package com.ibm.ws.wssecurity.impl.auth.callback;

import com.ibm.security.trust10.client.om.STSConstantsImpl;
import com.ibm.websphere.wssecurity.callbackhandler.PropertyCallback;
import com.ibm.ws.policyset.runtime.PolicySetConfiguration;
import com.ibm.ws.wssecurity.common.SCAndTrustConstants;
import com.ibm.ws.wssecurity.config.WSSGeneratorConfig;
import com.ibm.ws.wssecurity.confimpl.PrivateGeneratorConfig;
import com.ibm.ws.wssecurity.handler.PolicyConfigUtil;
import com.ibm.ws.wssecurity.handler.PolicyOutboundConfig;
import com.ibm.ws.wssecurity.platform.auth.SecureConversationCacheHelper;
import com.ibm.ws.wssecurity.token.UTC;
import com.ibm.ws.wssecurity.trust.client.ITrustClient;
import com.ibm.ws.wssecurity.trust.client.ITrustConstants;
import com.ibm.ws.wssecurity.trust.client.ITrustRequestSecurityToken;
import com.ibm.ws.wssecurity.trust.client.ITrustRequestSecurityTokenResponse;
import com.ibm.ws.wssecurity.trust.client.ITrustRequestSecurityTokenResponseCollection;
import com.ibm.ws.wssecurity.trust.client.ITrustRequestSecurityTokenTemplate;
import com.ibm.ws.wssecurity.trust.client.impl.TrustClientFactory;
import com.ibm.ws.wssecurity.trust.client.impl.TrustException;
import com.ibm.ws.wssecurity.trust.server.sts.Util.STSPolicySetUtil;
import com.ibm.ws.wssecurity.trust.server.sts.Util.STSTokenUtil;
import com.ibm.ws.wssecurity.trust.server.sts.ext.sct.SCTHelper;
import com.ibm.ws.wssecurity.util.Axis2Util;
import com.ibm.ws.wssecurity.util.CacheConfigFactory;
import com.ibm.ws.wssecurity.util.ConfigUtil;
import com.ibm.ws.wssecurity.util.SecurityUIDGenerator;
import com.ibm.ws.wssecurity.util.TokenHolder;
import com.ibm.ws.wssecurity.util.Tr;
import com.ibm.ws.wssecurity.util.TraceComponent;
import com.ibm.ws.wssecurity.util.WSSNonceGenerator;
import com.ibm.ws.wssecurity.wssapi.OMStructure;
import com.ibm.ws.wssecurity.wssapi.token.impl.SCT;
import com.ibm.ws.wssecurity.wssapi.token.impl.SCT13;
import com.ibm.ws.wssecurity.wssapi.token.impl.SCTWrapper;
import com.ibm.ws.wssecurity.xml.xss4j.dsig.util.Base64;
import com.ibm.wsspi.wssecurity.core.Constants;
import com.ibm.wsspi.wssecurity.core.SoapSecurityException;
import com.ibm.wsspi.wssecurity.core.config.CallbackHandlerConfig;
import com.ibm.wsspi.wssecurity.core.config.TokenGeneratorConfig;
import java.io.IOException;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Vector;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.axiom.om.OMElement;
import org.apache.axis2.client.Options;
import org.apache.axis2.context.ConfigurationContext;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.context.OperationContext;
import org.apache.axis2.context.ServiceContext;
import org.apache.axis2.description.AxisService;
import org.apache.axis2.description.Parameter;
import org.apache.axis2.engine.AxisConfiguration;
import org.apache.axis2.jaxws.ClientConfigurationFactory;

/* loaded from: input_file:lib/com.ibm.wsfp.main.jar:com/ibm/ws/wssecurity/impl/auth/callback/WSTrustCallbackHandler.class */
public class WSTrustCallbackHandler implements CallbackHandler {
    private static final String comp = "security.wssecurity";
    private CallbackHandlerConfig _config;
    private static final TraceComponent tc = Tr.register(WSTrustCallbackHandler.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.wssmessages");
    private static final String clsName = WSTrustCallbackHandler.class.getName();
    private static long cushion = CacheConfigFactory.getInstance().getCacheCushionMilliseconds();
    private static boolean jdbcEnabled = CacheConfigFactory.getInstance().isJDBCCache();
    private static Map clientIDMap = new HashMap();
    private static Object lockObj = new Object();

    public WSTrustCallbackHandler() {
        this._config = null;
    }

    public WSTrustCallbackHandler(Map map) {
        this._config = null;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "WSTrustCallbackHandler(Map properties)");
        }
        if (map == null) {
            Tr.error(tc, "context passed into the callback handler is null.");
            this._config = null;
        } else {
            this._config = (CallbackHandlerConfig) map.get(CallbackHandlerConfig.CONFIG_KEY);
            if (this._config == null && tc.isDebugEnabled()) {
                Tr.debug(tc, "WARNING: The configuration of callback handler is null.");
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "CallbackHandlerConfig [" + this._config + "].");
            Tr.debug(tc, "JDBC Enabled = " + jdbcEnabled);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "WSTrustCallbackHandler(Map properties)");
        }
    }

    @Override // javax.security.auth.callback.CallbackHandler
    public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
        boolean isServiceProvider;
        SCTWrapper sCTWrapper;
        Map<Object, Object> properties;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "handle(Callback[] callbacks)");
        }
        if (callbackArr == null || callbackArr.length == 0) {
            throw new UnsupportedCallbackException(null, "There is no callback.");
        }
        SCTCallback sCTCallback = null;
        HashMap hashMap = new HashMap();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, callbackArr.length + " callbacks");
        }
        for (int i = 0; i < callbackArr.length; i++) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "callbacks[" + i + "] is " + callbackArr[i].getClass().getName());
            }
            if (callbackArr[i] instanceof SCTCallback) {
                sCTCallback = (SCTCallback) callbackArr[i];
                sCTCallback.setExist(true);
            } else if ((callbackArr[i] instanceof PropertyCallback) && (properties = ((PropertyCallback) callbackArr[i]).getProperties()) != null) {
                hashMap.putAll(properties);
            }
        }
        if (sCTCallback == null) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "handle(Callback[] callbacks) not required.");
                return;
            }
            return;
        }
        MessageContext messageContext = (MessageContext) hashMap.get(Constants.WSSECURITY_MESSAGE_CONTEXT);
        AxisService axisService = (AxisService) hashMap.get(com.ibm.ws.wssecurity.common.Constants.WSSECURITY_AXIS_SERVICE);
        TokenGeneratorConfig tokenGeneratorConfig = (TokenGeneratorConfig) hashMap.get(TokenGeneratorConfig.CONFIG_KEY);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "TokenGeneratorConfig [" + tokenGeneratorConfig + "].");
        }
        String str = com.ibm.ws.wssecurity.common.Constants.NS_WSC_SCT_13;
        if (tokenGeneratorConfig != null) {
            tokenGeneratorConfig.getType().getLocalPart();
            String localPart = tokenGeneratorConfig.getType().getLocalPart();
            str = localPart;
            if (localPart != null && tc.isDebugEnabled()) {
                Tr.debug(tc, "SCT version =  [" + str + "].");
            }
        }
        String str2 = (String) hashMap.get(com.ibm.ws.wssecurity.common.Constants.SCT_CANCEL);
        boolean z = false;
        if (str2 != null && str2.equalsIgnoreCase("true")) {
            z = true;
        }
        SCT sct = (SCT) hashMap.get(com.ibm.ws.wssecurity.common.Constants.WSSECURITY_SCT);
        if (z) {
            str = sct.getValueType().getLocalPart();
            cushion = 0L;
        }
        try {
            if (messageContext != null) {
                isServiceProvider = Axis2Util.isServiceProvider(messageContext);
            } else {
                if (axisService == null) {
                    throw new UnsupportedCallbackException(null, " Unknown Context or Service.");
                }
                isServiceProvider = Axis2Util.isServiceProvider(axisService);
            }
            if (!z && (sCTWrapper = (SCTWrapper) messageContext.getProperty(com.ibm.ws.wssecurity.common.Constants.SCT_IN_USE)) != null && sCTWrapper.getSCT() != null && hashMap.get(com.ibm.ws.wssecurity.common.Constants.WSSECURITY_SCT) == null) {
                SCTWrapper sCTWrapper2 = (SCTWrapper) messageContext.getProperty(com.ibm.ws.wssecurity.common.Constants.SCT_IN_USE);
                String currentInstance = sCTWrapper2.getCurrentInstance();
                SCT sct2 = sCTWrapper2.getSCT();
                Date date = new Date();
                if (!sct2.isCancelled() && sct2.getExpiration(currentInstance).getTime() - date.getTime() > 0) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Valid SCT is already in use by this handler. Use the reference");
                    }
                    sCTCallback.setToken(sCTWrapper2);
                    sCTCallback.setExist(true);
                    messageContext.setProperty(com.ibm.ws.wssecurity.common.Constants.SCT_TOKEN_VALUE_TYPE, sct2.getValueType().getLocalPart());
                    return;
                }
                sct = null;
            }
            String str3 = null;
            String str4 = null;
            if (this._config != null && messageContext != null) {
                str3 = (String) this._config.getProperties().get(com.ibm.ws.wssecurity.common.Constants.SCT_SCOPE);
                str4 = (String) this._config.getProperties().get(com.ibm.ws.wssecurity.common.Constants.USE_SCT_VALIDATE);
                messageContext.setProperty(com.ibm.ws.wssecurity.common.Constants.SCT_SCOPE, str3);
                messageContext.setProperty(com.ibm.ws.wssecurity.common.Constants.USE_SCT_VALIDATE, str4);
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "SCT Scope property = " + str3);
                Tr.debug(tc, "SCT validate property = " + str4);
            }
            hashMap.put(com.ibm.ws.wssecurity.common.Constants.SCT_TOKEN_VALUE_TYPE, str);
            SCTWrapper serverSideSCT = isServiceProvider ? getServerSideSCT(hashMap, messageContext) : getClientSideSCT(hashMap, messageContext, sct, z);
            if (messageContext != null) {
                messageContext.setProperty(com.ibm.ws.wssecurity.common.Constants.SCT_IN_USE, serverSideSCT);
                if (messageContext.getProperty(com.ibm.ws.wssecurity.common.Constants.SCT_SCOPE) != null) {
                    messageContext.setProperty(com.ibm.ws.wssecurity.common.Constants.SCT_SCOPE, (Object) null);
                }
            }
            sCTCallback.setToken(serverSideSCT);
            sCTCallback.setExist(true);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Succeeded to get necessary information through the callbacks.");
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "handle(Callback[] callbacks)");
            }
        } catch (Exception e) {
            throw new UnsupportedCallbackException(null, e.getMessage());
        }
    }

