package com.ibm.ws.wssecurity.wssapi.token.impl;

import com.ibm.websphere.management.application.AppConstants;
import com.ibm.websphere.wssecurity.callbackhandler.PropertyCallback;
import com.ibm.websphere.wssecurity.callbackhandler.UNTGenerateCallback;
import com.ibm.websphere.wssecurity.wssapi.XMLStructure;
import com.ibm.websphere.wssecurity.wssapi.token.SecurityToken;
import com.ibm.websphere.wssecurity.wssapi.token.UsernameToken;
import com.ibm.ws.wssecurity.core.NonceManagerFactory;
import com.ibm.ws.wssecurity.platform.auth.WSSContext;
import com.ibm.ws.wssecurity.platform.auth.WSSContextManagerFactory;
import com.ibm.ws.wssecurity.platform.auth.WSSRealmFactory;
import com.ibm.ws.wssecurity.token.NonceManager;
import com.ibm.ws.wssecurity.token.UTC;
import com.ibm.ws.wssecurity.util.ConfigUtil;
import com.ibm.ws.wssecurity.util.DOMUtils;
import com.ibm.ws.wssecurity.util.IdUtils;
import com.ibm.ws.wssecurity.util.NonceUtil;
import com.ibm.ws.wssecurity.util.TokenUtils;
import com.ibm.ws.wssecurity.util.Tr;
import com.ibm.ws.wssecurity.util.TraceComponent;
import com.ibm.ws.wssecurity.util.WSSObjectUtils;
import com.ibm.ws.wssecurity.util.WSSecurityFactoryBuilder;
import com.ibm.ws.wssecurity.wssapi.OMStructure;
import com.ibm.ws.wssecurity.wssapi.WSSObjectStructureImpl;
import com.ibm.ws.wssecurity.wssobject.impl.WSSObjectDocumentImpl;
import com.ibm.ws.wssecurity.wssobject.impl.wsse10.Password;
import com.ibm.ws.wssecurity.wssobject.interfaces.WSSObjectElement;
import com.ibm.ws.wssecurity.wssobject.util.VariablePartFactory;
import com.ibm.ws.wssecurity.xml.xss4j.AlgorithmFactory;
import com.ibm.ws.wssecurity.xml.xss4j.dsig.util.Base64;
import com.ibm.wsspi.wssecurity.core.Constants;
import com.ibm.wsspi.wssecurity.core.SoapSecurityException;
import com.ibm.wsspi.wssecurity.core.config.CallbackHandlerConfig;
import com.ibm.wsspi.wssecurity.core.config.TokenGeneratorConfig;
import com.ibm.wsspi.wssecurity.core.token.SecurityTokenManager;
import java.security.AccessController;
import java.security.MessageDigest;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMFactory;
import org.apache.axis2.context.MessageContext;

/* loaded from: input_file:com/ibm/ws/wssecurity/wssapi/token/impl/UNTGenerateLoginModule.class */
public class UNTGenerateLoginModule implements LoginModule {
    private static final String comp = "security.wssecurity";
    private CallbackHandler _handler;
    private Map _sharedState;
    private List<SecurityToken> _processedTokens;
    private List<SecurityToken> _insertedTokens;
    private SecurityTokenManager _securityTokenManager;
    private Map<Object, Object> _context;
    private static final TraceComponent tc = Tr.register(UNTGenerateLoginModule.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.wssmessages");
    private static final String clsName = UNTGenerateLoginModule.class.getName();
    private static String _factoryKey = (String) WSSecurityFactoryBuilder.getImplClassName("com.ibm.ws.wssecurity.platform.UsernameToken");
    private static TokenFactory _tokenFactory = TokenFactoryFactory.getTokenFactory(_factoryKey);
    private static String EMIT_PASSWORD_DIGEST = "com.ibm.wsspi.wssecurity.token.username.emitPasswordDigest";

