package com.ibm.ws.wssecurity.wssapi.token.impl;

import com.ibm.websphere.wssecurity.wssapi.WSSException;
import com.ibm.websphere.wssecurity.wssapi.token.SAMLToken;
import com.ibm.ws.wssecurity.saml.common.util.MessageHelper;
import com.ibm.ws.wssecurity.saml.saml20.assertion.Attribute;
import com.ibm.ws.wssecurity.saml.saml20.assertion.impl.AttributeStatementImpl;
import com.ibm.ws.wssecurity.saml.security.impl.SamlSignatureUtils;
import com.ibm.ws.wssecurity.token.CacheableToken;
import com.ibm.ws.wssecurity.util.ConfigUtil;
import com.ibm.ws.wssecurity.util.DOMUtil;
import com.ibm.ws.wssecurity.util.Tr;
import com.ibm.ws.wssecurity.util.TraceComponent;
import com.ibm.ws.wssecurity.util.io.ObjectOutputInputUtil;
import com.ibm.ws.wssecurity.xml.xss4j.domutil.Serializer;
import com.ibm.wsspi.wssecurity.core.SoapSecurityException;
import com.ibm.wsspi.wssecurity.platform.token.AuthnToken;
import com.ibm.wsspi.wssecurity.saml.data.SAMLAttribute;
import com.ibm.wsspi.wssecurity.saml.data.SAMLNameID;
import com.ibm.wsspi.wssecurity.wssapi.OMStructure;
import com.ibm.wsspi.wssecurity.wssapi.OMStructureFactory;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInput;
import java.io.ObjectInputStream;
import java.io.ObjectOutput;
import java.io.ObjectOutputStream;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.ListIterator;
import java.util.Map;
import java.util.Vector;
import javax.xml.namespace.QName;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMNode;

/* loaded from: input_file:lib/com.ibm.wsfp.main.jar:com/ibm/ws/wssecurity/wssapi/token/impl/SAMLTokenImpl.class */
public class SAMLTokenImpl extends GenericSecurityTokenImpl implements SAMLToken, CacheableToken, AuthnToken {
    private static final String comp = "security.wssecurity";
    private static final short VERSION = 1;
    public static final String saml11TokenName = "security.wssecurity_http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1";
    public static final String saml20TokenName = "security.wssecurity_http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0";
    private static final long serialVersionUID = 3166835820878605529L;
    private static final String VERSION_NUMBER = "1.0";
    private byte[] tokenBytes;
    private static final TraceComponent tc = Tr.register(SAMLTokenImpl.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.wssmessages");
    public static final QName saml11ValueType = new QName("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1");
    public static final QName saml11KeyIdentifierValueType = new QName("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID");
    public static final QName saml20ValueType = new QName("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0");
    public static final QName saml20KeyIdentifierValueType = new QName("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID");
    protected String tokenName = null;
    protected String _identifier = null;
    private String subjectDns = null;
    private String subjectIp = null;
    private List<String> audienceRestriction = new ArrayList();
    private QName assertionQname = null;
    private String authnMethod = null;
    private String confirmMethod = null;
    private byte[] holderOfKeyBytes = null;
    private String initiatorName = null;
    private String keyType = null;
    private String issuername = null;
    private String issuerformat = null;
    private String samlId = null;
    private Date expirationTime = null;
    private Date createTime = null;
    private boolean isassertionValid = false;
    private List<SAMLAttribute> samlAttrts = new ArrayList();
    private List<List<SAMLAttribute>> samlAttrStmts = new ArrayList();
    private Map<String, String> stringAttributes = new HashMap();
    private SAMLNameID nameId = null;
    private Date authnInstant = null;
    private boolean oneTimeUse = false;
    private boolean proxyRestrict = false;
    private long proxyCount = -1;
    private List<String> proxyAudience = new ArrayList();
    private int hashcode = 0;
    private boolean isForwardable = true;
    private X509Certificate x509Cert = null;

    public SAMLTokenImpl() {
    }

    public SAMLTokenImpl(byte[] bArr) {
        this.tokenBytes = bArr;
        if (this.tokenBytes != null) {
            try {
                readExternal(new ObjectInputStream(new ByteArrayInputStream(this.tokenBytes)));
            } catch (Exception e) {
                e.printStackTrace();
                throw new RuntimeException(e);
            }
        }
    }

    public void initialize(byte[] bArr) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initialize encodedToken[" + ConfigUtil.getObjState(bArr) + "]");
        }
        if (bArr == null) {
            return;
        }
        try {
            readExternal(new ObjectInputStream(new ByteArrayInputStream(bArr)));
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "initialize");
            }
        } catch (Exception e) {
            e.printStackTrace();
            throw new RuntimeException(e);
        }
    }

    public void setValueType(String str) {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "setValueType vType[" + str + "]");
        }
        if (saml11ValueType.getLocalPart().equals(str)) {
            this.valueType = saml11ValueType;
        } else if (saml20ValueType.getLocalPart().equals(str)) {
            this.valueType = saml20ValueType;
        }
    }

    @Override // com.ibm.ws.wssecurity.wssapi.token.impl.SecurityTokenImpl
    public void setKeyIdentifierValueType(QName qName) {
        if (this.readOnly) {
            return;
        }
        this.keyIdentifierValueType = qName;
    }

