package com.ibm.ws.websvcs.rm.impl.security;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ejs.ras.TraceNLS;
import com.ibm.websphere.wssecurity.wssapi.token.SecurityContextToken;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.util.Base64;
import com.ibm.ws.websvcs.rm.RMConstants;
import com.ibm.ws.wssecurity.sc.util.SecureConversation;
import com.ibm.ws.wssecurity.sc.util.SecureConversationHandle;
import com.ibm.wsspi.wssecurity.core.SoapSecurityException;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.util.List;
import javax.xml.namespace.QName;
import org.apache.axiom.om.OMAbstractFactory;
import org.apache.axiom.om.OMAttribute;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMFactory;
import org.apache.axiom.om.OMNamespace;
import org.apache.axis2.context.ConfigurationContext;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.description.AxisModule;
import org.apache.sandesha2.SandeshaException;
import org.apache.sandesha2.security.SecurityManager;
import org.apache.sandesha2.security.SecurityToken;

/* loaded from: input_file:lib/policyset_policytype_jaxb_model.jar:com/ibm/ws/websvcs/rm/impl/security/IBMSecurityManager.class */
public class IBMSecurityManager extends SecurityManager {
    private static final TraceNLS nls = TraceNLS.getTraceNLS(RMConstants.RESOURCE_BUNDLE);
    private static final TraceComponent tc = Tr.register(IBMSecurityManager.class, RMConstants.TRACE_GROUP, RMConstants.RESOURCE_BUNDLE);
    private OMFactory factory;
    private OMNamespace secNamespace;
    private SecureConversation theConversation;

    public IBMSecurityManager(ConfigurationContext configurationContext) throws Exception {
        super(configurationContext);
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "IBMSecurityManager", configurationContext);
        }
        try {
            this.factory = OMAbstractFactory.getOMFactory();
            this.secNamespace = this.factory.createOMNamespace("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "wsse");
            this.theConversation = SecureConversationHandle.getInstance();
            if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                Tr.exit(tc, "IBMSecurityManager");
            }
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.websvcs.rm.impl.security.IBMSecurityManager.IBMSecurityManager", "1:110:1.12", this);
            if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                Tr.exit(tc, "IBMSecurityManager", e);
            }
            throw e;
        }
    }

    public void initSecurity(AxisModule axisModule) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "initSecurity");
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.exit(tc, "initSecurity");
        }
    }

    public SecurityToken getSecurityToken(MessageContext messageContext) throws SandeshaException {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "getSecurityToken(MessageContext)");
        }
        IBMSecurityToken iBMSecurityToken = null;
        try {
            SecurityContextToken sCToken = this.theConversation.getSCToken(messageContext);
            byte[] wSSPropertyMapByteArray = this.theConversation.getWSSPropertyMapByteArray(messageContext);
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Security token: " + sCToken + ", data: " + wSSPropertyMapByteArray);
            }
            if (sCToken != null) {
                iBMSecurityToken = new IBMSecurityToken(sCToken.getIdentifier(), wSSPropertyMapByteArray);
            }
            if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                Tr.exit(tc, "getSecurityToken", iBMSecurityToken);
            }
            return iBMSecurityToken;
        } catch (SoapSecurityException e) {
            FFDCFilter.processException(e, "com.ibm.ws.websvcs.rm.impl.security.IBMSecurityManager.getSecurityToken", "1:161:1.12", this);
            if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                Tr.exit(tc, "getSecurityToken", e);
            }
            throw new SandeshaException(nls.getFormattedMessage("SECURITY_EXCEPTION_CWSKA0021", new Object[]{e}, (String) null), e);
        }
    }

