package com.ibm.ws.wssecurity.trust.server.sts.Util;

import com.ibm.nws.ffdc.FFDCFilter;
import com.ibm.ws.policyset.runtime.PolicySetAttachments;
import com.ibm.ws.policyset.runtime.PolicySetConfiguration;
import com.ibm.ws.policyset.runtime.PolicySetUtil;
import com.ibm.ws.wssecurity.util.Tr;
import com.ibm.ws.wssecurity.util.TraceComponent;
import com.ibm.ws.wssecurity.util.timer.AlarmListener;
import com.ibm.ws.wssecurity.util.timer.AlarmManager;
import com.ibm.wsspi.wssecurity.core.SoapSecurityException;
import com.ibm.xmlns.prod.websphere._200608.securitytokenservice.STSConfigGroup;
import com.ibm.xmlns.prod.websphere._200608.securitytokenservice.STSProperty;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import javax.xml.namespace.QName;
import org.apache.axis2.AxisFault;
import org.apache.axis2.addressing.EndpointReference;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.description.AxisOperation;
import org.apache.axis2.description.AxisService;

/* loaded from: input_file:lib/com.ibm.jaxws.thinclient_9.0.jar:com/ibm/ws/wssecurity/trust/server/sts/Util/STSPolicySetUtil.class */
public class STSPolicySetUtil {
    private static byte[] lock;
    private static TraceComponent tc;
    private static long defaultTimeout;
    private static long timeoutMinutes;
    private static HashMap<String, String> actionURIToActionMap;
    private static HashMap<String, PolicySetConfiguration> cache;
    private static final String FFDC_ID_1 = "FFDC-1";

    public static boolean isTrustRequest(MessageContext messageContext, String str) throws AxisFault {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isTrustRequest(MessageContext msgContext, String action)" + str);
        }
        boolean z = false;
        if (str != null) {
            AxisService axisService = messageContext.getAxisService();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "msgContext.getAxisService(): " + axisService);
            }
            if (axisService != null) {
                AxisOperation operationByAction = axisService.getOperationByAction(str);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "axisService.getOperationByAction(" + str + "): " + operationByAction);
                }
                if (operationByAction != null) {
                    QName name = operationByAction.getName();
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "axisOperation.getName(): " + name);
                    }
                    if (name != null) {
                        String localPart = name.getLocalPart();
                        if (localPart != null && localPart.startsWith(Constants.TRUSTOPERATION_PREFIX)) {
                            z = true;
                        }
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "operationName.getLocalPart().startsWith(com.ibm.ws.wssecurity.trust.server.sts.Util.Constants.TRUSTOPERATION_PREFIX) == " + z);
                        }
                    } else if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "unable to get AxisOperation Name");
                    }
                } else if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "unable to get AxisOperation");
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "unable to get AxisService");
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "action is not included in message");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isTrustRequest(MessageContext msgContext, String action) returns boolean[" + z + "]");
        }
        return z;
    }

    public static void configure() throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "configure");
        }
        STSConfigGroup sTSConfigurationMap = STSConfigUtil.getSTSConfigurationMap();
        long j = defaultTimeout;
        HashMap<String, String> hashMap = new HashMap<>();
        List<STSProperty> properties = STSConfigUtil.getProperties(sTSConfigurationMap, new String[]{"TrustServiceProperties"});
        if (properties != null) {
            for (STSProperty sTSProperty : properties) {
                String name = sTSProperty.getName();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "  Found property " + name);
                }
                if (name.equals(Constants.PROPERTY_NAME_PS_CACHE_TIMEOUT_MINUTES)) {
                    j = Integer.parseInt(sTSProperty.getValue());
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Successfully configured policy set timeout cache to " + timeoutMinutes + " minutes.");
                    }
                }
            }
        }
        List<STSProperty> properties2 = STSConfigUtil.getProperties(sTSConfigurationMap, new String[]{Constants.CONFIG_GROUP_NAME_POLICY_SET, Constants.CONFIG_GROUP_NAME_SCHEMAS});
        HashSet hashSet = new HashSet();
        if (properties2 != null) {
            Iterator<STSProperty> it = properties2.iterator();
            while (it.hasNext()) {
                String value = it.next().getValue();
                hashSet.add(value);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Search schema: " + value);
                }
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Could not extract properties from PolicySet/Schemas configuration group.");
        }
        STSConfigGroup configuration = STSConfigUtil.getConfiguration(sTSConfigurationMap, new String[]{Constants.CONFIG_GROUP_NAME_MESSAGE_RECEIVER});
        if (configuration != null) {
            Iterator<STSConfigGroup> it2 = configuration.getSTSConfigGroup().iterator();
            while (it2.hasNext()) {
                String name2 = it2.next().getName();
                if (hashSet.contains(name2)) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Searching through MessageReceiver|" + name2 + "|Action configuration group for action properties.");
                    }
                    List<STSProperty> properties3 = STSConfigUtil.getProperties(configuration, new String[]{name2, "Action"});
                    if (properties3 != null) {
                        for (STSProperty sTSProperty2 : properties3) {
                            String value2 = sTSProperty2.getValue();
                            String name3 = sTSProperty2.getName();
                            hashMap.put(value2, name3);
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Learned mapping from " + value2 + " to " + name3);
                            }
                        }
                    } else if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Could not extract action properties.");
                    }
                }
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Could not extract MessageReceiver configuration group.");
        }
        timeoutMinutes = j;
        actionURIToActionMap = hashMap;
        synchronized (lock) {
            cache.clear();
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "configure");
        }
    }

