package com.ibm.ws.wssecurity.platform.websphere.util;

import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.websphere.wssecurity.wssapi.token.SecurityToken;
import com.ibm.ws.wssecurity.platform.util.SubjectUtil;
import com.ibm.ws.wssecurity.platform.websphere.token.KRB5TokenImpl;
import com.ibm.ws.wssecurity.platform.websphere.wssapi.token.impl.WasAuthenticationTokenImpl;
import com.ibm.ws.wssecurity.platform.websphere.wssapi.token.impl.WasExchangeTokenImpl;
import com.ibm.ws.wssecurity.platform.websphere.wssapi.token.impl.WasSAML11TokenImpl;
import com.ibm.ws.wssecurity.platform.websphere.wssapi.token.impl.WasSAML20TokenImpl;
import com.ibm.ws.wssecurity.platform.websphere.wssapi.token.impl.WasUsernameTokenImpl;
import com.ibm.ws.wssecurity.platform.websphere.wssapi.token.impl.WasX509TokenImpl;
import com.ibm.ws.wssecurity.util.Tr;
import com.ibm.ws.wssecurity.util.TraceComponent;
import com.ibm.ws.wssecurity.wssapi.token.impl.LTPATokenImpl;
import com.ibm.ws.wssecurity.wssapi.token.impl.LTPAv2TokenImpl;
import com.ibm.ws.wssecurity.wssapi.token.impl.SAMLTokenImpl;
import com.ibm.ws.wssecurity.wssapi.token.impl.SecurityTokenImpl;
import com.ibm.ws.wssecurity.wssapi.token.impl.UsernameTokenImpl;
import com.ibm.ws.wssecurity.xml.xss4j.dsig.util.Base64;
import com.ibm.wsspi.security.token.AuthenticationToken;
import com.ibm.wsspi.wssecurity.core.SoapSecurityException;
import com.ibm.wsspi.wssecurity.platform.token.KRBAuthnToken;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import javax.xml.namespace.QName;

/* loaded from: input_file:com/ibm/ws/wssecurity/platform/websphere/util/WasSubjectUtilImpl.class */
public class WasSubjectUtilImpl implements SubjectUtil {
    private static final String comp = "security.wssecurity";
    private static final String UNT = "security.wssecurity_http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken";
    private static final String X509T = "security.wssecurity_http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
    private static final String LTPAT = "security.wssecurity_http://www.ibm.com/websphere/appserver/tokentype/5.0.2#LTPA";
    private static final String LTPAv2T = "security.wssecurity_http://www.ibm.com/websphere/appserver/tokentype#LTPAv2";
    private static final String EXCHANGED = "security.wssecurity_ExchangeToken";
    private static final String SAML11 = "security.wssecurity_http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1";
    private static final String SAML20 = "security.wssecurity_http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0";
    private static final String CredentialNS = "com.ibm.websphere.security.cred.WSCredential";
    private static final TraceComponent tc = Tr.register(WasSubjectUtilImpl.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.wssmessages");
    private static final String clsName = WasSubjectUtilImpl.class.getName();
    private static final String KRBV5 = KRBAuthnToken.WSSECURITY_KRBAUTHNTOKEN_NAME;
    private static final String AUTHN = WasAuthenticationTokenImpl.authenticationTokenName;
    private static String[] wasTokenNames = {"security.wssecurity_http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken", "security.wssecurity_http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3", "security.wssecurity_http://www.ibm.com/websphere/appserver/tokentype/5.0.2#LTPA", "security.wssecurity_http://www.ibm.com/websphere/appserver/tokentype#LTPAv2", KRBV5, "security.wssecurity_ExchangeToken", "security.wssecurity_http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1", "security.wssecurity_http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0", AUTHN};

