package com.ibm.ws.wssecurity.wssapi.token.impl;

import com.ibm.ws.wssecurity.common.Constants;
import com.ibm.ws.wssecurity.common.Constants0;
import com.ibm.ws.wssecurity.keyinfo.KeyInfoConsumer;
import com.ibm.ws.wssecurity.util.CertificateUtil;
import com.ibm.ws.wssecurity.util.ConfigUtil;
import com.ibm.ws.wssecurity.util.Hex;
import com.ibm.ws.wssecurity.util.NamespaceUtil;
import com.ibm.ws.wssecurity.util.Tr;
import com.ibm.ws.wssecurity.util.TraceComponent;
import com.ibm.ws.wssecurity.xml.xss4j.AlgorithmFactory;
import com.ibm.ws.wssecurity.xml.xss4j.dsig.KeyInfo;
import com.ibm.ws.wssecurity.xml.xss4j.dsig.util.Base64;
import com.ibm.wsspi.wssecurity.core.SoapSecurityException;
import com.ibm.wsspi.wssecurity.core.config.KeyInformationConfig;
import com.ibm.wsspi.wssecurity.core.config.KeyStoreConfig;
import java.security.InvalidAlgorithmParameterException;
import java.security.Key;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Stack;
import javax.crypto.SecretKey;
import javax.xml.namespace.QName;

/* loaded from: input_file:com/ibm/ws/wssecurity/wssapi/token/impl/KeyStoreManager.class */
public class KeyStoreManager {
    private static final String comp = "security.wssecurity";
    private static final int ITSHA1_OCTETS = 20;
    private static final int IT60SHA1_OCTETS = 8;
    private static final String OID_SUBJECTKEYIDENTIFIER = "2.5.29.14";
    private static final byte BER_SEQUENCE = 48;
    private static final byte BER_BITSTRING = 3;
    private static final long DAYS_IN_MS = 86400000;
    private static final long DAYS_IN_MS_BEFORE_EXPIRE_WARNING = 5184000000L;
    private static final String MESSAGE_DIGEST_SHA1 = "SHA";
    private static Stack<MessageDigest> sha1Pool;
    private static final int STATUS_OK = 0;
    private static final int STATUS_ENTRY_ERROR = 1;
    private static final int STATUS_CERT_ERROR = 2;
    private static final int STATUS_KEYID_ERROR = 4;
    private static final int STATUS_THUMBPRINT_ERROR = 8;
    private static final TraceComponent tc = Tr.register(KeyStoreManager.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.wssmessages");
    private static final String clsName = KeyStoreManager.class.getName();
    private static boolean initialized = false;
    private static KeyStoreManager instance = null;
    String UNKNOWN = KeyInfoConsumer.UNKNOWN;
    String PKIPATH = "PKIPATH";
    String PKCS7 = Constants0.PKCS7_SENT_QNAME;
    private final Map<String, KeyStore> keyStoreCache = new HashMap();
    private final Map<Integer, KeyInformation> keyInformationCache = new HashMap();

    /* loaded from: input_file:com/ibm/ws/wssecurity/wssapi/token/impl/KeyStoreManager$KeyInformation.class */
    public static class KeyInformation {
        private static final TraceComponent tc = Tr.register(KeyInformation.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.wssmessages");
        private String _kspath;
        private String _alias;
        private String _name;
        private Key _publicOrSecretKey;
        private Key _privateOrSecretKey;
        private Certificate _certificate;
        private byte[] _binary;
        private String _encodedBinary;
        private String _subjectDN;
        private String _encSubjectDN;
        private String _encIssuerDN;
        private String _issuerSerial;
        private String _b64KeyId;
        private String _b64KeyId60;
        private String _b64Thumbprint;
        private String _hexKeyId;
        private String _hexKeyId60;
        private String _hexThumbprint;
        private int _status;
        private long _expiration;
        private long _daysInMSBeforeExpireWarning;
        private String _errorMes;
        private boolean _skipExpirationWarningMessage;

        private KeyInformation(String str, String str2, String str3, Key key, Key key2, X509Certificate x509Certificate, byte[] bArr, String str4, String str5, String str6, String str7, String str8, String str9, String str10, String str11, String str12, String str13, int i, long j, long j2, String str14, boolean z) {
            this._kspath = str;
            this._alias = str2;
            this._name = str3;
            this._publicOrSecretKey = key;
            this._privateOrSecretKey = key2;
            this._certificate = x509Certificate;
            this._binary = bArr;
            this._subjectDN = str4;
            this._encSubjectDN = str5;
            this._encIssuerDN = str6;
            this._issuerSerial = str7;
            this._b64KeyId = str8;
            this._b64KeyId60 = str9;
            this._b64Thumbprint = str10;
            this._hexKeyId = str11;
            this._hexKeyId60 = str12;
            this._hexThumbprint = str13;
            this._status = i;
            this._expiration = j;
            this._daysInMSBeforeExpireWarning = j2;
            this._errorMes = str14;
            this._skipExpirationWarningMessage = z;
        }

        public String getName() {
            return this._name;
        }

        public Key getPublicOrSecretKey() throws SoapSecurityException {
            if ((this._status & 1) != 1 && (this._status & 2) != 2) {
                checkExpiration();
                return this._publicOrSecretKey;
            }
            SoapSecurityException soapSecurityException = new SoapSecurityException(this._errorMes);
            Tr.processException(soapSecurityException, KeyStoreManager.clsName + ".getPublicOrSecretKey", "1439", this);
            throw soapSecurityException;
        }

