package com.ibm.ws.wssecurity.trust.server.sts.MessageReceiver;

import com.ibm.ws.wssecurity.token.UTC;
import com.ibm.ws.wssecurity.trust.client.ITrustConstants;
import com.ibm.ws.wssecurity.trust.client.impl.OMElementUtil;
import com.ibm.ws.wssecurity.trust.client.impl.TrustException;
import com.ibm.ws.wssecurity.trust.client.impl.TrustOMFactory;
import com.ibm.ws.wssecurity.trust.server.sts.Util.Constants;
import com.ibm.ws.wssecurity.trust.server.sts.Util.STSConfigUtil;
import com.ibm.ws.wssecurity.trust.server.sts.Util.STSConstantsV13;
import com.ibm.ws.wssecurity.trust.server.sts.Util.STSSecurityUtil;
import com.ibm.ws.wssecurity.trust.server.sts.ext.sct.SCTHelper;
import com.ibm.ws.wssecurity.util.Tr;
import com.ibm.ws.wssecurity.util.TraceComponent;
import com.ibm.wsspi.wssecurity.core.SoapSecurityException;
import java.net.URI;
import java.net.URISyntaxException;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import javax.xml.namespace.QName;
import org.apache.axiom.om.OMAbstractFactory;
import org.apache.axiom.om.OMAttribute;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMNamespace;
import org.apache.axiom.om.OMText;
import org.apache.axiom.soap.SOAPBody;
import org.apache.axiom.soap.SOAPConstants;
import org.apache.axiom.soap.SOAPEnvelope;
import org.apache.axiom.soap.SOAPFactory;
import org.apache.axiom.soap.SOAPHeader;
import org.apache.axis2.AxisFault;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.receivers.AbstractInOutSyncMessageReceiver;
import org.apache.axis2.receivers.AbstractMessageReceiver;
import org.apache.sandesha2.client.SandeshaClientConstants;
import org.eclipse.core.runtime.Platform;
import org.eclipse.higgins.sts.IAddressingInformation;
import org.eclipse.higgins.sts.IConstants;
import org.eclipse.higgins.sts.IElement;
import org.eclipse.higgins.sts.IEndpointReference;
import org.eclipse.higgins.sts.IFault;
import org.eclipse.higgins.sts.ILifetime;
import org.eclipse.higgins.sts.IRequestSecurityToken;
import org.eclipse.higgins.sts.IRequestSecurityTokenResponse;
import org.eclipse.higgins.sts.ISTSRequest;
import org.eclipse.higgins.sts.ISTSResponse;
import org.eclipse.higgins.sts.ISecurityTokenService;
import org.eclipse.higgins.sts.UnsupportedContainedObjectClassException;
import org.eclipse.higgins.sts.impl.AddressingInformation;
import org.eclipse.higgins.sts.impl.AppliesTo;
import org.eclipse.higgins.sts.impl.EndpointReference;
import org.eclipse.higgins.sts.impl.Lifetime;
import org.eclipse.higgins.sts.impl.RequestSecurityToken;
import org.eclipse.higgins.sts.impl.STSRequest;
import org.eclipse.higgins.sts.impl.STSResponse;
import org.eclipse.higgins.sts.utilities.XMLHelper;

/* loaded from: input_file:com/ibm/ws/wssecurity/trust/server/sts/MessageReceiver/STSMessageReceiver.class */
public class STSMessageReceiver extends AbstractInOutSyncMessageReceiver {
    public static final String FFDC_ID_1 = "FFDC-1";
    public static final String FFDC_ID_2 = "FFDC-2";
    public static final String FFDC_ID_3 = "FFDC-3";
    public static final String FFDC_ID_4 = "FFDC-4";
    public static final String FFDC_ID_5 = "FFDC-5";
    private static final TraceComponent tc = Tr.register(STSMessageReceiver.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.wssmessages");
    private static final Boolean REQUIRED = new Boolean("true");
    private static final Boolean NOT_REQUIRED = new Boolean("false");

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.axis2.receivers.AbstractMessageReceiver
    public AbstractMessageReceiver.ThreadContextDescriptor setThreadContext(MessageContext messageContext) {
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.axis2.receivers.AbstractMessageReceiver
    public void restoreThreadContext(AbstractMessageReceiver.ThreadContextDescriptor threadContextDescriptor) {
    }

