package com.ibm.ws.wssecurity.wssapi.token.impl;

import com.ibm.nws.ffdc.FFDCFilter;
import com.ibm.security.krb5.wss.util.LocalConstants;
import com.ibm.websphere.wssecurity.wssapi.WSSException;
import com.ibm.websphere.wssecurity.wssapi.XMLStructure;
import com.ibm.websphere.wssecurity.wssapi.token.SAMLToken;
import com.ibm.ws.wssecurity.platform.util.SubjectUtil;
import com.ibm.ws.wssecurity.platform.util.SubjectUtilFactory;
import com.ibm.ws.wssecurity.saml.assertion.wssapi.SAMLAssertionBuilder;
import com.ibm.ws.wssecurity.saml.assertion.wssapi.SAMLAssertionParser;
import com.ibm.ws.wssecurity.saml.assertion.wssapi.SAMLAssertionVerifier;
import com.ibm.ws.wssecurity.saml.common.SAML11Constants;
import com.ibm.ws.wssecurity.saml.common.SAMLAssertion;
import com.ibm.ws.wssecurity.saml.common.util.MessageHelper;
import com.ibm.ws.wssecurity.saml.config.impl.CredentialConfigImpl;
import com.ibm.ws.wssecurity.saml.config.impl.RequesterConfigImpl;
import com.ibm.ws.wssecurity.saml.config.impl.SamlConfigUtil;
import com.ibm.ws.wssecurity.saml.saml11.assertion.utils.SAMLTokenBuilder;
import com.ibm.ws.wssecurity.saml.security.impl.EncryptedDataConsumer;
import com.ibm.ws.wssecurity.saml.security.impl.SAMLSignatureVerification;
import com.ibm.ws.wssecurity.saml.security.impl.SamlSignatureUtils;
import com.ibm.ws.wssecurity.util.ConfigUtil;
import com.ibm.ws.wssecurity.util.DOMUtil;
import com.ibm.ws.wssecurity.util.DOMUtils;
import com.ibm.ws.wssecurity.util.StringUtil;
import com.ibm.ws.wssecurity.util.Tr;
import com.ibm.ws.wssecurity.util.TraceComponent;
import com.ibm.ws.wssecurity.util.WSSecurityFactoryBuilder;
import com.ibm.wsspi.wssecurity.core.SoapSecurityException;
import com.ibm.wsspi.wssecurity.core.token.config.RequesterConfiguration;
import com.ibm.wsspi.wssecurity.core.token.config.WSSConstants;
import com.ibm.wsspi.wssecurity.saml.config.ConsumerConfig;
import com.ibm.wsspi.wssecurity.saml.config.CredentialConfig;
import com.ibm.wsspi.wssecurity.saml.config.ProviderConfig;
import com.ibm.wsspi.wssecurity.saml.config.RequesterConfig;
import com.ibm.wsspi.wssecurity.saml.data.SAMLAttribute;
import com.ibm.wsspi.wssecurity.saml.data.SAMLNameID;
import com.ibm.wsspi.wssecurity.wssapi.OMStructure;
import com.ibm.wsspi.wssecurity.wssapi.OMStructureFactory;
import java.security.AccessController;
import java.security.Principal;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import javax.security.auth.Subject;
import javax.xml.namespace.QName;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMNamespace;

/* loaded from: input_file:lib/com.ibm.wsfp.main.jar:com/ibm/ws/wssecurity/wssapi/token/impl/SAML11TokenFactoryImpl.class */
public class SAML11TokenFactoryImpl extends SAMLTokenFactoryImpl {
    private static final String comp = "security.wssecurity";
    private static final TraceComponent tc = Tr.register(SAML11TokenFactoryImpl.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.samlmessages");
    private static final String clsName = SAML11TokenFactoryImpl.class.getName();
    private static String _factoryKey = (String) WSSecurityFactoryBuilder.getImplClassName("com.ibm.ws.wssecurity.platform.SAML11Token");
    private static TokenFactory _tokenFactory = TokenFactoryFactory.getTokenFactory(_factoryKey);

    public SAML11TokenFactoryImpl() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "SAML11TokenFactoryImpl()");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "SAML11TokenFactoryImpl()");
        }
    }

    public SAMLTokenImpl newSecurityToken(String str) throws WSSException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "newSecurityToken(" + str + ")");
        }
        SAML11TokenImpl sAML11TokenImpl = (SAML11TokenImpl) _tokenFactory.getToken(true);
        sAML11TokenImpl.setValueType(str);
        return sAML11TokenImpl;
    }

