package com.ibm.wsspi.wssecurity.config;

import com.ibm.websphere.wssecurity.callbackhandler.UNTConsumeCallbackHandler;
import com.ibm.ws.wssecurity.xss4j.dsig.KeyInfo;
import com.ibm.wsspi.wssecurity.SoapSecurityException;
import com.ibm.wsspi.wssecurity.saml.config.SamlConstants;
import com.ibm.xml.soapsec.util.ConfigUtil;
import com.ibm.xml.soapsec.util.Tr;
import com.ibm.xml.soapsec.util.TraceComponent;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.X509Certificate;
import java.text.MessageFormat;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;

/* loaded from: input_file:com/ibm/wsspi/wssecurity/config/KeyStoreKeyLocator.class */
public class KeyStoreKeyLocator implements KeyLocator {
    private static final int STATUS_OK = 0;
    private static final int STATUS_CERT_ERROR = 1;
    private static final int STATUS_KEYID_ERROR = 2;
    private static final int STATUS_KEY_ERROR = 4;
    private static final String comp = "security.wssecurity";
    private static final long DAYS_IN_MS = 86400000;
    private static final long DEFAULT_DAYS_IN_MS_BEFORE_EXPIRE_WARNING = 5184000000L;
    private static final String DAYS_BEFORE_EXPIRE_WARNING_KEYS = "com.ibm.ws.wssecurity.daysBeforeExpireWarning";
    private String fDefaultName;
    private static final TraceComponent tc = Tr.register(KeyStoreKeyLocator.class, UNTConsumeCallbackHandler.TR_GROUP, "com.ibm.ws.webservices.wssecurity.resources.was-wssecurity");
    private static final String clsName = KeyStoreKeyLocator.class.getName();
    private long daysInMSBeforeExpireWarning = DEFAULT_DAYS_IN_MS_BEFORE_EXPIRE_WARNING;
    private volatile boolean fInitialized = false;
    private Map fInitMap = null;
    private Map fName2Container = new HashMap();
    private Map fName2PrivContainer = new HashMap();
    private Map fKey2Container = new HashMap();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/ibm/wsspi/wssecurity/config/KeyStoreKeyLocator$KeyContainer.class */
    public class KeyContainer {
        private String fKspath;
        private String fAlias;
        private String fName;
        private Key fKey;
        private Certificate fCertificate;
        private int fStatus;
        private long fExpiration;
        private long fDaysInMSBeforeExpireWarning;
        private String fErrorMes;
        private boolean _skipExpirationWarningMessage;

        private KeyContainer(String str, String str2, String str3, Key key, Certificate certificate, int i, long j, long j2, String str4, boolean z) throws KeyLocatorException {
            this.fKspath = str;
            this.fAlias = str2;
            this.fName = KeyStoreKeyLocator.encodedName(str3);
            this.fKey = key;
            this.fCertificate = certificate;
            this.fStatus = i;
            this.fExpiration = j;
            this.fDaysInMSBeforeExpireWarning = j2;
            this.fErrorMes = str4;
            this._skipExpirationWarningMessage = z;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public String getName() {
            return this.fName;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public Key getKey() throws KeyLocatorException {
            if ((this.fStatus & 1) == 1 || (this.fStatus & 4) == 4) {
                throw new KeyLocatorException(this.fErrorMes);
            }
            return this.fKey;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public Certificate getCertificate() throws KeyLocatorException {
            if ((this.fStatus & 1) == 1) {
                throw new KeyLocatorException(this.fErrorMes);
            }
            checkExpiration();
            return this.fCertificate;
        }

