package com.ibm.ws.wssecurity.wssapi.token.impl;

import com.ibm.websphere.management.application.AppConstants;
import com.ibm.websphere.wssecurity.callbackhandler.PropertyCallback;
import com.ibm.websphere.wssecurity.wssapi.XMLStructure;
import com.ibm.websphere.wssecurity.wssapi.token.BinarySecurityToken;
import com.ibm.websphere.wssecurity.wssapi.token.LTPAToken;
import com.ibm.websphere.wssecurity.wssapi.token.SecurityToken;
import com.ibm.websphere.wssecurity.wssapi.token.UsernameToken;
import com.ibm.ws.security.token.WSCredentialTokenMapperInterface;
import com.ibm.ws.wssecurity.admin.BindingPropertyConstants;
import com.ibm.ws.wssecurity.common.Constants0;
import com.ibm.ws.wssecurity.platform.auth.WSSContext;
import com.ibm.ws.wssecurity.platform.auth.WSSContextFactory;
import com.ibm.ws.wssecurity.platform.auth.WSSContextManager;
import com.ibm.ws.wssecurity.platform.auth.WSSContextManagerFactory;
import com.ibm.ws.wssecurity.util.ConfigUtil;
import com.ibm.ws.wssecurity.util.DOMUtils;
import com.ibm.ws.wssecurity.util.IdUtils;
import com.ibm.ws.wssecurity.util.TokenUtils;
import com.ibm.ws.wssecurity.util.Tr;
import com.ibm.ws.wssecurity.util.TraceComponent;
import com.ibm.ws.wssecurity.wssapi.OMStructure;
import com.ibm.ws.wssecurity.wssapi.WSSObjectStructureImpl;
import com.ibm.ws.wssecurity.wssobject.impl.WSSObjectDocumentImpl;
import com.ibm.ws.wssecurity.wssobject.interfaces.WSSObjectElement;
import com.ibm.ws.wssecurity.wssobject.util.NamespacePrefixPair;
import com.ibm.ws.wssecurity.wssobject.util.NamespacePrefixPairSortedSet;
import com.ibm.ws.wssecurity.wssobject.util.VariablePartFactory;
import com.ibm.ws.wssecurity.xml.xss4j.dsig.util.Base64;
import com.ibm.wsspi.security.token.AuthenticationToken;
import com.ibm.wsspi.security.token.SingleSignonToken;
import com.ibm.wsspi.security.token.Token;
import com.ibm.wsspi.wssecurity.core.Constants;
import com.ibm.wsspi.wssecurity.core.SoapSecurityException;
import com.ibm.wsspi.wssecurity.core.config.CallbackHandlerConfig;
import com.ibm.wsspi.wssecurity.core.config.TokenGeneratorConfig;
import com.ibm.wsspi.wssecurity.core.token.SecurityTokenManager;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import javax.xml.namespace.QName;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMFactory;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.engine.DependencyManager;

/* loaded from: input_file:lib/com.ibm.jaxws.thinclient_9.0.jar:com/ibm/ws/wssecurity/wssapi/token/impl/LTPAGenerateLoginModule.class */
public class LTPAGenerateLoginModule implements LoginModule {
    private static final String comp = "security.wssecurity";
    private CallbackHandler _handler;
    private Map _sharedState;
    private List<SecurityToken> _processedTokens;
    private List<SecurityToken> _insertedTokens;
    private SecurityTokenManager _securityTokenManager;
    private Map<Object, Object> _context;
    private static final TraceComponent tc = Tr.register(LTPAGenerateLoginModule.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.wssmessages");
    private static final String clsName = LTPAGenerateLoginModule.class.getName();
    private static WSCredentialTokenMapperInterface wsCredTokenMapper = null;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:lib/com.ibm.jaxws.thinclient_9.0.jar:com/ibm/ws/wssecurity/wssapi/token/impl/LTPAGenerateLoginModule$_wsCredToken.class */
    public static class _wsCredToken {
        static WSCredentialTokenMapperInterface _wsCredTokenMapper;

        private _wsCredToken() {
        }

        static {
            _wsCredTokenMapper = null;
            try {
                Object newInstance = Class.forName("com.ibm.ws.security.token.WSCredentialTokenMapper").newInstance();
                if (LTPAGenerateLoginModule.tc.isDebugEnabled()) {
                    Tr.debug(LTPAGenerateLoginModule.tc, "Got instance of WSCredTokenMapper.");
                }
                _wsCredTokenMapper = (WSCredentialTokenMapperInterface) newInstance;
            } catch (Exception e) {
                Tr.processException(e, LTPAGenerateLoginModule.clsName + DependencyManager.SERVICE_INIT_METHOD, "981");
            }
        }
    }

