package com.ibm.ws.wssecurity.core;

import com.ibm.ws.policyset.runtime.VariableExpander;
import com.ibm.ws.policyset.runtime.VariableExpanderFactory;
import com.ibm.ws.wssecurity.common.Constants;
import com.ibm.ws.wssecurity.config.DerivedKeyInfoConfig;
import com.ibm.ws.wssecurity.confimpl.PrivateCommonConfig;
import com.ibm.ws.wssecurity.confimpl.PrivateConsumerConfig;
import com.ibm.ws.wssecurity.core.token.TokenConsumerComponent;
import com.ibm.ws.wssecurity.handler.PolicyInboundConfig;
import com.ibm.ws.wssecurity.handler.WSSBasicAuth;
import com.ibm.ws.wssecurity.handler.WSSBinding;
import com.ibm.ws.wssecurity.handler.WSSBindings;
import com.ibm.ws.wssecurity.handler.WSSCallbackHandler;
import com.ibm.ws.wssecurity.handler.WSSCaller;
import com.ibm.ws.wssecurity.handler.WSSCertPathSettings;
import com.ibm.ws.wssecurity.handler.WSSCollectionCertStores;
import com.ibm.ws.wssecurity.handler.WSSDerivedKeyInfo;
import com.ibm.ws.wssecurity.handler.WSSEncryptionInfo;
import com.ibm.ws.wssecurity.handler.WSSEncryptionPartReference;
import com.ibm.ws.wssecurity.handler.WSSInboundBinding;
import com.ibm.ws.wssecurity.handler.WSSJaasConfig;
import com.ibm.ws.wssecurity.handler.WSSKey;
import com.ibm.ws.wssecurity.handler.WSSKeyInfo;
import com.ibm.ws.wssecurity.handler.WSSKeyStore;
import com.ibm.ws.wssecurity.handler.WSSLdapCertStores;
import com.ibm.ws.wssecurity.handler.WSSSigningInfo;
import com.ibm.ws.wssecurity.handler.WSSSigningPartReference;
import com.ibm.ws.wssecurity.handler.WSSToken;
import com.ibm.ws.wssecurity.handler.WSSTransform;
import com.ibm.ws.wssecurity.handler.WSSTrustAnchor;
import com.ibm.ws.wssecurity.keyinfo.KeyInfoContentConsumerComponent;
import com.ibm.ws.wssecurity.platform.util.PasswordUtilFactory;
import com.ibm.ws.wssecurity.util.CertificateUtil;
import com.ibm.ws.wssecurity.util.ConfigConstants;
import com.ibm.ws.wssecurity.util.ConfigUtil;
import com.ibm.ws.wssecurity.util.DOMUtils;
import com.ibm.ws.wssecurity.util.Tr;
import com.ibm.ws.wssecurity.util.TraceComponent;
import com.ibm.ws.wssecurity.wssapi.token.impl.KeyStoreManager;
import com.ibm.wsspi.wssecurity.core.SoapSecurityException;
import java.io.File;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.Security;
import java.security.cert.CertStore;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509CRL;
import java.security.cert.X509CertSelector;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import javax.xml.namespace.QName;

/* loaded from: input_file:lib/com.ibm.wsfp.main.jar:com/ibm/ws/wssecurity/core/WSSecurityDefaultConsumerConfig.class */
public class WSSecurityDefaultConsumerConfig extends PrivateConsumerConfig {
    private static final String comp = "security.wssecurity";
    private static WSSBindings securityBindings;
    private static final TraceComponent tc = Tr.register(WSSecurityDefaultConsumerConfig.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.wssmessages");
    private static final String clsName = WSSecurityDefaultConsumerConfig.class.getName();

    public WSSecurityDefaultConsumerConfig(WSSBindings wSSBindings) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "WSSecurityDefaultConsumerConfig(Consumer):", new Object[]{wSSBindings});
        }
        init(wSSBindings);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "WSSecurityDefaultConsumerConfig(Consumer");
        }
    }

    protected final void init(WSSBindings wSSBindings) throws SoapSecurityException {
        String dataEncryptionKeyInfo;
        String str;
        String str2;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "init(Consumer):", new Object[]{wSSBindings});
        }
        HashMap hashMap = new HashMap();
        this._properties = new HashMap();
        WSSFactory wSSFactory = WSSFactory.getInstance("soap");
        HashMap hashMap2 = new HashMap();
        securityBindings = wSSBindings;
        VariableExpander variableExpander = VariableExpanderFactory.getVariableExpander();
        processPrivateConfig(DOMUtils.getPrivateConfig());
        WSSBinding applicationBindings = securityBindings.getApplicationBindings();
        WSSInboundBinding securityInboundBindingConfig = applicationBindings != null ? applicationBindings.getSecurityInboundBindingConfig() : null;
        List<WSSEncryptionInfo> list = null;
        List<WSSKeyInfo> list2 = null;
        List<WSSSigningInfo> list3 = null;
        List<WSSToken> list4 = null;
        List<WSSCaller> list5 = null;
        List<WSSTrustAnchor> list6 = null;
        if (applicationBindings != null) {
            List<Object> parameters = applicationBindings.getParameters();
            r40 = parameters != null ? ConfigConstants.getProperties(parameters, variableExpander) : null;
            if (r40 != null) {
                this._properties.putAll(r40);
            }
            if (securityInboundBindingConfig != null) {
                List<Object> properties = securityInboundBindingConfig.getProperties();
                r41 = properties != null ? ConfigConstants.getProperties(properties, variableExpander) : null;
                if (r41 != null) {
                    this._properties.putAll(r41);
                }
            }
        }
        inspectGeneralProperties();
        List<WSSCollectionCertStores> list7 = null;
        List<WSSLdapCertStores> list8 = null;
        HashMap hashMap3 = new HashMap();
        boolean z = false;
        boolean z2 = false;
        if (securityInboundBindingConfig != null) {
            list = securityInboundBindingConfig.getEncryptionInfos();
            list7 = securityInboundBindingConfig.getCollectionCertStores();
            list8 = securityInboundBindingConfig.getLdapCertStores();
            list2 = securityInboundBindingConfig.getKeyInfos();
            list3 = securityInboundBindingConfig.getSigningInfos();
            list4 = securityInboundBindingConfig.getTokens();
            list6 = securityInboundBindingConfig.getTrustAnchors();
            list5 = securityInboundBindingConfig.getCallers();
            z = securityInboundBindingConfig.isExplicitlyProtectSignatureConfirmation();
            z2 = securityInboundBindingConfig.isOnlySignEntireHeadersAndBody();
            String targetNamespace = securityInboundBindingConfig.getTargetNamespace();
            r32 = targetNamespace.equals("com.ibm.xmlns.prod.websphere._200608.ws_securitybinding");
