package com.ibm.ws.wssecurity.wssapi.token.impl;

import com.ibm.websphere.wssecurity.callbackhandler.GenericIssuedTokenGenerateCallback;
import com.ibm.websphere.wssecurity.callbackhandler.PropertyCallback;
import com.ibm.websphere.wssecurity.wssapi.XMLStructure;
import com.ibm.websphere.wssecurity.wssapi.token.ExchangeToken;
import com.ibm.websphere.wssecurity.wssapi.token.SecurityToken;
import com.ibm.websphere.wssecurity.wssapi.token.UsernameToken;
import com.ibm.websphere.wssecurity.wssapi.trust.WSSTrustClient;
import com.ibm.websphere.wssecurity.wssapi.trust.WSSTrustClientValidateResult;
import com.ibm.ws.wssecurity.admin.BindingPropertyConstants;
import com.ibm.ws.wssecurity.config.WSSGeneratorConfig;
import com.ibm.ws.wssecurity.util.Axis2Util;
import com.ibm.ws.wssecurity.util.ConfigUtil;
import com.ibm.ws.wssecurity.util.TokenUtils;
import com.ibm.ws.wssecurity.util.Tr;
import com.ibm.ws.wssecurity.util.TraceComponent;
import com.ibm.wsspi.wssecurity.core.Constants;
import com.ibm.wsspi.wssecurity.core.config.CallbackHandlerConfig;
import com.ibm.wsspi.wssecurity.core.config.IssuedTokenConfigConstants;
import com.ibm.wsspi.wssecurity.core.config.TokenGeneratorConfig;
import com.ibm.wsspi.wssecurity.core.token.SecurityTokenManager;
import com.ibm.wsspi.wssecurity.core.token.config.RequesterConfiguration;
import com.ibm.wsspi.wssecurity.core.token.config.WSSConstants;
import com.ibm.wsspi.wssecurity.trust.config.ProviderConfig;
import com.ibm.wsspi.wssecurity.trust.config.RequesterConfig;
import com.ibm.wsspi.wssecurity.wssapi.OMStructure;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import javax.xml.namespace.QName;
import org.apache.axiom.om.OMElement;
import org.apache.axis2.client.Options;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.description.WSDL2Constants;

/* loaded from: input_file:lib/com.ibm.jaxws.thinclient_9.0.jar:com/ibm/ws/wssecurity/wssapi/token/impl/GenericIssuedTokenGenerateLoginModule.class */
public class GenericIssuedTokenGenerateLoginModule implements LoginModule {
    private static final String comp = "security.wssecurity";
    private Subject _subject;
    private CallbackHandler _handler;
    private Map _sharedState;
    private Map _options;
    List<SecurityToken> _processedTokens;
    List<SecurityToken> _insertedTokens;
    SecurityTokenManager _securityTokenManager;
    Map<Object, Object> _context;
    private static final TraceComponent tc = Tr.register(GenericIssuedTokenGenerateLoginModule.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.wssmessages");
    private static final String clsName = GenericIssuedTokenGenerateLoginModule.class.getName();
    MessageContext messageContext = null;
    GSTProps gstProps = null;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:lib/com.ibm.jaxws.thinclient_9.0.jar:com/ibm/ws/wssecurity/wssapi/token/impl/GenericIssuedTokenGenerateLoginModule$GSTProps.class */
    public static class GSTProps {
        boolean passthroughToken;

        private GSTProps() {
            this.passthroughToken = false;
        }

        public String toString() {
            StringBuffer append = new StringBuffer(getClass().getName()).append("(");
            append.append("passthroughToken=[").append(this.passthroughToken).append("]");
            append.append(")");
            return append.toString();
        }
    }