    /* JADX WARN: Type inference failed for: r0v19, types: [java.lang.Throwable, org.apache.axis2.AxisFault] */
    @Override // org.apache.axis2.receivers.AbstractInOutSyncMessageReceiver
    public final void invokeBusinessLogic(MessageContext messageContext, MessageContext messageContext2) throws AxisFault {
        String message;
        QName qName;
        SOAPEnvelope createOutCollectionEnvelope;
        SoapSecurityException format;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "invokeBusinessLogic(MessageContext inMessage, MessageContext outMessage)");
        }
        try {
            SOAPFactory sOAP11Factory = messageContext.isSOAP11() ? OMAbstractFactory.getSOAP11Factory() : OMAbstractFactory.getSOAP12Factory();
            SOAPEnvelope envelope = getEnvelope(messageContext);
            String property = System.getProperty(Platform.PREF_LINE_SEPARATOR);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, property + OMElementUtil.formatXML(envelope));
            }
            SOAPHeader headers = getHeaders(envelope);
            String wSAddressingNamespace = getWSAddressingNamespace(headers);
            OMElement header = getHeader(headers, "To", REQUIRED);
            OMElement header2 = getHeader(headers, "From", NOT_REQUIRED);
            OMElement header3 = getHeader(headers, "Action", REQUIRED);
            SOAPBody body = getBody(envelope);
            String wSTrustNamespace = getWSTrustNamespace(body);
            IConstants sTSConstants = getSTSConstants(wSAddressingNamespace, wSTrustNamespace);
            boolean isRequestSecurityTokenCollection = getIsRequestSecurityTokenCollection(body);
            ISTSRequest createSTSRequest = createSTSRequest(createAddressingInformation(wSAddressingNamespace, header, header2, header3), headers, body, header, wSTrustNamespace, sTSConstants, isRequestSecurityTokenCollection);
            new STSSecurityUtil().invoke(createSTSRequest, messageContext);
            ISecurityTokenService securityTokenServiceSingletonInstance = STSConfigUtil.getSecurityTokenServiceSingletonInstance(false);
            ISTSResponse sTSResponse = new STSResponse();
            securityTokenServiceSingletonInstance.invoke(createSTSRequest, sTSResponse, sTSConstants);
            if (sTSResponse == null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "STS response is null");
                }
                throw SoapSecurityException.format(Constants.TRUST_FAULT_REQUEST_FAILED, com.ibm.ws.wssecurity.trust.server.sts.ext.sct.Constants.FAULT_STRING_KEY_REQUEST_FAILED);
            }
            IFault fault = sTSResponse.getFault();
            if (fault != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "STS returned fault: " + fault);
                }
                Tr.processException(new Throwable(fault.toString()), getClass().getName(), "FFDC-1");
                URI codeNamespace = fault.getCodeNamespace();
                String uri = codeNamespace == null ? null : codeNamespace.toString();
                String codePrefix = fault.getCodePrefix();
                String codeLocalPart = fault.getCodeLocalPart();
                if (codeLocalPart == null) {
                    format = SoapSecurityException.format(Constants.TRUST_FAULT_REQUEST_FAILED, com.ibm.ws.wssecurity.trust.server.sts.ext.sct.Constants.FAULT_STRING_KEY_REQUEST_FAILED);
                } else {
                    format = SoapSecurityException.format(new QName(uri, codeLocalPart, codePrefix == null ? "" : codePrefix), fault.getReason());
                }
                throw format;
            }
            List requestSecurityTokenResponseCollection = sTSResponse.getRequestSecurityTokenResponseCollection();
            if (requestSecurityTokenResponseCollection.size() == 0) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "empty vector returned from SecurityTokenService");
                }
                throw SoapSecurityException.format(Constants.TRUST_FAULT_REQUEST_FAILED, com.ibm.ws.wssecurity.trust.server.sts.ext.sct.Constants.FAULT_STRING_KEY_REQUEST_FAILED);
            }
            String text = header3 != null ? header3.getText() : "";
            if (text == null) {
                throw SoapSecurityException.format(Constants.TRUST_FAULT_REQUEST_FAILED, com.ibm.ws.wssecurity.trust.server.sts.ext.sct.Constants.FAULT_STRING_KEY_REQUEST_FAILED);
            }
            if (wSTrustNamespace.equals("http://schemas.xmlsoap.org/ws/2005/02/trust") && requestSecurityTokenResponseCollection.size() != 1) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "More than 1 returned from SecurityTokenService");
                }
                throw SoapSecurityException.format(Constants.TRUST_FAULT_REQUEST_FAILED, com.ibm.ws.wssecurity.trust.server.sts.ext.sct.Constants.FAULT_STRING_KEY_REQUEST_FAILED);
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "isRequestSecurityTokenCollection: " + isRequestSecurityTokenCollection);
                Tr.debug(tc, "requestSecurityTokenResponseCollection.size(): " + requestSecurityTokenResponseCollection.size());
                Tr.debug(tc, "strActionIn: " + text);
            }
            if (isRequestSecurityTokenCollection || requestSecurityTokenResponseCollection.size() > 1 || text.equals(ITrustConstants.v13.ACTION_ISSUE) || text.equals(ITrustConstants.v13.ACTION_SCT_ISSUE)) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "create Collection in response");
                }
                createOutCollectionEnvelope = createOutCollectionEnvelope(sOAP11Factory, wSAddressingNamespace, wSTrustNamespace, requestSecurityTokenResponseCollection, sTSConstants);
            } else {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "NOT creating Collection in response");
                }
                IRequestSecurityTokenResponse iRequestSecurityTokenResponse = requestSecurityTokenResponseCollection.get(0);
                if (iRequestSecurityTokenResponse == null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "STS returned a requestSecurityTokenResponse == null");
                    }
                    throw SoapSecurityException.format(Constants.TRUST_FAULT_REQUEST_FAILED, com.ibm.ws.wssecurity.trust.server.sts.ext.sct.Constants.FAULT_STRING_KEY_REQUEST_FAILED);
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "STS returned a requestSecurityTokenResponse: " + iRequestSecurityTokenResponse);
                }
                createOutCollectionEnvelope = createOutEnvelope(sOAP11Factory, wSAddressingNamespace, wSTrustNamespace, iRequestSecurityTokenResponse, sTSConstants);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, property + OMElementUtil.formatXML(createOutCollectionEnvelope));
                }
            }
            messageContext2.setProperty(SandeshaClientConstants.UNRELIABLE_MESSAGE, "true");
            messageContext2.setEnvelope(createOutCollectionEnvelope);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, property + OMElementUtil.formatXML(createOutCollectionEnvelope));
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "invokeBusinessLogic(MessageContext inMessage, MessageContext outMessage)");
            }
        } catch (Exception e) {
            if (e instanceof SoapSecurityException) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception caught in invokeBusinessLogic: " + e);
                }
                message = e.getMessage();
                qName = ((SoapSecurityException) e).getFaultCode();
            } else {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception caught in invokeBusinessLogic: " + e);
                }
                Tr.processException(e, getClass().getName() + ".invokeBusinessLogic", "FFDC-2");
                message = SoapSecurityException.getMessage(com.ibm.ws.wssecurity.trust.server.sts.ext.sct.Constants.FAULT_STRING_KEY_REQUEST_FAILED);
                qName = Constants.TRUST_FAULT_REQUEST_FAILED;
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "faultCode: " + qName);
            }
            if (qName == null) {
                qName = Constants.TRUST_FAULT_REQUEST_FAILED;
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Message: " + message);
            }
            if (message == null) {
                message = SoapSecurityException.getMessage(com.ibm.ws.wssecurity.trust.server.sts.ext.sct.Constants.FAULT_STRING_KEY_REQUEST_FAILED);
            }
            ?? axisFault = new AxisFault(message, qName);
            OMElement createOMElement = OMAbstractFactory.getOMFactory().createOMElement(SOAPConstants.SOAP_FAULT_DETAIL_EXCEPTION_ENTRY, (OMNamespace) null);
            createOMElement.setText(message);
            axisFault.setDetail(createOMElement);
            throw axisFault;
        }
    }

    public String getWSAddressingNamespace(SOAPHeader sOAPHeader) throws SoapSecurityException {
        String str;
        ArrayList headerBlocksWithNSURI = sOAPHeader.getHeaderBlocksWithNSURI("http://schemas.xmlsoap.org/ws/2004/08/addressing");
        ArrayList headerBlocksWithNSURI2 = sOAPHeader.getHeaderBlocksWithNSURI("http://www.w3.org/2005/08/addressing");
        if (headerBlocksWithNSURI != null && headerBlocksWithNSURI.size() != 0 && headerBlocksWithNSURI2 != null && headerBlocksWithNSURI2.size() != 0) {
            throw SoapSecurityException.format(Constants.TRUST_FAULT_INVALID_REQUEST, com.ibm.ws.wssecurity.trust.server.sts.ext.sct.Constants.FAULT_STRING_KEY_INVALID_REQUEST);
        }
        if ((headerBlocksWithNSURI == null || headerBlocksWithNSURI.size() == 0) && (headerBlocksWithNSURI2 == null || headerBlocksWithNSURI2.size() == 0)) {
            throw SoapSecurityException.format(Constants.TRUST_FAULT_INVALID_REQUEST, com.ibm.ws.wssecurity.trust.server.sts.ext.sct.Constants.FAULT_STRING_KEY_INVALID_REQUEST);
        }
        if (headerBlocksWithNSURI == null || headerBlocksWithNSURI.size() == 0) {
            str = "http://www.w3.org/2005/08/addressing";
            if (tc.isDebugEnabled()) {
                Iterator it = headerBlocksWithNSURI2.iterator();
                while (it.hasNext()) {
                    OMElement oMElement = (OMElement) it.next();
                    Tr.debug(tc, oMElement.getLocalName() + ": " + oMElement.getText());
                }
            }
        } else {
            str = "http://schemas.xmlsoap.org/ws/2004/08/addressing";
            if (tc.isDebugEnabled()) {
                Iterator it2 = headerBlocksWithNSURI.iterator();
                while (it2.hasNext()) {
                    OMElement oMElement2 = (OMElement) it2.next();
                    Tr.debug(tc, oMElement2.getLocalName() + ": " + oMElement2.getText());
                }
            }
        }
        return str;
    }