    private SCTWrapper getClientSideSCT(HashMap hashMap, MessageContext messageContext, SCT sct, boolean z) throws IOException {
        String str;
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "client side. Getting SCToken");
        }
        if (sct == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "client side. Getting SCToken from global cache");
            }
            sct = (SCT) SecureConversationCacheHelper.getSecurityContextTokenFromCacheByContext(messageContext);
        }
        SCTWrapper sCTWrapper = null;
        boolean z2 = false;
        boolean z3 = false;
        boolean z4 = false;
        if (!isCancelInProgress(messageContext) && sct != null) {
            z4 = sct.isCancelled();
        }
        boolean z5 = true;
        Date date = new Date();
        if (sct != null) {
            if (messageContext != null && (str = (String) messageContext.getProperty(com.ibm.ws.wssecurity.common.Constants.USE_SCT_VALIDATE)) != null && "true".equalsIgnoreCase(str)) {
                try {
                    z5 = validateSCT(sct, hashMap, messageContext);
                } catch (SoapSecurityException e) {
                }
                if (!z5) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Security context token is not valid per Validate call.. issue new token");
                    }
                    z3 = true;
                }
            }
            String searchInstanceList = searchInstanceList(sct);
            if (searchInstanceList == null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Security context token is expired, try to renew the token");
                }
                if (sct.isRenewableAfterExpiration()) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Security context token is expired, try to renew the token");
                    }
                    z2 = true;
                } else {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Security Context Token is expired and is not renewable after expiration.");
                    }
                    Tr.info(tc, "security.wssecurity.WSTrustCallbackHandler.expiredSCT");
                    z3 = true;
                }
            } else if (z4) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "SCT is cancelled, issuing new SCT");
                }
                z3 = true;
            } else if (!sct.isValid(searchInstanceList, 0L)) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Security context token is expired, try to renew the token");
                }
                if (sct.isRenewableAfterExpiration()) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Security context token is expired, renewing the token");
                    }
                    z2 = true;
                } else {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Security Context Token is expired and is not renewable after expiration.");
                    }
                    Tr.info(tc, "security.wssecurity.WSTrustCallbackHandler.expiredSCT");
                    z3 = true;
                }
            } else if (sct.getExpiration(searchInstanceList).getTime() - date.getTime() > cushion) {
                sCTWrapper = createSCTWrapper(sct, searchInstanceList);
                sCTWrapper.setSCT(sct);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Client side cache. Security context token is a valid token and instance = " + searchInstanceList);
                }
            } else {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Client side cache. Security context token is about to expire. Renew the token");
                }
                if (jdbcEnabled) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "JDBC Database Cache enabled....");
                    }
                    sct = (SCT) SecureConversationCacheHelper.getSecurityContextTokenFromDBCache(sct.getIdentifier(), sct.getExpiration(searchInstanceList).getTime() - sct.getCreation(searchInstanceList).getTime());
                    String searchInstanceList2 = searchInstanceList(sct);
                    if (sct.getExpiration(searchInstanceList2).getTime() - date.getTime() > cushion) {
                        sCTWrapper = createSCTWrapper(sct, searchInstanceList2);
                        sCTWrapper.setSCT(sct);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Client side cache. Security context token is a valid token and instance = " + searchInstanceList2);
                        }
                    } else if (sct.isRenewable()) {
                        z2 = true;
                    } else {
                        Tr.info(tc, "security.wssecurity.WSEC7235I");
                        z3 = true;
                    }
                } else {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "JDBC Database Cache is not enabled....");
                    }
                    if (sct.isRenewable()) {
                        z2 = true;
                    } else {
                        Tr.info(tc, "security.wssecurity.WSEC7235I");
                        z3 = true;
                    }
                }
            }
        } else {
            z3 = true;
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "No Security Context Token found in  client side cache, Issue new SCT.");
            }
        }
        if (z3 && z) {
            Tr.info(tc, "security.wssecurity.WSEC7234I");
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "The specified SCT for cancel is either invalidated or could not be renewed. Cancel is not processed.");
            }
            return sCTWrapper;
        }
        if (z3 || z2) {
            try {
                boolean z6 = false;
                String str2 = null;
                if (!"SERVICE_SCOPE".equalsIgnoreCase((String) messageContext.getProperty(com.ibm.ws.wssecurity.common.Constants.SCT_SCOPE))) {
                    str2 = SecureConversationCacheHelper.computeKey(messageContext);
                    if (str2 != null) {
                        z6 = hasBeenRequested(str2);
                    }
                }
                if (z6) {
                    try {
                        Thread.sleep(300000L);
                    } catch (InterruptedException e2) {
                    }
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Other thread already obtain SCT for this client. Getting SCT from cache now.");
                    }
                    sct = (SCT) SecureConversationCacheHelper.getSecurityContextTokenFromCacheByContext(messageContext);
                    sCTWrapper = createSCTWrapper(sct, searchInstanceList(sct));
                    sCTWrapper.setSCT(sct);
                } else {
                    try {
                        sCTWrapper = obtainSCT(messageContext, sct, hashMap, z3, z2, z);
                        sct = sCTWrapper.getSCT();
                        SecureConversationCacheHelper.setSecurityContextTokenToCache(sct.getIdentifier(), messageContext, sct, null);
                        wakeupOtherRequests(str2);
                    } catch (Exception e3) {
                        if (str2 != null) {
                            wakeupOtherRequests(str2);
                        }
                        throw new SoapSecurityException(e3.getMessage());
                    }
                }
            } catch (SoapSecurityException e4) {
                throw new IOException(ConfigUtil.getMessage("security.wssecurity.SCTGenerateLoginModule.issueSCT", new String[]{e4.toString()}));
            }
        }
        if (z) {
            SCTWrapper cancelSCToken = cancelSCToken(hashMap, sct);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getClientSideSCT(Map, MessageContext, SCT, boolean). SCT cancelled.");
            }
            return cancelSCToken;
        }
        if (sct != null) {
            if (sct.getExpiration(sCTWrapper.getCurrentInstance()).getTime() - sct.getCreation(sCTWrapper.getCurrentInstance()).getTime() < cushion) {
                Tr.error(tc, "security.wssecurity.WSTrustCallbackHandler.clientCushionAndSCT");
                throw new IOException(ConfigUtil.getMessage("security.wssecurity.WSTrustCallbackHandler.clientCushionAndSCT"));
            }
            HashMap hashMap2 = (HashMap) messageContext.getProperty(com.ibm.ws.wssecurity.common.Constants.WSS_RAMP_PROPERTYMAP);
            HashMap hashMap3 = hashMap2;
            if (hashMap2 == null) {
                hashMap3 = new HashMap();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Save the sct uuid and instance in the wss-ramp propertymap");
                }
            }
            hashMap3.put(com.ibm.ws.wssecurity.common.Constants.CURRENT_INSTANCE_IN_USE, sCTWrapper.getCurrentInstance());
            hashMap3.put(Constants.WSSECURITY_SECURECONVERSATION_IDENTIFIER, sct.getUUID());
            messageContext.setProperty(com.ibm.ws.wssecurity.common.Constants.WSS_RAMP_PROPERTYMAP, hashMap3);
            messageContext.setProperty(com.ibm.ws.wssecurity.common.Constants.SCT_TOKEN_VALUE_TYPE, sct.getValueType().getLocalPart());
        }
        return sCTWrapper;
    }