    @Override // com.ibm.ws.wssecurity.wssapi.token.impl.GenericSecurityTokenImpl, com.ibm.websphere.wssecurity.wssapi.token.GenericSecurityToken
    public void setValueType(QName qName) {
        if (this.readOnly) {
            return;
        }
        this.valueType = qName;
    }

    public void setAssertionQName(QName qName) {
        if (this.readOnly) {
            return;
        }
        this.assertionQname = qName;
    }

    public void setAuthenticationMethod(String str) {
        if (this.readOnly) {
            return;
        }
        this.authnMethod = str;
    }

    public void setConfirmationMethod(String str) {
        if (this.readOnly) {
            return;
        }
        this.confirmMethod = str;
    }

    public void setHolderOfKeyBytes(byte[] bArr) {
        if (this.readOnly) {
            return;
        }
        this.holderOfKeyBytes = bArr;
    }

    public void setInitiatorName(String str) {
        if (this.readOnly) {
            return;
        }
        this.initiatorName = str;
    }

    public void setKeyType(String str) {
        if (this.readOnly) {
            return;
        }
        this.keyType = str;
    }

    public void setSAMLIssuerName(String str) {
        if (this.readOnly) {
            return;
        }
        this.issuername = str;
    }

    public void setSAMLIssuerFormat(String str) {
        if (this.readOnly) {
            return;
        }
        this.issuerformat = str;
    }

    public void setSamlExpires(Date date) {
        if (this.readOnly) {
            return;
        }
        this.expirationTime = date;
    }

    public void setSamlCreated(Date date) {
        if (this.readOnly) {
            return;
        }
        this.createTime = date;
    }

    public void setSamlID(String str) {
        if (this.readOnly) {
            return;
        }
        this.samlId = str;
    }

    public void setSubjectDNS(String str) {
        if (this.readOnly) {
            return;
        }
        this.subjectDns = str;
    }

    public void setSubjectIPAddress(String str) {
        if (this.readOnly) {
            return;
        }
        this.subjectIp = str;
    }

    public void setAudienceRestriction(List<String> list) {
        if (this.readOnly) {
            return;
        }
        this.audienceRestriction = list;
    }

    public void SetIsAssertionValid(boolean z) {
        if (this.readOnly) {
            return;
        }
        this.isassertionValid = z;
    }

    public void setSAMLAttributes(List<SAMLAttribute> list) {
        if (this.readOnly) {
            return;
        }
        this.samlAttrts = list;
    }

    public void addSAMLAttributes(List<SAMLAttribute> list) {
        if (this.readOnly) {
            return;
        }
        if (this.samlAttrts == null) {
            this.samlAttrts = list;
        } else {
            this.samlAttrts.addAll(list);
        }
    }

    public void setStringAttributes(Map<String, String> map) {
        if (this.readOnly) {
            return;
        }
        this.stringAttributes = map;
    }

    public void setSAMLAttributeStatement(List<SAMLAttribute> list) {
        if (this.readOnly) {
            return;
        }
        this.samlAttrStmts = new ArrayList();
        this.samlAttrStmts.add(list);
    }

    public void addSAMLAttributeStatement(List<SAMLAttribute> list) {
        if (this.readOnly) {
            return;
        }
        if (this.samlAttrStmts == null) {
            this.samlAttrStmts = new ArrayList();
        }
        this.samlAttrStmts.add(list);
    }

    @Override // com.ibm.websphere.wssecurity.wssapi.token.SAMLToken
    public QName getAssertionQName() {
        return this.assertionQname;
    }

    @Override // com.ibm.websphere.wssecurity.wssapi.token.SAMLToken
    public String getAuthenticationMethod() {
        return this.authnMethod;
    }

    @Override // com.ibm.websphere.wssecurity.wssapi.token.SAMLToken
    public String getConfirmationMethod() {
        return this.confirmMethod;
    }

    @Override // com.ibm.websphere.wssecurity.wssapi.token.SAMLToken
    public byte[] getHolderOfKeyBytes() {
        return this.holderOfKeyBytes;
    }

    public String getInitiatorName() {
        return this.initiatorName;
    }

    public String getKeyType() {
        return this.keyType;
    }

    @Override // com.ibm.websphere.wssecurity.wssapi.token.SAMLToken
    public String getSAMLIssuerName() {
        return this.issuername;
    }

    @Override // com.ibm.websphere.wssecurity.wssapi.token.SAMLToken
    public String getSAMLIssuerFormat() {
        return this.issuerformat;
    }

    @Override // com.ibm.websphere.wssecurity.wssapi.token.SAMLToken
    public Date getSamlExpires() {
        return this.expirationTime;
    }

    @Override // com.ibm.websphere.wssecurity.wssapi.token.SAMLToken
    public Date getSamlCreated() {
        return this.createTime;
    }

    @Override // com.ibm.websphere.wssecurity.wssapi.token.SAMLToken
    public String getSamlID() {
        return this.samlId;
    }

    @Override // com.ibm.websphere.wssecurity.wssapi.token.SAMLToken
    public String getSubjectDNS() {
        return this.subjectDns;
    }

    @Override // com.ibm.websphere.wssecurity.wssapi.token.SAMLToken
    public String getSubjectIPAddress() {
        return this.subjectIp;
    }

    @Override // com.ibm.websphere.wssecurity.wssapi.token.SAMLToken
    public List<String> getAudienceRestriction() {
        return this.readOnly ? new ArrayList(this.audienceRestriction) : this.audienceRestriction;
    }

    public boolean isAssertionValid() {
        return this.isassertionValid;
    }

    @Override // com.ibm.websphere.wssecurity.wssapi.token.SAMLToken
    public boolean isOneTimeUse() {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "isOneTimeUse returns [" + this.oneTimeUse + "]");
        }
        return this.oneTimeUse;
    }

    public void setIsOneTimeUse(boolean z) {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "setIsOneTimeUse [" + z + "]");
        }
        this.oneTimeUse = z;
    }

    public boolean isSaml20() {
        boolean z = false;
        String namespaceURI = getAssertionQName().getNamespaceURI();
        if (namespaceURI != null && namespaceURI.contains("2.0")) {
            z = true;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "isSaml20 returns [" + z + "]");
        }
        return z;
    }

