package com.ibm.ws.wssecurity.wssapi;

import com.ibm.websphere.wssecurity.wssapi.WSSException;
import com.ibm.websphere.wssecurity.wssapi.token.SecurityToken;
import com.ibm.ws.wssecurity.common.Constants;
import com.ibm.ws.wssecurity.common.ResultPool;
import com.ibm.ws.wssecurity.config.KeyInfoContentConsumerConfig;
import com.ibm.ws.wssecurity.confimpl.PrivateConsumerConfig;
import com.ibm.ws.wssecurity.core.WSSecurityPlatformContextFactory;
import com.ibm.ws.wssecurity.core.token.TokenConsumerComponent;
import com.ibm.ws.wssecurity.keyinfo.KeyInfoConsumer;
import com.ibm.ws.wssecurity.keyinfo.KeyInfoContentConsumerComponent;
import com.ibm.ws.wssecurity.keyinfo.KeyInfoResult;
import com.ibm.ws.wssecurity.keyinfo.WSSKeyInfoComponent;
import com.ibm.ws.wssecurity.platform.audit.WSSAuditEventGenerator;
import com.ibm.ws.wssecurity.platform.audit.WSSAuditEventGeneratorFactory;
import com.ibm.ws.wssecurity.platform.audit.WSSAuditService;
import com.ibm.ws.wssecurity.platform.auth.WSSContextManagerFactory;
import com.ibm.ws.wssecurity.platform.util.SAMLIssuerConfigData;
import com.ibm.ws.wssecurity.trust.ext.client.base.TrustProperties;
import com.ibm.ws.wssecurity.util.CertificateUtil;
import com.ibm.ws.wssecurity.util.ConfigUtil;
import com.ibm.ws.wssecurity.util.DOMUtils;
import com.ibm.ws.wssecurity.util.Tr;
import com.ibm.ws.wssecurity.util.TraceComponent;
import com.ibm.ws.wssecurity.xml.xss4j.dsig.KeyInfo;
import com.ibm.wsspi.wssecurity.core.SoapSecurityException;
import com.ibm.wsspi.wssecurity.core.config.TokenConsumerConfig;
import java.math.BigInteger;
import java.security.AccessController;
import java.security.Key;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.text.ParseException;
import java.util.Map;
import javax.xml.namespace.QName;
import org.apache.axiom.om.OMElement;
import org.apache.axis2.context.MessageContext;

/* loaded from: input_file:lib/com.ibm.jaxws.thinclient_9.0.jar:com/ibm/ws/wssecurity/wssapi/CommonContentConsumer.class */
public class CommonContentConsumer implements KeyInfoContentConsumerComponent {
    private static final String comp = "security.wssecurity";
    private boolean _initialized = false;
    private static final TraceComponent tc = Tr.register(CommonContentConsumer.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.wssmessages");
    private static final String clsName = CommonContentConsumer.class.getName();
    private static final QName ENCODINGTYPE_Q = new QName("", "EncodingType");
    private static final QName IDENTIFIERTYPE_Q = new QName("", "IdentifierType");

    /* loaded from: input_file:lib/com.ibm.jaxws.thinclient_9.0.jar:com/ibm/ws/wssecurity/wssapi/CommonContentConsumer$ResolvedKeyInfo.class */
    public static class ResolvedKeyInfo {
        private String _kitype;
        private String _tokenReference;
        private String _tokenId;
        private QName _kidValueType;
        private QName _kidEncodingType;
        private QName _kidIdentifierType;
        private String _tokenName;
        private OMElement _embeddedToken;
        private String _x509issuerName;
        private String _x509issuerSerial;
        private String _impliedDKNonce = null;
        private String _impliedDKLength = null;
        private boolean isExternalUriReference = false;
        private String _tokenInstance = null;

        public ResolvedKeyInfo(String str) {
            this._kitype = str;
        }

        public String toString() {
            StringBuffer append = new StringBuffer(getClass().getName()).append("(");
            append.append("kitype[" + this._kitype + "], ");
            append.append("tokenReference[" + this._tokenReference + "], ");
            append.append("tokenId[" + this._tokenId + "], ");
            append.append("kidIdentifierType[" + this._kidIdentifierType + "], ");
            append.append("tokenName[" + this._tokenName + "], ");
            append.append("x509issuerName[" + this._x509issuerName + "], ");
            append.append("x509issuerSerial[" + this._x509issuerSerial + "], ");
            append.append("isExternalUriReference[" + this.isExternalUriReference + "], ");
            append.append("tokenInstance[" + this._tokenInstance + "]");
            append.append(")");
            return append.toString();
        }

