package com.ibm.ws.wssecurity.dsig;

import com.ibm.websphere.management.application.AppConstants;
import com.ibm.ws.wssecurity.common.Constants;
import com.ibm.ws.wssecurity.common.Result;
import com.ibm.ws.wssecurity.common.ResultPool;
import com.ibm.ws.wssecurity.common.WSSAlgorithmFactory;
import com.ibm.ws.wssecurity.config.AlgorithmConfig;
import com.ibm.ws.wssecurity.config.CallerConfig;
import com.ibm.ws.wssecurity.config.ReferencePartConfig;
import com.ibm.ws.wssecurity.config.SignatureConsumerConfig;
import com.ibm.ws.wssecurity.config.SigningReferenceConfig;
import com.ibm.ws.wssecurity.config.WSSConsumerConfig;
import com.ibm.ws.wssecurity.core.ElementSelector;
import com.ibm.ws.wssecurity.core.WSSConsumerComponent;
import com.ibm.ws.wssecurity.dsig.VerificationResult;
import com.ibm.ws.wssecurity.keyinfo.KeyInfoResult;
import com.ibm.ws.wssecurity.token.AuthResult;
import com.ibm.ws.wssecurity.token.NonceManager;
import com.ibm.ws.wssecurity.util.DOMUtils;
import com.ibm.ws.wssecurity.util.IdUtils;
import com.ibm.ws.wssecurity.util.IntegralDialectElementSelector;
import com.ibm.ws.wssecurity.util.NonceUtil;
import com.ibm.ws.wssecurity.util.QNameHeaderSelector;
import com.ibm.ws.wssecurity.util.Tr;
import com.ibm.ws.wssecurity.util.TraceComponent;
import com.ibm.ws.wssecurity.wssapi.token.impl.SecurityTokenWrapper;
import com.ibm.ws.wssecurity.xml.xss4j.domutil.DOMUtil;
import com.ibm.ws.wssecurity.xml.xss4j.dsig.IDResolver;
import com.ibm.ws.wssecurity.xml.xss4j.dsig.SignatureContext;
import com.ibm.ws.wssecurity.xml.xss4j.dsig.Transform;
import com.ibm.ws.wssecurity.xml.xss4j.dsig.TransformContext;
import com.ibm.ws.wssecurity.xml.xss4j.dsig.TransformException;
import com.ibm.wsspi.wssecurity.core.SoapSecurityException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.xml.namespace.QName;
import org.apache.axiom.om.OMDocument;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMFactory;
import org.apache.axiom.om.OMNode;

/* loaded from: input_file:lib/com.ibm.jaxws.thinclient_9.0.jar:com/ibm/ws/wssecurity/dsig/VerifiedPartChecker.class */
public class VerifiedPartChecker implements WSSConsumerComponent {
    private static final TraceComponent tc = Tr.register(VerifiedPartChecker.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.wssmessages");
    private static final String comp = "security.wssecurity";
    private Map<Object, Object> _selectors = null;
    private boolean _initialized = false;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:lib/com.ibm.jaxws.thinclient_9.0.jar:com/ibm/ws/wssecurity/dsig/VerifiedPartChecker$RequiredPart.class */
    public static class RequiredPart {
        private ReferencePartConfig _rconfig;
        private ReferencePartConfig.PartConfig _pconfig;
        private OMElement _element;
        private ArrayList<OMNode> _nodeset;
        private Set<SecurityTokenWrapper> _tokenWrappers;
        private boolean _isNodeset;
        private boolean _requiredTimestamp;
        private boolean _requiredNonce;
        private boolean _processed;

        RequiredPart(ReferencePartConfig referencePartConfig, ReferencePartConfig.PartConfig partConfig, OMElement oMElement) {
            this._rconfig = referencePartConfig;
            this._pconfig = partConfig;
            this._element = oMElement;
            this._nodeset = null;
            this._isNodeset = false;
            this._tokenWrappers = new HashSet();
            this._processed = false;
            this._requiredTimestamp = false;
            this._requiredNonce = false;
        }