    public String getWSTrustNamespace(SOAPBody sOAPBody) {
        String str;
        ArrayList<OMElement> childrenWithNamespaceURI;
        ArrayList<OMElement> childrenWithNamespaceURI2;
        try {
            childrenWithNamespaceURI = OMElementUtil.getChildrenWithNamespaceURI(sOAPBody, "http://schemas.xmlsoap.org/ws/2005/02/trust");
            childrenWithNamespaceURI2 = OMElementUtil.getChildrenWithNamespaceURI(sOAPBody, "http://docs.oasis-open.org/ws-sx/ws-trust/200512");
        } catch (TrustException e) {
            str = "http://docs.oasis-open.org/ws-sx/ws-trust/200512";
        } catch (SoapSecurityException e2) {
            str = "http://docs.oasis-open.org/ws-sx/ws-trust/200512";
        }
        if (childrenWithNamespaceURI != null && childrenWithNamespaceURI.size() != 0 && childrenWithNamespaceURI2 != null && childrenWithNamespaceURI2.size() != 0) {
            throw SoapSecurityException.format(Constants.TRUST_FAULT_INVALID_REQUEST, com.ibm.ws.wssecurity.trust.server.sts.ext.sct.Constants.FAULT_STRING_KEY_INVALID_REQUEST);
        }
        if ((childrenWithNamespaceURI == null || childrenWithNamespaceURI.size() == 0) && (childrenWithNamespaceURI2 == null || childrenWithNamespaceURI2.size() == 0)) {
            throw SoapSecurityException.format(Constants.TRUST_FAULT_INVALID_REQUEST, com.ibm.ws.wssecurity.trust.server.sts.ext.sct.Constants.FAULT_STRING_KEY_INVALID_REQUEST);
        }
        str = (childrenWithNamespaceURI == null || childrenWithNamespaceURI.size() == 0) ? "http://docs.oasis-open.org/ws-sx/ws-trust/200512" : "http://schemas.xmlsoap.org/ws/2005/02/trust";
        return str;
    }

    public OMElement getHeader(SOAPHeader sOAPHeader, String str, Boolean bool) throws SoapSecurityException {
        OMElement oMElement = null;
        try {
            oMElement = OMElementUtil.getOnlyChildWithLocalName(sOAPHeader, str);
        } catch (TrustException e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, str + " not found in header list. required = " + bool);
            }
            if (bool == REQUIRED) {
                throw SoapSecurityException.format(Constants.TRUST_FAULT_INVALID_REQUEST, com.ibm.ws.wssecurity.trust.server.sts.ext.sct.Constants.FAULT_STRING_KEY_INVALID_REQUEST);
            }
        }
        return oMElement;
    }

    private SOAPEnvelope createOutCollectionEnvelope(SOAPFactory sOAPFactory, String str, String str2, List<IRequestSecurityTokenResponse> list, IConstants iConstants) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createOutCollectionEnvelope (SOAPEnvelope envelope, SOAPFactory fac, org.eclipse.higgins.sts.RequestSecurityTokenResponse RSTR)");
        }
        OMElement createOMElementNoText = TrustOMFactory.createOMElementNoText("RequestSecurityTokenResponseCollection", str2, "wst");
        Iterator<IRequestSecurityTokenResponse> it = list.iterator();
        while (it.hasNext()) {
            OMElement createRequestSecurityTokenResponse = createRequestSecurityTokenResponse(sOAPFactory, str, str2, it.next(), iConstants);
            if (createRequestSecurityTokenResponse == null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "unable to get response element");
                }
                throw SoapSecurityException.format(Constants.TRUST_FAULT_INVALID_REQUEST, com.ibm.ws.wssecurity.trust.server.sts.ext.sct.Constants.FAULT_STRING_KEY_INVALID_REQUEST);
            }
            createOMElementNoText.addChild(createRequestSecurityTokenResponse);
        }
        if (createOMElementNoText == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "unable to get response collection");
            }
            throw SoapSecurityException.format(Constants.TRUST_FAULT_INVALID_REQUEST, com.ibm.ws.wssecurity.trust.server.sts.ext.sct.Constants.FAULT_STRING_KEY_INVALID_REQUEST);
        }
        SOAPEnvelope defaultEnvelope = sOAPFactory.getDefaultEnvelope();
        defaultEnvelope.getBody().addChild(createOMElementNoText);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createOutCollectionEnvelope (SOAPEnvelope envelope, SOAPFactory fac, org.eclipse.higgins.sts.RequestSecurityTokenResponse RSTR)");
        }
        return defaultEnvelope;
    }

    private SOAPEnvelope createOutEnvelope(SOAPFactory sOAPFactory, String str, String str2, IRequestSecurityTokenResponse iRequestSecurityTokenResponse, IConstants iConstants) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createOutEnvelope (SOAPEnvelope envelope, SOAPFactory fac, org.eclipse.higgins.sts.RequestSecurityTokenResponse RSTR)");
        }
        OMElement createRequestSecurityTokenResponse = createRequestSecurityTokenResponse(sOAPFactory, str, str2, iRequestSecurityTokenResponse, iConstants);
        if (createRequestSecurityTokenResponse == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "unable to get response element");
            }
            throw SoapSecurityException.format(Constants.TRUST_FAULT_INVALID_REQUEST, com.ibm.ws.wssecurity.trust.server.sts.ext.sct.Constants.FAULT_STRING_KEY_INVALID_REQUEST);
        }
        SOAPEnvelope defaultEnvelope = sOAPFactory.getDefaultEnvelope();
        defaultEnvelope.getBody().addChild(createRequestSecurityTokenResponse);
        Tr.exit(tc, "createOutEnvelope (SOAPEnvelope envelope, SOAPFactory fac, org.eclipse.higgins.sts.RequestSecurityTokenResponse RSTR)");
        return defaultEnvelope;
    }

