName;
        long keyLength;
        String refInstance;
        SecurityToken sct;
        int offset;
        int generation;
        int nonceLength;
        String keyIdEncodingType;

        private DKTContent(String str) {
            this.sLabel = null;
            this.cLabel = null;
            this.refTokenUUID = null;
            this.refTokenId = null;
            this.refTokenType = null;
            this.tokenType = null;
            this.tokenQName = null;
            this.keyLength = 0L;
            this.refInstance = null;
            this.sct = null;
            this.offset = 0;
            this.generation = 0;
            this.nonceLength = 0;
            this.keyIdEncodingType = null;
            if (Constants.NS_WSC_SCT_13.equals(str)) {
                this.tokenType = new QName("", Constants.NS_WSC_DKT_13);
                this.tokenQName = new QName(Constants.NS_WSC_SC_13, "DerivedKeyToken");
            } else if (Constants.NS_WSC_SCT.equals(str)) {
                this.tokenType = new QName("", Constants.NS_WSC_DKT);
                this.tokenQName = new QName(Constants.NS_WSC_SC, "DerivedKeyToken");
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void set(String str, String str2, String str3, QName qName, long j, String str4, String str5, int i, int i2, int i3, String str6) {
            if (DKTGenerateLoginModule.tc.isEntryEnabled()) {
                Tr.entry(DKTGenerateLoginModule.tc, "DKTContent.set(" + str + ", " + str2 + ", " + str3 + ", " + qName + ", " + j + "," + str4 + ", " + str5 + ", " + i + ", " + i2);
            }
            this.sLabel = str4;
            this.cLabel = str5;
            this.offset = i;
            this.generation = i2;
            this.nonceLength = i3;
            this.keyIdEncodingType = str6;
            if (str2 != null) {
                this.refTokenUUID = str2;
                this.refInstance = str3;
                if (DKTGenerateLoginModule.tc.isDebugEnabled()) {
                    Tr.debug(DKTGenerateLoginModule.tc, "The token's ref token UUID = " + this.refTokenUUID);
                    Tr.debug(DKTGenerateLoginModule.tc, "The token's ref token instance = " + this.refInstance);
                }
            }
            this.refTokenId = str;
            this.refTokenType = qName;
            this.keyLength = j;
            if (DKTGenerateLoginModule.tc.isDebugEnabled()) {
                Tr.debug(DKTGenerateLoginModule.tc, "The labels are set via properties, service label = " + this.sLabel + " and client label = " + this.cLabel);
                Tr.debug(DKTGenerateLoginModule.tc, "The token's ref token id = " + this.refTokenId);
                Tr.debug(DKTGenerateLoginModule.tc, "The key length is = " + this.keyLength);
            }
            if (DKTGenerateLoginModule.tc.isEntryEnabled()) {
                Tr.exit(DKTGenerateLoginModule.tc, "set(" + j + "," + str4 + ", " + str5 + ", " + i + ", " + i2 + ") return");
            }
        }

        public long getKeyLength() {
            return this.keyLength;
        }

        public QName getRefTokenType() {
            return this.refTokenType;
        }

        public String getRefTokenUUID() {
            return this.refTokenUUID;
        }

        public String getRefTokenId() {
            return this.refTokenId;
        }

        public QName getType() {
            return this.tokenType;
        }

        public QName getTokenQName() {
            return this.tokenQName;
        }

        public String getServiceLabel() {
            return this.sLabel;
        }

        public String getClientLabel() {
            return this.cLabel;
        }

        public String getRefInstanceUUID() {
            return this.refInstance;
        }

        public SecurityToken getSecurityToken() {
            return this.sct;
        }

        public int getOffset() {
            return this.offset;
        }

        public int getGeneration() {
            return this.generation;
        }

        public int getNonceLength() {
            return this.nonceLength;
        }

        public void setNonceLength(int i) {
            this.nonceLength = i;
        }

        public String getkeyIdEncodingType() {
            return this.keyIdEncodingType;
        }
    }

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initialize(Subject subject, CallbackHandler handler, Map sharedState, Map options)");
        }
        this._handler = callbackHandler;
        this._sharedState = map;
        this._processedTokens = new ArrayList();
        this._insertedTokens = new ArrayList();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "initialize(Subject, CallbackHandler, Map, Map)");
        }
    }

