package com.ibm.ws.wssecurity.handler;

import com.ibm.websphere.wssecurity.admin.PolicyAttributesConstants;
import com.ibm.ws.wssecurity.config.CallerConfig;
import com.ibm.ws.wssecurity.config.DerivedKeyInfoConfig;
import com.ibm.ws.wssecurity.config.EncryptionConsumerConfig;
import com.ibm.ws.wssecurity.config.KeyInfoContentConsumerConfig;
import com.ibm.ws.wssecurity.config.ReferencePartConfig;
import com.ibm.ws.wssecurity.config.SignatureConsumerConfig;
import com.ibm.ws.wssecurity.config.SigningReferenceConfig;
import com.ibm.ws.wssecurity.config.WSSConsumerConfig;
import com.ibm.ws.wssecurity.confimpl.PrivateCommonConfig;
import com.ibm.ws.wssecurity.confimpl.PrivateConsumerConfig;
import com.ibm.ws.wssecurity.core.NonceManagerFactory;
import com.ibm.ws.wssecurity.core.WSSecurityDefaultConfiguration;
import com.ibm.ws.wssecurity.token.NonceManager;
import com.ibm.ws.wssecurity.util.ConfidentialDialectElementSelector;
import com.ibm.ws.wssecurity.util.ConfigConstants;
import com.ibm.ws.wssecurity.util.ConfigUtil;
import com.ibm.ws.wssecurity.util.IntegralDialectElementSelector;
import com.ibm.ws.wssecurity.util.Tr;
import com.ibm.ws.wssecurity.util.TraceComponent;
import com.ibm.wsspi.wssecurity.core.SoapSecurityException;
import com.ibm.wsspi.wssecurity.core.config.TokenConsumerConfig;
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.xml.namespace.QName;

/* loaded from: input_file:com/ibm/ws/wssecurity/handler/PolicyInboundConfig.class */
public class PolicyInboundConfig extends PrivateConsumerConfig {
    private Map<String, TokenConsumerConfig> nameToken;
    Map<String, KeyInfoContentConsumerConfig> nameKeyInfo;
    private Map<String, String> encryptionAlgorithms;
    private Map<String, String> keyEncryptionAlgorithms;
    private Map<String, String> asymmetricSignatureAlgorithms;
    private Map<String, String> symmetricSignatureAlgorithms;
    private Map<String, String> canonicalizationAlgorithms;
    private Map<String, String> transformAlgorithms;
    private Map<String, String> digestAlgorithms;
    private String asymmetricSignatureAlgorithm;
    private String symmetricSignatureAlgorithm;
    private String digestAlgorithm;
    private String transformAlgorithm;
    private String canonicalizationAlgorithm;
    private String encryptionAlgorithm;
    private String keyEncryptionAlgorithm;
    private static final String comp = "security.wssecurity";
    private static WSSBindings securityBindings;
    private WSSBinding securityBinding;
    private boolean isTargetBindingUsing10NS;
    private static boolean _avoid70BindingsNSCheck;
    private String origin;
    public static final String PIC_REVOCATION_ENABLED = "com.ibm.ws.wssecurity.handler.PolicyInboundConfig.token.revocationEnabled";
    private static final TraceComponent tc = Tr.register(PolicyInboundConfig.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.wssmessages");
    private static final String clsName = PolicyInboundConfig.class.getName();

    public PolicyInboundConfig(WSSBindings wSSBindings, WSSPolicy wSSPolicy, boolean z, ClassLoader classLoader, WSSecurityDefaultConfiguration wSSecurityDefaultConfiguration) throws SoapSecurityException {
        this.nameKeyInfo = new HashMap();
        this.asymmetricSignatureAlgorithm = null;
        this.symmetricSignatureAlgorithm = null;
        this.digestAlgorithm = null;
        this.transformAlgorithm = "http://www.w3.org/2001/10/xml-exc-c14n#";
        this.canonicalizationAlgorithm = "http://www.w3.org/2001/10/xml-exc-c14n#";
        this.encryptionAlgorithm = null;
        this.keyEncryptionAlgorithm = null;
        this.securityBinding = null;
        this.isTargetBindingUsing10NS = false;
        this.origin = "non-ws-security";
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "PolicyInboundConfig(WSSBindings appBindings, WSSPolicy appPolicy, boolean isRequest, ClassLoader appClassLoader,WSSecurityDefaultConfiguration defaultConfiguration):", new Object[]{wSSBindings, wSSPolicy, Boolean.valueOf(z), classLoader, wSSecurityDefaultConfiguration});
        }
        WSSInboundBinding wSSInboundBinding = null;
        if (wSSBindings != null) {
            securityBindings = wSSBindings;
            this.securityBinding = securityBindings.getApplicationBindings();
            if (this.securityBinding != null) {
                wSSInboundBinding = this.securityBinding.getSecurityInboundBindingConfig();
            }
        } else {
            if (wSSecurityDefaultConfiguration == null) {
                throw new SoapSecurityException("security.wssecurity.PolicyInboundConfig.s02");
            }
            Tr.warning(tc, "No Application Bindings found, will use Default Bindings");
        }
        init(wSSInboundBinding, wSSPolicy, z, classLoader, wSSecurityDefaultConfiguration);
        this.origin = "ws-security";
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "PolicyInboundConfig(WSSBindings appBindings, WSSPolicy appPolicy, boolean isRequest, ClassLoader appClassLoader,WSSecurityDefaultConfiguration defaultConfiguration):", new Object[]{wSSBindings, wSSPolicy, Boolean.valueOf(z), classLoader});
        }
    }

    public PolicyInboundConfig(WSSInboundBinding wSSInboundBinding, WSSPolicy wSSPolicy, boolean z, ClassLoader classLoader, WSSecurityDefaultConfiguration wSSecurityDefaultConfiguration) throws SoapSecurityException {
        this.nameKeyInfo = new HashMap();
        this.asymmetricSignatureAlgorithm = null;
        this.symmetricSignatureAlgorithm = null;
        this.digestAlgorithm = null;
        this.transformAlgorithm = "http://www.w3.org/2001/10/xml-exc-c14n#";
        this.canonicalizationAlgorithm = "http://www.w3.org/2001/10/xml-exc-c14n#";
        this.encryptionAlgorithm = null;
        this.keyEncryptionAlgorithm = null;
        this.securityBinding = null;
        this.isTargetBindingUsing10NS = false;
        this.origin = "non-ws-security";
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "PolicyInboundConfig(WSSInboundBinding binding, WSSPolicy policyRoot, boolean isRequest, ClassLoader appClassLoader,WSSecurityDefaultConfiguration defaultConfiguration):", new Object[]{wSSInboundBinding, wSSPolicy, Boolean.valueOf(z), classLoader});
        }
        if (wSSInboundBinding == null && wSSecurityDefaultConfiguration == null) {
            throw new SoapSecurityException("security.wssecurity.PolicyInboundConfig.s02");
        }
        init(wSSInboundBinding, wSSPolicy, z, classLoader, wSSecurityDefaultConfiguration);
        this.origin = "ws-security";
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "PolicyInboundConfig(WSSInboundBinding binding, WSSPolicy policyRoot, boolean isRequest, ClassLoader appClassLoader,WSSecurityDefaultConfiguration defaultConfiguration)", new Object[]{wSSInboundBinding, wSSPolicy, Boolean.valueOf(z), classLoader});
        }
    }

    /*  JADX ERROR: JadxRuntimeException in pass: BlockProcessor
        jadx.core.utils.exceptions.JadxRuntimeException: CFG modification limit reached, blocks count: 2233
        	at jadx.core.dex.visitors.blocks.BlockProcessor.processBlocksTree(BlockProcessor.java:64)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.visit(BlockProcessor.java:44)
        */
    protected final void init(com.ibm.ws.wssecurity.handler.WSSInboundBinding r9, com.ibm.ws.wssecurity.handler.WSSPolicy r10, boolean r11, java.lang.ClassLoader r12, com.ibm.ws.wssecurity.core.WSSecurityDefaultConfiguration r13) throws com.ibm.wsspi.wssecurity.core.SoapSecurityException {
        /*
            Method dump skipped, instructions count: 19348
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ws.wssecurity.handler.PolicyInboundConfig.init(com.ibm.ws.wssecurity.handler.WSSInboundBinding, com.ibm.ws.wssecurity.handler.WSSPolicy, boolean, java.lang.ClassLoader, com.ibm.ws.wssecurity.core.WSSecurityDefaultConfiguration):void");
    }