        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof ResolvedKeyInfo)) {
                return false;
            }
            ResolvedKeyInfo resolvedKeyInfo = (ResolvedKeyInfo) obj;
            if (this._kitype == null) {
                if (resolvedKeyInfo._kitype != null) {
                    return false;
                }
            } else if (!this._kitype.equals(resolvedKeyInfo._kitype)) {
                return false;
            }
            if (this._tokenReference == null) {
                if (resolvedKeyInfo._tokenReference != null) {
                    return false;
                }
            } else if (!this._tokenReference.equals(resolvedKeyInfo._tokenReference)) {
                return false;
            }
            if (this._tokenId == null) {
                if (resolvedKeyInfo._tokenId != null) {
                    return false;
                }
            } else if (!this._tokenId.equals(resolvedKeyInfo._tokenId)) {
                return false;
            }
            if (this._kidValueType == null) {
                if (resolvedKeyInfo._kidValueType != null) {
                    return false;
                }
            } else if (!this._kidValueType.equals(resolvedKeyInfo._kidValueType)) {
                return false;
            }
            if (this._kidEncodingType == null) {
                if (resolvedKeyInfo._kidEncodingType != null) {
                    return false;
                }
            } else if (!this._kidEncodingType.equals(resolvedKeyInfo._kidEncodingType)) {
                return false;
            }
            if (this._kidIdentifierType == null) {
                if (resolvedKeyInfo._kidIdentifierType != null) {
                    return false;
                }
            } else if (!this._kidIdentifierType.equals(resolvedKeyInfo._kidIdentifierType)) {
                return false;
            }
            if (this._tokenName == null) {
                if (resolvedKeyInfo._tokenName != null) {
                    return false;
                }
            } else if (!this._tokenName.equals(resolvedKeyInfo._tokenName)) {
                return false;
            }
            if (this._embeddedToken == null) {
                if (resolvedKeyInfo._embeddedToken != null) {
                    return false;
                }
            } else if (!this._embeddedToken.equals(resolvedKeyInfo._embeddedToken)) {
                return false;
            }
            if (this._x509issuerName == null) {
                if (resolvedKeyInfo._x509issuerName != null) {
                    return false;
                }
            } else if (!this._x509issuerName.equals(resolvedKeyInfo._x509issuerName)) {
                return false;
            }
            if (this._x509issuerSerial == null) {
                if (resolvedKeyInfo._x509issuerSerial != null) {
                    return false;
                }
            } else if (!this._x509issuerSerial.equals(resolvedKeyInfo._x509issuerSerial)) {
                return false;
            }
            if (this._impliedDKNonce == null) {
                if (resolvedKeyInfo._impliedDKNonce != null) {
                    return false;
                }
            } else if (!this._impliedDKNonce.equals(resolvedKeyInfo._impliedDKNonce)) {
                return false;
            }
            if (this._impliedDKLength == null) {
                if (resolvedKeyInfo._impliedDKLength != null) {
                    return false;
                }
            } else if (!this._impliedDKLength.equals(resolvedKeyInfo._impliedDKLength)) {
                return false;
            }
            if (Boolean.valueOf(this.isExternalUriReference).equals(Boolean.valueOf(resolvedKeyInfo.isExternalUriReference))) {
                return this._tokenInstance == null ? resolvedKeyInfo._tokenInstance == null : this._tokenInstance.equals(resolvedKeyInfo._tokenInstance);
            }
            return false;
        }

        public final String getKitype() {
            return this._kitype;
        }

        public void setKitype(String str) {
            this._kitype = str;
        }

        public final String getTokenReference() {
            return this._tokenReference;
        }

        public final String getTokenInstance() {
            return this._tokenReference;
        }

        public void setTokenInstance(String str) {
            this._tokenInstance = str;
        }

        public final boolean isExtenalUriReference() {
            return this.isExternalUriReference;
        }

        public final void setExternalUriReference(boolean z) {
            this.isExternalUriReference = z;
        }

        public void setTokenReference(String str) {
            if (str != null && str.startsWith("#")) {
                str = str.substring(1);
            }
            this._tokenReference = str;
        }

        public final String getTokenId() {
            return this._tokenId;
        }

        public void setTokenId(String str) {
            if (str != null && str.length() > 0) {
                str = str.trim();
            }
            this._tokenId = str;
        }