    public boolean login() throws LoginException {
        boolean equals;
        boolean equals2;
        String str;
        String str2;
        String keyName;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "login()");
        }
        PropertyCallback propertyCallback = new PropertyCallback(null);
        try {
            this._handler.handle(new Callback[]{propertyCallback});
            this._context = propertyCallback.getProperties();
            if (this._context == null) {
                return true;
            }
            this._securityTokenManager = (SecurityTokenManager) this._context.get(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_SECURITY_TOKEN_MANAGER);
            if (tc.isEntryEnabled()) {
                StringBuffer stringBuffer = new StringBuffer("loginForPolicyset(");
                stringBuffer.append("SecurityTokenManager securityTokenManager)");
                Tr.entry(tc, stringBuffer.toString());
            }
            boolean z = false;
            String str3 = null;
            String str4 = null;
            String str5 = null;
            if (this._sharedState.get(com.ibm.wsspi.wssecurity.core.Constants.INTERNAL_TOKEN_REFERENCE) != null) {
                z = true;
                str3 = (String) this._sharedState.get(com.ibm.wsspi.wssecurity.core.Constants.INTERNAL_TOKEN_REFERENCE);
            } else if (this._sharedState.get(com.ibm.wsspi.wssecurity.core.Constants.BASE_TOKEN_REFERENCE) != null) {
                str3 = (String) this._sharedState.get(com.ibm.wsspi.wssecurity.core.Constants.BASE_TOKEN_REFERENCE);
            }
            if (this._sharedState.get(com.ibm.wsspi.wssecurity.core.Constants.EXTERNAL_TOKEN_REFERENCE) != null) {
                str4 = (String) this._sharedState.get(com.ibm.wsspi.wssecurity.core.Constants.EXTERNAL_TOKEN_REFERENCE);
                str5 = (String) this._sharedState.get(com.ibm.wsspi.wssecurity.core.Constants.BASE_TOKEN_INSTANCE);
            }
            if (str3 == null && str4 == null) {
                return true;
            }
            if (this._sharedState.get(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_TOKEN_PROCESSED) != null) {
                this._processedTokens = (List) this._sharedState.get(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_TOKEN_PROCESSED);
            }
            if (this._sharedState.get(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_TOKEN_TO_BE_INSERTED) != null) {
                this._insertedTokens = (List) this._sharedState.get(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_TOKEN_TO_BE_INSERTED);
            }
            TokenGeneratorConfig tokenGeneratorConfig = (TokenGeneratorConfig) this._context.get(TokenGeneratorConfig.CONFIG_KEY);
            WSSGeneratorConfig wSSGeneratorConfig = (WSSGeneratorConfig) this._context.get("com.ibm.wsspi.wssecurity.config.wssGenerator.configKey");
            String str6 = (String) this._context.get(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_TYPE);
            if (str6 == null) {
                equals2 = false;
                equals = false;
            } else {
                equals = WSSKeyInfoComponent.KEY_SIGNING.equals(str6);
                equals2 = WSSKeyInfoComponent.KEY_ENCRYPTING.equals(str6);
                r23 = equals ? (String) this._context.get(Constants.KEY_ALGORITHM) : null;
                r22 = equals2 ? (String) this._context.get(Constants.KEY_ALGORITHM) : null;
                if (tc.isDebugEnabled()) {
                    if (equals) {
                        Tr.debug(tc, "Verifying key type");
                    } else if (equals2) {
                        Tr.debug(tc, "Encrypting key type");
                    }
                }
            }
            if (!equals && !equals2) {
                if (!tc.isDebugEnabled()) {
                    return true;
                }
                Tr.debug(tc, "protection Key is not required.");
                return true;
            }
            KeyInfoContentGeneratorConfig keyInfoContentGeneratorConfig = (KeyInfoContentGeneratorConfig) this._context.get(KeyInfoContentGeneratorConfig.CONFIG_KEY);
            DerivedKeyInfoConfig derivedKeyInfoConfig = keyInfoContentGeneratorConfig != null ? keyInfoContentGeneratorConfig.getDerivedKeyInfoConfig() : null;
            if (!derivedKeyInfoConfig.isRequireDerivedKeys()) {
                if (!tc.isDebugEnabled()) {
                    return true;
                }
                Tr.debug(tc, "Derived Key is not required.");
                return true;
            }
            boolean z2 = false;
            if (this._sharedState.get(com.ibm.wsspi.wssecurity.core.Constants.BASE_TOKEN_IDENTIFIER_TYPE) != null) {
                r32 = ((String) this._sharedState.get(com.ibm.wsspi.wssecurity.core.Constants.BASE_TOKEN_IDENTIFIER_TYPE)).equals(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_REFERENCE);
                if (((String) this._sharedState.get(com.ibm.wsspi.wssecurity.core.Constants.BASE_TOKEN_IDENTIFIER_TYPE)).equals(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_ID)) {
                    z2 = true;
                }
            }
            String str7 = this._sharedState.get(com.ibm.wsspi.wssecurity.core.Constants.BASE_TOKEN_IDENTIFIER_ENCODED_TYPE) != null ? (String) this._sharedState.get(com.ibm.wsspi.wssecurity.core.Constants.BASE_TOKEN_IDENTIFIER_ENCODED_TYPE) : null;
            int i = 0;
            Object obj = this._context.get(Constants.WSS_VERSION);
            if (obj != null && (obj instanceof Integer)) {
                i = ((Integer) obj).intValue();
            }
            String str8 = Constants.NS_WSC_SCT_13;
            String str9 = Constants.NS_WSC_SC_13;
            QName qName = (QName) this._sharedState.get(com.ibm.wsspi.wssecurity.core.Constants.BASE_TOKEN_VALUE_TYPE);
            if (Constants.SCT.equals(qName)) {
                String str10 = Constants.NS_WSC_SC;
                str8 = qName.getLocalPart();
            }
            if (keyInfoContentGeneratorConfig != null && ConfigUtil.getIsTrueProperty(keyInfoContentGeneratorConfig.getProperties(), "com.ibm.broker.wssecurity.dkt.sc200502")) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Changing to 2005/02 SC namespace");
                }
                String str11 = Constants.NS_WSC_SC;
                str8 = Constants.NS_WSC_SCT;
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Referenced Token Value Type = " + qName);
                Tr.debug(tc, "Token Value Type = " + str8);
            }
            Object obj2 = this._context.get("com.ibm.ws.wssecurity.constants.processingElement");
            if (obj2 instanceof WSSObjectElement) {
                this._isWSSObject = true;
            } else {
                this._isOM = true;
            }
            boolean z3 = true;
            int i2 = 16;
            int i3 = 20;
            int i4 = 16;
            int size = wSSGeneratorConfig.getTokenGenerators().size();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "The supplied algorithms from algorithm suite, Encryption Algorithm: " + r22 + " and Signature Algorithm: = " + r23);
                Tr.debug(tc, "Number of token generators in the configuration = " + size);
            }
            tokenGeneratorConfig.getProperties();
            if (keyInfoContentGeneratorConfig != null && (keyName = keyInfoContentGeneratorConfig.getKeyName()) != null) {
                String str12 = null;
                String str13 = null;
                for (Configuration configuration : wSSGeneratorConfig.getOperationGenerators()) {
                    if (configuration instanceof SignatureGeneratorConfig) {
                        String keyName2 = ((SignatureGeneratorConfig) configuration).getSigningKeyInfo().getContentGenerator().getKeyName();
                        if (keyName.equals(keyName2)) {
                            str12 = keyName2;
                        }
                    } else if (configuration instanceof EncryptionGeneratorConfig) {
                        String keyName3 = ((EncryptionGeneratorConfig) configuration).getEncryptionKeyInfo().getContentGenerator().getKeyName();
                        if (keyName.equals(keyName3)) {
                            str13 = keyName3;
                        }