    @Override // com.ibm.websphere.wssecurity.wssapi.token.SAMLToken
    public List<SAMLAttribute> getSAMLAttributes() {
        List<SAMLAttribute> list;
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(GET_SAMLATTRIBUTES_PERM);
        }
        if (this.readOnly) {
            list = new ArrayList();
            Iterator<SAMLAttribute> it = this.samlAttrts.iterator();
            while (it.hasNext()) {
                list.add(new SAMLAttribute(it.next()));
            }
        } else {
            list = this.samlAttrts;
        }
        return list;
    }

    @Override // com.ibm.websphere.wssecurity.wssapi.token.SAMLToken
    public Map<String, String> getStringAttributes() {
        return this.readOnly ? new HashMap(this.stringAttributes) : this.stringAttributes;
    }

    public List<List<SAMLAttribute>> getSAMLAttributeStatements() {
        List<List<SAMLAttribute>> list;
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(GET_SAMLATTRIBUTES_PERM);
        }
        if (this.readOnly) {
            list = new ArrayList();
            Iterator<List<SAMLAttribute>> it = this.samlAttrStmts.iterator();
            while (it.hasNext()) {
                list.add(replicateSAMLAttributeList(it.next()));
            }
        } else {
            list = this.samlAttrStmts;
        }
        return list;
    }

    private ArrayList<SAMLAttribute> replicateSAMLAttributeList(List<SAMLAttribute> list) {
        ArrayList<SAMLAttribute> arrayList = null;
        if (list != null) {
            arrayList = new ArrayList<>();
            Iterator<SAMLAttribute> it = list.iterator();
            while (it.hasNext()) {
                arrayList.add(new SAMLAttribute(it.next()));
            }
        }
        return arrayList;
    }

    @Override // com.ibm.websphere.wssecurity.wssapi.token.SAMLToken
    public SAMLNameID getSAMLNameID() {
        return this.nameId;
    }

    public void setSAMLNameID(SAMLNameID sAMLNameID) {
        this.nameId = sAMLNameID;
    }

    @Override // com.ibm.websphere.wssecurity.wssapi.token.SAMLToken
    public InputStream getXMLInputStream() throws WSSException {
        try {
            return new ByteArrayInputStream(Serializer.serialize(((OMStructure) this.xml).getNode()));
        } catch (Exception e) {
            if ((e instanceof WSSException) || (e instanceof SoapSecurityException)) {
                throw new WSSException((Throwable) e, true);
            }
            throw new WSSException(e.getMessage(), e);
        }
    }

    @Override // com.ibm.ws.wssecurity.token.CacheableToken
    public String getIdentifier() {
        return this._identifier;
    }

    public void setIdentifier(String str) {
        this._identifier = str;
    }

    public boolean equals(Object obj) {
        if (obj == this) {
            return true;
        }
        if (obj instanceof SAMLTokenImpl) {
            return ((SAMLTokenImpl) obj).hashCode() == hashCode();
        }
        if (!tc.isDebugEnabled()) {
            return false;
        }
        Tr.entry(tc, "Not a SAMLTokenImpl:" + obj);
        return false;
    }

    public int hashCode() {
        if (tc.isDebugEnabled()) {
            Tr.entry(tc, "hashCode=" + this.hashcode);
        }
        if (this.hashcode == 0) {
            StringBuffer stringBuffer = new StringBuffer();
            if (this.samlId != null) {
                stringBuffer.append(this.samlId);
            }
            if (tc.isDebugEnabled()) {
                Tr.entry(tc, "SamlID=" + this.samlId);
            }
            if (this.issuername != null) {
                stringBuffer.append(this.issuername);
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "SAMLIssuerName=" + this.issuername);
            }
            if (this.valueType != null) {
                stringBuffer.append(this.valueType.getLocalPart());
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "hashString=" + stringBuffer.toString());
            }
            if (stringBuffer.length() > 0) {
                this.hashcode = stringBuffer.toString().hashCode();
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.exit(tc, "hashcode=" + this.hashcode);
        }
        return this.hashcode;
    }

    @Override // com.ibm.wsspi.wssecurity.platform.token.AuthnToken
    public boolean isTokenValid() {
        long currentTimeMillis = System.currentTimeMillis();
        boolean z = false;
        if (this.expirationTime == null || this.expirationTime.getTime() < 0) {
            z = true;
        } else if (this.expirationTime.getTime() - currentTimeMillis > 0) {
            z = true;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "isTokenValid returns [" + z + "]");
        }
        return z;
    }

    @Override // com.ibm.wsspi.wssecurity.platform.token.AuthnToken
    public long getTokenExpiration() {
        long j = -1;
        if (this.expirationTime != null) {
            j = this.expirationTime.getTime();
        }
        return j;
    }

    @Override // com.ibm.wsspi.wssecurity.platform.token.AuthnToken
    public boolean isTokenForwardable() {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "isTokenForwardable returns [" + this.isForwardable + "]");
        }
        return this.isForwardable;
    }

    public void setIsForwardable(boolean z) {
        if (this.readOnly) {
            return;
        }
        this.isForwardable = z;
    }

    @Override // com.ibm.wsspi.wssecurity.platform.token.AuthnToken
    public String getTokenPrincipal() {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "getTokenPrincipal returns [" + this.principal + "]");
        }
        return this.principal;
    }

    @Override // com.ibm.wsspi.wssecurity.platform.token.AuthnToken
    public String getTokenRealm() {
        return null;
    }