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initialize(Subject subject, CallbackHandler handler, Map sharedState, Map options)");
        }
        this._subject = subject;
        this._handler = callbackHandler;
        this._sharedState = map;
        this._options = map2;
        this._processedTokens = new ArrayList();
        this._insertedTokens = new ArrayList();
        this.gstProps = new GSTProps();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "initialize(Subject, CallbackHandler, Map, Map)");
        }
    }

    public boolean login() throws LoginException {
        GenericIssuedTokenGenerateCallback genericIssuedTokenGenerateCallback = new GenericIssuedTokenGenerateCallback();
        PropertyCallback propertyCallback = new PropertyCallback(null);
        try {
            this._handler.handle(new Callback[]{genericIssuedTokenGenerateCallback, propertyCallback});
            this._context = propertyCallback.getProperties();
            this.messageContext = (MessageContext) this._context.get(Constants.WSSECURITY_MESSAGE_CONTEXT);
            this._securityTokenManager = (SecurityTokenManager) this._context.get(Constants.WSSECURITY_SECURITY_TOKEN_MANAGER);
            TokenGeneratorConfig tokenGeneratorConfig = (TokenGeneratorConfig) this._context.get(TokenGeneratorConfig.CONFIG_KEY);
            WSSGeneratorConfig wSSGeneratorConfig = (WSSGeneratorConfig) this._context.get("com.ibm.wsspi.wssecurity.config.wssGenerator.configKey");
            CallbackHandlerConfig callbackHandlerConfig = (CallbackHandlerConfig) this._context.get(CallbackHandlerConfig.CONFIG_KEY);
            this._securityTokenManager = (SecurityTokenManager) this._context.get(Constants.WSSECURITY_SECURITY_TOKEN_MANAGER);
            getBoundlessProperties(callbackHandlerConfig);
            if (this.gstProps.passthroughToken) {
                generateStandaloneToken(tokenGeneratorConfig);
                return true;
            }
            generateIssueToken(genericIssuedTokenGenerateCallback, wSSGeneratorConfig, tokenGeneratorConfig);
            return true;
        } catch (Exception e) {
            Tr.processException(e, clsName + ".login", "118", this);
            Tr.error(tc, "security.wssecurity.BSTokenLoginModule.s01", e);
            LoginException loginException = new LoginException(ConfigUtil.getMessage("security.wssecurity.BSTokenLoginModule.s01", new String[]{e.toString()}));
            loginException.initCause(e);
            throw loginException;
        }
    }