                    }
                }
                if (keyName.equals(str12) && keyName.equals(str13)) {
                    z3 = false;
                }
            }
            if (!z3 && (wSSGeneratorConfig instanceof PolicyOutboundConfig)) {
                r22 = ((PolicyOutboundConfig) wSSGeneratorConfig).getEncryptionAlgorithm();
                r23 = ((PolicyOutboundConfig) wSSGeneratorConfig).getSymmetricSignatureAlgorithm();
            }
            if (r22 != null) {
                i2 = getKeyLength(false, wSSGeneratorConfig, tokenGeneratorConfig, derivedKeyInfoConfig, r22);
                r22 = mapKeyAlgorithm2JCE(r22, false, false, false, true);
            }
            if (r23 != null) {
                i3 = getKeyLength(true, wSSGeneratorConfig, tokenGeneratorConfig, derivedKeyInfoConfig, r23);
                r23 = mapKeyAlgorithm2JCE(r23, false, false, true, false);
            }
            if (i2 == i3) {
                z3 = true;
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Encryption algorithm (JCE mapping) and key length are = " + r22 + ", " + i2);
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Signature algorithm (JCE mapping)and key length are = " + r23 + ", " + i3);
            }
            if (equals2 && r22 == null) {
                throw new LoginException("Missing Algorithm info in the config");
            }
            if (equals && r23 == null) {
                throw new LoginException("Missing Algorithm info in the config");
            }
            if (derivedKeyInfoConfig != null) {
                str = derivedKeyInfoConfig.getServiceLabel();
                str2 = derivedKeyInfoConfig.getClientLabel();
                String nonceLength = derivedKeyInfoConfig.getNonceLength();
                if (nonceLength != null && nonceLength.length() > 0) {
                    i4 = new Integer(nonceLength).intValue();
                }
            } else {
                str = (String) tokenGeneratorConfig.getProperties().get("com.ibm.ws.wssecurity.sc.dkt.ServiceLabel");
                str2 = (String) tokenGeneratorConfig.getProperties().get("com.ibm.ws.wssecurity.sc.dkt.ClientLabel");
            }
            MessageContext messageContext = (MessageContext) this._context.get(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_MESSAGE_CONTEXT);
            if (messageContext != null) {
                String str14 = null;
                OperationContext operationContext = messageContext.getOperationContext();
                if (operationContext != null) {
                    Iterator<Map.Entry<String, MessageContext>> it = operationContext.getMessageContexts().entrySet().iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        String str15 = (String) it.next().getValue().getProperty(Constants.SCT_TOKEN_VALUE_TYPE);
                        str14 = str15;
                        if (str15 != null) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Found SC TokenType: " + str14);
                            }
                        }
                    }
                }
                if (str14 != null && str14.length() > 0) {
                    str8 = str14;
                }
            }
            DKTContent dKTContent = new DKTContent(str8);
            if (equals2) {
                dKTContent.set(str3, str4, str5, qName, i2, str, str2, 0, 0, i4, str7);
            } else {
                dKTContent.set(str3, str4, str5, qName, i3, str, str2, 0, 0, i4, str7);
            }
            String str16 = null;
            IdAttributeValue makeUniqueId = IdUtils.getInstance().makeUniqueId(this._context);
            String stringValue = makeUniqueId.getStringValue();
            if (r32) {
                str16 = makeUniqueId.getStringRefValue();
            } else if (z2) {
                str16 = makeUniqueId.getStringRefValue();
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Using DKT id = " + stringValue + ", to create DKToken.");
            }
            try {
                DKToken createDKTokenAndElement = createDKTokenAndElement(obj2, dKTContent, stringValue, z, z3, i, r32, z2);
                if (createDKTokenAndElement == null) {
                    if (tc.isDebugEnabled()) {
                        Tr.error(tc, "DKToken cannot be created!");
                    }
                    throw new LoginException("Invalid derived key token");
                }
                if (r32) {
                    createDKTokenAndElement.setReferenceURI(str16);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Setting the token's Reference URI = " + str16);
                    }
                } else if (z2) {
                    createDKTokenAndElement.setReferenceURI(str16);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Setting the token's key Identifier = " + str16);
                    }
                }
                if (r22 != null) {
                    try {
                        Key createDerivedKey = createDerivedKey(createDKTokenAndElement, r22, i2);
                        if (equals2 && createDerivedKey == null) {
                            throw new LoginException(ConfigUtil.getMessage("security.wssecurity.SCTGenerateLoginModule.DKG02"));
                        }
                        if (createDerivedKey != null) {
                            createDKTokenAndElement.setKey(62, createDerivedKey);
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Derived key (for encryption) algorithm = " + createDerivedKey.getAlgorithm() + ", and key = " + Base64.encode(createDerivedKey.getEncoded()));
                            }
                        }
                    } catch (InvalidKeyException e) {
                        throw new LoginException(ConfigUtil.getMessage("security.wssecurity.SCTGenerateLoginModule.DKG", new String[]{e.toString()}));
                    } catch (NoSuchAlgorithmException e2) {
                        throw new LoginException(ConfigUtil.getMessage("security.wssecurity.SCTGenerateLoginModule.DKG", new String[]{e2.toString()}));
                    }
                }
                if (r23 != null) {
                    Key createDerivedKey2 = createDerivedKey(createDKTokenAndElement, r23, i3);
                    if (equals && createDerivedKey2 == null) {
                        throw new LoginException(ConfigUtil.getMessage("security.wssecurity.SCTGenerateLoginModule.DKG02"));
                    }
                    if (createDerivedKey2 != null) {
                        createDKTokenAndElement.setKey(61, createDerivedKey2);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Derived key (for signing) algorithm = " + createDerivedKey2.getAlgorithm() + ", and key = " + createDerivedKey2.getEncoded());
                        }
                    }
                }
                if (derivedKeyInfoConfig.isRequireImpliedDerivedKeys()) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Implied Derived Keys property is = TRUE");
                    }
                    this._context.put("ImpliedDerivedKey", new Boolean(true));
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Setting the dktoken in the subject. dktoken id = " + createDKTokenAndElement.getId());
                    Tr.debug(tc, "dktoken = " + createDKTokenAndElement.getKeyIdentifier() + ", dktoken.byte = , dktoken.getAlgorithm =" + createDKTokenAndElement.getAlgorithm() + ", dktoken.getuniqueID=" + createDKTokenAndElement.getSecurityContextTokenTokenUUID());
                }
                this._processedTokens.add(createDKTokenAndElement);
                this._insertedTokens.add(createDKTokenAndElement);
                if (!tc.isEntryEnabled()) {
                    return true;
                }
                Tr.exit(tc, "login() returns.");
                return true;
            } catch (SoapSecurityException e3) {
                Tr.processException(e3, clsName + ".login", "942", this);
                throw new LoginException(e3.toString());
            }
        } catch (Exception e4) {
            if (e4 instanceof IOException) {
                throw new LoginException(e4.getMessage());
            }
            throw new LoginException(ConfigUtil.getMessage("security.wssecurity.BSTokenLoginModule.s01", new String[]{e4.toString()}));
        }
    }