        public Key getPrivateOrSecretKey() throws SoapSecurityException {
            if ((this._status & 1) != 1 && (this._status & 2) != 2) {
                checkExpiration();
                return this._privateOrSecretKey;
            }
            SoapSecurityException soapSecurityException = new SoapSecurityException(this._errorMes);
            Tr.processException(soapSecurityException, KeyStoreManager.clsName + ".getPrivateOrSecretKey", "1449", this);
            throw soapSecurityException;
        }

        public Certificate getCertificate() throws SoapSecurityException {
            if ((this._status & 1) != 1 && (this._status & 2) != 2) {
                checkExpiration();
                return this._certificate;
            }
            SoapSecurityException soapSecurityException = new SoapSecurityException(this._errorMes);
            Tr.processException(soapSecurityException, KeyStoreManager.clsName + ".getCertificate", "1459", this);
            throw soapSecurityException;
        }

        public byte[] getBinary() throws SoapSecurityException {
            if ((this._status & 1) != 1 && (this._status & 2) != 2) {
                checkExpiration();
                return this._binary;
            }
            SoapSecurityException soapSecurityException = new SoapSecurityException(this._errorMes);
            Tr.processException(soapSecurityException, KeyStoreManager.clsName + ".getBinary", "1469", this);
            throw soapSecurityException;
        }

        public String getEncodedBinary() throws SoapSecurityException {
            if ((this._status & 1) == 1 || (this._status & 2) == 2) {
                SoapSecurityException soapSecurityException = new SoapSecurityException(this._errorMes);
                Tr.processException(soapSecurityException, KeyStoreManager.clsName + ".getEncodedBinary", "1479", this);
                throw soapSecurityException;
            }
            checkExpiration();
            if (this._encodedBinary == null) {
                this._encodedBinary = Base64.encode(this._binary);
            }
            return this._encodedBinary;
        }

        public String getSubjectDN() throws SoapSecurityException {
            if ((this._status & 1) != 1 && (this._status & 2) != 2) {
                checkExpiration();
                return this._encSubjectDN;
            }
            SoapSecurityException soapSecurityException = new SoapSecurityException(this._errorMes);
            Tr.processException(soapSecurityException, KeyStoreManager.clsName + ".getSubjectDN", "1492", this);
            throw soapSecurityException;
        }

        public String getIssuerDN() throws SoapSecurityException {
            if ((this._status & 1) != 1 && (this._status & 2) != 2) {
                checkExpiration();
                return this._encIssuerDN;
            }
            SoapSecurityException soapSecurityException = new SoapSecurityException(this._errorMes);
            Tr.processException(soapSecurityException, KeyStoreManager.clsName + ".getIssuerDN", "1502", this);
            throw soapSecurityException;
        }

        public String getIssuerSerial() throws SoapSecurityException {
            if ((this._status & 1) != 1 && (this._status & 2) != 2) {
                checkExpiration();
                return this._issuerSerial;
            }
            SoapSecurityException soapSecurityException = new SoapSecurityException(this._errorMes);
            Tr.processException(soapSecurityException, KeyStoreManager.clsName + ".getIssuerSerial", "1512", this);
            throw soapSecurityException;
        }

        public String getB64KeyId() throws SoapSecurityException {
            if ((this._status & 1) != 1 && (this._status & 2) != 2 && (this._status & 4) != 4) {
                checkExpiration();
                return this._b64KeyId;
            }
            SoapSecurityException soapSecurityException = new SoapSecurityException(this._errorMes);
            Tr.processException(soapSecurityException, KeyStoreManager.clsName + ".getB64KeyId", "1523", this);
            throw soapSecurityException;
        }

        public String getB64KeyId60() throws SoapSecurityException {
            if ((this._status & 1) != 1 && (this._status & 2) != 2 && (this._status & 4) != 4) {
                checkExpiration();
                return this._b64KeyId60;
            }
            SoapSecurityException soapSecurityException = new SoapSecurityException(this._errorMes);
            Tr.processException(soapSecurityException, KeyStoreManager.clsName + ".getB64KeyId60", "1534", this);
            throw soapSecurityException;
        }

        public String getB64Thumbprint() throws SoapSecurityException {
            if ((this._status & 1) != 1 && (this._status & 2) != 2 && (this._status & 8) != 8) {
                checkExpiration();
                return this._b64Thumbprint;
            }
            SoapSecurityException soapSecurityException = new SoapSecurityException(this._errorMes);
            Tr.processException(soapSecurityException, KeyStoreManager.clsName + ".getB64Thumbprint", "1545", this);
            throw soapSecurityException;
        }

        public String getHexKeyId() throws SoapSecurityException {
            if ((this._status & 1) != 1 && (this._status & 2) != 2 && (this._status & 4) != 4) {
                checkExpiration();
                return this._hexKeyId;
            }
            SoapSecurityException soapSecurityException = new SoapSecurityException(this._errorMes);
            Tr.processException(soapSecurityException, KeyStoreManager.clsName + ".getHexKeyId", "1556", this);
            throw soapSecurityException;
        }