        public final QName getKidValueType() {
            return this._kidValueType;
        }

        public void setKidValueType(QName qName) {
            this._kidValueType = qName;
        }

        public final QName getKidEncodingType() {
            return this._kidEncodingType;
        }

        public void setKidEncodingType(QName qName) {
            this._kidEncodingType = qName;
        }

        public final QName getKidIdentifierType() {
            return this._kidIdentifierType;
        }

        public void setKidIdentifierType(QName qName) {
            this._kidIdentifierType = qName;
        }

        public final String geTtokenName() {
            return this._tokenName;
        }

        public void setTokenName(String str) {
            this._tokenName = str;
        }

        public final OMElement getEmbeddedToken() {
            return this._embeddedToken;
        }

        public void setEmbeddedToken(OMElement oMElement) {
            this._embeddedToken = oMElement;
        }

        public final String getX509issuerName() {
            return this._x509issuerName;
        }

        public void setX509issuerName(String str) {
            this._x509issuerName = str;
        }

        public final String getX509issuerSerial() {
            return this._x509issuerSerial;
        }

        public void setX509issuerSerial(String str) {
            this._x509issuerSerial = str;
        }

        public final String getImpliedDKNonce() {
            return this._impliedDKNonce;
        }

        public void setImpliedDKNonce(String str) {
            this._impliedDKNonce = str;
        }

        public final String getImpliedDKLength() {
            return this._impliedDKLength;
        }

        public void setImpliedDKLength(String str) {
            this._impliedDKLength = str;
        }
    }

    @Override // com.ibm.ws.wssecurity.core.WSSComponent, com.ibm.ws.wssecurity.core.Initializable
    public void init(Map<Object, Object> map) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "init(Map map)");
        }
        if (!this._initialized) {
            this._initialized = true;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "init(Map map)");
        }
    }

