package com.ibm.ws.wssecurity.dsig;

import com.ibm.websphere.wssecurity.wssapi.token.BinarySecurityToken;
import com.ibm.websphere.wssecurity.wssapi.token.SecurityToken;
import com.ibm.ws.wssecurity.common.Result;
import com.ibm.ws.wssecurity.common.ResultPool;
import com.ibm.ws.wssecurity.config.KeyInfoConsumerConfig;
import com.ibm.ws.wssecurity.config.KeyInfoContentConsumerConfig;
import com.ibm.ws.wssecurity.keyinfo.KeyInfoResult;
import com.ibm.ws.wssecurity.keyinfo.WSSKeyInfoComponent;
import com.ibm.ws.wssecurity.trust.ext.client.base.TrustProperties;
import com.ibm.ws.wssecurity.util.CertificateUtil;
import com.ibm.ws.wssecurity.util.ConfigUtil;
import com.ibm.ws.wssecurity.util.DOMUtils;
import com.ibm.ws.wssecurity.util.Tr;
import com.ibm.ws.wssecurity.util.TraceComponent;
import com.ibm.ws.wssecurity.util.XMLStructureHelper;
import com.ibm.ws.wssecurity.wssapi.token.impl.SecurityTokenManagerImpl;
import com.ibm.ws.wssecurity.wssapi.token.impl.SecurityTokenWrapper;
import com.ibm.ws.wssecurity.xml.xss4j.dsig.KeyInfo;
import com.ibm.ws.wssecurity.xml.xss4j.dsig.util.Base64;
import com.ibm.wsspi.wssecurity.core.Constants;
import com.ibm.wsspi.wssecurity.core.SoapSecurityException;
import com.ibm.wsspi.wssecurity.core.config.Configuration;
import java.math.BigInteger;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.text.ParseException;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMFactory;
import org.apache.axiom.om.OMNode;

/* loaded from: input_file:lib/com.ibm.wsfp.main.jar:com/ibm/ws/wssecurity/dsig/STRDTKeyInfoResolver.class */
public class STRDTKeyInfoResolver {
    private static final String comp = "security.wssecurity";
    private Collection<Configuration> _dsigKinfoSet;
    private Collection<Configuration> _encKinfoSet;
    private Map<Object, Object> _context;
    private Map<Object, Object> _selectors;
    private static final TraceComponent tc = Tr.register(STRDTKeyInfoResolver.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.wssmessages");
    private static final String clsName = STRDTKeyInfoResolver.class.getName();
    private static final String VALUE_TYPE = "ValueType".intern();
    private boolean _generation = false;
    private boolean _storedToken = false;
    private Collection<SecurityTokenWrapper> _stokens = null;
    private Result[] _results = null;

    /* JADX INFO: Access modifiers changed from: protected */
    public void setDsigKeyInfoSet(Collection<Configuration> collection) {
        this._dsigKinfoSet = collection;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setEncKeyInfoSet(Collection<Configuration> collection) {
        this._encKinfoSet = collection;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setGeneration(boolean z) {
        this._generation = z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setContext(Map<Object, Object> map) {
        this._context = map;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setSelectors(Map<Object, Object> map) {
        this._selectors = map;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public OMElement resolve(OMElement oMElement, String str) throws SoapSecurityException {
        OMElement elementInSubject;
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("resolve(");
            stringBuffer.append("OMElement secTokenRef[").append(DOMUtils.getDisplayName((OMNode) oMElement)).append("],");
            stringBuffer.append("String keyInfoType[").append(str).append("])");
            Tr.entry(tc, stringBuffer.toString());
        }
        SecurityTokenManagerImpl securityTokenManagerImpl = (SecurityTokenManagerImpl) this._context.get(Constants.WSSECURITY_SECURITY_TOKEN_MANAGER);
        try {
            HashMap hashMap = new HashMap();
            int i = 0;
            Object obj = this._context.get(com.ibm.ws.wssecurity.common.Constants.WSS_VERSION);
            if (obj != null && (obj instanceof Integer)) {
                i = ((Integer) obj).intValue();
            }
            String str2 = com.ibm.ws.wssecurity.common.Constants.NAMESPACES[0][i];
            if (this._generation) {
                elementInSubject = getElementInSubject(oMElement, str, str2, securityTokenManagerImpl, this._context);
            } else {
                elementInSubject = getElementInSubject(oMElement, str, str2, securityTokenManagerImpl, this._context);
                if (elementInSubject == null) {
                    if (!this._storedToken) {
                        this._stokens = XMLDTKeyInfoResolver.storeSubject(securityTokenManagerImpl);
                        this._results = XMLDTKeyInfoResolver.storeResult(this._context);
                        this._storedToken = true;
                    }
                    elementInSubject = getElementInSubject(oMElement, str, str2, securityTokenManagerImpl, this._context);
                    if (elementInSubject == null) {
                        elementInSubject = getElement(oMElement, this._dsigKinfoSet, this._encKinfoSet, hashMap, this._selectors, securityTokenManagerImpl, this._context, str2);
                    }
                }
            }
            if (tc.isEntryEnabled()) {
                StringBuffer stringBuffer2 = new StringBuffer("resolve(");
                stringBuffer2.append("OMElement, String)");
                stringBuffer2.append(" returns OMElement[").append(DOMUtils.getDisplayName((OMNode) elementInSubject)).append("]");
                Tr.exit(tc, stringBuffer2.toString());
            }
            return elementInSubject;
        } finally {
            if (this._storedToken) {
                XMLDTKeyInfoResolver.restoreSubject(securityTokenManagerImpl, this._stokens);
                XMLDTKeyInfoResolver.restoreResult(this._context, this._results);
                this._storedToken = false;
            }
        }
    }