    private SCTWrapper obtainSCT(MessageContext messageContext, SCT sct, HashMap hashMap, boolean z, boolean z2, boolean z3) throws SoapSecurityException {
        SCTWrapper sCTWrapper = null;
        if (z) {
            sCTWrapper = issueSCToken(messageContext, hashMap);
        } else if (z2) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "SCT is expired or about to expire = " + sct.getUUID());
            }
            try {
                sCTWrapper = renewSCToken(messageContext, hashMap, sct);
            } catch (Exception e) {
                if (z3) {
                    Tr.info(tc, "security.wssecurity.WSEC7234I");
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "The specified SCT for cancel is either invalidated or could not be renewed. Cancel is not processed.");
                    }
                    return sCTWrapper;
                }
                Tr.info(tc, "security.wssecurity.WSEC7235I");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "The specified SCT " + sct.getIdentifier() + " could not be renewed. A new SCT will be issued.");
                }
                sCTWrapper = issueSCToken(messageContext, hashMap);
            }
        }
        return sCTWrapper;
    }

    private SCTWrapper getServerSideSCT(HashMap hashMap, MessageContext messageContext) throws IOException {
        HashMap hashMap2;
        SCT sct = null;
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Getting SCT from trust service directly.");
        }
        String tokenFromContext = TokenHolder.getTokenFromContext(SCAndTrustConstants.INBOUND_SCTOKEN, messageContext);
        String instanceFromContext = TokenHolder.getInstanceFromContext(messageContext, com.ibm.ws.wssecurity.common.Constants.INSTANCE_FROM_MESSAGE);
        String instanceFromContext2 = TokenHolder.getInstanceFromContext(messageContext, com.ibm.ws.wssecurity.common.Constants.SCT_VERSION_FROM_MESSAGE);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Found SCT uuid in inbound message context: " + tokenFromContext);
            Tr.debug(tc, "Found Key instance uuid in inbound message context: " + instanceFromContext);
            Tr.debug(tc, "Found token type in inbound message context: " + instanceFromContext2);
        }
        if (tokenFromContext == null && (hashMap2 = (HashMap) messageContext.getProperty(com.ibm.ws.wssecurity.common.Constants.WSS_RAMP_PROPERTYMAP)) != null) {
            tokenFromContext = (String) hashMap2.get(Constants.WSSECURITY_SECURECONVERSATION_IDENTIFIER);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Found SCT uuid in WSS_RAMP_PROPERTYMAP:" + tokenFromContext);
            }
            instanceFromContext2 = (String) hashMap2.get(com.ibm.ws.wssecurity.common.Constants.SCT_VERSION_FROM_MESSAGE);
        }
        if (instanceFromContext2 == null) {
            instanceFromContext2 = (String) hashMap.get(com.ibm.ws.wssecurity.common.Constants.SCT_TOKEN_VALUE_TYPE);
        } else {
            messageContext.setProperty(com.ibm.ws.wssecurity.common.Constants.SCT_TOKEN_VALUE_TYPE, instanceFromContext2);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "SCT version =  [" + instanceFromContext2 + "].");
        }
        if (tokenFromContext != null) {
            if (SCTHelper.getCache() != null) {
                sct = (SCT) SCTHelper.getCache().getToken(tokenFromContext);
            }
            if (sct == null) {
                sct = (SCT) STSTokenUtil.getToken(tokenFromContext, instanceFromContext2);
            }
        }
        if (sct == null) {
            Tr.error(tc, "security.wssecurity.SCTConsumeLoginModule.invalidSCT03");
            throw new IOException(ConfigUtil.getMessage("security.wssecurity.SCTConsumeLoginModule.invalidSCT03"));
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Server side. Got SCToken from message context and uuid = " + sct.getUUID());
            Tr.debug(tc, "Got token from message context and instance = " + instanceFromContext);
        }
        if (instanceFromContext == null) {
            instanceFromContext = searchExistingInstance(sct);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "using latest key instance (must do this for RAMP...):" + instanceFromContext);
            }
        }
        if (sct == null || !sct.isValid(instanceFromContext, 0L) || sct.isCancelled()) {
            throw new IOException(ConfigUtil.getMessage("security.wssecurity.SCTGenerateLoginModule.invalidSCT"));
        }
        SCTWrapper createSCTWrapper = createSCTWrapper(sct, instanceFromContext);
        createSCTWrapper.setSCT(sct);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Server side. Security context token is a valid token");
        }
        return createSCTWrapper;
    }