    private void generateIssueToken(GenericIssuedTokenGenerateCallback genericIssuedTokenGenerateCallback, WSSGeneratorConfig wSSGeneratorConfig, TokenGeneratorConfig tokenGeneratorConfig) throws LoginException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "generateIssueToken");
        }
        SecurityToken securityToken = null;
        Collection<SecurityToken> tokens = this._securityTokenManager.getTokens(tokenGeneratorConfig);
        if (tokens != null && tokens.size() > 0) {
            Iterator<SecurityToken> it = tokens.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                SecurityToken next = it.next();
                if (next instanceof SecurityToken) {
                    securityToken = next;
                    break;
                }
            }
        }
        try {
            boolean isServiceProvider = Axis2Util.isServiceProvider(this.messageContext);
            if (securityToken == null) {
                if (genericIssuedTokenGenerateCallback.useRunAsSubject()) {
                    try {
                        securityToken = processRunAsSubject(genericIssuedTokenGenerateCallback, wSSGeneratorConfig, tokenGeneratorConfig, this.messageContext, isServiceProvider);
                    } catch (LoginException e) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Exception occurs while extract token from RunAsSubject", e.getMessage());
                        }
                        if (genericIssuedTokenGenerateCallback.useRunAsSubjectOnly()) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Fail to login use RunAsSubject only");
                            }
                            Tr.processException(e, clsName + ".login", "189", this);
                            throw e;
                        }
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Continue to issue token.");
                        }
                    }
                }
                if (securityToken == null) {
                    if (genericIssuedTokenGenerateCallback.useRunAsSubjectOnly() && genericIssuedTokenGenerateCallback.useRunAsSubject()) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Could not identify a valid token from RunAsSubject. Either no or more than one token found");
                        }
                        throw new LoginException(ConfigUtil.getMessage("security.wssecurity.CWWSS7552E"));
                    }
                    issueToken(genericIssuedTokenGenerateCallback, wSSGeneratorConfig, tokenGeneratorConfig, this.messageContext, isServiceProvider);
                }
            } else {
                this._processedTokens.add(securityToken);
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "generateIssueToken");
            }
        } catch (Exception e2) {
            throw new LoginException(e2.getMessage());
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:89:0x03d9 A[Catch: Exception -> 0x040c, TryCatch #0 {Exception -> 0x040c, blocks: (B:25:0x00da, B:28:0x00e9, B:30:0x00f4, B:31:0x010e, B:33:0x012d, B:34:0x0149, B:36:0x015f, B:37:0x017b, B:39:0x0191, B:40:0x01ad, B:42:0x01b4, B:43:0x01c7, B:45:0x01ce, B:46:0x01e1, B:48:0x01fa, B:50:0x0217, B:51:0x0238, B:53:0x0248, B:55:0x0254, B:56:0x02a9, B:58:0x02b4, B:59:0x02d3, B:61:0x02e5, B:63:0x02ef, B:64:0x02fc, B:66:0x030d, B:67:0x0327, B:69:0x0336, B:72:0x0367, B:73:0x0370, B:75:0x037a, B:77:0x038b, B:79:0x0393, B:81:0x039d, B:84:0x03b0, B:86:0x03c1, B:89:0x03d9, B:91:0x03e4, B:92:0x03ec, B:93:0x0408, B:105:0x0344, B:106:0x0260, B:108:0x0267, B:110:0x0273, B:113:0x0284, B:115:0x02a0), top: B:24:0x00da }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private com.ibm.websphere.wssecurity.wssapi.token.GenericSecurityToken issueToken(com.ibm.websphere.wssecurity.callbackhandler.GenericIssuedTokenGenerateCallback r9, com.ibm.ws.wssecurity.config.WSSGeneratorConfig r10, com.ibm.wsspi.wssecurity.core.config.TokenGeneratorConfig r11, org.apache.axis2.context.MessageContext r12, boolean r13) throws javax.security.auth.login.LoginException {
        /*
            Method dump skipped, instructions count: 1129
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ws.wssecurity.wssapi.token.impl.GenericIssuedTokenGenerateLoginModule.issueToken(com.ibm.websphere.wssecurity.callbackhandler.GenericIssuedTokenGenerateCallback, com.ibm.ws.wssecurity.config.WSSGeneratorConfig, com.ibm.wsspi.wssecurity.core.config.TokenGeneratorConfig, org.apache.axis2.context.MessageContext, boolean):com.ibm.websphere.wssecurity.wssapi.token.GenericSecurityToken");
    }

    private boolean checkOM(ArrayList<SecurityToken> arrayList) throws LoginException {
        Iterator<SecurityToken> it = arrayList.iterator();
        while (it.hasNext()) {
            SecurityToken next = it.next();
            if (next.getXML() == null || !(next.getXML() instanceof OMStructure) || ((OMStructure) next.getXML()).getNode() == null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "SecurityToken of type " + next.getValueType().getLocalPart() + " must contains OMElement representation.");
                }
                throw new LoginException(ConfigUtil.getMessage("security.wssecurity.CWWSS7566E", new String[]{next.getValueType().getLocalPart()}));
            }
        }
        return true;
    }