    private static OMElement getElementInSubject(OMElement oMElement, String str, String str2, SecurityTokenManagerImpl securityTokenManagerImpl, Map map) throws SoapSecurityException {
        String idInSubject;
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("getElementInSubject(");
            stringBuffer.append("OMElement secTokenRef[").append(DOMUtils.getDisplayName((OMNode) oMElement)).append("],");
            stringBuffer.append("String keyInfoType[").append(str).append("], ");
            stringBuffer.append("String nsWsse[").append(str2).append("], ");
            stringBuffer.append("SecurityTokenManagerImpl securityTokenManager, ");
            stringBuffer.append("Map context)");
            Tr.entry(tc, stringBuffer.toString());
        }
        OMElement oMElement2 = null;
        Collection<SecurityToken> tokens = securityTokenManagerImpl.getTokens();
        if (tokens != null && (idInSubject = getIdInSubject(oMElement, str, str2)) != null) {
            Iterator<SecurityToken> it = tokens.iterator();
            XMLStructureHelper xMLStructureHelper = new XMLStructureHelper();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                SecurityToken next = it.next();
                String id = next.getId();
                if (id == null) {
                    id = next.getKeyIdentifier();
                }
                if (idInSubject.equals(id)) {
                    try {
                        oMElement2 = xMLStructureHelper.getOMElement(next, map);
                    } catch (SoapSecurityException e) {
                        if (!"Null XMLStructure".equals(e.getMessage())) {
                            throw e;
                        }
                        oMElement2 = null;
                    }
                    if (oMElement2 == null && (next instanceof BinarySecurityToken)) {
                        oMElement2 = createOMTokenElement(oMElement.getOMFactory(), oMElement.getParent(), next, str2, map);
                    }
                }
            }
        }
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer2 = new StringBuffer("getElementInSubject(");
            stringBuffer2.append("OMElement, String, String, ");
            stringBuffer2.append("SecurityTokenManagerImpl, Map context)");
            stringBuffer2.append(" returns OMElement[").append(DOMUtils.getDisplayName((OMNode) oMElement2)).append("]");
            Tr.exit(tc, stringBuffer2.toString());
        }
        return oMElement2;
    }

