package com.ibm.ws.wssecurity.wssapi.token.impl;

import com.ibm.websphere.management.application.AppConstants;
import com.ibm.websphere.wssecurity.wssapi.token.SecurityToken;
import com.ibm.ws.wssecurity.platform.auth.WSSContext;
import com.ibm.ws.wssecurity.platform.auth.WSSContextFactory;
import com.ibm.ws.wssecurity.platform.util.SubjectUtilFactory;
import com.ibm.ws.wssecurity.util.Axis2Util;
import com.ibm.ws.wssecurity.util.TokenUtils;
import com.ibm.ws.wssecurity.util.Tr;
import com.ibm.ws.wssecurity.util.TraceComponent;
import com.ibm.wsspi.wssecurity.core.Constants;
import com.ibm.wsspi.wssecurity.core.SoapSecurityException;
import com.ibm.wsspi.wssecurity.core.config.TokenConsumerConfig;
import com.ibm.wsspi.wssecurity.core.config.TokenGeneratorConfig;
import com.ibm.wsspi.wssecurity.core.token.SecurityTokenManager;
import java.security.AccessController;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import org.apache.axis2.context.MessageContext;

/* loaded from: input_file:com/ibm/ws/wssecurity/wssapi/token/impl/SecurityTokenManagerImpl.class */
public class SecurityTokenManagerImpl implements SecurityTokenManager {
    private static final String comp = "security.wssecurity";
    private final Map<Object, Object> _context;
    private final Map<SecurityToken, SecurityTokenWrapper> _tokenMapping = new HashMap();
    private static final TraceComponent tc = Tr.register(SecurityTokenManagerImpl.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.wssmessages");
    private static final String clsName = SecurityTokenManagerImpl.class.getName();

    public SecurityTokenManagerImpl(Map<Object, Object> map) {
        this._context = map;
        initializeSubject();
    }

    public Map<Object, Object> getContext() {
        return this._context;
    }

    private final void initializeSubject() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initializeSubject()");
        }
        this._context.put(Constants.WSSECURITY_SECURITY_TOKEN_MANAGER, this);
        Object obj = this._context.get(Constants.WSSECURITY_SUBJECT);
        if (obj == null || !(obj instanceof Subject)) {
            this._context.put(Constants.WSSECURITY_SUBJECT, new Subject());
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "initializeSubject()");
        }
    }

    public final Subject cloneSubject(final Subject subject) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "cloneSubject(Subject)");
        }
        final Subject subject2 = new Subject();
        AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: com.ibm.ws.wssecurity.wssapi.token.impl.SecurityTokenManagerImpl.1
            @Override // java.security.PrivilegedAction
            public Object run() {
                for (Object obj : subject.getPublicCredentials()) {
                    if (obj != null) {
                        subject2.getPublicCredentials().add(obj);
                        if (SecurityTokenManagerImpl.tc.isDebugEnabled()) {
                            Tr.debug(SecurityTokenManagerImpl.tc, "Adding public object to Subject: " + obj);
                        }
                    }
                }
                for (Object obj2 : subject.getPrivateCredentials()) {
                    if (obj2 != null) {
                        if (SecurityTokenManagerImpl.tc.isDebugEnabled()) {
                            Tr.debug(SecurityTokenManagerImpl.tc, "Adding private object to Subject: " + obj2);
                        }
                        subject2.getPrivateCredentials().add(obj2);
                    }
                }
                for (Principal principal : subject.getPrincipals()) {
                    if (principal != null) {
                        if (SecurityTokenManagerImpl.tc.isDebugEnabled()) {
                            Tr.debug(SecurityTokenManagerImpl.tc, "Adding principal object to Subject: " + principal);
                        }
                        subject2.getPrincipals().add(principal);
                    }
                }
                return null;
            }
        });
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "cloneSubject(Subject)");
        }
        return subject2;
    }

