package com.ibm.ws.wssecurity.confimpl;

import com.ibm.websphere.wssecurity.admin.PolicyAttributesConstants;
import com.ibm.ws.wssecurity.common.Constants;
import com.ibm.ws.wssecurity.common.Constants0;
import com.ibm.ws.wssecurity.common.WSSAlgorithmFactory;
import com.ibm.ws.wssecurity.config.AlgorithmConfig;
import com.ibm.ws.wssecurity.config.CallerConfig;
import com.ibm.ws.wssecurity.config.DerivedKeyInfoConfig;
import com.ibm.ws.wssecurity.config.EncryptionConsumerConfig;
import com.ibm.ws.wssecurity.config.KeyInfoConsumerConfig;
import com.ibm.ws.wssecurity.config.KeyInfoContentConsumerConfig;
import com.ibm.ws.wssecurity.config.ReferencePartConfig;
import com.ibm.ws.wssecurity.config.SignatureConsumerConfig;
import com.ibm.ws.wssecurity.config.SigningReferenceConfig;
import com.ibm.ws.wssecurity.config.TimestampConsumerConfig;
import com.ibm.ws.wssecurity.config.WSSConsumerConfig;
import com.ibm.ws.wssecurity.confimpl.PrivateCommonConfig;
import com.ibm.ws.wssecurity.core.token.TokenConsumerComponent;
import com.ibm.ws.wssecurity.dsig.VerifiedConfig;
import com.ibm.ws.wssecurity.keyinfo.KeyInfoContentConsumerComponent;
import com.ibm.ws.wssecurity.token.CertCacheManager;
import com.ibm.ws.wssecurity.token.NonceManager;
import com.ibm.ws.wssecurity.util.ConfidentialDialectElementSelector;
import com.ibm.ws.wssecurity.util.ConfigUtil;
import com.ibm.ws.wssecurity.util.ConfigValidation;
import com.ibm.ws.wssecurity.util.DOMUtils;
import com.ibm.ws.wssecurity.util.GetJAASConfigInfo;
import com.ibm.ws.wssecurity.util.IntegralDialectElementSelector;
import com.ibm.ws.wssecurity.util.SecurityUIDGenerator;
import com.ibm.ws.wssecurity.util.Tr;
import com.ibm.ws.wssecurity.util.TraceComponent;
import com.ibm.ws.wssecurity.xml.xss4j.dsig.transform.DecryptionTransformer;
import com.ibm.ws.wssecurity.xml.xss4j.enc.util.DOMUtil;
import com.ibm.wsspi.wssecurity.core.SoapSecurityException;
import com.ibm.wsspi.wssecurity.core.config.CallbackHandlerConfig;
import com.ibm.wsspi.wssecurity.core.config.TokenConsumerConfig;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.xml.namespace.QName;
import org.apache.axiom.om.OMDocument;
import org.apache.axiom.om.OMElement;

/* loaded from: input_file:lib/com.ibm.wsfp.main.jar:com/ibm/ws/wssecurity/confimpl/PrivateConsumerConfig.class */
public abstract class PrivateConsumerConfig extends PrivateCommonConfig implements WSSConsumerConfig {
    private static final TraceComponent tc = Tr.register(PrivateConsumerConfig.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.wssmessages");
    private static final String comp = "security.wssecurity";
    protected String _myActor = null;
    protected boolean _ultimateReceiver = false;
    protected boolean _nonceCacheDistributed = false;
    protected final Set<String> _allowedTransforms = new HashSet();
    protected final Set<String> _allowedCanonicalizationMethods = new HashSet();
    protected final Set<String> _allowedSignatureMethods = new HashSet();
    protected final Set<String> _allowedDigestMethods = new HashSet();
    protected final Set<String> _allowedDataEncryptionMethods = new HashSet();
    protected final Set<String> _allowedKeyEncryptionMethods = new HashSet();
    protected final WSSAlgorithmFactory _algorithmFactory = (WSSAlgorithmFactory) WSSAlgorithmFactory.getInstance();
    protected final Set<String> _defaultKeyInfoContentConsumers = new HashSet();
    protected final Set<String> _defaultTokenConsumers = new HashSet();
    protected final Set<String> _defaultJAASConfigs = new HashSet();
    protected final Set<String> _defaultKeyLocators = new HashSet();
    protected boolean _userDefinedComponentsUsed = false;
    protected boolean _verificationRequired = false;
    protected boolean _decryptionRequired = false;
    protected boolean _tokenRequired = false;
    protected boolean _loginRequired = false;
    protected boolean _timestampRequired = false;
    protected boolean _inboundTimestampReqProp = true;
    protected final Set<ReferencePartConfig> _requiredIntegralParts = new HashSet();
    protected final Set<ReferencePartConfig> _requiredConfidentialParts = new HashSet();
    protected final Set<TokenConsumerConfig> _requiredSecurityTokens = new HashSet();
    protected final List<CallerConfig> _callers = new ArrayList();
    protected final Set<SignatureConsumerConfig> _signatureConsumers = new HashSet();
    protected final Set<EncryptionConsumerConfig> _encryptionConsumers = new HashSet();
    protected final Set<TokenConsumerConfig> _tokenConsumers = new HashSet();
    protected TimestampConsumerConfImpl _timestampConsumer = null;
    protected NonceManager _nonceManager = null;
    protected CertCacheManager _certManager = null;
    protected int _timestampMaxAge = -1;
    protected int _timestampClockSkew = -1;
    protected Map<Object, Object> _properties = null;
    protected final Set<String> _defaultCallbackHandlers = new HashSet();
    protected boolean _symmetricBinding = false;
    protected boolean _isOrderEnforced = false;
    protected Boolean _bodyMustBeSignedAndEncrypted = null;
    protected boolean _untOptimize = false;
    protected boolean _skipOperationLevelPolicyCheck = false;
    protected boolean _useSoap12FaultCodes = true;
    protected boolean _bypassHeader = false;
    protected boolean _removePrivateData = true;
    protected boolean _removeAuxiliarySecurityTokens = true;
    protected boolean _useOldEnvelopedSig = false;
    protected boolean _exportAsSamlToken = false;
    public static final String OLD_ENVELOPED_SIG = "com.ibm.wsspi.wssecurity.dsig.oldEnvelopedSignature";

    /* loaded from: input_file:lib/com.ibm.wsfp.main.jar:com/ibm/ws/wssecurity/confimpl/PrivateConsumerConfig$CallerConfImpl.class */
    public static class CallerConfImpl implements CallerConfig {
        public String _jaasConfig = null;
        public final Map<Object, Object> _jaasConfigProperties = new HashMap();
        public PrivateCommonConfig.CallbackHandlerConfImpl _callbackHandler = null;
        public boolean _identityAssertion = false;
        public boolean _anyTrustedIdentity = false;
        public QName _callerIdentity = null;
        public QName _trustedIdentity = null;
        public PrivateCommonConfig.ReferencePartConfImpl _requiredSigningPartReference = null;
        public int _order = 0;

        @Override // com.ibm.wsspi.wssecurity.core.config.Configuration
        public void validate() throws SoapSecurityException {
            if (this._jaasConfig == null) {
                throw SoapSecurityException.format("security.wssecurity.WSEC6834E", toString());
            }
            if (this._callerIdentity == null) {
                throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s16", toString());
            }
        }

        @Override // com.ibm.ws.wssecurity.config.CallerConfig
        public String getJAASConfig() {
            return this._jaasConfig;
        }

        @Override // com.ibm.ws.wssecurity.config.CallerConfig
        public Map<Object, Object> getJAASConfigProperties() {
            return this._jaasConfigProperties;
        }

        @Override // com.ibm.ws.wssecurity.config.CallerConfig
        public CallbackHandlerConfig getCallbackHandler() {
            return this._callbackHandler;
        }

        @Override // com.ibm.wsspi.wssecurity.core.config.CallerConfig
        public boolean useIdentityAssertion() {
            return this._identityAssertion;
        }

        @Override // com.ibm.wsspi.wssecurity.core.config.CallerConfig
        public boolean trustAnyTrustedIdentity() {
            return this._anyTrustedIdentity;
        }

        @Override // com.ibm.wsspi.wssecurity.core.config.CallerConfig
        public QName getCallerIdentity() {
            return this._callerIdentity;
        }

        @Override // com.ibm.wsspi.wssecurity.core.config.CallerConfig
        public QName getTrustedIdentity() {
            return this._trustedIdentity;
        }

        @Override // com.ibm.ws.wssecurity.config.CallerConfig
        public ReferencePartConfig getRequiredSigningPartReference() {
            return this._requiredSigningPartReference;
        }

        @Override // com.ibm.ws.wssecurity.config.CallerConfig
        public int getOrder() {
            return this._order;
        }

        public void dumpCaller() {
            if (PrivateConsumerConfig.tc.isDebugEnabled()) {
                GetJAASConfigInfo.dumpJAASConfigEntry(this._jaasConfig);
            }
        }

        public String toString() {
            StringBuffer append = new StringBuffer(getClass().getName()).append("(");
            append.append("jaasConfig=[").append(this._jaasConfig).append("], ");
            append.append("jaasConfigProperties=[").append(this._jaasConfigProperties).append("], ");
            append.append("callbackHandler=[").append(this._callbackHandler).append("], ");
            append.append("useIdentityAssertion=[").append(this._identityAssertion).append("], ");
            append.append("trustAnyTrustedIdentity=[").append(this._anyTrustedIdentity).append("], ");
            append.append("callerIdentity=[").append(this._callerIdentity).append("], ");
            append.append("trustedIdentity=[").append(this._trustedIdentity).append("], ");
            append.append("requiredSigningPartReference=[").append(this._requiredSigningPartReference).append("], ");
            append.append("order=[").append(this._order).append("]");
            append.append(")");
            return append.toString();
        }
    }