    private OMElement createRequestSecurityTokenResponse(SOAPFactory sOAPFactory, String str, String str2, IRequestSecurityTokenResponse iRequestSecurityTokenResponse, IConstants iConstants) throws SoapSecurityException {
        OMElement oMElement;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createRequestSecurityTokenResponse (SOAPEnvelope envelope, SOAPFactory fac, org.eclipse.higgins.sts.RequestSecurityTokenResponse RSTR)");
        }
        try {
            IElement requestedSecurityToken = iRequestSecurityTokenResponse.getRequestedSecurityToken();
            if (null != requestedSecurityToken) {
                OMElement oMElement2 = (OMElement) requestedSecurityToken.getAs(OMElement.class);
                OMElement createOMElement = sOAPFactory.createOMElement("RequestSecurityTokenResponse", oMElement2.getNamespace());
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "RequestedSecurityToken: " + XMLHelper.toString(oMElement2));
                }
                createOMElement.addChild(oMElement2);
                oMElement = createOMElement;
            } else {
                OMElement createOMElement2 = sOAPFactory.createOMElement("RequestSecurityTokenResponse", str2, "wst");
                oMElement = createOMElement2;
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "RequestedSecurityToken not found");
                    oMElement = createOMElement2;
                }
            }
            String context = iRequestSecurityTokenResponse.getContext();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "ContextURI: " + context);
            }
            if (null != context) {
                oMElement.addAttribute("Context", context, null);
            }
            IEndpointReference appliesTo = iRequestSecurityTokenResponse.getAppliesTo();
            if (null != appliesTo) {
                OMElement createOMElement3 = sOAPFactory.createOMElement("AppliesTo", iConstants.getWSSecurityPolicyNamespace().toString(), "wsp");
                OMElement createOMElement4 = sOAPFactory.createOMElement("EndpointReference", str, "wsa");
                OMElement createOMElement5 = sOAPFactory.createOMElement("Address", str, "wsa");
                createOMElement5.addChild(sOAPFactory.createOMText(appliesTo.getAddress().toString()));
                createOMElement4.addChild(createOMElement5);
                createOMElement3.addChild(createOMElement4);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "AppliesTo: " + XMLHelper.toString(createOMElement3));
                }
                oMElement.addChild(createOMElement3);
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "AppliesTo not found");
            }
            IElement requestedProofToken = iRequestSecurityTokenResponse.getRequestedProofToken();
            if (null != requestedProofToken) {
                OMElement oMElement3 = (OMElement) requestedProofToken.getAs(OMElement.class);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "RequestedProofToken: " + XMLHelper.toString(oMElement3));
                }
                oMElement.addChild(oMElement3);
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "RequestedProofToken not found");
            }
            IElement entropy = iRequestSecurityTokenResponse.getEntropy();
            if (null != entropy) {
                OMElement oMElement4 = (OMElement) entropy.getAs(OMElement.class);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Entropy: " + XMLHelper.toString(oMElement4));
                }
                oMElement.addChild(oMElement4);
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Entropy not found");
            }
            ILifetime lifetime = iRequestSecurityTokenResponse.getLifetime();
            if (null != lifetime) {
                OMElement createOMElement6 = sOAPFactory.createOMElement("Lifetime", str2, "wst");
                OMElement createOMElement7 = sOAPFactory.createOMElement("Created", iConstants.getWSSecurityUtilityNamespace().toString(), "wsu");
                OMElement createOMElement8 = sOAPFactory.createOMElement("Expires", iConstants.getWSSecurityUtilityNamespace().toString(), "wsu");
                OMText createOMText = sOAPFactory.createOMText(UTC.format(lifetime.getCreated()));
                OMText createOMText2 = sOAPFactory.createOMText(UTC.format(lifetime.getExpires()));
                createOMElement7.addChild(createOMText);
                createOMElement8.addChild(createOMText2);
                createOMElement6.addChild(createOMElement7);
                createOMElement6.addChild(createOMElement8);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Lifetime: " + XMLHelper.toString(createOMElement6));
                }
                oMElement.addChild(createOMElement6);
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Lifetime not found");
            }
            URI tokenType = iRequestSecurityTokenResponse.getTokenType();
            if (null != tokenType) {
                OMElement createOMElement9 = sOAPFactory.createOMElement("TokenType", iConstants.getWSTrustNamespace().toString(), "wst");
                createOMElement9.addChild(sOAPFactory.createOMText(tokenType.toString()));
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "TokenType: " + XMLHelper.toString(createOMElement9));
                }
                oMElement.addChild(createOMElement9);
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "TokenType not found");
            }
            URI requestType = iRequestSecurityTokenResponse.getRequestType();
            if (null != requestType) {
                OMElement createOMElement10 = sOAPFactory.createOMElement("RequestType", str2, "wst");
                createOMElement10.addChild(sOAPFactory.createOMText(requestType.toString()));
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "RequestType: " + XMLHelper.toString(createOMElement10));
                }
                oMElement.addChild(createOMElement10);
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "RequestType not found");
            }
            IElement requestedAttachedReference = iRequestSecurityTokenResponse.getRequestedAttachedReference();
            if (null != requestedAttachedReference) {
                OMElement oMElement5 = (OMElement) requestedAttachedReference.getAs(OMElement.class);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "RequestedAttachedReference: " + XMLHelper.toString(oMElement5));
                }
                oMElement.addChild(oMElement5);
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "RequestedAttachedReference not found");
            }
            IElement requestedUnattachedReference = iRequestSecurityTokenResponse.getRequestedUnattachedReference();
            if (null != requestedUnattachedReference) {
                OMElement oMElement6 = (OMElement) requestedUnattachedReference.getAs(OMElement.class);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "RequestedUnattachedReference: " + XMLHelper.toString(oMElement6));
                }
                oMElement.addChild(oMElement6);
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "RequestedUnattachedReference not found");
            }
            IElement status = iRequestSecurityTokenResponse.getStatus();
            if (null != status) {
                OMElement oMElement7 = (OMElement) status.getAs(OMElement.class);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Status: " + XMLHelper.toString(oMElement7));
                }
                oMElement.addChild(oMElement7);
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Status not found");
            }
            IElement allowPostdating = iRequestSecurityTokenResponse.getAllowPostdating();
            if (null != allowPostdating) {
                OMElement oMElement8 = (OMElement) allowPostdating.getAs(OMElement.class);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "AllowPostdating: " + XMLHelper.toString(oMElement8));
                }
                oMElement.addChild(oMElement8);
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "AllowPostdating not found");
            }
            IElement renewing = iRequestSecurityTokenResponse.getRenewing();
            if (null != renewing) {
                OMElement oMElement9 = (OMElement) renewing.getAs(OMElement.class);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Renewing: " + XMLHelper.toString(oMElement9));
                }
                oMElement.addChild(oMElement9);
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Renewing not found");
            }
            URI computedKey = iRequestSecurityTokenResponse.getComputedKey();
            if (null != computedKey) {
                OMElement createOMElement11 = sOAPFactory.createOMElement("ComputedKey", str2, "wst");
                createOMElement11.addChild(sOAPFactory.createOMText(computedKey.toString()));
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "ComputedKey: " + XMLHelper.toString(createOMElement11));
                }
                oMElement.addChild(createOMElement11);
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "ComputedKey not found");
            }
            IElement onBehalfOf = iRequestSecurityTokenResponse.getOnBehalfOf();
            if (null != onBehalfOf) {
                OMElement oMElement10 = (OMElement) onBehalfOf.getAs(OMElement.class);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "OnBehalfOf: " + XMLHelper.toString(oMElement10));
                }
                oMElement.addChild(oMElement10);
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "OnBehalfOf not found");
            }
            IEndpointReference issuer = iRequestSecurityTokenResponse.getIssuer();
            if (null != issuer) {
                OMElement createOMElement12 = sOAPFactory.createOMElement("Issuer", str2, "wst");
                OMElement createOMElement13 = sOAPFactory.createOMElement("EndpointReference", str, "wsa");
                OMElement createOMElement14 = sOAPFactory.createOMElement("Address", str, "wsa");
                createOMElement14.addChild(sOAPFactory.createOMText(issuer.getAddress().toString()));
                createOMElement13.addChild(createOMElement14);
                createOMElement12.addChild(createOMElement13);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Issuer: " + XMLHelper.toString(createOMElement12));
                }
                oMElement.addChild(createOMElement12);
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Issuer not found");
            }
            URI authenticationType = iRequestSecurityTokenResponse.getAuthenticationType();
            if (null != authenticationType) {
                OMElement createOMElement15 = sOAPFactory.createOMElement("AuthenticationType", str2, "wst");
                createOMElement15.addChild(sOAPFactory.createOMText(authenticationType.toString()));
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "AuthenticationType: " + XMLHelper.toString(createOMElement15));
                }