    @Override // com.ibm.websphere.wssecurity.wssapi.token.SAMLTokenFactory
    public RequesterConfig newBearerTokenGenerateConfig() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "newBearerTokenGenerateConfig()");
        }
        RequesterConfigImpl requesterConfigImpl = new RequesterConfigImpl();
        requesterConfigImpl.getRSTTProperties().put(RequesterConfiguration.RSTT.KEYTYPE, "http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer");
        requesterConfigImpl.setConfirmationMethod(SAML11Constants._BEARER);
        requesterConfigImpl.getRSTTProperties().put(RequesterConfiguration.RSTT.TOKENTYPE, "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1");
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "newBearerTokenGenerateConfig()");
        }
        return requesterConfigImpl;
    }

    @Override // com.ibm.websphere.wssecurity.wssapi.token.SAMLTokenFactory
    public RequesterConfig newSenderVouchesTokenGenerateConfig() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "newSenderVouchesTokenGenerateConfig()");
        }
        RequesterConfigImpl requesterConfigImpl = new RequesterConfigImpl();
        requesterConfigImpl.getRSTTProperties().put(RequesterConfiguration.RSTT.KEYTYPE, "http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer");
        requesterConfigImpl.setConfirmationMethod(SAML11Constants._SENDER_VOUCHES);
        requesterConfigImpl.getRSTTProperties().put(RequesterConfiguration.RSTT.TOKENTYPE, "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1");
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "newSenderVouchesTokenGenerateConfig()");
        }
        return requesterConfigImpl;
    }

    @Override // com.ibm.websphere.wssecurity.wssapi.token.SAMLTokenFactory
    public RequesterConfig newSymmetricHolderOfKeyTokenGenerateConfig() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "newSymmetricHolderOfKeyTokenGenerateConfig()");
        }
        RequesterConfigImpl requesterConfigImpl = new RequesterConfigImpl();
        requesterConfigImpl.getRSTTProperties().put(RequesterConfiguration.RSTT.KEYTYPE, "http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey");
        requesterConfigImpl.setConfirmationMethod(SAML11Constants._HOLDER_OF_KEY);
        requesterConfigImpl.getRSTTProperties().put(RequesterConfiguration.RSTT.TOKENTYPE, "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1");
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "newSymmetricHolderOfKeyTokenGenerateConfig()");
        }
        return requesterConfigImpl;
    }

    @Override // com.ibm.websphere.wssecurity.wssapi.token.SAMLTokenFactory
    public RequesterConfig newAsymmetricHolderOfKeyTokenGenerateConfig() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "newAsymmetricHolderOfKeyTokenGenerateConfig()");
        }
        RequesterConfigImpl requesterConfigImpl = new RequesterConfigImpl();
        requesterConfigImpl.getRSTTProperties().put(RequesterConfiguration.RSTT.KEYTYPE, "http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey");
        requesterConfigImpl.setConfirmationMethod(SAML11Constants._HOLDER_OF_KEY);
        requesterConfigImpl.getRSTTProperties().put(RequesterConfiguration.RSTT.TOKENTYPE, "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1");
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "newAsymmetricHolderOfKeyTokenGenerateConfig()");
        }
        return requesterConfigImpl;
    }