    private final void initDefaultConfig(WSSConsumerConfig wSSConsumerConfig, boolean z, boolean z2, boolean z3) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initDefaultConfig(WSSConsumerConfig, Map):", new Object[]{wSSConsumerConfig, this.nameToken});
        }
        HashSet<QName> hashSet = new HashSet();
        HashSet<String> hashSet2 = new HashSet();
        HashMap hashMap = new HashMap();
        HashMap<QName, Integer> hashMap2 = new HashMap<>();
        HashMap<QName, Integer> hashMap3 = new HashMap<>();
        HashMap hashMap4 = new HashMap();
        boolean z4 = "com.ibm.xmlns.prod.websphere._200608.ws_securitybinding".equals(wSSConsumerConfig.getDefaultBindingNamespace());
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Target default bindings name space = " + wSSConsumerConfig.getDefaultBindingNamespace());
        }
        boolean z5 = false;
        Iterator<TokenConsumerConfig> it = wSSConsumerConfig.getTokenConsumers().iterator();
        while (it.hasNext()) {
            PrivateConsumerConfig.TokenConsumerConfImpl tokenConsumerConfImpl = (PrivateConsumerConfig.TokenConsumerConfImpl) it.next();
            String qName = tokenConsumerConfImpl.getType().toString();
            if (tokenConsumerConfImpl._jaasConfig.contains("wss.consume.KRB5BST") && z4 && !_avoid70BindingsNSCheck) {
                throw SoapSecurityException.format("security.wssecurity.PolicyInboundConfig.s42", "com.ibm.xmlns.prod.websphere._200608.ws_securitybinding", "http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1");
            }
            if (com.ibm.ws.wssecurity.common.Constants.SCT_13.equals(tokenConsumerConfImpl._type)) {
                if (z4 && !_avoid70BindingsNSCheck) {
                    throw SoapSecurityException.format("security.wssecurity.PolicyInboundConfig.s42", "com.ibm.xmlns.prod.websphere._200608.ws_securitybinding", tokenConsumerConfImpl.getType().getLocalPart());
                }
                if (this._symmetricProtectionTokenAssertion == null || !com.ibm.ws.wssecurity.common.Constants.SC_200502.equals(this._symmetricProtectionTokenAssertion._tokenType)) {
                    if (this._symmetricSignatureTokenAssertion != null && com.ibm.ws.wssecurity.common.Constants.SC_200502.equals(this._symmetricSignatureTokenAssertion._tokenType)) {
                        this._symmetricSignatureTokenAssertion._tokenType = com.ibm.ws.wssecurity.common.Constants.SCT_13;
                    }
                    if (this._symmetricEncryptionTokenAssertion != null && com.ibm.ws.wssecurity.common.Constants.SC_200502.equals(this._symmetricEncryptionTokenAssertion._tokenType)) {
                        this._symmetricEncryptionTokenAssertion._tokenType = com.ibm.ws.wssecurity.common.Constants.SCT_13;
                    }
                } else {
                    this._symmetricProtectionTokenAssertion._tokenType = com.ibm.ws.wssecurity.common.Constants.SCT_13;
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Replaced sct token Type with [" + com.ibm.ws.wssecurity.common.Constants.SCT_13 + "].");
                }
            } else if (com.ibm.ws.wssecurity.common.Constants.LTPAv2_TOKEN.equals(tokenConsumerConfImpl._type)) {
                z5 = true;
            } else if ((com.ibm.ws.wssecurity.common.Constants.UNTOKEN.equals(tokenConsumerConfImpl._type) || com.ibm.ws.wssecurity.common.Constants.UNTOKEN_11.equals(tokenConsumerConfImpl._type)) && tokenConsumerConfImpl._callbackHandler != null) {
                String str = (String) tokenConsumerConfImpl._callbackHandler._properties.get(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_USE_IDASSERTION);
                if (str != null) {
                    if (str.equals("true")) {
                        qName = qName + com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_USE_IDASSERTION;
                        if (hashMap4.get(qName) != null) {
                            throw SoapSecurityException.format("security.wssecurity.PolicyInboundConfig.s30");
                        }
                    } else if (hashMap4.get(qName) != null) {
                        throw SoapSecurityException.format("security.wssecurity.PolicyInboundConfig.s29");
                    }
                } else if (hashMap4.get(qName) != null) {
                    throw SoapSecurityException.format("security.wssecurity.PolicyInboundConfig.s29");
                }
            }
            if (!tokenConsumerConfImpl._usedForDecryption && !tokenConsumerConfImpl._usedForVerification) {
                if (hashMap4.get(qName) != null) {
                    throw SoapSecurityException.format("security.wssecurity.PolicyInboundConfig.s31", qName.toString());
                }
                hashMap4.put(qName, tokenConsumerConfImpl);
            }
        }
        Iterator<String> it2 = this.nameToken.keySet().iterator();
        while (it2.hasNext()) {
            TokenConsumerConfig tokenConsumerConfig = this.nameToken.get(it2.next());
            QName type = tokenConsumerConfig.getType();
            String qName2 = type.toString();
            if (com.ibm.ws.wssecurity.common.Constants.LTPA_TOKEN.equals(type) && z5) {
                if (z4 && !_avoid70BindingsNSCheck) {
                    throw SoapSecurityException.format("security.wssecurity.PolicyInboundConfig.s42", "com.ibm.xmlns.prod.websphere._200608.ws_securitybinding", com.ibm.ws.wssecurity.common.Constants.LTPAv2_TOKEN.getLocalPart());
                }
                ((PrivateConsumerConfig.TokenConsumerConfImpl) tokenConsumerConfig)._type = com.ibm.ws.wssecurity.common.Constants.LTPAv2_TOKEN;
                type = com.ibm.ws.wssecurity.common.Constants.LTPAv2_TOKEN;
                qName2 = type.toString();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Replaced ltpa token Type with [" + com.ibm.ws.wssecurity.common.Constants.LTPAv2_TOKEN + "].");
                }
            } else if (com.ibm.ws.wssecurity.common.Constants.UNTOKEN.equals(type) || com.ibm.ws.wssecurity.common.Constants.UNTOKEN_11.equals(type)) {
                if (hashMap4.containsKey(qName2) && hashMap4.containsKey(qName2 + com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_USE_IDASSERTION)) {
                    if (hashSet2.contains(qName2) && !hashSet2.contains(qName2 + com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_USE_IDASSERTION)) {
                        qName2 = qName2 + com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_USE_IDASSERTION;
                    } else if (hashSet2.contains(qName2) && hashSet2.contains(qName2 + com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_USE_IDASSERTION)) {
                        throw SoapSecurityException.format("security.wssecurity.PolicyInOutboundConfig.s24", type.toString());
                    }
                } else if (hashMap4.containsKey(type + com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_USE_IDASSERTION)) {
                    qName2 = qName2 + com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_USE_IDASSERTION;
                }
            }
            if (hashSet2.contains(qName2)) {
                throw SoapSecurityException.format("security.wssecurity.PolicyInOutboundConfig.s25", type.toString());
            }
            hashSet2.add(qName2);
            hashSet.add(type);
            hashMap2 = updateTokenTypeList(hashMap2, type);
        }
        if (this._symmetricBinding) {
            if (this._symmetricProtectionTokenAssertion != null) {
                hashSet.add(this._symmetricProtectionTokenAssertion._tokenType);
                hashMap3 = updateTokenTypeList(hashMap3, this._symmetricProtectionTokenAssertion._tokenType);
            } else if (this._symmetricSignatureTokenAssertion != null) {
                hashSet.add(this._symmetricSignatureTokenAssertion._tokenType);
                hashMap3 = updateTokenTypeList(hashMap3, this._symmetricSignatureTokenAssertion._tokenType);
            }
        } else if (z) {
            if (!this._initiatorTokens.isEmpty()) {
                for (QName qName3 : this._initiatorTokenQNames) {
                    hashSet.add(qName3);
                    hashMap3 = updateTokenTypeList(hashMap3, qName3);
                }
            } else if (!this._initiatorSignatureTokens.isEmpty()) {
                for (QName qName4 : this._initiatorSignatureTokenQNames) {
                    hashSet.add(qName4);
                    hashMap3 = updateTokenTypeList(hashMap3, qName4);
                }
            }
        } else if (!this._recipientTokens.isEmpty()) {
            for (QName qName5 : this._recipientTokenQNames) {
                hashSet.add(qName5);
                hashMap3 = updateTokenTypeList(hashMap3, qName5);
            }
        } else if (!this._recipientSignatureTokens.isEmpty()) {
            for (QName qName6 : this._recipientSignatureTokenQNames) {
                hashSet.add(qName6);
                hashMap3 = updateTokenTypeList(hashMap3, qName6);
            }
        }
        Integer num = hashMap2.get(com.ibm.ws.wssecurity.common.Constants.UNTOKEN);
        if (num != null && num.intValue() == 1 && hashMap4.containsKey(com.ibm.ws.wssecurity.common.Constants.UNTOKEN.toString()) && hashMap4.containsKey(com.ibm.ws.wssecurity.common.Constants.UNTOKEN.toString() + com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_USE_IDASSERTION)) {
            throw SoapSecurityException.format("security.wssecurity.PolicyInboundConfig.s35", com.ibm.ws.wssecurity.common.Constants.UNTOKEN.toString());
        }
        Integer num2 = hashMap2.get(com.ibm.ws.wssecurity.common.Constants.UNTOKEN_11);
        if (num2 != null && num2.intValue() == 1 && hashMap4.containsKey(com.ibm.ws.wssecurity.common.Constants.UNTOKEN_11.toString()) && hashMap4.containsKey(com.ibm.ws.wssecurity.common.Constants.UNTOKEN_11.toString() + com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_USE_IDASSERTION)) {
            throw SoapSecurityException.format("security.wssecurity.PolicyInboundConfig.s35", com.ibm.ws.wssecurity.common.Constants.UNTOKEN_11.toString());
        }
        for (String str2 : hashSet2) {
            TokenConsumerConfig tokenConsumerConfig2 = (TokenConsumerConfig) hashMap4.get(str2);
            if (tokenConsumerConfig2 == null) {
                if (str2.startsWith(com.ibm.ws.wssecurity.common.Constants.UNTOKEN.toString())) {
                    throw SoapSecurityException.format("security.wssecurity.PolicyInboundConfig.s36", com.ibm.ws.wssecurity.common.Constants.UNTOKEN.toString());
                }
                if (!str2.startsWith(com.ibm.ws.wssecurity.common.Constants.UNTOKEN_11.toString())) {
                    throw SoapSecurityException.format("security.wssecurity.PolicyInboundConfig.s36", str2);
                }
                throw SoapSecurityException.format("security.wssecurity.PolicyInboundConfig.s36", com.ibm.ws.wssecurity.common.Constants.UNTOKEN_11.toString());
            }
            this._tokenConsumers.add(tokenConsumerConfig2);
        }
        if (!z) {
            boolean z6 = false;
            if (wSSConsumerConfig.isExplicitlyProtectSignatureConfirmation()) {
                if (z4 && !_avoid70BindingsNSCheck) {
                    throw SoapSecurityException.format("security.wssecurity.PolicyInboundConfig.s42", "com.ibm.xmlns.prod.websphere._200608.ws_securitybinding", "ExplicitlyProtectSignatureConfirmation");
                }
                z6 = true;
            }
            if (this._signatureConfirmationRequired && !z4 && !z6) {
                if (!z2) {
                    if (this._requiredIntegralParts.size() > 0) {
                        Iterator<ReferencePartConfig> it3 = this._requiredIntegralParts.iterator();
                        if (it3.hasNext()) {
                            PrivateCommonConfig.ReferencePartConfImpl referencePartConfImpl = (PrivateCommonConfig.ReferencePartConfImpl) it3.next();
                            PrivateCommonConfig.PartConfImpl partConfImpl = new PrivateCommonConfig.PartConfImpl();
                            partConfImpl._dialect = com.ibm.ws.wssecurity.common.Constants.DIALECT_WAS;
                            partConfImpl._keyword = IntegralDialectElementSelector.WASDIALECTS[14];
                            referencePartConfImpl._parts.add(partConfImpl);
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Adding SignatureConfirmation to required integrity for default binding");
                            }
                        }