    public final void integrateSubject() throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "integrateSubject()");
        }
        if (this._context != null) {
            MessageContext messageContext = (MessageContext) this._context.get(Constants.WSSECURITY_MESSAGE_CONTEXT);
            Subject subject = (Subject) this._context.get(Constants.WSSECURITY_SUBJECT);
            if (TokenUtils.removePrivateData(this._context)) {
                SubjectUtilFactory.getInstance().clean(subject);
            }
            if (Axis2Util.isServiceProvider(messageContext)) {
                WSSContext wSSContextFactory = WSSContextFactory.getInstance();
                try {
                    Subject callerSubject = wSSContextFactory.getCallerSubject(messageContext);
                    if (callerSubject != null) {
                        messageContext.setProperty(com.ibm.ws.wssecurity.common.Constants.CALLER_SUBJECT, callerSubject);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Stored the caller subject.");
                        }
                    } else if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "The caller subject is null.");
                    }
                    try {
                        Subject runAsSubject = wSSContextFactory.getRunAsSubject(messageContext);
                        if (runAsSubject != null) {
                            messageContext.setProperty(com.ibm.ws.wssecurity.common.Constants.INVOCATION_SUBJECT, runAsSubject);
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Stored the invocation subject.");
                            }
                        } else if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "The invocation subject is null.");
                        }
                        try {
                            wSSContextFactory.setCallerSubject(subject, messageContext);
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Replaced the caller subject [" + (subject == null ? AppConstants.NULL_STRING : "not null") + "]");
                            }
                            try {
                                wSSContextFactory.setRunAsSubject(subject, messageContext);
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "Replaced the invocation subject [" + (subject == null ? AppConstants.NULL_STRING : "not null") + "]");
                                }
                            } catch (Exception e) {
                                throw SoapSecurityException.format("security.wssecurity.TokenManager.finalizeSubject05", e);
                            }
                        } catch (Exception e2) {
                            throw SoapSecurityException.format("security.wssecurity.TokenManager.finalizeSubject04", e2);
                        }
                    } catch (Exception e3) {
                        Tr.processException(e3, clsName + ".finalizeSubject", "153");
                        throw SoapSecurityException.format("security.wssecurity.TokenManager.finalizeSubject03", e3);
                    }
                } catch (Exception e4) {
                    throw SoapSecurityException.format("security.wssecurity.TokenManager.finalizeSubject02", e4);
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "integrateSubject()");
        }
    }

    public final void finalizeSubject() throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "finalizeSubject()");
        }
        if (this._context != null) {
            this._context.remove(Constants.WSSECURITY_SUBJECT);
            this._context.remove(Constants.WSSECURITY_SECURITY_TOKEN_MANAGER);
        }
        this._tokenMapping.clear();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "finalizeSubject()");
        }
    }

    @Override // com.ibm.wsspi.wssecurity.core.token.SecurityTokenManager
    public final void addToken(final SecurityToken securityToken) {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("addToken(");
            stringBuffer.append("SecurityToken token[").append(securityToken).append("])");
            Tr.entry(tc, stringBuffer.toString());
        }
        if (securityToken != null && !getTokens().contains(securityToken)) {
            final Subject subject = (Subject) this._context.get(Constants.WSSECURITY_SUBJECT);
            AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: com.ibm.ws.wssecurity.wssapi.token.impl.SecurityTokenManagerImpl.2
                @Override // java.security.PrivilegedAction
                public Object run() {
                    subject.getPrivateCredentials().add(securityToken);
                    return null;
                }
            });
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "addToken(SecurityToken)");
        }
    }

    @Override // com.ibm.wsspi.wssecurity.core.token.SecurityTokenManager
    public final SecurityToken getToken(TokenConsumerConfig tokenConsumerConfig, String str) {
        SecurityTokenWrapper securityTokenWrapper;
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("getToken(");
            stringBuffer.append("TokenConsumerConfig tconfig, ");
            stringBuffer.append("String id[").append(str).append("])");
            Tr.entry(tc, stringBuffer.toString());
        }
        SecurityToken securityToken = null;
        if (tokenConsumerConfig != null) {
            Iterator<SecurityToken> it = getTokens().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                SecurityToken next = it.next();
                String id = next.getId();
                if (id != null && id.equals(str) && (securityTokenWrapper = this._tokenMapping.get(next)) != null && tokenConsumerConfig.hashCode() == securityTokenWrapper.getUsedTokenConsumerHash()) {
                    securityToken = next;
                    break;
                }
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Since TokenConsumerConfig is null, the runtime can't identify a token.");
        }
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer2 = new StringBuffer("getToken(");
            stringBuffer2.append("TokenConsumerConfig, String)");
            stringBuffer2.append(" returns SecurityToken [").append(securityToken).append("]");
            Tr.exit(tc, stringBuffer2.toString());
        }
        return securityToken;
    }