    public boolean commit() throws LoginException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "commit()");
        }
        if (this._context != null && this._processedTokens.size() > 0) {
            int size = this._processedTokens.size();
            for (int i = 0; i < size; i++) {
                this._securityTokenManager.addToken(this._processedTokens.get(i));
            }
            this._context.put(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_TOKEN_PROCESSED, this._processedTokens);
            this._context.put(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_TOKEN_TO_BE_INSERTED, this._insertedTokens);
        }
        if (!tc.isEntryEnabled()) {
            return true;
        }
        Tr.exit(tc, "commit()");
        return true;
    }

    public boolean abort() throws LoginException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "abort()");
        }
        if (!tc.isEntryEnabled()) {
            return false;
        }
        Tr.exit(tc, "abort()");
        return false;
    }

    public boolean logout() throws LoginException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "logout()");
        }
        if (!tc.isEntryEnabled()) {
            return false;
        }
        Tr.exit(tc, "logout()");
        return false;
    }

    /* JADX WARN: Code restructure failed: missing block: B:37:0x00d8, code lost:
    
        r11 = (com.ibm.ws.wssecurity.wssapi.token.impl.DKToken) r0;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static final com.ibm.ws.wssecurity.wssapi.token.impl.DKToken checkDKToken(com.ibm.wsspi.wssecurity.core.config.TokenGeneratorConfig r4, java.lang.String r5, java.lang.String r6, java.lang.String r7, java.lang.String r8, java.lang.String r9, com.ibm.wsspi.wssecurity.core.token.SecurityTokenManager r10) throws com.ibm.wsspi.wssecurity.core.SoapSecurityException {
        /*
            Method dump skipped, instructions count: 324
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ws.wssecurity.wssapi.token.impl.DKTGenerateLoginModule.checkDKToken(com.ibm.wsspi.wssecurity.core.config.TokenGeneratorConfig, java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String, com.ibm.wsspi.wssecurity.core.token.SecurityTokenManager):com.ibm.ws.wssecurity.wssapi.token.impl.DKToken");
    }

    public static final OMElement createTokenElement(OMFactory oMFactory, OMElement oMElement, QName qName, String str, String str2, String str3, int i) {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("createTokenElement(");
            stringBuffer.append("OMFactory factory, ");
            stringBuffer.append("OMElement parent[").append(DOMUtils.getDisplayName(oMElement)).append("], ");
            stringBuffer.append("QName valueType[").append(qName).append("], ");
            stringBuffer.append("SCT sct, ");
            stringBuffer.append("String curInstance[").append(str3).append("], ");
            stringBuffer.append("int wssVersion[").append(i).append("])");
            Tr.entry(tc, stringBuffer.toString());
        }
        String localPart = qName.getLocalPart();
        if (localPart != null && tc.isDebugEnabled()) {
            Tr.debug(tc, "SCT NS =  [" + localPart + "].");
        }
        String str4 = Constants.NS_WSC_SC_13;
        if (Constants.NS_WSC_SCT_13.equals(localPart)) {
            str4 = Constants.NS_WSC_SC_13;
        } else if (Constants.NS_WSC_SCT.equals(localPart)) {
            str4 = Constants.NS_WSC_SC;
        }
        String str5 = Constants.NAMESPACES[1][i];
        boolean z = false;
        String str6 = null;
        if (oMElement != null) {
            str6 = DOMUtils.getNamespacePrefix(oMElement, str4);
        }
        if (str6 == null) {
            z = true;
            str6 = "wsc";
        }
        OMElement createOMElement = oMFactory.createOMElement("SecurityContextToken", str4, str6);
        if (z) {
            createOMElement.declareNamespace(str4, "wsc");
        }
        boolean z2 = false;
        String str7 = null;
        if (oMElement != null) {
            str7 = DOMUtils.getNamespacePrefix(oMElement, str5);
        }
        if (str7 == null) {
            z2 = true;
            str7 = "wsu";
        }
        if (z2) {
            createOMElement.declareNamespace(str5, "wsu");
        }
        createOMElement.addAttribute("Id", str, createOMElement.getOMFactory().createOMNamespace(str5, str7));
        OMElement createOMElement2 = oMFactory.createOMElement("Identifier", str4, str6);
        createOMElement2.addChild(oMFactory.createOMText(str2));
        createOMElement.addChild(createOMElement2);
        if (str3 != null) {
            OMElement createOMElement3 = oMFactory.createOMElement("Instance", str4, str6);
            createOMElement3.addChild(oMFactory.createOMText(str3));
            createOMElement.addChild(createOMElement3);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Adding instance = " + str3);
                Tr.debug(tc, "After adding instance, = " + DOMUtils.toString(createOMElement));
            }
        }
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer2 = new StringBuffer("createTokenElement(");
            stringBuffer2.append("OMFactory, OMElement, QName, SCT, String, int)");
            stringBuffer2.append(" returns OMElement [").append(createOMElement).append("]");
            Tr.exit(tc, stringBuffer2.toString());
        }
        return createOMElement;
    }