                    } else {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Cannot sign SignatureConfirmation element since nothing else on the message is signed");
                        }
                        Tr.warning(tc, ConfigUtil.getMessage("security.wssecurity.PolicyInOutboundConfig.s23"));
                    }
                }
                if (!z3) {
                    if (this._requiredConfidentialParts.size() > 0) {
                        Iterator<ReferencePartConfig> it4 = this._requiredConfidentialParts.iterator();
                        if (it4.hasNext()) {
                            PrivateCommonConfig.ReferencePartConfImpl referencePartConfImpl2 = (PrivateCommonConfig.ReferencePartConfImpl) it4.next();
                            PrivateCommonConfig.PartConfImpl partConfImpl2 = new PrivateCommonConfig.PartConfImpl();
                            partConfImpl2._dialect = com.ibm.ws.wssecurity.common.Constants.DIALECT_WAS;
                            partConfImpl2._keyword = ConfidentialDialectElementSelector.WASDIALECTS[6];
                            referencePartConfImpl2._parts.add(partConfImpl2);
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Adding SignatureConfirmation to required confidentiality for default binding");
                            }
                        }
                    } else {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Cannot encrypt SignatureConfirmation element since nothing else on the message is encrypted");
                        }
                        Tr.warning(tc, ConfigUtil.getMessage("security.wssecurity.PolicyInOutboundConfig.s22"));
                    }
                }
            }
        }
        Iterator<EncryptionConsumerConfig> it5 = wSSConsumerConfig.getEncryptionConsumers().iterator();
        if (tc.isDebugEnabled() && it5.hasNext()) {
            Tr.debug(tc, "Setting up encryption consumption information from default bindings.");
        }
        HashSet hashSet3 = new HashSet();
        hashSet3.addAll(this._requiredConfidentialParts);
        while (it5.hasNext()) {
            PrivateConsumerConfig.EncryptionConsumerConfImpl encryptionConsumerConfImpl = (PrivateConsumerConfig.EncryptionConsumerConfImpl) it5.next();
            if (encryptionConsumerTokenMatch(encryptionConsumerConfImpl, z)) {
                Iterator it6 = hashSet3.iterator();
                while (it6.hasNext()) {
                    PrivateCommonConfig.ReferencePartConfImpl referencePartConfImpl3 = (PrivateCommonConfig.ReferencePartConfImpl) it6.next();
                    it6.remove();
                    PrivateConsumerConfig.EncryptionConsumerConfImpl encryptionConsumerConfImpl2 = new PrivateConsumerConfig.EncryptionConsumerConfImpl();
                    encryptionConsumerConfImpl2._reference = referencePartConfImpl3;
                    encryptionConsumerConfImpl2._reference.getBindings().add(encryptionConsumerConfImpl2);
                    PrivateCommonConfig.AlgorithmConfImpl algorithmConfImpl = new PrivateCommonConfig.AlgorithmConfImpl();
                    algorithmConfImpl._algorithm = this.encryptionAlgorithm;
                    encryptionConsumerConfImpl2._dataEncryptionMethod = algorithmConfImpl;
                    if (encryptionConsumerConfImpl._isKeyDecryption) {
                        PrivateCommonConfig.AlgorithmConfImpl algorithmConfImpl2 = new PrivateCommonConfig.AlgorithmConfImpl();
                        algorithmConfImpl2._algorithm = this.keyEncryptionAlgorithm;
                        encryptionConsumerConfImpl2._keyEncryptionMethod = algorithmConfImpl2;
                    }
                    encryptionConsumerConfImpl2._encryptionKeyInfo = encryptionConsumerConfImpl._encryptionKeyInfo;
                    encryptionConsumerConfImpl2._properties.putAll(encryptionConsumerConfImpl.getProperties());
                    boolean z7 = false;
                    List<KeyInfoContentConsumerConfig> contentConsumers = encryptionConsumerConfImpl2.getEncryptionKeyInfo().getContentConsumers();
                    if (contentConsumers != null) {
                        Iterator<KeyInfoContentConsumerConfig> it7 = contentConsumers.iterator();
                        while (it7.hasNext()) {
                            TokenConsumerConfig tokenConsumer = it7.next().getTokenConsumer();
                            if (tokenConsumer != null) {
                                z7 = true;
                                Integer valueOf = Integer.valueOf(tokenConsumer.hashCode());
                                if (hashMap.get(valueOf) == null) {
                                    this._tokenConsumers.add(tokenConsumer);
                                    hashMap.put(valueOf, tokenConsumer);
                                }
                            }
                        }
                    }
                    this._encryptionConsumers.add(encryptionConsumerConfImpl2);
                    if (!z7) {
                        throw SoapSecurityException.format("security.wssecurity.PolicyInboundConfig.s40");
                    }
                }
            }
        }
        if (!hashSet3.isEmpty()) {
            throw SoapSecurityException.format("security.wssecurity.PolicyInboundConfig.s41");
        }
        Iterator<SignatureConsumerConfig> it8 = wSSConsumerConfig.getSignatureConsumers().iterator();
        HashSet hashSet4 = new HashSet();
        hashSet4.addAll(this._requiredIntegralParts);
        if (tc.isDebugEnabled() && it8.hasNext()) {
            Tr.debug(tc, "Settting up signature consumption information from default bindings.");
        }
        while (it8.hasNext()) {
            PrivateConsumerConfig.SignatureConsumerConfImpl signatureConsumerConfImpl = (PrivateConsumerConfig.SignatureConsumerConfImpl) it8.next();
            if (signatureConsumerTokenMatch(signatureConsumerConfImpl, z)) {
                PrivateConsumerConfig.SignatureConsumerConfImpl signatureConsumerConfImpl2 = new PrivateConsumerConfig.SignatureConsumerConfImpl();
                signatureConsumerConfImpl2._properties.putAll(signatureConsumerConfImpl._properties);
                String checkForSignatureAlgorithmInProperties = checkForSignatureAlgorithmInProperties(signatureConsumerConfImpl2._properties);
                Iterator<SigningReferenceConfig> it9 = signatureConsumerConfImpl._references.iterator();
                while (it9.hasNext()) {
                    PrivateCommonConfig.SigningReferenceConfImpl signingReferenceConfImpl = (PrivateCommonConfig.SigningReferenceConfImpl) it9.next();
                    if (!hashSet4.isEmpty()) {
                        boolean z8 = false;
                        Iterator it10 = hashSet4.iterator();
                        while (it10.hasNext()) {
                            PrivateCommonConfig.ReferencePartConfImpl referencePartConfImpl4 = (PrivateCommonConfig.ReferencePartConfImpl) it10.next();
                            it10.remove();
                            PrivateCommonConfig.SigningReferenceConfImpl signingReferenceConfImpl2 = new PrivateCommonConfig.SigningReferenceConfImpl();
                            signingReferenceConfImpl2._reference = referencePartConfImpl4;
                            signingReferenceConfImpl2._reference.getBindings().add(signatureConsumerConfImpl2);
                            PrivateCommonConfig.AlgorithmConfImpl algorithmConfImpl3 = new PrivateCommonConfig.AlgorithmConfImpl();
                            algorithmConfImpl3._algorithm = this.digestAlgorithm;
                            signingReferenceConfImpl2._digestMethod = algorithmConfImpl3;
                            signingReferenceConfImpl2._transforms.addAll(signingReferenceConfImpl._transforms);
                            signatureConsumerConfImpl2._references.add(signingReferenceConfImpl2);
                        }
                        PrivateCommonConfig.AlgorithmConfImpl algorithmConfImpl4 = new PrivateCommonConfig.AlgorithmConfImpl();
                        algorithmConfImpl4._algorithm = this.canonicalizationAlgorithm;
                        signatureConsumerConfImpl2._canonicalizationMethod = algorithmConfImpl4;
                        PrivateCommonConfig.AlgorithmConfImpl algorithmConfImpl5 = new PrivateCommonConfig.AlgorithmConfImpl();
                        if (this._symmetricBinding) {
                            if (checkForSignatureAlgorithmInProperties != null) {
                                algorithmConfImpl5._algorithm = PolicyConfigUtil.getSha2SignatureAlgorithm(checkForSignatureAlgorithmInProperties);
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "signatureMethod is set in default properties = " + algorithmConfImpl5._algorithm);
                                }
                            } else {
                                algorithmConfImpl5._algorithm = this.symmetricSignatureAlgorithm;
                            }
                        } else if (checkForSignatureAlgorithmInProperties != null) {
                            algorithmConfImpl5._algorithm = PolicyConfigUtil.getSha2SignatureAlgorithm(checkForSignatureAlgorithmInProperties);
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "signatureMethod is set in default properties = " + algorithmConfImpl5._algorithm);
                            }
                        } else {
                            algorithmConfImpl5._algorithm = this.asymmetricSignatureAlgorithm;
                        }
                        signatureConsumerConfImpl2._signatureMethod = algorithmConfImpl5;
                        signatureConsumerConfImpl2._signingKeyInfo = signatureConsumerConfImpl._signingKeyInfo;
                        signatureConsumerConfImpl2._properties.putAll(signatureConsumerConfImpl._properties);
                        List<KeyInfoContentConsumerConfig> contentConsumers2 = signatureConsumerConfImpl2.getSigningKeyInfo().getContentConsumers();
                        if (contentConsumers2 != null) {
                            Iterator<KeyInfoContentConsumerConfig> it11 = contentConsumers2.iterator();
                            while (it11.hasNext()) {
                                TokenConsumerConfig tokenConsumer2 = it11.next().getTokenConsumer();
                                if (tokenConsumer2 != null) {
                                    Integer valueOf2 = Integer.valueOf(tokenConsumer2.hashCode());
                                    if (hashMap.get(valueOf2) == null) {
                                        this._tokenConsumers.add(tokenConsumer2);
                                        hashMap.put(valueOf2, tokenConsumer2);
                                    }
                                    z8 = true;
                                }
                            }
                        }
                        this._signatureConsumers.add(signatureConsumerConfImpl2);
                        if (!z8) {
                            throw SoapSecurityException.format("security.wssecurity.PolicyInboundConfig.s38");
                        }
                    }
                }
            }
        }
        if (!hashSet4.isEmpty()) {
            throw SoapSecurityException.format("security.wssecurity.PolicyInboundConfig.s39");
        }
        this._onlySignEntireHeadersAndBody = this._onlySignEntireHeadersAndBody || wSSConsumerConfig.isOnlySignEntireHeadersAndBody();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "processed default config onlySignEntireHeadersAndBody, currently " + this._onlySignEntireHeadersAndBody);
        }
        Iterator<CallerConfig> it12 = wSSConsumerConfig.getCallers().iterator();
        HashSet hashSet5 = new HashSet();
        while (it12.hasNext()) {
            PrivateConsumerConfig.CallerConfImpl callerConfImpl = (PrivateConsumerConfig.CallerConfImpl) it12.next();
            boolean z9 = false;
            boolean z10 = true;
            boolean z11 = true;
            boolean z12 = true;
            if (tc.isDebugEnabled()) {
                callerConfImpl.dumpCaller();
            }
            if (callerConfImpl._trustedIdentity != null) {
                if ((!callerConfImpl._trustedIdentity.equals(com.ibm.ws.wssecurity.common.Constants.UNTOKEN) && !callerConfImpl._trustedIdentity.equals(com.ibm.ws.wssecurity.common.Constants.UNTOKEN_11)) || (!callerConfImpl._callerIdentity.equals(com.ibm.ws.wssecurity.common.Constants.UNTOKEN) && !callerConfImpl._callbackHandler.equals(com.ibm.ws.wssecurity.common.Constants.UNTOKEN_11))) {
                    Integer num3 = hashMap2.get(callerConfImpl._trustedIdentity);