        RequiredPart(ReferencePartConfig referencePartConfig, ReferencePartConfig.PartConfig partConfig, ArrayList<OMNode> arrayList) {
            this._rconfig = referencePartConfig;
            this._pconfig = partConfig;
            this._element = null;
            this._nodeset = arrayList;
            this._isNodeset = true;
            this._tokenWrappers = new HashSet();
            this._processed = false;
            this._requiredTimestamp = false;
            this._requiredNonce = false;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:lib/com.ibm.jaxws.thinclient_9.0.jar:com/ibm/ws/wssecurity/dsig/VerifiedPartChecker$RequiredParts.class */
    public static class RequiredParts {
        private RequiredPart[] _parts;

        RequiredParts(RequiredPart[] requiredPartArr) {
            this._parts = requiredPartArr;
        }
    }

    @Override // com.ibm.ws.wssecurity.core.WSSComponent, com.ibm.ws.wssecurity.core.Initializable
    public void init(Map<Object, Object> map) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "init(Map map)");
        }
        if (!this._initialized) {
            this._selectors = map;
            this._initialized = true;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "init(Map)");
        }
    }

    @Override // com.ibm.ws.wssecurity.core.WSSConsumerComponent
    public void invoke(OMNode oMNode, Map<Object, Object> map) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("invoke(");
            stringBuffer.append("OMNode target[").append(DOMUtils.getDisplayName(oMNode)).append("], ");
            stringBuffer.append("Map context)");
            Tr.entry(tc, stringBuffer.toString());
        }
        if (oMNode == null) {
            throw SoapSecurityException.format("security.wssecurity.SignatureConsumer.s11", "soapenv:Envelope");
        }
        Object obj = map.get(Constants.WSS_VERSION);
        int i = 0;
        if (obj != null && (obj instanceof Integer)) {
            i = ((Integer) obj).intValue();
        }
        String str = Constants.NAMESPACES[0][i];
        String str2 = Constants.NAMESPACES[1][i];
        HashMap hashMap = new HashMap(2);
        map.put(Constants.VERIFIED_NONCE_MAP, hashMap);
        IDResolver iDResolver = (IDResolver) map.get(ElementSelector.IDRESOLVER);
        OMDocument ownerDocument = DOMUtil.getOwnerDocument(oMNode);
        HashMap hashMap2 = new HashMap(2);
        Result[] resultArr = ResultPool.get(map, VerificationResult.class);
        if (resultArr != null && resultArr.length > 0) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, resultArr.length + " verified results found.");
            }
            for (Result result : resultArr) {
                VerificationResult verificationResult = (VerificationResult) result;
                hashMap2.put(verificationResult._sconfig, verificationResult._copiedDOM);
            }
        }
        WSSConsumerConfig wSSConsumerConfig = (WSSConsumerConfig) map.get("com.ibm.wsspi.wssecurity.config.wssConsumer.configKey");
        NonceManager nonceManager = wSSConsumerConfig.getNonceManager();
        Set<RequiredParts> preprocess = preprocess(ownerDocument, hashMap2, wSSConsumerConfig, this._selectors, map, iDResolver);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Processing the verified results...");
        }
        HashSet hashSet = new HashSet();
        if (resultArr != null && resultArr.length > 0) {
            for (Result result2 : resultArr) {
                VerificationResult verificationResult2 = (VerificationResult) result2;
                hashSet.clear();
                for (VerificationResult.VerifiedPart verifiedPart : verificationResult2._verifiedParts) {
                    RequiredPart relatedPart = getRelatedPart(verificationResult2, verifiedPart, preprocess, map);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "VerifiedPart [" + verifiedPart + "], RequiredPart [" + relatedPart + "]");
                    }
                    if (relatedPart != null) {
                        if (relatedPart._requiredNonce) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Checking required nonce...");
                            }
                            if (verifiedPart._nonce == null) {
                                throw SoapSecurityException.format(Constants.FAILED_CHECK, "security.wssecurity.VerifiedPartChecker.s02", relatedPart._pconfig.getKeyword());
                            }
                            NonceUtil.checkNonce(verifiedPart._nonce, str, nonceManager);
                            String stringValue = DOMUtils.getStringValue(verifiedPart._nonce);
                            if (stringValue != null && stringValue.length() > 0) {
                                hashMap.put(stringValue, verifiedPart._object);
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "Added verified nonce value of " + stringValue + " for element " + verifiedPart._object + " to map.");
                                }
                            }
                        }
                        if (relatedPart._requiredTimestamp) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Checking required timestamp...");
                            }
                            if (verifiedPart._timestamp == null) {
                                throw SoapSecurityException.format(Constants.FAILED_CHECK, "security.wssecurity.TimestampChecker.s02", relatedPart._pconfig.getKeyword());
                            }
                            NonceUtil.checkTimestamp(verifiedPart._timestamp, str2, wSSConsumerConfig.getTimestampMaxAge(), wSSConsumerConfig.getTimestampClockSkew(), false);
                        }
                        relatedPart._processed = true;
                        relatedPart._tokenWrappers.add(verificationResult2._tokenWrapper);
                        hashSet.add(relatedPart._rconfig);
                    }
                }
                checkCaller(verificationResult2, hashSet, wSSConsumerConfig, map);
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Checking whether all required integrity is processed...");
        }
        Iterator<RequiredParts> it = preprocess.iterator();
        while (it.hasNext()) {
            RequiredPart[] requiredPartArr = it.next()._parts;
            for (int i2 = 0; i2 < requiredPartArr.length; i2++) {
                if (!requiredPartArr[i2]._processed) {
                    String keyword = requiredPartArr[i2]._pconfig.getKeyword();
                    if (keyword == null) {
                        String headerName = requiredPartArr[i2]._pconfig.getHeaderName();
                        keyword = headerName != null ? requiredPartArr[i2]._pconfig.getHeaderNamespace() + ":" + headerName : requiredPartArr[i2]._pconfig.getHeaderNamespace();
                    }
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Required integrity not processed with keyword[" + keyword + "]");
                    }
                    throw SoapSecurityException.format(Constants.FAILED_CHECK, "security.wssecurity.VerifiedPartChecker.s01", keyword);
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "invoke(OMNode, Map)");
        }
    }