    private SCTWrapper issueSCToken(MessageContext messageContext, HashMap hashMap) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "issueSCToken()");
        }
        String str = "http://schemas.xmlsoap.org/ws/2005/02/trust";
        String str2 = null;
        SCT sct = null;
        boolean z = false;
        String str3 = "true";
        String str4 = "false";
        WSSGeneratorConfig wSSGeneratorConfig = (WSSGeneratorConfig) hashMap.get("com.ibm.wsspi.wssecurity.config.wssGenerator.configKey");
        if (tc.isDebugEnabled() && wSSGeneratorConfig == null) {
            Tr.debug(tc, "null WSSGenerator Config object");
        }
        String str5 = (String) hashMap.get(com.ibm.ws.wssecurity.common.Constants.SCT_TOKEN_VALUE_TYPE);
        ConfigurationContext configurationContext = messageContext.getConfigurationContext();
        if (tc.isDebugEnabled()) {
            if (!configurationContext.getAxisConfiguration().getEngagedModules().isEmpty()) {
                Iterator it = configurationContext.getAxisConfiguration().getEngagedModules().iterator();
                while (it.hasNext()) {
                    Tr.debug(tc, "Engaged Module = ", it.next());
                }
            }
            if (wSSGeneratorConfig == null) {
                Tr.debug(tc, "Null security generator config to new message context");
            } else {
                Tr.debug(tc, "Valid security generator config to new message context");
            }
        }
        String str6 = null;
        if (wSSGeneratorConfig != null && ((PrivateGeneratorConfig) wSSGeneratorConfig).getBootstrapGeneratorConfig() != null && ((PrivateGeneratorConfig) wSSGeneratorConfig).getBootstrapConsumerConfig() != null) {
            z = true;
            str6 = ((PolicyOutboundConfig) wSSGeneratorConfig).getAlgorithmSuite();
        }
        if (wSSGeneratorConfig != null) {
            str2 = ((PolicyOutboundConfig) wSSGeneratorConfig).getSCTIssuer();
            if (tc.isDebugEnabled() && str2 != null && str2.length() > 0) {
                Tr.debug(tc, "SCT Issuer from policy is:" + str2);
            }
        }
        if (str2 == null || str2.length() == 0) {
            if (messageContext.getTo() != null) {
                str2 = messageContext.getTo().getAddress();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "The End Point Address (from mc) is: " + str2);
                }
            } else {
                Options options = messageContext.getOptions();
                if (options != null) {
                    str2 = options.getTo().getAddress();
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "The End Point Address (from options, from mc returns null) is: " + str2);
                }
            }
        }
        String name = messageContext.getEnvelope().getNamespace().getName();
        String str7 = (String) messageContext.getProperty("WSAddressingVersion");
        if (str7 == null || str7.length() == 0) {
            str7 = com.ibm.ws.wssecurity.common.Constants.NS_WSADDRS[0];
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "No namespace defined for WS-Addressing on the message context.");
                Tr.debug(tc, "Setting final WS-Addressing level in the trust service request." + str7);
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Namespace for WS-Addressing [" + str7 + "]. This will be set on trust service request");
        }
        String str8 = null;
        String str9 = null;
        if (com.ibm.ws.wssecurity.common.Constants.NS_WSC_SCT_13.equals(str5)) {
            str = SCAndTrustConstants.SC_TRUST_NAMESPACES[0][2];
            str8 = SCAndTrustConstants.SC_TRUST_ACTION_NAMESPACES[0][0];
            str9 = SCAndTrustConstants.SC_TRUST_ACTION_NAMESPACES[0][1];
        } else if (com.ibm.ws.wssecurity.common.Constants.NS_WSC_SCT.equals(str5)) {
            str = SCAndTrustConstants.SC_TRUST_NAMESPACES[1][2];
            str8 = SCAndTrustConstants.SC_TRUST_ACTION_NAMESPACES[4][0];
            str9 = SCAndTrustConstants.SC_TRUST_ACTION_NAMESPACES[4][1];
        }
        try {
            ITrustClient trustClient = TrustClientFactory.getTrustClient(str);
            ITrustRequestSecurityTokenTemplate sTSRequestSecurityTokenTemplate = trustClient.getSTSRequestSecurityTokenTemplate();
            sTSRequestSecurityTokenTemplate.setWSANamespace(str7);
            sTSRequestSecurityTokenTemplate.addTokenType(str5);
            sTSRequestSecurityTokenTemplate.addRequestType(str8);
            String minimumSymmetricKeyLength = PolicyConfigUtil.getMinimumSymmetricKeyLength(str6);
            int parseInt = Integer.parseInt(minimumSymmetricKeyLength);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Key Size (in bits) based on the algorihthm Suite, " + str6 + " = " + parseInt);
            }
            sTSRequestSecurityTokenTemplate.addAppliesTo(str2);
            byte[] generateBytes = WSSNonceGenerator.generateBytes(parseInt / 8);
            sTSRequestSecurityTokenTemplate.addEntropyNonce(Base64.encode(generateBytes));
            sTSRequestSecurityTokenTemplate.addKeySize(minimumSymmetricKeyLength);
            HashMap hashMap2 = new HashMap();
            try {
                String createUID = SecurityUIDGenerator.createUID();
                sTSRequestSecurityTokenTemplate.setMessageID(createUID);
                sTSRequestSecurityTokenTemplate.setTo(str2);
                sTSRequestSecurityTokenTemplate.setAction(str9);
                hashMap2.put(ITrustConstants.MESSAGE_ID, createUID);
                hashMap2.put(ITrustConstants.MESSAGE_TO, str2);
                hashMap2.put(ITrustConstants.MESSAGE_ACTION, str9);
                hashMap2.put(ITrustConstants.SOAP_LEVEL, name);
                hashMap2.put(ITrustConstants.ADDRESSING_LEVEL, str7);
                hashMap2.put(ITrustConstants.TRUST_LEVEL, str);
                hashMap2.put(ITrustConstants.CONTEXT_URI, ITrustConstants.CONTEXT_LOGIN);
                hashMap2.put(ITrustConstants.STS_NAME, "SSI");
                PolicySetConfiguration policySetConfig = Axis2Util.getPolicySetConfig(messageContext);
                HashMap hashMap3 = new HashMap();
                hashMap3.put(ITrustConstants.CONFIG_CONTEXT, configurationContext);
                HashMap hashMap4 = new HashMap();
                hashMap4.put(com.ibm.ws.wssecurity.common.Constants.IS_BOOTSTRAP_REQUIRED, new Boolean(true));
                if (z) {
                    hashMap4.put(com.ibm.ws.wssecurity.common.Constants.BOOTSTRAP_APP_POLICY_CONFIG, wSSGeneratorConfig);
                    if (wSSGeneratorConfig instanceof PrivateGeneratorConfig) {
                        hashMap4.put("com.ibm.wsspi.wssecurity.config.wssConsumer.configKey", ((PrivateGeneratorConfig) wSSGeneratorConfig).getBootstrapConsumerConfig());
                    }
                }
                copySessionAffinityPropertiesToMap(messageContext, hashMap4);
                HashMap hashMap5 = new HashMap();
                hashMap4.put(com.ibm.ws.wssecurity.common.Constants.COOKIE_PROPERTY_MAP, hashMap5);
                hashMap3.put(ITrustConstants.AXIS2_MESSAGECONTEXT_PROPERTYMAP, hashMap4);
                hashMap3.put(ITrustConstants.STSCONFIGURATION, hashMap2);
                hashMap3.put(ITrustConstants.RSTTEMPLATE, sTSRequestSecurityTokenTemplate);
                try {
                    ITrustRequestSecurityToken createRequestSecurityToken = trustClient.createRequestSecurityToken(sTSRequestSecurityTokenTemplate, hashMap3);
                    AxisService axisService = createRequestSecurityToken.getAxisService();
                    if (axisService != null) {
                        axisService.addParameter(new Parameter("WASAxis2PolicySet", policySetConfig));
                        axisService.addParameter(new Parameter("Sandesha2UnreliableMessage", "true"));
                    }
                    byte[] bArr = null;
                    String str10 = null;
                    String str11 = null;
                    Date date = null;
                    Date date2 = null;
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "About to call Trust client with Issue request.");
                    }
                    ITrustRequestSecurityTokenResponseCollection issue = trustClient.issue(createRequestSecurityToken);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Trust client Issue is successful.");
                    }
                    OMElement oMElement = null;
                    Iterator<ITrustRequestSecurityTokenResponse> rSTRCollection = issue.getRSTRCollection();
                    if (rSTRCollection.hasNext()) {
                        ITrustRequestSecurityTokenResponse next = rSTRCollection.next();
                        oMElement = next.getSecurityContextTokenElement();
                        str10 = next.getUUID();
                        str11 = next.getInstance();
                        bArr = next.getServerSecretBytes();
                        date = next.getCreatedDate();
                        date2 = next.getExpiresDate();
                        Integer valueOf = Integer.valueOf(next.getKeySize());
                        if (valueOf != null) {
                            parseInt = valueOf.intValue();
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Key Size from the RSTR = " + parseInt);
                            }
                        }
                        str3 = next.getRenewable();
                        str4 = next.getRenewableAfterExpiration();
                    }
                    if (str11 == null || str11.length() == 0) {
                        str11 = "FirstKey_" + str10;
                    }
                    SCT.KeyHistoryEntry keyHistoryEntry = new SCT.KeyHistoryEntry(str11, generateBytes, bArr, date, date2, SCT.SCTState.ISSUED);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "RSTR returns with Requested Security Token: uuid = " + str10 + ", instance = " + str11 + ", created = " + date.toString() + ", expires = " + date2.toString() + ", and instance = " + str11);
                    }
                    if (com.ibm.ws.wssecurity.common.Constants.NS_WSC_SCT_13.equals(str5)) {
                        sct = new SCT13(str10);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Token Value Type = " + sct.getValueType().getLocalPart());
                        }
                    } else if (com.ibm.ws.wssecurity.common.Constants.NS_WSC_SCT.equals(str5)) {
                        sct = new SCT(str10);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Token Value Type = " + sct.getValueType().getLocalPart());
                        }
                    }
                    sct.setKeyHistoryEntry(keyHistoryEntry);
                    sct.setKeySize(parseInt);
                    sct.setUsedForSigAndEnc(true);
                    sct.setClientID(SecureConversationCacheHelper.computeKey(messageContext));
                    sct.setXML(new OMStructure(oMElement));
                    if (str2 != null) {
                        sct.setAppliesTo(str2);
                    }
                    if (str3 != null) {
                        sct.setRenewable(Boolean.valueOf(str3).booleanValue());
                    }
                    if (str4 != null) {
                        sct.setRenewableAfterExpiration(Boolean.valueOf(str4).booleanValue());
                    }
                    sct.setIssuer(str2);
                    SCTWrapper createSCTWrapper = createSCTWrapper(sct, str11);
                    createSCTWrapper.setSCT(sct);
                    createSCTWrapper.setXML(new OMStructure(oMElement));
                    copySessionAffinityPropertiesFromMap(messageContext, hashMap5);
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "requestSCToken()");
                    }
                    return createSCTWrapper;
                } catch (Throwable th) {
                    Tr.error(tc, "security.wssecurity.SCTGenerateLoginModule.issueSCT", new Object[]{th});
                    throw SoapSecurityException.format("security.wssecurity.SCTGenerateLoginModule.issueSCT", th);
                }
            } catch (Throwable th2) {
                throw SoapSecurityException.format("Throwable Exception during the trust client API invocation", th2);
            }
        } catch (TrustException e) {
            Tr.error(tc, "security.wssecurity.SCTGenerateLoginModule.issueSCT", new Object[]{e});
            throw SoapSecurityException.format("security.wssecurity.SCTGenerateLoginModule.issueSCT", e);
        }
    }