        public String getHexKeyId60() throws SoapSecurityException {
            if ((this._status & 1) != 1 && (this._status & 2) != 2 && (this._status & 4) != 4) {
                checkExpiration();
                return this._hexKeyId60;
            }
            SoapSecurityException soapSecurityException = new SoapSecurityException(this._errorMes);
            Tr.processException(soapSecurityException, KeyStoreManager.clsName + ".getHexKeyId60", "1567", this);
            throw soapSecurityException;
        }

        public String getHexThumbprint() throws SoapSecurityException {
            if ((this._status & 1) != 1 && (this._status & 2) != 2 && (this._status & 8) != 8) {
                checkExpiration();
                return this._hexThumbprint;
            }
            SoapSecurityException soapSecurityException = new SoapSecurityException(this._errorMes);
            Tr.processException(soapSecurityException, KeyStoreManager.clsName + ".getHexThumbprint", "1578", this);
            throw soapSecurityException;
        }

        public void setPrivateKey(Key key) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "setPrivateKey(key[" + (key != null ? key.getClass().getName() : "null") + "])");
            }
            this._privateOrSecretKey = key;
        }

        private void checkExpiration() throws SoapSecurityException {
            if (tc.isEntryEnabled()) {
                Tr.entry(tc, "checkExpiration()");
            }
            if (this._expiration >= 0) {
                long currentTimeMillis = this._expiration - System.currentTimeMillis();
                if (currentTimeMillis < 0) {
                    this._status += 2;
                    this._errorMes = ConfigUtil.getMessage("security.wssecurity.WSEC5181E", new String[]{this._subjectDN, this._alias, this._kspath, "expiration time - current system time = " + currentTimeMillis + " ms."});
                    SoapSecurityException soapSecurityException = new SoapSecurityException(this._errorMes);
                    Tr.processException(soapSecurityException, KeyStoreManager.clsName + ".checkExpiration", "1602", this);
                    throw soapSecurityException;
                }
                if (!this._skipExpirationWarningMessage && currentTimeMillis < this._daysInMSBeforeExpireWarning) {
                    Tr.warning(tc, "security.wssecurity.WSEC5189W", new Object[]{this._subjectDN, this._alias, this._kspath, new Long(currentTimeMillis / KeyStoreManager.DAYS_IN_MS)});
                    this._skipExpirationWarningMessage = true;
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "checkExpiration()");
            }
        }

        public String toString() {
            StringBuffer append = new StringBuffer(getClass().getName()).append("(");
            append.append("keystorePath=[").append(this._kspath).append("], ");
            append.append("alias=[").append(this._alias).append("], ");
            append.append("name=[").append(this._name).append("], ");
            append.append("status=[").append(this._status).append("], ");
            append.append(")");
            return append.toString();
        }

        static /* synthetic */ int access$112(KeyInformation keyInformation, int i) {
            int i2 = keyInformation._status + i;
            keyInformation._status = i2;
            return i2;
        }
    }

    private KeyStoreManager() {
    }

    private static final synchronized void init() {
        if (initialized) {
            return;
        }
        instance = new KeyStoreManager();
        sha1Pool = new Stack<>();
        initialized = true;
    }

    public static final KeyStoreManager getInstance() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getInstance()");
        }
        if (!initialized) {
            init();
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getInstance()");
        }
        return instance;
    }

    public final synchronized KeyInformation getKeyInformation(X509Certificate x509Certificate) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("getKeyInformation(");
            stringBuffer.append("X509Certificate x509[");
            stringBuffer.append(x509Certificate == null ? "null" : x509Certificate.getSubjectDN().getName());
            stringBuffer.append("])");
            Tr.entry(tc, stringBuffer.toString());
        }
        Integer num = new Integer(x509Certificate.hashCode());
        KeyInformation keyInformation = this.keyInformationCache.get(num);
        if (keyInformation == null) {
            if (tc.isDebugEnabled()) {
                StringBuffer stringBuffer2 = new StringBuffer("There is no cached key information with the X509 certificate [");
                stringBuffer2.append(x509Certificate == null ? "null" : x509Certificate.getSubjectDN().getName());
                stringBuffer2.append("]. So a new key information is created.");
                Tr.debug(tc, stringBuffer2.toString());
            }
            keyInformation = createKeyInformation(x509Certificate);
            this.keyInformationCache.put(num, keyInformation);
        } else if (tc.isDebugEnabled()) {
            StringBuffer stringBuffer3 = new StringBuffer("There is the cached key information with the X509 certificate [");
            stringBuffer3.append(x509Certificate == null ? "null" : x509Certificate.getSubjectDN().getName());
            stringBuffer3.append("]. So the key information is used.");
            Tr.debug(tc, stringBuffer3.toString());
        }
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer4 = new StringBuffer("getKeyInformation(");
            stringBuffer4.append("X509Certificate)");
            stringBuffer4.append(" returns KeyInformation[").append(keyInformation).append("]");
            Tr.exit(tc, stringBuffer4.toString());
        }
        return keyInformation;
    }

