package com.ibm.ws.webservices.wssecurity.core;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.etools.webservice.wscommonbnd.AlgorithmMapping;
import com.ibm.etools.webservice.wscommonbnd.CRL;
import com.ibm.etools.webservice.wscommonbnd.CertStoreList;
import com.ibm.etools.webservice.wscommonbnd.CollectionCertStore;
import com.ibm.etools.webservice.wscommonbnd.KeyLocator;
import com.ibm.etools.webservice.wscommonbnd.KeyStore;
import com.ibm.etools.webservice.wscommonbnd.LDAPCertStore;
import com.ibm.etools.webservice.wscommonbnd.LoginMapping;
import com.ibm.etools.webservice.wscommonbnd.TrustAnchor;
import com.ibm.etools.webservice.wscommonbnd.TrustedIDEvaluator;
import com.ibm.etools.webservice.wscommonbnd.X509Certificate;
import com.ibm.etools.webservice.wssecurity.Consumer;
import com.ibm.etools.webservice.wssecurity.Defaultbindings;
import com.ibm.etools.webservice.wssecurity.Generator;
import com.ibm.etools.webservice.wssecurity.WSSecurity;
import com.ibm.websphere.resource.WASResourceSetImpl;
import com.ibm.ws.exception.ComponentDisabledException;
import com.ibm.ws.exception.ConfigurationError;
import com.ibm.ws.exception.ConfigurationWarning;
import com.ibm.ws.exception.RuntimeError;
import com.ibm.ws.exception.RuntimeWarning;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.runtime.component.ComponentImpl;
import com.ibm.ws.runtime.service.VariableMap;
import com.ibm.ws.runtime.service.WSSecurityService;
import com.ibm.ws.security.common.util.AuditConstants;
import com.ibm.ws.webservices.wssecurity.util.ClientVariableMap;
import com.ibm.ws.webservices.wssecurity.util.ConfigConstants;
import com.ibm.wsspi.wssecurity.SoapSecurityException;
import com.ibm.xml.soapsec.util.ConfigUtil;
import java.io.File;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.X509CRL;
import java.text.MessageFormat;
import java.util.HashSet;
import org.eclipse.emf.common.util.EList;
import org.eclipse.emf.common.util.URI;
import org.eclipse.emf.ecore.resource.Resource;

/* loaded from: input_file:com/ibm/ws/webservices/wssecurity/core/WSSecurityClientComponentImpl.class */
public class WSSecurityClientComponentImpl extends ComponentImpl implements WSSecurityService {
    private WSSecurityDefaultConfiguration config = new WSSecurityDefaultConfiguration();
    private VariableMap varMap = null;
    private Object lock = new Object();
    private ClassLoader appClassLoader = null;
    private static final TraceComponent tc = Tr.register((Class<?>) WSSecurityClientComponentImpl.class, "Web Services Security", "com.ibm.ws.webservices.wssecurity.resources.was-wssecurity");

    @Override // com.ibm.ws.runtime.component.ComponentImpl, com.ibm.wsspi.runtime.component.WsComponentImpl, com.ibm.wsspi.runtime.component.WsComponent
    public void start() throws RuntimeWarning, RuntimeError {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, AuditConstants.START);
            Tr.exit(tc, AuditConstants.START);
        }
    }

    @Override // com.ibm.ws.runtime.component.ComponentImpl, com.ibm.wsspi.runtime.component.WsComponentImpl, com.ibm.wsspi.runtime.component.WsComponent
    public void stop() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, AuditConstants.STOP);
            Tr.exit(tc, AuditConstants.STOP);
        }
    }

    @Override // com.ibm.ws.runtime.component.ComponentImpl, com.ibm.wsspi.runtime.component.WsComponentImpl, com.ibm.wsspi.runtime.component.WsComponent
    public void initialize(Object obj) throws ConfigurationWarning, ConfigurationError, ComponentDisabledException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initialize", obj);
        }
        try {
            addService(WSSecurityService.class, this);
            this.varMap = ClientVariableMap.getInstance();
            _refresh();
            NonceManagerFactory.init(true, ConfigConstants.DEFAULT_NONCE_CACHENAME, 1024, 600, 128, false);
            CertManagerFactory.init(true, ConfigConstants.DEFAULT_NONCE_CACHENAME, 1024, 600);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "initialize");
            }
        } catch (ConfigurationError e) {
            FFDCFilter.processException(e, getClass().getName() + ".initialize", "116", this);
            Tr.error(tc, "security.wssecurity.client.init.startfail", new Object[]{e});
            throw e;
        } catch (Exception e2) {
            FFDCFilter.processException(e2, getClass().getName() + ".initialize", "120", this);
            Tr.error(tc, "security.wssecurity.client.init.startfail", new Object[]{e2});
            throw new ConfigurationError(e2.getMessage(), e2);
        }
    }