        private void checkExpiration() throws KeyLocatorException {
            if (this.fExpiration >= 0) {
                long currentTimeMillis = this.fExpiration - System.currentTimeMillis();
                if (currentTimeMillis < 0) {
                    this.fStatus++;
                    this.fErrorMes = ConfigUtil.getMessage("security.wssecurity.WSEC5181E", new String[]{this.fName, this.fAlias, this.fKspath, "expiration time - current system time = " + currentTimeMillis + " ms."});
                    throw new KeyLocatorException(this.fErrorMes);
                }
                if (this._skipExpirationWarningMessage || currentTimeMillis >= this.fDaysInMSBeforeExpireWarning) {
                    return;
                }
                Tr.warning(KeyStoreKeyLocator.tc, "security.wssecurity.WSEC5189W", new Object[]{this.fName, this.fAlias, this.fKspath, new Long(currentTimeMillis / KeyStoreKeyLocator.DAYS_IN_MS)});
                this._skipExpirationWarningMessage = true;
            }
        }
    }

    protected String getDefaultBasePath() {
        return null;
    }

    @Override // com.ibm.wsspi.wssecurity.Initializable
    public void init(Map map) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "init(map)");
        }
        this.fInitMap = map;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "init()");
        }
    }

    protected synchronized void doInit() throws KeyLocatorException {
        String name;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "doInit(map)");
        }
        if (this.fInitialized) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "doInit()");
                return;
            }
            return;
        }
        String str = null;
        String str2 = null;
        String str3 = null;
        char[] cArr = null;
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        HashMap hashMap3 = new HashMap();
        String str4 = null;
        String defaultBasePath = getDefaultBasePath();
        for (String str5 : this.fInitMap.keySet()) {
            String str6 = (String) this.fInitMap.get(str5);
            if (str5.equals("type")) {
                str = str6;
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "doInit() - keystore type: " + str6);
                }
            } else if (str5.equals("path")) {
                str2 = str6;
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "doInit() - keystore path: " + str6);
                }
            } else if (str5.equals("base")) {
                defaultBasePath = str6;
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "doInit() - keystore base: " + str6);
                }
            } else if (str5.equals("storepass")) {
                cArr = str6.toCharArray();
            } else if (str5.equals(SamlConstants.KEY_STORE_REF)) {
                str3 = str6;
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "doInit() - keystore reference: " + str6);
                }
            } else if (str5.startsWith("alias_")) {
                hashMap.put(str5.substring("alias_".length()), str6);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "doInit() - keystore " + str5 + ": " + str6);
                }
            } else if (str5.startsWith("keypass_")) {
                hashMap2.put(str5.substring("keypass_".length()), str6.toCharArray());
            } else if (str5.startsWith("name_")) {
                hashMap3.put(str5.substring("name_".length()), str6);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "doInit() - keystore " + str5 + ": " + str6);
                }
            } else if (str5.equals("default")) {
                str4 = str6;
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "doInit() - keystore default: " + str6);
                }
            } else if (str5.equals(DAYS_BEFORE_EXPIRE_WARNING_KEYS)) {
                if (str6 != null && str6.length() != 0) {
                    String trim = str6.trim();
                    if (trim.length() != 0) {
                        try {
                            this.daysInMSBeforeExpireWarning = Long.parseLong(trim) * DAYS_IN_MS;
                        } catch (NumberFormatException e) {
                            Tr.processException(e, clsName + ".doInit", "182", this);
                            Tr.warning(tc, "security.wssecurity.WSEC5190W", new Object[]{DAYS_BEFORE_EXPIRE_WARNING_KEYS, trim, new Long(60L)});
                        }
                    } else if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "doInit() - no value define for: com.ibm.ws.wssecurity.daysBeforeExpireWarning");
                    }
                } else if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "doInit() - no value define for: com.ibm.ws.wssecurity.daysBeforeExpireWarning");
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "doInit() - days before expire warning: " + (this.daysInMSBeforeExpireWarning / DAYS_IN_MS));
                }
            }
        }
        if (str == null) {
            str = KeyStore.getDefaultType();
        }
        if (str2 == null) {
            throw new NullPointerException("Keystore path not specified");
        }
        String str7 = str2;
        if (defaultBasePath != null) {
            str7 = ConfigUtil.fixKeystorePath(str2, defaultBasePath);
        }
        try {
            KeyStore keyStore = str3 != null ? ConfigUtil.getKeyStore(str3) : ConfigUtil.getKeyStore(str, str7, cArr);
            try {
                Enumeration<String> aliases = keyStore.aliases();
                while (aliases.hasMoreElements()) {
                    String nextElement = aliases.nextElement();
                    Certificate certificate = keyStore.getCertificate(nextElement);
                    X509Certificate x509Certificate = null;
                    PublicKey publicKey = null;
                    String str8 = null;
                    int i = 0;
                    long j = -1;
                    String str9 = null;
                    boolean z = false;
                    if (certificate != null && (certificate instanceof X509Certificate)) {