    /* loaded from: input_file:lib/com.ibm.wsfp.main.jar:com/ibm/ws/wssecurity/confimpl/PrivateConsumerConfig$EncryptionConsumerConfImpl.class */
    public static class EncryptionConsumerConfImpl implements EncryptionConsumerConfig {
        public PrivateCommonConfig.AlgorithmConfImpl _dataEncryptionMethod = null;
        public PrivateCommonConfig.AlgorithmConfImpl _keyEncryptionMethod = null;
        public KeyInfoConsumerConfImpl _encryptionKeyInfo = null;
        public PrivateCommonConfig.ReferencePartConfImpl _reference = null;
        public boolean _isKeyDecryption = false;
        public final Map<Object, Object> _properties = new HashMap();
        public final List<EncryptionConsumerConfig> _identity = new ArrayList();

        @Override // com.ibm.wsspi.wssecurity.core.config.Configuration
        public void validate() throws SoapSecurityException {
            validate(false);
        }

        public void validate(boolean z) throws SoapSecurityException {
            if (this._dataEncryptionMethod == null) {
                throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s19", toString());
            }
            if (this._encryptionKeyInfo == null) {
                throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s20", toString());
            }
            if (this._reference == null && !z) {
                throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s21", toString());
            }
        }

        @Override // com.ibm.ws.wssecurity.config.EncryptionConsumerConfig
        public AlgorithmConfig getDataEncryptionMethod() {
            return this._dataEncryptionMethod;
        }

        @Override // com.ibm.ws.wssecurity.config.EncryptionConsumerConfig
        public AlgorithmConfig getKeyEncryptionMethod() {
            return this._keyEncryptionMethod;
        }

        @Override // com.ibm.ws.wssecurity.config.EncryptionConsumerConfig
        public KeyInfoConsumerConfig getEncryptionKeyInfo() {
            return this._encryptionKeyInfo;
        }

        @Override // com.ibm.ws.wssecurity.config.EncryptionConsumerConfig
        public ReferencePartConfig getReference() {
            return this._reference;
        }

        @Override // com.ibm.ws.wssecurity.config.EncryptionConsumerConfig
        public Map<Object, Object> getProperties() {
            return this._properties;
        }

        @Override // com.ibm.ws.wssecurity.config.EncryptionConsumerConfig
        public List<EncryptionConsumerConfig> getIdentityList() {
            return this._identity;
        }

        @Override // com.ibm.ws.wssecurity.config.EncryptionConsumerConfig
        public boolean isKeyDecryption() {
            return this._isKeyDecryption;
        }

        public String toString() {
            StringBuffer append = new StringBuffer(getClass().getName()).append("(");
            append.append("dataEncryptionMethod=[").append(this._dataEncryptionMethod).append("], ");
            append.append("keyEncryptionMethod=[").append(this._keyEncryptionMethod).append("], ");
            append.append("encryptionKeyInfo=[").append(this._encryptionKeyInfo).append("], ");
            append.append("reference=[").append(this._reference).append("], ");
            append.append("isKeyDecryption=[").append(this._isKeyDecryption).append("], ");
            append.append("properties=[").append(this._properties).append("]");
            append.append(")");
            return append.toString();
        }
    }

    /* loaded from: input_file:lib/com.ibm.wsfp.main.jar:com/ibm/ws/wssecurity/confimpl/PrivateConsumerConfig$KeyInfoConsumerConfImpl.class */
    public static class KeyInfoConsumerConfImpl implements KeyInfoConsumerConfig {
        public List<KeyInfoContentConsumerConfig> _contentConsumers = null;
        public final List<KeyInfoContentConsumerConfig> _otherContentConsumers = new ArrayList();

        @Override // com.ibm.wsspi.wssecurity.core.config.Configuration
        public void validate() throws SoapSecurityException {
            if (this._contentConsumers == null || this._contentConsumers.isEmpty()) {
                throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s24", toString());
            }
        }

        @Override // com.ibm.ws.wssecurity.config.KeyInfoConsumerConfig
        public List<KeyInfoContentConsumerConfig> getContentConsumers() {
            return this._contentConsumers;
        }

        @Override // com.ibm.ws.wssecurity.config.KeyInfoConsumerConfig
        public List<KeyInfoContentConsumerConfig> getOtherContentConsumers() {
            return this._otherContentConsumers;
        }

        public String toString() {
            StringBuffer append = new StringBuffer(getClass().getName()).append("(");
            append.append("contentConsumers=[").append(this._contentConsumers).append("]");
            append.append(")");
            return append.toString();
        }
    }

    /* loaded from: input_file:lib/com.ibm.wsfp.main.jar:com/ibm/ws/wssecurity/confimpl/PrivateConsumerConfig$KeyInfoContentConsumerConfImpl.class */
    public static class KeyInfoContentConsumerConfImpl implements KeyInfoContentConsumerConfig {
        public String _className = null;
        public KeyInfoContentConsumerComponent _instance = null;
        public String _keyName = SecurityUIDGenerator.createUID();
        public TokenConsumerConfImpl _tokenConsumer = null;
        public final Map<Object, Object> _properties = new HashMap();
        public DerivedKeyInfoConfig _derivedKeyInfo = null;
        public boolean _isRequireExternalUriReference = false;

        @Override // com.ibm.wsspi.wssecurity.core.config.Configuration
        public void validate() throws SoapSecurityException {
            if (this._instance == null) {
                throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s25", toString());
            }
        }

        @Override // com.ibm.ws.wssecurity.config.KeyInfoContentConsumerConfig
        public KeyInfoContentConsumerComponent getInstance() {
            return this._instance;
        }

        @Override // com.ibm.ws.wssecurity.config.KeyInfoContentConsumerConfig
        public String getKeyName() {
            return this._keyName;
        }

        @Override // com.ibm.ws.wssecurity.config.KeyInfoContentConsumerConfig
        public TokenConsumerConfig getTokenConsumer() {
            return this._tokenConsumer;
        }

        @Override // com.ibm.ws.wssecurity.config.KeyInfoContentConsumerConfig
        public Map<Object, Object> getProperties() {
            return this._properties;
        }

        @Override // com.ibm.ws.wssecurity.config.KeyInfoContentConsumerConfig
        public DerivedKeyInfoConfig getDerivedKeyInfoConfig() {
            return this._derivedKeyInfo;
        }

        public boolean isRequireExternalUriReference() {
            return this._isRequireExternalUriReference;
        }

        public String toString() {
            StringBuffer append = new StringBuffer(getClass().getName()).append("(");
            append.append("className=[").append(this._className).append("], ");
            append.append("tokenConsumer=[").append(this._tokenConsumer).append("], ");
            append.append("properties=[").append(this._properties).append("]");
            append.append(")");
            return append.toString();
        }
    }

    /* loaded from: input_file:lib/com.ibm.wsfp.main.jar:com/ibm/ws/wssecurity/confimpl/PrivateConsumerConfig$SignatureConsumerConfImpl.class */
    public static class SignatureConsumerConfImpl implements SignatureConsumerConfig {
        public PrivateCommonConfig.AlgorithmConfImpl _canonicalizationMethod = null;
        public PrivateCommonConfig.AlgorithmConfImpl _signatureMethod = null;
        public PrivateCommonConfig.AlgorithmConfImpl _keyInfoSignature = null;
        public KeyInfoConsumerConfImpl _signingKeyInfo = null;
        public final List<SigningReferenceConfig> _references = new ArrayList();
        public final Map<Object, Object> _properties = new HashMap();
        public final Map<SigningReferenceConfig, List<VerifiedConfig>> _identity = new HashMap();
        private boolean _isDecryptionXformEnabled = false;

        @Override // com.ibm.wsspi.wssecurity.core.config.Configuration
        public void validate() throws SoapSecurityException {
            validate(false);
        }

        public void validate(boolean z) throws SoapSecurityException {
            if (this._signingKeyInfo == null) {
                throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s17", toString());
            }
            if (this._references.isEmpty() && !z) {
                throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s18", toString());
            }
        }

        @Override // com.ibm.ws.wssecurity.config.SignatureConsumerConfig
        public AlgorithmConfig getCanonicalizationMethod() {
            return this._canonicalizationMethod;
        }

        @Override // com.ibm.ws.wssecurity.config.SignatureConsumerConfig
        public AlgorithmConfig getSignatureMethod() {
            return this._signatureMethod;
        }

        @Override // com.ibm.ws.wssecurity.config.SignatureConsumerConfig
        public AlgorithmConfig getKeyInfoSignature() {
            return this._keyInfoSignature;
        }

        @Override // com.ibm.ws.wssecurity.config.SignatureConsumerConfig
        public KeyInfoConsumerConfig getSigningKeyInfo() {
            return this._signingKeyInfo;
        }

        @Override // com.ibm.ws.wssecurity.config.SignatureConsumerConfig
        public List<SigningReferenceConfig> getReferences() {
            return this._references;
        }

        @Override // com.ibm.ws.wssecurity.config.SignatureConsumerConfig
        public Map<Object, Object> getProperties() {
            return this._properties;
        }

        @Override // com.ibm.ws.wssecurity.config.SignatureConsumerConfig
        public Map<SigningReferenceConfig, List<VerifiedConfig>> getIdentityMap() {
            return this._identity;
        }

        public String toString() {
            StringBuffer append = new StringBuffer(getClass().getName()).append("(");
            append.append("canonicalizationMethod=[").append(this._canonicalizationMethod).append("], ");
            append.append("signatureMethod=[").append(this._signatureMethod).append("], ");
            append.append("keyInfoSignature=[").append(this._keyInfoSignature).append("], ");
            append.append("signingKeyInfo=[").append(this._signingKeyInfo).append("], ");
            append.append("refereces=[").append(this._references).append("], ");
            append.append("properties=[").append(this._properties).append("], ");
            append.append("isDecryptionXformEnabled=[").append(this._isDecryptionXformEnabled).append("], ");
            append.append(")");
            return append.toString();
        }