    @Override // com.ibm.wsspi.wssecurity.platform.token.AuthnToken
    public byte[] getTokenBytes() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getTokenBytes");
        }
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            ObjectOutputStream objectOutputStream = new ObjectOutputStream(byteArrayOutputStream);
            writeExternal(objectOutputStream);
            objectOutputStream.flush();
            objectOutputStream.close();
            this.tokenBytes = byteArrayOutputStream.toByteArray();
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getTokenBytes");
            }
            return this.tokenBytes;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    @Override // com.ibm.wsspi.wssecurity.platform.token.AuthnToken
    public String getTokenName() {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "getTokenName returns [" + this.tokenName + "]");
        }
        return this.tokenName;
    }

    @Override // com.ibm.wsspi.wssecurity.platform.token.AuthnToken
    public short getTokenVersion() {
        if (!tc.isDebugEnabled()) {
            return (short) 1;
        }
        Tr.debug(tc, "getTokenVersion returns [1]");
        return (short) 1;
    }

    @Override // com.ibm.wsspi.wssecurity.platform.token.AuthnToken
    public String getTokenUniqueID() {
        String str = this.samlId + this.issuername;
        if (this.valueType != null) {
            str = str + this.valueType.getLocalPart();
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "getTokenUniqueID returns [" + str + "]");
        }
        return str;
    }

    @Override // com.ibm.websphere.wssecurity.wssapi.token.SAMLToken, com.ibm.wsspi.wssecurity.platform.token.AuthnToken
    public void setTokenReadOnly() {
        this.readOnly = true;
    }

    @Override // com.ibm.wsspi.wssecurity.platform.token.AuthnToken
    public String[] getTokenAttributes(String str) {
        Map<String, String> stringAttributes = getStringAttributes();
        if (stringAttributes != null) {
            return new String[]{stringAttributes.get(str)};
        }
        return null;
    }

    @Override // com.ibm.wsspi.wssecurity.platform.token.AuthnToken
    public String[] addTokenAttribute(String str, String str2) {
        getStringAttributes().put(str, str2);
        getSAMLAttributes().add(new SAMLAttribute(str, new String[]{str2}, (OMStructure[]) null, (String) null, (String) null, (String) null));
        String[] strArr = new String[getStringAttributes().size()];
        Iterator<String> it = getStringAttributes().values().iterator();
        int i = 0;
        while (it.hasNext()) {
            strArr[i] = it.next();
            i++;
        }
        return strArr;
    }

    @Override // com.ibm.wsspi.wssecurity.platform.token.AuthnToken
    public Enumeration<?> getTokenAttributeNames() {
        Vector vector = new Vector();
        ListIterator<SAMLAttribute> listIterator = getSAMLAttributes().listIterator();
        while (listIterator.hasNext()) {
            vector.add(listIterator.next());
        }
        return vector.elements();
    }

    @Override // com.ibm.websphere.wssecurity.wssapi.token.SAMLToken
    public Date getAuthenticationInstant() {
        return this.authnInstant;
    }

    public void setAuthenticationInstant(Date date) {
        this.authnInstant = date;
    }

    @Override // com.ibm.websphere.wssecurity.wssapi.token.SAMLToken
    public boolean hasProxyRestriction() {
        return this.proxyRestrict;
    }

    public void setHasProxyRestriction(boolean z) {
        this.proxyRestrict = z;
    }

    @Override // com.ibm.websphere.wssecurity.wssapi.token.SAMLToken
    public long getProxyRestrictionCount() {
        return this.proxyCount;
    }

    public void setProxyRestrictionCount(long j) {
        this.proxyCount = j;
    }

    @Override // com.ibm.websphere.wssecurity.wssapi.token.SAMLToken
    public List<String> getroxyRestrictionAudience() {
        return this.proxyAudience;
    }

    public void setProxyRestrictionAudience(List<String> list) {
        this.proxyAudience = list;
    }

    @Override // com.ibm.websphere.wssecurity.wssapi.token.SAMLToken
    public X509Certificate getSignerCertificate() {
        return this.x509Cert;
    }

    public void setSignerCertificate(X509Certificate x509Certificate) {
        this.x509Cert = x509Certificate;
    }

    public Object clone() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "clone");
        }
        SAMLTokenImpl sAMLTokenImpl = new SAMLTokenImpl(getTokenBytes());
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "clone returns [" + ConfigUtil.getObjState(sAMLTokenImpl) + "]");
        }
        return sAMLTokenImpl;
    }