            this._defaultBindingNamespace = targetNamespace;
            if (tc.isDebugEnabled()) {
                String obj = r40 == null ? "null" : r40.toString();
                String obj2 = r41 == null ? "null" : r41.toString();
                Tr.debug(tc, "Default bindings name space = " + targetNamespace);
                Tr.debug(tc, "Default Inbound Binding (SigningInfos, EncryptionInfos, KeyInfos, TokenConsumers, ExplicitlyProtectSignatureConfirmation, OnlySignEntireHeadersAndBodyProperty):", new Object[]{list3, list, list2, list4, Boolean.valueOf(z), Boolean.valueOf(z2), obj, obj2});
            }
        }
        this._explicitlyProtectSignatureConfirmation = z;
        this._onlySignEntireHeadersAndBody = z2;
        if (list4 != null) {
            int size = list4.size();
            for (int i = 0; i < size; i++) {
                WSSToken wSSToken = list4.get(i);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Processing token consumer: " + wSSToken.getName());
                }
                QName valueType = wSSToken.getValueType();
                if (valueType == null) {
                    throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.nullValueType", wSSToken.getName());
                }
                String securityTokenReference = wSSToken.getSecurityTokenReference();
                if (securityTokenReference != null && securityTokenReference.length() > 0) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Found securityTokenReference on default bindings. This is not supported.");
                    }
                    throw SoapSecurityException.format("security.wssecurity.WSSecurityDefaultConsumerConfig.s04", securityTokenReference, valueType.toString());
                }
                PrivateConsumerConfig.TokenConsumerConfImpl tokenConsumerConfImpl = new PrivateConsumerConfig.TokenConsumerConfImpl();
                tokenConsumerConfImpl._type = valueType;
                tokenConsumerConfImpl._isDefault = true;
                tokenConsumerConfImpl._className = wSSToken.getClassname();
                if (!this._defaultTokenConsumers.contains(tokenConsumerConfImpl._className)) {
                    this._userDefinedComponentsUsed = true;
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "userDefinedComponentsUsed set to true; token consumer = " + tokenConsumerConfImpl._className);
                    }
                }
                boolean z3 = false;
                WSSCallbackHandler callbackHandler = wSSToken.getCallbackHandler();
                if (callbackHandler != null) {
                    PrivateCommonConfig.CallbackHandlerConfImpl callbackHandlerConfImpl = new PrivateCommonConfig.CallbackHandlerConfImpl();
                    callbackHandlerConfImpl._className = callbackHandler.getClassname();
                    if (!this._defaultCallbackHandlers.contains(callbackHandlerConfImpl._className)) {
                        this._userDefinedComponentsUsed = true;
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "userDefinedComponentsUsed set to true; callback handler = " + callbackHandlerConfImpl._className);
                        }
                    }
                    WSSKeyStore keyStore = callbackHandler.getKeyStore();
                    if (keyStore != null) {
                        PrivateCommonConfig.KeyStoreConfImpl keyStoreConfImpl = new PrivateCommonConfig.KeyStoreConfImpl();
                        keyStoreConfImpl._type = keyStore.getType();
                        keyStoreConfImpl._path = ConfigUtil.expandInstallLocation(keyStore.getPath());
                        keyStoreConfImpl._password = PasswordUtilFactory.getInstance().passwordDecode(keyStore.getStorepass());
                        keyStoreConfImpl._ksRef = keyStore.getKeyStoreRef();
                        callbackHandlerConfImpl._keyStore = keyStoreConfImpl;
                        if (keyStoreConfImpl._ksRef != null && keyStoreConfImpl._ksRef.length() != 0) {
                            tokenConsumerConfImpl._properties.put("com.ibm.ws.wssecurity.config.keystore.keyStoreRef", keyStoreConfImpl._ksRef);
                        }
                    }
                    WSSKey key = callbackHandler.getKey();
                    if (key != null) {
                        PrivateCommonConfig.KeyInformationConfImpl keyInformationConfImpl = new PrivateCommonConfig.KeyInformationConfImpl();
                        keyInformationConfImpl._alias = key.getAlias();
                        keyInformationConfImpl._keypass = PasswordUtilFactory.getInstance().passwordDecode(key.getKeypass());
                        keyInformationConfImpl._name = key.getName();
                        callbackHandlerConfImpl._keyInformation = keyInformationConfImpl;
                    }
                    WSSCertPathSettings certPathSettings = callbackHandler.getCertPathSettings();
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "certPathSettings = " + certPathSettings);
                    }
                    if (certPathSettings != null) {
                        tokenConsumerConfImpl._certPathSettingsAcquired = true;
                        callbackHandlerConfImpl._trustAnyCertificate = certPathSettings.isTrustAnyCertificate();
                        if (!certPathSettings.isTrustAnyCertificate()) {
                            String trustAnchorRef = certPathSettings.getTrustAnchorRef();
                            String certStoreRef = certPathSettings.getCertStoreRef();
                            if (trustAnchorRef != null || certStoreRef != null) {
                                if (trustAnchorRef != null) {
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "TrustAnchorRef = " + trustAnchorRef);
                                    }
                                    int i2 = 0;
                                    while (true) {
                                        if (i2 >= list6.size()) {
                                            break;
                                        }
                                        WSSTrustAnchor wSSTrustAnchor = list6.get(i2);
                                        if (trustAnchorRef == null || !trustAnchorRef.equals(wSSTrustAnchor.getName())) {
                                            i2++;
                                        } else {