    @Override // com.ibm.ws.wssecurity.platform.util.SubjectUtil
    public void clean(Subject subject) throws SoapSecurityException {
        ArrayList<SecurityTokenImpl> searchWasTokensWithoutPrivateInfo = searchWasTokensWithoutPrivateInfo(subject);
        ArrayList<SecurityTokenImpl> searchWasTokensWithPrivateInfo = searchWasTokensWithPrivateInfo(subject);
        if (searchWasTokensWithPrivateInfo != null) {
            Iterator<SecurityTokenImpl> it = searchWasTokensWithPrivateInfo.iterator();
            while (it.hasNext()) {
                SecurityTokenImpl next = it.next();
                if (getForwardableToken(next, searchWasTokensWithoutPrivateInfo) != null) {
                    removeToken(subject, next);
                } else {
                    replaceToken(subject, next, clone((SecurityToken) next, true));
                }
            }
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private SecurityTokenImpl getForwardableToken(SecurityTokenImpl securityTokenImpl, ArrayList<SecurityTokenImpl> arrayList) {
        Iterator<SecurityTokenImpl> it = arrayList.iterator();
        String uniqueID = ((AuthenticationToken) securityTokenImpl).getUniqueID();
        QName valueType = securityTokenImpl.getValueType();
        SecurityTokenImpl securityTokenImpl2 = null;
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            SecurityTokenImpl next = it.next();
            AuthenticationToken authenticationToken = (AuthenticationToken) next;
            if (authenticationToken != null && authenticationToken.getUniqueID() != null && authenticationToken.getUniqueID().equals(uniqueID) && valueType.equals(next.getValueType())) {
                securityTokenImpl2 = next;
                break;
            }
        }
        return securityTokenImpl2;
    }

    private static final ArrayList<SecurityTokenImpl> searchWasTokensWithPrivateInfo(final Subject subject) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "searchWasTokensWithPrivateInfo(Subject)");
        }
        final ArrayList<SecurityTokenImpl> arrayList = new ArrayList<>();
        AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: com.ibm.ws.wssecurity.platform.websphere.util.WasSubjectUtilImpl.1
            @Override // java.security.PrivilegedAction
            public Object run() {
                try {
                    for (Object obj : subject.getPublicCredentials()) {
                        if (obj != null) {
                            if ((obj instanceof SecurityTokenImpl) && (obj instanceof AuthenticationToken)) {
                                SecurityTokenImpl securityTokenImpl = (SecurityTokenImpl) obj;
                                if (WasSubjectUtilImpl.hasPrivateInfo(securityTokenImpl)) {
                                    arrayList.add(securityTokenImpl);
                                    if (WasSubjectUtilImpl.tc.isDebugEnabled()) {
                                        Tr.debug(WasSubjectUtilImpl.tc, "Remove: " + obj);
                                    }
                                } else if (WasSubjectUtilImpl.tc.isDebugEnabled()) {
                                    Tr.debug(WasSubjectUtilImpl.tc, "Not private info: " + obj);
                                }
                            } else if (WasSubjectUtilImpl.tc.isDebugEnabled()) {
                                Tr.debug(WasSubjectUtilImpl.tc, "ignore: " + obj);
                            }
                        }
                    }
                    return null;
                } catch (Exception e) {
                    return null;
                }
            }
        });
        AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: com.ibm.ws.wssecurity.platform.websphere.util.WasSubjectUtilImpl.2
            @Override // java.security.PrivilegedAction
            public Object run() {
                try {
                    for (Object obj : subject.getPrivateCredentials()) {
                        if (obj != null) {
                            if ((obj instanceof SecurityTokenImpl) && (obj instanceof AuthenticationToken)) {
                                SecurityTokenImpl securityTokenImpl = (SecurityTokenImpl) obj;
                                if (WasSubjectUtilImpl.hasPrivateInfo(securityTokenImpl)) {
                                    arrayList.add(securityTokenImpl);
                                    if (WasSubjectUtilImpl.tc.isDebugEnabled()) {
                                        Tr.debug(WasSubjectUtilImpl.tc, "Remove : " + obj);
                                    }
                                } else if (WasSubjectUtilImpl.tc.isDebugEnabled()) {
                                    Tr.debug(WasSubjectUtilImpl.tc, "Does not private info: " + obj);
                                }
                            } else if (WasSubjectUtilImpl.tc.isDebugEnabled()) {
                                Tr.debug(WasSubjectUtilImpl.tc, "ignore: " + obj);
                            }
                        }
                    }
                    return null;
                } catch (Exception e) {
                    return null;
                }
            }
        });
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "searchWasTokensWithPrivateInfo(Subject)");
        }
        return arrayList;
    }