    private SCTWrapper renewSCToken(MessageContext messageContext, HashMap hashMap, SCT sct) throws SoapSecurityException {
        ConfigurationContext configurationContext;
        String issuer;
        String name;
        String str;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "renewSCToken()");
        }
        String str2 = "http://schemas.xmlsoap.org/ws/2005/02/trust";
        SCT sct2 = null;
        SCTWrapper sCTWrapper = null;
        boolean z = false;
        String str3 = null;
        WSSGeneratorConfig wSSGeneratorConfig = (WSSGeneratorConfig) hashMap.get("com.ibm.wsspi.wssecurity.config.wssGenerator.configKey");
        String str4 = (String) hashMap.get(com.ibm.ws.wssecurity.common.Constants.SCT_TOKEN_VALUE_TYPE);
        if (wSSGeneratorConfig != null && ((PrivateGeneratorConfig) wSSGeneratorConfig).getBootstrapGeneratorConfig() != null && ((PrivateGeneratorConfig) wSSGeneratorConfig).getBootstrapConsumerConfig() != null) {
            z = true;
            str3 = ((PolicyOutboundConfig) wSSGeneratorConfig).getAlgorithmSuite();
        }
        if (messageContext == null) {
            name = com.ibm.ws.wssecurity.common.Constants.NS_SOAP;
            str = com.ibm.ws.wssecurity.common.Constants.NS_WSADDRS[0];
            issuer = sct.getIssuer();
            configurationContext = getConfigurationContext(issuer);
        } else {
            configurationContext = messageContext.getConfigurationContext();
            if (tc.isDebugEnabled()) {
                if (!configurationContext.getAxisConfiguration().getEngagedModules().isEmpty()) {
                    Iterator it = configurationContext.getAxisConfiguration().getEngagedModules().iterator();
                    while (it.hasNext()) {
                        Tr.debug(tc, "Engaged Module = ", it.next());
                    }
                }
                if (wSSGeneratorConfig == null) {
                    Tr.debug(tc, "Null security generator config to new message context");
                }
            }
            issuer = sct.getIssuer();
            name = messageContext.getEnvelope().getNamespace().getName();
            str = (String) messageContext.getProperty("WSAddressingVersion");
            if (str == null || str.length() == 0) {
                str = com.ibm.ws.wssecurity.common.Constants.NS_WSADDRS[0];
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "No namespace defined for WS-Addressing on the message context.");
                    Tr.debug(tc, "Setting final WS-Addressing level in the trust service request." + str);
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Namespace for WS-Addressing [" + str + "]. This will be set on trust service request");
            }
        }
        String str5 = null;
        String str6 = null;
        if (com.ibm.ws.wssecurity.common.Constants.NS_WSC_SCT_13.equals(str4)) {
            str2 = SCAndTrustConstants.SC_TRUST_NAMESPACES[0][2];
            str5 = SCAndTrustConstants.SC_TRUST_ACTION_NAMESPACES[1][0];
            str6 = SCAndTrustConstants.SC_TRUST_ACTION_NAMESPACES[1][1];
        } else if (com.ibm.ws.wssecurity.common.Constants.NS_WSC_SCT.equals(str4)) {
            str2 = SCAndTrustConstants.SC_TRUST_NAMESPACES[1][2];
            str5 = SCAndTrustConstants.SC_TRUST_ACTION_NAMESPACES[5][0];
            str6 = SCAndTrustConstants.SC_TRUST_ACTION_NAMESPACES[5][1];
        }
        try {
            ITrustClient trustClient = TrustClientFactory.getTrustClient(str2);
            ITrustRequestSecurityTokenTemplate sTSRequestSecurityTokenTemplate = trustClient.getSTSRequestSecurityTokenTemplate();
            sTSRequestSecurityTokenTemplate.setWSANamespace(str);
            sTSRequestSecurityTokenTemplate.addTokenType(str4);
            sTSRequestSecurityTokenTemplate.addRequestType(str5);
            sTSRequestSecurityTokenTemplate.addRenewTarget(((OMStructure) sct.getXML()).getNode());
            String minimumSymmetricKeyLength = PolicyConfigUtil.getMinimumSymmetricKeyLength(str3);
            int parseInt = Integer.parseInt(minimumSymmetricKeyLength);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Key Size (in bits) based on the algorihthm Suite, " + str3 + " = " + parseInt);
            }
            sTSRequestSecurityTokenTemplate.addAppliesTo(issuer);
            byte[] generateBytes = WSSNonceGenerator.generateBytes(parseInt / 8);
            sTSRequestSecurityTokenTemplate.addEntropyNonce(Base64.encode(generateBytes));
            sTSRequestSecurityTokenTemplate.addKeySize(minimumSymmetricKeyLength);
            HashMap hashMap2 = new HashMap();
            try {
                String createUID = SecurityUIDGenerator.createUID();
                sTSRequestSecurityTokenTemplate.setMessageID(createUID);
                sTSRequestSecurityTokenTemplate.setTo(issuer);
                sTSRequestSecurityTokenTemplate.setAction(str6);
                hashMap2.put(ITrustConstants.MESSAGE_ID, createUID);
                hashMap2.put(ITrustConstants.MESSAGE_TO, issuer);
                hashMap2.put(ITrustConstants.MESSAGE_ACTION, str6);
                hashMap2.put(ITrustConstants.SOAP_LEVEL, name);
                hashMap2.put(ITrustConstants.ADDRESSING_LEVEL, str);
                hashMap2.put(ITrustConstants.TRUST_LEVEL, str2);
                hashMap2.put(ITrustConstants.CONTEXT_URI, ITrustConstants.CONTEXT_LOGIN);
                hashMap2.put(ITrustConstants.STS_NAME, "SSI");
                PolicySetConfiguration policySetConfig = Axis2Util.getPolicySetConfig(messageContext);
                HashMap hashMap3 = new HashMap();
                hashMap3.put(ITrustConstants.CONFIG_CONTEXT, configurationContext);
                HashMap hashMap4 = new HashMap();
                hashMap4.put(com.ibm.ws.wssecurity.common.Constants.IS_BOOTSTRAP_REQUIRED, new Boolean(true));
                if (z) {
                    hashMap4.put(com.ibm.ws.wssecurity.common.Constants.BOOTSTRAP_APP_POLICY_CONFIG, wSSGeneratorConfig);
                    if (wSSGeneratorConfig instanceof PrivateGeneratorConfig) {
                        hashMap4.put("com.ibm.wsspi.wssecurity.config.wssConsumer.configKey", ((PrivateGeneratorConfig) wSSGeneratorConfig).getBootstrapConsumerConfig());
                    }
                }
                copySessionAffinityPropertiesToMap(messageContext, hashMap4);
                hashMap4.put(com.ibm.ws.wssecurity.common.Constants.COOKIE_PROPERTY_MAP, new HashMap());
                hashMap3.put(ITrustConstants.AXIS2_MESSAGECONTEXT_PROPERTYMAP, hashMap4);
                hashMap3.put(ITrustConstants.STSCONFIGURATION, hashMap2);
                hashMap3.put(ITrustConstants.RSTTEMPLATE, sTSRequestSecurityTokenTemplate);
                try {
                    ITrustRequestSecurityToken createRequestSecurityToken = trustClient.createRequestSecurityToken(sTSRequestSecurityTokenTemplate, hashMap3);
                    AxisService axisService = createRequestSecurityToken.getAxisService();
                    if (axisService != null) {
                        axisService.addParameter(new Parameter("WASAxis2PolicySet", policySetConfig));
                        axisService.addParameter(new Parameter("Sandesha2UnreliableMessage", "true"));
                    }
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "About to call Trust client with Renew request.");
                    }
                    ITrustRequestSecurityTokenResponseCollection renew = trustClient.renew(createRequestSecurityToken);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Trust client renew is successful.");
                    }
                    Iterator<ITrustRequestSecurityTokenResponse> rSTRCollection = renew.getRSTRCollection();
                    if (rSTRCollection.hasNext()) {
                        ITrustRequestSecurityTokenResponse next = rSTRCollection.next();
                        byte[] serverSecretBytes = next.getServerSecretBytes();
                        Date createdDate = next.getCreatedDate();
                        Date expiresDate = next.getExpiresDate();
                        Integer valueOf = Integer.valueOf(next.getKeySize());
                        if (valueOf != null) {
                            parseInt = valueOf.intValue();
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Key Size from the RSTR = " + parseInt);
                            }
                        }
                        OMElement securityContextTokenElement = next.getSecurityContextTokenElement();
                        next.getUUID();
                        next.getInstance();
                        String renewable = next.getRenewable();
                        String renewableAfterExpiration = next.getRenewableAfterExpiration();
                        String uuid = next.getUUID();
                        String iTrustRequestSecurityTokenResponse = next.getInstance();
                        String id = next.getID();
                        if (com.ibm.ws.wssecurity.common.Constants.NS_WSC_SCT_13.equals(str4)) {
                            sct2 = new SCT13(uuid);
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Token Value Type = " + sct2.getValueType().getLocalPart());
                            }
                        } else if (com.ibm.ws.wssecurity.common.Constants.NS_WSC_SCT.equals(str4)) {
                            sct2 = new SCT(uuid);
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Token Value Type = " + sct2.getValueType().getLocalPart());
                            }
                        }
                        if (sct != null) {
                            for (String str7 : sct.getInstances()) {
                                sct2.setKeyHistoryEntry(sct.getKeyHistoryEntry(str7));
                            }
                        }
                        SCT.KeyHistoryEntry keyHistoryEntry = new SCT.KeyHistoryEntry(iTrustRequestSecurityTokenResponse, generateBytes, serverSecretBytes, createdDate, expiresDate, SCT.SCTState.RENEWED);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "RSTR returns with Requested Security Token: uuid = " + uuid + ", id = " + id + ", created = " + createdDate.toString() + ", expires = " + expiresDate.toString() + ", and instance = " + iTrustRequestSecurityTokenResponse);
                        }
                        sct2.setKeyHistoryEntry(keyHistoryEntry);
                        sct2.setKeySize(parseInt);
                        sct2.setId(id);
                        sct2.setTokenID(id);
                        sct2.setReferenceURI("#" + id);
                        sct2.setUsedForSigAndEnc(true);
                        sct2.setXML(new OMStructure(securityContextTokenElement));
                        if (renewable != null) {
                            sct2.setRenewable(Boolean.valueOf(renewable).booleanValue());
                        }
                        if (renewableAfterExpiration != null) {
                            sct2.setRenewableAfterExpiration(Boolean.valueOf(renewableAfterExpiration).booleanValue());
                        }
                        sct2.setIssuer(issuer);
                        sct2.setClientID(sct.getClientID());
                        sCTWrapper = createSCTWrapper(sct2, iTrustRequestSecurityTokenResponse);
                        sCTWrapper.setSCT(sct2);
                        sCTWrapper.setXML(new OMStructure(securityContextTokenElement));
                    }
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "requestSCToken()");
                    }
                    return sCTWrapper;
                } catch (Exception e) {
                    Tr.error(tc, "security.wssecurity.SCTGenerateLoginModule.issueSCT", new Object[]{e});
                    throw SoapSecurityException.format("security.wssecurity.SCTGenerateLoginModule.issueSCT", e);
                } catch (Throwable th) {
                    Tr.error(tc, "security.wssecurity.SCTGenerateLoginModule.issueSCT", new Object[]{th});
                    throw SoapSecurityException.format("security.wssecurity.SCTGenerateLoginModule.issueSCT", th);
                }
            } catch (Throwable th2) {
                throw SoapSecurityException.format("Throwable Exception during the trust client API invocation", th2);
            }
        } catch (TrustException e2) {
            Tr.error(tc, "security.wssecurity.SCTGenerateLoginModule.issueSCT", new Object[]{e2});
            throw SoapSecurityException.format("security.wssecurity.SCTGenerateLoginModule.issueSCT", e2);
        }
    }