                oMElement.addChild(createOMElement15);
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "AuthenticationType not found");
            }
            IElement authenticator = iRequestSecurityTokenResponse.getAuthenticator();
            if (null != authenticator) {
                OMElement oMElement11 = (OMElement) authenticator.getAs(OMElement.class);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Authenticator: " + XMLHelper.toString(oMElement11));
                }
                oMElement.addChild(oMElement11);
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Authenticator not found");
            }
            URI keyType = iRequestSecurityTokenResponse.getKeyType();
            if (null != keyType) {
                OMElement createOMElement16 = sOAPFactory.createOMElement("KeyType", iConstants.getWSTrustNamespace().toString(), "wst");
                createOMElement16.addChild(sOAPFactory.createOMText(keyType.toString()));
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "KeyType: " + XMLHelper.toString(createOMElement16));
                }
                oMElement.addChild(createOMElement16);
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "KeyType not found");
            }
            Integer keySize = iRequestSecurityTokenResponse.getKeySize();
            if (null != keySize) {
                OMElement createOMElement17 = sOAPFactory.createOMElement("KeySize", iConstants.getWSTrustNamespace().toString(), "wst");
                createOMElement17.addChild(sOAPFactory.createOMText(keySize.toString()));
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "KeySize: " + XMLHelper.toString(createOMElement17));
                }
                oMElement.addChild(createOMElement17);
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "KeySize not found");
            }
            URI signatureAlgorithm = iRequestSecurityTokenResponse.getSignatureAlgorithm();
            if (null != signatureAlgorithm) {
                OMElement createOMElement18 = sOAPFactory.createOMElement("SignatureAlgorithm", iConstants.getWSTrustNamespace().toString(), "wst");
                createOMElement18.addChild(sOAPFactory.createOMText(signatureAlgorithm.toString()));
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "SignatureAlgorithm: " + XMLHelper.toString(createOMElement18));
                }
                oMElement.addChild(createOMElement18);
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "SignatureAlgorithm not found");
            }
            IElement encryption = iRequestSecurityTokenResponse.getEncryption();
            if (null != encryption) {
                OMElement oMElement12 = (OMElement) encryption.getAs(OMElement.class);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Encryption: " + XMLHelper.toString(oMElement12));
                }
                oMElement.addChild(oMElement12);
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Encryption not found");
            }
            URI encryptionAlgorithm = iRequestSecurityTokenResponse.getEncryptionAlgorithm();
            if (null != encryptionAlgorithm) {
                OMElement createOMElement19 = sOAPFactory.createOMElement("EncryptionAlgorithm", iConstants.getWSTrustNamespace().toString(), "wst");
                createOMElement19.addChild(sOAPFactory.createOMText(encryptionAlgorithm.toString()));
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "EncryptionAlgorithm: " + XMLHelper.toString(createOMElement19));
                }
                oMElement.addChild(createOMElement19);
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "EncryptionAlgorithm not found");
            }
            URI canonicalizationAlgorithm = iRequestSecurityTokenResponse.getCanonicalizationAlgorithm();
            if (null != canonicalizationAlgorithm) {
                OMElement createOMElement20 = sOAPFactory.createOMElement("CanonicalizationAlgorithm", iConstants.getWSTrustNamespace().toString(), "wst");
                createOMElement20.addChild(sOAPFactory.createOMText(canonicalizationAlgorithm.toString()));
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "CanonicalizationAlgorithm: " + XMLHelper.toString(createOMElement20));
                }
                oMElement.addChild(createOMElement20);
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "CanonicalizationAlgorithm not found");
            }
            IElement proofEncryption = iRequestSecurityTokenResponse.getProofEncryption();
            if (null != proofEncryption) {
                OMElement oMElement13 = (OMElement) proofEncryption.getAs(OMElement.class);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "ProofEncryption: " + XMLHelper.toString(oMElement13));
                }
                oMElement.addChild(oMElement13);
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "ProofEncryption not found");
            }
            IElement useKey = iRequestSecurityTokenResponse.getUseKey();
            if (null != useKey) {
                OMElement oMElement14 = (OMElement) useKey.getAs(OMElement.class);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "UseKey: " + XMLHelper.toString(oMElement14));
                }
                oMElement.addChild(oMElement14);
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "UseKey not found");
            }
            URI signWith = iRequestSecurityTokenResponse.getSignWith();
            if (null != signWith) {
                OMElement createOMElement21 = sOAPFactory.createOMElement("SignWith", iConstants.getWSTrustNamespace().toString(), "wst");
                createOMElement21.addChild(sOAPFactory.createOMText(signWith.toString()));
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "SignWith: " + XMLHelper.toString(createOMElement21));
                }
                oMElement.addChild(createOMElement21);
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "SignWith not found");
            }
            URI encryptWith = iRequestSecurityTokenResponse.getEncryptWith();
            if (null != encryptWith) {
                OMElement createOMElement22 = sOAPFactory.createOMElement("EncryptWith", iConstants.getWSTrustNamespace().toString(), "wst");
                createOMElement22.addChild(sOAPFactory.createOMText(encryptWith.toString()));
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "EncryptWith: " + XMLHelper.toString(createOMElement22));
                }
                oMElement.addChild(createOMElement22);
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "EncryptWith not found");
            }
            IElement delegateTo = iRequestSecurityTokenResponse.getDelegateTo();
            if (null != delegateTo) {
                OMElement oMElement15 = (OMElement) delegateTo.getAs(OMElement.class);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "DelegateTo: " + XMLHelper.toString(oMElement15));
                }
                oMElement.addChild(oMElement15);
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "DelegateTo not found");
            }
            Boolean forwardable = iRequestSecurityTokenResponse.getForwardable();
            if (null != forwardable) {
                OMElement createOMElement23 = sOAPFactory.createOMElement("Forwardable", iConstants.getWSTrustNamespace().toString(), "wst");
                createOMElement23.addChild(sOAPFactory.createOMText(forwardable.toString()));
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Forwardable: " + XMLHelper.toString(createOMElement23));
                }
                oMElement.addChild(createOMElement23);
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Forwardable not found");
            }
            Boolean delegatable = iRequestSecurityTokenResponse.getDelegatable();
            if (null != delegatable) {
                OMElement createOMElement24 = sOAPFactory.createOMElement("Delegatable", iConstants.getWSTrustNamespace().toString(), "wst");
                createOMElement24.addChild(sOAPFactory.createOMText(delegatable.toString()));
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Delegatable: " + XMLHelper.toString(createOMElement24));
                }
                oMElement.addChild(createOMElement24);
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Delegatable not found");
            }
            IElement policy = iRequestSecurityTokenResponse.getPolicy();
            if (null != policy) {
                OMElement oMElement16 = (OMElement) policy.getAs(OMElement.class);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Policy: " + XMLHelper.toString(oMElement16));
                }
                oMElement.addChild(oMElement16);
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Policy not found");
            }
            IElement policyReference = iRequestSecurityTokenResponse.getPolicyReference();
            if (null != policyReference) {
                OMElement oMElement17 = (OMElement) policyReference.getAs(OMElement.class);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "PolicyReference: " + XMLHelper.toString(oMElement17));
                }
                oMElement.addChild(oMElement17);
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "PolicyReference not found");
            }
            IElement requestedTokenCancelled = iRequestSecurityTokenResponse.getRequestedTokenCancelled();
            if (null != requestedTokenCancelled) {
                OMElement oMElement18 = (OMElement) requestedTokenCancelled.getAs(OMElement.class);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "RequestedTokenCancelled: " + XMLHelper.toString(oMElement18));
                }
                oMElement.addChild(oMElement18);
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "RequestedTokenCancelled not found");
            }
            Iterator it = iRequestSecurityTokenResponse.getAnyOtherElements().iterator();
            while (it.hasNext()) {
                OMElement oMElement19 = (OMElement) ((IElement) it.next()).getAs(OMElement.class);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "AnyOther: " + XMLHelper.toString(oMElement19));
                }
                oMElement.addChild(oMElement19);
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "createRequestSecurityTokenResponse (SOAPEnvelope envelope, SOAPFactory fac, org.eclipse.higgins.sts.RequestSecurityTokenResponse RSTR)");
            }
            return oMElement;
        } catch (UnsupportedContainedObjectClassException e) {
            Tr.processException(e, getClass().getName(), "FFDC-5");
            throw SoapSecurityException.format(Constants.TRUST_FAULT_REQUEST_FAILED, com.ibm.ws.wssecurity.trust.server.sts.ext.sct.Constants.FAULT_STRING_KEY_REQUEST_FAILED);
        } catch (Exception e2) {
            Tr.processException(e2, getClass().getName(), "FFDC-5");
            throw SoapSecurityException.format(Constants.TRUST_FAULT_REQUEST_FAILED, com.ibm.ws.wssecurity.trust.server.sts.ext.sct.Constants.FAULT_STRING_KEY_REQUEST_FAILED);
        }
    }