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initialize(Subject subject, CallbackHandler handler, Map sharedState, Map options)");
        }
        this._handler = callbackHandler;
        this._sharedState = map;
        this._processedTokens = new ArrayList();
        this._insertedTokens = new ArrayList();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "initialize(Subject, CallbackHandler, Map, Map)");
        }
    }

    public boolean login() throws LoginException {
        Set privateCredentials;
        Object property;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "login()");
        }
        Callback nameCallback = new NameCallback("username: ");
        PasswordCallback passwordCallback = new PasswordCallback("passowrd: ", false);
        UNTGenerateCallback uNTGenerateCallback = new UNTGenerateCallback();
        PropertyCallback propertyCallback = new PropertyCallback(null);
        try {
            this._handler.handle(new Callback[]{nameCallback, passwordCallback, uNTGenerateCallback, propertyCallback});
            this._context = propertyCallback.getProperties();
            MessageContext messageContext = (MessageContext) this._context.get(Constants.WSSECURITY_MESSAGE_CONTEXT);
            NonceManager nonceManager = (NonceManager) this._context.get(NonceManager.class);
            this._securityTokenManager = (SecurityTokenManager) this._context.get(Constants.WSSECURITY_SECURITY_TOKEN_MANAGER);
            Boolean bool = (Boolean) this._context.remove(com.ibm.ws.wssecurity.common.Constants.UNTGUIPROMPTCALLBACKHANDLER_IS_USED_KEY);
            UsernameToken customerUsernameToken = getCustomerUsernameToken(messageContext, true);
            String str = null;
            char[] cArr = null;
            String str2 = null;
            boolean isNonce = uNTGenerateCallback.isNonce();
            boolean isCreatedTimestamp = uNTGenerateCallback.isCreatedTimestamp();
            boolean isTrueProperty = ConfigUtil.getIsTrueProperty(this._context, EMIT_PASSWORD_DIGEST);
            if (!uNTGenerateCallback.isUsingIdentityAssertion()) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Checking the cached username token...");
                }
                if (messageContext != null) {
                    Object obj = null;
                    if (bool != null && !WSSContextManagerFactory.getInstance().processIsServer()) {
                        Object property2 = messageContext.getProperty("com.ibm.wsspi.websphere.security.SecurityContext");
                        if (!(property2 instanceof WSSContext)) {
                            property2 = messageContext.getProperty(com.ibm.ws.wssecurity.common.Constants.WSSECURITY_LOGINPROMPT_CONTEXT);
                        }
                        Subject subject = null;
                        try {
                            subject = ((WSSContext) property2).getRunAsSubject(messageContext);
                        } catch (SoapSecurityException e) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Exception caught " + e.getMessage());
                            }
                        }
                        if (subject != null && (privateCredentials = subject.getPrivateCredentials(SecurityTokenWrapper.class)) != null && !privateCredentials.isEmpty()) {
                            Iterator it = privateCredentials.iterator();
                            while (true) {
                                if (!it.hasNext()) {
                                    break;
                                }
                                SecurityTokenWrapper securityTokenWrapper = (SecurityTokenWrapper) it.next();
                                Object securityToken = securityTokenWrapper.getSecurityToken();
                                if (securityToken != null && (securityToken instanceof UsernameToken) && securityTokenWrapper.getEndPoint() != null && securityTokenWrapper.getEndPoint().length() > 0 && messageContext.getTo() != null && messageContext.getTo().getAddress().equals(securityTokenWrapper.getEndPoint())) {
                                    obj = securityToken;
                                    break;
                                }
                            }
                        }
                    }
                    if (obj != null && (obj instanceof UsernameToken)) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "The cached username token is used.");
                        }
                        final UsernameToken usernameToken = (UsernameToken) obj;
                        str = usernameToken.getUsername();
                        cArr = (char[]) AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: com.ibm.ws.wssecurity.wssapi.token.impl.UNTGenerateLoginModule.2
                            @Override // java.security.PrivilegedAction
                            public Object run() {
                                return usernameToken.getPassword();
                            }
                        });
                    }
                }
                if (str == null && customerUsernameToken != null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Getting username and password from captured token.");
                    }
                    str = customerUsernameToken.getUsername();
                    cArr = customerUsernameToken.getPassword();
                }
                if (str == null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Use username and password set by callbach handler [" + this._handler + "].");
                    }
                    str = nameCallback.getName();
                    cArr = passwordCallback.getPassword();
                }
            } else if (uNTGenerateCallback.isUsingRunAsSubject()) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Getting the RunAs identity...");
                }
                try {
                    str = WSSRealmFactory.getInstance().getRealmQualifiedRunAsIdentity(messageContext, uNTGenerateCallback.isSendRealm(), uNTGenerateCallback.isUsingTrustedRealm());
                } catch (SoapSecurityException e2) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Exception caught: " + e2.getMessage() + e2.getCause());
                    }
                    LoginException loginException = new LoginException(e2.getMessage());
                    loginException.initCause(e2);
                    throw loginException;
                }
            } else {
                UsernameToken usernameToken2 = null;
                if (customerUsernameToken != null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Getting username and password from captured token.");
                    }
                    usernameToken2 = customerUsernameToken;
                } else {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Checking the identifier of initial sender...");
                    }
                    if (messageContext != null && (property = messageContext.getProperty(Constants.WSSECURITY_INITIAL_SENDER_ID)) != null && (property instanceof UsernameToken)) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "The identifier of initial sender is used.");
                        }
                        usernameToken2 = (UsernameToken) property;
                    }
                }
                if (usernameToken2 != null) {
                    str = usernameToken2.getUsername();