        @Override // com.ibm.ws.wssecurity.config.SignatureConsumerConfig
        public boolean isDecryptionTransformEnabled() {
            return this._isDecryptionXformEnabled;
        }
    }

    /* loaded from: input_file:lib/com.ibm.wsfp.main.jar:com/ibm/ws/wssecurity/confimpl/PrivateConsumerConfig$TimestampConsumerConfImpl.class */
    public static class TimestampConsumerConfImpl implements TimestampConsumerConfig {
        public String _actor = null;
        public int _timestampMaxAge = 300;
        public int _timestampClockSkew = 180;
        public final Map<Object, Object> _properties = new HashMap();

        @Override // com.ibm.wsspi.wssecurity.core.config.Configuration
        public void validate() throws SoapSecurityException {
        }

        @Override // com.ibm.ws.wssecurity.config.TimestampConsumerConfig
        public String getActor() {
            return this._actor;
        }

        @Override // com.ibm.ws.wssecurity.config.TimestampConsumerConfig
        public int getTimestampMaxAge() {
            return this._timestampMaxAge;
        }

        @Override // com.ibm.ws.wssecurity.config.TimestampConsumerConfig
        public int getTimestampClockSkew() {
            return this._timestampClockSkew;
        }

        @Override // com.ibm.ws.wssecurity.config.TimestampConsumerConfig
        public Map<Object, Object> getProperties() {
            return this._properties;
        }

        public String toString() {
            StringBuffer append = new StringBuffer(getClass().getName()).append("(");
            append.append("actor=[").append(this._actor).append("], ");
            append.append("timestampMaxAge=[").append(this._timestampMaxAge).append("], ");
            append.append("timestampClockSkew=[").append(this._timestampClockSkew).append("], ");
            append.append("properties=[").append(this._properties).append("]");
            append.append(")");
            return append.toString();
        }
    }

    /* loaded from: input_file:lib/com.ibm.wsfp.main.jar:com/ibm/ws/wssecurity/confimpl/PrivateConsumerConfig$TokenConsumerConfImpl.class */
    public static class TokenConsumerConfImpl implements TokenConsumerConfig {
        public String _name;
        public String _className;
        public TokenConsumerComponent _instance;
        public QName _type;
        public String _jaasConfig;
        public final Map<Object, Object> _jaasConfigProperties;
        public PrivateCommonConfig.CallbackHandlerConfImpl _callbackHandler;
        public boolean _usedForVerification;
        public boolean _usedForDecryption;
        public final Map<Object, Object> _properties;
        public PrivateCommonConfig.TokenAssertion _aTokenAssertion;
        private int _hash;
        public boolean _enforceTokenVersion;
        public boolean _certPathSettingsAcquired;
        public boolean _isDefault;

        public TokenConsumerConfImpl() {
            this._name = null;
            this._className = null;
            this._instance = null;
            this._type = null;
            this._jaasConfig = null;
            this._jaasConfigProperties = new HashMap();
            this._callbackHandler = null;
            this._usedForVerification = false;
            this._usedForDecryption = false;
            this._properties = new HashMap();
            this._aTokenAssertion = null;
            this._enforceTokenVersion = false;
            this._certPathSettingsAcquired = false;
            this._isDefault = false;
        }

        public TokenConsumerConfImpl(TokenConsumerConfImpl tokenConsumerConfImpl) {
            this._name = null;
            this._className = null;
            this._instance = null;
            this._type = null;
            this._jaasConfig = null;
            this._jaasConfigProperties = new HashMap();
            this._callbackHandler = null;
            this._usedForVerification = false;
            this._usedForDecryption = false;
            this._properties = new HashMap();
            this._aTokenAssertion = null;
            this._enforceTokenVersion = false;
            this._certPathSettingsAcquired = false;
            this._isDefault = false;
            this._name = tokenConsumerConfImpl._name;
            this._className = tokenConsumerConfImpl._className;
            this._instance = tokenConsumerConfImpl._instance;
            this._type = tokenConsumerConfImpl._type;
            this._jaasConfig = tokenConsumerConfImpl._jaasConfig;
            tokenConsumerConfImpl._jaasConfigProperties.putAll(this._jaasConfigProperties);
            this._callbackHandler = tokenConsumerConfImpl._callbackHandler;
            this._usedForVerification = tokenConsumerConfImpl._usedForVerification;
            this._usedForDecryption = tokenConsumerConfImpl._usedForDecryption;
            this._properties.putAll(tokenConsumerConfImpl._properties);
            this._hash = tokenConsumerConfImpl._hash;
            this._enforceTokenVersion = tokenConsumerConfImpl._enforceTokenVersion;
            this._certPathSettingsAcquired = tokenConsumerConfImpl._certPathSettingsAcquired;
            this._isDefault = tokenConsumerConfImpl._isDefault;
        }

        @Override // com.ibm.wsspi.wssecurity.core.config.Configuration
        public void validate() throws SoapSecurityException {
            if (PrivateConsumerConfig.tc.isEntryEnabled()) {
                Tr.entry(PrivateConsumerConfig.tc, "TokenConsumerConfImpl.validate");
            }
            if (this._instance == null) {
                throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s22", toString());
            }
            if (this._type == null) {
                throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s23", toString());
            }
            if (this._jaasConfig == null) {
                throw SoapSecurityException.format("security.wssecurity.WSEC6834E", toString());
            }
            checkSignatureTokenCertpathSettings();
            if (PrivateConsumerConfig.tc.isEntryEnabled()) {
                Tr.exit(PrivateConsumerConfig.tc, "TokenConsumerConfImpl.validate");
            }
        }

        private void checkSignatureTokenCertpathSettings() throws SoapSecurityException {
            if (PrivateConsumerConfig.tc.isEntryEnabled()) {
                Tr.entry(PrivateConsumerConfig.tc, "TokenConsumerConfImpl.checkSignatureTokenCertpathSettings");
            }
            if (PrivateConsumerConfig.tc.isDebugEnabled()) {
                Tr.debug(PrivateConsumerConfig.tc, "_name[" + this._name + "], _usedForVerification[" + this._usedForVerification + "], _certPathSettingsAcquired[" + this._certPathSettingsAcquired + "], _isDefault[" + this._isDefault + "], _type[" + this._type + "], ");
            }
            if (this._usedForVerification && !this._certPathSettingsAcquired && this._type != null && (Constants.X509V3.equals(this._type) || Constants.X509V3_OLD.equals(this._type) || Constants.PKI_PATH.equals(this._type) || Constants.PKCS7.equals(this._type))) {
                Tr.error(PrivateConsumerConfig.tc, "The token consumer '" + this._name + "' is used for Integrity and has a valueType of " + this._type + ". No certificate path settings were provided for this token consumer. This is not allowed for a " + this._type + " token used for Integrity. Certificate path settings specifying a 'Trust anchor store' or 'Trust any certificate' must be provided. The most likely cause of this error is that a callback handler was not configured for the token consumer.");
                throw new SoapSecurityException(ConfigUtil.getMessage("security.wssecurity.X509ConsumeLoginModule.s01"));
            }
            if (PrivateConsumerConfig.tc.isEntryEnabled()) {
                Tr.exit(PrivateConsumerConfig.tc, "TokenConsumerConfImpl.checkSignatureTokenCertpathSettings");
            }
        }

        public TokenConsumerComponent getInstance() {
            return this._instance;
        }

        @Override // com.ibm.wsspi.wssecurity.core.config.TokenConsumerConfig
        public QName getType() {
            return this._type;
        }

        @Override // com.ibm.wsspi.wssecurity.core.config.TokenConsumerConfig
        public String getJAASConfig() {
            return this._jaasConfig;
        }

        @Override // com.ibm.wsspi.wssecurity.core.config.TokenConsumerConfig
        public Map<Object, Object> getJAASConfigProperties() {
            return this._jaasConfigProperties;
        }

        @Override // com.ibm.wsspi.wssecurity.core.config.TokenConsumerConfig
        public CallbackHandlerConfig getCallbackHandler() {
            return this._callbackHandler;
        }

        @Override // com.ibm.wsspi.wssecurity.core.config.TokenConsumerConfig
        public boolean isUsedForVerification() {
            return this._usedForVerification;
        }

        @Override // com.ibm.wsspi.wssecurity.core.config.TokenConsumerConfig
        public boolean isUsedForDecryption() {
            return this._usedForDecryption;
        }

        @Override // com.ibm.wsspi.wssecurity.core.config.TokenConsumerConfig
        public Map<Object, Object> getProperties() {
            return this._properties;
        }

        public int hashCode() {
            if (this._hash == 0) {
                if (this._name != null) {
                    this._hash = this._name.hashCode();
                }
                if (this._className != null) {
                    this._hash = (this._hash * 31) + this._className.hashCode();
                }
                if (this._type != null) {
                    this._hash = (this._hash * 31) + this._type.hashCode();
                }
                if (this._jaasConfig != null) {
                    this._hash = (this._hash * 31) + this._jaasConfig.hashCode();
                }
                this._hash = (this._hash * 31) + this._jaasConfigProperties.hashCode();
                if (this._callbackHandler != null) {
                    this._hash = (this._hash * 31) + this._callbackHandler.hashCode();
                }
                this._hash = (this._hash * 31) + (this._usedForVerification ? 1 : 0);
                this._hash = (this._hash * 31) + (this._usedForDecryption ? 1 : 0);
                this._hash = (this._hash * 31) + this._properties.hashCode();
            }
            return this._hash;
        }