    public SOAPEnvelope getEnvelope(MessageContext messageContext) throws SoapSecurityException {
        SOAPEnvelope envelope = messageContext.getEnvelope();
        if (envelope != null) {
            return envelope;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "unable to get Envelope from the request messageContext");
        }
        throw SoapSecurityException.format(Constants.TRUST_FAULT_INVALID_REQUEST, com.ibm.ws.wssecurity.trust.server.sts.ext.sct.Constants.FAULT_STRING_KEY_INVALID_REQUEST);
    }

    public IConstants getSTSConstants(String str, String str2) throws SoapSecurityException {
        IConstants iConstants = null;
        if (str2.equals("http://schemas.xmlsoap.org/ws/2005/02/trust")) {
            iConstants = new org.eclipse.higgins.sts.impl.Constants();
        } else if (str2.equals("http://docs.oasis-open.org/ws-sx/ws-trust/200512")) {
            iConstants = new STSConstantsV13();
        }
        if (str2 != iConstants.getWSTrustNamespace().toString()) {
            throw SoapSecurityException.format(Constants.TRUST_FAULT_REQUEST_FAILED, com.ibm.ws.wssecurity.trust.server.sts.ext.sct.Constants.FAULT_STRING_KEY_REQUEST_FAILED);
        }
        if (str != iConstants.getWSAddressingNamespace().toString()) {
            throw SoapSecurityException.format(Constants.TRUST_FAULT_REQUEST_FAILED, com.ibm.ws.wssecurity.trust.server.sts.ext.sct.Constants.FAULT_STRING_KEY_REQUEST_FAILED);
        }
        return iConstants;
    }

    public SOAPBody getBody(SOAPEnvelope sOAPEnvelope) throws SoapSecurityException {
        SOAPBody body = sOAPEnvelope.getBody();
        if (body != null) {
            return body;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "unable to get Header from the request envelope");
        }
        throw SoapSecurityException.format(Constants.TRUST_FAULT_INVALID_REQUEST, com.ibm.ws.wssecurity.trust.server.sts.ext.sct.Constants.FAULT_STRING_KEY_INVALID_REQUEST);
    }

    public SOAPHeader getHeaders(SOAPEnvelope sOAPEnvelope) throws SoapSecurityException {
        SOAPHeader header = sOAPEnvelope.getHeader();
        if (header != null) {
            return header;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "unable to get Header from the request envelope");
        }
        throw SoapSecurityException.format(Constants.TRUST_FAULT_INVALID_REQUEST, com.ibm.ws.wssecurity.trust.server.sts.ext.sct.Constants.FAULT_STRING_KEY_INVALID_REQUEST);
    }

    private IAddressingInformation createAddressingInformation(String str, OMElement oMElement, OMElement oMElement2, OMElement oMElement3) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createSTSRequestFromMessageContext(MessageContext messageContext)");
        }
        AddressingInformation addressingInformation = new AddressingInformation();
        try {
            addressingInformation.setNamespace(new URI(str));
        } catch (URISyntaxException e) {
        }
        if (null != oMElement) {
            try {
                addressingInformation.setTo(new URI(oMElement.getText()));
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "To: " + oMElement.getText());
                }
            } catch (URISyntaxException e2) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "To: unable to set addressingInformation");
                }
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "To: <not found>");
        }
        if (null != oMElement2) {
            EndpointReference endpointReference = new EndpointReference();
            try {
                endpointReference.setAddress(new URI(oMElement2.getText()));
                addressingInformation.setFrom(endpointReference);
            } catch (URISyntaxException e3) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "From: unable to set addressingInformation");
                }
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "From: " + oMElement2.getText());
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "From: <not found>");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createSTSRequestFromMessageContext(MessageContext messageContext)");
        }
        return addressingInformation;
    }

    private boolean getIsRequestSecurityTokenCollection(SOAPBody sOAPBody) throws SoapSecurityException {
        boolean z;
        try {
            String localName = OMElementUtil.getOneAndOnlyOneChildElement(sOAPBody).getLocalName();
            if (localName.equals("RequestSecurityToken")) {
                z = false;
            } else {
                if (!localName.equals("RequestSecurityTokenCollection")) {
                    throw SoapSecurityException.format(Constants.TRUST_FAULT_INVALID_REQUEST, com.ibm.ws.wssecurity.trust.server.sts.ext.sct.Constants.FAULT_STRING_KEY_INVALID_REQUEST);
                }
                z = true;
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "isRequestSecurityTokenCollection: " + z);
            }
            return z;
        } catch (TrustException e) {
            throw SoapSecurityException.format(Constants.TRUST_FAULT_INVALID_REQUEST, com.ibm.ws.wssecurity.trust.server.sts.ext.sct.Constants.FAULT_STRING_KEY_INVALID_REQUEST);
        }
    }

    private ISTSRequest createSTSRequest(IAddressingInformation iAddressingInformation, SOAPHeader sOAPHeader, SOAPBody sOAPBody, OMElement oMElement, String str, IConstants iConstants, boolean z) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createSTSRequestFromMessageContext(MessageContext messageContext)");
        }
        try {
            OMElement oneAndOnlyOneChildElement = OMElementUtil.getOneAndOnlyOneChildElement(sOAPBody);
            if (str.equals("http://schemas.xmlsoap.org/ws/2005/02/trust") && z) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Collection requests not supported for WS-Trust 1.0 Draft");
                }
                throw SoapSecurityException.format(Constants.TRUST_FAULT_INVALID_REQUEST, com.ibm.ws.wssecurity.trust.server.sts.ext.sct.Constants.FAULT_STRING_KEY_INVALID_REQUEST);
            }
            STSRequest sTSRequest = new STSRequest();
            sTSRequest.setAddressingInformation(iAddressingInformation);
            List requestSecurityTokenCollection = sTSRequest.getRequestSecurityTokenCollection();
            if (requestSecurityTokenCollection == null) {
                throw SoapSecurityException.format(Constants.TRUST_FAULT_INVALID_REQUEST, com.ibm.ws.wssecurity.trust.server.sts.ext.sct.Constants.FAULT_STRING_KEY_INVALID_REQUEST);
            }
            if (z) {
                List<IRequestSecurityToken> createRequestSecurityTokenList = createRequestSecurityTokenList(sOAPHeader, oneAndOnlyOneChildElement, oMElement, str, iConstants);
                if (createRequestSecurityTokenList == null) {
                    throw SoapSecurityException.format(Constants.TRUST_FAULT_INVALID_REQUEST, com.ibm.ws.wssecurity.trust.server.sts.ext.sct.Constants.FAULT_STRING_KEY_INVALID_REQUEST);
                }
                requestSecurityTokenCollection.addAll(createRequestSecurityTokenList);
            } else {
                IRequestSecurityToken createRequestSecurityToken = createRequestSecurityToken(sOAPHeader, oneAndOnlyOneChildElement, oMElement, str, iConstants);
                if (createRequestSecurityToken == null) {
                    throw SoapSecurityException.format(Constants.TRUST_FAULT_INVALID_REQUEST, com.ibm.ws.wssecurity.trust.server.sts.ext.sct.Constants.FAULT_STRING_KEY_INVALID_REQUEST);
                }
                requestSecurityTokenCollection.add(createRequestSecurityToken);
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "createSTSRequestFromMessageContext(MessageContext messageContext)");
            }
            return sTSRequest;
        } catch (TrustException e) {
            throw SoapSecurityException.format(Constants.TRUST_FAULT_INVALID_REQUEST, com.ibm.ws.wssecurity.trust.server.sts.ext.sct.Constants.FAULT_STRING_KEY_INVALID_REQUEST);
        }
    }

