package com.ibm.ws.webservices.wssecurity.keyinfo;

import com.ibm.security.krb5.wss.util.ElementLocalNames;
import com.ibm.ws.webservices.wssecurity.audit.WSSAuditEventGenerator;
import com.ibm.ws.webservices.wssecurity.audit.WSSAuditEventGeneratorImpl;
import com.ibm.ws.webservices.wssecurity.audit.WSSAuditService;
import com.ibm.ws.webservices.wssecurity.audit.WSSAuditServiceImpl;
import com.ibm.ws.webservices.wssecurity.config.KeyInfoContentConsumerConfig;
import com.ibm.ws.webservices.wssecurity.core.WSSecurityPlatformContextFactory;
import com.ibm.ws.webservices.wssecurity.util.DOMUtil;
import com.ibm.ws.wssecurity.xss4j.dsig.KeyInfo;
import com.ibm.wsspi.wssecurity.Constants;
import com.ibm.wsspi.wssecurity.SoapSecurityException;
import com.ibm.wsspi.wssecurity.auth.token.X509BSToken;
import com.ibm.wsspi.wssecurity.config.TokenConsumerConfig;
import com.ibm.wsspi.wssecurity.keyinfo.KeyLocator;
import com.ibm.wsspi.wssecurity.token.TokenConsumerComponent;
import com.ibm.xml.soapsec.ResultPool;
import com.ibm.xml.soapsec.util.CertificateUtil;
import com.ibm.xml.soapsec.util.ConfigUtil;
import com.ibm.xml.soapsec.util.Tr;
import com.ibm.xml.soapsec.util.TraceComponent;
import java.math.BigInteger;
import java.security.Key;
import java.text.ParseException;
import java.util.Map;
import org.w3c.dom.Element;

/* loaded from: input_file:com/ibm/ws/webservices/wssecurity/keyinfo/X509IssuerContentConsumer.class */
public class X509IssuerContentConsumer implements KeyInfoContentConsumerComponent {
    private static final String comp = "security.wssecurity";
    private boolean _initialized = false;
    private static final TraceComponent tc = Tr.register(X509IssuerContentConsumer.class, "Web Services Security", "com.ibm.ws.webservices.wssecurity.resources.was-wssecurity");
    private static final String clsName = X509IssuerContentConsumer.class.getName();

    @Override // com.ibm.ws.webservices.wssecurity.WSSComponent, com.ibm.wsspi.wssecurity.Initializable
    public void init(Map map) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "init(Map map)");
        }
        if (!this._initialized) {
            this._initialized = true;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "init(Map map)");
        }
    }