                        x509Certificate = (X509Certificate) certificate;
                        publicKey = x509Certificate.getPublicKey();
                        str8 = x509Certificate.getSubjectDN().getName();
                        j = x509Certificate.getNotAfter().getTime();
                        if (j - System.currentTimeMillis() < this.daysInMSBeforeExpireWarning) {
                            Tr.warning(tc, "security.wssecurity.WSEC5189W", new Object[]{str8, nextElement, str2, new Long((j - System.currentTimeMillis()) / DAYS_IN_MS)});
                            z = true;
                        }
                        try {
                            try {
                                x509Certificate.checkValidity();
                            } catch (CertificateException e2) {
                                i = 0 + 1;
                                Tr.processException(e2, clsName + ".doInit", "273", this);
                                Tr.error(tc, "security.wssecurity.WSEC5182E", new Object[]{str8, nextElement, str2, e2});
                                str9 = ConfigUtil.getMessage("security.wssecurity.WSEC5182E", new String[]{str8, nextElement, str2, e2.getMessage()});
                            }
                        } catch (CertificateExpiredException e3) {
                            i = 0 + 1;
                            Tr.processException(e3, clsName + ".doInit", "266", this);
                            Tr.error(tc, "security.wssecurity.WSEC5181E", new Object[]{str8, nextElement, str2, e3});
                            str9 = ConfigUtil.getMessage("security.wssecurity.WSEC5181E", new String[]{str8, nextElement, str2, e3.getMessage()});
                        }
                    }
                    if (x509Certificate != null) {
                        KeyContainer keyContainer = new KeyContainer(str2, nextElement, str8, publicKey, x509Certificate, i, j, this.daysInMSBeforeExpireWarning, str9, z);
                        this.fName2Container.put(keyContainer.getName(), keyContainer);
                        this.fKey2Container.put(publicKey, keyContainer);
                    }
                }
                for (String str10 : hashMap3.keySet()) {
                    String str11 = (String) hashMap.get(str10);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "doInit() - id=" + str10 + " alias=" + str11);
                    }
                    boolean z2 = false;
                    if (str11 != null) {
                        Certificate certificate2 = keyStore.getCertificate(str11);
                        if (certificate2 != null) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "doInit() - private key found");
                            }
                            String str12 = (String) hashMap3.get(str10);
                            X509Certificate x509Certificate2 = null;
                            int i2 = 0;
                            long j2 = -1;
                            String str13 = null;
                            if (certificate2 instanceof X509Certificate) {
                                x509Certificate2 = (X509Certificate) certificate2;
                                PublicKey publicKey2 = x509Certificate2.getPublicKey();
                                j2 = x509Certificate2.getNotAfter().getTime();
                                if (j2 - System.currentTimeMillis() < this.daysInMSBeforeExpireWarning) {
                                    Tr.warning(tc, "security.wssecurity.WSEC5189W", new Object[]{str12, str11, str2, new Long((j2 - System.currentTimeMillis()) / DAYS_IN_MS)});
                                    z2 = true;
                                }
                                try {
                                    x509Certificate2.checkValidity();
                                } catch (CertificateExpiredException e4) {
                                    i2 = 0 + 1;
                                    Tr.processException(e4, clsName + ".doInit", "326", this);
                                    Tr.error(tc, "security.wssecurity.WSEC5181E", new Object[]{str12, str11, str2, e4});
                                    str13 = ConfigUtil.getMessage("security.wssecurity.WSEC5181E", new String[]{str12, str11, str2, e4.getMessage()});
                                } catch (CertificateException e5) {
                                    i2 = 0 + 1;
                                    Tr.processException(e5, clsName + ".doInit", "333", this);
                                    Tr.error(tc, "security.wssecurity.WSEC5182E", new Object[]{str12, str11, str2, e5});
                                    str13 = ConfigUtil.getMessage("security.wssecurity.WSEC5182E", new String[]{str12, str11, str2, e5.getMessage()});
                                }
                                KeyContainer keyContainer2 = new KeyContainer(str2, str11, str12, publicKey2, x509Certificate2, i2, j2, this.daysInMSBeforeExpireWarning, str13, z2);
                                this.fName2Container.put(keyContainer2.getName(), keyContainer2);
                                this.fKey2Container.put(publicKey2, keyContainer2);
                            }
                            char[] cArr2 = (char[]) hashMap2.get(str10);
                            if (tc.isDebugEnabled()) {
                                if (cArr2 != null) {
                                    Tr.debug(tc, "doInit() - keypass is not null");
                                } else {
                                    Tr.debug(tc, "doInit() - keypass is null");
                                }
                            }
                            if (cArr2 != null) {
                                Key key = null;
                                int i3 = 0;
                                String str14 = null;
                                try {
                                    key = keyStore.getKey(str11, (char[]) hashMap2.get(str10));
                                } catch (NoSuchAlgorithmException e6) {