        @Override // com.ibm.wsspi.wssecurity.core.config.TokenConsumerConfig
        public boolean isEnforceTokenVersion() {
            return this._enforceTokenVersion;
        }

        public String toString() {
            StringBuffer append = new StringBuffer(getClass().getName()).append("(");
            append.append("className=[").append(this._className).append("], ");
            append.append("type=[").append(this._type).append("], ");
            append.append("jaasConfig=[").append(this._jaasConfig).append("], ");
            append.append("jaasConfigProperties=[").append(this._jaasConfigProperties).append("], ");
            append.append("callbackHandler=[").append(this._callbackHandler).append("], ");
            append.append("usedForVerification=[").append(this._usedForVerification).append("], ");
            append.append("usedForDecryption=[").append(this._usedForDecryption).append("], ");
            append.append("enforceTokenVersion=[").append(this._enforceTokenVersion).append("], ");
            append.append("certPathSettingsAcquired=[").append(this._certPathSettingsAcquired).append("], ");
            append.append("isDefault=[").append(this._isDefault).append("], ");
            append.append("properties=[").append(this._properties).append("]");
            append.append(")");
            return append.toString();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void processPrivateConfig(OMDocument oMDocument) throws SoapSecurityException {
        boolean z;
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("processPrivateConfig(");
            stringBuffer.append("OMDocument pconfig[").append(oMDocument).append("])");
            Tr.entry(tc, stringBuffer.toString());
        }
        OMElement oMDocumentElement = oMDocument.getOMDocumentElement();
        if (ConfigValidation.isFipsEnabled()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "isFipsEnabled() is true; getting FIPS algorithms");
            }
            z = true;
        } else {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "isFipsEnabled() is false; getting non-FIPS algorithms");
            }
            z = false;
        }
        ArrayList elementsByTagNameNS = DOMUtil.getElementsByTagNameNS(oMDocumentElement, Constants0.NS_PRIVATECONFIG, "Transform");
        int size = elementsByTagNameNS.size();
        for (int i = 0; i < size; i++) {
            this._allowedTransforms.add(DOMUtils.getAttribute((OMElement) elementsByTagNameNS.get(i), "algorithm"));
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Allowed Transforms:", new Object[]{this._allowedTransforms});
        }
        if (this._allowedTransforms.isEmpty()) {
            Tr.warning(tc, "security.wssecurity.PrivateGeneratorConfig.s11");
        }
        ArrayList elementsByTagNameNS2 = DOMUtil.getElementsByTagNameNS(oMDocumentElement, Constants0.NS_PRIVATECONFIG, "canonicalizationMethod");
        int size2 = elementsByTagNameNS2.size();
        for (int i2 = 0; i2 < size2; i2++) {
            this._allowedCanonicalizationMethods.add(DOMUtils.getAttribute((OMElement) elementsByTagNameNS2.get(i2), "algorithm"));
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Allowed canonicalizationMethods:", new Object[]{this._allowedCanonicalizationMethods});
        }
        if (this._allowedCanonicalizationMethods.isEmpty()) {
            Tr.warning(tc, "security.wssecurity.PrivateGeneratorConfig.s12");
        }
        ArrayList elementsByTagNameNS3 = z ? DOMUtil.getElementsByTagNameNS(oMDocumentElement, Constants0.NS_PRIVATECONFIG, "fipsSignatureMethod") : DOMUtil.getElementsByTagNameNS(oMDocumentElement, Constants0.NS_PRIVATECONFIG, "signatureMethod");
        int size3 = elementsByTagNameNS3.size();
        for (int i3 = 0; i3 < size3; i3++) {
            this._allowedSignatureMethods.add(DOMUtils.getAttribute((OMElement) elementsByTagNameNS3.get(i3), "algorithm"));
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Allowed signatureMethods:", new Object[]{this._allowedSignatureMethods});
        }
        if (this._allowedSignatureMethods.isEmpty()) {
            Tr.warning(tc, "security.wssecurity.PrivateGeneratorConfig.s13");
        }
        ArrayList elementsByTagNameNS4 = z ? DOMUtil.getElementsByTagNameNS(oMDocumentElement, Constants0.NS_PRIVATECONFIG, "fipsDigestMethod") : DOMUtil.getElementsByTagNameNS(oMDocumentElement, Constants0.NS_PRIVATECONFIG, "digestMethod");
        int size4 = elementsByTagNameNS4.size();
        for (int i4 = 0; i4 < size4; i4++) {
            this._allowedDigestMethods.add(DOMUtils.getAttribute((OMElement) elementsByTagNameNS4.get(i4), "algorithm"));
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Allowed digestMethods:", new Object[]{this._allowedDigestMethods});
        }
        if (this._allowedDigestMethods.isEmpty()) {
            Tr.warning(tc, "security.wssecurity.PrivateGeneratorConfig.s14");
        }
        ArrayList elementsByTagNameNS5 = z ? DOMUtil.getElementsByTagNameNS(oMDocumentElement, Constants0.NS_PRIVATECONFIG, "fipsEncryptionMethod") : DOMUtil.getElementsByTagNameNS(oMDocumentElement, Constants0.NS_PRIVATECONFIG, "encryptionMethod");
        int size5 = elementsByTagNameNS5.size();
        for (int i5 = 0; i5 < size5; i5++) {
            this._allowedDataEncryptionMethods.add(DOMUtils.getAttribute((OMElement) elementsByTagNameNS5.get(i5), "algorithm"));
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Allowed encryptionMethods:", new Object[]{this._allowedDataEncryptionMethods});
        }
        if (this._allowedDataEncryptionMethods.isEmpty()) {
            Tr.warning(tc, "security.wssecurity.PrivateGeneratorConfig.s15");
        }
        ArrayList elementsByTagNameNS6 = z ? DOMUtil.getElementsByTagNameNS(oMDocumentElement, Constants0.NS_PRIVATECONFIG, "fipsKeyEncryptionMethod") : DOMUtil.getElementsByTagNameNS(oMDocumentElement, Constants0.NS_PRIVATECONFIG, "keyEncryptionMethod");
        int size6 = elementsByTagNameNS6.size();
        for (int i6 = 0; i6 < size6; i6++) {
            String attribute = DOMUtils.getAttribute((OMElement) elementsByTagNameNS6.get(i6), "algorithm");
            if (ConfigValidation.isAlgoSupportedByRuntime(attribute)) {
                this._allowedKeyEncryptionMethods.add(attribute);
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Allowed keyEncryptionMethods:", new Object[]{this._allowedKeyEncryptionMethods});
        }
        if (this._allowedKeyEncryptionMethods.isEmpty()) {
            Tr.warning(tc, "security.wssecurity.PrivateGeneratorConfig.s16");
        }
        ArrayList elementsByTagNameNS7 = DOMUtil.getElementsByTagNameNS(oMDocumentElement, Constants0.NS_PRIVATECONFIG, "KeyInfoContentConsumer");
        int size7 = elementsByTagNameNS7.size();
        for (int i7 = 0; i7 < size7; i7++) {
            this._defaultKeyInfoContentConsumers.add(DOMUtils.getAttribute((OMElement) elementsByTagNameNS7.get(i7), com.ibm.wsspi.websvcs.Constants.ATTR_CLASS));
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Default KeyInfoContentConsumer:", new Object[]{this._defaultKeyInfoContentConsumers});
        }
        if (this._defaultKeyInfoContentConsumers.isEmpty()) {
            Tr.warning(tc, "security.wssecurity.WSEC6711W");
        }
        ArrayList elementsByTagNameNS8 = DOMUtil.getElementsByTagNameNS(oMDocumentElement, Constants0.NS_PRIVATECONFIG, "TokenConsumer");
        int size8 = elementsByTagNameNS8.size();
        for (int i8 = 0; i8 < size8; i8++) {
            this._defaultTokenConsumers.add(DOMUtils.getAttribute((OMElement) elementsByTagNameNS8.get(i8), com.ibm.wsspi.websvcs.Constants.ATTR_CLASS));
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Default TokenConsumer:", new Object[]{this._defaultTokenConsumers});
        }
        if (this._defaultTokenConsumers.isEmpty()) {
            Tr.warning(tc, "security.wssecurity.WSEC6712W");
        }
        ArrayList elementsByTagNameNS9 = DOMUtil.getElementsByTagNameNS(oMDocumentElement, Constants0.NS_PRIVATECONFIG, "JAASConfig");
        int size9 = elementsByTagNameNS9.size();
        for (int i9 = 0; i9 < size9; i9++) {
            this._defaultJAASConfigs.add(DOMUtils.getAttribute((OMElement) elementsByTagNameNS9.get(i9), "name"));
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Default JAAS configuration:", new Object[]{this._defaultJAASConfigs});
        }
        if (this._defaultJAASConfigs.isEmpty()) {
            Tr.warning(tc, "security.wssecurity.WSEC6713W");
        }
        ArrayList elementsByTagNameNS10 = DOMUtil.getElementsByTagNameNS(oMDocumentElement, Constants0.NS_PRIVATECONFIG, "CallbackHandler");
        for (int i10 = 0; i10 < elementsByTagNameNS10.size(); i10++) {
            this._defaultCallbackHandlers.add(DOMUtils.getAttribute((OMElement) elementsByTagNameNS10.get(i10), com.ibm.wsspi.websvcs.Constants.ATTR_CLASS));
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Default CallbackHandler:", new Object[]{this._defaultCallbackHandlers});
        }
        if (this._defaultCallbackHandlers.isEmpty()) {
            Tr.warning(tc, "security.wssecurity.WSEC6717W");
        }
        ArrayList elementsByTagNameNS11 = DOMUtil.getElementsByTagNameNS(oMDocumentElement, Constants0.NS_PRIVATECONFIG, "KeyLocator");
        int size10 = elementsByTagNameNS11.size();
        for (int i11 = 0; i11 < size10; i11++) {
            this._defaultKeyLocators.add(DOMUtils.getAttribute((OMElement) elementsByTagNameNS11.get(i11), com.ibm.wsspi.websvcs.Constants.ATTR_CLASS));
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Default KeyLocator:", new Object[]{this._defaultKeyLocators});
        }
        if (this._defaultKeyLocators.isEmpty()) {
            Tr.warning(tc, "security.wssecurity.WSEC6714W");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "processPrivateConfig(Document pconfig)");
        }
    }