    @Override // com.ibm.ws.wssecurity.wssapi.token.impl.GenericSecurityTokenImpl, com.ibm.ws.wssecurity.wssapi.token.impl.SecurityTokenImpl, java.io.Externalizable
    public void writeExternal(ObjectOutput objectOutput) throws IOException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "writeExternal(ObjectOutput in)");
        }
        super.writeExternal(objectOutput);
        ObjectOutputInputUtil.writeUTF(objectOutput, "1.0", "SAMLToken.version");
        ObjectOutputInputUtil.writeUTF(objectOutput, this._identifier, "SAMLToken.identifier");
        ObjectOutputInputUtil.writeUTF(objectOutput, this.authnMethod, "SAMLToken.authnMethod");
        ObjectOutputInputUtil.writeUTF(objectOutput, this.confirmMethod, "SAMLToken.confirmMethod");
        ObjectOutputInputUtil.writeInt(objectOutput, this.hashcode, "SAMLToken.hashcode");
        ObjectOutputInputUtil.writeUTF(objectOutput, this.id, "SAMLToken.id");
        ObjectOutputInputUtil.writeUTF(objectOutput, this.initiatorName, "SAMLToken.initiatorName");
        ObjectOutputInputUtil.writeUTF(objectOutput, this.issuername, "SAMLToken.issuername");
        ObjectOutputInputUtil.writeUTF(objectOutput, this.keyType, "SAMLToken.keyType");
        ObjectOutputInputUtil.writeUTF(objectOutput, this.principal, "SAMLToken.principal");
        ObjectOutputInputUtil.writeUTF(objectOutput, this.samlId, "SAMLToken.samlId");
        ObjectOutputInputUtil.writeUTF(objectOutput, this.subjectDns, "SAMLToken.subjectDns");
        ObjectOutputInputUtil.writeUTF(objectOutput, this.subjectIp, "SAMLToken.subjectIp");
        ObjectOutputInputUtil.writeUTF(objectOutput, this.tokenName, "SAMLToken.tokenName");
        ObjectOutputInputUtil.writeBoolean(objectOutput, this.isForwardable, "SAMLToken.isForwardable");
        ObjectOutputInputUtil.writeBoolean(objectOutput, this.oneTimeUse, "SAMLToken.oneTimeUse");
        ObjectOutputInputUtil.writeBoolean(objectOutput, this.proxyRestrict, "SAMLToken.proxyRestrict");
        ObjectOutputInputUtil.writeLong(objectOutput, this.proxyCount, "SAMLToken.proxyCount");
        ObjectOutputInputUtil.writeObject(objectOutput, this.assertionQname, "SAMLToken.assertionQname");
        ObjectOutputInputUtil.writeObject(objectOutput, this.audienceRestriction, "SAMLToken.audienceRestriction");
        ObjectOutputInputUtil.writeObject(objectOutput, this.createTime, "SAMLToken.createTime");
        ObjectOutputInputUtil.writeObject(objectOutput, this.expirationTime, "SAMLToken.expirationTime");
        ObjectOutputInputUtil.writeObject(objectOutput, this.holderOfKeyBytes, "SAMLToken.holderOfKeyBytes");
        ObjectOutputInputUtil.writeObject(objectOutput, this.keyIdentifierEncodingType, "SAMLToken.keyIdentifierEncodingType");
        ObjectOutputInputUtil.writeObject(objectOutput, this.keyIdentifierValueType, "SAMLToken.keyIdentifierValueType");
        ObjectOutputInputUtil.writeObject(objectOutput, this.samlAttrts, "SAMLToken.samlAttrts");
        ObjectOutputInputUtil.writeObject(objectOutput, this.samlAttrStmts, "SAMLToken.samlAttrStmts");
        ObjectOutputInputUtil.writeObject(objectOutput, this.stringAttributes, "SAMLToken.stringAttributes");
        ObjectOutputInputUtil.writeObject(objectOutput, this.tokenQName, "SAMLToken.tokenQName");
        ObjectOutputInputUtil.writeObject(objectOutput, this.valueType, "SAMLToken.valueType");
        ObjectOutputInputUtil.writeObject(objectOutput, this.nameId, "SAMLToken.nameId");
        ObjectOutputInputUtil.writeObject(objectOutput, this.authnInstant, "SAMLToken.authnInstant");
        ObjectOutputInputUtil.writeObject(objectOutput, this.proxyAudience, "SAMLToken.proxyAudience");
        ObjectOutputInputUtil.writeObject(objectOutput, this.x509Cert, "SAMLToken.x509Cert");
        ObjectOutputInputUtil.writeUTF(objectOutput, this.issuerformat, "SAMLToken.issuerformat");
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "writeExternal(ObjectInput in)");
        }
    }