    private final KeyInformation createKeyInformation(X509Certificate x509Certificate) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("createKeyInformation(");
            stringBuffer.append("X509Certificate x509[");
            stringBuffer.append(x509Certificate == null ? "null" : x509Certificate.getSubjectDN().getName());
            stringBuffer.append("])");
            Tr.entry(tc, stringBuffer.toString());
        }
        String str = null;
        String str2 = null;
        String str3 = null;
        String str4 = null;
        String str5 = null;
        String str6 = null;
        byte[] bArr = null;
        PublicKey publicKey = null;
        Key key = null;
        int i = 0;
        String str7 = null;
        boolean z = false;
        String name = x509Certificate.getSubjectDN().getName();
        String encodeDName = KeyInfo.X509Data.encodeDName(name);
        String name2 = x509Certificate.getIssuerDN().getName();
        String encodeDName2 = KeyInfo.X509Data.encodeDName(name2);
        String bigInteger = x509Certificate.getSerialNumber().toString();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "subjectDN[" + name + "], encSubjectDN[" + encodeDName + "], issuerDN[" + name2 + "], encIssuerDN[" + encodeDName2 + "], issuerSerial[" + bigInteger + "]");
        }
        try {
            bArr = x509Certificate.getEncoded();
            x509Certificate.checkValidity();
        } catch (CertificateEncodingException e) {
            i = 0 + 2;
            Tr.processException(e, clsName + ".createKeyInformation", "223", this);
            Tr.error(tc, "security.wssecurity.WSEC0155E", new Object[]{e});
            str7 = ConfigUtil.getMessage("security.wssecurity.WSEC0155E", new String[]{e.getClass().getName() + ": " + e.getMessage()});
        } catch (CertificateExpiredException e2) {
            i = 0 + 2;
            Tr.processException(e2, clsName + ".createKeyInformation", "231", this);
            Tr.error(tc, "security.wssecurity.WSEC6805E", new Object[]{name, e2});
            str7 = ConfigUtil.getMessage("security.wssecurity.WSEC6805E", new String[]{name, e2.getClass().getName() + ": " + e2.getMessage()});
        } catch (CertificateException e3) {
            i = 0 + 2;
            Tr.processException(e3, clsName + ".createKeyInformation", "242", this);
            Tr.error(tc, "security.wssecurity.WSEC6806E", new Object[]{name, e3});
            str7 = ConfigUtil.getMessage("security.wssecurity.WSEC6806E", new String[]{name, e3.getClass().getName() + ": " + e3.getMessage()});
        }
        long time = x509Certificate.getNotAfter().getTime();
        if (i == 0 && time - System.currentTimeMillis() < DAYS_IN_MS_BEFORE_EXPIRE_WARNING) {
            Tr.warning(tc, "security.wssecurity.WSEC6807W", new Object[]{name, new Long((time - System.currentTimeMillis()) / DAYS_IN_MS)});
            z = true;
        }
        if (i == 0) {
            try {
                byte[] makeSubjectKeyIdentifier = makeSubjectKeyIdentifier(x509Certificate, null);
                str = Base64.encode(makeSubjectKeyIdentifier);
                str4 = Hex.encode(makeSubjectKeyIdentifier);
                byte[] makeSubjectKeyIdentifier2 = makeSubjectKeyIdentifier(x509Certificate, Constants.IT60SHA1);
                str2 = Base64.encode(makeSubjectKeyIdentifier2);
                str5 = Hex.encode(makeSubjectKeyIdentifier2);
            } catch (InvalidAlgorithmParameterException e4) {
                i += 4;
                Tr.processException(e4, clsName + ".createKeyInformation", "282", this);
                Tr.error(tc, "security.wssecurity.KeyStoreKeyLocator.generateIdentifier01", new Object[]{e4});
                str7 = ConfigUtil.getMessage("security.wssecurity.KeyStoreKeyLocator.generateIdentifier01") + ":" + e4.getClass().getName() + ": " + e4.getMessage();
            } catch (NoSuchAlgorithmException e5) {
                i += 4;
                Tr.processException(e5, clsName + ".createKeyInformation", "275", this);
                Tr.error(tc, "security.wssecurity.KeyStoreKeyLocator.generateIdentifier01", new Object[]{e5});
                str7 = ConfigUtil.getMessage("security.wssecurity.KeyStoreKeyLocator.generateIdentifier01") + ": " + e5.getClass().getName() + ": " + e5.getMessage();
            } catch (Exception e6) {
                i += 4;
                Tr.processException(e6, clsName + ".createKeyInformation", "289", this);
                Tr.error(tc, "security.wssecurity.KeyStoreKeyLocator.generateIdentifier04", new Object[]{e6});
                str7 = ConfigUtil.getMessage("security.wssecurity.KeyStoreKeyLocator.generateIdentifier04") + ":" + e6.getClass().getName() + ": " + e6.getMessage();
            }
            publicKey = x509Certificate.getPublicKey();
        }
        if (i == 0) {
            try {
                byte[] makeThumbprint = makeThumbprint(bArr);
                str3 = Base64.encode(makeThumbprint);
                str6 = Hex.encode(makeThumbprint);
            } catch (Exception e7) {
                i += 8;
                Tr.processException(e7, clsName + ".createKeyInformation", "304", this);
                Tr.error(tc, "security.wssecurity.KeyStoreKeyLocator.generateIdentifier04", new Object[]{e7});
                str7 = ConfigUtil.getMessage("security.wssecurity.KeyStoreKeyLocator.generateIdentifier04") + ":" + e7.getClass().getName() + ": " + e7.getMessage();
            }
        }
        KeyInformation keyInformation = new KeyInformation(null, null, encodeDName, publicKey, key, x509Certificate, bArr, name, encodeDName, encodeDName2, bigInteger, str, str2, str3, str4, str5, str6, i, time, DAYS_IN_MS_BEFORE_EXPIRE_WARNING, str7, z);
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer2 = new StringBuffer("createKeyInformation(");
            stringBuffer2.append("X509Certificate)");
            stringBuffer2.append(" returns KeyInformation[").append(keyInformation).append("]");
            Tr.exit(tc, stringBuffer2.toString());
        }
        return keyInformation;
    }