    static final OMElement createOMTokenElement(OMFactory oMFactory, OMElement oMElement, SecurityToken securityToken, String str, Map<Object, Object> map) {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("createOMTokenElement(");
            stringBuffer.append("OMFactory factory, ");
            stringBuffer.append("OMElement parent[").append(DOMUtils.getDisplayName((OMNode) oMElement)).append("], ");
            stringBuffer.append("SecurityToken token, ");
            stringBuffer.append("String nsWsse[").append(str).append("], ");
            stringBuffer.append("Map context)");
            Tr.entry(tc, stringBuffer.toString());
        }
        int i = 0;
        Object obj = map.get(com.ibm.ws.wssecurity.common.Constants.WSS_VERSION);
        if (obj != null && (obj instanceof Integer)) {
            i = ((Integer) obj).intValue();
        }
        boolean z = false;
        String str2 = null;
        if (oMElement != null) {
            str2 = DOMUtils.getNamespacePrefix(oMElement, str);
        }
        if (str2 == null) {
            z = true;
            str2 = "wsse";
        }
        OMElement createOMElement = oMFactory.createOMElement("BinarySecurityToken", str, str2);
        if (z) {
            createOMElement.declareNamespace(str, str2);
        }
        Iterator allDeclaredNamespaces = oMElement.getAllDeclaredNamespaces();
        while (allDeclaredNamespaces.hasNext()) {
        }
        DOMUtils.setQNameAttr(createOMElement, null, VALUE_TYPE, securityToken.getValueType(), i);
        String str3 = null;
        if (securityToken instanceof BinarySecurityToken) {
            final BinarySecurityToken binarySecurityToken = (BinarySecurityToken) securityToken;
            str3 = Base64.encode((byte[]) AccessController.doPrivileged(new PrivilegedAction<byte[]>() { // from class: com.ibm.ws.wssecurity.dsig.STRDTKeyInfoResolver.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public byte[] run() {
                    return BinarySecurityToken.this.getBinary();
                }
            }));
        }
        if (str3 != null) {
            createOMElement.addChild(oMFactory.createOMText(str3));
        }
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer2 = new StringBuffer("createOMTokenElement(");
            stringBuffer2.append("OMFactory, OMElement, BinarySecurityToken, ");
            stringBuffer2.append("String, Map)");
            stringBuffer2.append(" returns OMElement [").append(createOMElement).append("]");
            Tr.exit(tc, stringBuffer2.toString());
        }
        return createOMElement;
    }

    private static String getIdInSubject(OMElement oMElement, String str, String str2) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("getIdInSubject(");
            stringBuffer.append("OMElement secTokenRef[").append(DOMUtils.getDisplayName((OMNode) oMElement)).append("],");
            stringBuffer.append("String keyInfoType[").append(str).append("], ");
            stringBuffer.append("String nsWsse[").append(str2).append("])");
            Tr.entry(tc, stringBuffer.toString());
        }
        String str3 = null;
        if (ConfigUtil.isKeyInfoKeyid(str) || ConfigUtil.isKeyInfoThumbprint(str)) {
            str3 = DOMUtils.getStringValue(DOMUtils.getOneElement(oMElement, str2, "KeyIdentifier"));
        } else if (ConfigUtil.isKeyInfoX509issuer(str)) {
            String stringValue = DOMUtils.getStringValue(DOMUtils.getOneElement(oMElement, com.ibm.ws.wssecurity.common.Constants.NS_DSIG, TrustProperties.LocalNames.ds.X509IssuerName));
            if (stringValue != null) {
                stringValue = KeyInfo.X509Data.encodeDName(stringValue);
            }
            String stringValue2 = DOMUtils.getStringValue(DOMUtils.getOneElement(oMElement, com.ibm.ws.wssecurity.common.Constants.NS_DSIG, TrustProperties.LocalNames.ds.X509SerialNumber));
            if (stringValue2 != null) {
                try {
                    new BigInteger(stringValue2);
                } catch (NumberFormatException e) {
                    try {
                        stringValue2 = CertificateUtil.convertSerialNumber(stringValue2).toString();
                    } catch (ParseException e2) {
                        throw SoapSecurityException.format("security.wssecurity.X509LoginModule.s04", stringValue2, e2);
                    }
                }
            }
            str3 = stringValue + ":" + stringValue2;
        }
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer2 = new StringBuffer("getIdInSubject(");
            stringBuffer2.append("OMElement, String, String)");
            stringBuffer2.append(" returns String[").append(str3).append("]");
            Tr.exit(tc, stringBuffer2.toString());
        }
        return str3;
    }