    @Override // com.ibm.wsspi.wssecurity.core.config.Configuration
    public void validate() throws SoapSecurityException {
        validate(false, false, null);
    }

    public void validate(boolean z, Map<String, TokenConsumerConfig> map) throws SoapSecurityException {
        validate(z, false, map);
    }

    public void validate(boolean z, boolean z2, Map<String, TokenConsumerConfig> map) throws SoapSecurityException {
        String str;
        TokenConsumerConfig tokenConsumer;
        TokenConsumerConfig tokenConsumer2;
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("validate(");
            stringBuffer.append("boolean defaultConfig[").append(z).append("], ");
            stringBuffer.append("boolean defaultTokenConsumer[").append(z2).append("], ");
            stringBuffer.append("Map nameToken[").append(map).append("])");
            Tr.entry(tc, stringBuffer.toString());
        }
        Iterator<ReferencePartConfig> it = this._requiredIntegralParts.iterator();
        while (it.hasNext()) {
            int i = 0;
            int i2 = 0;
            int i3 = 0;
            PrivateCommonConfig.ReferencePartConfImpl referencePartConfImpl = (PrivateCommonConfig.ReferencePartConfImpl) it.next();
            referencePartConfImpl.validate();
            Iterator<ReferencePartConfig.PartConfig> it2 = referencePartConfImpl._parts.iterator();
            while (it2.hasNext()) {
                PrivateCommonConfig.PartConfImpl partConfImpl = (PrivateCommonConfig.PartConfImpl) it2.next();
                partConfImpl.validate();
                if (partConfImpl.isNonce()) {
                    i2++;
                } else if (partConfImpl.isTimestamp()) {
                    i3++;
                } else {
                    i++;
                }
                String str2 = partConfImpl._dialect;
                String str3 = partConfImpl._keyword;
                if (Constants.DIALECT_WAS.equals(str2)) {
                    int isIntegralWASDialect = ConfigUtil.isIntegralWASDialect(str3);
                    if (isIntegralWASDialect == 1) {
                        if (partConfImpl.isTimestamp()) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "In the bindings, the message part reference being processed has 'Include Timestamp' selected.  In the policy, that message part has an XPath expression to the Timesamp element.  This is not allowed.  Either remove the Timestamp XPath expression from the message part in the policy, or the Timestamp selection from the message part reference in the binding.");
                            }
                            throw SoapSecurityException.format("security.wssecurity.TimestampGenerator.s03");
                        }
                    } else if (isIntegralWASDialect < 0) {
                        throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s03", str3, partConfImpl.toString());
                    }
                } else if (Constants.DIALECT_XPATH.equals(str2)) {
                    if (str3 == null) {
                        throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s04", PolicyAttributesConstants.SIGNED_ELEMENTS);
                    }
                } else {
                    if (!Constants.DIALECT_HEADER.equals(str2)) {
                        throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s05", str2, partConfImpl.toString());
                    }
                    if (partConfImpl._headerNamespace == null) {
                        throw SoapSecurityException.format("security.wssecurity.PrivateCommonConfig.s20", toString());
                    }
                }
            }
            if (i2 > 0 || i3 > 0) {
                if (i <= 0) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "In the bindings, the message part reference being processed has 'Include Timestamp' or 'Include Nonce' selected.  In the policy, that message part has no message elements defined to be signed/encrypted.  This is not allowed.  Either add elements to the part in the policy, or remove the Timestamp/Nonce selections from the part reference in the binding.");
                    }
                    throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s36");
                }
            }
        }
        Iterator<ReferencePartConfig> it3 = this._requiredConfidentialParts.iterator();
        while (it3.hasNext()) {
            int i4 = 0;
            int i5 = 0;
            int i6 = 0;
            PrivateCommonConfig.ReferencePartConfImpl referencePartConfImpl2 = (PrivateCommonConfig.ReferencePartConfImpl) it3.next();
            referencePartConfImpl2.validate();
            Iterator<ReferencePartConfig.PartConfig> it4 = referencePartConfImpl2._parts.iterator();
            while (it4.hasNext()) {
                PrivateCommonConfig.PartConfImpl partConfImpl2 = (PrivateCommonConfig.PartConfImpl) it4.next();
                partConfImpl2.validate();
                if (partConfImpl2.isNonce()) {
                    i5++;
                } else if (partConfImpl2.isTimestamp()) {
                    i6++;
                } else {
                    i4++;
                }
                String str4 = partConfImpl2._dialect;
                String str5 = partConfImpl2._keyword;
                if (Constants.DIALECT_WAS.equals(str4)) {
                    if (ConfigUtil.isConfidentialWASDialect(str5) < 0) {
                        throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s03", str5, partConfImpl2.toString());
                    }
                } else if (Constants.DIALECT_XPATH.equals(str4)) {
                    if (str5 == null) {
                        throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s04", PolicyAttributesConstants.ENCRYPTED_ELEMENTS);
                    }
                } else {
                    if (!Constants.DIALECT_HEADER.equals(str4)) {
                        throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s05", str4, partConfImpl2.toString());
                    }
                    if (partConfImpl2._headerNamespace == null) {
                        throw SoapSecurityException.format("security.wssecurity.PrivateCommonConfig.s20", toString());
                    }
                }
            }
            if (i5 > 0 || i6 > 0) {
                if (i4 <= 0) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "In the bindings, the message part reference being processed has 'Include Timestamp' or 'Include Nonce' selected.  In the policy, that message part has no message elements defined to be signed/encrypted.  This is not allowed.  Either add elements to the part in the policy, or remove the Timestamp/Nonce selections from the part reference in the binding.");
                    }
                    throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s36");
                }
            }
        }
        Iterator<TokenConsumerConfig> it5 = this._tokenConsumers.iterator();
        while (it5.hasNext()) {
            TokenConsumerConfImpl tokenConsumerConfImpl = (TokenConsumerConfImpl) it5.next();
            String isJaasConfigOurs = GetJAASConfigInfo.isJaasConfigOurs(tokenConsumerConfImpl.getJAASConfig());
            if (isJaasConfigOurs != null) {
                tokenConsumerConfImpl._properties.put(Constants.OUR_LOGIN_CONFIG, isJaasConfigOurs);
            }
        }
        boolean z3 = false;
        boolean z4 = false;
        Iterator<TokenConsumerConfig> it6 = this._tokenConsumers.iterator();
        while (it6.hasNext()) {
            TokenConsumerConfImpl tokenConsumerConfImpl2 = (TokenConsumerConfImpl) it6.next();
            QName type = tokenConsumerConfImpl2.getType();
            if (Constants.UNTOKEN.equals(type) || Constants.UNTOKEN_11.equals(type)) {
                if (tokenConsumerConfImpl2.getProperties().get(Constants.OUR_LOGIN_CONFIG) != null) {
                    if (ConfigUtil.isTrue((String) tokenConsumerConfImpl2.getCallbackHandler().getProperties().get(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_USE_IDASSERTION))) {
                        tokenConsumerConfImpl2._properties.put(Constants.UNT_CONSUMER_IS_IDA, "true");
                        z4 = true;
                    } else {
                        z3 = true;
                    }
                }
            }
        }
        if (z4 && z3) {
            this._untOptimize = true;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "_untOptimize=" + this._untOptimize);
        }
        if (z || z2) {
            HashMap hashMap = new HashMap();
            Iterator<TokenConsumerConfig> it7 = this._tokenConsumers.iterator();
            while (it7.hasNext()) {
                TokenConsumerConfImpl tokenConsumerConfImpl3 = (TokenConsumerConfImpl) it7.next();
                hashMap.put(tokenConsumerConfImpl3.getType(), tokenConsumerConfImpl3);
            }
            Iterator<TokenConsumerConfig> it8 = this._requiredSecurityTokens.iterator();
            while (it8.hasNext()) {
                TokenConsumerConfImpl tokenConsumerConfImpl4 = (TokenConsumerConfImpl) it8.next();
                QName type2 = tokenConsumerConfImpl4.getType();
                if (((TokenConsumerConfImpl) hashMap.get(type2)) == null) {
                    throw SoapSecurityException.format("security.wssecurity.WSEC6819E", tokenConsumerConfImpl4._name, type2.toString());
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Found token consumer of type [" + type2 + "].");
                }
            }
        } else {
            Iterator<TokenConsumerConfig> it9 = this._requiredSecurityTokens.iterator();
            while (it9.hasNext()) {
                TokenConsumerConfImpl tokenConsumerConfImpl5 = (TokenConsumerConfImpl) it9.next();
                if (!this._tokenConsumers.contains(tokenConsumerConfImpl5)) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Could NOT find token consumer [" + tokenConsumerConfImpl5 + "].");
                    }
                    throw SoapSecurityException.format("security.wssecurity.WSEC6820E", tokenConsumerConfImpl5._name);
                }
            }
        }
        Iterator<SignatureConsumerConfig> it10 = this._signatureConsumers.iterator();
        while (it10.hasNext()) {
            SignatureConsumerConfImpl signatureConsumerConfImpl = (SignatureConsumerConfImpl) it10.next();
            signatureConsumerConfImpl.validate(z);
            List<KeyInfoContentConsumerConfig> contentConsumers = signatureConsumerConfImpl.getSigningKeyInfo().getContentConsumers();
            if (contentConsumers != null) {
                for (int i7 = 0; i7 < contentConsumers.size(); i7++) {
                    KeyInfoContentConsumerConfig keyInfoContentConsumerConfig = contentConsumers.get(i7);
                    if (keyInfoContentConsumerConfig != null && (tokenConsumer2 = keyInfoContentConsumerConfig.getTokenConsumer()) != null) {
                        QName type3 = tokenConsumer2.getType();
                        if (this._symmetricBinding) {
                            if (this._symmetricSignatureTokenAssertion != null && type3 != null && !type3.equals(this._symmetricSignatureTokenAssertion.getTokenType())) {
                                Tr.error(tc, "security.wssecurity.PrivateConsumerConfig.s41", new Object[]{type3.toString()});
                                throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s41", type3.toString());
                            }
                        } else if (this._request) {
                            int indexOf = this._initiatorSignatureTokenQNames.indexOf(type3);
                            if (indexOf < 0) {
                                indexOf = this._initiatorTokenQNames.indexOf(type3);
                            }
                            if (indexOf < 0) {
                                Tr.error(tc, "security.wssecurity.PrivateConsumerConfig.s41", new Object[]{type3.toString()});
                                throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s41", type3.toString());
                            }
                        } else {