    public final KeyInformation getTrustKeyInformation(KeyStoreConfig keyStoreConfig, KeyInformationConfig keyInformationConfig) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getTrustKeyInformation(KeyStoreConfig[" + ConfigUtil.getObjState(keyStoreConfig) + "], KeyInformationConfig[" + ConfigUtil.getObjState(keyInformationConfig) + "])");
        }
        KeyInformation keyInformation = getKeyInformation(keyStoreConfig, keyInformationConfig, false);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getTrustKeyInformation(KeyStoreConfig, KeyInformationConfig)");
        }
        return keyInformation;
    }

    public final KeyInformation getKeyInformation(KeyStoreConfig keyStoreConfig, KeyInformationConfig keyInformationConfig) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getKeyInformation(KeyStoreConfig[" + ConfigUtil.getObjState(keyStoreConfig) + "], KeyInformationConfig[" + ConfigUtil.getObjState(keyInformationConfig) + "])");
        }
        KeyInformation keyInformation = getKeyInformation(keyStoreConfig, keyInformationConfig, true);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getKeyInformation(KeyStoreConfig, KeyInformationConfig)");
        }
        return keyInformation;
    }

    public final KeyInformation getKeyInformation(KeyStoreConfig keyStoreConfig, KeyInformationConfig keyInformationConfig, boolean z) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getKeyInformation(KeyStoreConfig[" + ConfigUtil.getObjState(keyStoreConfig) + "], KeyInformationConfig[" + ConfigUtil.getObjState(keyInformationConfig) + "], useKeyPass[" + z + "])");
        }
        KeyInformation keyInformation = null;
        if (keyInformationConfig != null && keyStoreConfig != null) {
            String str = null;
            if (z) {
                str = keyInformationConfig.getKeyPass();
            }
            keyInformation = getKeyInformation(keyStoreConfig, keyInformationConfig.getAlias(), str, keyInformationConfig.getName());
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getKeyInformation(KeyStoreConfig, KeyInformationConfig, useKeyPass)");
        }
        return keyInformation;
    }

    public final KeyInformation getKeyInformation(KeyStoreConfig keyStoreConfig, String str, String str2, String str3) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getKeyInformation(KeyStoreConfig[" + ConfigUtil.getObjState(keyStoreConfig) + "], alias[" + str + "], keyPass[" + ConfigUtil.getObjState(str2) + "], keyName[" + str3 + "])");
        }
        KeyInformation keyInformation = null;
        if (keyStoreConfig != null && ConfigUtil.hasValue(str)) {
            keyInformation = getKeyInformation(keyStoreConfig.getPath(), keyStoreConfig.getType(), ConfigUtil.getTrimmedCharArray(keyStoreConfig.getPassword()), keyStoreConfig.getKsRef(), str, ConfigUtil.getTrimmedCharArray(str2), str3);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getKeyInformation(KeyStoreConfig, alias, keyPass, KeyName)");
        }
        return keyInformation;
    }

    public final synchronized KeyInformation getKeyInformation(String str, String str2, char[] cArr, String str3, String str4, char[] cArr2, String str5) throws SoapSecurityException {
        return getKeyInformation(str, str2, cArr, str3, str4, cArr2, str5, this.UNKNOWN, null);
    }

    public final synchronized KeyInformation getKeyInformation(String str, String str2, char[] cArr, String str3, String str4, char[] cArr2, String str5, String str6, List list) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("getKeyInformation(");
            stringBuffer.append("String storePath[").append(str).append("], ");
            stringBuffer.append("String storeType[").append(str2).append("], ");
            stringBuffer.append("char[] storePassword[");
            stringBuffer.append(cArr == null ? "null" : "not null");
            stringBuffer.append("], ");
            stringBuffer.append("String keyStoreRef[").append(str3).append("], ");
            stringBuffer.append("String alias[").append(str4).append("], ");
            stringBuffer.append("char[] keyPassword[");
            stringBuffer.append(cArr2 == null ? "null" : "not null");
            stringBuffer.append("], ");
            stringBuffer.append("String keyName[").append(str5).append("],");
            stringBuffer.append("String tokenType[").append(str6).append("],");
            stringBuffer.append("List certStores[");
            stringBuffer.append(list == null ? "null]" : "not null]");
            stringBuffer.append(")");
            Tr.entry(tc, stringBuffer.toString());
        }
        KeyInformation keyInformation = null;
        KeyStore keyStore = getKeyStore(str, str2, cArr, str3);
        if (keyStore != null) {
            int hashCode = keyStore.hashCode() + str4.hashCode();
            if (cArr2 != null && cArr2.length > 0) {
                hashCode += new String(cArr2).hashCode();
            }
            int hashCode2 = hashCode + str6.hashCode();
            if (list != null && !list.isEmpty()) {
                hashCode2 += list.hashCode();
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "hashCode=" + hashCode2);
            }
            Integer num = new Integer(hashCode2);
            keyInformation = this.keyInformationCache.get(num);
            if (keyInformation == null) {
                boolean isHWKeyStore = ConfigUtil.isHWKeyStore(str3);
                if (tc.isDebugEnabled()) {
                    StringBuffer stringBuffer2 = new StringBuffer("There is no cached key information with the keystore [");
                    stringBuffer2.append(str);
                    stringBuffer2.append("] and the alias [");
                    stringBuffer2.append(str4);
                    stringBuffer2.append("]. So a new key information is created.");
                    Tr.debug(tc, stringBuffer2.toString());
                }
                keyInformation = createKeyInformation(keyStore, str, str3, str4, cArr2, str5, isHWKeyStore);
                this.keyInformationCache.put(num, keyInformation);
            } else if (tc.isDebugEnabled()) {
                StringBuffer stringBuffer3 = new StringBuffer("There is the cached key information with the keystore [");
                stringBuffer3.append(str);
                stringBuffer3.append("] and the alias [");
                stringBuffer3.append(str4);
                stringBuffer3.append("]. So the key information is used.");
                Tr.debug(tc, stringBuffer3.toString());
            }
        }
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer4 = new StringBuffer("getKeyInformation(");
            stringBuffer4.append("String, String, char[], String, String, char[], String)");
            stringBuffer4.append(" returns KeyInformation[").append(keyInformation).append("]");
            Tr.exit(tc, stringBuffer4.toString());
        }
        return keyInformation;
    }