                    if (uNTGenerateCallback.isUsingTrustedRealm()) {
                        final UsernameToken usernameToken3 = usernameToken2;
                        char[] cArr2 = (char[]) AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: com.ibm.ws.wssecurity.wssapi.token.impl.UNTGenerateLoginModule.1
                            @Override // java.security.PrivilegedAction
                            public Object run() {
                                return usernameToken3.getPassword();
                            }
                        });
                        str2 = cArr2 == null ? null : cArr2.toString();
                    }
                }
                if (str == null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Use username and password set by callbach handler [" + this._handler + "].");
                    }
                    str = nameCallback.getName();
                    if (uNTGenerateCallback.isUsingTrustedRealm()) {
                        char[] password = passwordCallback.getPassword();
                        str2 = password == null ? null : password.toString();
                    }
                }
                try {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Use username = [" + str + "] password = [" + (str2 == null ? AppConstants.NULL_STRING : "not null") + "]");
                    }
                    if (!ConfigUtil.getIsTrueProperty(this._context, "com.ibm.wsspi.wssecurity.token.UsernameToken.disableUserRegistryCheck")) {
                        str = WSSRealmFactory.getInstance().getRealmQualifiedIdentity(str, str2, uNTGenerateCallback.isSendRealm(), uNTGenerateCallback.isUsingTrustedRealm());
                    } else if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Skipping registry check");
                    }
                } catch (SoapSecurityException e3) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Exception caught: " + e3.getMessage() + " : " + e3.getCause());
                    }
                    LoginException loginException2 = new LoginException(e3.getMessage());
                    loginException2.initCause(e3);
                    throw loginException2;
                }
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Acquired username is [" + str + "].");
                Tr.debug(tc, "Acuqired password is [" + (cArr == null ? AppConstants.NULL_STRING : "XXXXXXXX") + "].");
            }
            TokenGeneratorConfig tokenGeneratorConfig = (TokenGeneratorConfig) this._context.get(TokenGeneratorConfig.CONFIG_KEY);
            boolean z = true;
            String str3 = (String) tokenGeneratorConfig.getProperties().get(Constants.TOKEN_FORWARDABLE);
            if (str3 != null && str3.equalsIgnoreCase("false")) {
                z = false;
            }
            String makeUniqueId = IdUtils.getInstance().makeUniqueId(this._context, "unt_");
            try {
                SecurityToken token = getToken(tokenGeneratorConfig, str, cArr, this._securityTokenManager);
                if (token == null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "There is no token [" + makeUniqueId + "] stored in the Subject.");
                    }
                    final UsernameTokenImpl usernameTokenImpl = (UsernameTokenImpl) _tokenFactory.getToken(z);
                    final String str4 = str;
                    final char[] cArr3 = cArr;
                    AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.wssecurity.wssapi.token.impl.UNTGenerateLoginModule.3
                        @Override // java.security.PrivilegedAction
                        public Object run() {
                            usernameTokenImpl.setUsername(str4);
                            usernameTokenImpl.setPassword(cArr3);
                            return null;
                        }
                    });
                    usernameTokenImpl.setKey(61, null);
                    usernameTokenImpl.setKey(62, null);
                    usernameTokenImpl.setId(makeUniqueId);
                    int i = 0;
                    Object obj2 = this._context.get(com.ibm.ws.wssecurity.common.Constants.WSS_VERSION);
                    if (obj2 != null && (obj2 instanceof Integer)) {
                        i = ((Integer) obj2).intValue();
                    }
                    usernameTokenImpl.setXML(createTokenElement(this._context.get("com.ibm.ws.wssecurity.constants.processingElement"), str, cArr, makeUniqueId, isNonce, isCreatedTimestamp, i, nonceManager, isTrueProperty));
                    if (bool != null && !WSSContextManagerFactory.getInstance().processIsServer()) {
                        Object property3 = messageContext.getProperty("com.ibm.wsspi.websphere.security.SecurityContext");
                        if (!(property3 instanceof WSSContext)) {
                            property3 = messageContext.getProperty(com.ibm.ws.wssecurity.common.Constants.WSSECURITY_LOGINPROMPT_CONTEXT);
                        }
                        WSSContext wSSContext = (WSSContext) property3;
                        Subject subject2 = null;
                        try {
                            subject2 = wSSContext.getRunAsSubject(messageContext);
                            if (subject2 == null) {
                                subject2 = new Subject();
                                wSSContext.setRunAsSubject(subject2, messageContext);
                            }
                        } catch (SoapSecurityException e4) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Exception caught " + e4.getMessage());
                            }
                        }
                        if (subject2 != null && messageContext.getTo() != null) {
                            SecurityTokenWrapper securityTokenWrapper2 = new SecurityTokenWrapper(usernameTokenImpl);
                            securityTokenWrapper2.setEndPoint(messageContext.getTo().getAddress());
                            subject2.getPrivateCredentials().add(securityTokenWrapper2);
                        }
                    }
                    this._processedTokens.add(usernameTokenImpl);
                    this._insertedTokens.add(usernameTokenImpl);
                } else {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "There is the token [" + token.getId() + "] stored in the Subject.");
                    }
                    this._processedTokens.add(token);
                }
                TokenUtils.putTokenToSharedState(this._sharedState, this._processedTokens, true);
                if (!tc.isEntryEnabled()) {
                    return true;
                }
                Tr.exit(tc, "login()");
                return true;
            } catch (SoapSecurityException e5) {
                Tr.processException(e5, clsName + ".login", "209", this);
                LoginException loginException3 = new LoginException(e5.toString());
                loginException3.initCause(e5);
                throw loginException3;
            }
        } catch (Exception e6) {
            Tr.processException(e6, clsName + ".login", "112", this);
            Tr.error(tc, "security.wssecurity.BSTokenLoginModule.s01", e6);
            LoginException loginException4 = new LoginException(ConfigUtil.getMessage("security.wssecurity.BSTokenLoginModule.s01", new String[]{e6.toString()}));
            loginException4.initCause(e6);
            throw loginException4;
        }
    }