    private static Set<RequiredParts> preprocess(OMDocument oMDocument, Map<SignatureConsumerConfig, OMDocument> map, WSSConsumerConfig wSSConsumerConfig, Map<Object, Object> map2, Map<Object, Object> map3, IDResolver iDResolver) throws SoapSecurityException {
        RequiredPart[] requiredPartArr;
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("preprocess(");
            stringBuffer.append("OMDocument doc[").append(DOMUtils.getDisplayName(oMDocument)).append("], ");
            stringBuffer.append("Map docMap, WSSConsumerConfig gconfig, ");
            stringBuffer.append("Map selectors, Map context, IDResolver idResolver)");
            Tr.entry(tc, stringBuffer.toString());
        }
        Set<ReferencePartConfig> requiredIntegralParts = wSSConsumerConfig.getRequiredIntegralParts();
        Set<SignatureConsumerConfig> signatureConsumers = wSSConsumerConfig.getSignatureConsumers();
        WSSAlgorithmFactory algorithmFactory = wSSConsumerConfig.getAlgorithmFactory();
        HashSet<RequiredParts> hashSet = new HashSet();
        HashSet hashSet2 = null;
        HashMap hashMap = null;
        HashMap hashMap2 = null;
        HashMap hashMap3 = null;
        Iterator<ReferencePartConfig> it = requiredIntegralParts.iterator();
        while (it.hasNext()) {
            ReferencePartConfig next = it.next();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Processing ReferencePartConfig [" + next + "]...");
            }
            HashMap hashMap4 = new HashMap(map3);
            hashMap4.put(NonceManager.class, wSSConsumerConfig.getNonceManager());
            hashMap4.put(ElementSelector.IDRESOLVER, iDResolver);
            hashMap4.put(ElementSelector.CONFIG, wSSConsumerConfig.getTokenConsumers());
            OMDocument necessaryInfo = setNecessaryInfo(hashMap4, signatureConsumers, next, oMDocument, map);
            for (ReferencePartConfig.PartConfig partConfig : next.getParts()) {
                if (partConfig.isTimestamp() || partConfig.isNonce()) {
                    if (hashSet2 == null) {
                        hashSet2 = new HashSet();
                        hashMap = new HashMap();
                        hashMap2 = new HashMap();
                        hashMap3 = new HashMap();
                    }
                    hashSet2.add(partConfig);
                    hashMap.put(partConfig, hashMap4);
                    hashMap2.put(partConfig, next);
                    hashMap3.put(partConfig, necessaryInfo);
                } else {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Processing PartConfig [" + partConfig + "]...");
                    }
                    String dialect = partConfig.getDialect();
                    String keyword = partConfig.getKeyword();
                    Class cls = IntegralDialectElementSelector.class;
                    if (dialect.equals(Constants.DIALECT_HEADER)) {
                        hashMap4.put(ElementSelector.HEADERNAME, partConfig.getHeaderName());
                        hashMap4.put(ElementSelector.HEADERNAMESPACE, partConfig.getHeaderNamespace());
                        cls = QNameHeaderSelector.class;
                    }
                    ArrayList<OMNode> messagePart = SignatureGenerator.getMessagePart(necessaryInfo, dialect, keyword, ElementSelector.VERIFICATION_MODE, map2, cls, hashMap4);
                    if (messagePart != null && messagePart.size() > 0) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, messagePart.size() + " parts found.");
                        }
                        ArrayList[] arrayListArr = null;
                        boolean z = false;
                        try {
                            Iterator<SignatureConsumerConfig> it2 = signatureConsumers.iterator();
                            while (it2.hasNext()) {
                                List<SigningReferenceConfig> references = it2.next().getReferences();
                                for (int i = 0; i < references.size(); i++) {
                                    SigningReferenceConfig signingReferenceConfig = references.get(i);
                                    Iterator<ReferencePartConfig.PartConfig> it3 = signingReferenceConfig.getReference().getParts().iterator();
                                    while (it3.hasNext()) {
                                        if (partConfig == it3.next()) {
                                            List<AlgorithmConfig> transforms = signingReferenceConfig.getTransforms();
                                            for (int i2 = 0; i2 < transforms.size(); i2++) {
                                                AlgorithmConfig algorithmConfig = transforms.get(i2);
                                                String algorithm = algorithmConfig.getAlgorithm();
                                                Map<Object, Object> properties = algorithmConfig.getProperties();
                                                OMFactory oMFactory = oMDocument.getOMFactory();
                                                OMElement oMElement = null;
                                                if ("http://www.w3.org/2002/06/xmldsig-filter2".equals(algorithm)) {
                                                    oMElement = SignatureGenerator.createXPath2Transform(oMFactory, algorithm, properties);
                                                } else if ("http://www.w3.org/TR/1999/REC-xpath-19991116".equals(algorithm)) {
                                                    oMElement = SignatureGenerator.createXPathTransform(oMFactory, algorithm, properties);
                                                } else if (!"http://www.w3.org/2000/09/xmldsig#enveloped-signature".equals(algorithm)) {
                                                }
                                                SignatureContext signatureContext = new SignatureContext();
                                                Transform transform = algorithmFactory.getTransform(algorithm);