    @Override // com.ibm.ws.wssecurity.wssapi.token.impl.GenericSecurityTokenImpl, com.ibm.ws.wssecurity.wssapi.token.impl.SecurityTokenImpl, java.io.Externalizable
    public void readExternal(ObjectInput objectInput) throws IOException, ClassNotFoundException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "readExternal(ObjectInput in)");
        }
        super.readExternal(objectInput);
        String readUTF = ObjectOutputInputUtil.readUTF(objectInput, "SAMLToken.version");
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "SAMLToken.version=" + readUTF);
        }
        if ("1.0".equals(readUTF)) {
            this._identifier = ObjectOutputInputUtil.readUTF(objectInput, "SAMLToken.identifier");
            this.authnMethod = ObjectOutputInputUtil.readUTF(objectInput, "SAMLToken.authnMethod");
            this.confirmMethod = ObjectOutputInputUtil.readUTF(objectInput, "SAMLToken.confirmMethod");
            this.hashcode = ObjectOutputInputUtil.readInt(objectInput, "SAMLToken.hashcode");
            this.id = ObjectOutputInputUtil.readUTF(objectInput, "SAMLToken.id");
            this.initiatorName = ObjectOutputInputUtil.readUTF(objectInput, "SAMLToken.initiatorName");
            this.issuername = ObjectOutputInputUtil.readUTF(objectInput, "SAMLToken.issuername");
            this.keyType = ObjectOutputInputUtil.readUTF(objectInput, "SAMLToken.keyType");
            this.principal = ObjectOutputInputUtil.readUTF(objectInput, "SAMLToken.principal");
            this.samlId = ObjectOutputInputUtil.readUTF(objectInput, "SAMLToken.samlId");
            this.subjectDns = ObjectOutputInputUtil.readUTF(objectInput, "SAMLToken.subjectDns");
            this.subjectIp = ObjectOutputInputUtil.readUTF(objectInput, "SAMLToken.subjectIp");
            this.tokenName = ObjectOutputInputUtil.readUTF(objectInput, "SAMLToken.tokenName");
            this.isForwardable = ObjectOutputInputUtil.readBoolean(objectInput, "SAMLToken.isForwardable");
            this.oneTimeUse = ObjectOutputInputUtil.readBoolean(objectInput, "SAMLToken.oneTimeUse");
            this.proxyRestrict = ObjectOutputInputUtil.readBoolean(objectInput, "SAMLToken.proxyRestrict");
            this.proxyCount = ObjectOutputInputUtil.readLong(objectInput, "SAMLToken.proxyCount");
            Object readObject = ObjectOutputInputUtil.readObject(objectInput, "SAMLToken.assertionQname");
            if (readObject != null) {
                this.assertionQname = (QName) readObject;
            }
            Object readObject2 = ObjectOutputInputUtil.readObject(objectInput, "SAMLToken.audienceRestriction");
            if (readObject2 != null) {
                this.audienceRestriction = (List) readObject2;
            }
            Object readObject3 = ObjectOutputInputUtil.readObject(objectInput, "SAMLToken.createTime");
            if (readObject3 != null) {
                this.createTime = (Date) readObject3;
            }
            Object readObject4 = ObjectOutputInputUtil.readObject(objectInput, "SAMLToken.expirationTime");
            if (readObject4 != null) {
                this.expirationTime = (Date) readObject4;
            }
            Object readObject5 = ObjectOutputInputUtil.readObject(objectInput, "SAMLToken.holderOfKeyBytes");
            if (readObject5 != null) {
                this.holderOfKeyBytes = (byte[]) readObject5;
            }
            Object readObject6 = ObjectOutputInputUtil.readObject(objectInput, "SAMLToken.keyIdentifierEncodingType");
            if (readObject6 != null) {
                this.keyIdentifierEncodingType = (QName) readObject6;
            }
            Object readObject7 = ObjectOutputInputUtil.readObject(objectInput, "SAMLToken.keyIdentifierValueType");
            if (readObject7 != null) {
                this.keyIdentifierValueType = (QName) readObject7;
            }
            Object readObject8 = ObjectOutputInputUtil.readObject(objectInput, "SAMLToken.samlAttrts");
            if (readObject8 != null) {
                this.samlAttrts = (List) readObject8;
            }
            Object readObject9 = ObjectOutputInputUtil.readObject(objectInput, "SAMLToken.samlAttrStmts");
            if (readObject9 != null) {
                this.samlAttrStmts = (List) readObject9;
            }
            Object readObject10 = ObjectOutputInputUtil.readObject(objectInput, "SAMLToken.stringAttributes");
            if (readObject10 != null) {
                this.stringAttributes = (Map) readObject10;
            }
            Object readObject11 = ObjectOutputInputUtil.readObject(objectInput, "SAMLToken.tokenQName");
            if (readObject11 != null) {
                this.tokenQName = (QName) readObject11;
            }
            Object readObject12 = ObjectOutputInputUtil.readObject(objectInput, "SAMLToken.valueType");
            if (readObject12 != null) {
                this.valueType = (QName) readObject12;
            }
            Object readObject13 = ObjectOutputInputUtil.readObject(objectInput, "SAMLToken.nameId");
            if (readObject13 != null) {
                this.nameId = (SAMLNameID) readObject13;
            }
            Object readObject14 = ObjectOutputInputUtil.readObject(objectInput, "SAMLToken.authnInstant");
            if (readObject14 != null) {
                this.authnInstant = (Date) readObject14;
            }
            Object readObject15 = ObjectOutputInputUtil.readObject(objectInput, "SAMLToken.proxyAudience");
            if (readObject15 != null) {
                this.proxyAudience = (List) readObject15;
            }
            Object readObject16 = ObjectOutputInputUtil.readObject(objectInput, "SAMLToken.x509Cert");
            if (readObject16 != null) {
                this.x509Cert = (X509Certificate) readObject16;
            }
            try {
                this.issuerformat = ObjectOutputInputUtil.readUTF(objectInput, "SAMLToken.issuerformat");
            } catch (Throwable th) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "SAMLToken.issuerformat not in serialized token.  Defaulting issuerFormat to null.");
                }
                this.issuerformat = null;
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "readExternal(ObjectInput in)");
            }
        }
    }

    @Override // com.ibm.websphere.wssecurity.wssapi.token.SAMLToken
    public boolean isReadOnly() {
        return this.readOnly;
    }

    @Override // com.ibm.websphere.wssecurity.wssapi.token.SAMLToken
    public void addSAMLAttribute(SAMLAttribute sAMLAttribute) throws Exception {
        if (sAMLAttribute == null || this.xml == null) {
            return;
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add(sAMLAttribute);
        addSAMLAttribute(arrayList);
    }