    private final DKToken createDKTokenAndElement(Object obj, DKTContent dKTContent, String str, boolean z, boolean z2, int i, boolean z3, boolean z4) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("createDKTokenAndElement(");
            stringBuffer.append("Object parent[").append(obj).append("], ");
            stringBuffer.append("DKTContent content, ");
            stringBuffer.append("String refid[").append(str).append("], ");
            stringBuffer.append("boolean sctin[").append(z).append("], ");
            stringBuffer.append("boolean lengthin[").append(z2).append("], ");
            stringBuffer.append("int wssVersion[").append(i).append("], ");
            stringBuffer.append("boolean isStrref[").append(z3).append("], ");
            stringBuffer.append("boolean isKeyId[").append(z4).append("])");
            Tr.entry(tc, stringBuffer.toString());
        }
        final DKToken dKToken = new DKToken(dKTContent.getType(), dKTContent.getTokenQName());
        byte[] generateBytes = WSSNonceGenerator.generateBytes(dKTContent.getNonceLength());
        if (this._isWSSObject) {
            dKToken.setXML(new WSSObjectStructureImpl(createDKTWSSObjectElement((WSSObjectElement) obj, dKTContent, str, z, z2, i, generateBytes, z3, z4)));
        } else if (this._isOM) {
            dKToken.setXML(new OMStructure(createDKTOMElement((OMElement) obj, dKTContent, str, z, z2, i, generateBytes, z3, z4)));
        }
        dKToken.setNonce(generateBytes);
        dKToken.setrefTokenType(dKTContent.getRefTokenType());
        dKToken.setrefTokenId(dKTContent.getRefTokenId());
        dKToken.setType(dKTContent.getType());
        dKToken.setId(str);
        dKToken.setLength((int) dKTContent.getKeyLength());
        dKToken.setReferMasterTokenBySTR(z3);
        dKToken.setReferMaterTokenEncoding(dKTContent.getkeyIdEncodingType());
        if (dKTContent.getRefTokenUUID() != null) {
            final String refTokenUUID = dKTContent.getRefTokenUUID();
            final String refInstanceUUID = dKTContent.getRefInstanceUUID();
            AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: com.ibm.ws.wssecurity.wssapi.token.impl.DKTGenerateLoginModule.1
                @Override // java.security.PrivilegedAction
                public Object run() {
                    dKToken.setSecurityContextTokenUUID(refTokenUUID);
                    dKToken.setRefTokenInstance(refInstanceUUID);
                    return null;
                }
            });
        }
        final String clientLabel = dKTContent.getClientLabel() == null ? "WS-SecureConversation" : dKTContent.getClientLabel();
        final String serviceLabel = dKTContent.getServiceLabel() == null ? "WS-SecureConversation" : dKTContent.getServiceLabel();
        AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: com.ibm.ws.wssecurity.wssapi.token.impl.DKTGenerateLoginModule.2
            @Override // java.security.PrivilegedAction
            public Object run() {
                dKToken.setClientLabel(clientLabel);
                dKToken.setServiceLabel(serviceLabel);
                dKToken.setLabel(clientLabel + serviceLabel);
                return null;
            }
        });
        if (tc.isDebugEnabled()) {
            StringBuffer stringBuffer2 = new StringBuffer("createDKTokenAndElement creates a DKToken and element. ");
            stringBuffer2.append(" Identifier is = ").append(dKToken.getId());
            stringBuffer2.append(", Key length is = ").append(dKTContent.getKeyLength());
            stringBuffer2.append(", Nonce is = ").append(Base64.encode(dKToken.getNonce()));
            stringBuffer2.append(", Reference token type is = ").append(dKTContent.getRefTokenType());
            stringBuffer2.append(", Reference Token uuid is = ").append(dKTContent.getRefTokenUUID());
            stringBuffer2.append(", Reference Token id is = ").append(dKTContent.getRefTokenId());
            stringBuffer2.append(", Type is = ").append(dKTContent.getType());
            stringBuffer2.append(", Reference identifier is = ").append(str);
            stringBuffer2.append(", Client label is = ").append(dKToken.getClientLabel());
            stringBuffer2.append(", Service label is = ").append(dKToken.getServiceLabel());
            Tr.debug(tc, stringBuffer2.toString());
        }
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer3 = new StringBuffer("createDKTokenAndElement(");
            stringBuffer3.append("Object, DKTContent, String, boolean, ");
            stringBuffer3.append("boolean, int, boolean, boolean)");
            stringBuffer3.append(" returns DKToken [").append(dKToken).append("]");
            Tr.exit(tc, stringBuffer3.toString());
        }
        return dKToken;
    }