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initialize(Subject subject, CallbackHandler handler, Map sharedState, Map options)");
        }
        this._handler = callbackHandler;
        this._sharedState = map;
        this._processedTokens = new ArrayList();
        this._insertedTokens = new ArrayList();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "initialize(Subject, CallbackHandler, Map, Map)");
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v157, types: [com.ibm.ws.wssecurity.wssapi.token.impl.LTPATokenImpl] */
    public boolean login() throws LoginException {
        SecurityToken customerUNT;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "login()");
        }
        Callback nameCallback = new NameCallback("username: ");
        PasswordCallback passwordCallback = new PasswordCallback("passowrd: ", false);
        PropertyCallback propertyCallback = new PropertyCallback(null);
        try {
            this._handler.handle(new Callback[]{nameCallback, passwordCallback, propertyCallback});
            String name = nameCallback.getName();
            char[] password = passwordCallback.getPassword();
            this._context = propertyCallback.getProperties();
            this._securityTokenManager = (SecurityTokenManager) this._context.get(Constants.WSSECURITY_SECURITY_TOKEN_MANAGER);
            boolean z = true;
            TokenGeneratorConfig tokenGeneratorConfig = (TokenGeneratorConfig) this._context.get(TokenGeneratorConfig.CONFIG_KEY);
            boolean equals = com.ibm.ws.wssecurity.common.Constants.LTPA_TOKEN.equals(tokenGeneratorConfig.getType());
            MessageContext messageContext = (MessageContext) this._context.get(Constants.WSSECURITY_MESSAGE_CONTEXT);
            byte[] bArr = null;
            SecurityToken customerLTPAToken = getCustomerLTPAToken(messageContext, tokenGeneratorConfig.getType());
            if (customerLTPAToken != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, tokenGeneratorConfig.getType() + " found on shared state.  Binary from that token will be used.");
                    Tr.debug(tc, "==> WE WILL BE SENDING OUT TOKEN BYTES THAT ARE CREATED OUTSIDE THIS RUNTIME.  VALIDITY OF THE TOKEN IS NOT GUARANTEED");
                }
                bArr = ((BinarySecurityToken) customerLTPAToken).getBinary();
            }
            if (bArr == null && (customerUNT = getCustomerUNT(messageContext)) != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "UsernameToken found on shared state.  Attempting to override username and password");
                }
                UsernameToken usernameToken = (UsernameToken) customerUNT;
                String username = usernameToken.getUsername();
                char[] password2 = usernameToken.getPassword();
                if (username != null && username.length() > 0 && password2 != null && password2.length > 0) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Overriding username and password with UsernameToken in shared state");
                    }
                    name = username;
                    password = password2;
                } else if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Cannot use UsernameToken in shared state.  Either username or password is null: username[" + (username == null ? AppConstants.NULL_STRING : username.length() == 0 ? "length=0" : "not null") + "], password[" + (password2 == null ? AppConstants.NULL_STRING : password2.length == 0 ? "length=0" : "not null") + "]");
                }
            }
            if (bArr == null && name != null && name.length() > 0 && password != null && password.length > 0) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "BasicAuth information was provided.");
                }
                final String str = name;
                final String valueOf = String.valueOf(password);
                try {
                    Subject subject = (Subject) AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: com.ibm.ws.wssecurity.wssapi.token.impl.LTPAGenerateLoginModule.1
                        @Override // java.security.PrivilegedExceptionAction
                        public Object run() throws LoginException {
                            Subject subject2 = null;
                            WSSContextManager wSSContextManagerFactory = WSSContextManagerFactory.getInstance();
                            if (wSSContextManagerFactory != null) {
                                subject2 = wSSContextManagerFactory.login(wSSContextManagerFactory.getDefaultRealm(), str, valueOf);
                            }
                            return subject2;
                        }
                    });
                    if (tc.isDebugEnabled()) {
                        printSubject(Constants0.STR_BASIC, subject);
                    }
                    if (subject != null) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, equals ? "Obtaining LTPAv1 token." : "Obtaining LTPAv2 token.");
                        }
                        AuthenticationToken authTokenFromSubject = equals ? getAuthTokenFromSubject(subject) : getSSOTokenFromSubject(subject);
                        if (tc.isDebugEnabled()) {
                            printObjectInfo("tokenFromSubject", authTokenFromSubject);
                        }
                        if (authTokenFromSubject != null) {
                            bArr = authTokenFromSubject.getBytes();
                            if (tc.isDebugEnabled()) {
                                printBinaryInfo(bArr);
                                printTokenExpiration(authTokenFromSubject);
                            }
                        }
                    }
                } catch (PrivilegedActionException e) {
                    LoginException loginException = new LoginException(e.toString());
                    loginException.initCause(e);