    @Override // com.ibm.websphere.wssecurity.wssapi.token.SAMLTokenFactory
    public SAMLToken newSAMLToken(final CredentialConfig credentialConfig, final RequesterConfig requesterConfig, final ProviderConfig providerConfig) throws WSSException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "newSAMLToken( CredentialConfig, RequesterConfig, ProviderConfig)");
        }
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(GET_NEWSAMLTOKEN_PERM);
        }
        try {
            String str = WSSConstants.SAML.SAML11_VALUE_TYPE;
            SAMLTokenImpl newSecurityToken = newSecurityToken(str);
            if (requesterConfig == null || providerConfig == null) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "newSAMLToken( CredentialConfig, RequesterConfig, ProviderConfig): case of null requester or provider config data");
                }
                return newSecurityToken;
            }
            copyReqDataPropsFromIssuer(requesterConfig, providerConfig);
            super.setThreadLocalVars(providerConfig);
            try {
                SAMLAssertion sAMLAssertion = (SAMLAssertion) AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: com.ibm.ws.wssecurity.wssapi.token.impl.SAML11TokenFactoryImpl.1
                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws SoapSecurityException {
                        return SAMLAssertionBuilder.createSignedSAMLAssertion(providerConfig, requesterConfig, credentialConfig);
                    }
                });
                if (sAMLAssertion == null) {
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "SAMLAssertionBuilder.createSignedSAMLAssertion returned a null object");
                    }
                    return newSecurityToken(str);
                }
                SAML11TokenImpl createSAMLToken = SAMLTokenBuilder.createSAMLToken(sAMLAssertion);
                createSAMLToken.setId(createSAMLToken.getSamlID());
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "newSAMLToken( CredentialConfig, RequesterConfig, ProviderConfig)");
                }
                return createSAMLToken;
            } catch (PrivilegedActionException e) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "caught exception calling doPrivileged method: \n" + StringUtil.stackToString(e));
                }
                Tr.processException(e, clsName + ".newSAMLToken", "268");
                throw new WSSException(e.getException() != null ? e.getException() : e.getCause());
            }
        } catch (Exception e2) {
            Tr.processException(e2, clsName + ".newSAMLToken", "292");
            throw new WSSException(e2.getMessage(), e2.getCause());
        }
    }

    @Override // com.ibm.websphere.wssecurity.wssapi.token.SAMLTokenFactory
    public SAMLToken newSAMLToken(final ConsumerConfig consumerConfig, XMLStructure xMLStructure) throws WSSException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "newSAMLToken( ConsumerConfig, XMLStructure)");
        }
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(GET_NEWSAMLTOKEN_PERM);
        }
        try {
            OMElement node = ((OMStructure) xMLStructure).getNode();
            if (node.getLocalName().equals("EncryptedData") || node.getLocalName().equals("EncryptedAssertion")) {
                if ("EncryptedAssertion".equals(node.getLocalName())) {
                    node = DOMUtils.getFirstChildElement(node);
                }
                node = EncryptedDataConsumer.DecryptEncryptedData(node, consumerConfig);
            }
            final OMElement oMElement = node;
            try {
                SAMLAssertion sAMLAssertion = (SAMLAssertion) AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: com.ibm.ws.wssecurity.wssapi.token.impl.SAML11TokenFactoryImpl.2
                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws SoapSecurityException {
                        return SAMLAssertionParser.parseSAML(oMElement, consumerConfig);
                    }
                });
                try {
                    if (sAMLAssertion == null) {
                        Tr.debug(tc, "SAMLAssertionParser.parseSAML doPrivileged block returned a null object");
                        throw new WSSException("The SAML parser returned a null object");
                    }
                    if (!sAMLAssertion.validate()) {
                        throw new WSSException(MessageHelper.getMessage("security.wssecurity.WSSML2039E"));
                    }
                    HashMap hashMap = new HashMap();
                    if (consumerConfig != null && consumerConfig.isAssertionSignatureRequired() && !SAMLAssertionVerifier.verifySAMLSignature(node, consumerConfig, hashMap)) {
                        throw new WSSException(ConfigUtil.getMessage("security.wssecurity.WSSML2040E") + ": " + ConfigUtil.getMessage("security.wssecurity.SignatureConsumer.s01"));
                    }
                    SAML11TokenImpl createSAMLToken = SAMLTokenBuilder.createSAMLToken(sAMLAssertion);
                    createSAMLToken.setId(createSAMLToken.getSamlID());
                    createSAMLToken.setSignerCertificate((X509Certificate) hashMap.get(SAMLSignatureVerification.X509CERTIFICATE));
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "newSAMLToken( ConsumerConfig, XMLStructure)");
                    }
                    return createSAMLToken;
                } catch (Exception e) {
                    throw new WSSException(MessageHelper.getMessage("security.wssecurity.WSSML2039E"), e);
                }
            } catch (PrivilegedActionException e2) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "caught exception calling doPrivileged method: \n" + StringUtil.stackToString(e2));
                }
                Tr.processException(e2, clsName + ".newSAMLToken", "339");
                throw new WSSException(e2.getException() != null ? e2.getException() : e2.getCause());
            }
        } catch (Exception e3) {
            Tr.processException(e3, clsName + ".newSAMLToken", "398");
            if ((e3 instanceof WSSException) || (e3 instanceof SoapSecurityException)) {
                throw new WSSException((Throwable) e3, true);
            }
            throw new WSSException(e3.getMessage(), e3);
        }
    }