    private List<IRequestSecurityToken> createRequestSecurityTokenList(SOAPHeader sOAPHeader, OMElement oMElement, OMElement oMElement2, String str, IConstants iConstants) throws SoapSecurityException {
        ArrayList arrayList = new ArrayList();
        Iterator childElements = oMElement.getChildElements();
        URI uri = null;
        while (childElements.hasNext()) {
            OMElement oMElement3 = (OMElement) childElements.next();
            if (!oMElement3.getLocalName().equals("RequestSecurityToken")) {
                throw SoapSecurityException.format(Constants.TRUST_FAULT_INVALID_REQUEST, com.ibm.ws.wssecurity.trust.server.sts.ext.sct.Constants.FAULT_STRING_KEY_INVALID_REQUEST);
            }
            IRequestSecurityToken createRequestSecurityToken = createRequestSecurityToken(sOAPHeader, oMElement3, oMElement2, str, iConstants);
            if (createRequestSecurityToken == null || createRequestSecurityToken.getRequestType() == null) {
                throw SoapSecurityException.format(Constants.TRUST_FAULT_INVALID_REQUEST, com.ibm.ws.wssecurity.trust.server.sts.ext.sct.Constants.FAULT_STRING_KEY_INVALID_REQUEST);
            }
            if (uri == null) {
                uri = createRequestSecurityToken.getRequestType();
            } else if (!uri.equals(createRequestSecurityToken.getRequestType())) {
                throw SoapSecurityException.format(Constants.TRUST_FAULT_INVALID_REQUEST, com.ibm.ws.wssecurity.trust.server.sts.ext.sct.Constants.FAULT_STRING_KEY_INVALID_REQUEST);
            }
            arrayList.add(createRequestSecurityToken);
        }
        return arrayList;
    }

    protected IRequestSecurityToken createRequestSecurityToken(SOAPHeader sOAPHeader, OMElement oMElement, OMElement oMElement2, String str, IConstants iConstants) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createRequestSecurityToken(SOAPEnvelope omEnvelope)");
        }
        String uri = iConstants.getWSSecurityUtilityNamespace().toString();
        String uri2 = iConstants.getWSSecurityNamespace().toString();
        RequestSecurityToken requestSecurityToken = new RequestSecurityToken();
        try {
            OMAttribute attribute = oMElement.getAttribute(new QName("Context"));
            if (null != attribute) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "RST's contextURI:  " + attribute.getAttributeValue());
                }
                requestSecurityToken.setContext(attribute.getAttributeValue());
            }
            Iterator childElements = oMElement.getChildElements();
            while (childElements.hasNext()) {
                OMElement oMElement3 = (OMElement) childElements.next();
                String localName = oMElement3.getLocalName();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "strLocalName:  " + localName + ": " + oMElement3.getText());
                }
                if (localName.equals("TokenType")) {
                    requestSecurityToken.setTokenType(new URI(oMElement3.getText()));
                } else if (localName.equals("RequestType")) {
                    requestSecurityToken.setRequestType(new URI(oMElement3.getText()));
                } else if (localName.equals("AppliesTo")) {
                    try {
                        try {
                            OMElement onlyChildWithLocalName = OMElementUtil.getOnlyChildWithLocalName(OMElementUtil.getOnlyChildWithLocalName(oMElement3, "EndpointReference"), "Address");
                            if (onlyChildWithLocalName != null) {
                                String text = onlyChildWithLocalName.getText();
                                EndpointReference endpointReference = new EndpointReference();
                                endpointReference.setAddress(new URI(text));
                                AppliesTo appliesTo = new AppliesTo();
                                appliesTo.setEndpointReference(endpointReference);
                                requestSecurityToken.setAppliesTo(appliesTo);
                            }
                        } catch (TrustException e) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "No child with name 'Address' was found undere the EndpointReference element.");
                            }
                        }
                    } catch (TrustException e2) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "No child with name 'EndpointReference' was found under the AppliesTo element.");
                        }
                    }
                } else if (localName.equals("Claims")) {
                    requestSecurityToken.setClaims(XMLHelper.toElement(oMElement3));
                } else if (localName.equals("Entropy")) {
                    requestSecurityToken.setEntropy(XMLHelper.toElement(oMElement3));
                } else if (localName.equals("Lifetime")) {
                    OMElement oMElement4 = null;
                    try {
                        oMElement4 = OMElementUtil.getOnlyChildWithLocalNameAndVerifyNamespace(oMElement3, uri, "Created");
                    } catch (TrustException e3) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "'Created' element not found under the Lifetime element");
                        }
                    }
                    OMElement oMElement5 = null;
                    try {
                        oMElement5 = OMElementUtil.getOnlyChildWithLocalNameAndVerifyNamespace(oMElement3, uri, "Expires");
                    } catch (TrustException e4) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "'Expires' element not found under the Lifetime element");
                        }
                    }
                    Date date = null;
                    if (oMElement4 != null) {
                        String text2 = oMElement4.getText();
                        try {
                            date = UTC.parse(text2);
                        } catch (ParseException e5) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Unable to parse Created time: " + text2 + ". " + e5.getLocalizedMessage());
                            }
                        }
                    }
                    Date date2 = null;
                    if (oMElement5 != null) {
                        String text3 = oMElement5.getText();
                        try {
                            date2 = UTC.parse(text3);
                        } catch (ParseException e6) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Unable to parse Created time: " + text3 + ". " + e6.getLocalizedMessage());
                            }
                        }
                    }
                    if (date != null || date2 != null) {
                        Lifetime lifetime = new Lifetime();
                        if (date != null) {
                            lifetime.setCreated(date);
                        }
                        if (date2 != null) {
                            lifetime.setExpires(date2);
                        }
                        requestSecurityToken.setLifetime(lifetime);
                    }
                } else if (localName.equals("AllowPostdating")) {
                    requestSecurityToken.setAllowPostdating(XMLHelper.toElement(oMElement3));
                } else if (localName.equals("Renewing")) {
                    requestSecurityToken.setRenewing(XMLHelper.toElement(oMElement3));
                } else if (localName.equals("OnBehalfOf")) {
                    requestSecurityToken.setOnBehalfOf(XMLHelper.toElement(oMElement3));
                } else if (localName.equals("Issuer")) {
                    String text4 = oMElement3.getText();
                    if (text4 != null) {
                        EndpointReference endpointReference2 = new EndpointReference();
                        endpointReference2.setAddress(new URI(text4));
                        requestSecurityToken.setIssuer(endpointReference2);
                    }
                } else if (localName.equals("AuthenticationType")) {
                    requestSecurityToken.setAuthenticationType(new URI(oMElement3.getText()));
                } else if (localName.equals("KeyType")) {
                    requestSecurityToken.setKeyType(new URI(oMElement3.getText()));
                } else if (localName.equals("KeySize")) {
                    requestSecurityToken.setKeySize(new Integer(oMElement3.getText()).intValue());
                } else if (localName.equals("SignatureAlgorithm")) {
                    requestSecurityToken.setSignatureAlgorithm(new URI(oMElement3.getText()));
                } else if (localName.equals("Encryption")) {
                    requestSecurityToken.setEncryption(XMLHelper.toElement(oMElement3));
                } else if (localName.equals("EncryptionAlgorithm")) {
                    requestSecurityToken.setEncryptionAlgorithm(new URI(oMElement3.getText()));
                } else if (localName.equals("CanonicalizationAlgorithm")) {
                    requestSecurityToken.setCanonicalizationAlgorithm(new URI(oMElement3.getText()));
                } else if (localName.equals("ProofEncryption")) {
                    requestSecurityToken.setProofEncryption(XMLHelper.toElement(oMElement3));
                } else if (localName.equals("UseKey")) {
                    requestSecurityToken.setUseKey(XMLHelper.toElement(oMElement3));
                } else if (localName.equals("SignWith")) {
                    requestSecurityToken.setSignWith(new URI(oMElement3.getText()));
                } else if (localName.equals("EncryptWith")) {
                    requestSecurityToken.setEncryptWith(new URI(oMElement3.getText()));
                } else if (localName.equals("DelegateTo")) {
                    requestSecurityToken.setDelegateTo(XMLHelper.toElement(oMElement3));
                } else if (localName.equals("Forwardable")) {
                    requestSecurityToken.setForwardable(new Boolean(oMElement3.getText()).booleanValue());
                } else if (localName.equals("Delegatable")) {
                    requestSecurityToken.setDelegatable(new Boolean(oMElement3.getText()).booleanValue());
                } else if (localName.equals("Policy")) {
                    requestSecurityToken.setPolicy(XMLHelper.toElement(oMElement3));
                } else if (localName.equals("PolicyReference")) {
                    requestSecurityToken.setPolicyReference(XMLHelper.toElement(oMElement3));
                } else if (localName.equals("CancelTarget") || localName.equals("ValidateTarget") || localName.equals("RenewTarget")) {
                    OMElement oneAndOnlyOneChildElement = OMElementUtil.getOneAndOnlyOneChildElement(oMElement3);
                    OMElement oMElement6 = oneAndOnlyOneChildElement;
                    if (oneAndOnlyOneChildElement.getLocalName().equals("SecurityTokenReference")) {
                        oMElement6 = resolveSecurityTokenReference(oneAndOnlyOneChildElement, sOAPHeader, uri2);
                        if (oMElement6 != null) {
                            oMElement3.addChild(oMElement6);
                        }
                    }
                    IElement element = XMLHelper.toElement(oMElement3);
                    if (tc.isDebugEnabled()) {
                        try {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, OMElementUtil.formatXML(oMElement3));
                            }
                            String extractTextFrom = SCTHelper.extractTextFrom(element, new String[]{oMElement6.getLocalName(), "Identifier"});
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Target's UUID:  " + extractTextFrom);
                            }
                        } catch (Exception e7) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "unable to retrieve Target UUID");
                            }
                        }
                    }
                    if (localName.equals("CancelTarget")) {
                        requestSecurityToken.setCancelTarget(element);
                    } else if (localName.equals("ValidateTarget")) {
                        requestSecurityToken.setValidateTarget(element);
                    } else if (localName.equals("RenewTarget")) {
                        requestSecurityToken.setRenewTarget(element);
                    }
                } else {
                    requestSecurityToken.getAnyOtherElements().add(XMLHelper.toElement(oMElement3));
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, " ->anyOther: " + oMElement3.getText());
                    }
                }
            }
            if (requestSecurityToken.getRequestType() == null) {
                Tr.error(tc, SoapSecurityException.getMessage("security.wssecurity.WSEC6853E"));
                throw SoapSecurityException.format(Constants.TRUST_FAULT_INVALID_REQUEST, com.ibm.ws.wssecurity.trust.server.sts.ext.sct.Constants.FAULT_STRING_KEY_INVALID_REQUEST);
            }
            if (requestSecurityToken.getAppliesTo() == null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "AppliesTo element was not found; substituting with To address.");
                }
                String str2 = "";
                URI uri3 = null;
                try {
                    str2 = oMElement2.getText();
                    uri3 = new URI(str2);
                } catch (Exception e8) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "AppliesTo element substituted with To address: " + str2);
                    }
                }
                if (null == uri3) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Both AppliesTo and To are null.");
                    }
                    Tr.error(tc, SoapSecurityException.getMessage("security.wssecurity.WSEC6853E"));
                    throw SoapSecurityException.format(Constants.TRUST_FAULT_INVALID_REQUEST, com.ibm.ws.wssecurity.trust.server.sts.ext.sct.Constants.FAULT_STRING_KEY_INVALID_REQUEST);
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "AppliesTo element substituted with To address: " + uri3.toString());
                }
                EndpointReference endpointReference3 = new EndpointReference();
                endpointReference3.setAddress(uri3);
                AppliesTo appliesTo2 = new AppliesTo();
                appliesTo2.setEndpointReference(endpointReference3);
                requestSecurityToken.setAppliesTo(appliesTo2);
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "createRequestSecurityToken(SOAPEnvelope omEnvelope)");
            }
            return requestSecurityToken;
        } catch (Exception e9) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception caught in createRequestSecurityTokenFromMessageContext" + e9);
            }
            Tr.processException(e9, getClass().getName() + "createRSTFromSoapEnvelope", "FFDC-4");
            throw SoapSecurityException.format(Constants.TRUST_FAULT_INVALID_REQUEST, com.ibm.ws.wssecurity.trust.server.sts.ext.sct.Constants.FAULT_STRING_KEY_INVALID_REQUEST);
        }
    }