    @Override // com.ibm.ws.runtime.component.ComponentImpl, com.ibm.wsspi.runtime.component.WsComponentImpl, com.ibm.wsspi.runtime.component.WsComponent
    public void destroy() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "destroy");
            Tr.exit(tc, "destroy");
        }
    }

    @Override // com.ibm.ws.runtime.service.WSSecurityService
    public void refresh() throws RuntimeWarning {
        throw new RuntimeWarning(ConfigConstants.getMessage("security.wssecurity.client.wssecurity.no.refresh"));
    }

    private void _refresh() throws ConfigurationWarning, ConfigurationError {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "_refresh");
        }
        new WSSecurityDefaultConfiguration();
        try {
            String str = null;
            String property = System.getProperty(ConfigConstants.WS_SECURITY_LOCATION_PROPERTY);
            if (property != null && property.length() > 0) {
                str = property;
            }
            if (str != null) {
                String fileURL = getFileURL(str);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Client xmlFileURL to load: " + fileURL);
                }
                try {
                    Resource resource = new WASResourceSetImpl().getResource(URI.createURI(fileURL), true);
                    if (resource == null) {
                        Tr.warning(tc, "security.wssecurity.client.wssecurity.xml.notfound", new Object[]{fileURL});
                        throw new ConfigurationWarning(MessageFormat.format(ConfigConstants.getMessage("security.wssecurity.client.wssecurity.xml.notfound"), fileURL));
                    }
                    Object obj = resource.getContents().get(0);
                    if (obj == null || !(obj instanceof WSSecurity)) {
                        Tr.error(tc, "security.wssecurity.load.client.wssecurity.xml", new Object[]{fileURL});
                        throw new ConfigurationError(MessageFormat.format(ConfigConstants.getMessage("security.wssecurity.load.client.wssecurity.xml"), fileURL));
                    }
                    WSSecurity wSSecurity = (WSSecurity) obj;
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Loading the client-side ws-security.xml configuration, type = " + obj.getClass().getName());
                    }
                    WSSecurityDefaultConfiguration wSSecurityDefaultConfiguration = new WSSecurityDefaultConfiguration();
                    loadConfig(wSSecurity, wSSecurityDefaultConfiguration);
                    wSSecurityDefaultConfiguration.keyStores.clear();
                    wSSecurityDefaultConfiguration.certs.clear();
                    wSSecurityDefaultConfiguration.crls.clear();
                    this.config = wSSecurityDefaultConfiguration;
                } catch (Exception e) {
                    Tr.warning(tc, "security.wssecurity.client.wssecurity.xml.notfound", new Object[]{fileURL});
                    FFDCFilter.processException(e, WSSecurityClientComponentImpl.class.getName() + "._refresh", "174", this);
                    throw new ConfigurationWarning(MessageFormat.format(ConfigConstants.getMessage("security.wssecurity.client.wssecurity.xml.notfound"), fileURL), e);
                }
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Configuration: ", new Object[]{this.config});
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "_refresh");
            }
        } catch (Exception e2) {
            throw new ConfigurationError("Exception loading config: " + MessageFormat.format(ConfigConstants.getMessage("security.wssecurity.client.loading.config"), e2.getMessage()), e2);
        }
    }

    public String getFileURL(String str) {
        String absolutePath = new File(str).getAbsolutePath();
        if (File.separatorChar != '/') {
            absolutePath = absolutePath.replace(File.separatorChar, '/');
        }
        return absolutePath.startsWith("/") ? "file:" + absolutePath : "file:/" + absolutePath;
    }