    @Override // com.ibm.ws.wssecurity.wssapi.token.impl.SAMLTokenFactoryImpl, com.ibm.websphere.wssecurity.wssapi.token.SAMLTokenFactory
    public SAMLToken newSAMLToken(Subject subject, RequesterConfig requesterConfig, ProviderConfig providerConfig) throws WSSException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "newSAMLToken(Subject,  RequesterConfig, ProviderConfig)");
        }
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(GET_NEWSAMLTOKEN_PERM);
        }
        SAMLToken newSAMLToken = newSAMLToken(newCredentialConfig(requesterConfig, subject), requesterConfig, providerConfig);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "newSAMLToken(Subject,  RequesterConfig, ProviderConfig)");
        }
        return newSAMLToken;
    }

    public CredentialConfig newCredentialConfig(final RequesterConfig requesterConfig, final Subject subject) throws WSSException {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(GET_NEWCREDENTIALCONFIG_PERM);
        }
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "newCredentialConfig(Subject subject)");
        }
        CredentialConfig credentialConfig = null;
        try {
            credentialConfig = (CredentialConfig) AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: com.ibm.ws.wssecurity.wssapi.token.impl.SAML11TokenFactoryImpl.3
                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws Exception {
                    if (RequesterConfig.requestMode.WSCREDENTIAL.equals(requesterConfig.getIssueMode())) {
                        return SAML11TokenFactoryImpl.this.mapWSCredential(requesterConfig, subject, null);
                    }
                    if (!RequesterConfig.requestMode.WSPRINCIPAL.equals(requesterConfig.getIssueMode())) {
                        return SAML11TokenFactoryImpl.this.newCredentialConfig(subject);
                    }
                    CredentialConfig newCredentialConfig = SAML11TokenFactoryImpl.this.newCredentialConfig();
                    String str = null;
                    if (requesterConfig.getAuthenticationMethod() == null) {
                        requesterConfig.setAuthenticationMethod(SAML11Constants.AuthenticationMethod_Unspecified);
                    }
                    if (subject != null) {
                        Iterator<Principal> it = subject.getPrincipals().iterator();
                        if (it.hasNext()) {
                            str = it.next().getName();
                        }
                        newCredentialConfig.setRequesterNameID(str);
                    }
                    return newCredentialConfig;
                }
            });
        } catch (Exception e) {
            FFDCFilter.processException(e.getCause() == null ? e : e.getCause(), clsName, "newCredentialConfig()", this);
            new WSSException(e.getMessage(), e.getCause());
        }
        if (credentialConfig == null) {
            credentialConfig = newCredentialConfig();
            credentialConfig.setRequesterNameID("UNAUTHENTICATED");
            if (requesterConfig.getAuthenticationMethod() == null) {
                requesterConfig.setAuthenticationMethod(SAML11Constants.AuthenticationMethod_Unspecified);
            }
        }
        return credentialConfig;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public CredentialConfig mapWSCredential(RequesterConfig requesterConfig, Subject subject, CredentialConfig credentialConfig) throws WSSException {
        try {
            Map credentialAsMap = SubjectUtilFactory.getInstance().getCredentialAsMap(subject);