    @Override // com.ibm.wsspi.wssecurity.core.token.SecurityTokenManager
    public final SecurityToken getToken(String str) {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("getToken(");
            stringBuffer.append("String id[").append(str).append("])");
            Tr.entry(tc, stringBuffer.toString());
        }
        SecurityToken securityToken = null;
        for (SecurityToken securityToken2 : getTokens()) {
            String id = securityToken2.getId();
            if (id != null && id.equals(str)) {
                securityToken = securityToken2;
            }
        }
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer2 = new StringBuffer("getToken(String)");
            stringBuffer2.append(" returns SecurityToken [").append(securityToken).append("]");
            Tr.exit(tc, stringBuffer2.toString());
        }
        return securityToken;
    }

    @Override // com.ibm.wsspi.wssecurity.core.token.SecurityTokenManager
    public final void addTokens(final Collection<SecurityToken> collection) {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("addTokens(");
            stringBuffer.append("Collection tokens[").append(collection).append("])");
            Tr.entry(tc, stringBuffer.toString());
        }
        if (collection != null) {
            AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: com.ibm.ws.wssecurity.wssapi.token.impl.SecurityTokenManagerImpl.3
                @Override // java.security.PrivilegedAction
                public Object run() {
                    Subject subject = (Subject) SecurityTokenManagerImpl.this._context.get(Constants.WSSECURITY_SUBJECT);
                    if (subject == null) {
                        Tr.error(SecurityTokenManagerImpl.tc, "security.wssecurity.TokenManager.subjectIsNull");
                        return null;
                    }
                    subject.getPrivateCredentials().addAll(collection);
                    return null;
                }
            });
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "addTokens(Collection)");
        }
    }

    @Override // com.ibm.wsspi.wssecurity.core.token.SecurityTokenManager
    public final Collection<SecurityToken> getTokens() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getTokens()");
        }
        Collection<SecurityToken> collection = null;
        final Subject subject = (Subject) this._context.get(Constants.WSSECURITY_SUBJECT);
        if (subject == null) {
            Tr.error(tc, "security.wssecurity.TokenManager.subjectIsNull");
        } else {
            collection = (Collection) AccessController.doPrivileged(new PrivilegedAction<Collection<SecurityToken>>() { // from class: com.ibm.ws.wssecurity.wssapi.token.impl.SecurityTokenManagerImpl.4
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public Collection<SecurityToken> run() {
                    return subject.getPrivateCredentials(SecurityToken.class);
                }
            });
        }
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("getTokens()");
            stringBuffer.append(" returns Collection [").append(collection).append("]");
            Tr.exit(tc, stringBuffer.toString());
        }
        return collection;
    }

    @Override // com.ibm.wsspi.wssecurity.core.token.SecurityTokenManager
    public Collection<SecurityToken> getTokens(TokenGeneratorConfig tokenGeneratorConfig) {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("getTokens(");
            stringBuffer.append("TokenGeneratorConfig tconfig[").append(tokenGeneratorConfig).append("])");
            Tr.entry(tc, stringBuffer.toString());
        }
        HashSet hashSet = null;
        if (tokenGeneratorConfig != null) {
            Iterator<SecurityTokenWrapper> it = getTokenWrappers().iterator();
            if (it.hasNext()) {
                hashSet = new HashSet();
                while (it.hasNext()) {
                    SecurityTokenWrapper next = it.next();
                    if (next.getUsedTokenGeneratorHash() == tokenGeneratorConfig.hashCode()) {
                        hashSet.add(next.getSecurityToken());
                    }
                }
            }
        }
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer2 = new StringBuffer("getTokens(TokenGeneratorConfig)");
            stringBuffer2.append(" returns Collection [").append(hashSet).append("]");
            Tr.exit(tc, stringBuffer2.toString());
        }
        return hashSet;
    }