                            int indexOf2 = this._recipientSignatureTokenQNames.indexOf(type3);
                            if (indexOf2 < 0) {
                                indexOf2 = this._recipientTokenQNames.indexOf(type3);
                            }
                            if (indexOf2 < 0) {
                                Tr.error(tc, "security.wssecurity.PrivateConsumerConfig.s41", new Object[]{type3.toString()});
                                throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s41", type3.toString());
                            }
                        }
                    }
                }
            }
            PrivateCommonConfig.AlgorithmConfImpl algorithmConfImpl = signatureConsumerConfImpl._canonicalizationMethod;
            if (algorithmConfImpl != null) {
                algorithmConfImpl.validate();
                if (!this._allowedCanonicalizationMethods.contains(algorithmConfImpl._algorithm)) {
                    throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s08", algorithmConfImpl._algorithm);
                }
            }
            PrivateCommonConfig.AlgorithmConfImpl algorithmConfImpl2 = signatureConsumerConfImpl._signatureMethod;
            if (algorithmConfImpl2 != null) {
                algorithmConfImpl2.validate();
                if (!this._allowedSignatureMethods.contains(algorithmConfImpl2._algorithm)) {
                    throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s09", algorithmConfImpl2._algorithm);
                }
            }
            Iterator<SigningReferenceConfig> it11 = signatureConsumerConfImpl.getReferences().iterator();
            while (it11.hasNext()) {
                PrivateCommonConfig.SigningReferenceConfImpl signingReferenceConfImpl = (PrivateCommonConfig.SigningReferenceConfImpl) it11.next();
                signingReferenceConfImpl.validate();
                PrivateCommonConfig.AlgorithmConfImpl algorithmConfImpl3 = signingReferenceConfImpl._digestMethod;
                if (algorithmConfImpl3 != null) {
                    algorithmConfImpl3.validate();
                    if (!this._allowedDigestMethods.contains(algorithmConfImpl3._algorithm)) {
                        throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s11", algorithmConfImpl3._algorithm);
                    }
                }
                Iterator<AlgorithmConfig> it12 = signingReferenceConfImpl.getTransforms().iterator();
                while (it12.hasNext()) {
                    PrivateCommonConfig.AlgorithmConfImpl algorithmConfImpl4 = (PrivateCommonConfig.AlgorithmConfImpl) it12.next();
                    algorithmConfImpl4.validate();
                    if (!this._allowedTransforms.contains(algorithmConfImpl4._algorithm)) {
                        throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s12", algorithmConfImpl4._algorithm);
                    }
                    if (DecryptionTransformer.XML2.equals(algorithmConfImpl4._algorithm)) {
                        signatureConsumerConfImpl._isDecryptionXformEnabled = true;
                    } else if ("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform".equals(algorithmConfImpl4._algorithm)) {
                    }
                }
            }
            KeyInfoConsumerConfImpl keyInfoConsumerConfImpl = signatureConsumerConfImpl._signingKeyInfo;
            keyInfoConsumerConfImpl.validate();
            Iterator<KeyInfoContentConsumerConfig> it13 = keyInfoConsumerConfImpl._contentConsumers.iterator();
            while (it13.hasNext()) {
                ((KeyInfoContentConsumerConfImpl) it13.next()).validate();
            }
            checkIdentity(signatureConsumerConfImpl, this._signatureConsumers);
        }
        if (this._signatureConsumers.size() > 1) {
            Iterator<SignatureConsumerConfig> it14 = this._signatureConsumers.iterator();
            while (it14.hasNext()) {
                SignatureConsumerConfImpl signatureConsumerConfImpl2 = (SignatureConsumerConfImpl) it14.next();
                KeyInfoConsumerConfImpl keyInfoConsumerConfImpl2 = signatureConsumerConfImpl2._signingKeyInfo;
                Iterator<SignatureConsumerConfig> it15 = this._signatureConsumers.iterator();
                while (it15.hasNext()) {
                    SignatureConsumerConfImpl signatureConsumerConfImpl3 = (SignatureConsumerConfImpl) it15.next();
                    if (!signatureConsumerConfImpl2.equals(signatureConsumerConfImpl3)) {
                        keyInfoConsumerConfImpl2._otherContentConsumers.addAll(signatureConsumerConfImpl3._signingKeyInfo._contentConsumers);
                    }
                }
            }
        }
        Iterator<EncryptionConsumerConfig> it16 = this._encryptionConsumers.iterator();
        while (it16.hasNext()) {
            EncryptionConsumerConfImpl encryptionConsumerConfImpl = (EncryptionConsumerConfImpl) it16.next();
            encryptionConsumerConfImpl.validate(z);
            List<KeyInfoContentConsumerConfig> contentConsumers2 = encryptionConsumerConfImpl.getEncryptionKeyInfo().getContentConsumers();
            if (contentConsumers2 != null) {
                for (int i8 = 0; i8 < contentConsumers2.size(); i8++) {
                    KeyInfoContentConsumerConfig keyInfoContentConsumerConfig2 = contentConsumers2.get(i8);
                    if (keyInfoContentConsumerConfig2 != null && (tokenConsumer = keyInfoContentConsumerConfig2.getTokenConsumer()) != null) {
                        QName type4 = tokenConsumer.getType();
                        if (this._symmetricBinding) {
                            if (this._symmetricEncryptionTokenAssertion != null && type4 != null && !type4.equals(this._symmetricEncryptionTokenAssertion.getTokenType())) {
                                Tr.error(tc, "security.wssecurity.PrivateConsumerConfig.s42", new Object[]{type4.toString()});
                                throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s42", type4.toString());
                            }
                        } else if (this._request) {
                            int indexOf3 = this._recipientEncryptionTokenQNames.indexOf(type4);
                            if (indexOf3 < 0) {
                                indexOf3 = this._recipientTokenQNames.indexOf(type4);
                            }
                            if (indexOf3 < 0) {
                                Tr.error(tc, "security.wssecurity.PrivateConsumerConfig.s42", new Object[]{type4.toString()});
                                throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s42", type4.toString());
                            }
                        } else {
                            int indexOf4 = this._initiatorEncryptionTokenQNames.indexOf(type4);
                            if (indexOf4 < 0) {
                                indexOf4 = this._initiatorTokenQNames.indexOf(type4);
                            }
                            if (indexOf4 < 0) {
                                Tr.error(tc, "security.wssecurity.PrivateConsumerConfig.s42", new Object[]{type4.toString()});
                                throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s42", type4.toString());
                            }
                        }
                    }
                }
            }
            PrivateCommonConfig.AlgorithmConfImpl algorithmConfImpl5 = encryptionConsumerConfImpl._dataEncryptionMethod;
            algorithmConfImpl5.validate();
            if (!this._allowedDataEncryptionMethods.contains(algorithmConfImpl5._algorithm)) {
                throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s14", algorithmConfImpl5._algorithm);
            }
            PrivateCommonConfig.AlgorithmConfImpl algorithmConfImpl6 = encryptionConsumerConfImpl._keyEncryptionMethod;
            if (algorithmConfImpl6 != null) {
                algorithmConfImpl6.validate();
                if (!this._allowedKeyEncryptionMethods.contains(algorithmConfImpl6._algorithm)) {
                    throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s15", algorithmConfImpl6._algorithm);
                }
            }
            KeyInfoConsumerConfImpl keyInfoConsumerConfImpl3 = encryptionConsumerConfImpl._encryptionKeyInfo;
            keyInfoConsumerConfImpl3.validate();
            Iterator<KeyInfoContentConsumerConfig> it17 = keyInfoConsumerConfImpl3._contentConsumers.iterator();
            while (it17.hasNext()) {
                ((KeyInfoContentConsumerConfImpl) it17.next()).validate();
            }
            checkIdentity(encryptionConsumerConfImpl, this._encryptionConsumers);
        }
        if (this._encryptionConsumers.size() > 1) {
            Iterator<EncryptionConsumerConfig> it18 = this._encryptionConsumers.iterator();
            while (it18.hasNext()) {
                EncryptionConsumerConfImpl encryptionConsumerConfImpl2 = (EncryptionConsumerConfImpl) it18.next();
                KeyInfoConsumerConfImpl keyInfoConsumerConfImpl4 = encryptionConsumerConfImpl2._encryptionKeyInfo;
                Iterator<EncryptionConsumerConfig> it19 = this._encryptionConsumers.iterator();
                while (it19.hasNext()) {
                    EncryptionConsumerConfImpl encryptionConsumerConfImpl3 = (EncryptionConsumerConfImpl) it19.next();
                    if (!encryptionConsumerConfImpl2.equals(encryptionConsumerConfImpl3)) {
                        keyInfoConsumerConfImpl4._otherContentConsumers.addAll(encryptionConsumerConfImpl3._encryptionKeyInfo._contentConsumers);
                    }
                }
            }
        }
        Iterator<TokenConsumerConfig> it20 = this._tokenConsumers.iterator();
        while (it20.hasNext()) {
            TokenConsumerConfImpl tokenConsumerConfImpl6 = (TokenConsumerConfImpl) it20.next();
            tokenConsumerConfImpl6.validate();
            PrivateCommonConfig.CallbackHandlerConfImpl callbackHandlerConfImpl = tokenConsumerConfImpl6._callbackHandler;
            if (callbackHandlerConfImpl != null) {
                callbackHandlerConfImpl.validate();
                PrivateCommonConfig.KeyStoreConfImpl keyStoreConfImpl = callbackHandlerConfImpl._keyStore;
                if (keyStoreConfImpl != null) {
                    keyStoreConfImpl.validate();
                }
                PrivateCommonConfig.KeyInformationConfImpl keyInformationConfImpl = callbackHandlerConfImpl._keyInformation;
                if (keyInformationConfImpl != null) {
                    keyInformationConfImpl.validate();
                }
                PrivateCommonConfig.KeyStoreConfImpl keyStoreConfImpl2 = callbackHandlerConfImpl._trustAnchor;
                if (keyStoreConfImpl2 != null) {
                    keyStoreConfImpl2.validate();
                }
            }
            if (this._requiredSecurityTokens.contains(tokenConsumerConfImpl6)) {
                if (tokenConsumerConfImpl6._usedForVerification) {
                    throw SoapSecurityException.format("security.wssecurity.WSEC6821E", tokenConsumerConfImpl6._name);
                }
                if (tokenConsumerConfImpl6._usedForDecryption) {
                    throw SoapSecurityException.format("security.wssecurity.WSEC6822E", tokenConsumerConfImpl6._name);
                }
            }
        }
        if (this._timestampConsumer != null) {
            this._timestampConsumer.validate();
            String str6 = (String) this._timestampConsumer._properties.get(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_TIMESTAMP_DIALECT);
            if (str6 != null && Constants.DIALECT_WAS.equals(str6) && (str = (String) this._timestampConsumer._properties.get(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_TIMESTAMP_KEYWORD)) != null && ConfigUtil.isTimestampWASDialect(str) < 0) {
                throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s03", str, this._timestampConsumer.toString());
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "validate(boolean, Map)");
        }
    }