    public boolean commit() throws LoginException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "commit()");
        }
        int size = this._processedTokens.size();
        for (int i = 0; i < size; i++) {
            this._securityTokenManager.addToken(this._processedTokens.get(i));
        }
        this._context.put(Constants.WSSECURITY_TOKEN_PROCESSED, this._processedTokens);
        this._context.put(Constants.WSSECURITY_TOKEN_TO_BE_INSERTED, this._insertedTokens);
        if (!tc.isEntryEnabled()) {
            return true;
        }
        Tr.exit(tc, "commit()");
        return true;
    }

    public boolean abort() throws LoginException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "abort()");
        }
        if (!tc.isEntryEnabled()) {
            return false;
        }
        Tr.exit(tc, "abort()");
        return false;
    }

    public boolean logout() throws LoginException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "logout()");
        }
        if (!tc.isEntryEnabled()) {
            return false;
        }
        Tr.exit(tc, "logout()");
        return false;
    }

    private static final SecurityToken getToken(TokenGeneratorConfig tokenGeneratorConfig, String str, char[] cArr, SecurityTokenManager securityTokenManager) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("getToken(");
            stringBuffer.append("TokenGeneratorConfig config, ");
            stringBuffer.append("String username[").append(str).append("], ");
            stringBuffer.append("char[] password[");
            stringBuffer.append(cArr == null ? AppConstants.NULL_STRING : "not null");
            stringBuffer.append("], SecurityTokenManager securityTokenManager)");
            Tr.entry(tc, stringBuffer.toString());
        }
        SecurityToken securityToken = null;
        Collection<SecurityToken> tokens = securityTokenManager.getTokens(tokenGeneratorConfig);
        if (tokens != null && tokens.size() > 0) {
            Iterator<SecurityToken> it = tokens.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                SecurityToken next = it.next();
                if ((next instanceof UsernameToken) && ((UsernameToken) next).getUsername().equals(str) && equalsCharArray(((UsernameToken) next).getPassword(), cArr)) {
                    securityToken = next;
                    break;
                }
            }
        }
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer2 = new StringBuffer("getToken(");
            stringBuffer2.append("TokenGeneratorConfig, String, char[], SecurityTokenManager)");
            stringBuffer2.append(" returns SecurityToken[").append(securityToken).append("]");
            Tr.exit(tc, stringBuffer2.toString());
        }
        return securityToken;
    }