    @Override // com.ibm.wsspi.wssecurity.core.token.SecurityTokenManager
    public Collection<SecurityToken> getTokens(TokenGeneratorConfig tokenGeneratorConfig, String str) {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("getTokens(");
            stringBuffer.append("TokenGeneratorConfig tconfig[").append(tokenGeneratorConfig).append("], ");
            stringBuffer.append("String keyInfoType[").append(str).append("])");
            Tr.entry(tc, stringBuffer.toString());
        }
        HashSet hashSet = null;
        if (tokenGeneratorConfig != null) {
            Iterator<SecurityTokenWrapper> it = getTokenWrappers().iterator();
            if (it.hasNext()) {
                hashSet = new HashSet();
                while (it.hasNext()) {
                    SecurityTokenWrapper next = it.next();
                    if (next.getUsedTokenGeneratorHash() == tokenGeneratorConfig.hashCode() && next.getKeyInfoType().equals(str)) {
                        hashSet.add(next.getSecurityToken());
                    }
                }
            }
        }
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer2 = new StringBuffer("getTokens(TokenGeneratorConfig, String)");
            stringBuffer2.append(" returns Collection [").append(hashSet).append("]");
            Tr.exit(tc, stringBuffer2.toString());
        }
        return hashSet;
    }

    @Override // com.ibm.wsspi.wssecurity.core.token.SecurityTokenManager
    public Collection<SecurityToken> getTokens(TokenConsumerConfig tokenConsumerConfig) {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("getTokens(");
            stringBuffer.append("TokenConsumerConfig tconfig[").append(tokenConsumerConfig).append("])");
            Tr.entry(tc, stringBuffer.toString());
        }
        HashSet hashSet = null;
        if (tokenConsumerConfig != null) {
            Iterator<SecurityTokenWrapper> it = getTokenWrappers().iterator();
            if (it.hasNext()) {
                hashSet = new HashSet();
                while (it.hasNext()) {
                    SecurityTokenWrapper next = it.next();
                    if (next.getUsedTokenConsumerHash() == tokenConsumerConfig.hashCode()) {
                        hashSet.add(next.getSecurityToken());
                    }
                }
            }
        }
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer2 = new StringBuffer("getTokens(TokenConsumerConfig)");
            stringBuffer2.append(" returns Collection [").append(hashSet).append("]");
            Tr.exit(tc, stringBuffer2.toString());
        }
        return hashSet;
    }

    @Override // com.ibm.wsspi.wssecurity.core.token.SecurityTokenManager
    public final Collection<SecurityToken> getTokens(String str) {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("getTokens(");
            stringBuffer.append("String id[").append(str).append("])");
            Tr.entry(tc, stringBuffer.toString());
        }
        HashSet hashSet = null;
        Iterator<SecurityToken> it = getTokens().iterator();
        if (it.hasNext()) {
            hashSet = new HashSet();
            while (it.hasNext()) {
                SecurityToken next = it.next();
                String id = next.getId();
                if (id != null && id.equals(str)) {
                    hashSet.add(next);
                }
            }
        }
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer2 = new StringBuffer("getTokens(String)");
            stringBuffer2.append(" returns Collection [").append(hashSet).append("]");
            Tr.exit(tc, stringBuffer2.toString());
        }
        return hashSet;
    }