    private static final ArrayList<SecurityTokenImpl> searchWasTokensWithoutPrivateInfo(final Subject subject) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "searchWasTokensWithPrivateInfo(Subject)");
        }
        final ArrayList<SecurityTokenImpl> arrayList = new ArrayList<>();
        AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: com.ibm.ws.wssecurity.platform.websphere.util.WasSubjectUtilImpl.3
            @Override // java.security.PrivilegedAction
            public Object run() {
                try {
                    for (Object obj : subject.getPublicCredentials()) {
                        if (obj != null) {
                            if ((obj instanceof SecurityTokenImpl) && (obj instanceof AuthenticationToken)) {
                                SecurityTokenImpl securityTokenImpl = (SecurityTokenImpl) obj;
                                if (!WasSubjectUtilImpl.hasPrivateInfo(securityTokenImpl)) {
                                    arrayList.add(securityTokenImpl);
                                    if (WasSubjectUtilImpl.tc.isDebugEnabled()) {
                                        Tr.debug(WasSubjectUtilImpl.tc, "Does not have private info: " + obj);
                                    }
                                } else if (WasSubjectUtilImpl.tc.isDebugEnabled()) {
                                    Tr.debug(WasSubjectUtilImpl.tc, "has private info: " + obj);
                                }
                            } else if (WasSubjectUtilImpl.tc.isDebugEnabled()) {
                                Tr.debug(WasSubjectUtilImpl.tc, "ignore: " + obj);
                            }
                        }
                    }
                    return null;
                } catch (Exception e) {
                    return null;
                }
            }
        });
        AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: com.ibm.ws.wssecurity.platform.websphere.util.WasSubjectUtilImpl.4
            @Override // java.security.PrivilegedAction
            public Object run() {
                try {
                    for (Object obj : subject.getPrivateCredentials()) {
                        if (obj != null) {
                            if ((obj instanceof SecurityTokenImpl) && (obj instanceof AuthenticationToken)) {
                                SecurityTokenImpl securityTokenImpl = (SecurityTokenImpl) obj;
                                if (!WasSubjectUtilImpl.hasPrivateInfo(securityTokenImpl)) {
                                    arrayList.add(securityTokenImpl);
                                    if (WasSubjectUtilImpl.tc.isDebugEnabled()) {
                                        Tr.debug(WasSubjectUtilImpl.tc, "Does not have : " + obj);
                                    }
                                } else if (WasSubjectUtilImpl.tc.isDebugEnabled()) {
                                    Tr.debug(WasSubjectUtilImpl.tc, "Has private info: " + obj);
                                }
                            } else if (WasSubjectUtilImpl.tc.isDebugEnabled()) {
                                Tr.debug(WasSubjectUtilImpl.tc, "ignore: " + obj);
                            }
                        }
                    }
                    return null;
                } catch (Exception e) {
                    return null;
                }
            }
        });
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "searchWasTokensWithPrivateInfo(Subject)");
        }
        return arrayList;
    }