    private static final OMElement createDKTOMElement(OMElement oMElement, DKTContent dKTContent, String str, boolean z, boolean z2, int i, byte[] bArr, boolean z3, boolean z4) throws SoapSecurityException {
        String refInstanceUUID;
        String str2 = Constants.NAMESPACES[1][i];
        String str3 = Constants.NAMESPACES[0][i];
        String str4 = Constants.NS_WSC_SC_13;
        String str5 = Constants.NS_WSC_DKT_13;
        if (dKTContent.getType() != null) {
            if (Constants.NS_WSC_DKT.equals(dKTContent.getType().getLocalPart())) {
                String str6 = Constants.NS_WSC_DKT;
                str4 = Constants.NS_WSC_SC;
            }
        }
        OMFactory oMFactory = oMElement.getOMFactory();
        String localPart = dKTContent.getRefTokenType().getLocalPart();
        OMElement createOMElement = oMFactory.createOMElement("DerivedKeyToken", str4, "wsc");
        createOMElement.declareNamespace(str4, "wsc");
        if (str != null) {
            boolean z5 = false;
            String namespacePrefix = DOMUtils.getNamespacePrefix(oMElement, str2);
            if (namespacePrefix == null) {
                z5 = true;
                namespacePrefix = "wsu";
            }
            if (z5) {
                createOMElement.declareNamespace(str2, "wsu");
            }
            createOMElement.addAttribute("Id", str, createOMElement.getOMFactory().createOMNamespace(str2, namespacePrefix));
        }
        boolean z6 = false;
        String str7 = null;
        if (oMElement != null) {
            str7 = DOMUtils.getNamespacePrefix(oMElement, str3);
        }
        if (str7 == null) {
            z6 = true;
        }
        OMElement createOMElement2 = oMFactory.createOMElement("SecurityTokenReference", Constants.NS_WSSE, "wsse");
        if (z6) {
            createOMElement2.declareNamespace(str3, "wsse");
        }
        OMElement oMElement2 = null;
        if (z3) {
            oMElement2 = oMFactory.createOMElement("Reference", Constants.NS_WSSE, "wsse");
            oMElement2.addAttribute("URI", z ? "#" + dKTContent.getRefTokenId() : dKTContent.getRefTokenUUID(), null);
            oMElement2.addAttribute("ValueType", localPart, null);
            if (!z && (refInstanceUUID = dKTContent.getRefInstanceUUID()) != null) {
                oMElement2.addAttribute("Instance", refInstanceUUID, createOMElement.getOMFactory().createOMNamespace(str4, "wsc"));
            }
        } else if (z4) {
            oMElement2 = oMFactory.createOMElement("KeyIdentifier", Constants.NS_WSSE, "wsse");
            oMFactory.createOMNamespace(Constants.NS_WSSE, "wsse");
            String str8 = dKTContent.getkeyIdEncodingType();
            if (str8 != null && str8.length() > 0) {
                oMElement2.addAttribute("EncodingType", str8, null);
            }
            oMElement2.addAttribute("ValueType", localPart, null);
            oMElement2.setText(dKTContent.getRefTokenId());
        }
        createOMElement2.addChild(oMElement2);
        createOMElement.addChild(createOMElement2);
        if (z2) {
            OMElement createOMElement3 = oMFactory.createOMElement("Length", str4, "wsc");
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "The key length to be added to the message = " + dKTContent.getKeyLength());
            }
            createOMElement3.setText(new Long(dKTContent.getKeyLength()).toString());
            createOMElement.addChild(createOMElement3);
        }
        try {
            createNonce(oMFactory, createOMElement, str4, bArr);
            return createOMElement;
        } catch (Exception e) {
            throw new SoapSecurityException(e.getMessage());
        }
    }

    private static final WSSObjectElement createDKTWSSObjectElement(WSSObjectElement wSSObjectElement, DKTContent dKTContent, String str, boolean z, boolean z2, int i, byte[] bArr, boolean z3, boolean z4) {
        String refInstanceUUID;
        WSSObjectDocumentImpl wSSObjectDocument = wSSObjectElement.getWSSObjectDocument();
        com.ibm.ws.wssecurity.wssobject.util.QName qName = Utf8ByteConstantsQNames.WSC_13.QN_DERIVED_KEY_TOKEN;
        com.ibm.ws.wssecurity.wssobject.util.QName qName2 = Utf8ByteConstantsQNames.WSC_13.QN_INSTANCE;
        if (dKTContent.getType() != null) {
            if (Constants.NS_WSC_DKT.equals(dKTContent.getType().getLocalPart())) {
                qName = Utf8ByteConstantsQNames.WSC.QN_DERIVED_KEY_TOKEN;
                qName2 = Utf8ByteConstantsQNames.WSC.QN_INSTANCE;
            }
        }
        String localPart = dKTContent.getRefTokenType().getLocalPart();
        VariablePartAttributeValue createAttrValueWithString = Constants.NS_WSC_SCT_13.equals(localPart) ? Utf8ByteConstantsVariableParts.VPA_NS_WSC_SCT_13 : Constants.NS_WSC_SCT.equals(localPart) ? Utf8ByteConstantsVariableParts.VPA_NS_WSC_SCT : VariablePartFactory.getInstance().createAttrValueWithString(localPart);
        DerivedKeyToken derivedKeyToken = new DerivedKeyToken(wSSObjectDocument, qName);
        if (str != null && !str.isEmpty()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Adding wsu:Id to DKT. wsu:Id = " + str);
            }
            derivedKeyToken.setWsuId(IdUtils.getInstance().getVariablePart(str));
        }
        if (z2) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Adding Length to DKT. Length = " + new Long(dKTContent.getKeyLength()).toString());
            }
            long keyLength = dKTContent.getKeyLength();
            if (keyLength == 16) {
                derivedKeyToken.setLength(Utf8ByteConstantsVariableParts.VPT_16);
            } else if (keyLength == 20) {
                derivedKeyToken.setLength(Utf8ByteConstantsVariableParts.VPT_20);
            } else {
                derivedKeyToken.setLength(VariablePartFactory.getInstance().createTextValueWithString(new Long(dKTContent.getKeyLength()).toString()));
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Adding Nonce to DKT. Nonce = " + Base64.encode(bArr));
        }
        derivedKeyToken.setNonce(VariablePartFactory.getInstance().createTextValueWithByteToBeBase64Encoded(bArr));
        SecurityTokenReference securityTokenReference = new SecurityTokenReference(wSSObjectDocument);
        derivedKeyToken.setSecurityTokenReference(securityTokenReference);
        if (z3) {
            Reference reference = new Reference(wSSObjectDocument);
            securityTokenReference.addChild(reference);
            reference.setValueType(createAttrValueWithString);
            String refTokenUUID = z ? "#" + dKTContent.getRefTokenId() : dKTContent.getRefTokenUUID();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Adding URI attribute to Reference. URI = " + refTokenUUID);
            }
            reference.setUri(IdUtils.getInstance().getVariablePart(refTokenUUID));
            if (!z && (refInstanceUUID = dKTContent.getRefInstanceUUID()) != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Adding Instance attribute to Reference. Instance = " + refInstanceUUID);
                }
                reference.setAttributeToSortedSet(qName2, VariablePartFactory.getInstance().createAttrValueWithString(refInstanceUUID));
            }
        } else if (z4) {
            KeyIdentifier keyIdentifier = new KeyIdentifier(wSSObjectDocument);
            securityTokenReference.addChild(keyIdentifier);
            keyIdentifier.setValueType(createAttrValueWithString);
            keyIdentifier.setContent(VariablePartFactory.getInstance().createTextValueWithString(dKTContent.getRefTokenId()));
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Adding KeyIdentifier to SecurityTokenReference. ValueType = " + localPart + ", content = " + dKTContent.getRefTokenId());
            }
        }
        return derivedKeyToken;
    }