    @Override // com.ibm.wsspi.wssecurity.core.token.SecurityTokenManager
    public final void removeToken(final SecurityToken securityToken) {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("removeToken(");
            stringBuffer.append("SecurityToken token[").append(securityToken).append("])");
            Tr.entry(tc, stringBuffer.toString());
        }
        if (securityToken != null) {
            AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: com.ibm.ws.wssecurity.wssapi.token.impl.SecurityTokenManagerImpl.5
                @Override // java.security.PrivilegedAction
                public Object run() {
                    Subject subject = (Subject) SecurityTokenManagerImpl.this._context.get(Constants.WSSECURITY_SUBJECT);
                    if (subject == null) {
                        Tr.error(SecurityTokenManagerImpl.tc, "security.wssecurity.TokenManager.subjectIsNull");
                        return null;
                    }
                    subject.getPrivateCredentials().remove(securityToken);
                    return null;
                }
            });
            this._tokenMapping.remove(securityToken);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "removeToken(SecurityToken)");
        }
    }

    @Override // com.ibm.wsspi.wssecurity.core.token.SecurityTokenManager
    public final void removeTokens(final Collection<SecurityToken> collection) {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("removeTokens(");
            stringBuffer.append("Set tokens[").append(collection).append("])");
            Tr.entry(tc, stringBuffer.toString());
        }
        if (collection != null) {
            AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: com.ibm.ws.wssecurity.wssapi.token.impl.SecurityTokenManagerImpl.6
                @Override // java.security.PrivilegedAction
                public Object run() {
                    Subject subject = (Subject) SecurityTokenManagerImpl.this._context.get(Constants.WSSECURITY_SUBJECT);
                    if (subject == null) {
                        Tr.error(SecurityTokenManagerImpl.tc, "security.wssecurity.TokenManager.subjectIsNull");
                        return null;
                    }
                    subject.getPrivateCredentials().removeAll(collection);
                    return null;
                }
            });
            Iterator<SecurityToken> it = collection.iterator();
            while (it.hasNext()) {
                this._tokenMapping.remove(it.next());
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "removeTokens(Collection)");
        }
    }

    @Override // com.ibm.wsspi.wssecurity.core.token.SecurityTokenManager
    public final void removeAllTokens() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "removeAllTokens()");
        }
        AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: com.ibm.ws.wssecurity.wssapi.token.impl.SecurityTokenManagerImpl.7
            @Override // java.security.PrivilegedAction
            public Object run() {
                Subject subject = (Subject) SecurityTokenManagerImpl.this._context.get(Constants.WSSECURITY_SUBJECT);
                if (subject == null) {
                    Tr.error(SecurityTokenManagerImpl.tc, "security.wssecurity.TokenManager.subjectIsNull");
                    return null;
                }
                subject.getPrivateCredentials().removeAll(subject.getPrivateCredentials(SecurityToken.class));
                return null;
            }
        });
        this._tokenMapping.clear();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "removeAllTokens()");
        }
    }

    public final void addTokenWrapper(SecurityTokenWrapper securityTokenWrapper) {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("addTokenWrapper(");
            stringBuffer.append("SecurityTokenWrapper tokenWrapper[").append(securityTokenWrapper).append("])");
            Tr.entry(tc, stringBuffer.toString());
        }
        this._tokenMapping.put(securityTokenWrapper.getSecurityToken(), securityTokenWrapper);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "addTokenWrapper(SecurityTokenWrapper)");
        }
    }

    public final SecurityTokenWrapper getTokenWrapper(SecurityToken securityToken) {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("getTokenWrapper(");
            stringBuffer.append("SecurityToken token[").append(securityToken).append("])");
            Tr.entry(tc, stringBuffer.toString());
        }
        SecurityTokenWrapper securityTokenWrapper = this._tokenMapping.get(securityToken);
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer2 = new StringBuffer("getTokenWrapper(");
            stringBuffer2.append("SecurityToken)");
            stringBuffer2.append(" returns SecurityTokenWrapper [").append(securityTokenWrapper).append("]");
            Tr.exit(tc, stringBuffer2.toString());
        }
        return securityTokenWrapper;
    }

    public final SecurityTokenWrapper getUnprocessedTokenWrapper() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getUnprocessedTokenWrapper()");
        }
        SecurityTokenWrapper securityTokenWrapper = null;
        Iterator<SecurityTokenWrapper> it = this._tokenMapping.values().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            SecurityTokenWrapper next = it.next();
            if (!next.isProcessed()) {
                securityTokenWrapper = next;
                break;
            }
        }
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("getUnprocessedTokenWrapper()");
            stringBuffer.append(" returns SecurityTokenWrapper [").append(securityTokenWrapper).append("]");
            Tr.exit(tc, stringBuffer.toString());
        }
        return securityTokenWrapper;
    }