    private final KeyInformation createKeyInformation(KeyStore keyStore, String str, String str2, char[] cArr, String str3, boolean z) throws SoapSecurityException {
        return createKeyInformation(keyStore, str, null, str2, cArr, str3, z);
    }

    private final KeyInformation createKeyInformation(KeyStore keyStore, String str, String str2, String str3, char[] cArr, String str4, boolean z) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("createKeyInformation(");
            stringBuffer.append("KeyStore keyStore, ");
            stringBuffer.append("String alias[").append(str3).append("], ");
            stringBuffer.append("char[] keyPassword[");
            stringBuffer.append(cArr == null ? "null" : "not null");
            stringBuffer.append("], ");
            stringBuffer.append("String keyName[").append(str4).append("])");
            stringBuffer.append("boolean isHWKeyStoreRef[").append(z).append("])");
            Tr.entry(tc, stringBuffer.toString());
        }
        String encodeDName = KeyInfo.X509Data.encodeDName(str4);
        if (encodeDName == null || encodeDName.length() == 0) {
            encodeDName = str4;
        }
        String str5 = null;
        String str6 = null;
        String str7 = null;
        String str8 = null;
        String str9 = null;
        String str10 = null;
        String str11 = null;
        String str12 = null;
        String str13 = null;
        String str14 = null;
        X509Certificate x509Certificate = null;
        byte[] bArr = null;
        Key key = null;
        Key key2 = null;
        int i = 0;
        long j = -1;
        String str15 = null;
        boolean z2 = false;
        KeyStore.PasswordProtection passwordProtection = null;
        if (cArr != null && cArr.length > 0) {
            passwordProtection = new KeyStore.PasswordProtection(cArr);
        }
        KeyStore.Entry entry = null;
        try {
            try {
                entry = keyStore.getEntry(str3, passwordProtection);
                if (0 != 0) {
                    i = 0 + 1;
                    Tr.processException((Throwable) null, clsName + ".createKeyInformation", "575", this);
                    Tr.error(tc, "security.wssecurity.ConfigUtil.s27", new Object[]{"'" + str3 + "'", "'" + getKsName(str, str2) + "'", null});
                    str15 = ConfigUtil.getMessage("security.wssecurity.ConfigUtil.s27", new String[]{"'" + str3 + "'", "'" + getKsName(str, str2) + "'", 0 == 0 ? null : ((String) null) + ": " + ((String) null)});
                }
            } catch (Throwable th) {
                if (0 != 0) {
                    int i2 = 0 + 1;
                    Tr.processException((Throwable) null, clsName + ".createKeyInformation", "575", this);
                    Tr.error(tc, "security.wssecurity.ConfigUtil.s27", new Object[]{"'" + str3 + "'", "'" + getKsName(str, str2) + "'", null});
                    ConfigUtil.getMessage("security.wssecurity.ConfigUtil.s27", new String[]{"'" + str3 + "'", "'" + getKsName(str, str2) + "'", 0 == 0 ? null : ((String) null) + ": " + ((String) null)});
                }
                throw th;
            }
        } catch (UnrecoverableKeyException e) {
            String name = e.getClass().getName();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "UnrecoverableKeyException encountered.  Key password is probably incorrect.");
            }
            if (e != null) {
                i = 0 + 1;
                Tr.processException(e, clsName + ".createKeyInformation", "575", this);
                Tr.error(tc, "security.wssecurity.ConfigUtil.s27", new Object[]{"'" + str3 + "'", "'" + getKsName(str, str2) + "'", e});
                str15 = ConfigUtil.getMessage("security.wssecurity.ConfigUtil.s27", new String[]{"'" + str3 + "'", "'" + getKsName(str, str2) + "'", 0 == 0 ? name : name + ": " + ((String) null)});
            }
        } catch (Exception e2) {
            String name2 = e2.getClass().getName();
            String message = e2.getMessage();
            if (e2 != null) {
                i = 0 + 1;
                Tr.processException(e2, clsName + ".createKeyInformation", "575", this);
                Tr.error(tc, "security.wssecurity.ConfigUtil.s27", new Object[]{"'" + str3 + "'", "'" + getKsName(str, str2) + "'", e2});
                str15 = ConfigUtil.getMessage("security.wssecurity.ConfigUtil.s27", new String[]{"'" + str3 + "'", "'" + getKsName(str, str2) + "'", message == null ? name2 : name2 + ": " + message});
            }
        }
        if (entry == null && i == 0) {
            i++;
            Tr.error(tc, "security.wssecurity.WSEC6800E", new Object[]{"'" + str3 + "'", "'" + getKsName(str, str2) + "'", "entry=null"});
            str15 = ConfigUtil.getMessage("security.wssecurity.WSEC6800E", new String[]{"'" + str3 + "'", "'" + getKsName(str, str2) + "'", "entry=null"});
        }
        if (i == 0) {
            if (entry instanceof KeyStore.TrustedCertificateEntry) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Trusted Certificate Entry.");