    @Override // com.ibm.ws.runtime.service.WSSecurityService
    public Object getConfig() {
        WSSecurityDefaultConfiguration wSSecurityDefaultConfiguration;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getConfig");
            Tr.exit(tc, "getConfig", this.config);
        }
        synchronized (this.lock) {
            wSSecurityDefaultConfiguration = this.config;
        }
        return wSSecurityDefaultConfiguration;
    }

    private void loadConfig(WSSecurity wSSecurity, WSSecurityDefaultConfiguration wSSecurityDefaultConfiguration) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "loadConfig", new Object[]{wSSecurity, wSSecurityDefaultConfiguration});
        }
        EList loginMappings = wSSecurity.getLoginMappings();
        if (loginMappings != null && !loginMappings.isEmpty()) {
            int size = loginMappings.size();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, size + " LoginMappings found.");
            }
            for (int i = 0; i < size; i++) {
                LoginMapping loginMapping = (LoginMapping) loginMappings.get(i);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Processing LoginMapping: ", new Object[]{loginMapping});
                }
                try {
                    com.ibm.xml.soapsec.token.LoginMapping readLoginMapping = ConfigConstants.readLoginMapping(loginMapping, this.varMap, this.appClassLoader);
                    wSSecurityDefaultConfiguration.loginMappings.put(readLoginMapping.getAuthMethod(), readLoginMapping);
                } catch (Throwable th) {
                    Tr.error(tc, "security.wssecurity.load.loginmapping.failed", new Object[]{loginMapping.getAuthMethod(), th});
                }
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "No LoginMappings found.");
        }
        EList trustAnchors = wSSecurity.getTrustAnchors();
        if (trustAnchors != null && !trustAnchors.isEmpty()) {
            int size2 = trustAnchors.size();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, size2 + " TrustAnchors found.");
            }
            for (int i2 = 0; i2 < size2; i2++) {
                TrustAnchor trustAnchor = (TrustAnchor) trustAnchors.get(i2);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Processing TrustAnchor: ", new Object[]{trustAnchor});
                }
                KeyStore keyStore = trustAnchor.getKeyStore();
                String expand = this.varMap.expand(keyStore.getPath());
                com.ibm.ws.webservices.wssecurity.config.KeyStore keyStore2 = (com.ibm.ws.webservices.wssecurity.config.KeyStore) wSSecurityDefaultConfiguration.keyStores.get(expand);
                if (keyStore2 == null) {
                    String type = keyStore.getType();
                    char[] charArray = keyStore.getStorepass().toCharArray();
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Creating keystore instance " + expand + " of type " + type);
                    }
                    keyStore2 = new com.ibm.ws.webservices.wssecurity.config.KeyStore(type, expand, charArray);
                    wSSecurityDefaultConfiguration.keyStores.put(expand, keyStore2);
                }
                wSSecurityDefaultConfiguration.trustAnchors.put(trustAnchor.getName(), keyStore2);
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "No TrustAnchors found.");
        }
        EList trustedIDEvaluators = wSSecurity.getTrustedIDEvaluators();
        if (trustedIDEvaluators != null && !trustedIDEvaluators.isEmpty()) {
            int size3 = trustedIDEvaluators.size();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, size3 + " TrustedIDEvaluators found.");
            }
            for (int i3 = 0; i3 < size3; i3++) {
                TrustedIDEvaluator trustedIDEvaluator = (TrustedIDEvaluator) trustedIDEvaluators.get(i3);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Processing TrustedIDEvaluator: ", new Object[]{trustedIDEvaluator});
                }
                try {
                    wSSecurityDefaultConfiguration.trustedIDEvaluators.put(trustedIDEvaluator.getName(), ConfigConstants.readTrustedIDEvaluator(trustedIDEvaluator, this.varMap, this.appClassLoader));
                } catch (Throwable th2) {
                    Tr.error(tc, "security.wssecurity.load.trustedidevaluator.failed", new Object[]{trustedIDEvaluator.getName(), th2});
                }
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "No TrustedIDEvaluators found.");
        }
        EList keyLocators = wSSecurity.getKeyLocators();
        if (keyLocators != null && !keyLocators.isEmpty()) {
            int size4 = keyLocators.size();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, size4 + " KeyLocators found.");
            }
            for (int i4 = 0; i4 < size4; i4++) {
                KeyLocator keyLocator = (KeyLocator) keyLocators.get(i4);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Processing KeyLocator: ", new Object[]{keyLocator});
                }
                try {
                    wSSecurityDefaultConfiguration.keyLocators.put(keyLocator.getName(), ConfigConstants.readKeyLocator(keyLocator, this.varMap));
                } catch (Throwable th3) {
                    Tr.error(tc, "security.wssecurity.load.keylocator.failed", new Object[]{keyLocator.getName(), th3});