    protected static final OMElement createOMTokenElement(OMFactory oMFactory, OMElement oMElement, String str, char[] cArr, String str2, boolean z, boolean z2, int i, NonceManager nonceManager) throws LoginException {
        return createOMTokenElement(oMFactory, oMElement, str, cArr, str2, z, z2, i, nonceManager, false);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static final OMElement createOMTokenElement(OMFactory oMFactory, OMElement oMElement, String str, char[] cArr, String str2, boolean z, boolean z2, int i, NonceManager nonceManager, boolean z3) throws LoginException {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("createOMTokenElement(");
            stringBuffer.append("OMFactory factory, ");
            stringBuffer.append("OMElement parent[").append(DOMUtils.getDisplayName(oMElement)).append("], ");
            stringBuffer.append("String username[").append(str).append("], ");
            stringBuffer.append("char[] password [");
            stringBuffer.append(cArr == null ? AppConstants.NULL_STRING : "not null").append("], ");
            stringBuffer.append("String id[").append(str2).append("], ");
            stringBuffer.append("boolean setNonce[").append(z).append("], ");
            stringBuffer.append("boolean setCreatedTimestamp[").append(z2).append("], ");
            stringBuffer.append("int wssVersion[").append(i).append("], ");
            stringBuffer.append("NonceManager [" + ConfigUtil.getObjState(nonceManager) + "], ");
            stringBuffer.append("boolean passwordDigest[" + z3 + "])");
            Tr.entry(tc, stringBuffer.toString());
        }
        String str3 = com.ibm.ws.wssecurity.common.Constants.NAMESPACES[0][i];
        String str4 = com.ibm.ws.wssecurity.common.Constants.NAMESPACES[1][i];
        NonceManager nonceManager2 = nonceManager;
        boolean z4 = false;
        String str5 = null;
        if (oMElement != null) {
            str5 = DOMUtils.getNamespacePrefix(oMElement, str3);
        }
        if (str5 == null) {
            z4 = true;
            str5 = "wsse";
        }
        OMElement createOMElement = oMFactory.createOMElement("UsernameToken", str3, str5);
        if (z4) {
            createOMElement.declareNamespace(str3, str5);
        }
        if (str2 != null) {
            boolean z5 = false;
            String str6 = null;
            if (oMElement != null) {
                str6 = DOMUtils.getNamespacePrefix(oMElement, str4);
            }
            if (str6 == null) {
                z5 = true;
                str6 = "wsu";
            }
            if (z5) {
                createOMElement.declareNamespace(str4, str6);
            }
            createOMElement.addAttribute("Id", str2, createOMElement.getOMFactory().createOMNamespace(com.ibm.ws.wssecurity.common.Constants.NS_WSU, str6));
        }
        OMElement createOMElement2 = oMFactory.createOMElement("Username", com.ibm.ws.wssecurity.common.Constants.NS_WSSE, str5);
        createOMElement2.addChild(oMFactory.createOMText(str));
        createOMElement.addChild(createOMElement2);
        if (z && nonceManager2 == null) {
            nonceManager2 = getNonceManager(nonceManager);
        }
        if (z3) {
            addPasswordDigest(cArr, z2, z, nonceManager2, createOMElement, oMFactory, i, str5, str3, str4);
        } else {
            if (cArr != null && cArr.length > 0) {
                OMElement createOMElement3 = oMFactory.createOMElement("Password", com.ibm.ws.wssecurity.common.Constants.NS_WSSE, str5);
                DOMUtils.setQNameAttr(createOMElement3, null, "Type", com.ibm.ws.wssecurity.common.Constants.PASSWORD_TEXT, i);
                createOMElement3.addChild(oMFactory.createOMText(new String(cArr)));
                createOMElement.addChild(createOMElement3);
            }
            if (z2) {
                try {
                    NonceUtil.addCreated(oMFactory, createOMElement, str4);
                } catch (SoapSecurityException e) {
                    LoginException loginException = new LoginException(e.toString());
                    loginException.initCause(e);
                    throw loginException;
                }
            }
            if (z) {
                try {
                    NonceUtil.addNonce(oMFactory, createOMElement, str3, nonceManager2, (String) null);
                } catch (SoapSecurityException e2) {
                    LoginException loginException2 = new LoginException(e2.toString());
                    loginException2.initCause(e2);
                    throw loginException2;
                }
            }
        }
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer2 = new StringBuffer("createOMTokenElement(");
            stringBuffer2.append("OMFactory, OMElement, String, char[], String, boolean, boolean, int)");
            stringBuffer2.append(" returns OMElement [").append(createOMElement).append("]");
            Tr.exit(tc, stringBuffer2.toString());
        }
        return createOMElement;
    }