    @Override // com.ibm.ws.wssecurity.keyinfo.KeyInfoConsumerComponent
    public Key getKey(ResolvedKeyInfo resolvedKeyInfo, Map<Object, Object> map, Map<Object, Object> map2) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("getKey(");
            stringBuffer.append("ResolvedKeyInfo kinfo[").append(resolvedKeyInfo.toString()).append("], ");
            stringBuffer.append("Map type, Map context)");
            Tr.entry(tc, stringBuffer.toString());
        }
        WSSAuditService auditService = WSSContextManagerFactory.getInstance().getAuditService();
        WSSAuditEventGenerator wSSAuditEventGeneratorFactory = WSSAuditEventGeneratorFactory.getInstance();
        boolean z = (auditService.isEventRequired(WSSAuditService.WSSAuditEventType.SECURITY_SIGNING, WSSAuditService.WSSAuditOutcome.SUCCESS, map2) || auditService.isEventRequired(WSSAuditService.WSSAuditEventType.SECURITY_SIGNING, WSSAuditService.WSSAuditOutcome.DENIED, map2)) || (auditService.isEventRequired(WSSAuditService.WSSAuditEventType.SECURITY_ENCRYPTION, WSSAuditService.WSSAuditOutcome.SUCCESS, map2) || auditService.isEventRequired(WSSAuditService.WSSAuditEventType.SECURITY_ENCRYPTION, WSSAuditService.WSSAuditOutcome.DENIED, map2));
        KeyInfoContentConsumerConfig keyInfoContentConsumerConfig = (KeyInfoContentConsumerConfig) map2.get(KeyInfoContentConsumerConfig.CONFIG_KEY);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "KeyInfoContentConsumerConfig [" + keyInfoContentConsumerConfig + "].");
        }
        String str = (String) keyInfoContentConsumerConfig.getProperties().get(Constants.CON_KEY_STORE_NAME);
        if (str != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "HW keystore name is in use = " + str);
            }
            map2.put(Constants.CON_KEY_STORE_NAME, str);
            if (z) {
                WSSAuditEventGeneratorFactory.getInstance().setExtendedAuditData(map2, WSSAuditEventGenerator.HW_KEY_STORE, str);
            }
        }
        KeyInfoResult keyInfoResult = new KeyInfoResult(keyInfoContentConsumerConfig);
        ResultPool.add(map2, keyInfoResult);
        String str2 = resolvedKeyInfo._kitype;
        map2.put(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEYINFO_TYPE, str2);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "The type of a key information is [" + str2 + "].");
        }
        OMElement oMElement = null;
        if (ConfigUtil.isKeyInfoStrref(str2)) {
            String str3 = resolvedKeyInfo._tokenReference;
            keyInfoResult.setIdInSubject(str3);
            map2.put(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_REFERENCE, str3);
            map2.put("WSSECURITY_X509_ID", str3);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Reference URI to a token is [" + str3 + "].");
            }
        } else if (ConfigUtil.isKeyInfoKeyid(str2)) {
            String str4 = resolvedKeyInfo._tokenId;
            keyInfoResult.setIdInSubject(str4);
            map2.put("WSSECURITY_X509_ID", str4);
            QName qName = resolvedKeyInfo._kidValueType;
            map2.put(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_ID, str4);
            map2.put(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_VALUETYPE, qName);
            map2.put(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_ENCODING, resolvedKeyInfo._kidEncodingType);
            map2.put(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_IDTYPE, resolvedKeyInfo._kidIdentifierType);
            if (WSSecurityPlatformContextFactory.getInstance().isServer() && qName != null && (qName.equals(Constants.X509_SKI) || qName.equals(Constants.X509_SKI_OLD))) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "The " + qName + " key idendifier is found.        It is cached in order to use it for response generator.");
                }
                MessageContext messageContext = (MessageContext) map2.get(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_MESSAGE_CONTEXT);
                if (messageContext == null) {
                    throw SoapSecurityException.format("security.wssecurity.WSSGenerator.s01");
                }
                messageContext.setProperty(Constants.CONSUMED_KEYID_VALUETYPE, qName);
            }
        } else if (ConfigUtil.isKeyInfoThumbprint(str2)) {
            String str5 = resolvedKeyInfo._tokenId;
            keyInfoResult.setIdInSubject(str5);
            map2.put("WSSECURITY_X509_ID", str5);
            QName qName2 = resolvedKeyInfo._kidValueType;
            map2.put(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_THUMBPRINT_REFERENCE, str5);
            map2.put(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_VALUETYPE, qName2);
            map2.put(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_ENCODING, resolvedKeyInfo._kidEncodingType);
            map2.put(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_IDTYPE, resolvedKeyInfo._kidIdentifierType);
            if (WSSecurityPlatformContextFactory.getInstance().isServer() && qName2 != null && qName2.equals(Constants.THUMBPRINTSHA1)) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "The " + qName2 + " thumbprint reference is found.  It is cached in order to use it for response generator.");
                }
                MessageContext messageContext2 = (MessageContext) map2.get(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_MESSAGE_CONTEXT);
                if (messageContext2 == null) {
                    throw SoapSecurityException.format("security.wssecurity.WSSGenerator.s01");
                }
                messageContext2.setProperty(Constants.CONSUMED_KEYID_VALUETYPE, qName2);