    public final Collection<SecurityTokenWrapper> getTokenWrappers() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getTokenWrappers()");
        }
        Collection<SecurityTokenWrapper> values = this._tokenMapping.values();
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("getTokenWrappers()");
            stringBuffer.append(" returns Collection[").append(values).append("]");
            Tr.exit(tc, stringBuffer.toString());
        }
        return values;
    }

    public final Collection<SecurityTokenWrapper> getTokenWrappers(Collection<SecurityToken> collection) {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("getTokenWrappers(");
            stringBuffer.append("Collection tokens[").append(collection).append("])");
            Tr.entry(tc, stringBuffer.toString());
        }
        HashSet hashSet = null;
        if (collection != null) {
            Iterator<SecurityToken> it = collection.iterator();
            if (it.hasNext()) {
                hashSet = new HashSet();
                while (it.hasNext()) {
                    SecurityTokenWrapper securityTokenWrapper = this._tokenMapping.get(it.next());
                    if (securityTokenWrapper != null) {
                        hashSet.add(securityTokenWrapper);
                    }
                }
            }
        }
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer2 = new StringBuffer("getTokenWrappers(Collection)");
            stringBuffer2.append(" returns Collection [").append(hashSet).append("]");
            Tr.exit(tc, stringBuffer2.toString());
        }
        return hashSet;
    }

    public final void addTokenWrappers(final Collection<SecurityTokenWrapper> collection) {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("addTokenWrappers(");
            stringBuffer.append("Collection tokenWrappers[").append(collection).append("])");
            Tr.entry(tc, stringBuffer.toString());
        }
        if (collection != null) {
            final Map<SecurityToken, SecurityTokenWrapper> map = this._tokenMapping;
            AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: com.ibm.ws.wssecurity.wssapi.token.impl.SecurityTokenManagerImpl.8
                @Override // java.security.PrivilegedAction
                public Object run() {
                    Subject subject = (Subject) SecurityTokenManagerImpl.this._context.get(Constants.WSSECURITY_SUBJECT);
                    if (subject == null) {
                        Tr.error(SecurityTokenManagerImpl.tc, "security.wssecurity.TokenManager.subjectIsNull");
                        return null;
                    }
                    Set<Object> privateCredentials = subject.getPrivateCredentials();
                    for (SecurityTokenWrapper securityTokenWrapper : collection) {
                        SecurityToken securityToken = securityTokenWrapper.getSecurityToken();
                        privateCredentials.add(securityToken);
                        map.put(securityToken, securityTokenWrapper);
                    }
                    return null;
                }
            });
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "addTokenWrappers(Collection)");
        }
    }

    public static final String getRunAsIdentity(final MessageContext messageContext) {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("getRunAsIdentity(");
            stringBuffer.append("MessageContext messageContext[").append(messageContext.getMessageID()).append("])");
            Tr.entry(tc, stringBuffer.toString());
        }
        String str = (String) AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: com.ibm.ws.wssecurity.wssapi.token.impl.SecurityTokenManagerImpl.9
            @Override // java.security.PrivilegedAction
            public Object run() {
                Set<Principal> principals;
                Subject subject = null;
                String str2 = null;
                try {
                    subject = WSSContextFactory.getInstance().getRunAsSubject(MessageContext.this);
                    if (subject == null) {
                        Tr.error(SecurityTokenManagerImpl.tc, "security.wssecurity.TokenManager.finalizeSubject03");
                    }
                } catch (Exception e) {
                    Tr.processException(e, SecurityTokenManagerImpl.clsName + ".getRunAsIdentity", "919");
                    Tr.error(SecurityTokenManagerImpl.tc, "security.wssecurity.TokenManager.finalizeSubject03");
                }
                if (subject != null && (principals = subject.getPrincipals()) != null) {
                    Iterator<Principal> it = principals.iterator();
                    if (it.hasNext()) {
                        str2 = it.next().getName();
                    }
                }
                return str2;
            }
        });
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer2 = new StringBuffer("getRunAsIdentity(boolean)");
            stringBuffer2.append(" returns String[").append(str).append("]");
            Tr.exit(tc, stringBuffer2.toString());
        }
        return str;
    }