                }
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "No KeyLocators found.");
        }
        CertStoreList certStoreList = wSSecurity.getCertStoreList();
        if (certStoreList != null) {
            EList ldapCertStores = certStoreList.getLdapCertStores();
            if (ldapCertStores != null && !ldapCertStores.isEmpty()) {
                int size5 = ldapCertStores.size();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, size5 + " LDAPCertStores found.");
                }
                for (int i5 = 0; i5 < size5; i5++) {
                    LDAPCertStore lDAPCertStore = (LDAPCertStore) ldapCertStores.get(i5);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Processing LDAPCertStore: ", new Object[]{lDAPCertStore});
                    }
                    try {
                        wSSecurityDefaultConfiguration.certStores.put(lDAPCertStore.getName(), new com.ibm.ws.webservices.wssecurity.config.LDAPCertStore(lDAPCertStore, this.varMap));
                    } catch (Throwable th4) {
                        Tr.error(tc, "security.wssecurity.load.ldapcertstore.failed", new Object[]{lDAPCertStore.getName(), th4});
                    }
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "No LDAPCertStores found.");
            }
            EList collectionCertStores = certStoreList.getCollectionCertStores();
            if (collectionCertStores != null && !collectionCertStores.isEmpty()) {
                int size6 = collectionCertStores.size();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, size6 + " collectionCertStores found.");
                }
                for (int i6 = 0; i6 < size6; i6++) {
                    CollectionCertStore collectionCertStore = (CollectionCertStore) collectionCertStores.get(i6);
                    if (collectionCertStore == null) {
                        Tr.error(tc, "security.wssecurity.collectioncertstore.is.null");
                    } else {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Process CollectionCertStore: ", new Object[]{collectionCertStore});
                        }
                        String provider = collectionCertStore.getProvider();
                        HashSet hashSet = new HashSet();
                        EList x509Certificates = collectionCertStore.getX509Certificates();
                        EList crl = collectionCertStore.getCRL();
                        if ((x509Certificates == null || x509Certificates.isEmpty()) && (crl == null || crl.isEmpty())) {
                            Tr.error(tc, "security.wssecurity.x509certificates.is.null");
                            Tr.error(tc, "security.wssecurity.WSEC0134E");
                        } else {
                            try {
                                CertificateFactory createCertificateFactory = ConfigUtil.createCertificateFactory("");
                                if (x509Certificates != null && !x509Certificates.isEmpty()) {
                                    int size7 = x509Certificates.size();
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, size7 + " certificates found.");
                                    }
                                    for (int i7 = 0; i7 < size7; i7++) {
                                        String expand2 = this.varMap.expand(((X509Certificate) x509Certificates.get(i7)).getPath());
                                        if (expand2 == null) {
                                            Tr.error(tc, "security.wssecurity.cert.path.null", new Object[]{collectionCertStore.getName()});
                                        } else {
                                            java.security.cert.X509Certificate x509Certificate = null;
                                            X509CRL x509crl = null;
                                            if (wSSecurityDefaultConfiguration.certs.containsKey(expand2)) {
                                                x509Certificate = (java.security.cert.X509Certificate) wSSecurityDefaultConfiguration.certs.get(expand2);
                                            } else if (wSSecurityDefaultConfiguration.crls.containsKey(expand2)) {
                                                x509crl = (X509CRL) wSSecurityDefaultConfiguration.crls.get(expand2);
                                            }
                                            if (x509Certificate == null && x509crl == null) {
                                                if (tc.isDebugEnabled()) {
                                                    Tr.debug(tc, "Creating certificate or CRL: " + expand2);
                                                }
                                                try {
                                                    x509Certificate = ConfigUtil.getX509Certificate(new File(expand2), createCertificateFactory);
                                                    wSSecurityDefaultConfiguration.certs.put(expand2, x509Certificate);
                                                } catch (Exception e) {
                                                    x509crl = ConfigUtil.getX509CRL(expand2, createCertificateFactory);
                                                    wSSecurityDefaultConfiguration.crls.put(expand2, x509crl);