                                            WSSKeyStore keyStore2 = wSSTrustAnchor.getKeyStore();
                                            if (keyStore2 != null) {
                                                PrivateCommonConfig.KeyStoreConfImpl keyStoreConfImpl2 = new PrivateCommonConfig.KeyStoreConfImpl();
                                                keyStoreConfImpl2._type = keyStore2.getType();
                                                keyStoreConfImpl2._path = ConfigUtil.expandInstallLocation(keyStore2.getPath());
                                                keyStoreConfImpl2._password = PasswordUtilFactory.getInstance().passwordDecode(keyStore2.getStorepass());
                                                keyStoreConfImpl2._ksRef = keyStore2.getKeyStoreRef();
                                                callbackHandlerConfImpl._trustAnchor = keyStoreConfImpl2;
                                            }
                                            z3 = true;
                                        }
                                    }
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "(from application binding) Keystore for TrustAnchor: " + trustAnchorRef + " = " + callbackHandlerConfImpl._trustAnchor + ": Found = " + z3);
                                    }
                                    if (!z3) {
                                        throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s31", trustAnchorRef);
                                    }
                                }
                                if (callbackHandlerConfImpl._trustAnchor == null) {
                                    throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s32");
                                }
                                KeyStoreManager keyStoreManager = KeyStoreManager.getInstance();
                                PrivateCommonConfig.KeyStoreConfImpl keyStoreConfImpl3 = callbackHandlerConfImpl._trustAnchor;
                                PKIXBuilderParameters pKIXBuilderParameters = null;
                                Provider provider = null;
                                try {
                                    pKIXBuilderParameters = new PKIXBuilderParameters(keyStoreManager.getKeyStore(keyStoreConfImpl3._path, keyStoreConfImpl3._type, keyStoreConfImpl3._password == null ? null : keyStoreConfImpl3._password.toCharArray(), keyStoreConfImpl3._ksRef), new X509CertSelector());
                                    pKIXBuilderParameters.setDate(null);
                                    boolean z4 = false;
                                    if (certStoreRef != null) {
                                        if (tc.isDebugEnabled()) {
                                            Tr.debug(tc, "CertStoreRef = " + certStoreRef);
                                        }
                                        if (list7 != null || list8 != null) {
                                            int size2 = list7.size();
                                            if (size2 > 0) {
                                                int i3 = 0;
                                                while (true) {
                                                    if (i3 >= size2) {
                                                        break;
                                                    }
                                                    WSSCollectionCertStores wSSCollectionCertStores = list7.get(i3);
                                                    if (tc.isDebugEnabled()) {
                                                        Tr.debug(tc, "collectionCertStores.get(" + i3 + ") = " + wSSCollectionCertStores.getName());
                                                    }
                                                    if (certStoreRef == null || !certStoreRef.equals(wSSCollectionCertStores.getName())) {
                                                        i3++;
                                                    } else {
                                                        provider = Security.getProvider(wSSCollectionCertStores.getProvider());
                                                        HashMap hashMap4 = new HashMap();
                                                        HashSet hashSet = new HashSet();
                                                        List<String> x509Paths = wSSCollectionCertStores.getX509Paths();
                                                        int size3 = x509Paths.size();
                                                        if (size3 > 0) {
                                                            for (int i4 = 0; i4 < size3; i4++) {
                                                                String expandInstallLocation = ConfigUtil.expandInstallLocation(x509Paths.get(i4));
                                                                CertificateFactory certificateFactory = (CertificateFactory) hashMap4.get("");
                                                                if (certificateFactory == null) {
                                                                    certificateFactory = ConfigUtil.createCertificateFactory("");
                                                                    hashMap4.put("", certificateFactory);
                                                                }
                                                                hashSet.add(ConfigUtil.getX509Certificate(new File(expandInstallLocation), certificateFactory));
                                                                if (tc.isDebugEnabled()) {
                                                                    Tr.debug(tc, "Adding the X509 Certificate: " + expandInstallLocation);
                                                                }
                                                            }
                                                        }
                                                        List<String> cRLPaths = wSSCollectionCertStores.getCRLPaths();
                                                        int size4 = cRLPaths.size();
                                                        if (size4 > 0) {
                                                            for (int i5 = 0; i5 < size4; i5++) {