    private SecurityToken processRunAsSubject(GenericIssuedTokenGenerateCallback genericIssuedTokenGenerateCallback, WSSGeneratorConfig wSSGeneratorConfig, TokenGeneratorConfig tokenGeneratorConfig, MessageContext messageContext, boolean z) throws LoginException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "processRunAsSubject(GenericIssuedTokenGenerateCallback, WSSGeneratorConfig, TokenGeneratorConfig, MessageContext, boolean)");
        }
        String useToken = genericIssuedTokenGenerateCallback.getUseToken();
        QName qName = null;
        boolean z2 = false;
        if (useToken != null) {
            if (useToken.contains(BindingPropertyConstants.LTPA_V2)) {
                qName = com.ibm.ws.wssecurity.common.Constants.LTPAv2_TOKEN;
                z2 = true;
            } else if (useToken.contains("LTPA")) {
                qName = com.ibm.ws.wssecurity.common.Constants.LTPA_TOKEN;
                z2 = true;
            } else {
                qName = new QName(useToken);
            }
        }
        if (qName == null) {
            qName = tokenGeneratorConfig.getType();
        }
        new ArrayList();
        try {
            ArrayList<SecurityToken> tokenFromContext = TokenUtils.getTokenFromContext(this.messageContext, qName);
            if ((tokenFromContext == null || tokenFromContext.isEmpty()) && z2) {
                tokenFromContext = CommonTokenParser.getSecurityToken(this._context, qName);
            }
            checkOM(tokenFromContext);
            boolean z3 = true;
            SecurityToken securityToken = null;
            if (tokenFromContext == null || tokenFromContext.isEmpty()) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "There is no required token in RunAsSubject.");
                }
                z3 = false;
            } else if (tokenFromContext.size() > 1) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "There are more than one required token in RunAsSubject.");
                }
                securityToken = tokenFromContext.get(0);
                try {
                    Iterator<SecurityToken> it = tokenFromContext.iterator();
                    SecurityToken securityToken2 = tokenFromContext.get(0);
                    String stringWithConsume = ((OMStructure) securityToken2.getXML()).getNode().toStringWithConsume();
                    while (it.hasNext()) {
                        if (!stringWithConsume.equals(((OMStructure) it.next().getXML()).getNode().toStringWithConsume())) {
                            z3 = false;
                        }
                    }
                    if (!z3 && tokenFromContext.size() == 2) {
                        SecurityToken securityToken3 = tokenFromContext.get(1);
                        if (securityToken3 instanceof ExchangeToken) {
                            if (stringWithConsume.equals(((OMStructure) ((ExchangeToken) securityToken3).getAuthorizationToken().getXML()).getNode().toStringWithConsume())) {
                                z3 = true;
                                securityToken = securityToken2;
                            }
                        } else if ((securityToken2 instanceof ExchangeToken) && ((OMStructure) ((ExchangeToken) securityToken2).getAuthorizationToken().getXML()).getNode().toStringWithConsume().equals(((OMStructure) securityToken3.getXML()).getNode().toStringWithConsume())) {
                            z3 = true;
                            securityToken = securityToken3;
                        }
                    }
                } catch (Exception e) {
                    z3 = false;
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Can not uniquely identify a token.", e.getMessage());
                    }
                }
            } else {
                securityToken = tokenFromContext.get(0);
            }
            if (!z3) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "There is either no or more than one token in RunAsSubject. Use WS-Trust to issue.");
                }
                if (!tc.isEntryEnabled()) {
                    return null;
                }
                Tr.exit(tc, "processRunAsSubject(GenericIssuedTokenGenerateCallback, WSSGeneratorConfig, TokenGeneratorConfig, MessageContext, boolean) returns NULL");
                return null;
            }
            if (genericIssuedTokenGenerateCallback.isUNTPasswordRequired() && (securityToken instanceof UsernameToken)) {
                final UsernameToken usernameToken = (UsernameToken) securityToken;
                char[] cArr = (char[]) AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: com.ibm.ws.wssecurity.wssapi.token.impl.GenericIssuedTokenGenerateLoginModule.1
                    @Override // java.security.PrivilegedAction
                    public Object run() {
                        try {
                            return usernameToken.getPassword();
                        } catch (Exception e2) {
                            if (!GenericIssuedTokenGenerateLoginModule.tc.isEntryEnabled()) {
                                return null;
                            }
                            Tr.exit(GenericIssuedTokenGenerateLoginModule.tc, "processRunAsSubject(GenericIssuedTokenGenerateCallback, WSSGeneratorConfig, TokenGeneratorConfig, MessageContext, boolean) caught Exception");
                            return null;
                        }
                    }
                });
                if (cArr == null || cArr.length == 0) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "UsernameToken's password is required, but there is no password in RunAsSubject. Use WS-Trust to issue.");
                    }
                    if (!tc.isEntryEnabled()) {
                        return null;
                    }