    private SCTWrapper cancelSCToken(HashMap hashMap, SCT sct) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "cancelSCToken()");
        }
        String str = "http://schemas.xmlsoap.org/ws/2005/02/trust";
        String str2 = com.ibm.ws.wssecurity.common.Constants.NS_SOAP;
        String str3 = com.ibm.ws.wssecurity.common.Constants.NS_WSADDRS[0];
        String issuer = sct.getIssuer();
        ConfigurationContext configurationContext = getConfigurationContext(issuer);
        SCTWrapper sCTWrapper = new SCTWrapper();
        boolean z = false;
        WSSGeneratorConfig wSSGeneratorConfig = (WSSGeneratorConfig) hashMap.get("com.ibm.wsspi.wssecurity.config.wssGenerator.configKey");
        String str4 = (String) hashMap.get(com.ibm.ws.wssecurity.common.Constants.SCT_TOKEN_VALUE_TYPE);
        if (tc.isDebugEnabled()) {
            if (!configurationContext.getAxisConfiguration().getEngagedModules().isEmpty()) {
                Iterator it = configurationContext.getAxisConfiguration().getEngagedModules().iterator();
                while (it.hasNext()) {
                    Tr.debug(tc, "Engaged Module = ", it.next());
                }
            }
            if (wSSGeneratorConfig == null) {
                Tr.debug(tc, "Null security generator config to new message context");
            } else {
                Tr.debug(tc, "Valid security generator config to new message context");
            }
        }
        if (wSSGeneratorConfig != null && ((PrivateGeneratorConfig) wSSGeneratorConfig).getBootstrapGeneratorConfig() != null && ((PrivateGeneratorConfig) wSSGeneratorConfig).getBootstrapConsumerConfig() != null) {
            z = true;
        }
        String str5 = null;
        String str6 = null;
        if (com.ibm.ws.wssecurity.common.Constants.NS_WSC_SCT_13.equals(str4)) {
            str = SCAndTrustConstants.SC_TRUST_NAMESPACES[0][2];
            str5 = SCAndTrustConstants.SC_TRUST_ACTION_NAMESPACES[2][0];
            str6 = SCAndTrustConstants.SC_TRUST_ACTION_NAMESPACES[2][1];
        } else if (com.ibm.ws.wssecurity.common.Constants.NS_WSC_SCT.equals(str4)) {
            str = SCAndTrustConstants.SC_TRUST_NAMESPACES[1][2];
            str5 = SCAndTrustConstants.SC_TRUST_ACTION_NAMESPACES[6][0];
            str6 = SCAndTrustConstants.SC_TRUST_ACTION_NAMESPACES[6][1];
        }
        try {
            ITrustClient trustClient = TrustClientFactory.getTrustClient(str);
            ITrustRequestSecurityTokenTemplate sTSRequestSecurityTokenTemplate = trustClient.getSTSRequestSecurityTokenTemplate();
            sTSRequestSecurityTokenTemplate.setWSANamespace(str3);
            sTSRequestSecurityTokenTemplate.addTokenType(str4);
            sTSRequestSecurityTokenTemplate.addRequestType(str5);
            sTSRequestSecurityTokenTemplate.addAppliesTo(issuer);
            sTSRequestSecurityTokenTemplate.addCancelTarget(((OMStructure) sct.getXML()).getNode());
            HashMap hashMap2 = new HashMap();
            try {
                String createUID = SecurityUIDGenerator.createUID();
                sTSRequestSecurityTokenTemplate.setMessageID(createUID);
                sTSRequestSecurityTokenTemplate.setTo(issuer);
                sTSRequestSecurityTokenTemplate.setAction(str6);
                hashMap2.put(ITrustConstants.MESSAGE_ID, createUID);
                hashMap2.put(ITrustConstants.MESSAGE_TO, issuer);
                hashMap2.put(ITrustConstants.MESSAGE_ACTION, str6);
                hashMap2.put(ITrustConstants.SOAP_LEVEL, str2);
                hashMap2.put(ITrustConstants.ADDRESSING_LEVEL, str3);
                hashMap2.put(ITrustConstants.TRUST_LEVEL, str);
                hashMap2.put(ITrustConstants.CONTEXT_URI, ITrustConstants.CONTEXT_LOGIN);
                hashMap2.put(ITrustConstants.STS_NAME, "SSI");
                HashMap hashMap3 = new HashMap();
                hashMap3.put(ITrustConstants.CONFIG_CONTEXT, configurationContext);
                HashMap hashMap4 = new HashMap();
                hashMap4.put(com.ibm.ws.wssecurity.common.Constants.IS_BOOTSTRAP_REQUIRED, new Boolean(true));
                if (z) {
                    hashMap4.put(com.ibm.ws.wssecurity.common.Constants.BOOTSTRAP_APP_POLICY_CONFIG, wSSGeneratorConfig);
                    if (wSSGeneratorConfig instanceof PrivateGeneratorConfig) {
                        hashMap4.put("com.ibm.wsspi.wssecurity.config.wssConsumer.configKey", ((PrivateGeneratorConfig) wSSGeneratorConfig).getBootstrapConsumerConfig());
                    }
                }
                hashMap4.put(com.ibm.ws.wssecurity.common.Constants.SCT_CANCEL, new Boolean(true));
                hashMap4.put(Constants.WSSECURITY_SECURECONVERSATION_IDENTIFIER, sct.getIdentifier());
                hashMap4.put(com.ibm.ws.wssecurity.common.Constants.COOKIE_PROPERTY_MAP, new HashMap());
                hashMap3.put(ITrustConstants.AXIS2_MESSAGECONTEXT_PROPERTYMAP, hashMap4);
                hashMap3.put(ITrustConstants.STSCONFIGURATION, hashMap2);
                hashMap3.put(ITrustConstants.RSTTEMPLATE, sTSRequestSecurityTokenTemplate);
                try {
                    ITrustRequestSecurityToken createRequestSecurityToken = trustClient.createRequestSecurityToken(sTSRequestSecurityTokenTemplate, hashMap3);
                    AxisService axisService = createRequestSecurityToken.getAxisService();
                    if (axisService != null) {
                        axisService.addParameter(new Parameter("Sandesha2UnreliableMessage", "true"));
                    }
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "About to call Trust client with Cancel request.");
                    }
                    ITrustRequestSecurityTokenResponseCollection cancel = trustClient.cancel(createRequestSecurityToken);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Trust client Cancel is successful.");
                    }
                    Iterator<ITrustRequestSecurityTokenResponse> rSTRCollection = cancel.getRSTRCollection();
                    while (rSTRCollection.hasNext()) {
                        ITrustRequestSecurityTokenResponse next = rSTRCollection.next();
                        OMElement requestedTokenCancelledElement = next.getRequestedTokenCancelledElement();
                        if (requestedTokenCancelledElement != null && tc.isDebugEnabled()) {
                            Tr.debug(tc, "Cancel Element:" + requestedTokenCancelledElement.toString());
                        }
                        Boolean isTokenCancelled = next.isTokenCancelled();
                        if (tc.isDebugEnabled() && isTokenCancelled.booleanValue()) {
                            Tr.debug(tc, "Token Successfully Cancelled");
                        }
                    }
                } catch (Exception e) {
                    Tr.error(tc, "security.wssecurity.SCTGenerateLoginModule.issueSCT", new Object[]{e});
                } catch (Throwable th) {
                    Tr.error(tc, "security.wssecurity.SCTGenerateLoginModule.issueSCT", new Object[]{th});
                }
                sct.setCancelState();
                SecureConversationCacheHelper.invalidateCache(sct.getUUID());
                SecureConversationCacheHelper.invalidateCache(sct.getClientID());
                sCTWrapper.setSCT(sct);
                return sCTWrapper;
            } catch (Throwable th2) {
                throw SoapSecurityException.format("Throwable Exception during the trust client API invocation", th2);
            }
        } catch (TrustException e2) {
            Tr.error(tc, "security.wssecurity.SCTGenerateLoginModule.issueSCT", new Object[]{e2});
            throw SoapSecurityException.format("security.wssecurity.SCTGenerateLoginModule.issueSCT", e2);
        }
    }

    private void copySessionAffinityPropertiesToMap(MessageContext messageContext, Map map) {
        Object property = messageContext.getProperty(com.ibm.ws.wssecurity.common.Constants.COOKIE_PROPERTY);
        if (property != null) {
            map.put(com.ibm.ws.wssecurity.common.Constants.COOKIE_PROPERTY, property);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Copied Cookie property to innerMap: " + property.toString());
            }
        }
        Object property2 = messageContext.getProperty(com.ibm.ws.wssecurity.common.Constants.LOCATION_PROPERTY);
        if (property2 != null) {
            map.put(com.ibm.ws.wssecurity.common.Constants.LOCATION_PROPERTY, property2);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Copied Location property to innerMap: " + property2.toString());
            }
        }
        Object property3 = messageContext.getProperty(com.ibm.ws.wssecurity.common.Constants.MAINTAIN_SESSION_PROPERTY);
        if (property3 != null) {
            map.put(com.ibm.ws.wssecurity.common.Constants.MAINTAIN_SESSION_PROPERTY, property3);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Copied javax.xml.ws.session.maintain property to innerMap: " + property3.toString());
            }
        }
    }