                                                                String expandInstallLocation2 = ConfigUtil.expandInstallLocation(cRLPaths.get(i5));
                                                                CertificateFactory certificateFactory2 = (CertificateFactory) hashMap4.get("");
                                                                if (certificateFactory2 == null) {
                                                                    certificateFactory2 = ConfigUtil.createCertificateFactory("");
                                                                    hashMap4.put("", certificateFactory2);
                                                                }
                                                                X509CRL x509crl = ConfigUtil.getX509CRL(new File(expandInstallLocation2), certificateFactory2);
                                                                hashSet.add(x509crl);
                                                                if (tc.isDebugEnabled()) {
                                                                    Tr.debug(tc, "Adding the X509 CRL: " + expandInstallLocation2);
                                                                    CertificateUtil.listCrlContents(x509crl);
                                                                }
                                                                z4 = true;
                                                            }
                                                        }
                                                        CollectionCertStoreParameters collectionCertStoreParameters = null;
                                                        try {
                                                            collectionCertStoreParameters = new CollectionCertStoreParameters(hashSet);
                                                            pKIXBuilderParameters.addCertStore(provider == null ? CertStore.getInstance("Collection", collectionCertStoreParameters) : CertStore.getInstance("Collection", collectionCertStoreParameters, provider));
                                                            if (tc.isDebugEnabled()) {
                                                                Tr.debug(tc, "Found CertStore for " + certStoreRef);
                                                            }
                                                        } catch (InvalidAlgorithmParameterException e) {
                                                            Tr.processException(e, clsName + ".init", "535", this);
                                                            String collectionCertStoreParameters2 = collectionCertStoreParameters == null ? "null" : collectionCertStoreParameters.toString() == null ? "" : collectionCertStoreParameters.toString();
                                                            Tr.error(tc, "security.wssecurity.WSSecurityDefaultConsumerConfig.s03", new Object[]{collectionCertStoreParameters2});
                                                            throw SoapSecurityException.format("security.wssecurity.WSSecurityDefaultConsumerConfig.s03", collectionCertStoreParameters2, e);
                                                        } catch (NoSuchAlgorithmException e2) {
                                                            Tr.processException(e2, clsName + ".init", "530", this);
                                                            Tr.error(tc, "security.wssecurity.WSSecurityDefaultConsumerConfig.s02", new Object[]{"Collection", e2});
                                                            throw SoapSecurityException.format("security.wssecurity.WSSecurityDefaultConsumerConfig.s02", "Collection", e2.toString());
                                                        } catch (Throwable th) {
                                                            Tr.processException(th, clsName + ".init", "541", this);
                                                            Tr.error(tc, "security.wssecurity.load.collectioncertstore.failed", new String[]{wSSCollectionCertStores.getName(), th.getMessage()});
                                                            throw SoapSecurityException.format("security.wssecurity.load.collectioncertstore.failed", new String[]{wSSCollectionCertStores.getName(), th.getMessage()}, th);
                                                        }
                                                    }
                                                }
                                            }
                                        }
                                    }
                                    if (z4) {
                                        pKIXBuilderParameters.setRevocationEnabled(true);
                                        callbackHandlerConfImpl._properties.put(PolicyInboundConfig.PIC_REVOCATION_ENABLED, "true");
                                        if (tc.isDebugEnabled()) {
                                            Tr.debug(tc, "One or more CRLs were found.");
                                            Tr.debug(tc, "Revocation is Enabled.");
                                        }
                                    } else {
                                        pKIXBuilderParameters.setRevocationEnabled(false);
                                        callbackHandlerConfImpl._properties.put(PolicyInboundConfig.PIC_REVOCATION_ENABLED, "false");
                                        if (tc.isDebugEnabled()) {
                                            Tr.debug(tc, "No CRLs found.");
                                            Tr.debug(tc, "Revocation is Not Enabled.");
                                        }
                                    }
                                    if (tc.isDebugEnabled() && pKIXBuilderParameters != null) {
                                        Tr.debug(tc, "Revocation setting: " + pKIXBuilderParameters.isRevocationEnabled());
                                        Tr.debug(tc, "WSSecurityDefaultConsumerConfig pkixBuilderParams: [" + pKIXBuilderParameters + "]");
                                    }
                                    callbackHandlerConfImpl._provider = provider;
                                    callbackHandlerConfImpl._pkixBuilderParams = pKIXBuilderParameters;