                    Tr.exit(tc, "processRunAsSubject(GenericIssuedTokenGenerateCallback, WSSGeneratorConfig, TokenGeneratorConfig, MessageContext, boolean) returns NULL");
                    return null;
                }
            }
            if (!genericIssuedTokenGenerateCallback.validateUseToken() && qName.equals(tokenGeneratorConfig.getType())) {
                this._processedTokens.add(securityToken);
                this._insertedTokens.add(securityToken);
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "processRunAsSubject(GenericIssuedTokenGenerateCallback, WSSGeneratorConfig, TokenGeneratorConfig, MessageContext, boolean)");
                }
                return securityToken;
            }
            OMElement node = ((OMStructure) securityToken.getXML()).getNode();
            try {
                String stsURI = genericIssuedTokenGenerateCallback.getStsURI();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "issueToken/stsEndpointAddress:  " + stsURI);
                }
                String appliesTo = genericIssuedTokenGenerateCallback.getAppliesTo();
                if (messageContext != null) {
                    if (messageContext.getTo() != null) {
                        appliesTo = messageContext.getTo().getAddress();
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "The End Point Address (from mc) is: " + appliesTo);
                        }
                    } else {
                        Options options = messageContext.getOptions();
                        if (options != null) {
                            appliesTo = options.getTo().getAddress();
                        }
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "The End Point Address (from options, from mc returns null) is: " + appliesTo);
                        }
                    }
                    if (appliesTo == null) {
                        appliesTo = genericIssuedTokenGenerateCallback.getAppliesTo();
                    }
                }
                try {
                    String wstNamespace = genericIssuedTokenGenerateCallback.getWstNamespace();
                    if (wstNamespace == null) {
                        wstNamespace = "http://docs.oasis-open.org/ws-sx/ws-trust/200512";
                    }
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "validateToken...  WS-Trust namespace:  " + wstNamespace);
                    }
                    ProviderConfig newProviderConfig = WSSTrustClient.newProviderConfig(wstNamespace, stsURI);
                    newProviderConfig.setPolicySetName(genericIssuedTokenGenerateCallback.getStsPolicy());
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "validateToken...  policySetName:  " + genericIssuedTokenGenerateCallback.getStsPolicy());
                    }
                    if (genericIssuedTokenGenerateCallback.getStsValidatePolicy() != null && !genericIssuedTokenGenerateCallback.getStsValidatePolicy().isEmpty()) {
                        newProviderConfig.setPolicySetName(genericIssuedTokenGenerateCallback.getStsValidatePolicy());
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "validateToken...  validate policySetName:  " + genericIssuedTokenGenerateCallback.getStsValidatePolicy());
                        }
                    }
                    newProviderConfig.setBindingName(genericIssuedTokenGenerateCallback.getStsBinding());
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "validateToken...  stsBinding:  " + genericIssuedTokenGenerateCallback.getStsBinding());
                    }
                    if (genericIssuedTokenGenerateCallback.getStsValidateBinding() != null && !genericIssuedTokenGenerateCallback.getStsValidateBinding().isEmpty()) {
                        newProviderConfig.setBindingName(genericIssuedTokenGenerateCallback.getStsValidateBinding());
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "validateToken...  Validate stsBinding:  " + genericIssuedTokenGenerateCallback.getStsValidateBinding());
                        }
                    }
                    newProviderConfig.setBindingScope(genericIssuedTokenGenerateCallback.getStsBindingScope());
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "validateToken...  stsBindingScope:  " + genericIssuedTokenGenerateCallback.getStsBindingScope());
                    }
                    RequesterConfig newRequesterConfig = WSSTrustClient.newRequesterConfig(wstNamespace);
                    newRequesterConfig.put(RequesterConfiguration.RSTT.APPLIESTO_ADDRESS, appliesTo);
                    newRequesterConfig.setSOAPNamespace("http://schemas.xmlsoap.org/soap/envelope/");
                    if (genericIssuedTokenGenerateCallback.getStsSoapVersion() != null && genericIssuedTokenGenerateCallback.getStsSoapVersion().equals("1.1")) {
                        newRequesterConfig.setSOAPNamespace("http://schemas.xmlsoap.org/soap/envelope/");
                    } else if (genericIssuedTokenGenerateCallback.getStsSoapVersion() != null && genericIssuedTokenGenerateCallback.getStsSoapVersion().equals(WSDL2Constants.SOAP_VERSION_1_2)) {
                        newRequesterConfig.setSOAPNamespace("http://www.w3.org/2003/05/soap-envelope");
                    } else if (messageContext != null && com.ibm.ws.wssecurity.common.Constants.NS_SOAP12.equalsIgnoreCase(messageContext.getEnvelope().getNamespace().getName())) {
                        newRequesterConfig.setSOAPNamespace("http://www.w3.org/2003/05/soap-envelope");
                    }
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "validateToken...  soapNamespace:  " + newRequesterConfig.getSOAPNamespace());
                    }
                    newRequesterConfig.setRSTTProperties(genericIssuedTokenGenerateCallback.getProperties());
                    if (genericIssuedTokenGenerateCallback.includeTokenType()) {