                                    i3 = 4;
                                    Tr.processException(e6, clsName + ".doInit", "363", this);
                                    Tr.error(tc, "security.wssecurity.WSEC5183E", new Object[]{str11, str2, e6});
                                    str14 = ConfigUtil.getMessage("security.wssecurity.WSEC5183E", new String[]{str11, str2, e6.getMessage()});
                                } catch (UnrecoverableKeyException e7) {
                                    i3 = 4;
                                    Tr.processException(e7, clsName + ".doInit", "369", this);
                                    Tr.error(tc, "security.wssecurity.WSEC5184E", new Object[]{str11, str2, e7});
                                    str14 = ConfigUtil.getMessage("security.wssecurity.WSEC5184E", new String[]{str11, str2, e7.getMessage()});
                                }
                                if (tc.isDebugEnabled()) {
                                    if (key != null) {
                                        Tr.debug(tc, "doInit() - key is not null");
                                    } else {
                                        Tr.debug(tc, "doInit() - key is null");
                                    }
                                }
                                if (key != null) {
                                    KeyContainer keyContainer3 = new KeyContainer(str2, str11, str12, key, x509Certificate2, i3, j2, this.daysInMSBeforeExpireWarning, str14, z2);
                                    this.fName2PrivContainer.put(keyContainer3.getName(), keyContainer3);
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "KeyStoreKeyLocator.doInit() - added priv key for name " + keyContainer3.getName());
                                    }
                                    if (x509Certificate2 != null && x509Certificate2.getSubjectDN() != null && (name = x509Certificate2.getSubjectDN().getName()) != null && name.length() > 0) {
                                        String encodedName = encodedName(name);
                                        this.fName2PrivContainer.put(encodedName, keyContainer3);
                                        if (tc.isDebugEnabled()) {
                                            Tr.debug(tc, "KeyStoreKeyLocator.doInit() - added priv key for name " + encodedName);
                                        }
                                    }
                                }
                            }
                        } else {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "doInit() - private key not found.");
                            }
                            char[] cArr3 = (char[]) hashMap2.get(str10);
                            if (cArr3 != null) {
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "doInit() - keypass is not null");
                                }
                                Key key2 = null;
                                int i4 = 0;
                                long j3 = -1;
                                String str15 = null;
                                try {
                                    try {
                                        key2 = keyStore.getKey(str11, cArr3);
                                    } catch (NoSuchAlgorithmException e8) {
                                        i4 = 4;
                                        Tr.processException(e8, clsName + ".doInit", "422", this);
                                        Tr.error(tc, "security.wssecurity.WSEC5183E", new Object[]{str11, str2, e8});
                                        str15 = ConfigUtil.getMessage("security.wssecurity.WSEC5183E", new String[]{str11, str2, e8.getMessage()});
                                    }
                                } catch (UnrecoverableKeyException e9) {
                                    i4 = 4;
                                    Tr.processException(e9, clsName + ".doInit", "428", this);
                                    Tr.error(tc, "security.wssecurity.WSEC5184E", new Object[]{str11, str2, e9});
                                    str15 = ConfigUtil.getMessage("security.wssecurity.WSEC5184E", new String[]{str11, str2, e9.getMessage()});
                                }
                                if (key2 != null) {
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "doInit() - key is not null");
                                    }
                                    KeyContainer keyContainer4 = new KeyContainer(str2, str11, (String) hashMap3.get(str10), key2, null, i4, j3, this.daysInMSBeforeExpireWarning, str15, z2);
                                    this.fName2Container.put(keyContainer4.getName(), keyContainer4);
                                    this.fKey2Container.put(key2, keyContainer4);
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "KeyStoreKeyLocator.doInit() - added key for name " + keyContainer4.getName());
                                    }
                                } else if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "doInit() - key is null");
                                }
                            } else if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "doInit() - keypass is null");
                            }
                        }
                    }
                }
                if (str4 != null) {
                    this.fDefaultName = encodedName(str4);
                }
                this.fInitialized = true;
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "doInit() - fInitialized [" + this.fInitialized + "]");
                }
            } catch (KeyStoreException e10) {
                Tr.processException(e10, clsName + ".doInit", "462", this);
                Tr.error(tc, "security.wssecurity.KeyStoreKeyLocator.exception", new Object[]{str2, e10});
                throw new KeyLocatorException(e10.toString());
            }
        } catch (SoapSecurityException e11) {
            throw new KeyLocatorException(e11.toString());
        }
    }