    private static OMElement getElement(OMElement oMElement, Collection<Configuration> collection, Collection<Configuration> collection2, Map<Object, Object> map, Map<Object, Object> map2, SecurityTokenManagerImpl securityTokenManagerImpl, Map<Object, Object> map3, String str) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("getElement(");
            stringBuffer.append("OMElement secTokenRef[").append(DOMUtils.getDisplayName((OMNode) oMElement)).append("],");
            stringBuffer.append("Collection dsigKinfoSet, Collection encKinfoSet, Map type, ");
            stringBuffer.append("Map properties, SecurityTokenManagerImpl securityTokenManager, ");
            stringBuffer.append("Map context, String nsWsse)");
            Tr.entry(tc, stringBuffer.toString());
        }
        OMNode oMNode = null;
        Collection<SecurityTokenWrapper> lockTokenWrappers = lockTokenWrappers(securityTokenManagerImpl);
        try {
            KeyInfoResult callKeyInfoConsumer = callKeyInfoConsumer(collection, collection2, map, map2, getKeyInfoElement(oMElement), map3);
            if (callKeyInfoConsumer != null) {
                String idInSubject = callKeyInfoConsumer.getIdInSubject();
                SecurityToken token = securityTokenManagerImpl.getToken(callKeyInfoConsumer.getKeyInfoContentConsumer().getTokenConsumer(), idInSubject);
                SecurityTokenWrapper tokenWrapper = securityTokenManagerImpl.getTokenWrapper(token);
                if (tokenWrapper == null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "WARNING: Unable to extract the token with the token identifier [" + idInSubject + "].");
                    }
                } else {
                    if (tokenWrapper.getError() != null) {
                        throw tokenWrapper.getError();
                    }
                    try {
                        oMNode = new XMLStructureHelper().getOMElement(token, map3);
                    } catch (SoapSecurityException e) {
                        if (!"Null XMLStructure".equals(e.getMessage())) {
                            throw e;
                        }
                        oMNode = null;
                    }
                    if (oMNode == null && (token instanceof BinarySecurityToken)) {
                        oMNode = createOMTokenElement(oMElement.getOMFactory(), oMElement.getParent(), token, str, map3);
                    }
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "WARNING: Unable to get the KeyInfoResult.");
            }
            if (tc.isEntryEnabled()) {
                StringBuffer stringBuffer2 = new StringBuffer("getElement(");
                stringBuffer2.append("OMElement, Collection, Collection, Map, Map, ");
                stringBuffer2.append("SecurityTokenManagerImpl, Map)");
                stringBuffer2.append(" returns OMElement[").append(DOMUtils.getDisplayName(oMNode)).append("]");
                Tr.exit(tc, stringBuffer2.toString());
            }
            return oMNode;
        } finally {
            restoreTokenWrappers(securityTokenManagerImpl, lockTokenWrappers);
            removeKeyInfoResults(map3);
        }
    }

    private static OMElement getKeyInfoElement(OMNode oMNode) {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("getKeyInfoElement(");
            stringBuffer.append("OMNode node[").append(DOMUtils.getDisplayName(oMNode)).append("])");
            Tr.entry(tc, stringBuffer.toString());
        }
        OMElement oMElement = null;
        OMElement parent = oMNode.getParent();
        if (parent != null && (parent instanceof OMElement)) {
            oMElement = DOMUtils.equals(parent, com.ibm.ws.wssecurity.common.Constants.NS_DSIG, "KeyInfo") ? parent : getKeyInfoElement(parent);
        }
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer2 = new StringBuffer("getKeyInfoElement(OMNode)");
            stringBuffer2.append(" returns OMElement[").append(DOMUtils.getDisplayName((OMNode) oMElement)).append("]");
            Tr.exit(tc, stringBuffer2.toString());
        }
        return oMElement;
    }