                        String localPart = tokenGeneratorConfig.getType().getLocalPart();
                        newRequesterConfig.put(RequesterConfiguration.RSTT.TOKENTYPE, localPart);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "validateToken...  tokenType:  " + localPart);
                        }
                    }
                    newProviderConfig.setIncludeRSTRProperties(true);
                    if (genericIssuedTokenGenerateCallback.getWSSConsumingContext() != null) {
                        newProviderConfig.getProperties().put(com.ibm.ws.wssecurity.common.Constants.WSSAPI_CONFIG_KEY_CONSUMER, genericIssuedTokenGenerateCallback.getWSSConsumingContext());
                    }
                    if (genericIssuedTokenGenerateCallback.getWSSGenerationContext() != null) {
                        newProviderConfig.getProperties().put(com.ibm.ws.wssecurity.common.Constants.WSSAPI_CONFIG_KEY_GENERATOR, genericIssuedTokenGenerateCallback.getWSSGenerationContext());
                    }
                    if (genericIssuedTokenGenerateCallback.getWSSConsumingContextForValidation() != null) {
                        newProviderConfig.getProperties().put(com.ibm.ws.wssecurity.common.Constants.WSSAPI_CONFIG_KEY_CONSUMER, genericIssuedTokenGenerateCallback.getWSSConsumingContextForValidation());
                    }
                    if (genericIssuedTokenGenerateCallback.getWSSGenerationContextForValidation() != null) {
                        newProviderConfig.getProperties().put(com.ibm.ws.wssecurity.common.Constants.WSSAPI_CONFIG_KEY_GENERATOR, genericIssuedTokenGenerateCallback.getWSSGenerationContextForValidation());
                    }
                    String validateTarget = genericIssuedTokenGenerateCallback.getValidateTarget();
                    if (genericIssuedTokenGenerateCallback.validateTargets[0].equalsIgnoreCase(validateTarget)) {
                        newRequesterConfig.put(RequesterConfiguration.RSTT.VALIDATETARGET_TOKEN_XML, node.toStringWithConsume());
                    } else if (genericIssuedTokenGenerateCallback.validateTargets[2].equalsIgnoreCase(validateTarget)) {
                        newRequesterConfig.put(RequesterConfiguration.RSTT.EXTENSION_BASE, node.toStringWithConsume());
                    } else {
                        newRequesterConfig.put(RequesterConfiguration.RSTT.EXTENSION_BASE, node.toStringWithConsume());
                    }
                    if (genericIssuedTokenGenerateCallback.getIssuer() != null && !genericIssuedTokenGenerateCallback.getIssuer().isEmpty()) {
                        newRequesterConfig.put(RequesterConfiguration.RSTT.ISSUER_ADDRESS, genericIssuedTokenGenerateCallback.getIssuer());
                    }
                    List<WSSTrustClientValidateResult> validate = WSSTrustClient.getInstance(newProviderConfig).validate(newProviderConfig, newRequesterConfig);
                    if (validate == null || validate.size() != 1) {
                        if (validate == null || validate.isEmpty()) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "validateToken...  There is no WSSTrustClientValidateResult.");
                            }
                            throw new LoginException(ConfigUtil.getMessage("security.wssecurity.CWWSS7548E"));
                        }
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "validateToken...  There are more than one WSSTrustClientValidateResult.");
                        }
                        throw new LoginException(ConfigUtil.getMessage("security.wssecurity.CWWSS7549E"));
                    }
                    WSSTrustClientValidateResult wSSTrustClientValidateResult = validate.get(0);
                    String statusCode = wSSTrustClientValidateResult.getStatusCode();
                    if (!WSSConstants.WST12.STATUS_CODE_VALID.equalsIgnoreCase(statusCode) && !WSSConstants.WST13.STATUS_CODE_VALID.equalsIgnoreCase(statusCode)) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "validateToken...  StatusCode:  " + statusCode);
                        }
                        throw new LoginException(statusCode);
                    }
                    SecurityToken securityToken4 = wSSTrustClientValidateResult.getSecurityToken();
                    if (securityToken4 == null || !tokenGeneratorConfig.getType().equals(securityToken4.getValueType())) {
                        this._processedTokens.add(securityToken);
                        this._insertedTokens.add(securityToken);
                    } else {
                        this._processedTokens.add(securityToken4);
                        this._insertedTokens.add(securityToken4);
                    }
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "processRunAsSubject(GenericIssuedTokenGenerateCallback, WSSGeneratorConfig, TokenGeneratorConfig, MessageContext, boolean)");
                    }
                    return securityToken4;
                } catch (Exception e2) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, ConfigUtil.getMessage("security.wssecurity.CWWSS7513E", new String[]{e2.toString()}));
                        e2.printStackTrace();
                    }
                    LoginException loginException = new LoginException(e2.getMessage());
                    loginException.initCause(e2);
                    throw loginException;
                }
            } catch (Exception e3) {
                LoginException loginException2 = new LoginException(e3.getMessage());
                loginException2.initCause(e3);
                throw loginException2;
            }
        } catch (Exception e4) {
            LoginException loginException3 = new LoginException(e4.getMessage());
            loginException3.initCause(e4);
            throw loginException3;
        }
    }