                                                transform.setParameter(DOMUtil.getFirstChildElement(oMElement));
                                                if (iDResolver != null) {
                                                    signatureContext.setIDResolver(iDResolver);
                                                }
                                                arrayListArr = new ArrayList[messagePart.size()];
                                                for (int i3 = 0; i3 < messagePart.size(); i3++) {
                                                    TransformContext transformContext = new TransformContext(signatureContext, messagePart.get(i3));
                                                    transform.transform(transformContext);
                                                    z = true;
                                                    arrayListArr[i3] = transformContext.getNodeset();
                                                }
                                            }
                                        }
                                    }
                                }
                            }
                            if (messagePart instanceof PartList) {
                                requiredPartArr = new RequiredPart[]{new RequiredPart(next, partConfig, messagePart)};
                            } else if (z) {
                                requiredPartArr = new RequiredPart[messagePart.size()];
                                for (int i4 = 0; i4 < requiredPartArr.length; i4++) {
                                    requiredPartArr[i4] = new RequiredPart(next, partConfig, (ArrayList<OMNode>) arrayListArr[i4]);
                                }
                            } else {
                                requiredPartArr = new RequiredPart[messagePart.size()];
                                for (int i5 = 0; i5 < requiredPartArr.length; i5++) {
                                    requiredPartArr[i5] = new RequiredPart(next, partConfig, (OMElement) messagePart.get(i5));
                                }
                            }
                            hashSet.add(new RequiredParts(requiredPartArr));
                        } catch (TransformException e) {
                            throw new SoapSecurityException(e);
                        } catch (NoSuchAlgorithmException e2) {
                            throw new SoapSecurityException(e2);
                        }
                    }
                }
            }
        }
        if (hashSet2 != null) {
            it = hashSet2.iterator();
        }
        while (hashSet2 != null && it.hasNext()) {
            ReferencePartConfig.PartConfig partConfig2 = (ReferencePartConfig.PartConfig) it.next();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Processing PartConfig [" + partConfig2 + "]...");
            }
            Map map4 = (Map) hashMap.get(partConfig2);
            ReferencePartConfig referencePartConfig = (ReferencePartConfig) hashMap2.get(partConfig2);
            OMDocument oMDocument2 = (OMDocument) hashMap3.get(partConfig2);
            if (partConfig2.isTimestamp() || partConfig2.isNonce()) {
                ArrayList<OMNode> noncePart = SignatureGenerator.getNoncePart(oMDocument2, null, partConfig2, ElementSelector.VERIFICATION_MODE, map2, IntegralDialectElementSelector.class, map4);
                if (noncePart != null && noncePart.size() > 0) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, noncePart.size() + " parts found.");
                    }
                    boolean z2 = false;
                    for (int i6 = 0; i6 < noncePart.size(); i6++) {
                        OMNode oMNode = noncePart.get(i6);
                        if (oMNode.getType() == 1) {
                            OMElement oMElement2 = (OMElement) oMNode;
                            for (RequiredParts requiredParts : hashSet) {
                                int i7 = 0;
                                while (true) {
                                    if (i7 < requiredParts._parts.length) {
                                        RequiredPart requiredPart = requiredParts._parts[i7];
                                        if (DOMUtils.equals((OMNode) oMElement2, (OMNode) requiredPart._element)) {
                                            if (partConfig2.isTimestamp()) {
                                                requiredPart._requiredTimestamp = partConfig2.isTimestamp();
                                            }
                                            if (partConfig2.isNonce()) {
                                                requiredPart._requiredNonce = partConfig2.isNonce();
                                            }
                                            z2 = true;
                                        } else {
                                            i7++;
                                        }
                                    }
                                }
                            }
                            if (!z2) {
                                RequiredPart[] requiredPartArr2 = {new RequiredPart(referencePartConfig, partConfig2, oMElement2)};
                                requiredPartArr2[0]._requiredTimestamp = partConfig2.isTimestamp();
                                requiredPartArr2[0]._requiredNonce = partConfig2.isNonce();
                                hashSet.add(new RequiredParts(requiredPartArr2));
                            }
                        }
                    }
                }
            }
        }
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer2 = new StringBuffer("preprocess(");
            stringBuffer2.append("OMDocument, Map, Set, Set, Map, Map)");
            stringBuffer2.append(" returns Set [").append(hashSet).append("]");
            Tr.exit(tc, stringBuffer2.toString());
        }
        return hashSet;
    }