                                                }
                                            }
                                            if (x509crl != null) {
                                                hashSet.add(x509crl);
                                            } else {
                                                hashSet.add(x509Certificate);
                                            }
                                        }
                                    }
                                } else if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "No X509 certificates in CollectionCertStore[" + collectionCertStore + "]");
                                }
                                if (crl != null && !crl.isEmpty()) {
                                    int size8 = crl.size();
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, size8 + " CRLs found.");
                                    }
                                    for (int i8 = 0; i8 < size8; i8++) {
                                        String expand3 = this.varMap.expand(((CRL) crl.get(i8)).getPath());
                                        if (expand3 == null) {
                                            Tr.error(tc, "security.wssecurity.cert.path.null", new Object[]{collectionCertStore.getName()});
                                        } else {
                                            java.security.cert.CRL crl2 = (java.security.cert.CRL) wSSecurityDefaultConfiguration.crls.get(expand3);
                                            if (crl2 == null) {
                                                if (tc.isDebugEnabled()) {
                                                    Tr.debug(tc, "Creating certificate: " + expand3);
                                                }
                                                crl2 = ConfigUtil.getX509CRL(expand3, createCertificateFactory);
                                                wSSecurityDefaultConfiguration.crls.put(expand3, crl2);
                                            }
                                            hashSet.add(crl2);
                                        }
                                    }
                                } else if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "No X509 crls in CollectionCertStore[" + collectionCertStore + "]");
                                }
                                wSSecurityDefaultConfiguration.certStores.put(collectionCertStore.getName(), new com.ibm.ws.webservices.wssecurity.config.CollectionCertStore("Collection", new CollectionCertStoreParameters(hashSet), provider, collectionCertStore.getName()));
                            } catch (Throwable th5) {
                                Tr.error(tc, "security.wssecurity.load.collectioncertstore.failed", new Object[]{collectionCertStore.getName(), th5});
                            }
                        }
                    }
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "No CollectionCertStores found.");
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "No CertStoreList found.");
        }
        EList algorithmMapping = wSSecurity.getAlgorithmMapping();
        if (algorithmMapping != null && !algorithmMapping.isEmpty()) {
            int size9 = algorithmMapping.size();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, size9 + " AlgorithmMappings found.");
            }
            for (int i9 = 0; i9 < size9; i9++) {
                AlgorithmMapping algorithmMapping2 = (AlgorithmMapping) algorithmMapping.get(i9);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Process AlgorithmMapping: ", new Object[]{algorithmMapping2});
                }
                try {
                    wSSecurityDefaultConfiguration.algorithmMappings.add(ConfigConstants.readAlgorithmMapping(algorithmMapping2, this.varMap));
                } catch (Throwable th6) {
                    Tr.error(tc, "security.wssecurity.load.algorithmmapping.failed", new Object[]{algorithmMapping2.getFactoryname(), th6});
                }
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "No AlgorithmMappings found.");
        }
        Defaultbindings defaultbindings = wSSecurity.getDefaultbindings();
        if (defaultbindings != null) {
            Consumer consumer = defaultbindings.getConsumer();
            if (consumer != null) {
                wSSecurityDefaultConfiguration.cconfig = new WSSecurityDefaultConsumerConfig(consumer, this.varMap, wSSecurityDefaultConfiguration);
            }
            Generator generator = defaultbindings.getGenerator();
            if (generator != null) {
                wSSecurityDefaultConfiguration.gconfig = null;
                try {
                    wSSecurityDefaultConfiguration.gconfig = new WSSecurityDefaultGeneratorConfig(generator, this.varMap, wSSecurityDefaultConfiguration);
                } catch (SoapSecurityException e2) {
                    Tr.error(tc, "security.wssecurity.WSEC0135E", new Object[]{e2.getMessage()});
                }
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "No default bindings found.");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "loadConfig", new Object[]{wSSecurity, wSSecurityDefaultConfiguration});
        }
    }
}