            }
        } else if (ConfigUtil.isKeyInfoKeyname(str2)) {
            String str6 = resolvedKeyInfo._tokenName;
            keyInfoResult.setIdInSubject(str6);
            map2.put("WSSECURITY_X509_ID", str6);
            map2.put(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_NAME, str6);
        } else if (ConfigUtil.isKeyInfoEmb(str2)) {
            String str7 = resolvedKeyInfo._tokenId;
            keyInfoResult.setIdInSubject(str7);
            map2.put("WSSECURITY_X509_ID", str7);
            map2.put(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_EMBID, str7);
            oMElement = resolvedKeyInfo._embeddedToken;
        } else {
            if (!ConfigUtil.isKeyInfoX509issuer(str2)) {
                throw SoapSecurityException.format("security.wssecurity.KeyInfoGenerator.getKey03", str2);
            }
            String str8 = resolvedKeyInfo._x509issuerName;
            String str9 = resolvedKeyInfo._x509issuerSerial;
            String str10 = str8 + ":" + str9;
            keyInfoResult.setIdInSubject(str10);
            map2.put("WSSECURITY_X509_ID", str10);
            map2.put(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_ISSUERNAME, str8);
            map2.put(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_ISSUERSERIAL, str9);
        }
        Object obj = (String) map.get(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_TYPE);
        map2.put(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_TYPE, obj);
        map2.put(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEYINFO_UNIQUE_NAME, keyInfoContentConsumerConfig.getKeyName());
        if (resolvedKeyInfo._impliedDKNonce != null) {
            map2.put(Constants.IMPLIED_DERIVED_KEY_NONCE, resolvedKeyInfo._impliedDKNonce);
            map2.put(Constants.IMPLIED_DERIVED_KEY_LENGTH, resolvedKeyInfo._impliedDKLength);
            map2.put(Constants.EXTERNAL_URI_REFERENCE, Boolean.valueOf(resolvedKeyInfo.isExternalUriReference));
            map2.put(Constants.IMPLIED_DERIVED_KEY_INSTANCE, resolvedKeyInfo._tokenInstance);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Implied DKT, External Reference to the token is [" + resolvedKeyInfo.isExternalUriReference + "].");
                Tr.debug(tc, "Implied DKT, instance to a token is [" + resolvedKeyInfo._tokenInstance + "].");
            }
        }
        SecurityToken securityToken = null;
        TokenConsumerConfig tokenConsumer = keyInfoContentConsumerConfig.getTokenConsumer();
        if (tokenConsumer != null) {
            securityToken = invokeTokenConsumer(oMElement, tokenConsumer, map2);
        }
        map2.remove(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEYINFO_TYPE);
        map2.remove(KeyInfoContentConsumerConfig.CONFIG_KEY);
        if (resolvedKeyInfo._impliedDKNonce != null) {
            keyInfoResult.setIdInSubject(securityToken.getId());
            resolvedKeyInfo._tokenReference = securityToken.getId();
            map2.put("WSSECURITY_X509_ID", securityToken.getId());
        }
        Key key = null;
        final SecurityToken securityToken2 = securityToken;
        if (WSSKeyInfoComponent.KEY_VERIFYING.equals(obj)) {
            try {
                key = (Key) AccessController.doPrivileged(new PrivilegedExceptionAction<Key>() { // from class: com.ibm.ws.wssecurity.wssapi.CommonContentConsumer.1
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.security.PrivilegedExceptionAction
                    public Key run() throws WSSException {
                        return securityToken2.getKey(63);
                    }
                });
            } catch (PrivilegedActionException e) {
                Tr.processException(e, clsName + ".getKey", "353", this);
                throw SoapSecurityException.format("security.wssecurity.WSEC7074E", e.getCause());
            }
        } else if (WSSKeyInfoComponent.KEY_DECRYPTING.equals(obj)) {
            try {
                key = (Key) AccessController.doPrivileged(new PrivilegedExceptionAction<Key>() { // from class: com.ibm.ws.wssecurity.wssapi.CommonContentConsumer.2
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.security.PrivilegedExceptionAction
                    public Key run() throws WSSException {
                        return securityToken2.getKey(64);
                    }
                });
            } catch (PrivilegedActionException e2) {
                Tr.processException(e2, clsName + ".getKey", "367", this);
                throw SoapSecurityException.format("security.wssecurity.WSEC7074E", e2.getCause());
            }
        }
        if (z) {
            Map<String, Object> extendedAuditData = wSSAuditEventGeneratorFactory.setExtendedAuditData(map2, WSSAuditEventGenerator.TOKEN_ID, securityToken.getId());
            wSSAuditEventGeneratorFactory.addExtendedAuditData(extendedAuditData, WSSAuditEventGenerator.TOKEN_PRINCIPAL, securityToken.getPrincipal());
            wSSAuditEventGeneratorFactory.addExtendedAuditData(extendedAuditData, WSSAuditEventGenerator.KEY_INFO_TYPE, str2);
            wSSAuditEventGeneratorFactory.addExtendedAuditData(extendedAuditData, "Algorithm", key.getAlgorithm());
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "WSSECURITY_X509_ID is [" + ((String) map2.get("WSSECURITY_X509_ID")) + "]");
        }
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer2 = new StringBuffer("getKey(");
            stringBuffer2.append("Element target, Map type, Map context)");
            stringBuffer2.append(" returns Key[").append(key).append("]");
            Tr.exit(tc, stringBuffer2.toString());
        }
        return key;
    }