                                    callbackHandlerConfImpl._certStores = pKIXBuilderParameters.getCertStores();
                                } catch (Exception e3) {
                                    Tr.processException(e3, clsName + ".init", "403", this);
                                    String str3 = null;
                                    if (e3 instanceof InvalidAlgorithmParameterException) {
                                        str2 = "security.wssecurity.WSSecurityDefaultConsumerConfig.s03";
                                        str3 = pKIXBuilderParameters == null ? "null" : pKIXBuilderParameters.toString() == null ? "" : pKIXBuilderParameters.toString();
                                        if (tc.isDebugEnabled()) {
                                            Tr.debug(tc, "===> ACTION for InvalidAlgorithmParameterException:");
                                            Tr.debug(tc, "===> Check if there is at least one trusted certificate entry (trustedCertEntry) in the keystore.");
                                        }
                                    } else {
                                        str2 = e3 instanceof KeyStoreException ? "security.wssecurity.WSSecurityDefaultConsumerConfig.s01" : "security.wssecurity.WSSecurityBindingLoaderImpl.s01";
                                    }
                                    if (str3 != null) {
                                        Tr.error(tc, str2, new Object[]{str3});
                                        throw SoapSecurityException.format(str2, str3, e3);
                                    }
                                    if (tc.isDebugEnabled()) {
                                        if (pKIXBuilderParameters == null) {
                                            Tr.debug(tc, "WSSecurityDefaultConsumerConfig pkixBuilderParams: [null]");
                                        } else {
                                            Tr.debug(tc, "WSSecurityDefaultConsumerConfig pkixBuilderParams: [" + pKIXBuilderParameters + "]");
                                        }
                                    }
                                    Tr.error(tc, str2, e3.toString());
                                    throw SoapSecurityException.format(str2, e3);
                                }
                            }
                        }
                    }
                    WSSBasicAuth basicAuth = callbackHandler.getBasicAuth();
                    if (basicAuth != null) {
                        String userid = basicAuth.getUserid();
                        if (userid != null && userid.length() > 0) {
                            callbackHandlerConfImpl._userId = userid;
                        }
                        String passwordDecode = PasswordUtilFactory.getInstance().passwordDecode(basicAuth.getPassword());
                        if (passwordDecode != null && passwordDecode.length() > 0) {
                            callbackHandlerConfImpl._userPassword = passwordDecode.toCharArray();
                        }
                    }
                    ConfigConstants.getProperties(callbackHandlerConfImpl._properties, callbackHandler.getProperties(), variableExpander);
                    tokenConsumerConfImpl._callbackHandler = callbackHandlerConfImpl;
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Adding the callback handler: " + callbackHandlerConfImpl.getClassName());
                    }
                }
                WSSJaasConfig jaasConfig = wSSToken.getJaasConfig();
                if (jaasConfig == null) {
                    throw SoapSecurityException.format("security.wssecurity.PolicyInOutboundConfig.s20", valueType.toString());
                }
                tokenConsumerConfImpl._jaasConfig = jaasConfig.getConfigName();
                if (!this._defaultJAASConfigs.contains(tokenConsumerConfImpl._jaasConfig)) {
                    this._userDefinedComponentsUsed = true;
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "userDefinedComponentsUsed set to true; JAAS config = " + tokenConsumerConfImpl._jaasConfig);
                    }
                }
                ConfigConstants.getProperties(tokenConsumerConfImpl._jaasConfigProperties, jaasConfig.getProperties(), variableExpander);
                ConfigConstants.getProperties(tokenConsumerConfImpl._properties, wSSToken.getProperties(), variableExpander);
                hashMap2.clear();
                hashMap2.put(WSSFactory.TYPE, WSSFactory.PLUGGABLE);
                hashMap2.put(WSSFactory.CLASSNAME, tokenConsumerConfImpl._className);
                if (0 != 0) {
                    hashMap2.put(WSSFactory.CLASSLOADER, null);
                }
                try {
                    tokenConsumerConfImpl._instance = (TokenConsumerComponent) wSSFactory.createConsumer(hashMap2, new HashMap());
                } catch (SoapSecurityException e4) {
                    Tr.warning(tc, "security.wssecurity.Instantiate", new Object[]{tokenConsumerConfImpl._className});
                }
                this._tokenConsumers.add(tokenConsumerConfImpl);
                String trim = ConfigUtil.trim(wSSToken.getName());
                if (trim == null || trim.length() == 0) {
                    throw SoapSecurityException.format("security.wssecurity.PrivateGeneratorConfig.s26");
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Adding token consumer: " + trim);
                }
                hashMap3.put(trim, tokenConsumerConfImpl);
                tokenConsumerConfImpl._name = trim;
            }
        }
        ArrayList arrayList = new ArrayList();
        if (list2 != null) {
            int size5 = list2.size();
            for (int i6 = 0; i6 < size5; i6++) {
                WSSKeyInfo wSSKeyInfo = list2.get(i6);
                PrivateConsumerConfig.KeyInfoContentConsumerConfImpl keyInfoContentConsumerConfImpl = new PrivateConsumerConfig.KeyInfoContentConsumerConfImpl();
                keyInfoContentConsumerConfImpl._className = wSSKeyInfo.getClassname();
                if (!this._defaultKeyInfoContentConsumers.contains(keyInfoContentConsumerConfImpl._className)) {
                    this._userDefinedComponentsUsed = true;