                    Integer num4 = hashMap2.get(callerConfImpl._callerIdentity);
                    if (num3 == null) {
                        num3 = hashMap3.get(callerConfImpl._trustedIdentity);
                        if (num3 == null) {
                            num3 = new Integer(0);
                            z10 = false;
                        } else {
                            z11 = false;
                            if (num3.intValue() != 1) {
                                throw SoapSecurityException.format("security.wssecurity.PolicyInboundConfig.s43", num3.toString(), callerConfImpl._trustedIdentity.toString());
                            }
                        }
                    }
                    if (num4 == null) {
                        num4 = hashMap3.get(callerConfImpl._callerIdentity);
                        if (num4 == null) {
                            num4 = new Integer(0);
                            z10 = false;
                        } else {
                            z12 = false;
                            if (num4.intValue() != 1) {
                                throw SoapSecurityException.format("security.wssecurity.PolicyInboundConfig.s43", num4.toString(), callerConfImpl._callerIdentity.toString());
                            }
                        }
                    }
                    if (z10 && num3.intValue() != 1) {
                        throw SoapSecurityException.format("security.wssecurity.PolicyInboundConfig.s28", num3.toString(), callerConfImpl._trustedIdentity.toString());
                    }
                    if (z10 && num4.intValue() != 1) {
                        throw SoapSecurityException.format("security.wssecurity.PolicyInboundConfig.s28", num4.toString(), callerConfImpl._callerIdentity.toString());
                    }
                } else if (callerConfImpl._trustedIdentity.equals(callerConfImpl._callerIdentity)) {
                    Integer num5 = hashMap2.get(callerConfImpl._trustedIdentity);
                    if (num5 == null) {
                        num5 = new Integer(0);
                    }
                    if (num5.intValue() < 2) {
                        z10 = false;
                    } else if (num5.intValue() > 2) {
                        throw SoapSecurityException.format("security.wssecurity.PolicyInboundConfig.s27", num5.toString());
                    }
                } else {
                    Integer num6 = hashMap2.get(callerConfImpl._trustedIdentity);
                    Integer num7 = hashMap2.get(callerConfImpl._callerIdentity);
                    if (num6 == null) {
                        num6 = new Integer(0);
                        z10 = false;
                    }
                    if (num7 == null) {
                        num7 = new Integer(0);
                        z10 = false;
                    }
                    if (z10 && (num6.intValue() != 1 || num7.intValue() != 1)) {
                        throw SoapSecurityException.format("security.wssecurity.PolicyInboundConfig.s27", Integer.valueOf(num6.intValue() + num7.intValue()).toString());
                    }
                }
                if (z10) {
                    Iterator it13 = hashSet.iterator();
                    boolean z13 = false;
                    boolean z14 = false;
                    while (it13.hasNext() && !z9) {
                        QName qName7 = (QName) it13.next();
                        if (qName7.equals(callerConfImpl._callerIdentity)) {
                            Iterator<TokenConsumerConfig> it14 = this._tokenConsumers.iterator();
                            while (it14.hasNext() && !z13) {
                                PrivateConsumerConfig.TokenConsumerConfImpl tokenConsumerConfImpl2 = (PrivateConsumerConfig.TokenConsumerConfImpl) it14.next();
                                if (tokenConsumerConfImpl2._type.equals(qName7) && ((z12 && !tokenConsumerConfImpl2.isUsedForDecryption() && !tokenConsumerConfImpl2.isUsedForVerification()) || (!z12 && tokenConsumerConfImpl2.isUsedForVerification()))) {
                                    String str3 = (String) tokenConsumerConfImpl2.getCallbackHandler().getProperties().get(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_USE_IDASSERTION);
                                    if (str3 != null && str3.equals("true")) {
                                        if (tc.isDebugEnabled()) {
                                            Tr.debug(tc, "Found CallerIdentity match of type " + qName7.toString());
                                        }
                                        z13 = true;
                                    }
                                }
                            }
                        }
                        if (qName7.equals(callerConfImpl._trustedIdentity)) {
                            Iterator<TokenConsumerConfig> it15 = this._tokenConsumers.iterator();
                            while (it15.hasNext() && !z14) {
                                PrivateConsumerConfig.TokenConsumerConfImpl tokenConsumerConfImpl3 = (PrivateConsumerConfig.TokenConsumerConfImpl) it15.next();
                                if (tokenConsumerConfImpl3._type.equals(qName7) && ((z11 && !tokenConsumerConfImpl3.isUsedForDecryption() && !tokenConsumerConfImpl3.isUsedForVerification()) || (!z11 && tokenConsumerConfImpl3.isUsedForVerification()))) {
                                    String str4 = (String) tokenConsumerConfImpl3.getCallbackHandler().getProperties().get(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_USE_IDASSERTION);
                                    if (str4 == null) {
                                        if (tc.isDebugEnabled()) {
                                            Tr.debug(tc, "Found TrustedIdentity match of type " + qName7.toString());
                                        }
                                        z14 = true;
                                    } else if (!str4.equals("true")) {
                                        if (tc.isDebugEnabled()) {
                                            Tr.debug(tc, "Found TrustedIdentity match of type " + qName7.toString());
                                        }
                                        z14 = true;
                                    }
                                }
                            }
                        } else if (callerConfImpl._anyTrustedIdentity && !z14) {
                            z14 = true;
                        }
                        if (z13 && z14) {
                            z9 = true;
                        }
                    }
                }
            } else {
                Integer num8 = hashMap2.get(callerConfImpl._callerIdentity);
                if (num8 == null) {
                    num8 = hashMap3.get(callerConfImpl._callerIdentity);
                    if (num8 == null) {
                        num8 = new Integer(0);
                        z10 = false;
                    } else {
                        z12 = false;
                        if (num8.intValue() != 1) {
                            throw SoapSecurityException.format("security.wssecurity.PolicyInboundConfig.s43", num8.toString(), callerConfImpl._callerIdentity.toString());
                        }
                    }
                }
                if (z10) {
                    if (num8.intValue() != 1) {
                        throw SoapSecurityException.format("security.wssecurity.PolicyInboundConfig.s28", num8.toString(), callerConfImpl._callerIdentity.toString());
                    }
                    for (QName qName8 : hashSet) {
                        if (qName8.equals(callerConfImpl._callerIdentity)) {
                            Iterator<TokenConsumerConfig> it16 = this._tokenConsumers.iterator();
                            while (true) {
                                if (it16.hasNext()) {
                                    PrivateConsumerConfig.TokenConsumerConfImpl tokenConsumerConfImpl4 = (PrivateConsumerConfig.TokenConsumerConfImpl) it16.next();
                                    if (tokenConsumerConfImpl4._type.equals(qName8) && ((z12 && !tokenConsumerConfImpl4.isUsedForDecryption() && !tokenConsumerConfImpl4.isUsedForVerification()) || (!z12 && tokenConsumerConfImpl4.isUsedForVerification()))) {
                                        String str5 = (String) tokenConsumerConfImpl4.getCallbackHandler().getProperties().get(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_USE_IDASSERTION);
                                        if (str5 == null) {
                                            if (tc.isDebugEnabled()) {
                                                Tr.debug(tc, "Found CallerIdentity match of type " + qName8.toString());
                                            }
                                            z9 = true;
                                        } else if (!str5.equals("true")) {
                                            z9 = true;
                                            if (tc.isDebugEnabled()) {
                                                Tr.debug(tc, "Found CallerIdentity match of type " + qName8.toString());
                                            }
                                        } else if (callerConfImpl._anyTrustedIdentity && str5.equals("true")) {
                                            z9 = true;
                                            callerConfImpl._identityAssertion = true;
                                            if (tc.isDebugEnabled()) {
                                                Tr.debug(tc, "Found CallerIdentity match of type " + qName8.toString());
                                            }
                                        }
                                    }
                                }
                            }
                        }
                    }
                }
            }
            if (z9) {
                this._callers.add(callerConfImpl);
                this._loginRequired = true;
                this._isOrderEnforced = wSSConsumerConfig.isCallerOrderEnforced();
                if (callerConfImpl._callerIdentity != null && (callerConfImpl._callerIdentity.equals(com.ibm.ws.wssecurity.common.Constants.UNTOKEN) || callerConfImpl._callerIdentity.equals(com.ibm.ws.wssecurity.common.Constants.UNTOKEN_11))) {
                    hashSet5.add(callerConfImpl._callerIdentity.toString() + com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_USE_IDASSERTION);
                }
                if (callerConfImpl._trustedIdentity != null && (callerConfImpl._trustedIdentity.equals(com.ibm.ws.wssecurity.common.Constants.UNTOKEN) || callerConfImpl._trustedIdentity.equals(com.ibm.ws.wssecurity.common.Constants.UNTOKEN_11))) {
                    hashSet5.add(callerConfImpl._trustedIdentity.toString());
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Added caller " + callerConfImpl.toString() + " to configuration.");
                }
            }
        }
        Integer num9 = hashMap2.get(com.ibm.ws.wssecurity.common.Constants.UNTOKEN);
        if (num9 != null && num9.intValue() == 2) {
            boolean contains = hashSet5.contains(com.ibm.ws.wssecurity.common.Constants.UNTOKEN.toString());
            boolean contains2 = hashSet5.contains(com.ibm.ws.wssecurity.common.Constants.UNTOKEN.toString() + com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_USE_IDASSERTION);
            if (!contains && !contains2) {
                throw SoapSecurityException.format("security.wssecurity.PolicyInboundConfig.s37", com.ibm.ws.wssecurity.common.Constants.UNTOKEN.toString());
            }
        }
        Integer num10 = hashMap2.get(com.ibm.ws.wssecurity.common.Constants.UNTOKEN_11);
        if (num10 != null && num10.intValue() == 2) {
            boolean contains3 = hashSet5.contains(com.ibm.ws.wssecurity.common.Constants.UNTOKEN_11.toString());
            boolean contains4 = hashSet5.contains(com.ibm.ws.wssecurity.common.Constants.UNTOKEN_11.toString() + com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_USE_IDASSERTION);
            if (!contains3 && !contains4) {
                throw SoapSecurityException.format("security.wssecurity.PolicyInboundConfig.s37", com.ibm.ws.wssecurity.common.Constants.UNTOKEN_11.toString());
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "initDefaultConfig(WSSConsumerConfig, Map)");
        }
    }