    @Override // com.ibm.wsspi.wssecurity.config.KeyLocator
    public Set getNames(Object obj) throws KeyLocatorException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getNames(" + obj + ")");
        }
        if (!this.fInitialized) {
            doInit();
        }
        Set keySet = this.fName2Container.keySet();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getNames(Object context) returns " + keySet);
        }
        return keySet;
    }

    protected Key getConfidentialKey(String str, Object obj) throws KeyLocatorException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getConfidentialKey(" + str + "," + obj + ")");
        }
        String encodedName = str != null ? encodedName(str) : this.fDefaultName;
        Key key = null;
        if (encodedName != null) {
            KeyContainer keyContainer = (KeyContainer) this.fName2PrivContainer.get(encodedName);
            if (keyContainer == null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "getConfidentialKey - priv key NOT found for " + encodedName);
                    Tr.debug(tc, "getConfidentialKey - priv container map: " + this.fName2PrivContainer);
                }
                keyContainer = (KeyContainer) this.fName2Container.get(encodedName);
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "getConfKey - priv key found for " + encodedName);
            }
            if (keyContainer != null) {
                key = keyContainer.getKey();
            }
        }
        if (key == null) {
            Tr.error(tc, "security.wssecurity.KeyStoreKeyLocator.s41");
            throw new KeyLocatorException(ConfigUtil.getMessage("security.wssecurity.KeyStoreKeyLocator.s41") + encodedName);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getConfidentialKey(String name, Object context) returns " + key);
        }
        return key;
    }

    @Override // com.ibm.wsspi.wssecurity.config.KeyLocator
    public Key getEncryptionKey(String str, Object obj) throws KeyLocatorException {
        KeyContainer keyContainer;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getEncryptionKey(" + str + "," + obj + ")");
        }
        if (!this.fInitialized) {
            doInit();
        }
        String encodedName = str != null ? encodedName(str) : this.fDefaultName;
        Key key = null;
        if (encodedName != null && (keyContainer = (KeyContainer) this.fName2Container.get(encodedName)) != null) {
            key = keyContainer.getKey();
        }
        if (key == null) {
            Tr.error(tc, "security.wssecurity.KeyStoreKeyLocator.s41");
            throw new KeyLocatorException(ConfigUtil.getMessage("security.wssecurity.KeyStoreKeyLocator.s41") + encodedName);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getEncryptionKey(String name, Object context) returns " + key);
        }
        return key;
    }