    private static OMDocument setNecessaryInfo(Map<Object, Object> map, Set<SignatureConsumerConfig> set, ReferencePartConfig referencePartConfig, OMDocument oMDocument, Map<SignatureConsumerConfig, OMDocument> map2) {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("setNecessaryInfo(");
            stringBuffer.append("Map selectorMap, Set sconsumers, ");
            stringBuffer.append("ReferencePartConfig rconfig[").append(referencePartConfig).append("], ");
            stringBuffer.append("OMDocument doc[").append(DOMUtils.getDisplayName(oMDocument)).append("], ");
            stringBuffer.append("Map docMap)");
            Tr.entry(tc, stringBuffer.toString());
        }
        boolean z = false;
        OMDocument oMDocument2 = oMDocument;
        SigningReferenceConfig signingReferenceConfig = null;
        Iterator<SignatureConsumerConfig> it = set.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            SignatureConsumerConfig next = it.next();
            Iterator<SigningReferenceConfig> it2 = next.getReferences().iterator();
            while (true) {
                if (!it2.hasNext()) {
                    break;
                }
                signingReferenceConfig = it2.next();
                if (signingReferenceConfig.getReference().equals(referencePartConfig)) {
                    z = true;
                    break;
                }
            }
            if (z) {
                OMDocument oMDocument3 = map2.get(next);
                if (oMDocument3 != null) {
                    oMDocument2 = oMDocument3;
                }
            }
        }
        if (z) {
            SignatureGenerator.prepareTransform(signingReferenceConfig, map);
        }
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer2 = new StringBuffer("setNecessaryInfo(");
            stringBuffer2.append("Map, Set, ReferencePartConfig, OMDocument, Map)");
            stringBuffer2.append(" returns OMDocument [").append(oMDocument2).append("]");
            Tr.exit(tc, stringBuffer2.toString());
        }
        return oMDocument2;
    }