    public static final ResolvedKeyInfo resolveKeyInfo(OMElement oMElement, Map<Object, Object> map) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("resolveKeyInfo(");
            stringBuffer.append("Element elKinfo[").append(DOMUtils.getDisplayName(oMElement)).append("], ");
            stringBuffer.append("Map context)");
            Tr.entry(tc, stringBuffer.toString());
        }
        int i = 0;
        Object obj = map.get(Constants.WSS_VERSION);
        if (obj != null && (obj instanceof Integer)) {
            i = ((Integer) obj).intValue();
        }
        String str = Constants.NAMESPACES[0][i];
        String str2 = Constants.NAMESPACES[1][i];
        ResolvedKeyInfo resolvedKeyInfo = null;
        OMElement firstElement = DOMUtils.getFirstElement(oMElement);
        while (true) {
            OMElement oMElement2 = firstElement;
            if (oMElement2 == null) {
                if (tc.isEntryEnabled()) {
                    StringBuffer stringBuffer2 = new StringBuffer("resolveKeyInfo(");
                    stringBuffer2.append("Element elKinfo, Map context)");
                    stringBuffer2.append(" returns ResolvedKeyInfo[").append(resolvedKeyInfo).append("]");
                    Tr.exit(tc, stringBuffer2.toString());
                }
                if (resolvedKeyInfo == null) {
                    throw SoapSecurityException.format("security.wssecurity.KeyInfoGenerator.getKey02");
                }
                return resolvedKeyInfo;
            }
            String namespaceURI = oMElement2.getNamespace() == null ? null : oMElement2.getNamespace().getNamespaceURI();
            String localName = oMElement2.getLocalName();
            if (str.equals(namespaceURI)) {
                if ("SecurityTokenReference".equals(localName)) {
                    resolvedKeyInfo = resolveSecurityTokenReference(oMElement2, i, str, str2, map);
                } else if (tc.isDebugEnabled()) {
                    Tr.warning(tc, "security.wssecurity.WSEC6833W", new Object[]{DOMUtils.getQualifiedName(oMElement2), DOMUtils.getQualifiedName(oMElement)});
                }
            } else if (Constants.NS_DSIG.equals(namespaceURI)) {
                if (SAMLIssuerConfigData.KEY_NAME.equals(localName)) {
                    String stringValue = DOMUtils.getStringValue(oMElement2);
                    if (stringValue == null) {
                        throw SoapSecurityException.format("security.wssecurity.KeyNameContentConsumer.getKeyName01");
                    }
                    resolvedKeyInfo = new ResolvedKeyInfo(KeyInfoConsumer.KEYNAME);
                    resolvedKeyInfo._tokenName = stringValue;
                } else if (tc.isDebugEnabled()) {
                    Tr.warning(tc, "security.wssecurity.WSEC6833W", new Object[]{DOMUtils.getQualifiedName(oMElement2), DOMUtils.getQualifiedName(oMElement)});
                }
            } else if (tc.isDebugEnabled()) {
                Tr.warning(tc, "security.wssecurity.WSEC6833W", new Object[]{DOMUtils.getQualifiedName(oMElement2), DOMUtils.getQualifiedName(oMElement)});
            }
            firstElement = DOMUtils.getNextElement(oMElement2);
        }
    }