    public boolean abort() throws LoginException {
        return false;
    }

    public boolean commit() throws LoginException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "commit()");
        }
        int size = this._processedTokens.size();
        for (int i = 0; i < size; i++) {
            this._securityTokenManager.addToken(this._processedTokens.get(i));
        }
        this._context.put(Constants.WSSECURITY_TOKEN_PROCESSED, this._processedTokens);
        this._context.put(Constants.WSSECURITY_TOKEN_TO_BE_INSERTED, this._insertedTokens);
        if (!tc.isEntryEnabled()) {
            return true;
        }
        Tr.exit(tc, "commit()");
        return true;
    }

    public boolean logout() throws LoginException {
        return false;
    }

    public void getBoundlessProperties(CallbackHandlerConfig callbackHandlerConfig) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "GenericIssuedTokenConsumer:getBoundlessProperties()");
        }
        Map<Object, Object> properties = callbackHandlerConfig.getProperties();
        if (properties != null) {
            this.gstProps.passthroughToken = ConfigUtil.getIsTrueProperty(properties, IssuedTokenConfigConstants.PASS_THROUGH_TOKEN);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "GenericIssuedTokenConsumer:getBoundlessProperties returns " + this.gstProps);
        }
    }

    private void generateStandaloneToken(TokenGeneratorConfig tokenGeneratorConfig) throws LoginException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "generateStandaloneToken");
        }
        tokenGeneratorConfig.getType();
        SecurityToken customerToken = TokenUtils.getCustomerToken(this.messageContext, this._sharedState, (CallbackHandlerConfig) this._context.get(CallbackHandlerConfig.CONFIG_KEY), tokenGeneratorConfig.getType(), true);
        if (customerToken == null) {
            throw new LoginException("No token");
        }
        if (customerToken instanceof SecurityTokenImpl) {
            XMLStructure xml = customerToken.getXML();
            if (xml instanceof com.ibm.ws.wssecurity.wssapi.OMStructure) {
                String tokenId = GenericIssuedTokenConsumeLoginModule.getTokenId(((com.ibm.ws.wssecurity.wssapi.OMStructure) xml).getNode());
                if (ConfigUtil.hasValue(tokenId)) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Setting id on token: [" + tokenId + "]");
                    }
                    ((SecurityTokenImpl) customerToken).setId(tokenId);
                } else if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Id attribute not found on token element; cannot set id.");
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "XML not com.ibm.ws.wssecurity.wssapi.OMStructure; cannot set id.");
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Token not a SecurityTokenImpl; cannot set id.");
        }
        this._processedTokens.add(customerToken);
        this._insertedTokens.add(customerToken);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "generateStandaloneToken");
        }
    }
}