    public static String mapTrustAction(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "mapTrustAction(String:" + str + ")");
        }
        String str2 = null;
        if (str != null) {
            str2 = actionURIToActionMap.get(str);
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "actionURI == null");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "mapTrustAction returns String:action: " + str2);
        }
        return str2;
    }

    public static String getTrustResourceString(String str, String str2) {
        return new String("Trust." + str + ":/" + str2);
    }

    public static PolicySetConfiguration getTrustPolicySetConfiguration(MessageContext messageContext, String str, ClassLoader classLoader) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getTrustPolicySetConfiguration(MessageContext msgContext, action[String:" + str + "] Classloader classLoader)");
        }
        String str2 = null;
        try {
            EndpointReference to = messageContext.getTo();
            if (to != null) {
                str2 = to.getAddress();
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "endpoint = " + str2);
            }
            PolicySetConfiguration trustPolicySetConfiguration = getTrustPolicySetConfiguration(str, str2, classLoader);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getTrustPolicySetConfiguration() returns psc");
            }
            return trustPolicySetConfiguration;
        } catch (Exception e) {
            Tr.processException(e, "security.wssecurity.WSSecurityConsumerHandler.s04", "368");
            throw new SoapSecurityException("security.wssecurity.WSSecurityConsumerHandler.s04");
        }
    }

    public static PolicySetConfiguration getTrustPolicySetConfiguration(String str, String str2, ClassLoader classLoader) throws SoapSecurityException {
        PolicySetConfiguration policySetConfiguration;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getTrustPolicySetConfiguration(action[String:" + str + "], endpoint[String:" + str2 + "], ClassLoader classLoader)");
        }
        String trustResourceString = getTrustResourceString(str, str2);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "reference = " + trustResourceString);
        }
        synchronized (lock) {
            policySetConfiguration = cache.get(trustResourceString);
        }
        if (policySetConfiguration == null) {
            try {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "reference [String:" + trustResourceString + "] not found in cache");
                    Tr.debug(tc, "calling PolicySetUtil.getInstance(classLoader.getSystemClassLoader()");
                }
                PolicySetUtil policySetUtil = PolicySetUtil.getInstance(ClassLoader.getSystemClassLoader());
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "[PolicySetUtil:util] == " + policySetUtil);
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "calling util.getSystemAttachments(new String(system/trust))");
                }
                PolicySetAttachments systemAttachments = policySetUtil.getSystemAttachments(new String("system/trust"));
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "[PolicySetAttachments:psa] == " + systemAttachments);
                }
                policySetConfiguration = systemAttachments.getPolicySet(trustResourceString, new STSResourceEvaluator(), ClassLoader.getSystemClassLoader(), ClassLoader.getSystemClassLoader());
                if (policySetConfiguration != null) {
                    synchronized (lock) {
                        cache.put(trustResourceString, policySetConfiguration);
                    }
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Creating an alarm to remove policy set " + trustResourceString + " in " + timeoutMinutes + " minutes");
                    }
                    AlarmManager.createDeferrable(timeoutMinutes * 60 * 1000, new AlarmListener() { // from class: com.ibm.ws.wssecurity.trust.server.sts.Util.STSPolicySetUtil.1
                        @Override // com.ibm.ws.wssecurity.util.timer.AlarmListener
                        public void alarm(Object obj) {
                            String str3 = (String) obj;
                            synchronized (STSPolicySetUtil.lock) {
                                STSPolicySetUtil.cache.remove(str3);
                            }
                            if (STSPolicySetUtil.tc.isDebugEnabled()) {
                                Tr.debug(STSPolicySetUtil.tc, "Policy set " + str3 + " removed from the cache.");
                            }
                        }
                    }, trustResourceString);
                }
            } catch (Exception e) {
                Tr.processException(e, "security.wssecurity.WSSecurityConsumerHandler.s04", "368");
                throw new SoapSecurityException("security.wssecurity.WSSecurityConsumerHandler.s04");
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getTrustPolicySetConfiguration() returns psc");
        }
        return policySetConfiguration;
    }

    private static void initialize() {
        tc = Tr.register(STSPolicySetUtil.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.wssmessages");
        lock = new byte[0];
        defaultTimeout = 120L;
        timeoutMinutes = defaultTimeout;
        actionURIToActionMap = new HashMap<>();
        cache = new HashMap<>();
        try {
            configure();
        } catch (SoapSecurityException e) {
            FFDCFilter.processException(e, "STSPolicySetUtil.initialize", "FFDC-1");
            Tr.error(tc, "security.wssecurity.config.s01");
        }
    }

    static {
        initialize();
    }
}