    private static final int getKeyLength(boolean z, WSSGeneratorConfig wSSGeneratorConfig, TokenGeneratorConfig tokenGeneratorConfig, DerivedKeyInfoConfig derivedKeyInfoConfig, String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getKeyLength(boolean sig, String algorithmSuite, TokenGeneratorConfig config, DerivedKeyInfoConfig dkic, String alg)");
        }
        int i = 0;
        String str2 = null;
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "dkic [" + ConfigUtil.getObjState(derivedKeyInfoConfig) + "]");
            Tr.debug(tc, "tconfig [" + ConfigUtil.getObjState(tokenGeneratorConfig) + "]");
        }
        if (derivedKeyInfoConfig != null) {
            str2 = derivedKeyInfoConfig.getKeyLength();
        } else if (tokenGeneratorConfig != null) {
            str2 = ConfigUtil.getProperty(tokenGeneratorConfig.getProperties(), com.ibm.wsspi.wssecurity.core.Constants.DERIVED_KEY_LENGTH);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "keyLengthInBinding [" + str2 + "]");
        }
        if (str2 != null && str2.length() > 0) {
            i = Integer.parseInt(str2);
        }
        int minKeyLengthFromAlgorithm = getMinKeyLengthFromAlgorithm(str, z, !z, false, false, i);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "The returned Dervived Key Length is " + minKeyLengthFromAlgorithm);
        }
        return minKeyLengthFromAlgorithm;
    }

    public static final String mapKeyAlgorithm2JCE(String str, boolean z, boolean z2, boolean z3, boolean z4) {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("mapKeyAlgorithm2JCE(");
            stringBuffer.append("String algName[").append(str).append("], ");
            stringBuffer.append("boolean isV[").append(z).append("], ");
            stringBuffer.append("boolean isD[").append(z2).append("], ");
            stringBuffer.append("boolean isS[").append(z3).append("], ");
            stringBuffer.append("boolean isE[").append(z4).append("])");
            Tr.entry(tc, stringBuffer.toString());
        }
        String str2 = str;
        if (z || z3) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "isV: " + z + ", isS: " + z3 + ".");
            }
            if ("http://www.w3.org/2000/09/xmldsig#hmac-sha1".equals(str)) {
                str2 = "HmacSHA1";
            } else if ("http://www.w3.org/2000/09/xmldsig#rsa-sha1".equals(str)) {
                str2 = com.ibm.ws.ssl.core.Constants.SHA1WITH_RSA;
            } else if ("http://www.w3.org/2000/09/xmldsig#dsa-sha1".equals(str)) {
                str2 = com.ibm.ws.ssl.core.Constants.SHA1WITH_DSA;
            }
        } else if (z2 || z4) {
            if ("http://www.w3.org/2001/04/xmlenc#tripledes-cbc".equals(str)) {
                str2 = "DESede";
            } else if ("http://www.w3.org/2001/04/xmlenc#aes128-cbc".equals(str)) {
                str2 = "AES";
            } else if ("http://www.w3.org/2001/04/xmlenc#aes192-cbc".equals(str)) {
                str2 = "AES";
            } else if ("http://www.w3.org/2001/04/xmlenc#aes256-cbc".equals(str)) {
                str2 = "AES";
            } else if ("http://www.w3.org/2001/04/xmlenc#rsa-1_5".equalsIgnoreCase(str)) {
                str2 = "RSA";
            } else if ("http://www.w3.org/2001/04/xmlenc#kw-aes128".equalsIgnoreCase(str)) {
                str2 = "DESede/CBC/NoPadding";
            } else if ("http://www.w3.org/2001/04/xmlenc#kw-aes192".equalsIgnoreCase(str)) {
                str2 = "DESede/CBC/NoPadding";
            } else if ("http://www.w3.org/2001/04/xmlenc#kw-aes256".equalsIgnoreCase(str)) {
                str2 = "DESede/CBC/NoPadding";
            }
        }
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer2 = new StringBuffer("mapKeyAlgorithm2JCE(");
            stringBuffer2.append("String, boolean, boolean, boolean, boolean)");
            stringBuffer2.append(" returns String [").append(str2).append("]");
            Tr.exit(tc, stringBuffer2.toString());
        }
        return str2;
    }