    private void copySessionAffinityPropertiesFromMap(MessageContext messageContext, Map map) {
        Object property = messageContext.getProperty(com.ibm.ws.wssecurity.common.Constants.COOKIE_PROPERTY);
        if (property == null) {
            Object obj = map.get(com.ibm.ws.wssecurity.common.Constants.COOKIE_PROPERTY);
            if (obj != null) {
                messageContext.setProperty(com.ibm.ws.wssecurity.common.Constants.COOKIE_PROPERTY, obj);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Copied Cookie property to MessageContext: " + obj.toString());
                }
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Cookie property already in MessageContext: " + property.toString());
        }
        Object property2 = messageContext.getProperty(com.ibm.ws.wssecurity.common.Constants.LOCATION_PROPERTY);
        if (property2 == null) {
            Object obj2 = map.get(com.ibm.ws.wssecurity.common.Constants.LOCATION_PROPERTY);
            if (obj2 != null) {
                messageContext.setProperty(com.ibm.ws.wssecurity.common.Constants.LOCATION_PROPERTY, obj2);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Copied Location property to MessageContext: " + obj2.toString());
                }
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Location property already in MessageContext: " + property2.toString());
        }
        ServiceContext serviceContext = messageContext.getServiceContext();
        if (serviceContext != null) {
            Object property3 = serviceContext.getProperty(com.ibm.ws.wssecurity.common.Constants.COOKIE_PROPERTY);
            if (property3 == null) {
                Object obj3 = map.get(com.ibm.ws.wssecurity.common.Constants.COOKIE_PROPERTY);
                if (obj3 != null) {
                    serviceContext.setProperty(com.ibm.ws.wssecurity.common.Constants.COOKIE_PROPERTY, obj3);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Copied Cookie property to ServiceContext: " + obj3.toString());
                    }
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Cookie property already in ServiceContext: " + property3.toString());
            }
            Object property4 = serviceContext.getProperty(com.ibm.ws.wssecurity.common.Constants.LOCATION_PROPERTY);
            if (property4 != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Location property already in ServiceContext: " + property4.toString());
                    return;
                }
                return;
            }
            Object obj4 = map.get(com.ibm.ws.wssecurity.common.Constants.LOCATION_PROPERTY);
            if (obj4 != null) {
                serviceContext.setProperty(com.ibm.ws.wssecurity.common.Constants.LOCATION_PROPERTY, obj4);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Copied Location property to ServiceContext: " + obj4.toString());
                }
            }
        }
    }

    private ConfigurationContext getConfigurationContext(String str) throws SoapSecurityException {
        ClientConfigurationFactory newInstance = ClientConfigurationFactory.newInstance();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "ClientConfigurationFactory.newInstance(): " + newInstance);
        }
        if (newInstance == null) {
            Tr.error(tc, "security.wssecurity.SCTGenerateLoginModule.getClientConfigurationFactory");
            throw SoapSecurityException.format("security.wssecurity.SCTGenerateLoginModule.getClientConfigurationFactory");
        }
        ConfigurationContext clientConfigurationContext = newInstance.getClientConfigurationContext();
        if (clientConfigurationContext == null) {
            Tr.error(tc, "security.wssecurity.SCTGenerateLoginModule.getConfigurationContext");
            throw SoapSecurityException.format("security.wssecurity.SCTGenerateLoginModule.getConfigurationContext");
        }
        AxisConfiguration axisConfiguration = clientConfigurationContext.getAxisConfiguration();
        if (axisConfiguration == null) {
            Tr.error(tc, "security.wssecurity.SCTGenerateLoginModule.getAxisConfiguration");
            throw SoapSecurityException.format("security.wssecurity.SCTGenerateLoginModule.getAxisConfiguration");
        }
        try {
            if (axisConfiguration.getService(str) == null) {
                AxisService axisService = new AxisService(str);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "AxisService: " + axisService);
                }
                if (axisService == null) {
                    Tr.warning(tc, "security.wssecurity.SCTGenerateLoginModule.getAxisService", new Object[]{str});
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "creating an empty AxisService.");
                    }
                    axisService = new AxisService();
                    if (axisService == null) {
                        Tr.error(tc, "UNABLE TO CREATE EMPTY AxisService");
                    }
                }
                axisConfiguration.addService(axisService);
                newInstance.completeAxis2Configuration(axisService);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "ccf.completeAxis2Configuration(): " + newInstance);
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Found Target axisService from AxisConfiguration.");
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "ccf.completeAxis2Configuration(): " + newInstance);
            }
            return clientConfigurationContext;
        } catch (Exception e) {
            Tr.error(tc, "security.wssecurity.SCTGenerateLoginModule.getAxisConfiguration");
            throw SoapSecurityException.format("security.wssecurity.SCTGenerateLoginModule.getAxisConfiguration", e);
        }
    }

    public String searchInstanceList(SCT sct) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "searchInstanceList(SCT sctoken)");
        }
        Date date = new Date();
        String[] instances = sct.getInstances();
        if (instances == null || instances.length == 0) {
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "searchInstanceList(SCT sctoken): no key instance.");
            return null;
        }
        int length = instances.length;
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Instances in the list = " + length);
        }
        Date creation = sct.getCreation(instances[length - 1]);
        String str = instances[length - 1];
        if (length == 1) {
            return str;
        }
        for (int i = 0; i < length - 1; i++) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "instance:" + instances[i] + "  creation time:" + sct.getCreation(instances[i]));
            }
            if (sct.getCreation(instances[i]).after(creation) || (sct.getCreation(instances[i]).equals(creation) && sct.getExpiration(instances[i]).after(sct.getExpiration(str)))) {
                str = instances[i];
                creation = sct.getCreation(instances[i]);
            }
        }
        if (creation.after(date)) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "searchInstanceList(SCT sctoken):" + str);
            }
            return str;
        }
        String str2 = null;
        int length2 = instances.length + 1;
        for (int i2 = 0; i2 < instances.length; i2++) {
            if (sct.getExpiration(instances[i2]).after(date)) {
                str2 = instances[i2];
                length2 = i2;
                date = sct.getExpiration(instances[i2]);
            }
        }
        if (length2 != instances.length + 1) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Returning valid instance  = " + str2 + "and it is at = " + length2);
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Returning non valid instance  = " + str2);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "searchInstanceList(SCT sctoken)");
        }
        return str2;
    }

    private String searchExistingInstance(SCT sct) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "searchExistingInstance(SCT sctoken).");
        }
        if (sct == null) {
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "searchExistingInstance(SCT sctoken): no SCT.");
            return null;
        }
        String searchInstanceList = searchInstanceList(sct);
        String[] instances = sct.getInstances();
        if (instances == null || instances.length < 2) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "searchExistingInstance(SCT sctoken): no more than 1 key instance.");
            }
            return searchInstanceList;
        }
        Date date = new Date();
        new Date();
        long time = date.getTime() + ((cushion * 3) / 5);
        String str = searchInstanceList;
        Date creation = sct.getCreation(str);
        for (String str2 : instances) {
            if (sct.getExpiration(str2).getTime() > time) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Valid old Instance:" + str2, "created at " + sct.getCreation(str2));
                }
                if (sct.getCreation(str2).before(creation)) {
                    str = str2;
                    creation = sct.getCreation(str);
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Instance expired:" + str2);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "searchExistingInstance(SCT sctoken) = " + str);
        }
        return str;
    }

    public static final Date parseDateTime(String str) {
        if (str == null) {
            return null;
        }
        try {
            return UTC.parse(str);
        } catch (Exception e) {
            return null;
        }
    }

    private boolean isCancelInProgress(MessageContext messageContext) {
        if (messageContext == null) {
            return false;
        }
        try {
            if (Axis2Util.isServiceProvider(messageContext)) {
                String wSAAction = messageContext.getWSAAction();
                if (wSAAction == null) {
                    wSAAction = messageContext.getSoapAction();
                }
                String mapTrustAction = STSPolicySetUtil.mapTrustAction(wSAAction);
                return mapTrustAction != null && mapTrustAction.equals("cancel");
            }
            OperationContext operationContext = messageContext.getOperationContext();
            if (operationContext == null) {
                operationContext = (OperationContext) messageContext.getProperty("unverifiedOperationContext");
            }
            Object obj = null;
            if (operationContext != null) {
                Iterator it = operationContext.getMessageContexts().entrySet().iterator();
                while (it.hasNext()) {
                    obj = ((MessageContext) ((Map.Entry) it.next()).getValue()).getProperty(com.ibm.ws.wssecurity.common.Constants.SCT_CANCEL);
                    if (obj != null) {
                        break;
                    }
                }
            }
            return obj != null && (obj instanceof Boolean) && ((Boolean) obj).booleanValue();
        } catch (Exception e) {
            return false;
        }
    }