    private static void addPasswordDigest(char[] cArr, boolean z, boolean z2, NonceManager nonceManager, OMElement oMElement, OMFactory oMFactory, int i, String str, String str2, String str3) throws LoginException {
        addPasswordDigest(cArr, z, z2, nonceManager, oMElement, oMFactory, i, str, str2, str3, null, null);
    }

    private static void addPasswordDigest(char[] cArr, boolean z, boolean z2, NonceManager nonceManager, com.ibm.ws.wssecurity.wssobject.impl.wsse10.UsernameToken usernameToken, WSSObjectDocumentImpl wSSObjectDocumentImpl) throws LoginException {
        addPasswordDigest(cArr, z, z2, nonceManager, null, null, 0, null, null, null, usernameToken, wSSObjectDocumentImpl);
    }

    private static void addPasswordDigest(char[] cArr, boolean z, boolean z2, NonceManager nonceManager, OMElement oMElement, OMFactory oMFactory, int i, String str, String str2, String str3, com.ibm.ws.wssecurity.wssobject.impl.wsse10.UsernameToken usernameToken, WSSObjectDocumentImpl wSSObjectDocumentImpl) throws LoginException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "addPasswordDigest(password,setCreatedTimestamp[" + z + "],useNonce[" + z2 + "],nmanager[" + ConfigUtil.getObjState(nonceManager) + "],tokenElem[" + ConfigUtil.getObjType(oMElement) + "],factory[" + ConfigUtil.getObjType(oMFactory) + "],wssVersion[" + i + "],pWsse[" + str + "],nsWsse[" + str2 + "],nsWsu[" + str3 + "],wssObjTokenElem[" + ConfigUtil.getObjType(usernameToken) + "],doc[" + ConfigUtil.getObjType(wSSObjectDocumentImpl) + "])");
        }
        String str4 = null;
        byte[] bArr = new byte[0];
        String str5 = null;
        if (z) {
            str4 = UTC.format(new Date());
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "createdString[" + str4 + "]");
        }
        if (z2) {
            try {
                bArr = NonceUtil.generateUnencodedNonce(nonceManager);
                if (bArr.length != 0) {
                    str5 = Base64.encode(bArr);
                }
            } catch (Exception e) {
                LoginException loginException = new LoginException(e.toString());
                loginException.initCause(e);
                throw loginException;
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "nonceString[" + str5 + "]");
        }
        String digestPassword = digestPassword(str5, str4, cArr);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "digestedPassword[" + digestPassword + "]");
        }
        if (oMElement != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Updating OM token element");
            }
            if (cArr != null && cArr.length > 0) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Adding password");
                }
                OMElement createOMElement = oMFactory.createOMElement("Password", com.ibm.ws.wssecurity.common.Constants.NS_WSSE, str);
                DOMUtils.setQNameAttr(createOMElement, null, "Type", com.ibm.ws.wssecurity.common.Constants.PASSWORD_DIGEST, i);
                createOMElement.addChild(oMFactory.createOMText(digestPassword));
                oMElement.addChild(createOMElement);
            }
            if (z) {
                try {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Adding timestamp");
                    }
                    NonceUtil.addCreated(oMFactory, oMElement, str3, str4);
                } catch (SoapSecurityException e2) {
                    LoginException loginException2 = new LoginException(e2.toString());
                    loginException2.initCause(e2);
                    throw loginException2;
                }
            }
            if (z2) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Adding nonce");
                }
                NonceUtil.addNonce(oMFactory, oMElement, str2, (String) null, str5);
            }
        }
        if (usernameToken != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Updating WSSOBJ token element");
            }
            if (cArr != null && cArr.length > 0) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Adding password");
                }
                Password password = new Password(wSSObjectDocumentImpl);
                password.setType(VariablePartFactory.getInstance().createAttrValueWithString(com.ibm.ws.wssecurity.common.Constants.NS_WSSE_VUSERNAME + "#PasswordDigest"));
                password.setPassword(VariablePartFactory.getInstance().createTextValueWithString(new String(digestPassword)));
                usernameToken.addChild(password);
            }
            if (z) {
                try {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Adding timestamp");
                    }
                    WSSObjectUtils.addCreated(usernameToken, str4);
                } catch (SoapSecurityException e3) {
                    LoginException loginException3 = new LoginException(e3.toString());
                    loginException3.initCause(e3);
                    throw loginException3;
                }
            }
            if (z2) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Adding nonce");
                }
                WSSObjectUtils.addNonce(usernameToken, nonceManager, bArr);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "addPasswordDigest");
        }
    }