    private static final ResolvedKeyInfo resolveSecurityTokenReference(OMElement oMElement, int i, String str, String str2, Map map) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("resolveSecurityTokenReference(");
            stringBuffer.append("Element elStr[").append(DOMUtils.getDisplayName(oMElement)).append("], ");
            stringBuffer.append("int wssVersion[").append(i).append("], ");
            stringBuffer.append("String nsWsse[").append(str).append("], ");
            stringBuffer.append("String nsWsu[").append(str2).append("])");
            Tr.entry(tc, stringBuffer.toString());
        }
        ResolvedKeyInfo resolvedKeyInfo = null;
        String str3 = Constants.NS_WSC_SC_13;
        OMElement firstElement = DOMUtils.getFirstElement(oMElement);
        while (true) {
            OMElement oMElement2 = firstElement;
            if (oMElement2 == null) {
                if (tc.isEntryEnabled()) {
                    StringBuffer stringBuffer2 = new StringBuffer("resolveSecurityTokenReference(");
                    stringBuffer2.append("Element elStr, int wssVersion, String nsWsse, String nsWsu)");
                    stringBuffer2.append(" returns ResolvedKeyInfo[").append(resolvedKeyInfo).append("]");
                    Tr.exit(tc, stringBuffer2.toString());
                }
                return resolvedKeyInfo;
            }
            String namespaceURI = oMElement2.getNamespace() == null ? null : oMElement2.getNamespace().getNamespaceURI();
            String localName = oMElement2.getLocalName();
            if (str.equals(namespaceURI)) {
                if ("Reference".equals(localName)) {
                    resolvedKeyInfo = new ResolvedKeyInfo(KeyInfoConsumer.STRREF);
                    if (Constants.NS_WSC_SCT.equals(oMElement2.getAttributeValue(Constants.VALUETYPE_Q))) {
                        str3 = Constants.NS_WSC_SC;
                    }
                    String attributeValue = oMElement.getAttributeValue(new QName(str3, "Nonce"));
                    String attributeValue2 = oMElement.getAttributeValue(new QName(str3, "Length"));
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Implied DKTs are in use, nonce = " + attributeValue + ", WSC Name Space = " + str3);
                    }
                    if (attributeValue != null) {
                        map.put(Constants.SCT_TOKEN_VALUE_TYPE, str3);
                        resolvedKeyInfo._impliedDKNonce = attributeValue;
                        resolvedKeyInfo._impliedDKLength = attributeValue2;
                    }
                    String attribute = DOMUtils.getAttribute(oMElement2, "URI");
                    if (attribute == null) {
                        throw SoapSecurityException.format("security.wssecurity.STRReferenceContentConsumer.getReferenceURI02");
                    }
                    if (!attribute.startsWith("#")) {
                        resolvedKeyInfo.setExternalUriReference(true);
                    }
                    resolvedKeyInfo.setTokenReference(attribute);
                    String attributeValue3 = oMElement2.getAttributeValue(new QName(str3, "Instance"));
                    if (attributeValue3 != null) {
                        resolvedKeyInfo._tokenInstance = attributeValue3;
                    }
                } else if ("KeyIdentifier".equals(localName)) {
                    String attribute2 = DOMUtils.getAttribute(oMElement2, "ValueType");
                    if (attribute2 == null) {
                        throw SoapSecurityException.format("security.wssecurity.BinaryTokenReceiver.token16");
                    }
                    QName qName = DOMUtils.getQName(oMElement2, attribute2, i);
                    QName qName2 = Constants.BASE64_BINARY;
                    String attributeValue4 = oMElement2.getAttributeValue(ENCODINGTYPE_Q);
                    if (attributeValue4 != null) {
                        qName2 = DOMUtils.getQName(oMElement2, attributeValue4, i);
                    } else if (tc.isDebugEnabled()) {
                        Tr.debug(tc, ConfigUtil.getMessage("security.wssecurity.KeyIdContentConsumer.getEncodingType02"));
                    }
                    QName qName3 = Constants.ITSHA1;
                    String attributeValue5 = oMElement2.getAttributeValue(IDENTIFIERTYPE_Q);
                    if (attributeValue5 != null) {
                        qName3 = DOMUtils.getQName(oMElement2, attributeValue5, i);
                    } else if (tc.isDebugEnabled()) {
                        Tr.debug(tc, ConfigUtil.getMessage("security.wssecurity.KeyIdContentConsumer.getIdentifierType01"));
                    }
                    String stringValue = DOMUtils.getStringValue(oMElement2);
                    if (Constants.THUMBPRINTSHA1.equals(qName)) {
                        qName3 = Constants.THUMBPRINTSHA1;
                        resolvedKeyInfo = new ResolvedKeyInfo(KeyInfoConsumer.THUMBPRINT);
                    } else {
                        resolvedKeyInfo = new ResolvedKeyInfo(KeyInfoConsumer.KEYID);
                    }
                    resolvedKeyInfo.setTokenId(stringValue);
                    resolvedKeyInfo._kidValueType = qName;
                    resolvedKeyInfo._kidEncodingType = qName2;
                    resolvedKeyInfo._kidIdentifierType = qName3;
                    String attributeValue6 = oMElement.getAttributeValue(new QName(str3, "Nonce"));
                    String attributeValue7 = oMElement.getAttributeValue(new QName(str3, "Length"));
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Implied DKTs are in use, nonce = " + attributeValue6 + ", WSC Name Space = " + str3);
                    }
                    if (attributeValue6 != null) {
                        map.put(Constants.SCT_TOKEN_VALUE_TYPE, str3);
                        resolvedKeyInfo._impliedDKNonce = attributeValue6;
                        resolvedKeyInfo._impliedDKLength = attributeValue7;
                    }
                } else if (TrustProperties.LocalNames.wsse.Embedded.equals(localName)) {
                    OMElement firstElement2 = DOMUtils.getFirstElement(oMElement2);
                    String attributeValue8 = oMElement2.getAttributeValue(new QName(str2, "Id"));
                    if (attributeValue8 == null) {
                        throw SoapSecurityException.format("security.wssecurity.EmbeddedContentConsumer.getEmbeddedToken02");
                    }
                    resolvedKeyInfo = new ResolvedKeyInfo(KeyInfoConsumer.EMB);
                    resolvedKeyInfo._embeddedToken = firstElement2;
                    resolvedKeyInfo._tokenId = attributeValue8;
                } else if (tc.isDebugEnabled()) {
                    Tr.warning(tc, "security.wssecurity.WSEC6833W", new Object[]{DOMUtils.getQualifiedName(oMElement2), DOMUtils.getQualifiedName(oMElement)});
                }
            } else if (Constants.NS_DSIG.equals(namespaceURI)) {
                if ("X509Data".equals(localName)) {
                    OMElement oneChildElement = DOMUtils.getOneChildElement(oMElement2, Constants.NS_DSIG, "X509IssuerSerial");
                    if (oneChildElement == null) {
                        throw SoapSecurityException.format("security.wssecurity.X509IssuerContentConsumer.getX509Data01");
                    }
                    OMElement oneChildElement2 = DOMUtils.getOneChildElement(oneChildElement, Constants.NS_DSIG, TrustProperties.LocalNames.ds.X509IssuerName);
                    if (oneChildElement2 == null) {
                        throw SoapSecurityException.format("security.wssecurity.X509IssuerContentConsumer.getX509Data01");
                    }
                    OMElement oneChildElement3 = DOMUtils.getOneChildElement(oneChildElement, Constants.NS_DSIG, TrustProperties.LocalNames.ds.X509SerialNumber);
                    if (oneChildElement3 == null) {
                        throw SoapSecurityException.format("security.wssecurity.X509IssuerContentConsumer.getX509Data01");
                    }
                    String stringValue2 = DOMUtils.getStringValue(oneChildElement2);
                    String encodeDName = KeyInfo.X509Data.encodeDName(stringValue2);
                    if (encodeDName != null) {
                        stringValue2 = encodeDName;
                    }
                    String stringValue3 = DOMUtils.getStringValue(oneChildElement3);
                    if (stringValue3 != null) {
                        try {
                            new BigInteger(stringValue3);
                        } catch (NumberFormatException e) {
                            try {
                                stringValue3 = CertificateUtil.convertSerialNumber(stringValue3).toString();
                            } catch (ParseException e2) {
                                throw SoapSecurityException.format("security.wssecurity.X509LoginModule.s04", stringValue3, e2);
                            }
                        }
                    }
                    resolvedKeyInfo = new ResolvedKeyInfo(KeyInfoConsumer.X509ISSUER);
                    resolvedKeyInfo._x509issuerName = stringValue2;
                    resolvedKeyInfo._x509issuerSerial = stringValue3;
                } else {
                    Tr.warning(tc, "security.wssecurity.WSEC6833W", new Object[]{DOMUtils.getQualifiedName(oMElement2), DOMUtils.getQualifiedName(oMElement)});
                }
            } else if (tc.isDebugEnabled()) {
                Tr.warning(tc, "security.wssecurity.WSEC6833W", new Object[]{DOMUtils.getQualifiedName(oMElement2), DOMUtils.getQualifiedName(oMElement)});
            }
            firstElement = DOMUtils.getNextElement(oMElement2);
        }
    }