            String str = (String) credentialAsMap.get(SubjectUtil.RealmName);
            String str2 = (String) credentialAsMap.get(SubjectUtil.SecurityName);
            String str3 = (String) credentialAsMap.get("UniqueSecurityName");
            String str4 = (String) credentialAsMap.get(SubjectUtil.CredentialToken);
            String str5 = (String) credentialAsMap.get(SubjectUtil.OID);
            String str6 = (String) credentialAsMap.get("Expiration");
            String str7 = (String) credentialAsMap.get("PrimaryGroupId");
            String[] strArr = (String[]) credentialAsMap.get("GroupIds");
            String str8 = (String) credentialAsMap.get(SubjectUtil.HostName);
            String str9 = (String) credentialAsMap.get("Namespace");
            if (credentialConfig == null) {
                credentialConfig = new CredentialConfigImpl();
            }
            String str10 = str2;
            if (requesterConfig.useUniqueSecurityName()) {
                str10 = str3;
            }
            credentialConfig.setSAMLNameID(new SAMLNameID(str10, null, str, null, null));
            ArrayList arrayList = new ArrayList();
            if (requesterConfig.includeRealmName() && str != null) {
                arrayList.add(new SAMLAttribute(SubjectUtil.RealmName, new String[]{str}, (OMStructure[]) null, str9, (String) null, (String) null));
            }
            if (requesterConfig.includeSecurityName() && str2 != null) {
                arrayList.add(new SAMLAttribute(SubjectUtil.SecurityName, new String[]{str2}, (OMStructure[]) null, str9, (String) null, (String) null));
            }
            if (requesterConfig.includeUniqueSecurityName() && str3 != null) {
                arrayList.add(new SAMLAttribute("UniqueSecurityName", new String[]{str3}, (OMStructure[]) null, str9, (String) null, (String) null));
            }
            if (requesterConfig.includeOID() && str5 != null) {
                arrayList.add(new SAMLAttribute(SubjectUtil.OID, new String[]{str5}, (OMStructure[]) null, str9, (String) null, (String) null));
            }
            if (requesterConfig.includeExpiration() && str6 != null) {
                arrayList.add(new SAMLAttribute("Expiration", new String[]{str6}, (OMStructure[]) null, str9, (String) null, (String) null));
            }
            if (requesterConfig.includePrimaryGroupId() && str7 != null) {
                arrayList.add(new SAMLAttribute("PrimaryGroupId", new String[]{str7}, (OMStructure[]) null, str9, (String) null, (String) null));
            }
            if (requesterConfig.includeHostName() && str8 != null) {
                arrayList.add(new SAMLAttribute(SubjectUtil.HostName, new String[]{str8}, (OMStructure[]) null, str9, (String) null, (String) null));
            }
            if (requesterConfig.includeGroupIds() && strArr != null && strArr.length > 0) {
                arrayList.add(new SAMLAttribute("GroupIds", strArr, (OMStructure[]) null, str9, (String) null, (String) null));
            }
            if (requesterConfig.includeCredentialToken() && str4 != null) {
                arrayList.add(new SAMLAttribute(SubjectUtil.CredentialToken, new String[]{str4}, (OMStructure[]) null, str9, (String) null, (String) null));
            }
            credentialConfig.setSAMLAttributes(arrayList);
            return credentialConfig;
        } catch (Exception e) {
            Tr.processException(e, clsName + ".mapWSCredential", "496");
            throw new WSSException(e.getMessage(), e.getCause());
        }
    }