    public static String digestPassword(String str, String str2, char[] cArr) throws LoginException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "digestPassword(nonce[" + str + "],created[" + str2 + "],password)");
        }
        String str3 = null;
        AlgorithmFactory algorithmFactory = AlgorithmFactory.getInstance();
        MessageDigest messageDigest = null;
        try {
            try {
                messageDigest = algorithmFactory.getMessageDigest("http://www.w3.org/2000/09/xmldsig#sha1", null);
                messageDigest.reset();
                byte[] decode = str != null ? Base64.decode(str) : new byte[0];
                byte[] bytes = str2 != null ? str2.getBytes("UTF-8") : new byte[0];
                byte[] bytes2 = new String(cArr).getBytes("UTF-8");
                byte[] bArr = new byte[decode.length + bytes.length + bytes2.length];
                System.arraycopy(decode, 0, bArr, 0, decode.length);
                int length = 0 + decode.length;
                System.arraycopy(bytes, 0, bArr, length, bytes.length);
                System.arraycopy(bytes2, 0, bArr, length + bytes.length, bytes2.length);
                str3 = Base64.encode(messageDigest.digest(bArr));
                if (messageDigest != null) {
                    algorithmFactory.releaseMessageDigest("http://www.w3.org/2000/09/xmldsig#sha1", messageDigest);
                }
            } catch (Exception e) {
                new LoginException(e.getMessage()).initCause(e);
                if (messageDigest != null) {
                    algorithmFactory.releaseMessageDigest("http://www.w3.org/2000/09/xmldsig#sha1", messageDigest);
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "digestPassword returns [" + str3 + "]");
            }
            return str3;
        } catch (Throwable th) {
            if (messageDigest != null) {
                algorithmFactory.releaseMessageDigest("http://www.w3.org/2000/09/xmldsig#sha1", messageDigest);
            }
            throw th;
        }
    }

    private static NonceManager getNonceManager(NonceManager nonceManager) throws LoginException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getNonceManager(NonceManager[" + ConfigUtil.getObjType(nonceManager) + "]");
        }
        NonceManager nonceManager2 = nonceManager;
        if (nonceManager2 == null) {
            Map wssContext = ConfigUtil.getWssContext();
            if (wssContext != null) {
                nonceManager2 = (NonceManager) wssContext.get(NonceManager.class);
            }
            if (nonceManager2 == null) {
                try {
                    nonceManager2 = NonceManagerFactory.getInstance();
                } catch (Exception e) {
                    LoginException loginException = new LoginException(e.toString());
                    loginException.initCause(e);
                    throw loginException;
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getNonceManager returns [" + ConfigUtil.getObjType(nonceManager2) + "]");
        }
        return nonceManager2;
    }