    private static final SecurityToken invokeTokenConsumer(OMElement oMElement, TokenConsumerConfig tokenConsumerConfig, Map<Object, Object> map) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("invokeTokenConsumer(");
            stringBuffer.append("Element target[").append(DOMUtils.getDisplayName(oMElement)).append("], ");
            stringBuffer.append("TokenConsumerConfig config, Map context)");
            Tr.entry(tc, stringBuffer.toString());
        }
        TokenConsumerComponent tokenConsumerConfImpl = ((PrivateConsumerConfig.TokenConsumerConfImpl) tokenConsumerConfig).getInstance();
        if (tokenConsumerConfImpl == null) {
            throw SoapSecurityException.format("security.wssecurity.EmbeddedContentConsumer.getKey01");
        }
        map.put(TokenConsumerConfig.CONFIG_KEY, tokenConsumerConfig);
        tokenConsumerConfImpl.invoke(oMElement, map);
        SecurityToken securityToken = (SecurityToken) map.remove(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_TOKEN_LOGININFO);
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer2 = new StringBuffer("invokeTokenConsumer(");
            stringBuffer2.append("Element target, TokenConsumerConfig config, Map context)");
            stringBuffer2.append(" returns SecurityToken[").append(securityToken).append("]");
            Tr.exit(tc, stringBuffer2.toString());
        }
        return securityToken;
    }
}