    @Override // com.ibm.websphere.wssecurity.wssapi.token.SAMLToken
    public void addSAMLAttribute(List<SAMLAttribute> list) throws Exception {
        OMElement marshal;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "addSAMLAttribute");
        }
        if (list == null || list.size() == 0) {
            return;
        }
        checkModifyOperationAllowed("addSAMLAttribute");
        List<SAMLAttribute> checkAttributeSchema = checkAttributeSchema(list);
        List<List<SAMLAttribute>> sAMLAttributeStatements = getSAMLAttributeStatements();
        if (sAMLAttributeStatements.size() > 0) {
            sAMLAttributeStatements.get(0).addAll(checkAttributeSchema);
        } else {
            addSAMLAttributeStatement(checkAttributeSchema);
        }
        addSAMLAttributes(checkAttributeSchema);
        for (SAMLAttribute sAMLAttribute : checkAttributeSchema) {
            String[] stringAttributeValue = sAMLAttribute.getStringAttributeValue();
            if (stringAttributeValue != null && stringAttributeValue.length == 1 && sAMLAttribute.getFriendlyName() == null && sAMLAttribute.getAttributeNamespace() == null && sAMLAttribute.getNameFormat() == null) {
                this.stringAttributes.put(sAMLAttribute.getName(), stringAttributeValue[0]);
            }
        }
        if (this.xml != null) {
            OMElement deleteSignElement = SamlSignatureUtils.deleteSignElement(((com.ibm.ws.wssecurity.wssapi.OMStructure) this.xml).getNode());
            setSignerCertificate(null);
            try {
                Iterator<OMNode> it = DOMUtil.getOneOrMoreElements(deleteSignElement, getAssertionQName().getNamespaceURI(), "AttributeStatement").iterator();
                while (it.hasNext()) {
                    it.next().detach();
                }
            } catch (Exception e) {
            }
            ArrayList<OMElement> arrayList = new ArrayList();
            for (List<SAMLAttribute> list2 : sAMLAttributeStatements) {
                if (isSaml20()) {
                    AttributeStatementImpl attributeStatementImpl = new AttributeStatementImpl();
                    attributeStatementImpl.createSAMLAttributes(list2);
                    marshal = attributeStatementImpl.marshal(null);
                } else {
                    com.ibm.ws.wssecurity.saml.saml11.assertion.impl.AttributeStatementImpl attributeStatementImpl2 = new com.ibm.ws.wssecurity.saml.saml11.assertion.impl.AttributeStatementImpl();
                    attributeStatementImpl2.createSAMLAttributes(list2);
                    marshal = attributeStatementImpl2.marshal(null);
                }
                arrayList.add(marshal);
            }
            if (arrayList.size() > 0) {
                OMElement lastElement = DOMUtil.getLastElement(deleteSignElement);
                for (OMElement oMElement : arrayList) {
                    lastElement.insertSiblingAfter(oMElement);
                    lastElement = oMElement;
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.debug(tc, "Replacing XML in the object");
            }
            setXML(OMStructureFactory.getInstance().getOMStructure(deleteSignElement));
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "addSAMLAttribute");
        }
    }

    @Override // com.ibm.websphere.wssecurity.wssapi.token.SAMLToken
    public void deleteSAMLAttribute(SAMLAttribute sAMLAttribute) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "deleteSAMLAttribute");
        }
        if (sAMLAttribute != null) {
            checkModifyOperationAllowed("deleteSAMLAttribute");
            String nameFormat = sAMLAttribute.getNameFormat();
            String friendlyName = sAMLAttribute.getFriendlyName();
            String attributeNamespace = sAMLAttribute.getAttributeNamespace();
            String name = sAMLAttribute.getName();
            String str = isSaml20() ? "Name" : "AttributeName";
            Iterator<List<SAMLAttribute>> it = this.samlAttrStmts.iterator();
            while (it.hasNext()) {
                Iterator<SAMLAttribute> it2 = it.next().iterator();
                while (it2.hasNext()) {
                    SAMLAttribute next = it2.next();
                    boolean z = false;
                    if (next.getName() == name) {
                        if (isSaml20()) {
                            if (next.getFriendlyName() == friendlyName && next.getNameFormat() == nameFormat) {
                                z = true;
                            }
                        } else if (next.getAttributeNamespace() == attributeNamespace) {
                            z = true;
                        }
                        if (z) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Attribute removed from AttributeStatement list in object");
                            }
                            it2.remove();
                        }
                    }
                }
            }
            Iterator<SAMLAttribute> it3 = this.samlAttrts.iterator();
            while (it3.hasNext()) {
                SAMLAttribute next2 = it3.next();
                boolean z2 = false;
                if (next2.getName() == name) {
                    if (isSaml20()) {
                        if (next2.getFriendlyName() == friendlyName && next2.getNameFormat() == nameFormat) {
                            z2 = true;
                        }
                    } else if (next2.getAttributeNamespace() == attributeNamespace) {
                        z2 = true;
                    }
                    if (z2) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Attribute removed from Attribute list in object");
                        }
                        it3.remove();
                    }
                }
            }
            String[] stringAttributeValue = sAMLAttribute.getStringAttributeValue();
            if (stringAttributeValue != null && stringAttributeValue.length != 0) {
                boolean z3 = false;
                if (sAMLAttribute.getName() == name) {
                    if (isSaml20()) {
                        if (sAMLAttribute.getFriendlyName() == null && sAMLAttribute.getNameFormat() == null) {
                            z3 = true;
                        }
                    } else if (sAMLAttribute.getAttributeNamespace() == null) {
                        z3 = true;
                    }
                    if (z3) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Attribute removed from simple list in object");
                        }
                        this.stringAttributes.remove(sAMLAttribute.getName());
                    }
                }
            }
            if (this.xml != null) {
                boolean z4 = false;
                OMElement deleteSignElement = SamlSignatureUtils.deleteSignElement(((com.ibm.ws.wssecurity.wssapi.OMStructure) this.xml).getNode());
                try {
                    QName qName = new QName(str);
                    QName qName2 = new QName("NameFormat");
                    QName qName3 = new QName("AttributeNamespace");
                    QName qName4 = new QName(Attribute.FriendlyName);
                    Iterator<OMNode> it4 = DOMUtil.getOneOrMoreElements(deleteSignElement, getAssertionQName().getNamespaceURI(), "Attribute").iterator();
                    while (it4.hasNext()) {
                        boolean z5 = false;
                        OMElement next3 = it4.next();
                        if (name.equals(next3.getAttributeValue(qName))) {
                            String attributeValue = next3.getAttributeValue(qName2);
                            String attributeValue2 = next3.getAttributeValue(qName4);
                            String attributeValue3 = next3.getAttributeValue(qName3);
                            if (isSaml20()) {
                                if (checkAttribute(nameFormat, attributeValue) && checkAttribute(friendlyName, attributeValue2)) {
                                    z5 = true;
                                }
                            } else if (checkAttribute(attributeNamespace, attributeValue3)) {
                                z5 = true;
                            }
                            if (z5) {
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "Attribute removed from XML");
                                }
                                z4 = true;
                                next3.detach();
                            }
                        }
                    }
                } catch (Exception e) {
                }
                if (z4) {
                    if (tc.isEntryEnabled()) {
                        Tr.debug(tc, "Replacing XML in the object");
                    }
                    setXML(OMStructureFactory.getInstance().getOMStructure(deleteSignElement));
                    setSignerCertificate(null);
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "deleteSAMLAttribute");
        }
    }

    public boolean checkAttribute(String str, String str2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkAttribute(attr[" + str + "],xmlAttr[" + str2 + "])");
        }
        boolean equals = (str == null && str2 == null) ? true : (str == null || str2 == null) ? false : str2.equals(str);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "checkAttribute returns [" + equals + "]");
        }
        return equals;
    }