    private static KeyInfoResult callKeyInfoConsumer(Collection<Configuration> collection, Collection<Configuration> collection2, Map<Object, Object> map, Map<Object, Object> map2, OMElement oMElement, Map<Object, Object> map3) throws SoapSecurityException {
        KeyInfoResult processedResult;
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("callKeyInfoConsumer(");
            stringBuffer.append("Collection dsigKinfoSet, Collection encKinfoSet, Map type, ");
            stringBuffer.append("Map properties, ");
            stringBuffer.append("OMElement target[").append(DOMUtils.getDisplayName((OMNode) oMElement)).append("],");
            stringBuffer.append("Map context)");
            Tr.entry(tc, stringBuffer.toString());
        }
        boolean z = false;
        Exception exc = null;
        Iterator<Configuration> it = collection.iterator();
        while (it.hasNext()) {
            try {
                SignatureConsumer.callKeyInfoConsumer((KeyInfoConsumerConfig) it.next(), WSSKeyInfoComponent.KEY_VERIFYING, map, map2, oMElement, map3);
                z = true;
                break;
            } catch (Exception e) {
                exc = e;
                removeKeyInfoResults(map3);
            }
        }
        if (z) {
            processedResult = getProcessedResult(SignatureConsumer.getKeyInfoResults(map3), collection);
        } else {
            Iterator<Configuration> it2 = collection2.iterator();
            while (it2.hasNext()) {
                try {
                    SignatureConsumer.callKeyInfoConsumer((KeyInfoConsumerConfig) it2.next(), WSSKeyInfoComponent.KEY_DECRYPTING, map, map2, oMElement, map3);
                    z = true;
                    break;
                } catch (Exception e2) {
                    exc = e2;
                    removeKeyInfoResults(map3);
                }
            }
            if (!z) {
                throw SoapSecurityException.format("security.wssecurity.DTKeyInfoResolver.s01", new String[]{exc.getMessage()}, exc);
            }
            processedResult = getProcessedResult(SignatureConsumer.getKeyInfoResults(map3), collection2);
        }
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer2 = new StringBuffer("callKeyInfoConsumer(");
            stringBuffer2.append("Collection, Collection, Map, Map, OMElement, Map)");
            stringBuffer2.append(" returns KeyInfoResult[").append(processedResult).append("]");
            Tr.exit(tc, stringBuffer2.toString());
        }
        return processedResult;
    }

    private static KeyInfoResult getProcessedResult(KeyInfoResult[] keyInfoResultArr, Collection collection) {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("getProcessedResult(");
            stringBuffer.append("KeyInfoResult[] results, Collection keyInfoSet)");
            Tr.entry(tc, stringBuffer.toString());
        }
        KeyInfoResult keyInfoResult = null;
        if (keyInfoResultArr != null) {
            for (KeyInfoResult keyInfoResult2 : keyInfoResultArr) {
                KeyInfoContentConsumerConfig keyInfoContentConsumer = keyInfoResult2.getKeyInfoContentConsumer();
                Iterator it = collection.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    if (((KeyInfoConsumerConfig) it.next()).getContentConsumers().contains(keyInfoContentConsumer) && keyInfoResult2.getError() == null) {
                        keyInfoResult = keyInfoResult2;
                        break;
                    }
                }
                if (keyInfoResult != null) {
                    break;
                }
            }
        }
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer2 = new StringBuffer("getProcessedResult(");
            stringBuffer2.append("KeyInfoResult[], Collection)");
            stringBuffer2.append(" returns KeyInfoResult[").append(keyInfoResult).append("]");
            Tr.exit(tc, stringBuffer2.toString());
        }
        return keyInfoResult;
    }

    private static Collection<SecurityTokenWrapper> lockTokenWrappers(SecurityTokenManagerImpl securityTokenManagerImpl) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "lockTokenWrappers(SecurityTokenManagerImpl securityTokenManager)");
        }
        HashSet hashSet = new HashSet(securityTokenManagerImpl.getTokenWrappers());
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "lockTokenWrappers(SecurityTokenManagerImpl)");
        }
        return hashSet;
    }

    private static void removeKeyInfoResults(Map<Object, Object> map) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "removeKeyInfoResults(Map)");
        }
        Result[] resultArr = ResultPool.get(map, KeyInfoResult.class);
        if (resultArr != null && resultArr.length > 0) {
            ResultPool.remove(map, resultArr);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "removeKeyInfoResults(Map context)");
        }
    }

    private static void restoreTokenWrappers(SecurityTokenManagerImpl securityTokenManagerImpl, Collection<SecurityTokenWrapper> collection) {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("restoreTokenWrappers(");
            stringBuffer.append("SecurityTokenManagerImpl securityTokenManager, ");
            stringBuffer.append("Collection tokenWrappers)");
            Tr.entry(tc, stringBuffer.toString());
        }
        securityTokenManagerImpl.removeAllTokens();
        securityTokenManagerImpl.addTokenWrappers(collection);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "restoreTokenWrappers(SecurityTokenManagerImpl, Collection)");
        }
    }
}