    @Override // com.ibm.wsspi.wssecurity.config.KeyLocator
    public Key getDecryptionKey(String str, Object obj) throws KeyLocatorException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getDecryptionKey(" + str + "," + obj + ")");
        }
        if (!this.fInitialized) {
            doInit();
        }
        Key confidentialKey = getConfidentialKey(str, obj);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getDecryptionKey(String name, Object context) returns " + confidentialKey);
        }
        return confidentialKey;
    }

    @Override // com.ibm.wsspi.wssecurity.config.KeyLocator
    public Key getSigningKey(String str) throws KeyLocatorException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSigningKey(" + str + ")");
        }
        if (!this.fInitialized) {
            doInit();
        }
        Key confidentialKey = getConfidentialKey(str, null);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getSigningKey(String name) returns " + confidentialKey);
        }
        return confidentialKey;
    }

    @Override // com.ibm.wsspi.wssecurity.config.KeyLocator
    public Key getVerificationKey(String str) throws KeyLocatorException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getVefificationKey(" + str + ")");
        }
        if (!this.fInitialized) {
            doInit();
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getVerificationKey(String name) returns " + ((Object) null));
        }
        return null;
    }

    @Override // com.ibm.wsspi.wssecurity.config.KeyLocator
    public String getName(Key key) throws KeyLocatorException {
        KeyContainer keyContainer;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getName(" + key + ")");
        }
        if (!this.fInitialized) {
            doInit();
        }
        String str = null;
        if (key != null && (keyContainer = (KeyContainer) this.fKey2Container.get(key)) != null) {
            str = keyContainer.getName();
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getName(Key key) returns " + str);
        }
        return str;
    }

    @Override // com.ibm.wsspi.wssecurity.config.KeyLocator
    public Certificate getCertificate(Key key) throws KeyLocatorException {
        KeyContainer keyContainer;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getCertificate(" + key + ")");
        }
        if (!this.fInitialized) {
            doInit();
        }
        Certificate certificate = null;
        if (key != null && (keyContainer = (KeyContainer) this.fKey2Container.get(key)) != null) {
            certificate = keyContainer.getCertificate();
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getCertificate(Key key) returns " + certificate);
        }
        return certificate;
    }

    @Override // com.ibm.wsspi.wssecurity.config.KeyLocator
    public Certificate getCertificate(String str) throws KeyLocatorException {
        KeyContainer keyContainer;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getCertificate(" + str + ")");
        }
        if (!this.fInitialized) {
            doInit();
        }
        String encodedName = str != null ? encodedName(str) : this.fDefaultName;
        Certificate certificate = null;
        if (encodedName != null && (keyContainer = (KeyContainer) this.fName2Container.get(encodedName)) != null) {
            certificate = keyContainer.getCertificate();
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getCertificate(String name) returns " + certificate);
        }
        return certificate;
    }

    public static String encodedName(String str) throws KeyLocatorException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "encodedName(" + str + ")");
        }
        String encodeDName = KeyInfo.X509Data.encodeDName(str);
        if (encodeDName == null) {
            Tr.error(tc, "security.wssecurity.KeyStoreKeyLocator.malformedname", new Object[]{str});
            throw new KeyLocatorException(MessageFormat.format(ConfigUtil.getMessage("security.wssecurity.KeyStoreKeyLocator.malformedname"), str));
        }
        if (encodeDName.length() == 0) {
            encodeDName = str;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "encodedName(String dn) returns " + encodeDName);
        }
        return encodeDName;
    }

    @Override // com.ibm.wsspi.wssecurity.config.KeyLocator
    public String getName(String str) throws KeyLocatorException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getName(" + str + ")");
        }
        if (!this.fInitialized) {
            doInit();
        }
        String encodedName = str != null ? encodedName(str) : this.fDefaultName;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getName(String name) returns " + encodedName);
        }
        return encodedName;
    }
}