    @Override // com.ibm.ws.wssecurity.platform.util.SubjectUtil
    public SecurityTokenImpl clone(SecurityToken securityToken, boolean z) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "clone(SecurityToken stoken, boolean secure)");
        }
        AuthenticationToken authenticationToken = (AuthenticationToken) securityToken;
        SecurityTokenImpl securityTokenImpl = null;
        try {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Restore authentication token: " + authenticationToken.getName());
            }
            if ("security.wssecurity_http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken".equals(authenticationToken.getName())) {
                WasUsernameTokenImpl wasUsernameTokenImpl = new WasUsernameTokenImpl();
                wasUsernameTokenImpl.initialize(authenticationToken.getBytes());
                securityTokenImpl = wasUsernameTokenImpl;
            } else if ("security.wssecurity_http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3".equals(authenticationToken.getName())) {
                WasX509TokenImpl wasX509TokenImpl = new WasX509TokenImpl();
                wasX509TokenImpl.initialize(authenticationToken.getBytes());
                securityTokenImpl = wasX509TokenImpl;
            } else if ("security.wssecurity_http://www.ibm.com/websphere/appserver/tokentype/5.0.2#LTPA".equals(authenticationToken.getName())) {
                LTPATokenImpl lTPATokenImpl = new LTPATokenImpl();
                lTPATokenImpl.initialize(authenticationToken.getBytes());
                securityTokenImpl = lTPATokenImpl;
            } else if ("security.wssecurity_http://www.ibm.com/websphere/appserver/tokentype#LTPAv2".equals(authenticationToken.getName())) {
                LTPAv2TokenImpl lTPAv2TokenImpl = new LTPAv2TokenImpl();
                lTPAv2TokenImpl.initialize(authenticationToken.getBytes());
                securityTokenImpl = lTPAv2TokenImpl;
            } else if (KRBV5.equals(authenticationToken.getName())) {
                securityTokenImpl = new KRB5TokenImpl(authenticationToken.getBytes());
            } else if ("security.wssecurity_ExchangeToken".equals(authenticationToken.getName())) {
                WasExchangeTokenImpl wasExchangeTokenImpl = new WasExchangeTokenImpl();
                wasExchangeTokenImpl.initialize(authenticationToken.getBytes());
                if (z && (wasExchangeTokenImpl.getAuthorizationToken() instanceof AuthenticationToken)) {
                    removePrivateInfo((SecurityTokenImpl) wasExchangeTokenImpl.getAuthorizationToken());
                }
                securityTokenImpl = wasExchangeTokenImpl;
            } else if (AUTHN.equals(authenticationToken.getName())) {
                WasAuthenticationTokenImpl wasAuthenticationTokenImpl = new WasAuthenticationTokenImpl();
                wasAuthenticationTokenImpl.initialize(authenticationToken.getBytes());
                securityTokenImpl = wasAuthenticationTokenImpl;
            } else if ("security.wssecurity_http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1".equals(authenticationToken.getName())) {
                SAMLTokenImpl wasSAML11TokenImpl = new WasSAML11TokenImpl();
                wasSAML11TokenImpl.initialize(authenticationToken.getBytes());
                securityTokenImpl = wasSAML11TokenImpl;
            } else if ("security.wssecurity_http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0".equals(authenticationToken.getName())) {
                SAMLTokenImpl wasSAML20TokenImpl = new WasSAML20TokenImpl();
                wasSAML20TokenImpl.initialize(authenticationToken.getBytes());
                securityTokenImpl = wasSAML20TokenImpl;
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, authenticationToken.getName() + " is not a WebSphere plateform SecurityToken.");
            }
            if (z && securityTokenImpl != null) {
                removePrivateInfo(securityTokenImpl);
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "clone");
            }
            return securityTokenImpl;
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception from de-serialization:" + e.getMessage());
            }
            Tr.processException(e, clsName + ".login", "C%");
            SoapSecurityException soapSecurityException = new SoapSecurityException(e.getMessage());
            soapSecurityException.initCause(e);
            throw soapSecurityException;
        }
    }

    public static void removePrivateInfo(SecurityTokenImpl securityTokenImpl) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "removePrivateInfo");
        }
        if (securityTokenImpl instanceof UsernameTokenImpl) {
            ((UsernameTokenImpl) securityTokenImpl).setPassword(null);
        } else if (securityTokenImpl instanceof KRB5TokenImpl) {
            ((KRB5TokenImpl) securityTokenImpl).setAPREQKeyByte(null);
        } else if (securityTokenImpl instanceof SAMLTokenImpl) {
            ((SAMLTokenImpl) securityTokenImpl).setHolderOfKeyBytes(null);
        }
        removeKeys(securityTokenImpl);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "removePrivateInfo");
        }
    }