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "userDefinedComponentsUsed set to true; KeyInfoContentConsumer config = " + keyInfoContentConsumerConfImpl._className);
                    }
                }
                String tokenReference = wSSKeyInfo.getTokenReference();
                if (tokenReference != null && tokenReference != null && tokenReference.length() > 0) {
                    keyInfoContentConsumerConfImpl._tokenConsumer = (PrivateConsumerConfig.TokenConsumerConfImpl) hashMap3.get(tokenReference);
                    if (keyInfoContentConsumerConfImpl._tokenConsumer == null) {
                        throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s31", tokenReference);
                    }
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Got the token reference: " + tokenReference);
                    }
                    if (0 == 0 && (str = (String) keyInfoContentConsumerConfImpl._tokenConsumer._properties.get(Constants.CON_KEY_STORE_NAME)) != null && ConfigUtil.isHWKeyStore(str)) {
                        keyInfoContentConsumerConfImpl._properties.put(Constants.CON_KEY_STORE_NAME, str);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Hardware KeyStore is selected: " + str);
                        }
                    }
                }
                if (wSSKeyInfo.getDerivedKeyInfo() != null) {
                    WSSDerivedKeyInfo derivedKeyInfo = wSSKeyInfo.getDerivedKeyInfo();
                    DerivedKeyInfoConfig derivedKeyInfoConfig = new DerivedKeyInfoConfig();
                    derivedKeyInfoConfig.setClientLabel(derivedKeyInfo.getClientLabel());
                    derivedKeyInfoConfig.setServiceLabel(derivedKeyInfo.getServiceLabel());
                    derivedKeyInfoConfig.setKeyLength(derivedKeyInfo.getKeyLength());
                    derivedKeyInfoConfig.setNonceLength(derivedKeyInfo.getNonceLength());
                    derivedKeyInfoConfig.setRequireDerivedKeys(derivedKeyInfo.isRequireDerivedKeys());
                    derivedKeyInfoConfig.setRequireExplicitDerivedKeys(derivedKeyInfo.isRequireExplicitDerivedKeys());
                    derivedKeyInfoConfig.setRequireImpliedDerivedKeys(derivedKeyInfo.isRequireImpliedDerivedKeys());
                    keyInfoContentConsumerConfImpl._derivedKeyInfo = derivedKeyInfoConfig;
                } else {
                    Map<Object, Object> properties2 = keyInfoContentConsumerConfImpl.getTokenConsumer().getProperties();
                    String str4 = (String) properties2.get(com.ibm.wsspi.wssecurity.core.Constants.DERIVED_KEY_LENGTH);
                    String str5 = (String) properties2.get("com.ibm.ws.wssecurity.sc.dkt.ServiceLabel");
                    String str6 = (String) properties2.get("com.ibm.ws.wssecurity.sc.dkt.ClientLabel");
                    String str7 = (String) properties2.get(Constants.REQUIRED_IMPLIED_DERIVED_KEYS);
                    if (Constants.SC_200502.equals(keyInfoContentConsumerConfImpl._tokenConsumer._type)) {
                        DerivedKeyInfoConfig derivedKeyInfoConfig2 = new DerivedKeyInfoConfig();
                        derivedKeyInfoConfig2.setRequireDerivedKeys(true);
                        derivedKeyInfoConfig2.setRequireExplicitDerivedKeys(true);
                        if (str4 != null && str4.length() > 0) {
                            derivedKeyInfoConfig2.setKeyLength(str4);
                        }
                        if (str5 != null && str5.length() > 0) {
                            derivedKeyInfoConfig2.setServiceLabel(str5);
                        }
                        if (str6 != null && str6.length() > 0) {
                            derivedKeyInfoConfig2.setClientLabel(str6);
                        }
                        if ("true".equals(str7)) {
                            derivedKeyInfoConfig2.setRequireImpliedDerivedKeys(true);
                        }
                        keyInfoContentConsumerConfImpl._derivedKeyInfo = derivedKeyInfoConfig2;
                    }
                }
                ConfigConstants.getProperties(keyInfoContentConsumerConfImpl._properties, wSSKeyInfo.getProperties(), variableExpander);
                hashMap2.clear();
                hashMap2.put(WSSFactory.TYPE, WSSFactory.PLUGGABLE);
                hashMap2.put(WSSFactory.CLASSNAME, keyInfoContentConsumerConfImpl._className);
                if (keyInfoContentConsumerConfImpl._className == null || keyInfoContentConsumerConfImpl._className.length() == 0) {
                    throw SoapSecurityException.format("security.wssecurity.WSSFactorySOAPImpl.s03");
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "KeyInfoContentConsumer classname = " + keyInfoContentConsumerConfImpl._className);
                }
                if (this._defaultKeyInfoContentConsumers.contains(keyInfoContentConsumerConfImpl._className)) {
                    hashMap2.put(WSSFactory.CLASSLOADER, getClass().getClassLoader());
                } else if (0 != 0) {
                    hashMap2.put(WSSFactory.CLASSLOADER, null);
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "ClassLoader used = " + hashMap2.get(WSSFactory.CLASSLOADER));
                }
                try {
                    keyInfoContentConsumerConfImpl._instance = (KeyInfoContentConsumerComponent) wSSFactory.createConsumer(hashMap2, new HashMap());
                } catch (SoapSecurityException e5) {
                    Tr.warning(tc, "security.wssecurity.Instantiate", new Object[]{keyInfoContentConsumerConfImpl._className});
                }
                arrayList.add(keyInfoContentConsumerConfImpl);
                String name = wSSKeyInfo.getName();
                if (name == null || name.length() == 0) {
                    throw SoapSecurityException.format("security.wssecurity.PrivateGeneratorConfig.s28");
                }
                if (hashMap.containsKey(name) && tc.isDebugEnabled()) {
                    Tr.debug(tc, "WARNING: key info [" + name + "] is overwritten.");
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Adding key info: " + name);
                }
                hashMap.put(name, keyInfoContentConsumerConfImpl);
            }
        }
        if (list != null) {
            int size6 = list.size();
            for (int i7 = 0; i7 < size6; i7++) {
                boolean z5 = false;
                WSSEncryptionInfo wSSEncryptionInfo = list.get(i7);