                    throw loginException;
                }
            }
            if (bArr == null || bArr.length == 0) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Using runAsSubject");
                }
                try {
                    WSSContext wSSContextFactory = WSSContextFactory.getInstance();
                    if (wSSContextFactory != null) {
                        Subject runAsSubject = wSSContextFactory.getRunAsSubject(messageContext);
                        if (tc.isDebugEnabled()) {
                            printSubject("Subject:", runAsSubject);
                        }
                        if (runAsSubject != null) {
                            if (ConfigUtil.getIsFalseProperty(tokenGeneratorConfig.getProperties(), Constants.REFRESH_LTPA_CREDENTIAL)) {
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "Refreshing token");
                                }
                                try {
                                    getWSCredentialTokenMapperInterface().checkValidityOfAllTokensAndRefresh(runAsSubject);
                                } catch (Exception e2) {
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "Could not refresh LTPA token:" + e2.getMessage());
                                    }
                                }
                            }
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, equals ? "Obtaining LTPAv1 token." : "Obtaining LTPAv2 token.");
                            }
                            AuthenticationToken authTokenFromSubject2 = equals ? getAuthTokenFromSubject(runAsSubject) : getSSOTokenFromSubject(runAsSubject);
                            if (tc.isDebugEnabled()) {
                                printObjectInfo("tokenFromSubject:", authTokenFromSubject2);
                            }
                            if (authTokenFromSubject2 != null) {
                                bArr = authTokenFromSubject2.getBytes();
                                if (tc.isDebugEnabled()) {
                                    printBinaryInfo(bArr);
                                    printTokenExpiration(authTokenFromSubject2);
                                }
                            }
                        }
                    }
                } catch (SoapSecurityException e3) {
                    LoginException loginException2 = new LoginException(e3.toString());
                    loginException2.initCause(e3);
                    throw loginException2;
                }
            }
            if (bArr == null || bArr.length == 0) {
                z = false;
            }
            if (z) {
                String makeUniqueId = IdUtils.getInstance().makeUniqueId(this._context, "ltpa_");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "unique id: " + makeUniqueId);
                }
                int i = 0;
                Object obj = this._context.get(com.ibm.ws.wssecurity.common.Constants.WSS_VERSION);
                if (obj != null && (obj instanceof Integer)) {
                    i = ((Integer) obj).intValue();
                }
                Object obj2 = this._context.get("com.ibm.ws.wssecurity.constants.processingElement");
                try {
                    SecurityToken token = getToken(tokenGeneratorConfig, bArr, this._securityTokenManager);
                    if (token == null) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Token does not exist on the Subject.");
                        }
                        XMLStructure createTokenElement = createTokenElement(obj2, tokenGeneratorConfig, bArr, makeUniqueId, i);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, equals ? "LTPAv1 token." : "LTPAv2 token.");
                        }
                        LTPAv2TokenImpl lTPATokenImpl = equals ? new LTPATokenImpl() : new LTPAv2TokenImpl();
                        lTPATokenImpl.setId(makeUniqueId);
                        lTPATokenImpl.setPrincipal(name);
                        lTPATokenImpl.setBinary(bArr);
                        lTPATokenImpl.setXML(createTokenElement);
                        lTPATokenImpl.setKey(61, null);
                        lTPATokenImpl.setKey(62, null);
                        String str2 = (String) tokenGeneratorConfig.getProperties().get(Constants.TOKEN_FORWARDABLE);
                        if (str2 == null || !str2.equalsIgnoreCase("false")) {
                            lTPATokenImpl.setIsForwardable(true);
                        } else {
                            lTPATokenImpl.setIsForwardable(false);
                        }
                        this._processedTokens.add(lTPATokenImpl);
                        this._insertedTokens.add(lTPATokenImpl);
                    } else {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "There is the token [" + token.getId() + "] stored in the Subject.");
                        }
                        this._processedTokens.add(token);
                    }
                    TokenUtils.putTokenToSharedState(this._sharedState, this._processedTokens, true);
                } catch (SoapSecurityException e4) {
                    Tr.processException(e4, clsName + ".login", "172", this);
                    LoginException loginException3 = new LoginException(e4.toString());
                    loginException3.initCause(e4);
                    throw loginException3;
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "login()");
            }
            return z;
        } catch (Exception e5) {
            Tr.processException(e5, clsName + ".login", "161", this);
            Tr.error(tc, "security.wssecurity.BSTokenLoginModule.s01", e5);
            LoginException loginException4 = new LoginException(ConfigUtil.getMessage("security.wssecurity.BSTokenLoginModule.s01", new String[]{e5.toString()}));
            loginException4.initCause(e5);
            throw loginException4;
        }
    }