    @Override // com.ibm.ws.wssecurity.platform.util.SubjectUtil
    public void replaceToken(final Subject subject, final SecurityToken securityToken, final SecurityToken securityToken2) {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("replaceToken(");
            stringBuffer.append("SecurityToken token[").append(securityToken).append("])");
            Tr.entry(tc, stringBuffer.toString());
        }
        if (securityToken != null && securityToken2 != null) {
            AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: com.ibm.ws.wssecurity.platform.websphere.util.WasSubjectUtilImpl.5
                @Override // java.security.PrivilegedAction
                public Object run() {
                    if (subject.getPublicCredentials().contains(securityToken)) {
                        subject.getPublicCredentials().remove(securityToken);
                        subject.getPublicCredentials().add(securityToken2);
                    }
                    if (!subject.getPrivateCredentials().contains(securityToken)) {
                        return null;
                    }
                    subject.getPrivateCredentials().remove(securityToken);
                    subject.getPrivateCredentials().add(securityToken2);
                    return null;
                }
            });
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "replaceToken(SecurityToken)");
        }
    }

    private void removeToken(final Subject subject, final SecurityToken securityToken) {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("replaceToken(");
            stringBuffer.append("SecurityToken token[").append(securityToken).append("])");
            Tr.entry(tc, stringBuffer.toString());
        }
        if (securityToken != null) {
            AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: com.ibm.ws.wssecurity.platform.websphere.util.WasSubjectUtilImpl.6
                @Override // java.security.PrivilegedAction
                public Object run() {
                    if (subject.getPublicCredentials().contains(securityToken)) {
                        subject.getPublicCredentials().remove(securityToken);
                    }
                    if (!subject.getPrivateCredentials().contains(securityToken)) {
                        return null;
                    }
                    subject.getPrivateCredentials().remove(securityToken);
                    return null;
                }
            });
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "replaceToken(SecurityToken)");
        }
    }

    private static void removeKeys(SecurityTokenImpl securityTokenImpl) {
        securityTokenImpl.setKey(61, null);
        securityTokenImpl.setKey(64, null);
        securityTokenImpl.setKey(62, null);
        securityTokenImpl.setKey(63, null);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static final boolean hasPrivateInfo(final SecurityTokenImpl securityTokenImpl) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "hasPrivateInfo");
        }
        Boolean bool = (Boolean) AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: com.ibm.ws.wssecurity.platform.websphere.util.WasSubjectUtilImpl.7
            @Override // java.security.PrivilegedAction
            public Object run() {
                Boolean bool2 = true;
                try {
                    if (SecurityTokenImpl.this instanceof UsernameTokenImpl) {
                        if (((UsernameTokenImpl) SecurityTokenImpl.this).getPassword() == null || ((UsernameTokenImpl) SecurityTokenImpl.this).getPassword().length == 0) {
                            bool2 = Boolean.FALSE;
                        }
                    } else if (SecurityTokenImpl.this instanceof KRB5TokenImpl) {
                        KRB5TokenImpl kRB5TokenImpl = (KRB5TokenImpl) SecurityTokenImpl.this;
                        if ((kRB5TokenImpl.getAPREQKeyByte() == null || kRB5TokenImpl.getAPREQKeyByte().length == 0) && kRB5TokenImpl.getKey(61) == null && kRB5TokenImpl.getKey(64) == null) {
                            bool2 = Boolean.FALSE;
                        }
                    } else if (SecurityTokenImpl.this instanceof SAMLTokenImpl) {
                        SAMLTokenImpl sAMLTokenImpl = (SAMLTokenImpl) SecurityTokenImpl.this;
                        if ((sAMLTokenImpl.getHolderOfKeyBytes() == null || sAMLTokenImpl.getHolderOfKeyBytes().length == 0) && sAMLTokenImpl.getKey(61) == null && sAMLTokenImpl.getKey(64) == null) {
                            bool2 = Boolean.FALSE;
                        }
                    } else if (SecurityTokenImpl.this.getKey(61) == null && SecurityTokenImpl.this.getKey(64) == null) {
                        bool2 = Boolean.FALSE;
                    }
                } catch (Exception e) {
                    if (WasSubjectUtilImpl.tc.isDebugEnabled()) {
                        Tr.debug(WasSubjectUtilImpl.tc, "Ignore it. We will remove this token later.");
                    }
                    bool2 = Boolean.TRUE;
                }
                return bool2;
            }
        });
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "removePrivateInfo");
        }
        return bool.booleanValue();
    }