                }
                Certificate trustedCertificate = ((KeyStore.TrustedCertificateEntry) entry).getTrustedCertificate();
                if (trustedCertificate != null && (trustedCertificate instanceof X509Certificate)) {
                    x509Certificate = (X509Certificate) trustedCertificate;
                    str5 = x509Certificate.getSubjectDN().getName();
                    str6 = KeyInfo.X509Data.encodeDName(str5);
                    String name3 = x509Certificate.getIssuerDN().getName();
                    str7 = KeyInfo.X509Data.encodeDName(name3);
                    str8 = x509Certificate.getSerialNumber().toString();
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "subjectDN[" + str5 + "], encSubjectDN[" + str6 + "], issuerDN[" + name3 + "], encIssuerDN[" + str7 + "], issuerSerial[" + str8 + "]");
                    }
                    try {
                        bArr = trustedCertificate.getEncoded();
                        x509Certificate.checkValidity();
                    } catch (CertificateEncodingException e3) {
                        i += 2;
                        Tr.processException(e3, clsName + ".createKeyInformation", "636", this);
                        Tr.error(tc, "security.wssecurity.WSEC0155E", new Object[]{e3});
                        str15 = ConfigUtil.getMessage("security.wssecurity.WSEC0155E", new String[]{e3.getClass().getName() + ": " + e3.getMessage()});
                    } catch (CertificateExpiredException e4) {
                        i += 2;
                        Tr.processException(e4, clsName + ".createKeyInformation", "644", this);
                        Tr.error(tc, "security.wssecurity.WSEC5181E", new Object[]{"'" + str5 + "'", "'" + str3 + "'", "'" + getKsName(str, str2) + "'", e4});
                        str15 = ConfigUtil.getMessage("security.wssecurity.WSEC5181E", new String[]{"'" + str5 + "'", "'" + str3 + "'", "'" + getKsName(str, str2) + "'", e4.getClass().getName() + ": " + e4.getMessage()});
                    } catch (CertificateException e5) {
                        i += 2;
                        Tr.processException(e5, clsName + ".createKeyInformation", "655", this);
                        Tr.error(tc, "security.wssecurity.WSEC5182E", new Object[]{"'" + str5 + "'", "'" + str3 + "'", "'" + getKsName(str, str2) + "'", e5});
                        str15 = ConfigUtil.getMessage("security.wssecurity.WSEC5182E", new String[]{"'" + str5 + "'", "'" + str3 + "'", "'" + getKsName(str, str2) + "'", e5.getClass().getName() + ": " + e5.getMessage()});
                    }
                    j = x509Certificate.getNotAfter().getTime();
                    if (i == 0 && j - System.currentTimeMillis() < DAYS_IN_MS_BEFORE_EXPIRE_WARNING) {
                        Tr.warning(tc, "security.wssecurity.WSEC5189W", new Object[]{str5, str3, str, new Long((j - System.currentTimeMillis()) / DAYS_IN_MS)});
                        z2 = true;
                    }
                    if (i == 0) {
                        try {
                            byte[] makeSubjectKeyIdentifier = makeSubjectKeyIdentifier(trustedCertificate, null);
                            str9 = Base64.encode(makeSubjectKeyIdentifier);
                            str12 = Hex.encode(makeSubjectKeyIdentifier);
                            byte[] makeSubjectKeyIdentifier2 = makeSubjectKeyIdentifier(trustedCertificate, Constants.IT60SHA1);
                            str10 = Base64.encode(makeSubjectKeyIdentifier2);
                            str13 = Hex.encode(makeSubjectKeyIdentifier2);
                        } catch (InvalidAlgorithmParameterException e6) {
                            i += 4;
                            Tr.processException(e6, clsName + ".createKeyInformation", "694", this);
                            Tr.error(tc, "security.wssecurity.KeyStoreKeyLocator.generateIdentifier01", new Object[]{e6});
                            str15 = ConfigUtil.getMessage("security.wssecurity.KeyStoreKeyLocator.generateIdentifier01") + ":" + e6.getClass().getName() + ": " + e6.getMessage();
                        } catch (NoSuchAlgorithmException e7) {
                            i += 4;
                            Tr.processException(e7, clsName + ".createKeyInformation", "687", this);
                            Tr.error(tc, "security.wssecurity.KeyStoreKeyLocator.generateIdentifier01", new Object[]{e7});
                            str15 = ConfigUtil.getMessage("security.wssecurity.KeyStoreKeyLocator.generateIdentifier01") + ": " + e7.getClass().getName() + ": " + e7.getMessage();
                        } catch (Exception e8) {
                            i += 4;
                            Tr.processException(e8, clsName + ".createKeyInformation", "701", this);
                            Tr.error(tc, "security.wssecurity.KeyStoreKeyLocator.generateIdentifier04", new Object[]{e8});