    public boolean commit() throws LoginException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "commit()");
        }
        int size = this._processedTokens.size();
        for (int i = 0; i < size; i++) {
            this._securityTokenManager.addToken(this._processedTokens.get(i));
        }
        this._context.put(Constants.WSSECURITY_TOKEN_PROCESSED, this._processedTokens);
        this._context.put(Constants.WSSECURITY_TOKEN_TO_BE_INSERTED, this._insertedTokens);
        if (!tc.isEntryEnabled()) {
            return true;
        }
        Tr.exit(tc, "commit()");
        return true;
    }

    public boolean abort() throws LoginException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "abort()");
        }
        if (!tc.isEntryEnabled()) {
            return false;
        }
        Tr.exit(tc, "abort()");
        return false;
    }

    public boolean logout() throws LoginException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "logout()");
        }
        if (!tc.isEntryEnabled()) {
            return false;
        }
        Tr.exit(tc, "logout()");
        return false;
    }

    private static final OMElement createOMTokenElement(OMFactory oMFactory, OMElement oMElement, TokenGeneratorConfig tokenGeneratorConfig, byte[] bArr, String str, int i) {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("createOMTokenElement(");
            stringBuffer.append("OMFactory factory,");
            stringBuffer.append("OMElement parent[").append(DOMUtils.getDisplayName(oMElement)).append("], ");
            stringBuffer.append("TokenGeneratorConfig config, ");
            stringBuffer.append("byte[] credToken[");
            stringBuffer.append(bArr == null ? AppConstants.NULL_STRING : "not null");
            stringBuffer.append("], ");
            stringBuffer.append("String id[").append(str).append("], ");
            stringBuffer.append("int wssVersion[").append(i).append("])");
            Tr.entry(tc, stringBuffer.toString());
        }
        String str2 = com.ibm.ws.wssecurity.common.Constants.NAMESPACES[0][i];
        String str3 = com.ibm.ws.wssecurity.common.Constants.NAMESPACES[1][i];
        boolean z = false;
        String str4 = null;
        if (oMElement != null) {
            str4 = DOMUtils.getNamespacePrefix(oMElement, str2);
        }
        if (str4 == null) {
            z = true;
            str4 = "wsse";
        }
        OMElement createOMElement = oMFactory.createOMElement("BinarySecurityToken", str2, str4);
        if (z) {
            createOMElement.declareNamespace(str2, "wsse");
        }
        if (str != null) {
            boolean z2 = false;
            String namespacePrefix = DOMUtils.getNamespacePrefix(oMElement, str3);
            if (namespacePrefix == null) {
                z2 = true;
                namespacePrefix = "wsu";
            }
            if (z2) {
                createOMElement.declareNamespace(str3, "wsu");
            }
            createOMElement.addAttribute("Id", str, oMFactory.createOMNamespace(com.ibm.ws.wssecurity.common.Constants.NS_WSU, namespacePrefix));
        }
        QName type = tokenGeneratorConfig.getType();
        if (type == null) {
            type = com.ibm.ws.wssecurity.common.Constants.LTPA_TOKEN;
        }
        createOMElement.declareNamespace(type.getNamespaceURI(), "wsst");
        DOMUtils.setQNameAttr(createOMElement, null, "EncodingType", com.ibm.ws.wssecurity.common.Constants.BASE64_BINARY, i);