    public SecurityToken getSecurityToken(OMElement oMElement, MessageContext messageContext) throws SandeshaException {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "getSecurityToken(OMElement,MessageContext)");
        }
        try {
            SecurityContextToken sCTokenBySecurityTokenReference = this.theConversation.getSCTokenBySecurityTokenReference(oMElement, messageContext);
            byte[] wSSPropertyMapByteArray = this.theConversation.getWSSPropertyMapByteArray(messageContext);
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Security token: " + sCTokenBySecurityTokenReference + ", data: " + wSSPropertyMapByteArray);
            }
            IBMSecurityToken iBMSecurityToken = new IBMSecurityToken(sCTokenBySecurityTokenReference.getIdentifier(), wSSPropertyMapByteArray);
            if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                Tr.exit(tc, "getSecurityToken", iBMSecurityToken);
            }
            return iBMSecurityToken;
        } catch (SoapSecurityException e) {
            FFDCFilter.processException(e, "com.ibm.ws.websvcs.rm.impl.security.IBMSecurityManager.getSecurityToken", "1:196:1.12", this);
            if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                Tr.exit(tc, "getSecurityToken", e);
            }
            throw new SandeshaException(nls.getFormattedMessage("SECURITY_EXCEPTION_CWSKA0021", new Object[]{e}, (String) null), e);
        }
    }

    public SecurityToken recoverSecurityToken(String str) throws SandeshaException {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "recoverSecurityToken");
        }
        try {
            ObjectInputStream objectInputStream = new ObjectInputStream(new ByteArrayInputStream(Base64.decode(str)));
            IBMSecurityToken iBMSecurityToken = new IBMSecurityToken(this.theConversation.getSCTokenFromBytes((byte[]) objectInputStream.readObject()).getIdentifier(), (byte[]) objectInputStream.readObject());
            if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                Tr.exit(tc, "recoverSecurityToken", iBMSecurityToken);
            }
            return iBMSecurityToken;
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.websvcs.rm.impl.security.IBMSecurityManager.recoverSecurityToken", "1:242:1.12", this);
            if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                Tr.exit(tc, "recoverSecurityToken", e);
            }
            throw new SandeshaException(nls.getFormattedMessage("INTERNAL_RM_ERROR_CWSKA0002", new Object[]{"IBMSecurityManager", "1:246:1.12", e}, (String) null));
        } catch (SoapSecurityException e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.websvcs.rm.impl.security.IBMSecurityManager.recoverSecurityToken", "1:230:1.12", this);
            if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                Tr.exit(tc, "recoverSecurityToken", e2);
            }
            throw new SandeshaException(nls.getFormattedMessage("SECURITY_EXCEPTION_CWSKA0021", new Object[]{e2}, (String) null), e2);
        }
    }

    public void checkProofOfPossession(SecurityToken securityToken, OMElement oMElement, MessageContext messageContext) throws SandeshaException {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "checkProofOfPossession", securityToken);
        }
        try {
            String uuid = ((IBMSecurityToken) securityToken).getUUID();
            List signedParts = this.theConversation.getSignedParts(uuid, messageContext);
            if (signedParts == null || !signedParts.contains(oMElement)) {
                List encryptedParts = this.theConversation.getEncryptedParts(uuid, messageContext);
                if (encryptedParts == null || !encryptedParts.contains(oMElement)) {
                    QName qName = oMElement.getQName();
                    if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                        Tr.exit(tc, "checkProofOfPossession", "No proof of possession " + qName);
                    }
                    throw new SandeshaException(nls.getFormattedMessage("MSGPART_NOT_SECURED_CWSKA0022", new Object[]{qName}, (String) null));
                }
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "Message part was encrypted");
                }
            } else if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Message part was signed");
            }
            if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                Tr.exit(tc, "checkProofOfPossession(signed)");
            }
        } catch (SoapSecurityException e) {
            FFDCFilter.processException(e, "com.ibm.ws.websvcs.rm.impl.security.IBMSecurityManager.checkProofOfPossession", "1:289:1.12", this);
            if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                Tr.exit(tc, "checkProofOfPossession", e);
            }
            throw new SandeshaException(nls.getFormattedMessage("SECURITY_EXCEPTION_CWSKA0021", new Object[]{e}, (String) null), e);
        }
    }