    @Override // com.ibm.websphere.wssecurity.wssapi.token.SAMLTokenFactory
    public SAMLToken newSAMLToken(SAMLToken sAMLToken) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "newSAMLToken( SAMLToken[" + SamlConfigUtil.objectToString(sAMLToken) + "] )");
        }
        if (sAMLToken == null) {
            return null;
        }
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(GET_NEWSAMLTOKEN_PERM);
        }
        SamlConfigUtil.setSamlApiProcessing();
        SAMLToken sAMLToken2 = (SAMLToken) ((SAMLTokenImpl) sAMLToken).clone();
        SamlConfigUtil.unsetSamlApiProcessing();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "newSAMLToken( SAMLToken ) returns returns samlToken[" + SamlConfigUtil.objectToString(sAMLToken2) + "]");
        }
        return sAMLToken2;
    }

    @Override // com.ibm.websphere.wssecurity.wssapi.token.SAMLTokenFactory
    public SAMLToken newSAMLToken(SAMLToken sAMLToken, RequesterConfig requesterConfig, ProviderConfig providerConfig) throws WSSException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "newSAMLToken( SAMLToken[" + SamlConfigUtil.objectToString(sAMLToken) + "], RequesterConfig, ProviderConfig)");
        }
        SAMLTokenImpl sAMLTokenImpl = null;
        if (sAMLToken != null) {
            SecurityManager securityManager = System.getSecurityManager();
            if (securityManager != null) {
                securityManager.checkPermission(GET_NEWSAMLTOKEN_PERM);
            }
            SamlConfigUtil.setSamlApiProcessing();
            if (((SAMLTokenImpl) sAMLToken).isEncryptedXml()) {
                Tr.debug(tc, "XML is encrypted. newSAMLToken not allowed");
                throw new WSSException(MessageHelper.getMessage("security.wssecurity.CWSML7023E", new String[]{getClass().getName(), "newSAMLToken"}));
            }
            copyReqDataPropsFromIssuer(requesterConfig, providerConfig);
            try {
                sAMLTokenImpl = (SAMLTokenImpl) ((SAMLTokenImpl) sAMLToken).clone();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "samlClone [" + SamlConfigUtil.objectToString(sAMLTokenImpl) + "]");
                }
                if (sAMLTokenImpl == null) {
                    throw new WSSException("Cloned token is null");
                }
                OMElement deleteSignElement = SamlSignatureUtils.deleteSignElement(((OMStructure) sAMLTokenImpl.getXML()).getNode());
                processSAMLIssuer(sAMLTokenImpl, deleteSignElement, providerConfig, requesterConfig);
                if (deleteSignElement == null) {
                    throw new WSSException("Cloned element is null");
                }
                if (requesterConfig.isAssertionSignatureRequired()) {
                    OMElement signedSAML = SamlSignatureUtils.getSignedSAML(providerConfig, requesterConfig, deleteSignElement, sAMLTokenImpl.getSamlID());
                    if (signedSAML == null) {
                        throw new WSSException("New signed SAML element is null");
                    }
                    sAMLTokenImpl.setXML(OMStructureFactory.getInstance().getOMStructure(signedSAML));
                    Certificate certificate = SamlConfigUtil.getSamlSigningKeyInformation(providerConfig).getCertificate();
                    if (certificate instanceof X509Certificate) {
                        sAMLTokenImpl.setSignerCertificate((X509Certificate) certificate);
                    } else {
                        sAMLTokenImpl.setSignerCertificate(null);
                    }
                } else {
                    sAMLTokenImpl.setSignerCertificate(null);
                    sAMLTokenImpl.setXML(OMStructureFactory.getInstance().getOMStructure(deleteSignElement));
                }
            } catch (Exception e) {
                Tr.processException(e, clsName + ".newSAMLToken", "683");
                if ((e instanceof WSSException) || (e instanceof SoapSecurityException)) {
                    throw new WSSException((Throwable) e, true);
                }
                throw new WSSException(e.getMessage(), e);
            }
        }
        SamlConfigUtil.unsetSamlApiProcessing();
        if (tc.isEntryEnabled()) {
            OMElement oMElement = null;
            if (sAMLTokenImpl != null) {
                oMElement = ((OMStructure) sAMLTokenImpl.getXML()).getNode();
            }
            Tr.exit(tc, "newSAMLToken( SAMLToken, ProviderConfig, RequesterConfig) returns samlToken[" + ConfigUtil.getObjType(sAMLTokenImpl) + "], contained omElement[" + ConfigUtil.getObjType(oMElement) + "]");
        }
        return sAMLTokenImpl;
    }

    public static void processSAMLIssuer(SAMLTokenImpl sAMLTokenImpl, OMElement oMElement, ProviderConfig providerConfig, RequesterConfig requesterConfig) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "processSAMLIssuer(samlClone[" + ConfigUtil.getObjState(sAMLTokenImpl) + "], omClone[" + ConfigUtil.getObjState(oMElement) + "], providerConfig, requesterConfig)");
        }
        String trim = sAMLTokenImpl.getSAMLIssuerName() != null ? sAMLTokenImpl.getSAMLIssuerName().trim() : null;
        String trim2 = providerConfig.getIssuerURI() != null ? providerConfig.getIssuerURI().trim() : null;
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "origIssuer [" + trim + "], newIssuer [" + trim2 + "]");
        }
        if (providerConfig.getIssuerURI() != null) {
            boolean z = false;
            if (sAMLTokenImpl != null && oMElement != null) {
                OMElement oneElement = DOMUtil.getOneElement(oMElement, LocalConstants.NSURI_SCHEMA_SAML, "Assertion");
                if (trim != null) {
                    if (trim.equals(trim2)) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Issuers match. No action required.");
                        }
                        z = true;
                    } else {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Removing old issuer");
                        }
                        oneElement.removeAttribute(oneElement.getAttribute(new QName("Issuer")));
                        sAMLTokenImpl.setSAMLIssuerName("");
                    }
                }
                if (trim2 != null && !z) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Adding new issuer");
                    }
                    sAMLTokenImpl.setSAMLIssuerName(providerConfig.getIssuerURI());
                    oneElement.addAttribute(oneElement.getOMFactory().createOMAttribute("Issuer", (OMNamespace) null, trim2));
                }
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "New issuer is null.  No issuer update will be made.");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "processSAMLIssuer");
        }
    }
}