        DOMUtils.setQNameAttr(createOMElement, null, "ValueType", type, i);
        createOMElement.addChild(oMFactory.createOMText(Base64.encode(bArr)));
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer2 = new StringBuffer("createOMTokenElement(");
            stringBuffer2.append("OMFactory, OMElement, TokenGeneratorConfig, byte[], String, int)");
            stringBuffer2.append(" returns OMElement[").append(createOMElement).append("]");
            Tr.exit(tc, stringBuffer2.toString());
        }
        return createOMElement;
    }

    private static final WSSObjectElement createWSSObjectTokenElement(WSSObjectElement wSSObjectElement, TokenGeneratorConfig tokenGeneratorConfig, byte[] bArr, String str, int i) {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("createWSSObjectTokenElement(");
            stringBuffer.append("WSSObjectElement parent[").append(wSSObjectElement.getQName()).append("], ");
            stringBuffer.append("TokenGeneratorConfig config, ");
            stringBuffer.append("byte[] credToken[");
            stringBuffer.append(bArr == null ? AppConstants.NULL_STRING : "not null");
            stringBuffer.append("], ");
            stringBuffer.append("String id[").append(str).append("], ");
            stringBuffer.append("int wssVersion[").append(i).append("])");
            Tr.entry(tc, stringBuffer.toString());
        }
        WSSObjectDocumentImpl wSSObjectDocument = wSSObjectElement.getWSSObjectDocument();
        com.ibm.ws.wssecurity.wssobject.impl.wsse10.BinarySecurityToken binarySecurityToken = new com.ibm.ws.wssecurity.wssobject.impl.wsse10.BinarySecurityToken(wSSObjectDocument);
        if (str != null) {
            binarySecurityToken.setWsuId(VariablePartFactory.getInstance().createAttrValueWithString(str));
        }
        QName type = tokenGeneratorConfig.getType();
        if (type == null) {
            type = com.ibm.ws.wssecurity.common.Constants.LTPA_TOKEN;
        }
        String localPart = type.getLocalPart();
        String str2 = BindingPropertyConstants.LTPA_V2.equals(localPart) ? "w2" : "w1";
        NamespacePrefixPairSortedSet declaredNamespaces = wSSObjectDocument.getDeclaredNamespaces();
        if (declaredNamespaces.getNamespacePrefixPair(str2) == null) {
            declaredNamespaces.add(new NamespacePrefixPair(str2, type.getNamespaceURI()));
        }
        binarySecurityToken.setValueType(VariablePartFactory.getInstance().createAttrValueWithString(str2 + ":" + localPart));
        binarySecurityToken.setContent(VariablePartFactory.getInstance().createTextValueWithByteToBeBase64Encoded(bArr));
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer2 = new StringBuffer("createWSSObjectTokenElement(");
            stringBuffer2.append("WSSObjectElement, TokenGeneratorConfig, byte[], String, int)");
            stringBuffer2.append(" returns OMElement[").append(binarySecurityToken).append("]");
            Tr.exit(tc, stringBuffer2.toString());
        }
        return binarySecurityToken;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static final XMLStructure createTokenElement(Object obj, TokenGeneratorConfig tokenGeneratorConfig, byte[] bArr, String str, int i) {
        return obj instanceof WSSObjectElement ? new WSSObjectStructureImpl(createWSSObjectTokenElement((WSSObjectElement) obj, tokenGeneratorConfig, bArr, str, i)) : new OMStructure(createOMTokenElement(((OMElement) obj).getOMFactory(), (OMElement) obj, tokenGeneratorConfig, bArr, str, i));
    }