    @Override // com.ibm.ws.wssecurity.platform.util.SubjectUtil
    public Map getCredentialAsMap(final Subject subject) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getCredentialAsMap");
        }
        final HashMap hashMap = new HashMap();
        try {
            new ArrayList();
            if (subject != null) {
                AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: com.ibm.ws.wssecurity.platform.websphere.util.WasSubjectUtilImpl.8
                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws Exception {
                        Set<Object> publicCredentials = subject.getPublicCredentials();
                        if (publicCredentials == null || publicCredentials.size() <= 0) {
                            return null;
                        }
                        for (Object obj : publicCredentials) {
                            if (obj != null && (obj instanceof WSCredential)) {
                                WSCredential wSCredential = (WSCredential) obj;
                                hashMap.put("Namespace", "com.ibm.websphere.security.cred.WSCredential");
                                hashMap.put(SubjectUtil.RealmName, wSCredential.getRealmName());
                                hashMap.put(SubjectUtil.SecurityName, wSCredential.getSecurityName());
                                hashMap.put("UniqueSecurityName", wSCredential.getUniqueSecurityName());
                                hashMap.put("OID", wSCredential.getOID());
                                hashMap.put(SubjectUtil.HostName, wSCredential.getHostName());
                                hashMap.put("GroupIds", WasSubjectUtilImpl.getGroupIds(wSCredential));
                                hashMap.put("PrimaryGroupId", WasSubjectUtilImpl.getPrimaryGroupId(wSCredential));
                                hashMap.put(SubjectUtil.CredentialToken, WasSubjectUtilImpl.getCredentialToken(wSCredential));
                                hashMap.put("Expiration", new StringBuffer().append(wSCredential.getExpiration()).toString());
                                return null;
                            }
                        }
                        return null;
                    }
                });
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getCredentialAsMap");
            }
            return hashMap;
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception while reading WSCredential:" + e.getMessage());
            }
            Tr.processException(e, clsName + ".login", "C%");
            SoapSecurityException soapSecurityException = new SoapSecurityException(e.getMessage());
            soapSecurityException.initCause(e);
            throw soapSecurityException;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String[] getGroupIds(WSCredential wSCredential) throws Exception {
        ArrayList groupIds = wSCredential.getGroupIds();
        if (groupIds == null || groupIds.size() <= 0) {
            return null;
        }
        String realmName = wSCredential.getRealmName();
        String[] strArr = new String[groupIds.size()];
        groupIds.toArray(strArr);
        for (int i = 0; i < groupIds.size(); i++) {
            String str = strArr[i];
            if (str != null && str.contains(realmName)) {
                strArr[i] = str.substring(str.indexOf(realmName) + realmName.length() + 1);
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.exit(tc, "getGroupIds returns numbrt of " + strArr.length);
        }
        return strArr;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String getPrimaryGroupId(WSCredential wSCredential) throws Exception {
        String primaryGroupId = wSCredential.getPrimaryGroupId();
        if (primaryGroupId != null && !primaryGroupId.isEmpty()) {
            String realmName = wSCredential.getRealmName();
            if (primaryGroupId.contains(realmName)) {
                primaryGroupId = primaryGroupId.substring(primaryGroupId.indexOf(realmName) + realmName.length() + 1);
            }
        }
        return primaryGroupId;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String getCredentialToken(WSCredential wSCredential) throws Exception {
        byte[] credentialToken = wSCredential.getCredentialToken();
        if (credentialToken == null || credentialToken.length <= 0) {
            return null;
        }
        return Base64.encode(credentialToken);
    }
}