    @Override // com.ibm.ws.wssecurity.config.WSSConsumerConfig
    public String getMyActor() {
        return this._myActor;
    }

    @Override // com.ibm.ws.wssecurity.config.WSSConsumerConfig
    public boolean isUltimateReceiver() {
        return this._ultimateReceiver;
    }

    @Override // com.ibm.ws.wssecurity.config.WSSConsumerConfig
    public boolean isNonceCacheDistributed() {
        return this._nonceCacheDistributed;
    }

    @Override // com.ibm.ws.wssecurity.config.WSSConsumerConfig
    public Set<String> getAllowedTransforms() {
        return this._allowedTransforms;
    }

    @Override // com.ibm.ws.wssecurity.config.WSSConsumerConfig
    public Set<String> getAllowedCanonicalizationMethods() {
        return this._allowedCanonicalizationMethods;
    }

    @Override // com.ibm.ws.wssecurity.config.WSSConsumerConfig
    public Set<String> getAllowedSignatureMethods() {
        return this._allowedSignatureMethods;
    }

    @Override // com.ibm.ws.wssecurity.config.WSSConsumerConfig
    public Set<String> getAllowedDigestMethods() {
        return this._allowedDigestMethods;
    }

    @Override // com.ibm.ws.wssecurity.config.WSSConsumerConfig
    public Set<String> getAllowedDataEncryptionMethods() {
        return this._allowedDataEncryptionMethods;
    }

    @Override // com.ibm.ws.wssecurity.config.WSSConsumerConfig
    public Set<String> getAllowedKeyEncryptionMethods() {
        return this._allowedKeyEncryptionMethods;
    }

    @Override // com.ibm.ws.wssecurity.config.WSSConsumerConfig
    public WSSAlgorithmFactory getAlgorithmFactory() {
        return this._algorithmFactory;
    }

    @Override // com.ibm.ws.wssecurity.config.WSSConsumerConfig
    public boolean isVerificationRequired() {
        return this._verificationRequired;
    }

    @Override // com.ibm.ws.wssecurity.config.WSSConsumerConfig
    public boolean isDecryptionRequired() {
        return this._decryptionRequired;
    }

    @Override // com.ibm.ws.wssecurity.config.WSSConsumerConfig
    public boolean isTokenRequired() {
        return this._tokenRequired;
    }

    @Override // com.ibm.ws.wssecurity.config.WSSConsumerConfig
    public boolean isLoginRequired() {
        return this._loginRequired;
    }

    @Override // com.ibm.ws.wssecurity.config.WSSConsumerConfig
    public boolean isTimestampRequired() {
        return this._timestampRequired;
    }

    @Override // com.ibm.ws.wssecurity.config.WSSConsumerConfig
    public Set<ReferencePartConfig> getRequiredIntegralParts() {
        return this._requiredIntegralParts;
    }

    @Override // com.ibm.ws.wssecurity.config.WSSConsumerConfig
    public Set<ReferencePartConfig> getRequiredConfidentialParts() {
        return this._requiredConfidentialParts;
    }

    @Override // com.ibm.ws.wssecurity.config.WSSConsumerConfig
    public Set<TokenConsumerConfig> getRequiredSecurityTokens() {
        return this._requiredSecurityTokens;
    }

    @Override // com.ibm.ws.wssecurity.config.WSSConsumerConfig
    public List<CallerConfig> getCallers() {
        return this._callers;
    }

    @Override // com.ibm.ws.wssecurity.config.WSSConsumerConfig
    public Set<SignatureConsumerConfig> getSignatureConsumers() {
        return this._signatureConsumers;
    }

    @Override // com.ibm.ws.wssecurity.config.WSSConsumerConfig
    public Set<EncryptionConsumerConfig> getEncryptionConsumers() {
        return this._encryptionConsumers;
    }

    @Override // com.ibm.ws.wssecurity.config.WSSConsumerConfig
    public Set<TokenConsumerConfig> getTokenConsumers() {
        return this._tokenConsumers;
    }

    @Override // com.ibm.ws.wssecurity.config.WSSConsumerConfig
    public TimestampConsumerConfig getTimestampConsumer() {
        return this._timestampConsumer;
    }

    @Override // com.ibm.ws.wssecurity.config.WSSConsumerConfig
    public NonceManager getNonceManager() {
        return this._nonceManager;
    }

    @Override // com.ibm.ws.wssecurity.config.WSSConsumerConfig
    public CertCacheManager getCertManager() {
        return this._certManager;
    }

    @Override // com.ibm.ws.wssecurity.config.WSSConsumerConfig
    public int getTimestampMaxAge() {
        return this._timestampMaxAge;
    }

    @Override // com.ibm.ws.wssecurity.config.WSSConsumerConfig
    public int getTimestampClockSkew() {
        return this._timestampClockSkew;
    }

    @Override // com.ibm.ws.wssecurity.config.WSSConsumerConfig
    public boolean isUserDefinedComponentsUsed() {
        return this._userDefinedComponentsUsed;
    }

    @Override // com.ibm.ws.wssecurity.config.WSSConsumerConfig
    public boolean getUntOptimize() {
        return this._untOptimize;
    }

    @Override // com.ibm.ws.wssecurity.config.WSSConsumerConfig
    public boolean getSkipOperationLevelPolicyCheck() {
        return this._skipOperationLevelPolicyCheck;
    }

    @Override // com.ibm.ws.wssecurity.config.WSSConsumerConfig
    public boolean getUseSoap12FaultCodes() {
        return this._useSoap12FaultCodes;
    }

    @Override // com.ibm.ws.wssecurity.config.WSSConsumerConfig
    public boolean getBypassSecurityHeaderSetting() {
        return this._bypassHeader;
    }

    @Override // com.ibm.ws.wssecurity.config.WSSConsumerConfig
    public boolean getUseOldEnvelopedSig() {
        return this._useOldEnvelopedSig;
    }

    @Override // com.ibm.ws.wssecurity.config.WSSConsumerConfig
    public boolean getExportAsSamlToken() {
        return this._exportAsSamlToken;
    }

    @Override // com.ibm.ws.wssecurity.config.WSSConsumerConfig
    public boolean isInboundTimestampRequired() {
        boolean z = this._inboundTimestampReqProp && this._timestampRequired;
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "isInboundTimestampRequired returns " + z);
        }
        return z;
    }

    public boolean getInboundTimestampRequiredProp() {
        return this._inboundTimestampReqProp;
    }

    @Override // com.ibm.ws.wssecurity.config.WSSConsumerConfig
    public boolean isRemoveSensitiveUserData() {
        boolean z = this._removePrivateData;
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "isRemoveSensitiveUserData " + z);
        }
        return z;
    }

    @Override // com.ibm.ws.wssecurity.config.WSSConsumerConfig
    public boolean isRemoveAuxiliarySecurityTokens() {
        boolean z = this._removeAuxiliarySecurityTokens;
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "isRemoveAuxiliarySecurityTokens returns " + z);
        }
        return z;
    }

    @Override // com.ibm.ws.wssecurity.config.WSSConsumerConfig
    public Map<Object, Object> getProperties() {
        return this._properties;
    }

    @Override // com.ibm.ws.wssecurity.config.WSSConsumerConfig
    public boolean isCallerOrderEnforced() {
        return this._isOrderEnforced;
    }

    @Override // com.ibm.ws.wssecurity.config.WSSConsumerConfig
    public boolean bodyMustBeSignedAndEncrypted() {
        if (this._bodyMustBeSignedAndEncrypted != null) {
            return Boolean.TRUE.equals(this._bodyMustBeSignedAndEncrypted);
        }
        boolean z = false;
        boolean z2 = false;
        Iterator<ReferencePartConfig> it = getRequiredConfidentialParts().iterator();
        loop0: while (true) {
            if (!it.hasNext()) {
                break;
            }
            for (ReferencePartConfig.PartConfig partConfig : it.next().getParts()) {
                if (Constants.DIALECT_WAS.equals(partConfig.getDialect()) && ConfidentialDialectElementSelector.WASDIALECTS[0].equals(partConfig.getKeyword())) {
                    z = true;
                    break loop0;
                }
            }
        }
        Iterator<ReferencePartConfig> it2 = getRequiredIntegralParts().iterator();
        loop2: while (true) {
            if (!it2.hasNext()) {
                break;
            }
            for (ReferencePartConfig.PartConfig partConfig2 : it2.next().getParts()) {
                if (Constants.DIALECT_WAS.equals(partConfig2.getDialect()) && IntegralDialectElementSelector.WASDIALECTS[0].equals(partConfig2.getKeyword())) {
                    z2 = true;
                    break loop2;
                }
            }
        }
        if (z && z2) {
            this._bodyMustBeSignedAndEncrypted = Boolean.TRUE;
            return true;
        }
        this._bodyMustBeSignedAndEncrypted = Boolean.FALSE;
        return false;
    }