    private static final SecurityToken getToken(TokenGeneratorConfig tokenGeneratorConfig, byte[] bArr, SecurityTokenManager securityTokenManager) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("getToken(");
            stringBuffer.append("TokenGeneratorConfig config, ");
            stringBuffer.append("byte[] binary[");
            stringBuffer.append(bArr == null ? AppConstants.NULL_STRING : "not null");
            stringBuffer.append("], SecurityTokenManager securityTokenManager)");
            Tr.entry(tc, stringBuffer.toString());
        }
        SecurityToken securityToken = null;
        Collection<SecurityToken> tokens = securityTokenManager.getTokens(tokenGeneratorConfig);
        if (tokens != null && tokens.size() > 0) {
            Iterator<SecurityToken> it = tokens.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                SecurityToken next = it.next();
                if (next instanceof LTPAToken) {
                    final LTPAToken lTPAToken = (LTPAToken) next;
                    if (equalsByteArray((byte[]) AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: com.ibm.ws.wssecurity.wssapi.token.impl.LTPAGenerateLoginModule.2
                        @Override // java.security.PrivilegedAction
                        public Object run() {
                            return LTPAToken.this.getBinary();
                        }
                    }), bArr)) {
                        securityToken = next;
                        break;
                    }
                }
            }
        }
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer2 = new StringBuffer("getToken(");
            stringBuffer2.append("TokenGeneratorConfig, byte[], SecurityTokenManager)");
            stringBuffer2.append(" returns SecurityToken[").append(securityToken).append("]");
            Tr.exit(tc, stringBuffer2.toString());
        }
        return securityToken;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static final boolean equalsByteArray(byte[] bArr, byte[] bArr2) {
        boolean z = true;
        if (bArr == null) {
            if (bArr2 != null) {
                z = false;
            }
        } else if (bArr2 == null) {
            z = false;
        } else {
            int length = bArr.length;
            if (length != bArr2.length) {
                z = false;
            } else {
                int i = 0;
                while (true) {
                    if (i >= length) {
                        break;
                    }
                    if (bArr[i] != bArr2[i]) {
                        z = false;
                        break;
                    }
                    i++;
                }
            }
        }
        return z;
    }

    private AuthenticationToken getAuthTokenFromSubject(Subject subject) throws LoginException {
        if (subject == null) {
            return null;
        }
        try {
            for (AuthenticationToken authenticationToken : subject.getPrivateCredentials(AuthenticationToken.class)) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Processing AUTH token with name: " + authenticationToken.getName());
                }
                if (authenticationToken.getName().equals(com.ibm.ws.wssecurity.common.Constants.AUTHENTICATION_TOKEN_LTPA_OID)) {
                    return authenticationToken;
                }
            }
            if (!tc.isDebugEnabled()) {
                return null;
            }
            Tr.debug(tc, "Could not find internally implemented AuthenticationToken.");
            return null;
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception getting AuthenticationToken from Subject.", new Object[]{e});
            }
            Tr.processException(e, clsName + ".login", "767", this);
            LoginException loginException = new LoginException(e.toString());
            loginException.initCause(e);
            throw loginException;
        }
    }