    private HashMap<QName, Integer> updateTokenTypeList(HashMap<QName, Integer> hashMap, QName qName) {
        Integer num = hashMap.get(qName);
        if (num == null) {
            hashMap.put(qName, new Integer(1));
        } else {
            hashMap.put(qName, Integer.valueOf(num.intValue() + 1));
        }
        return hashMap;
    }

    final String getOrigin() {
        return this.origin;
    }

    private boolean encryptionConsumerTokenMatch(PrivateConsumerConfig.EncryptionConsumerConfImpl encryptionConsumerConfImpl, boolean z) throws SoapSecurityException {
        QName qName = null;
        boolean z2 = false;
        if (encryptionConsumerConfImpl.getEncryptionKeyInfo() == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "No EncryptionKeyInfo found in encryptionConsumerConfig = " + encryptionConsumerConfImpl);
            }
            throw new SoapSecurityException(ConfigUtil.getMessage("security.wssecurity.KeyInfoGenerator.getKey01"));
        }
        List<KeyInfoContentConsumerConfig> contentConsumers = encryptionConsumerConfImpl.getEncryptionKeyInfo().getContentConsumers();
        if (contentConsumers == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "No contentConsumers found in EncryptionKeyInfo = " + encryptionConsumerConfImpl.getEncryptionKeyInfo());
            }
            throw new SoapSecurityException(ConfigUtil.getMessage("security.wssecurity.KeyInfoGenerator.getKey01"));
        }
        Iterator<KeyInfoContentConsumerConfig> it = contentConsumers.iterator();
        if (it.hasNext()) {
            qName = ((PrivateConsumerConfig.KeyInfoContentConsumerConfImpl) it.next()).getTokenConsumer().getType();
        }
        if (qName != null) {
            if (this._symmetricBinding) {
                if (this._symmetricProtectionTokenAssertion != null) {
                    z2 = this._symmetricProtectionTokenAssertion.getTokenType().equals(qName);
                } else if (this._symmetricEncryptionTokenAssertion != null) {
                    z2 = this._symmetricEncryptionTokenAssertion.getTokenType().equals(qName);
                }
            } else if (z) {
                if (!this._recipientTokens.isEmpty()) {
                    z2 = this._recipientTokenQNames.indexOf(qName) >= 0;
                } else if (!this._recipientEncryptionTokens.isEmpty()) {
                    z2 = this._recipientEncryptionTokenQNames.indexOf(qName) >= 0;
                }
            } else if (!this._initiatorTokens.isEmpty()) {
                z2 = this._initiatorTokenQNames.indexOf(qName) >= 0;
            } else if (!this._initiatorEncryptionTokens.isEmpty()) {
                z2 = this._initiatorEncryptionTokenQNames.indexOf(qName) >= 0;
            }
        }
        return z2;
    }

    private boolean signatureConsumerTokenMatch(PrivateConsumerConfig.SignatureConsumerConfImpl signatureConsumerConfImpl, boolean z) throws SoapSecurityException {
        QName qName = null;
        boolean z2 = false;
        if (signatureConsumerConfImpl.getSigningKeyInfo() == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "No SigningKeyInfo found in signatureConsumerConfig = " + signatureConsumerConfImpl);
            }
            throw new SoapSecurityException(ConfigUtil.getMessage("security.wssecurity.KeyInfoGenerator.getKey01"));
        }
        List<KeyInfoContentConsumerConfig> contentConsumers = signatureConsumerConfImpl.getSigningKeyInfo().getContentConsumers();
        if (contentConsumers == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "No contentConsumers found in SigningKeyInfo = " + signatureConsumerConfImpl.getSigningKeyInfo());
            }
            throw new SoapSecurityException(ConfigUtil.getMessage("security.wssecurity.KeyInfoGenerator.getKey01"));
        }
        Iterator<KeyInfoContentConsumerConfig> it = contentConsumers.iterator();
        if (it.hasNext()) {
            qName = ((PrivateConsumerConfig.KeyInfoContentConsumerConfImpl) it.next()).getTokenConsumer().getType();
        }
        if (qName != null) {
            if (this._symmetricBinding) {
                if (this._symmetricProtectionTokenAssertion != null) {
                    z2 = this._symmetricProtectionTokenAssertion.getTokenType().equals(qName);
                } else if (this._symmetricSignatureTokenAssertion != null) {
                    z2 = this._symmetricSignatureTokenAssertion.getTokenType().equals(qName);
                }
            } else if (z) {
                if (!this._initiatorTokens.isEmpty()) {
                    z2 = this._initiatorTokenQNames.indexOf(qName) >= 0;
                } else if (!this._initiatorSignatureTokens.isEmpty()) {
                    z2 = this._initiatorSignatureTokenQNames.indexOf(qName) >= 0;
                }
            } else if (!this._recipientTokens.isEmpty()) {
                z2 = this._recipientTokenQNames.indexOf(qName) >= 0;
            } else if (!this._recipientSignatureTokens.isEmpty()) {
                z2 = this._recipientSignatureTokenQNames.indexOf(qName) >= 0;
            }
        }
        return z2;
    }