    public OMElement createSecurityTokenReference(SecurityToken securityToken, MessageContext messageContext) throws SandeshaException {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "createSecurityTokenReference", securityToken);
        }
        try {
            SecurityContextToken sCToken = this.theConversation.getSCToken(((IBMSecurityToken) securityToken).getUUID());
            String id = sCToken.getId();
            String localPart = sCToken.getValueType().getLocalPart();
            OMElement createOMElement = this.factory.createOMElement("SecurityTokenReference", this.secNamespace);
            OMElement createOMElement2 = this.factory.createOMElement("Reference", this.secNamespace);
            OMAttribute createOMAttribute = this.factory.createOMAttribute("URI", (OMNamespace) null, "#" + id);
            OMAttribute createOMAttribute2 = this.factory.createOMAttribute("ValueType", (OMNamespace) null, localPart);
            createOMElement.addChild(createOMElement2);
            createOMElement2.addAttribute(createOMAttribute);
            createOMElement2.addAttribute(createOMAttribute2);
            if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                Tr.exit(tc, "createSecurityTokenReference", createOMElement);
            }
            return createOMElement;
        } catch (SoapSecurityException e) {
            FFDCFilter.processException(e, "com.ibm.ws.websvcs.rm.impl.security.IBMSecurityManager.createSecurityTokenReference", "1:326:1.12", this);
            if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                Tr.exit(tc, "createSecurityTokenReference", e);
            }
            throw new SandeshaException(nls.getFormattedMessage("SECURITY_EXCEPTION_CWSKA0021", new Object[]{e}, (String) null), e);
        }
    }

    public String getTokenRecoveryData(SecurityToken securityToken) throws SandeshaException {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "getTokenRecoveryData", securityToken);
        }
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            ObjectOutputStream objectOutputStream = new ObjectOutputStream(byteArrayOutputStream);
            IBMSecurityToken iBMSecurityToken = (IBMSecurityToken) securityToken;
            byte[] sCTokenBytes = this.theConversation.getSCTokenBytes(iBMSecurityToken.getUUID());
            byte[] securityHashMapData = iBMSecurityToken.getSecurityHashMapData();
            objectOutputStream.writeObject(sCTokenBytes);
            objectOutputStream.writeObject(securityHashMapData);
            objectOutputStream.flush();
            objectOutputStream.close();
            String encode = Base64.encode(byteArrayOutputStream.toByteArray());
            if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                Tr.exit(tc, "getTokenRecoveryData");
            }
            return encode;
        } catch (IOException e) {
            FFDCFilter.processException(e, "com.ibm.ws.websvcs.rm.impl.security.IBMSecurityManager.getTokenRecoveryData", "1:377:1.12", this);
            if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                Tr.exit(tc, "getTokenRecoveryData", e);
            }
            throw new SandeshaException(nls.getFormattedMessage("INTERNAL_RM_ERROR_CWSKA0002", new Object[]{"IBMSecurityManager", "1:381:1.12", e}, (String) null));
        } catch (SoapSecurityException e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.websvcs.rm.impl.security.IBMSecurityManager.getTokenRecoveryData", "1:365:1.12", this);
            if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                Tr.exit(tc, "getTokenRecoveryData", e2);
            }
            throw new SandeshaException(nls.getFormattedMessage("SECURITY_EXCEPTION_CWSKA0021", new Object[]{e2}, (String) null), e2);
        }
    }

    public void applySecurityToken(SecurityToken securityToken, MessageContext messageContext) throws SandeshaException {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "applySecurityToken", new Object[]{securityToken, messageContext});
        }
        try {
            this.theConversation.getWSSPropertyMapFromByteArray(((IBMSecurityToken) securityToken).getSecurityHashMapData(), messageContext);
            if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                Tr.exit(tc, "applySecurityToken");
            }
        } catch (SoapSecurityException e) {
            FFDCFilter.processException(e, "com.ibm.ws.websvcs.rm.impl.security.IBMSecurityManager.applySecurityToken", "1:407:1.12", this);
            if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                Tr.exit(tc, "applySecurityToken", e);
            }
            throw new SandeshaException(nls.getFormattedMessage("SECURITY_EXCEPTION_CWSKA0021", new Object[]{e}, (String) null), e);
        }
    }

    static {
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "Source info: @(#)WSERV1/ws/code/rm/src/com/ibm/ws/websvcs/rm/impl/security/IBMSecurityManager.java, WAS.rm, WSFP.WSERV1, x0722.09 1.12");
        }
    }
}