    private SingleSignonToken getSSOTokenFromSubject(final Subject subject) throws LoginException {
        if (subject == null) {
            return null;
        }
        try {
            return (SingleSignonToken) com.ibm.ws.security.util.AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.wssecurity.wssapi.token.impl.LTPAGenerateLoginModule.3
                @Override // java.security.PrivilegedAction
                public Object run() {
                    for (SingleSignonToken singleSignonToken : subject.getPrivateCredentials(SingleSignonToken.class)) {
                        if (LTPAGenerateLoginModule.tc.isDebugEnabled()) {
                            Tr.debug(LTPAGenerateLoginModule.tc, "Processing SSO token with name: " + singleSignonToken.getName());
                        }
                        if (singleSignonToken.getName().equals("LtpaToken")) {
                            if (LTPAGenerateLoginModule.tc.isDebugEnabled()) {
                                Tr.debug(LTPAGenerateLoginModule.tc, "Found SSO token.");
                            }
                            return singleSignonToken;
                        }
                    }
                    if (!LTPAGenerateLoginModule.tc.isDebugEnabled()) {
                        return null;
                    }
                    Tr.debug(LTPAGenerateLoginModule.tc, "Could not find internally implemeted SSO token.");
                    return null;
                }
            });
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception getting SingleSignonToken from Subject.", new Object[]{e});
            }
            Tr.processException(e, clsName + ".login", "820", this);
            LoginException loginException = new LoginException(e.toString());
            loginException.initCause(e);
            throw loginException;
        }
    }

    private WSCredentialTokenMapperInterface getWSCredentialTokenMapperInterface() {
        if (wsCredTokenMapper != null) {
            return wsCredTokenMapper;
        }
        wsCredTokenMapper = _wsCredToken._wsCredTokenMapper;
        return wsCredTokenMapper;
    }

    public static void printBinaryInfo(byte[] bArr) {
        Tr.debug(tc, "binary: [" + (bArr == null ? AppConstants.NULL_STRING : "not null") + "]");
        if (bArr != null) {
            Tr.debug(tc, "binary length: " + bArr.length);
        }
    }

    public static void printTokenExpiration(Token token) {
        if (token != null) {
            printExpiration(token.getExpiration());
        }
    }

    public static void printExpiration(long j) {
        Tr.debug(tc, "token expiration: " + new Date(j).toString());
    }

    public static void printSubject(String str, Subject subject) {
        Tr.debug(tc, str + " " + (subject == null ? "[null]" : subject.toString()));
    }

    public static void printObjectInfo(String str, Object obj) {
        Tr.debug(tc, str + " [" + (obj == null ? AppConstants.NULL_STRING : "not null") + "]");
    }

    private SecurityToken getCustomerLTPAToken(MessageContext messageContext, QName qName) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getCustomerLTPAToken(valueType[" + qName + "])");
        }
        BinarySecurityToken binarySecurityToken = null;
        CallbackHandlerConfig callbackHandlerConfig = null;
        if (this._context != null) {
            callbackHandlerConfig = (CallbackHandlerConfig) this._context.get(CallbackHandlerConfig.CONFIG_KEY);
        }
        SecurityToken customerToken = TokenUtils.getCustomerToken(messageContext, this._sharedState, callbackHandlerConfig, qName, true);
        if (customerToken != null) {
            if (customerToken instanceof BinarySecurityToken) {
                binarySecurityToken = (BinarySecurityToken) customerToken;
            } else {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Token is not a BinarySecurityToken: discarding.");
                }
                binarySecurityToken = null;
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getCustomerLTPAToken returns [" + (binarySecurityToken != null ? binarySecurityToken.getClass().getName() : AppConstants.NULL_STRING) + "]");
        }
        return binarySecurityToken;
    }

    private SecurityToken getCustomerUNT(MessageContext messageContext) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getCustomerUNT");
        }
        UsernameToken usernameToken = null;
        CallbackHandlerConfig callbackHandlerConfig = null;
        if (this._context != null) {
            callbackHandlerConfig = (CallbackHandlerConfig) this._context.get(CallbackHandlerConfig.CONFIG_KEY);
        }
        SecurityToken customerToken = TokenUtils.getCustomerToken(messageContext, this._sharedState, callbackHandlerConfig, UsernameToken.ValueType, true);
        if (customerToken != null) {
            if (customerToken instanceof UsernameToken) {
                usernameToken = (UsernameToken) customerToken;
            } else {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Token is not a UsernameToken: discarding.");
                }
                usernameToken = null;
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getCustomerUNT returns [" + (usernameToken != null ? usernameToken.getClass().getName() : AppConstants.NULL_STRING) + "]");
        }
        return usernameToken;
    }
}