    /* JADX WARN: Code restructure failed: missing block: B:6:0x002a, code lost:
    
        if (r0.getLocalName().equals("EncryptedAssertion") != false) goto L7;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public boolean isEncryptedXml() {
        /*
            r3 = this;
            r0 = 0
            r4 = r0
            r0 = r3
            com.ibm.websphere.wssecurity.wssapi.XMLStructure r0 = r0.xml     // Catch: java.lang.Exception -> L32
            com.ibm.wsspi.wssecurity.wssapi.OMStructure r0 = (com.ibm.wsspi.wssecurity.wssapi.OMStructure) r0     // Catch: java.lang.Exception -> L32
            org.apache.axiom.om.OMElement r0 = r0.getNode()     // Catch: java.lang.Exception -> L32
            r5 = r0
            r0 = r5
            java.lang.String r0 = r0.getLocalName()     // Catch: java.lang.Exception -> L32
            java.lang.String r1 = "EncryptedData"
            boolean r0 = r0.equals(r1)     // Catch: java.lang.Exception -> L32
            if (r0 != 0) goto L2d
            r0 = r5
            java.lang.String r0 = r0.getLocalName()     // Catch: java.lang.Exception -> L32
            java.lang.String r1 = "EncryptedAssertion"
            boolean r0 = r0.equals(r1)     // Catch: java.lang.Exception -> L32
            if (r0 == 0) goto L2f
        L2d:
            r0 = 1
            r4 = r0
        L2f:
            goto L33
        L32:
            r5 = move-exception
        L33:
            r0 = r4
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ws.wssecurity.wssapi.token.impl.SAMLTokenImpl.isEncryptedXml():boolean");
    }

    public boolean checkModifyOperationAllowed(String str) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkModifyOperationAllowed");
        }
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(GET_SAMLATTRIBUTES_PERM);
        }
        if (this.readOnly) {
            Tr.debug(tc, "readOnly is turned on. " + str + " not allowed");
            throw new WSSException(MessageHelper.getMessage("security.wssecurity.CWSML7022E", new String[]{getClass().getName(), str}));
        }
        if (isEncryptedXml()) {
            Tr.debug(tc, "XML is encrypted. " + str + " not allowed");
            throw new WSSException(MessageHelper.getMessage("security.wssecurity.CWSML7023E", new String[]{getClass().getName(), str}));
        }
        if (!tc.isEntryEnabled()) {
            return true;
        }
        Tr.exit(tc, "checkModifyOperationAllowed");
        return true;
    }

    public List<SAMLAttribute> checkAttributeSchema(List<SAMLAttribute> list) throws WSSException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkAttributeSchema");
        }
        ArrayList arrayList = new ArrayList(list.size());
        Iterator<SAMLAttribute> it = list.iterator();
        while (it.hasNext()) {
            SAMLAttribute sAMLAttribute = new SAMLAttribute(it.next());
            if (isSaml20()) {
                if (!ConfigUtil.hasValue(sAMLAttribute.getName())) {
                    throw new WSSException(MessageHelper.getMessage("security.wssecurity.CWSML7006E", new String[]{"Name", "Attribute"}));
                }
                if (sAMLAttribute.getStringAttributeValue() == null || sAMLAttribute.getStringAttributeValue().length == 0) {
                    throw new WSSException(MessageHelper.getMessage("security.wssecurity.CWSML7010E", new String[]{"AttributeValue", "Attribute"}));
                }
                if (sAMLAttribute.getAttributeNamespace() != null) {
                    Tr.warning(tc, MessageHelper.getMessage("security.wssecurity.CWSML7024W", new String[]{"AttributeNamespace", sAMLAttribute.getName(), "SAML v2.0"}));
                }
                sAMLAttribute.enforceSaml20();
            } else {
                if (!ConfigUtil.hasValue(sAMLAttribute.getName())) {
                    throw new WSSException(MessageHelper.getMessage("security.wssecurity.CWSML7006E", new String[]{"AttributeName", "Attribute"}));
                }
                if (sAMLAttribute.getStringAttributeValue() == null || sAMLAttribute.getStringAttributeValue().length == 0) {
                    throw new WSSException(MessageHelper.getMessage("security.wssecurity.CWSML7010E", new String[]{"AttributeValue", "Attribute"}));
                }
                if (sAMLAttribute.getNameFormat() != null) {
                    Tr.warning(tc, MessageHelper.getMessage("security.wssecurity.CWSML7024W", new String[]{"NameFormat", sAMLAttribute.getName(), "SAML v1.1"}));
                }
                if (sAMLAttribute.getFriendlyName() != null) {
                    Tr.warning(tc, MessageHelper.getMessage("security.wssecurity.CWSML7024W", new String[]{Attribute.FriendlyName, sAMLAttribute.getName(), "SAML v1.1"}));
                }
                sAMLAttribute.enforceSaml11();
            }
            arrayList.add(sAMLAttribute);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "checkAttributeSchema returns [" + ConfigUtil.getObjState(arrayList) + "]");
        }
        return arrayList;
    }
}