    /* JADX WARN: Code restructure failed: missing block: B:104:0x02c4, code lost:
    
        r12 = r0[r16];
     */
    /* JADX WARN: Code restructure failed: missing block: B:109:0x028b, code lost:
    
        r12 = r0[r16];
     */
    /* JADX WARN: Code restructure failed: missing block: B:86:0x025a, code lost:
    
        r12 = r0[r16];
     */
    /* JADX WARN: Code restructure failed: missing block: B:91:0x0221, code lost:
    
        r12 = r0[r16];
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static com.ibm.ws.wssecurity.dsig.VerifiedPartChecker.RequiredPart getRelatedPart(com.ibm.ws.wssecurity.dsig.VerificationResult r5, com.ibm.ws.wssecurity.dsig.VerificationResult.VerifiedPart r6, java.util.Set<com.ibm.ws.wssecurity.dsig.VerifiedPartChecker.RequiredParts> r7, java.util.Map<java.lang.Object, java.lang.Object> r8) throws com.ibm.wsspi.wssecurity.core.SoapSecurityException {
        /*
            Method dump skipped, instructions count: 815
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ws.wssecurity.dsig.VerifiedPartChecker.getRelatedPart(com.ibm.ws.wssecurity.dsig.VerificationResult, com.ibm.ws.wssecurity.dsig.VerificationResult$VerifiedPart, java.util.Set, java.util.Map):com.ibm.ws.wssecurity.dsig.VerifiedPartChecker$RequiredPart");
    }

    private static boolean hasSameUri(OMElement oMElement, OMElement oMElement2) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("hasSameUri(");
            stringBuffer.append("OMElement rpart[").append(DOMUtils.getDisplayName(oMElement)).append("], ");
            stringBuffer.append("OMElement vpart[").append(DOMUtils.getDisplayName(oMElement2)).append("])");
            Tr.entry(tc, stringBuffer.toString());
        }
        boolean z = false;
        String id = IdUtils.getInstance().getId(oMElement);
        String id2 = IdUtils.getInstance().getId(oMElement2);
        if (id != null && id.length() > 0 && id2 != null && id2.length() > 0 && id.equals(id2)) {
            z = true;
        }
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer2 = new StringBuffer("hasSameUri(OMElement, OMElement)");
            stringBuffer2.append(" returns boolean [").append(z).append("]");
            Tr.exit(tc, stringBuffer2.toString());
        }
        return z;
    }