    @Override // com.ibm.ws.webservices.wssecurity.keyinfo.KeyInfoConsumerComponent
    public Key getKey(Element element, Map map, Map map2) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getKey(Element target[" + DOMUtil.getDisplayName(element) + "],Map type,Map context)");
        }
        KeyInfoContentConsumerConfig keyInfoContentConsumerConfig = (KeyInfoContentConsumerConfig) map2.remove(KeyInfoContentConsumerConfig.CONFIG_KEY);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "KeyInfoContentConsumerConfig [" + keyInfoContentConsumerConfig + "].");
        }
        KeyInfoResult keyInfoResult = new KeyInfoResult(keyInfoContentConsumerConfig);
        ResultPool.add(map2, keyInfoResult);
        if (!ConfigUtil.isKeyInfoX509issuer(keyInfoContentConsumerConfig.getKeyInfoType())) {
            String str = (String) map.get(Constants.WSSECURITY_KEY_TYPE);
            boolean isServer = WSSecurityPlatformContextFactory.getInstance().isServer();
            StringBuffer append = new StringBuffer(clsName).append(" expects KeyInfo's type [X509ISSUER],");
            append.append(" but the type requested in the configuration is [").append(keyInfoContentConsumerConfig.getKeyInfoType()).append("].");
            append.append(" Please make sure the KeyInfo used for");
            if (WSSKeyInfoComponent.KEY_VERIFYING.equals(str)) {
                append.append(" siganture verification");
            } else {
                append.append(" decryption");
            }
            append.append(" in the");
            if (isServer) {
                append.append(" request consumer configuration.");
            } else {
                append.append(" response consumer configuration.");
            }
            throw new SoapSecurityException(append.toString());
        }
        int i = 0;
        Object obj = map2.get(com.ibm.ws.webservices.wssecurity.Constants.WSS_VERSION);
        if (obj != null && (obj instanceof Integer)) {
            i = ((Integer) obj).intValue();
        }
        String str2 = com.ibm.ws.webservices.wssecurity.Constants.NAMESPACES[0][i];
        map.put(Constants.WSSECURITY_KEYINFO_TYPE, keyInfoContentConsumerConfig.getKeyInfoType());
        map2.put(Constants.WSSECURITY_KEYINFO_TYPE, keyInfoContentConsumerConfig.getKeyInfoType());
        String str3 = (String) map.get(Constants.WSSECURITY_KEY_TYPE);
        map2.put(Constants.WSSECURITY_KEY_TYPE, str3);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "The type of a key is [" + str3 + "].");
        }
        String[] x509Data = getX509Data(element);
        String str4 = x509Data[0];
        String str5 = x509Data[1];
        keyInfoResult.setIdInSubject(str4 + ":" + str5);
        map.put(Constants.WSSECURITY_KEY_ISSUERNAME, str4);
        map.put(Constants.WSSECURITY_KEY_ISSUERSERIAL, str5);
        map2.put(Constants.WSSECURITY_KEY_ISSUERNAME, str4);
        map2.put(Constants.WSSECURITY_KEY_ISSUERSERIAL, str5);
        map2.remove(Constants.WSSECURITY_KEY_NAME);
        map2.remove(Constants.WSSECURITY_KEY_ID);
        map2.remove(Constants.WSSECURITY_KEY_REFERENCE);
        map2.remove(Constants.WSSECURITY_KEY_EMBID);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Issuer name of a certificate is [" + str4 + "].");
            Tr.debug(tc, "Issuer serial of a certificate is [" + str5 + "].");
        }
        KeyLocator keyLocator = keyInfoContentConsumerConfig.getKeyLocator();
        if (keyLocator == null) {
            throw SoapSecurityException.format("security.wssecurity.STRReferenceContentGenerator.getKey03");
        }
        map2.put(X509BSToken.KEY_LOCATOR, keyInfoContentConsumerConfig.getKeyLocator());
        map2.remove(keyLocator.getClass());
        if (keyInfoContentConsumerConfig.getTokenConsumer() == null) {
            map.remove(Constants.WSSECURITY_KEYINFO_TOKEN_REFERENCE);
        } else {
            map.put(Constants.WSSECURITY_KEYINFO_TOKEN_REFERENCE, keyInfoContentConsumerConfig.getTokenConsumer());
        }
        TokenConsumerConfig tokenConsumer = keyInfoContentConsumerConfig.getTokenConsumer();
        if (tokenConsumer != null) {
            TokenConsumerComponent tokenConsumerConfig = tokenConsumer.getInstance();
            if (tokenConsumerConfig == null) {
                throw SoapSecurityException.format("security.wssecurity.EmbeddedContentConsumer.getKey01");
            }
            map2.put(TokenConsumerConfig.CONFIG_KEY, tokenConsumer);
            tokenConsumerConfig.invoke(element.getOwnerDocument(), map2);
        }
        map2.remove(X509BSToken.KEY_LOCATOR);
        KeyLocator keyLocator2 = keyInfoContentConsumerConfig.getKeyLocator();
        Key key = keyLocator2.getKey(map, map2);
        map2.remove(keyLocator2.getClass());
        map2.remove(X509BSToken.CERT_INFO);
        if (WSSAuditServiceImpl.getInstance().isEventRequired(WSSAuditService.WSSAuditEventType.SECURITY_SIGNING, WSSAuditService.WSSAuditOutcome.SUCCESS) || WSSAuditServiceImpl.getInstance().isEventRequired(WSSAuditService.WSSAuditEventType.SECURITY_SIGNING, WSSAuditService.WSSAuditOutcome.DENIED)) {
            Map<String, Object> extendedAuditData = WSSAuditEventGeneratorImpl.getInstance().setExtendedAuditData(map2, WSSAuditEventGenerator.TOKEN_ID, str4 + ":" + str5);
            WSSAuditEventGeneratorImpl.getInstance().addExtendedAuditData(extendedAuditData, WSSAuditEventGenerator.KEY_INFO_TYPE, map.toString());
            WSSAuditEventGeneratorImpl.getInstance().addExtendedAuditData(extendedAuditData, "Algorithm", key.getAlgorithm());
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getKey(Element target,Map type,Map context)returns Key[" + key + "]");
        }
        return key;
    }

    private String[] getX509Data(Element element) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getX509Data(Element elem[" + DOMUtil.getDisplayName(element) + "])");
        }
        Element oneElement = DOMUtil.getOneElement(element, com.ibm.ws.webservices.wssecurity.Constants.NS_DSIG, ElementLocalNames.DS_X509_DATA);
        if (oneElement == null) {
            throw SoapSecurityException.format("security.wssecurity.X509IssuerContentConsumer.getX509Data01");
        }
        Element oneChildElement = DOMUtil.getOneChildElement(oneElement, com.ibm.ws.webservices.wssecurity.Constants.NS_DSIG, "X509IssuerSerial");
        if (oneChildElement == null) {
            throw SoapSecurityException.format("security.wssecurity.X509IssuerContentConsumer.getX509Data01");
        }
        Element oneChildElement2 = DOMUtil.getOneChildElement(oneChildElement, com.ibm.ws.webservices.wssecurity.Constants.NS_DSIG, "X509IssuerName");
        if (oneChildElement2 == null) {
            throw SoapSecurityException.format("security.wssecurity.X509IssuerContentConsumer.getX509Data01");
        }
        Element oneChildElement3 = DOMUtil.getOneChildElement(oneChildElement, com.ibm.ws.webservices.wssecurity.Constants.NS_DSIG, "X509SerialNumber");
        if (oneChildElement3 == null) {
            throw SoapSecurityException.format("security.wssecurity.X509IssuerContentConsumer.getX509Data01");
        }
        String stringValue = DOMUtil.getStringValue(oneChildElement2);
        String encodeDName = KeyInfo.X509Data.encodeDName(stringValue);
        if (encodeDName != null) {
            stringValue = encodeDName;
        }
        String stringValue2 = DOMUtil.getStringValue(oneChildElement3);
        if (stringValue2 != null) {
            try {
                new BigInteger(stringValue2);
            } catch (NumberFormatException e) {
                try {
                    stringValue2 = CertificateUtil.convertSerialNumber(stringValue2).toString();
                } catch (ParseException e2) {
                    throw SoapSecurityException.format("security.wssecurity.X509LoginModule.s04", stringValue2, e2);
                }
            }
        }
        String[] strArr = {stringValue, stringValue2};
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getX509Data(Element elem) returns String[][" + strArr + "]");
        }
        return strArr;
    }
}