    public final void addToSubject(final Subject subject) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "addToSubject(Subject)");
        }
        final Subject subject2 = (Subject) this._context.get(Constants.WSSECURITY_SUBJECT);
        AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: com.ibm.ws.wssecurity.wssapi.token.impl.SecurityTokenManagerImpl.10
            @Override // java.security.PrivilegedAction
            public Object run() {
                for (Object obj : subject.getPublicCredentials()) {
                    if (obj != null) {
                        if (!subject2.getPublicCredentials().contains(obj)) {
                            if (SecurityTokenManagerImpl.tc.isDebugEnabled()) {
                                Tr.debug(SecurityTokenManagerImpl.tc, "Adding public object to Subject: " + obj);
                            }
                            subject2.getPublicCredentials().add(obj);
                        } else if (SecurityTokenManagerImpl.tc.isDebugEnabled()) {
                            Tr.debug(SecurityTokenManagerImpl.tc, "Public object already in Subject: " + obj);
                        }
                    }
                }
                for (Object obj2 : subject.getPrivateCredentials()) {
                    if (obj2 != null) {
                        if (!subject2.getPrivateCredentials().contains(obj2)) {
                            if (SecurityTokenManagerImpl.tc.isDebugEnabled()) {
                                Tr.debug(SecurityTokenManagerImpl.tc, "Adding private object to Subject: " + obj2);
                            }
                            subject2.getPrivateCredentials().add(obj2);
                        } else if (obj2 instanceof SecurityToken) {
                            if (SecurityTokenManagerImpl.tc.isDebugEnabled()) {
                                Tr.debug(SecurityTokenManagerImpl.tc, "ws-sec Token private object already in Subject: " + obj2);
                            }
                        } else if (SecurityTokenManagerImpl.tc.isDebugEnabled()) {
                            Tr.debug(SecurityTokenManagerImpl.tc, "Private object already in Subject: " + obj2);
                        }
                    }
                }
                for (Principal principal : subject.getPrincipals()) {
                    if (principal != null) {
                        if (!subject2.getPrincipals().contains(principal)) {
                            if (SecurityTokenManagerImpl.tc.isDebugEnabled()) {
                                Tr.debug(SecurityTokenManagerImpl.tc, "Adding principal object to Subject: " + principal);
                            }
                            subject2.getPrincipals().add(principal);
                        } else if (SecurityTokenManagerImpl.tc.isDebugEnabled()) {
                            Tr.debug(SecurityTokenManagerImpl.tc, "Principal object already in Subject: " + principal);
                        }
                    }
                }
                return null;
            }
        });
        this._context.put(Constants.WSSECURITY_SUBJECT, subject2);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "addToSubject(Subject)");
        }
    }

    @Override // com.ibm.wsspi.wssecurity.core.token.SecurityTokenManager
    public final Collection<SecurityToken> getTokensByKeyInfo(String str) {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("getTokenByKeyInfo(");
            stringBuffer.append("String id[").append(str).append("])");
            Tr.entry(tc, stringBuffer.toString());
        }
        if (str == null) {
            return null;
        }
        HashSet hashSet = null;
        Iterator<SecurityTokenWrapper> it = getTokenWrappers().iterator();
        if (it != null && it.hasNext()) {
            hashSet = new HashSet();
            while (it.hasNext()) {
                SecurityTokenWrapper next = it.next();
                if (str.equals(next.getKeyInfoUniqueID())) {
                    hashSet.add(next.getSecurityToken());
                }
            }
        }
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer2 = new StringBuffer("getTokenByKeyInfo(String)");
            stringBuffer2.append(" returns SecurityToken [").append(hashSet).append("]");
            Tr.exit(tc, stringBuffer2.toString());
        }
        return hashSet;
    }
}