    public static final int getMinKeyLengthFromAlgorithm(String str, boolean z, boolean z2, boolean z3, boolean z4, int i) {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("getMinKeyLengthFromAlgorithm(");
            stringBuffer.append("String algName[").append(str).append("], ");
            stringBuffer.append("boolean isV[").append(z).append("], ");
            stringBuffer.append("boolean isD[").append(z2).append("], ");
            stringBuffer.append("boolean isS[").append(z3).append("], ");
            stringBuffer.append("boolean isE[").append(z4).append("])");
            Tr.entry(tc, stringBuffer.toString());
        }
        int i2 = 16;
        if (z || z3) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "isV: " + z + ", isS: " + z3 + ".");
            }
            if (i > 15) {
                i2 = i;
            } else if ("http://www.w3.org/2000/09/xmldsig#hmac-sha1".equals(str)) {
                i2 = 20;
            } else if ("http://www.w3.org/2000/09/xmldsig#rsa-sha1".equals(str)) {
                i2 = 20;
            } else if ("http://www.w3.org/2000/09/xmldsig#dsa-sha1".equals(str)) {
                i2 = 20;
            }
        } else if (z2 || z4) {
            if ("http://www.w3.org/2001/04/xmlenc#tripledes-cbc".equals(str)) {
                i2 = 24;
            } else if ("http://www.w3.org/2001/04/xmlenc#aes128-cbc".equals(str)) {
                i2 = 16;
            } else if ("http://www.w3.org/2001/04/xmlenc#aes192-cbc".equals(str)) {
                i2 = 24;
            } else if ("http://www.w3.org/2001/04/xmlenc#aes256-cbc".equals(str)) {
                i2 = 32;
            } else if ("http://www.w3.org/2001/04/xmlenc#rsa-1_5".equalsIgnoreCase(str)) {
                i2 = 16;
            } else if ("http://www.w3.org/2001/04/xmlenc#kw-aes128".equalsIgnoreCase(str)) {
                i2 = 16;
            } else if ("http://www.w3.org/2001/04/xmlenc#kw-aes192".equalsIgnoreCase(str)) {
                i2 = 24;
            } else if ("http://www.w3.org/2001/04/xmlenc#kw-aes256".equalsIgnoreCase(str)) {
                i2 = 32;
            }
        }
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer2 = new StringBuffer("getMinKeyLengthFromAlgorithm(");
            stringBuffer2.append("String, boolean, boolean, boolean, boolean)");
            stringBuffer2.append(" returns key length [").append(i2).append("]");
            Tr.exit(tc, stringBuffer2.toString());
        }
        return i2;
    }

    private static final OMElement createNonce(OMFactory oMFactory, OMElement oMElement, String str, byte[] bArr) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("createNonce(");
            stringBuffer.append("OMFactory factory, ");
            stringBuffer.append("OMElement parent[").append(DOMUtils.getDisplayName(oMElement)).append("], ");
            stringBuffer.append("String ns[").append(str).append("], ");
            stringBuffer.append("NonceManager nmnager)");
            Tr.entry(tc, stringBuffer.toString());
        }
        boolean z = false;
        String namespacePrefix = DOMUtils.getNamespacePrefix(oMElement, str);
        if (namespacePrefix == null) {
            z = true;
            namespacePrefix = (Constants.NS_WSC_SC.equals(str) || Constants.NS_WSC_SC_13.equals(str)) ? "wsc" : "wsse";
        }
        OMElement createOMElement = oMFactory.createOMElement("Nonce", str, namespacePrefix);
        if (z) {
            createOMElement.declareNamespace(str, namespacePrefix);
        }
        createOMElement.addChild(oMFactory.createOMText(Base64.encode(bArr)));
        oMElement.addChild(createOMElement);
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer2 = new StringBuffer("createNonce(");
            stringBuffer2.append("OMFactory, OMElement, String, NonceManager)");
            stringBuffer2.append(" returns OMElement [").append(DOMUtils.getDisplayName(createOMElement)).append("]");
            Tr.exit(tc, stringBuffer2.toString());
        }
        return createOMElement;
    }

    private final Key createDerivedKey(DKToken dKToken, String str, int i) throws NoSuchAlgorithmException, InvalidKeyException {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("createDerivedKey(");
            stringBuffer.append("DKToken dktoken, ");
            stringBuffer.append("String keyalgo[").append(str).append("], ");
            stringBuffer.append("int keylength[").append(i).append("])");
            Tr.entry(tc, stringBuffer.toString());
        }
        SecretKey secretKey = null;
        byte[] bArr = null;
        byte[] bArr2 = null;
        byte[] bArr3 = (byte[]) this._sharedState.get(com.ibm.wsspi.wssecurity.core.Constants.BASE_TOKEN_KEY_BYTES);
        if (bArr3 == null) {
            bArr = (byte[]) this._sharedState.get(com.ibm.wsspi.wssecurity.core.Constants.BASE_TOKEN_CLIENT_SECRET);
            bArr2 = (byte[]) this._sharedState.get(com.ibm.wsspi.wssecurity.core.Constants.BASE_TOKEN_SERVER_SECRET);
            if (tc.isDebugEnabled()) {
                StringBuffer stringBuffer2 = new StringBuffer("Deriving key with: ");
                stringBuffer2.append(", ServerSecret = ").append(Base64.encode(bArr2));
                stringBuffer2.append(", ClientSecret = ").append(Base64.encode(bArr));
                stringBuffer2.append(", entropy Key Size (in bits) based on Algorithm Suite = ").append(i);
                Tr.debug(tc, stringBuffer2.toString());
            }
        }
        try {
            if (bArr3 != null) {
                String label = dKToken.getLabel();
                if (label == null) {
                    String clientLabel = dKToken.getClientLabel() == null ? "WS-SecureConversation" : dKToken.getClientLabel();
                    label = dKToken.getServiceLabel() == null ? clientLabel + "WS-SecureConversation" : clientLabel + dKToken.getServiceLabel();
                }
                secretKey = DerivedKeyUtil.createDerivedKey(bArr3, label, dKToken.getNonce(), i, dKToken.getOffset(), dKToken.getGeneration(), "HmacSha1", "AES");
            } else if (bArr != null && bArr2 != null) {
                secretKey = DerivedKeyUtil.createDerivedKey(bArr, bArr2, dKToken.getClientLabel(), dKToken.getServiceLabel(), dKToken.getNonce(), i, 0, 0, "HmacSha1", "AES");
            }
            if (tc.isEntryEnabled()) {
                StringBuffer stringBuffer3 = new StringBuffer("createDerivedKey(DKT, String, int)");
                stringBuffer3.append(" returns key [").append(secretKey).append("])");
                Tr.exit(tc, stringBuffer3.toString());
            }
            return secretKey;
        } catch (InvalidKeyException e) {
            Tr.error(tc, "security.wssecurity.SCTGenerateLoginModule.DKG", new Object[]{e});
            throw e;
        } catch (NoSuchAlgorithmException e2) {
            Tr.error(tc, "security.wssecurity.SCTGenerateLoginModule.DKG", new Object[]{e2});
            throw e2;
        }
    }
}