    private PrivateCommonConfig.TokenAssertion tokenAssertion(String str, List<?> list) throws SoapSecurityException {
        PrivateCommonConfig.TokenAssertion tokenAssertion = null;
        if (str != null) {
            if (str.equals(PolicyAttributesConstants.X509TOKEN)) {
                tokenAssertion = new PrivateCommonConfig.TokenAssertion();
                if (list != null && list.size() != 0) {
                    for (int i = 0; i < list.size(); i++) {
                        Object obj = list.get(i);
                        if (obj instanceof String) {
                            String str2 = (String) obj;
                            if ("RequireDerivedKeys".equals(str2)) {
                                tokenAssertion._requireDerivedKeys = true;
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "the policy assertion for X509TOKEN has added RequireDerivedKeys");
                                }
                            } else if ("RequireImplicitDerivedKeys".equals(str2)) {
                                tokenAssertion._requireImplicitDerivedKeys = true;
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "the policy assertion for X509TOKEN has added RequireImplicitDerivedKeys");
                                }
                            } else if ("RequireExplicitDerivedKeys".equals(str2)) {
                                tokenAssertion._requireExplicitDerivedKeys = true;
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "the policy assertion for X509TOKEN has added RequireExplicitDerivedKeys");
                                }
                            } else if ("WssX509V3Token10".equals(str2)) {
                                tokenAssertion._tokenType = com.ibm.ws.wssecurity.common.Constants.X509V3_OLD;
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "the policy assertion for X509TOKEN has added WssX509V3Token10");
                                }
                            } else if ("WssX509Pkcs7Token10".equals(str2)) {
                                tokenAssertion._tokenType = com.ibm.ws.wssecurity.common.Constants.PKCS7;
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "the policy assertion for X509TOKEN has added WssX509Pkcs7Token10");
                                }
                            } else if ("WssX509PkiPathV1Token10".equals(str2)) {
                                tokenAssertion._tokenType = com.ibm.ws.wssecurity.common.Constants.PKI_PATH;
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "the policy assertion for X509TOKEN has added WSS_X509_PKI_PATH_V1_TOKEN10");
                                }
                            } else if ("WssX509V1Token11".equals(str2)) {
                                tokenAssertion._tokenType = com.ibm.ws.wssecurity.common.Constants.X509V3_11_V1;
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "the policy assertion for X509TOKEN has added WssX509V1Token11");
                                }
                            } else if ("WssX509V3Token11".equals(str2)) {
                                tokenAssertion._tokenType = com.ibm.ws.wssecurity.common.Constants.X509V3_11_V3;
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "the policy assertion for X509TOKEN has added WssX509V3Token11");
                                }
                            } else if ("WssX509Pkcs7Token11".equals(str2)) {
                                tokenAssertion._tokenType = com.ibm.ws.wssecurity.common.Constants.PKCS711;
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "the policy assertion for X509TOKEN has added WssX509Pkcs7Token11");
                                }
                            } else if ("WssX509PkiPathV1Token11".equals(str2)) {
                                tokenAssertion._tokenType = com.ibm.ws.wssecurity.common.Constants.PKI_PATH11;
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "the policy assertion for X509TOKEN has added WssX509PkiPathV1Token11");
                                }
                            } else if (PolicyConfigUtil.REQUIRE_KEY_IDENTIFIER_REFERENCE.equals(str2)) {
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "the policy assertion for X509TOKEN has added RequireKeyIdentifierReference");
                                }
                            } else if (PolicyConfigUtil.REQUIRE_ISSUER_SERIAL_REFERENCE.equals(str2)) {
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "the policy assertion for X509TOKEN has added RequireIssuerSerialReference");
                                }
                            } else if (PolicyConfigUtil.REQUIRE_EMBEDDED_TOKEN_REFERENCE.equals(str2)) {
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "the policy assertion for X509TOKEN has added RequireEmbeddedTokenReference");
                                }
                            } else if (PolicyConfigUtil.REQUIRE_THUMBPRINT_REFERENCE.equals(str2) && tc.isDebugEnabled()) {
                                Tr.debug(tc, "the policy assertion for X509TOKEN has added RequireThumbprintReference");
                            }
                        }
                    }
                }
            } else if (str.equals("UsernameToken")) {
                tokenAssertion = new PrivateCommonConfig.TokenAssertion();
                if (list != null && list.size() != 0) {
                    for (int i2 = 0; i2 < list.size(); i2++) {
                        Object obj2 = list.get(i2);
                        if (obj2 instanceof String) {
                            String str3 = (String) obj2;
                            if ("RequireDerivedKeys".equals(str3)) {
                                tokenAssertion._requireDerivedKeys = true;
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "the policy assertion for USERNAMETOKEN has added RequireDerivedKeys");
                                }
                            } else if ("RequireImplicitDerivedKeys".equals(str3)) {
                                tokenAssertion._requireImplicitDerivedKeys = true;
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "the policy assertion for USERNAMETOKEN has added RequireImplicitDerivedKeys");
                                }
                            } else if ("RequireExplicitDerivedKeys".equals(str3)) {
                                tokenAssertion._requireExplicitDerivedKeys = true;
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "the policy assertion for USERNAMETOKEN has added RequireExplicitDerivedKeys");
                                }
                            } else if ("WssUsernameToken10".equals(str3)) {
                                if (tokenAssertion._tokenType != null) {
                                    throw new SoapSecurityException(ConfigUtil.getMessage("security.wssecurity.PolicyInOutboundConfig.s18", new String[]{tokenAssertion._tokenType.toString(), str3}));
                                }
                                tokenAssertion._tokenType = com.ibm.ws.wssecurity.common.Constants.UNTOKEN;
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "the policy assertion for USERNAMETOKEN has added WssUsernameToken10");
                                }
                            } else if (!"WssUsernameToken11".equals(str3)) {
                                continue;
                            } else {
                                if (tokenAssertion._tokenType != null) {
                                    throw new SoapSecurityException(ConfigUtil.getMessage("security.wssecurity.PolicyInOutboundConfig.s18", new String[]{tokenAssertion._tokenType.toString(), str3}));
                                }
                                tokenAssertion._tokenType = com.ibm.ws.wssecurity.common.Constants.UNTOKEN_11;
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "WssUsernameToken11");
                                }
                            }
                        }
                    }
                }
            } else if (str.equals("KerberosToken")) {
                tokenAssertion = new PrivateCommonConfig.TokenAssertion();
                if (list != null && list.size() != 0) {
                    for (int i3 = 0; i3 < list.size(); i3++) {
                        Object obj3 = list.get(i3);
                        if (obj3 instanceof String) {
                            String str4 = (String) obj3;
                            if ("RequireDerivedKeys".equals(str4)) {
                                tokenAssertion._requireDerivedKeys = true;
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "the policy assertion for KERBEROS_TOKEN has added RequireDerivedKeys");
                                }
                            } else if ("RequireImplicitDerivedKeys".equals(str4)) {
                                tokenAssertion._requireImplicitDerivedKeys = true;
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "the policy assertion for KERBEROS_TOKEN has added RequireImplicitDerivedKeys");
                                }
                                Tr.warning(tc, ConfigUtil.getMessage("security.wssecurity.PolicyInOutboundConfig.s05", new String[]{str4}));
                            } else if ("RequireExplicitDerivedKeys".equals(str4)) {
                                tokenAssertion._requireExplicitDerivedKeys = true;
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "the policy assertion for KERBEROS_TOKEN has added RequireExplicitDerivedKeys");
                                }
                                Tr.warning(tc, ConfigUtil.getMessage("security.wssecurity.PolicyInOutboundConfig.s05", new String[]{str4}));
                            } else if (PolicyConfigUtil.REQUIRE_KEY_IDENTIFIER_REFERENCE.equals(str4)) {
                                tokenAssertion._requireKeyIdentifierReference = true;
                                tokenAssertion._requireSTRReference = false;
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "the policy assertion for KERBEROS_TOKEN has added RequireExplicitDerivedKeys");
                                }
                            } else if ("WssKerberosV5ApReqToken11".equals(str4)) {
                                if (tokenAssertion._tokenType != null) {
                                    Tr.error(tc, ConfigUtil.getMessage("security.wssecurity.PolicyInOutboundConfig.s06"));
                                    throw new SoapSecurityException("security.wssecurity" + ConfigUtil.getMessage("security.wssecurity.PolicyInOutboundConfig.s06"));
                                }
                                tokenAssertion._tokenType = com.ibm.ws.wssecurity.common.Constants.KERBEROSV5;
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "WssKerberosV5ApReqToken11");
                                }
                            } else if (!"WssGssKerberosV5ApReqToken11".equals(str4)) {
                                continue;
                            } else {
                                if (tokenAssertion._tokenType != null) {
                                    Tr.error(tc, ConfigUtil.getMessage("security.wssecurity.PolicyInOutboundConfig.s07"));
                                    throw new SoapSecurityException(ConfigUtil.getMessage("security.wssecurity.PolicyInOutboundConfig.s07"));
                                }
                                tokenAssertion._tokenType = com.ibm.ws.wssecurity.common.Constants.KERBEROSV5_GSS;
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "WssGssKerberosV5ApReqToken11");
                                }
                            }
                        }
                    }
                }
            } else if (str.equals(PolicyAttributesConstants.SC_TOKEN)) {
                tokenAssertion = new PrivateCommonConfig.TokenAssertion();
                tokenAssertion._tokenType = com.ibm.ws.wssecurity.common.Constants.SC_200502;
                if (list != null && list.size() != 0) {
                    for (int i4 = 0; i4 < list.size(); i4++) {
                        Object obj4 = list.get(i4);
                        if (obj4 instanceof String) {
                            String str5 = (String) obj4;
                            if ("RequireDerivedKeys".equals(str5)) {
                                tokenAssertion._requireDerivedKeys = true;
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "the policy assertion for SECURECONVERSATIONTOKEN has added RequireDerivedKeys");
                                }
                            } else if ("RequireImplicitDerivedKeys".equals(str5)) {
                                tokenAssertion._requireImplicitDerivedKeys = true;
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "the policy assertion for SECURECONVERSATIONTOKEN has added RequireDerivedKeys");
                                }
                            } else if ("RequireExplicitDerivedKeys".equals(str5)) {
                                tokenAssertion._requireExplicitDerivedKeys = true;
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "the policy assertion for SECURECONVERSATIONTOKEN has added RequireDerivedKeys");
                                }
                            } else if ("RequireExternalUriReference".equals(str5)) {
                                tokenAssertion._requireExternalUriReference = true;
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "the policy assertion for SECURECONVERSATIONTOKEN has added RequireExternalUriReference");
                                }
                            } else if ("SC200502SecurityContextToken".equals(str5)) {
                                tokenAssertion._tokenType = com.ibm.ws.wssecurity.common.Constants.SC_200502;
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "the policy assertion for SECURECONVERSATIONTOKEN has added SC200502SecurityContextToken");
                                }
                            } else if ("SC13SecurityContextToken".equals(str5)) {
                                tokenAssertion._tokenType = com.ibm.ws.wssecurity.common.Constants.SCT_13;
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "the policy assertion for SECURECONVERSATIONTOKEN has added SC13SecurityContextToken");
                                }
                            }
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "the policy assertion for SECURECONVERSATIONTOKEN ");
                            }
                        }
                    }
                }
            } else {
                if (!str.equals(PolicyAttributesConstants.LTPA_TOKEN) && !str.equals(PolicyAttributesConstants.LTPA_PROPGATION_TOKEN) && !str.equals(PolicyAttributesConstants.CUSTOM_TOKEN)) {
                    throw SoapSecurityException.format("security.wssecurity.PolicyInOutboundConfig.s01", new String[]{str});
                }
                tokenAssertion = new PrivateCommonConfig.TokenAssertion();
                if (list != null && list.size() != 0) {
                    for (int i5 = 0; i5 < list.size(); i5++) {
                        Object obj5 = list.get(i5);
                        if (obj5 instanceof QName) {
                            tokenAssertion._tokenType = (QName) obj5;
                        }
                    }
                }
            }
        }
        return tokenAssertion;
    }