    @Override // com.ibm.ws.wssecurity.config.WSSConsumerConfig
    public Object getProperty(Object obj) {
        if (this._properties != null) {
            return this._properties.get(obj);
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void inspectGeneralProperties() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "inspectGeneralProperties");
        }
        this._skipOperationLevelPolicyCheck = !ConfigUtil.getIsFalseProperty(this._properties, com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_CHECK_OPERATION_LEVEL_POLICIES);
        this._algorithmFactory.setCheckHMACOutputLength(ConfigUtil.getIsFalseProperty(this._properties, com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_CHECK_HMAC_OUTPUT_LENGTH));
        this._bypassHeader = ConfigUtil.getIsTrueProperty(this._properties, com.ibm.wsspi.wssecurity.core.Constants.BYPASS_HEADER);
        this._inboundTimestampReqProp = ConfigUtil.getIsFalseProperty(this._properties, "com.ibm.wsspi.wssecurity.consumer.timestampRequired");
        this._removePrivateData = ConfigUtil.getIsFalseProperty(this._properties, com.ibm.wsspi.wssecurity.core.Constants.REMOVE_SENSITIVE_USER_DATA);
        this._removeAuxiliarySecurityTokens = ConfigUtil.getIsFalseProperty(this._properties, com.ibm.wsspi.wssecurity.core.Constants.REMOVE_AUXILIARY_SECURITY_TOKEN);
        this._useSoap12FaultCodes = ConfigUtil.getIsFalseProperty(this._properties, "com.ibm.wsspi.wssecurity.login.useSoap12FaultCodes");
        this._useOldEnvelopedSig = ConfigUtil.getIsTrueProperty(this._properties, OLD_ENVELOPED_SIG);
        this._exportAsSamlToken = ConfigUtil.getIsTrueProperty(this._properties, "com.ibm.wsspi.wssecurity.wsdlexport.exportAsSamlToken");
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "inspectGeneralProperties");
        }
    }

    public String toString() {
        StringBuffer append = new StringBuffer(getClass().getName()).append("(");
        append.append("myActor=[").append(this._myActor).append("], ");
        append.append("ultimateReceiver=[").append(this._ultimateReceiver).append("], ");
        append.append("nonceCacheDistributed=[").append(this._nonceCacheDistributed).append("], ");
        append.append("allowedTransforms=[").append(this._allowedTransforms).append("], ");
        append.append("allowedCanonicalizations=[").append(this._allowedCanonicalizationMethods).append("], ");
        append.append("allowedSignatures=[").append(this._allowedSignatureMethods).append("], ");
        append.append("allowedDigests=[").append(this._allowedDigestMethods).append("], ");
        append.append("allowedDataEncryptions=[").append(this._allowedDataEncryptionMethods).append("], ");
        append.append("allowedKeyEncryptions=[").append(this._allowedKeyEncryptionMethods).append("], ");
        append.append("algorithmFactory=[").append(this._algorithmFactory).append("], ");
        append.append("verificationRequired=[").append(this._verificationRequired).append("], ");
        append.append("decryptionRequired=[").append(this._decryptionRequired).append("], ");
        append.append("tokenRequired=[").append(this._tokenRequired).append("], ");
        append.append("timestampRequired=[").append(this._timestampRequired).append("], ");
        append.append("inboundTimestampRequired=[").append(this._timestampRequired && this._inboundTimestampReqProp).append("], ");
        append.append("removeAuxiliarySecurityTokens=[").append(this._removeAuxiliarySecurityTokens).append("], ");
        append.append("requiredConfidentialParts=[").append(this._requiredConfidentialParts).append("], ");
        append.append("requiredIntegralParts=[").append(this._requiredIntegralParts).append("], ");
        append.append("requiredConfidentialParts=[").append(this._requiredConfidentialParts).append("], ");
        append.append("callers=[").append(this._callers).append("], ");
        append.append("signatureConsumers=[").append(this._signatureConsumers).append("], ");
        append.append("encryptionConsumers=[").append(this._encryptionConsumers).append("], ");
        append.append("tokenConsumers=[").append(this._tokenConsumers).append("], ");
        append.append("timestampConsumer=[").append(this._timestampConsumer).append("], ");
        append.append("nonceManager=[").append(this._nonceManager).append("], ");
        append.append("timestampMaxAge=[").append(this._timestampMaxAge).append("], ");
        append.append("timestampClockSkew=[").append(this._timestampClockSkew).append("], ");
        append.append("userDefinedComponentsUsed=[").append(this._userDefinedComponentsUsed).append("], ");
        append.append("properties=[").append(this._properties).append("]");
        append.append(")");
        return append.toString();
    }

    private void checkIdentity(SignatureConsumerConfImpl signatureConsumerConfImpl, Set<SignatureConsumerConfig> set) {
        if (set.size() > 1) {
            String str = signatureConsumerConfImpl._canonicalizationMethod._algorithm;
            String str2 = signatureConsumerConfImpl._signatureMethod._algorithm;
            List<SigningReferenceConfig> list = signatureConsumerConfImpl._references;
            Iterator<SignatureConsumerConfig> it = set.iterator();
            while (it.hasNext()) {
                SignatureConsumerConfImpl signatureConsumerConfImpl2 = (SignatureConsumerConfImpl) it.next();
                if (!signatureConsumerConfImpl2.equals(signatureConsumerConfImpl) && str.equals(signatureConsumerConfImpl2._canonicalizationMethod._algorithm) && str2.equals(signatureConsumerConfImpl2._signatureMethod._algorithm)) {
                    Iterator<SigningReferenceConfig> it2 = list.iterator();
                    while (it2.hasNext()) {
                        PrivateCommonConfig.SigningReferenceConfImpl signingReferenceConfImpl = (PrivateCommonConfig.SigningReferenceConfImpl) it2.next();
                        List<VerifiedConfig> list2 = signatureConsumerConfImpl._identity.get(signingReferenceConfImpl);
                        if (list2 == null) {
                            list2 = new ArrayList();
                            signatureConsumerConfImpl._identity.put(signingReferenceConfImpl, list2);
                        }
                        String str3 = signingReferenceConfImpl._digestMethod._algorithm;
                        HashSet hashSet = new HashSet();
                        Iterator<AlgorithmConfig> it3 = signingReferenceConfImpl._transforms.iterator();
                        while (it3.hasNext()) {
                            hashSet.add(((PrivateCommonConfig.AlgorithmConfImpl) it3.next())._algorithm);
                        }
                        Iterator<SigningReferenceConfig> it4 = signatureConsumerConfImpl2._references.iterator();
                        while (it4.hasNext()) {
                            PrivateCommonConfig.SigningReferenceConfImpl signingReferenceConfImpl2 = (PrivateCommonConfig.SigningReferenceConfImpl) it4.next();
                            if (str3.equals(signingReferenceConfImpl2._digestMethod._algorithm)) {
                                boolean z = true;
                                Iterator<AlgorithmConfig> it5 = signingReferenceConfImpl2._transforms.iterator();
                                while (true) {
                                    if (!it5.hasNext()) {
                                        break;
                                    } else if (!hashSet.contains(((PrivateCommonConfig.AlgorithmConfImpl) it5.next())._algorithm)) {
                                        z = false;
                                        break;
                                    }
                                }
                                if (z) {
                                    list2.add(new VerifiedConfig(signatureConsumerConfImpl2, signingReferenceConfImpl2));
                                }
                            }
                        }
                    }
                }
            }
        }
    }

    private void checkIdentity(EncryptionConsumerConfImpl encryptionConsumerConfImpl, Set<EncryptionConsumerConfig> set) {
        if (set.size() > 1) {
            String str = encryptionConsumerConfImpl._dataEncryptionMethod._algorithm;
            String str2 = encryptionConsumerConfImpl._keyEncryptionMethod == null ? null : encryptionConsumerConfImpl._keyEncryptionMethod._algorithm;
            Iterator<EncryptionConsumerConfig> it = set.iterator();
            while (it.hasNext()) {
                EncryptionConsumerConfImpl encryptionConsumerConfImpl2 = (EncryptionConsumerConfImpl) it.next();
                if (!encryptionConsumerConfImpl2.equals(encryptionConsumerConfImpl) && str.equals(encryptionConsumerConfImpl2._dataEncryptionMethod._algorithm)) {
                    PrivateCommonConfig.AlgorithmConfImpl algorithmConfImpl = encryptionConsumerConfImpl2._keyEncryptionMethod;
                    if (str2 == null) {
                        if (algorithmConfImpl == null) {
                            encryptionConsumerConfImpl._identity.add(encryptionConsumerConfImpl2);
                        }
                    } else if (algorithmConfImpl != null && str2.equals(algorithmConfImpl._algorithm)) {
                        encryptionConsumerConfImpl._identity.add(encryptionConsumerConfImpl2);
                    }
                }
            }
        }
    }

    public void setOrderedCallerList() {
        ArrayList arrayList = new ArrayList();
        for (CallerConfig callerConfig : this._callers) {
            int i = 0;
            boolean z = false;
            for (int i2 = 0; i2 < arrayList.size() && !z; i2++) {
                if (((CallerConfig) arrayList.get(i2)).getOrder() > callerConfig.getOrder()) {
                    z = true;
                } else {
                    i++;
                }
            }
            arrayList.add(i, callerConfig);
        }
        this._callers.clear();
        this._callers.addAll(arrayList);
    }
}