    private OMElement resolveSecurityTokenReference(OMElement oMElement, SOAPHeader sOAPHeader, String str) throws SoapSecurityException {
        OMAttribute attribute;
        String attributeValue;
        OMElement oMElement2 = null;
        OMElement oMElement3 = null;
        try {
            oMElement3 = OMElementUtil.getOnlyChildWithLocalNameAndVerifyNamespace(oMElement, str, "Reference");
        } catch (TrustException e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "'Reference' element not found under the SecurityTokenReference");
            }
        }
        if (oMElement3 != null && (attribute = oMElement3.getAttribute(new QName("URI"))) != null && (attributeValue = attribute.getAttributeValue()) != null && attributeValue.startsWith("#")) {
            String substring = attributeValue.substring(1);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "looking for wsse:Id '" + substring + "'");
            }
            oMElement2 = getSecurityTokenFromHeaders(sOAPHeader, str, substring);
            if (oMElement2 != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, " Found an SecurityToken Item :" + oMElement2);
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Did Not Find an SecurityToken Item");
            }
        }
        return oMElement2;
    }

    private OMElement getSecurityTokenFromHeaders(SOAPHeader sOAPHeader, String str, String str2) throws SoapSecurityException {
        OMElement oMElement = null;
        Iterator childrenWithName = sOAPHeader.getChildrenWithName(new QName(str, "Security"));
        while (childrenWithName.hasNext()) {
            OMElement oMElement2 = (OMElement) childrenWithName.next();
            oMElement2.getLocalName();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Found Security Item :" + oMElement2);
            }
            Iterator children = oMElement2.getChildren();
            while (children.hasNext()) {
                OMElement oMElement3 = (OMElement) children.next();
                Iterator allAttributes = oMElement3.getAllAttributes();
                while (allAttributes.hasNext()) {
                    OMAttribute oMAttribute = (OMAttribute) allAttributes.next();
                    if (oMAttribute.getLocalName().equals("Id")) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Found an Item with Id :" + OMElementUtil.toString(oMElement3));
                        }
                        if (!oMAttribute.getAttributeValue().equals(str2)) {
                            continue;
                        } else {
                            if (oMElement != null) {
                                Tr.warning(tc, "Found additional matching security token:" + OMElementUtil.toString(oMElement3));
                                Tr.error(tc, SoapSecurityException.getMessage("security.wssecurity.WSEC6853E"));
                                throw SoapSecurityException.format(Constants.TRUST_FAULT_INVALID_REQUEST, com.ibm.ws.wssecurity.trust.server.sts.ext.sct.Constants.FAULT_STRING_KEY_INVALID_REQUEST);
                            }
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Found matching security token:" + OMElementUtil.toString(oMElement3));
                            }
                            oMElement = oMElement3;
                        }
                    }
                }
            }
        }
        return oMElement;
    }
}