    private PrivateCommonConfig.TokenAssertion getTokenTypeAssertion(ProtectionOrSupportingToken protectionOrSupportingToken) throws SoapSecurityException {
        String type = protectionOrSupportingToken.getType();
        PrivateCommonConfig.TokenAssertion tokenAssertion = null;
        List<String> tokenAssertions = protectionOrSupportingToken.getTokenAssertions();
        if (tokenAssertions != null && tokenAssertions.size() > 0) {
            tokenAssertion = tokenAssertion(type, tokenAssertions);
        }
        List<QName> wssTokenAssertions = protectionOrSupportingToken.getWssTokenAssertions();
        if (wssTokenAssertions != null && wssTokenAssertions.size() > 0) {
            tokenAssertion = tokenAssertion(type, wssTokenAssertions);
        }
        return tokenAssertion;
    }

    private void algorithmSuiteAssertion(String str) {
        if (PolicyConfigUtil.isValidAlgorithmSuite(str)) {
            this.algorithmSuite = str;
            if (this._symmetricBinding) {
                this.symmetricSignatureAlgorithm = PolicyConfigUtil.getAlgorithm(str, 0);
            } else {
                this.asymmetricSignatureAlgorithm = PolicyConfigUtil.getAlgorithm(str, 1);
            }
            this.digestAlgorithm = PolicyConfigUtil.getAlgorithm(str, 2);
            this.encryptionAlgorithm = PolicyConfigUtil.getAlgorithm(str, 3);
            this.keyEncryptionAlgorithm = PolicyConfigUtil.getAlgorithm(str, 5);
            return;
        }
        if ("InclusiveC14N".equals(str)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Found C14N inclusive");
            }
            this.transformAlgorithm = "http://www.w3.org/2001/10/xml-c14n#";
            this.canonicalizationAlgorithm = "http://www.w3.org/2001/10/xml-c14n#";
            return;
        }
        if ("SOAPNormalization10".equals(str)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Found SOAPNormalization10");
                return;
            }
            return;
        }
        if ("STRTransform10".equals(str)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Found STRT10");
                return;
            }
            return;
        }
        if ("XPath10".equals(str)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Found XPATH10");
            }
        } else if ("XPath20".equals(str)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Found STRT10");
            }
        } else if ("AbsXPath".equals(str)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Found ABSXPATH");
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "WARNING: invalid algorithm suite [" + str + "] specified on EncryptedParts .");
        }
    }

    private String layoutAssertion(String str) {
        String str2 = null;
        if ("Strict".equals(str)) {
            str2 = "Strict";
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Found Strict");
            }
        } else if ("Lax".equals(str)) {
            str2 = "Lax";
            if (tc.isDebugEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Found Lax");
            }
        } else if ("LaxTsFirst".equals(str)) {
            str2 = "LaxTsFirst";
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Found LaxTsFirst");
            }
        } else if ("LaxTsLast".equals(str)) {
            str2 = "LaxTsLast";
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Found LaxTsLast");
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "WARNING: invalid algorithm suite [" + str + "] specified on EncryptedParts .");
        }
        return str2;
    }

    private boolean retrieveAssertions(String str, boolean z) {
        boolean z2;
        if (str == null) {
            z2 = false;
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "No wsu:Id for Policy element found; ignoring.");
            }
        } else if (str.startsWith("request:") && z) {
            z2 = true;
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Matching inbound request wsu:Id found: " + str);
            }
        } else if (!str.startsWith("response:") || z) {
            z2 = false;
            if (tc.isDebugEnabled()) {
                if (z) {
                    Tr.debug(tc, "wsu:Id found not applicable for inbound request messages: " + str);
                } else {
                    Tr.debug(tc, "wsu:Id found not applicable for inbound response messages: " + str);
                }
            }
        } else {
            z2 = true;
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Matching inbound response wsu:Id found: " + str);
            }
        }
        return z2;
    }

    public String getAlgorithmSuite() {
        return this.algorithmSuite;
    }

    private void mapPolicyAssertionsToProperties(boolean z, boolean z2) {
        List<PrivateCommonConfig.TokenAssertion> list;
        int indexOf;
        List<PrivateCommonConfig.TokenAssertion> list2;
        int indexOf2;
        List<PrivateCommonConfig.TokenAssertion> list3;
        int indexOf3;
        List<PrivateCommonConfig.TokenAssertion> list4;
        int indexOf4;
        Iterator<TokenConsumerConfig> it = this._tokenConsumers.iterator();
        while (it.hasNext()) {
            PrivateConsumerConfig.TokenConsumerConfImpl tokenConsumerConfImpl = (PrivateConsumerConfig.TokenConsumerConfImpl) it.next();
            PrivateCommonConfig.TokenAssertion tokenAssertion = null;
            if (z || !(tokenConsumerConfImpl._type.equals(com.ibm.ws.wssecurity.common.Constants.KERBEROSV5) || tokenConsumerConfImpl._type.equals(com.ibm.ws.wssecurity.common.Constants.KERBEROSV5_GSS))) {
                if ((this._symmetricProtectionTokenAssertion != null || this._symmetricEncryptionTokenAssertion != null) && tokenConsumerConfImpl._usedForDecryption) {
                    tokenAssertion = this._symmetricProtectionTokenAssertion != null ? this._symmetricProtectionTokenAssertion : this._symmetricEncryptionTokenAssertion;
                }
                if ((this._symmetricProtectionTokenAssertion != null || this._symmetricSignatureTokenAssertion != null) && tokenConsumerConfImpl._usedForVerification) {
                    tokenAssertion = this._symmetricProtectionTokenAssertion != null ? this._symmetricProtectionTokenAssertion : this._symmetricSignatureTokenAssertion;
                }
                if (tokenAssertion != null && tokenAssertion._requireImplicitDerivedKeys) {
                    tokenConsumerConfImpl.getProperties().put(com.ibm.ws.wssecurity.common.Constants.REQUIRED_IMPLIED_DERIVED_KEYS, Boolean.valueOf(tokenAssertion._requireImplicitDerivedKeys));
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Added token config property for implicit derived keys");
                    }
                }
            } else {
                if ((this._symmetricProtectionTokenAssertion != null || this._symmetricEncryptionTokenAssertion != null) && tokenConsumerConfImpl._usedForDecryption) {
                    if (this._symmetricProtectionTokenAssertion != null) {
                        PrivateCommonConfig.TokenAssertion tokenAssertion2 = this._symmetricProtectionTokenAssertion;
                    } else {
                        PrivateCommonConfig.TokenAssertion tokenAssertion3 = this._symmetricEncryptionTokenAssertion;
                    }
                }
                if (this._symmetricProtectionTokenAssertion != null || this._symmetricSignatureTokenAssertion != null) {
                    if (tokenConsumerConfImpl._usedForVerification) {
                        if (this._symmetricProtectionTokenAssertion != null) {
                            PrivateCommonConfig.TokenAssertion tokenAssertion4 = this._symmetricProtectionTokenAssertion;
                        } else {
                            PrivateCommonConfig.TokenAssertion tokenAssertion5 = this._symmetricSignatureTokenAssertion;
                        }
                    }
                }
            }
        }
        if (z) {
            return;
        }
        Iterator<String> it2 = this.nameKeyInfo.keySet().iterator();
        while (it2.hasNext()) {
            PrivateConsumerConfig.KeyInfoContentConsumerConfImpl keyInfoContentConsumerConfImpl = (PrivateConsumerConfig.KeyInfoContentConsumerConfImpl) this.nameKeyInfo.get(it2.next());
            PrivateConsumerConfig.TokenConsumerConfImpl tokenConsumerConfImpl2 = keyInfoContentConsumerConfImpl._tokenConsumer;
            PrivateCommonConfig.TokenAssertion tokenAssertion6 = null;
            if (this._symmetricBinding) {
                if (tokenConsumerConfImpl2._usedForDecryption) {
                    if (this._symmetricProtectionTokenAssertion != null || this._symmetricEncryptionTokenAssertion != null) {
                        tokenAssertion6 = this._symmetricProtectionTokenAssertion != null ? this._symmetricProtectionTokenAssertion : this._symmetricEncryptionTokenAssertion;
                    }
                } else if (tokenConsumerConfImpl2._usedForVerification && (this._symmetricProtectionTokenAssertion != null || this._symmetricSignatureTokenAssertion != null)) {
                    tokenAssertion6 = this._symmetricProtectionTokenAssertion != null ? this._symmetricProtectionTokenAssertion : this._symmetricSignatureTokenAssertion;
                }
            } else if (tokenConsumerConfImpl2._usedForDecryption) {
                if (z2) {
                    if (!this._recipientTokens.isEmpty() || !this._recipientEncryptionTokens.isEmpty()) {
                        if (this._recipientTokens.isEmpty()) {
                            list4 = this._recipientEncryptionTokens;
                            indexOf4 = this._recipientEncryptionTokenQNames.indexOf(tokenConsumerConfImpl2._type);
                        } else {
                            list4 = this._recipientTokens;
                            indexOf4 = this._recipientTokenQNames.indexOf(tokenConsumerConfImpl2._type);
                        }
                        if (indexOf4 >= 0) {
                            tokenAssertion6 = list4.get(indexOf4);
                        }
                    }
                } else if (!this._initiatorTokens.isEmpty() || !this._initiatorEncryptionTokens.isEmpty()) {
                    if (this._initiatorTokens.isEmpty()) {
                        list3 = this._initiatorEncryptionTokens;
                        indexOf3 = this._initiatorEncryptionTokenQNames.indexOf(tokenConsumerConfImpl2._type);
                    } else {
                        list3 = this._initiatorTokens;
                        indexOf3 = this._initiatorTokenQNames.indexOf(tokenConsumerConfImpl2._type);
                    }
                    if (indexOf3 >= 0) {
                        tokenAssertion6 = list3.get(indexOf3);
                    }
                }
            } else if (tokenConsumerConfImpl2._usedForVerification) {
                if (z2) {
                    if (!this._initiatorTokens.isEmpty() || !this._initiatorSignatureTokens.isEmpty()) {
                        if (this._initiatorTokens.isEmpty()) {
                            list2 = this._initiatorSignatureTokens;
                            indexOf2 = this._initiatorSignatureTokenQNames.indexOf(tokenConsumerConfImpl2._type);
                        } else {
                            list2 = this._initiatorTokens;
                            indexOf2 = this._initiatorTokenQNames.indexOf(tokenConsumerConfImpl2._type);
                        }
                        if (indexOf2 >= 0) {
                            tokenAssertion6 = list2.get(indexOf2);
                        }
                    }
                } else if (!this._recipientTokens.isEmpty() || !this._recipientSignatureTokens.isEmpty()) {
                    if (this._recipientTokens.isEmpty()) {
                        list = this._recipientSignatureTokens;
                        indexOf = this._recipientSignatureTokenQNames.indexOf(tokenConsumerConfImpl2._type);
                    } else {
                        list = this._recipientTokens;
                        indexOf = this._recipientTokenQNames.indexOf(tokenConsumerConfImpl2._type);
                    }
                    if (indexOf >= 0) {
                        tokenAssertion6 = list.get(indexOf);
                    }
                }
            }
            if (tokenAssertion6 != null) {
                if (keyInfoContentConsumerConfImpl._derivedKeyInfo == null) {
                    keyInfoContentConsumerConfImpl._derivedKeyInfo = new DerivedKeyInfoConfig();
                }
                if (keyInfoContentConsumerConfImpl._derivedKeyInfo != null) {
                    keyInfoContentConsumerConfImpl._derivedKeyInfo.setRequireDerivedKeys(tokenAssertion6._requireDerivedKeys);
                    keyInfoContentConsumerConfImpl._derivedKeyInfo.setRequireExplicitDerivedKeys(tokenAssertion6._requireExplicitDerivedKeys);
                    keyInfoContentConsumerConfImpl._derivedKeyInfo.setRequireImpliedDerivedKeys(tokenAssertion6._requireImplicitDerivedKeys);
                }
                if (tokenAssertion6._requireKeyIdentifierReference) {
                }
                keyInfoContentConsumerConfImpl._isRequireExternalUriReference = tokenAssertion6._requireExternalUriReference;
            }
        }
    }