    public SCTWrapper createSCTWrapper(SCT sct, String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createSCTWrapper(SCT sctoken, String instance)");
        }
        String[] instances = sct.getInstances();
        SCT.KeyHistoryEntry[] keyHistoryEntryArr = new SCT.KeyHistoryEntry[instances.length];
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Instances in the list = " + instances.length);
        }
        for (int i = 0; i < instances.length; i++) {
            keyHistoryEntryArr[i] = sct.getKeyHistoryEntry(instances[i]);
        }
        SCTWrapper sCTWrapper = new SCTWrapper(sct.getUUID(), keyHistoryEntryArr, sct.getId(), str);
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuilder().append("createSCTWrapper(SCT sctoken, String instance) returns SCTWrapper object, instance = ").append(sCTWrapper).toString() != null ? sCTWrapper.getCurrentInstance() : null);
        }
        return sCTWrapper;
    }

    private static synchronized boolean hasBeenRequested(String str) {
        boolean z = false;
        if (getClientIDMap().containsKey(str)) {
            z = true;
            Vector vector = (Vector) getClientIDMap().get(str);
            vector.add(Thread.currentThread());
            getClientIDMap().put(str, vector);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "This client has requested an SCT.");
            }
        } else {
            getClientIDMap().put(str, new Vector());
        }
        return z;
    }

    private static synchronized void wakeupOtherRequests(String str) {
        if (getClientIDMap().containsKey(str)) {
            try {
                final Vector vector = (Vector) getClientIDMap().get(str);
                AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.wssecurity.impl.auth.callback.WSTrustCallbackHandler.1
                    @Override // java.security.PrivilegedAction
                    public Object run() {
                        while (!vector.isEmpty()) {
                            try {
                                Thread thread = (Thread) vector.lastElement();
                                if (WSTrustCallbackHandler.tc.isDebugEnabled()) {
                                    Tr.debug(WSTrustCallbackHandler.tc, "Interrupt sleeping Thread:" + thread.getName());
                                }
                                thread.interrupt();
                                vector.remove(thread);
                            } catch (Exception e) {
                                return null;
                            }
                        }
                        return null;
                    }
                });
                getClientIDMap().remove(str);
            } catch (Exception e) {
                getClientIDMap().remove(str);
            }
        }
    }

    private static synchronized Map getClientIDMap() {
        return clientIDMap;
    }

    public boolean validateSCT(SCT sct, HashMap hashMap, MessageContext messageContext) throws SoapSecurityException {
        ConfigurationContext configurationContext;
        String issuer;
        String name;
        String str;
        String str2;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "validateSCT(SCT oldsct, HashMap context, MessageContext mCtx)");
        }
        String str3 = "http://schemas.xmlsoap.org/ws/2005/02/trust";
        String[] strArr = {"", "", ""};
        boolean z = true;
        String str4 = (String) hashMap.get(com.ibm.ws.wssecurity.common.Constants.SCT_TOKEN_VALUE_TYPE);
        if (messageContext == null) {
            name = com.ibm.ws.wssecurity.common.Constants.NS_SOAP;
            str = com.ibm.ws.wssecurity.common.Constants.NS_WSADDRS[0];
            issuer = sct.getIssuer();
            configurationContext = getConfigurationContext(issuer);
        } else {
            configurationContext = messageContext.getConfigurationContext();
            if (tc.isDebugEnabled() && !configurationContext.getAxisConfiguration().getEngagedModules().isEmpty()) {
                Iterator it = configurationContext.getAxisConfiguration().getEngagedModules().iterator();
                while (it.hasNext()) {
                    Tr.debug(tc, "Engaged Module = ", it.next());
                }
            }
            issuer = sct.getIssuer();
            name = messageContext.getEnvelope().getNamespace().getName();
            str = (String) messageContext.getProperty("WSAddressingVersion");
            if (str == null || str.length() == 0) {
                str = com.ibm.ws.wssecurity.common.Constants.NS_WSADDRS[0];
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "No namespace defined for WS-Addressing on the message context.");
                    Tr.debug(tc, "Setting final WS-Addressing level in the trust service request." + str);
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Namespace for WS-Addressing [" + str + "]. This will be set on trust service request");
            }
        }
        messageContext.getEnvelope().getOMFactory();
        Object property = messageContext.getProperty(com.ibm.ws.wssecurity.common.Constants.WSS_VERSION);
        if (property != null && (property instanceof Integer)) {
            ((Integer) property).intValue();
        }
        String str5 = null;
        String str6 = null;
        if (com.ibm.ws.wssecurity.common.Constants.NS_WSC_SCT_13.equals(str4)) {
            str3 = SCAndTrustConstants.SC_TRUST_NAMESPACES[0][2];
            str5 = SCAndTrustConstants.SC_TRUST_ACTION_NAMESPACES[3][0];
            str6 = SCAndTrustConstants.SC_TRUST_ACTION_NAMESPACES[3][1];
        } else if (com.ibm.ws.wssecurity.common.Constants.NS_WSC_SCT.equals(str4)) {
            str3 = SCAndTrustConstants.SC_TRUST_NAMESPACES[1][2];
            str5 = SCAndTrustConstants.SC_TRUST_ACTION_NAMESPACES[7][0];
            str6 = SCAndTrustConstants.SC_TRUST_ACTION_NAMESPACES[7][1];
        }
        try {
            ITrustClient trustClient = TrustClientFactory.getTrustClient(str3);
            ITrustRequestSecurityTokenTemplate sTSRequestSecurityTokenTemplate = trustClient.getSTSRequestSecurityTokenTemplate();
            sTSRequestSecurityTokenTemplate.setWSANamespace(str);
            sTSRequestSecurityTokenTemplate.addTokenType(str4);
            sTSRequestSecurityTokenTemplate.addRequestType(str5);
            sTSRequestSecurityTokenTemplate.addValidateTarget(((OMStructure) sct.getXML()).getNode());
            sTSRequestSecurityTokenTemplate.addAppliesTo(issuer);
            HashMap hashMap2 = new HashMap();
            try {
                String createUID = SecurityUIDGenerator.createUID();
                sTSRequestSecurityTokenTemplate.setMessageID(createUID);
                sTSRequestSecurityTokenTemplate.setTo(issuer);
                sTSRequestSecurityTokenTemplate.setAction(str6);
                hashMap2.put(ITrustConstants.MESSAGE_ID, createUID);
                hashMap2.put(ITrustConstants.MESSAGE_TO, issuer);
                hashMap2.put(ITrustConstants.MESSAGE_ACTION, str6);
                hashMap2.put(ITrustConstants.SOAP_LEVEL, name);
                hashMap2.put(ITrustConstants.ADDRESSING_LEVEL, str);
                hashMap2.put(ITrustConstants.TRUST_LEVEL, str3);
                hashMap2.put(ITrustConstants.CONTEXT_URI, ITrustConstants.CONTEXT_LOGIN);
                hashMap2.put(ITrustConstants.STS_NAME, "SSI");
                HashMap hashMap3 = new HashMap();
                hashMap3.put(ITrustConstants.CONFIG_CONTEXT, configurationContext);
                hashMap3.put(ITrustConstants.AXIS2_MESSAGECONTEXT_PROPERTYMAP, new HashMap());
                hashMap3.put(ITrustConstants.STSCONFIGURATION, hashMap2);
                hashMap3.put(ITrustConstants.RSTTEMPLATE, sTSRequestSecurityTokenTemplate);
                PolicySetConfiguration policySetConfig = Axis2Util.getPolicySetConfig(messageContext);
                try {
                    ITrustRequestSecurityToken createRequestSecurityToken = trustClient.createRequestSecurityToken(sTSRequestSecurityTokenTemplate, hashMap3);
                    AxisService axisService = createRequestSecurityToken.getAxisService();
                    if (axisService != null) {
                        axisService.addParameter(new Parameter("Sandesha2UnreliableMessage", "true"));
                        axisService.addParameter(new Parameter("WASAxis2PolicySet", policySetConfig));
                    }
                    createRequestSecurityToken.getServiceClient();
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "About to call Trust client with Issue request.");
                    }
                    ITrustRequestSecurityTokenResponseCollection validate = trustClient.validate(createRequestSecurityToken);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Trust client validate is successful.");
                    }
                    Iterator<ITrustRequestSecurityTokenResponse> rSTRCollection = validate.getRSTRCollection();
                    if (rSTRCollection.hasNext()) {
                        ITrustRequestSecurityTokenResponse next = rSTRCollection.next();
                        strArr[0] = next.getStatusCode();
                        strArr[1] = next.getStatusReason();
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Status Code=" + strArr[0]);
                            Tr.debug(tc, "Status Reason=" + strArr[1]);
                        }
                        if (strArr[0].equals(str3 + STSConstantsImpl.STATUS_CODE_INVALID)) {
                            SecureConversationCacheHelper.invalidateCache(sct.getUUID());
                            z = false;
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "This sct is removed from cache.");
                            }
                        }
                    }
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "validateSCT(MessageContext mCtx, SCT oldsct, WSSGeneratorConfig gconfig) returns." + z);
                    }
                    return z;
                } catch (Exception e) {
                    throw SoapSecurityException.format(str2, e);
                } finally {
                    SoapSecurityException format = SoapSecurityException.format("security.wssecurity.SCTGenerateLoginModule.issueSCT", e);
                }
            } catch (Throwable th) {
                throw SoapSecurityException.format("Throwable Exception during the trust client API invocation", th);
            }
        } catch (TrustException e2) {
            Tr.error(tc, "security.wssecurity.SCTGenerateLoginModule.issueSCT", new Object[]{e2});
            throw SoapSecurityException.format(str2, e2);
        }
    }
}