                PrivateConsumerConfig.EncryptionConsumerConfImpl encryptionConsumerConfImpl = new PrivateConsumerConfig.EncryptionConsumerConfImpl();
                PrivateConsumerConfig.KeyInfoConsumerConfImpl keyInfoConsumerConfImpl = new PrivateConsumerConfig.KeyInfoConsumerConfImpl();
                WSSEncryptionPartReference encryptionPartReference = wSSEncryptionInfo.getEncryptionPartReference();
                if (encryptionPartReference != null && (dataEncryptionKeyInfo = encryptionPartReference.getDataEncryptionKeyInfo()) != null) {
                    z5 = true;
                    encryptionConsumerConfImpl._isKeyDecryption = false;
                    keyInfoConsumerConfImpl._contentConsumers = new ArrayList();
                    if (dataEncryptionKeyInfo != null && dataEncryptionKeyInfo.length() > 0) {
                        PrivateConsumerConfig.KeyInfoContentConsumerConfImpl keyInfoContentConsumerConfImpl2 = (PrivateConsumerConfig.KeyInfoContentConsumerConfImpl) hashMap.get(dataEncryptionKeyInfo);
                        if (keyInfoContentConsumerConfImpl2 == null) {
                            throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s31", dataEncryptionKeyInfo);
                        }
                        PrivateConsumerConfig.TokenConsumerConfImpl tokenConsumerConfImpl2 = keyInfoContentConsumerConfImpl2._tokenConsumer;
                        if (tokenConsumerConfImpl2 != null) {
                            tokenConsumerConfImpl2._usedForDecryption = true;
                        }
                        keyInfoConsumerConfImpl._contentConsumers.add(keyInfoContentConsumerConfImpl2);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Got the key info reference: " + dataEncryptionKeyInfo);
                        }
                    }
                }
                if (!z5) {
                    List<String> keyEncryptionKeyInfos = wSSEncryptionInfo.getKeyEncryptionKeyInfos();
                    if (keyEncryptionKeyInfos == null || keyEncryptionKeyInfos.size() == 0) {
                        keyInfoConsumerConfImpl._contentConsumers = arrayList;
                        int size7 = arrayList.size();
                        for (int i8 = 0; i8 < size7; i8++) {
                            PrivateConsumerConfig.TokenConsumerConfImpl tokenConsumerConfImpl3 = ((PrivateConsumerConfig.KeyInfoContentConsumerConfImpl) arrayList.get(i8))._tokenConsumer;
                            if (tokenConsumerConfImpl3 != null) {
                                tokenConsumerConfImpl3._usedForDecryption = true;
                            }
                        }
                    } else {
                        encryptionConsumerConfImpl._isKeyDecryption = true;
                        keyInfoConsumerConfImpl._contentConsumers = new ArrayList();
                        int size8 = keyEncryptionKeyInfos.size();
                        for (int i9 = 0; i9 < size8; i9++) {
                            String str8 = keyEncryptionKeyInfos.get(i9);
                            if (str8 != null && str8.length() > 0) {
                                PrivateConsumerConfig.KeyInfoContentConsumerConfImpl keyInfoContentConsumerConfImpl3 = (PrivateConsumerConfig.KeyInfoContentConsumerConfImpl) hashMap.get(str8);
                                if (keyInfoContentConsumerConfImpl3 == null) {
                                    throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s31", str8);
                                }
                                PrivateConsumerConfig.TokenConsumerConfImpl tokenConsumerConfImpl4 = keyInfoContentConsumerConfImpl3._tokenConsumer;
                                if (tokenConsumerConfImpl4 != null) {
                                    tokenConsumerConfImpl4._usedForDecryption = true;
                                }
                                keyInfoConsumerConfImpl._contentConsumers.add(keyInfoContentConsumerConfImpl3);
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "Got the key info reference: " + str8);
                                }
                            }
                        }
                    }
                }
                encryptionConsumerConfImpl._encryptionKeyInfo = keyInfoConsumerConfImpl;
                ConfigConstants.getProperties(encryptionConsumerConfImpl._properties, wSSEncryptionInfo.getProperties(), variableExpander);
                this._encryptionConsumers.add(encryptionConsumerConfImpl);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Adding encryption consumer.");
                }
            }
        }
        if (list3 != null) {
            int size9 = list3.size();
            for (int i10 = 0; i10 < size9; i10++) {
                WSSSigningInfo wSSSigningInfo = list3.get(i10);
                PrivateConsumerConfig.SignatureConsumerConfImpl signatureConsumerConfImpl = new PrivateConsumerConfig.SignatureConsumerConfImpl();
                List<WSSSigningPartReference> signingPartReferences = wSSSigningInfo.getSigningPartReferences();
                if (signingPartReferences != null) {
                    int size10 = signingPartReferences.size();
                    for (int i11 = 0; i11 < size10; i11++) {
                        WSSSigningPartReference wSSSigningPartReference = signingPartReferences.get(i11);
                        PrivateCommonConfig.SigningReferenceConfImpl signingReferenceConfImpl = new PrivateCommonConfig.SigningReferenceConfImpl();
                        wSSSigningPartReference.getReference();
                        List<WSSTransform> transforms = wSSSigningPartReference.getTransforms();
                        if (transforms != null) {
                            int size11 = transforms.size();
                            for (int i12 = 0; i12 < size11; i12++) {
                                WSSTransform wSSTransform = transforms.get(i12);
                                if (wSSTransform != null) {
                                    PrivateCommonConfig.AlgorithmConfImpl algorithmConfImpl = new PrivateCommonConfig.AlgorithmConfImpl();
                                    algorithmConfImpl._algorithm = wSSTransform.getAlgorithm();
                                    ConfigConstants.getProperties(algorithmConfImpl._properties, wSSTransform.getProperties(), variableExpander);