    public String checkForSignatureAlgorithmInProperties(Map map) {
        String str = null;
        if (!map.isEmpty() && map.get("com.ibm.ws.wssecurity.dsig.SignatureAlgorithm") != null) {
            str = (String) map.get("com.ibm.ws.wssecurity.dsig.SignatureAlgorithm");
        }
        return str;
    }

    public void inspectTimestampProperties() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "inspectTimestampProperties");
        }
        int i = 0;
        String property = ConfigUtil.getProperty(this._properties, com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_TIMESTAMP_TIMEOUT);
        if (property != null) {
            String trim = property.trim();
            if (trim.length() != 0) {
                try {
                    i = ConfigConstants.validTimestampTimeout(Integer.parseInt(trim));
                } catch (NumberFormatException e) {
                    Tr.processException(e, getClass().getName() + ".init", "4655", this);
                    Tr.warning(tc, "security.wssecurity.WSEC0144W", new Object[]{trim, new Integer(600)});
                    i = 600;
                }
            }
        } else {
            i = 600;
        }
        String property2 = ConfigUtil.getProperty(this._properties, com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_TIMESTAMP_MAX_AGE);
        this._timestampMaxAge = property2 != null ? ConfigConstants.processTimestampMaxAge(property2, i) : 300;
        String property3 = ConfigUtil.getProperty(this._properties, com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_TIMESTAMP_CLOCK_SKEW);
        this._timestampClockSkew = property3 != null ? ConfigConstants.processTimestampClockSkew(property3, this._timestampMaxAge) : 180;
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "timestamp.maxAge = " + this._timestampMaxAge + " seconds, timestamp.clockSkew = " + this._timestampClockSkew + " seconds");
        }
        if (this._timestampRequired && this._timestampConsumer != null) {
            PrivateConsumerConfig.TimestampConsumerConfImpl timestampConsumerConfImpl = this._timestampConsumer;
            timestampConsumerConfImpl._timestampMaxAge = this._timestampMaxAge;
            timestampConsumerConfImpl._timestampClockSkew = this._timestampClockSkew;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "inspectTimestampProperties");
        }
    }

    public void inspectNonceProperties(WSSecurityDefaultConfiguration wSSecurityDefaultConfiguration) throws SoapSecurityException {
        int nonceMaxAge;
        int nonceClockSkew;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "inspectNonceProperties(defaultConfig[" + ConfigUtil.getObjState(wSSecurityDefaultConfiguration) + "])");
        }
        NonceManagerFactory.NonceSettings nonceSettings = null;
        NonceManagerFactory.NonceStrings nonceStrings = new NonceManagerFactory.NonceStrings(this._properties);
        if (wSSecurityDefaultConfiguration != null) {
            nonceSettings = wSSecurityDefaultConfiguration.getNonceSettings();
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "defaultConfig is null");
        }
        if (nonceSettings == null) {
            NonceManagerFactory.NonceSettings resolve = nonceStrings.resolve();
            if (wSSecurityDefaultConfiguration != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "nonceSettings not found default in configuration.  Initializing.");
                }
                wSSecurityDefaultConfiguration.setNonceSettings(resolve);
            }
            nonceMaxAge = resolve.getNonceMaxAge();
            nonceClockSkew = resolve.getNonceClockSkew();
        } else {
            nonceMaxAge = nonceSettings.getNonceMaxAge();
            nonceClockSkew = nonceSettings.getNonceClockSkew();
            if (nonceStrings.getMaxAge() != null || nonceStrings.getClockSkew() != null) {
                String maxAge = nonceStrings.getMaxAge();
                String clockSkew = nonceStrings.getClockSkew();
                if (maxAge == null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "getting maxAge from default configuration.");
                    }
                    maxAge = Integer.toString(nonceSettings.getNonceMaxAge());
                }
                if (clockSkew == null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "getting clockSkew from default configuration.");
                    }
                    clockSkew = Integer.toString(nonceSettings.getNonceClockSkew());
                }
                NonceManagerFactory.NonceSettings validateNonceSettings = ConfigConstants.validateNonceSettings(nonceSettings, maxAge, clockSkew);
                nonceMaxAge = validateNonceSettings.getNonceMaxAge();
                nonceClockSkew = validateNonceSettings.getNonceClockSkew();
            }
        }
        this._properties.put(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_NONCE_MAX_AGE, new Integer(nonceMaxAge));
        this._properties.put(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_NONCE_CLOCK_SKEW, new Integer(nonceClockSkew));
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "nonce.maxAge = " + nonceMaxAge + " seconds, nonce.clockSkew = " + nonceClockSkew + " seconds");
        }
        if (tc.isDebugEnabled()) {
            if (NonceManagerFactory.isInstantiated()) {
                Tr.debug(tc, "Getting NonceManager instance.");
            } else {
                Tr.debug(tc, "Instantiating the NonceManager.");
            }
        }
        try {
            this._nonceManager = (NonceManager) AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: com.ibm.ws.wssecurity.handler.PolicyInboundConfig.3
                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws SoapSecurityException {
                    return NonceManagerFactory.getInstance();
                }
            });
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "NonceManager = " + this._nonceManager);
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "inspectNonceProperties");
            }
        } catch (PrivilegedActionException e) {
            Tr.processException(e, clsName + ".inspectNonceProperties", "4806", this);
            Throwable cause = e.getCause();
            if (!(cause instanceof SoapSecurityException)) {
                throw new SoapSecurityException(cause);
            }
            throw ((SoapSecurityException) cause);
        }
    }

    static {
        _avoid70BindingsNSCheck = false;
        String property = System.getProperty(com.ibm.wsspi.wssecurity.core.Constants.AVOID_70_BINDINGS_NS_CHECK);
        if (property != null) {
            if ("true".equalsIgnoreCase(property) || "yes".equalsIgnoreCase(property) || "1".equalsIgnoreCase(property) || "on".equalsIgnoreCase(property)) {
                _avoid70BindingsNSCheck = true;
            }
        }
    }
}