    private static final WSSObjectElement createWSSObjectTokenElement(WSSObjectElement wSSObjectElement, String str, char[] cArr, String str2, boolean z, boolean z2, int i, NonceManager nonceManager, boolean z3) throws LoginException {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("createWSSObjectTokenElement(");
            stringBuffer.append("WSSObjectElement parent[").append(wSSObjectElement.getQName()).append("], ");
            stringBuffer.append("String username[").append(str).append("], ");
            stringBuffer.append("char[] password [");
            stringBuffer.append(cArr == null ? AppConstants.NULL_STRING : "not null").append("], ");
            stringBuffer.append("String id[").append(str2).append("], ");
            stringBuffer.append("boolean setNonce[").append(z).append("], ");
            stringBuffer.append("boolean setCreatedTimestamp[").append(z2).append("], ");
            stringBuffer.append("int wssVersion[").append(i).append("], ");
            stringBuffer.append("NonceManager [" + ConfigUtil.getObjState(nonceManager) + "], ");
            stringBuffer.append("boolean emitPasswordDigest[" + z3 + "])");
            Tr.entry(tc, stringBuffer.toString());
        }
        NonceManager nonceManager2 = nonceManager;
        WSSObjectDocumentImpl wSSObjectDocument = wSSObjectElement.getWSSObjectDocument();
        com.ibm.ws.wssecurity.wssobject.impl.wsse10.UsernameToken usernameToken = new com.ibm.ws.wssecurity.wssobject.impl.wsse10.UsernameToken(wSSObjectDocument);
        if (str2 != null && !str2.isEmpty()) {
            usernameToken.setWsuId(VariablePartFactory.getInstance().createAttrValueWithString(str2));
        }
        usernameToken.setUsername(VariablePartFactory.getInstance().createTextValueWithString(str));
        if (z && nonceManager2 == null) {
            nonceManager2 = getNonceManager(nonceManager);
        }
        if (z3) {
            addPasswordDigest(cArr, z2, z, nonceManager2, usernameToken, wSSObjectDocument);
        } else {
            if (cArr != null && cArr.length > 0) {
                Password password = new Password(wSSObjectDocument);
                password.setType(VariablePartFactory.getInstance().createAttrValueWithString(com.ibm.ws.wssecurity.common.Constants.PASSWORD_TEXT_STRING));
                password.setPassword(VariablePartFactory.getInstance().createTextValueWithString(new String(cArr)));
                usernameToken.addChild(password);
            }
            if (z2) {
                WSSObjectUtils.addCreated(usernameToken);
            }
            if (z) {
                try {
                    WSSObjectUtils.addNonce(usernameToken, nonceManager2);
                } catch (SoapSecurityException e) {
                    LoginException loginException = new LoginException(e.toString());
                    loginException.initCause(e);
                    throw loginException;
                }
            }
        }
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer2 = new StringBuffer("createWSSObjectTokenElement(");
            stringBuffer2.append("WSSObjectElement, String, char[], String, boolean, boolean, int)");
            stringBuffer2.append(" returns WSSObjectElement [").append(usernameToken).append("]");
            Tr.exit(tc, stringBuffer2.toString());
        }
        return usernameToken;
    }

    private static final XMLStructure createTokenElement(Object obj, String str, char[] cArr, String str2, boolean z, boolean z2, int i, NonceManager nonceManager, boolean z3) throws LoginException {
        return obj instanceof WSSObjectElement ? new WSSObjectStructureImpl(createWSSObjectTokenElement((WSSObjectElement) obj, str, cArr, str2, z, z2, i, nonceManager, z3)) : new OMStructure(createOMTokenElement(((OMElement) obj).getOMFactory(), (OMElement) obj, str, cArr, str2, z, z2, i, nonceManager, z3));
    }

    private static final boolean equalsCharArray(char[] cArr, char[] cArr2) {
        boolean z = true;
        if (cArr == null) {
            if (cArr2 != null) {
                z = false;
            }
        } else if (cArr2 == null) {
            z = false;
        } else {
            int length = cArr.length;
            if (length != cArr2.length) {
                z = false;
            } else {
                int i = 0;
                while (true) {
                    if (i >= length) {
                        break;
                    }
                    if (cArr[i] != cArr2[i]) {
                        z = false;
                        break;
                    }
                    i++;
                }
            }
        }
        return z;
    }

    private UsernameToken getCustomerUsernameToken(MessageContext messageContext, boolean z) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getCustomerUsernameToken");
        }
        UsernameToken usernameToken = null;
        CallbackHandlerConfig callbackHandlerConfig = null;
        if (this._context != null) {
            callbackHandlerConfig = (CallbackHandlerConfig) this._context.get(CallbackHandlerConfig.CONFIG_KEY);
        }
        SecurityToken customerToken = TokenUtils.getCustomerToken(messageContext, this._sharedState, callbackHandlerConfig, UsernameToken.ValueType, z);
        if (customerToken != null) {
            if (customerToken instanceof UsernameToken) {
                usernameToken = (UsernameToken) customerToken;
            } else {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Token is not a UsernameToken; discarding.");
                }
                usernameToken = null;
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getCustomerUsernameToken returns [" + (usernameToken != null ? usernameToken.getClass().getName() : AppConstants.NULL_STRING) + "]");
        }
        return usernameToken;
    }
}