                                    signingReferenceConfImpl._transforms.add(algorithmConfImpl);
                                }
                            }
                        }
                        signatureConsumerConfImpl._references.add(signingReferenceConfImpl);
                    }
                } else if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "WARNING: PartReference not found on SigningInfo. PartReference is required in order to retrieve the signature algorithms from Policy.");
                }
                PrivateConsumerConfig.KeyInfoConsumerConfImpl keyInfoConsumerConfImpl2 = new PrivateConsumerConfig.KeyInfoConsumerConfImpl();
                List<String> signingKeyInfos = wSSSigningInfo.getSigningKeyInfos();
                if (signingKeyInfos == null || signingKeyInfos.size() == 0) {
                    keyInfoConsumerConfImpl2._contentConsumers = arrayList;
                    int size12 = arrayList.size();
                    for (int i13 = 0; i13 < size12; i13++) {
                        PrivateConsumerConfig.TokenConsumerConfImpl tokenConsumerConfImpl5 = ((PrivateConsumerConfig.KeyInfoContentConsumerConfImpl) arrayList.get(i13))._tokenConsumer;
                        if (tokenConsumerConfImpl5 != null) {
                            tokenConsumerConfImpl5._usedForVerification = true;
                        }
                    }
                } else {
                    keyInfoConsumerConfImpl2._contentConsumers = new ArrayList();
                    int size13 = signingKeyInfos.size();
                    for (int i14 = 0; i14 < size13; i14++) {
                        String str9 = signingKeyInfos.get(i14);
                        if (str9 != null && str9.length() > 0) {
                            PrivateConsumerConfig.KeyInfoContentConsumerConfImpl keyInfoContentConsumerConfImpl4 = (PrivateConsumerConfig.KeyInfoContentConsumerConfImpl) hashMap.get(str9);
                            if (keyInfoContentConsumerConfImpl4 == null) {
                                throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s31", str9);
                            }
                            PrivateConsumerConfig.TokenConsumerConfImpl tokenConsumerConfImpl6 = keyInfoContentConsumerConfImpl4._tokenConsumer;
                            if (tokenConsumerConfImpl6 != null) {
                                tokenConsumerConfImpl6._usedForVerification = true;
                            }
                            keyInfoConsumerConfImpl2._contentConsumers.add(keyInfoContentConsumerConfImpl4);
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Got the key info reference: " + str9);
                            }
                        }
                    }
                }
                signatureConsumerConfImpl._signingKeyInfo = keyInfoConsumerConfImpl2;
                ConfigConstants.getProperties(signatureConsumerConfImpl._properties, wSSSigningInfo.getProperties(), variableExpander);
                this._signatureConsumers.add(signatureConsumerConfImpl);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Adding signature consumer.");
                }
            }
        }
        if (list5 != null) {
            int size14 = list5.size();
            for (int i15 = 0; i15 < size14; i15++) {
                this._loginRequired = true;
                WSSCaller wSSCaller = list5.get(i15);
                if (wSSCaller != null) {
                    PrivateConsumerConfig.CallerConfImpl callerConfImpl = new PrivateConsumerConfig.CallerConfImpl();
                    if (wSSCaller.getOrder() != null && !r32) {
                        callerConfImpl._order = Integer.parseInt(wSSCaller.getOrder());
                    }
                    QName callerIdentity = wSSCaller.getCallerIdentity();
                    if (callerIdentity != null) {
                        callerConfImpl._callerIdentity = callerIdentity;
                    }
                    if (wSSCaller.isAnyTrustedIdentity()) {
                        callerConfImpl._anyTrustedIdentity = true;
                    } else {
                        QName trustedIdentity = wSSCaller.getTrustedIdentity();
                        if (trustedIdentity != null) {
                            callerConfImpl._identityAssertion = true;
                            callerConfImpl._trustedIdentity = trustedIdentity;
                        }
                    }
                    WSSJaasConfig jaasConfig2 = wSSCaller.getJaasConfig();
                    if (jaasConfig2 == null) {
                        throw SoapSecurityException.format("security.wssecurity.WSEC6834E", callerConfImpl.toString());
                    }
                    callerConfImpl._jaasConfig = jaasConfig2.getConfigName();
                    ConfigConstants.getProperties(callerConfImpl._jaasConfigProperties, jaasConfig2.getProperties(), variableExpander);
                    WSSCallbackHandler callbackHandler2 = wSSCaller.getCallbackHandler();
                    if (callbackHandler2 != null) {
                        PrivateCommonConfig.CallbackHandlerConfImpl callbackHandlerConfImpl2 = new PrivateCommonConfig.CallbackHandlerConfImpl();
                        callbackHandlerConfImpl2._className = callbackHandler2.getClassname();
                        if (!this._defaultCallbackHandlers.contains(callbackHandlerConfImpl2._className)) {
                            this._userDefinedComponentsUsed = true;
                        }
                        ConfigConstants.getProperties(callbackHandlerConfImpl2._properties, callbackHandler2.getProperties(), variableExpander);
                        callerConfImpl._callbackHandler = callbackHandlerConfImpl2;
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Adding the callback handler: " + callbackHandlerConfImpl2.getClassName());
                        }
                    }
                    this._callers.add(callerConfImpl);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Adding caller: " + callerConfImpl);
                    }
                }
            }
            if (!r32) {
                setOrderedCallerList();
                this._isOrderEnforced = true;
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "init(Consumer, HashMap):", new Object[]{wSSBindings, variableExpander});
        }
    }
}