    private static void checkCaller(VerificationResult verificationResult, Set<ReferencePartConfig> set, WSSConsumerConfig wSSConsumerConfig, Map<Object, Object> map) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("checkCaller(");
            stringBuffer.append("VerificationResult vresult, Set rpconfigs, ");
            stringBuffer.append("WSSConsumerConfig  gconfig, Map context)");
            Tr.entry(tc, stringBuffer.toString());
        }
        if (verificationResult._tokenWrapper != null) {
            QName valueType = verificationResult._tokenWrapper.getValueType();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "The value type of the token: " + valueType);
            }
            List<CallerConfig> callers = wSSConsumerConfig.getCallers();
            if (callers != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, callers.size() + " Callers found, so start to process it...");
                }
                for (CallerConfig callerConfig : callers) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Processing a CallerConfig [" + callerConfig + "]...");
                    }
                    QName callerIdentity = callerConfig.getCallerIdentity();
                    QName trustedIdentity = callerConfig.getTrustedIdentity();
                    ReferencePartConfig requiredSigningPartReference = callerConfig.getRequiredSigningPartReference();
                    boolean z = callerIdentity != null && callerIdentity.equals(valueType) && requiredSigningPartReference != null && trustedIdentity == null;
                    boolean z2 = (trustedIdentity == null || !trustedIdentity.equals(valueType) || requiredSigningPartReference == null) ? false : true;
                    if (z || z2) {
                        boolean z3 = false;
                        boolean z4 = false;
                        if (z) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Checking the caller identity [" + callerIdentity + "]...");
                            }
                            if (requiredSigningPartReference.isOneOfIntegralParts()) {
                                if (set.contains(requiredSigningPartReference)) {
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "Linked the token[" + verificationResult._tokenWrapper + "] and the Caller[" + callerConfig + "].");
                                    }
                                    z3 = true;
                                }
                            } else if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "ReferencePart of Caller Config is not integral part.");
                            }
                        }
                        if (z2) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Checking the trusted identity [" + trustedIdentity + "]...");
                            }
                            if (requiredSigningPartReference.isOneOfIntegralParts()) {
                                if (set.contains(requiredSigningPartReference)) {
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "Linked the token[" + verificationResult._tokenWrapper + "] and the Caller[" + callerConfig + "].");
                                    }
                                    z4 = true;
                                }
                            } else if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "ReferencePart of Caller Config is not integral part.");
                            }
                        }
                        if (z3 || z4) {
                            AuthResult authResult = new AuthResult(verificationResult._tokenWrapper, callerConfig, z3, z4, false);
                            ResultPool.add(map, authResult);
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Added AuthResult[" + authResult + "] into the ResultPool.");
                            }
                        }
                    }
                }
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "The token used for signature verification not found...");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "checkCaller(VerificationResult, Set, WSSConsumerConfig, Map)");
        }
    }

    private static SoapSecurityException checkBinding(Set<Object> set, VerificationResult verificationResult) {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("checkBinding(");
            stringBuffer.append("Set bindings, VerificationResult vresult)");
            Tr.entry(tc, stringBuffer.toString());
        }
        SoapSecurityException soapSecurityException = null;
        boolean contains = set.contains(verificationResult._sconfig);
        if (!contains) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "The configuration of signature consumer used for verification was NOT found in the bindings.");
            }
            Iterator<Object> it = set.iterator();
            while (!contains && it.hasNext()) {
                SignatureConsumerConfig signatureConsumerConfig = (SignatureConsumerConfig) it.next();
                Iterator<SigningReferenceConfig> it2 = signatureConsumerConfig.getReferences().iterator();
                while (true) {
                    if (!contains && it2.hasNext()) {
                        KeyInfoResult keyInfoResult = verificationResult._identities.get(new VerifiedConfig(signatureConsumerConfig, it2.next()));
                        if (keyInfoResult != null) {
                            Exception error = keyInfoResult.getError();
                            if (error == null) {
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "The keyinfo result has no exception.");
                                }
                                SecurityTokenWrapper securityTokenWrapper = (SecurityTokenWrapper) verificationResult._kresults.get(keyInfoResult);
                                if (securityTokenWrapper == null) {
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "There is no token corresponding to the keyinfo result.");
                                    }
                                } else if (securityTokenWrapper.getError() == null) {
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "The token [" + securityTokenWrapper + "] has no exception.");
                                    }
                                    contains = true;
                                } else {
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "The token [" + securityTokenWrapper + "] has the exception [" + error.getMessage() + "].");
                                    }
                                    soapSecurityException = securityTokenWrapper.getError();
                                }
                            } else {
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "The keyinfo result has the exception [" + error.getMessage() + "].");
                                }
                                soapSecurityException = error instanceof SoapSecurityException ? (SoapSecurityException) error : SoapSecurityException.format("security.wssecurity.KeyInfoConsumer.getKey04", new String[]{error.getMessage()}, error);
                            }
                        } else if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "There is no keyinfo result corresponding to the SigningReferenceConfig.");
                        }
                    }
                }
            }
            if (contains) {
                soapSecurityException = null;
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "The configuration of signature consumer used for verification was found in the bindings.");
        }
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer2 = new StringBuffer("checkBinding(");
            stringBuffer2.append("Set, VerificationResult)");
            stringBuffer2.append(" returns SoapSecurityException [");
            stringBuffer2.append(soapSecurityException == null ? AppConstants.NULL_STRING : soapSecurityException.toString());
            stringBuffer2.append("]");
            Tr.exit(tc, stringBuffer2.toString());
        }
        return soapSecurityException;
    }
}