                            str15 = ConfigUtil.getMessage("security.wssecurity.KeyStoreKeyLocator.generateIdentifier04") + ":" + e8.getClass().getName() + ": " + e8.getMessage();
                        }
                        key = trustedCertificate.getPublicKey();
                    }
                    if (i == 0) {
                        try {
                            byte[] makeThumbprint = makeThumbprint(bArr);
                            str11 = Base64.encode(makeThumbprint);
                            str14 = Hex.encode(makeThumbprint);
                        } catch (Exception e9) {
                            i += 8;
                            Tr.processException(e9, clsName + ".createKeyInformation", "716", this);
                            Tr.error(tc, "security.wssecurity.KeyStoreKeyLocator.generateIdentifier04", new Object[]{e9});
                            str15 = ConfigUtil.getMessage("security.wssecurity.KeyStoreKeyLocator.generateIdentifier04") + ":" + e9.getClass().getName() + ": " + e9.getMessage();
                        }
                    }
                }
            } else if (entry instanceof KeyStore.PrivateKeyEntry) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Private Key Entry.");
                }
                KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) entry;
                Certificate certificate = privateKeyEntry.getCertificate();
                if (certificate != null && (certificate instanceof X509Certificate)) {
                    x509Certificate = (X509Certificate) certificate;
                    str5 = x509Certificate.getSubjectDN().getName();
                    str6 = KeyInfo.X509Data.encodeDName(str5);
                    String name4 = x509Certificate.getIssuerDN().getName();
                    str7 = KeyInfo.X509Data.encodeDName(name4);
                    str8 = x509Certificate.getSerialNumber().toString();
                    try {
                        bArr = certificate.getEncoded();
                        x509Certificate.checkValidity();
                    } catch (CertificateEncodingException e10) {
                        i += 2;
                        Tr.processException(e10, clsName + ".createKeyInformation", "774", this);
                        Tr.error(tc, "security.wssecurity.WSEC0155E", new Object[]{e10});
                        str15 = ConfigUtil.getMessage("security.wssecurity.WSEC0155E", new String[]{e10.getClass().getName() + ": " + e10.getMessage()});
                    } catch (CertificateExpiredException e11) {
                        i += 2;
                        Tr.processException(e11, clsName + ".createKeyInformation", "782", this);
                        Tr.error(tc, "security.wssecurity.WSEC5181E", new Object[]{str5, str3, str, e11});
                        str15 = ConfigUtil.getMessage("security.wssecurity.WSEC5181E", new String[]{str5, str3, str, e11.getClass().getName() + ": " + e11.getMessage()});
                    } catch (CertificateException e12) {
                        i += 2;
                        Tr.processException(e12, clsName + ".createKeyInformation", "793", this);
                        Tr.error(tc, "security.wssecurity.WSEC5182E", new Object[]{str5, str3, str, e12});
                        str15 = ConfigUtil.getMessage("security.wssecurity.WSEC5182E", new String[]{str5, str3, str, e12.getClass().getName() + ": " + e12.getMessage()});
                    }
                    j = x509Certificate.getNotAfter().getTime();
                    if (i == 0 && j - System.currentTimeMillis() < DAYS_IN_MS_BEFORE_EXPIRE_WARNING) {
                        Tr.warning(tc, "security.wssecurity.WSEC5189W", new Object[]{str5, str3, str, new Long((j - System.currentTimeMillis()) / DAYS_IN_MS)});
                        z2 = true;
                    }
                    if (i == 0) {
                        try {
                            byte[] makeSubjectKeyIdentifier3 = makeSubjectKeyIdentifier(certificate, null);
                            str9 = Base64.encode(makeSubjectKeyIdentifier3);
                            str12 = Hex.encode(makeSubjectKeyIdentifier3);
                            byte[] makeSubjectKeyIdentifier4 = makeSubjectKeyIdentifier(certificate, Constants.IT60SHA1);
                            str10 = Base64.encode(makeSubjectKeyIdentifier4);
                            str13 = Hex.encode(makeSubjectKeyIdentifier4);
                        } catch (InvalidAlgorithmParameterException e13) {
                            i += 4;
                            Tr.processException(e13, clsName + ".createKeyInformation", "832", this);
                            Tr.error(tc, "security.wssecurity.KeyStoreKeyLocator.generateIdentifier01", new Object[]{e13});
                            str15 = ConfigUtil.getMessage("security.wssecurity.KeyStoreKeyLocator.generateIdentifier01") + ":" + e13.getClass().getName() + ": " + e13.getMessage();
                        } catch (NoSuchAlgorithmException e14) {
                            i += 4;
                            Tr.processException(e14, clsName + ".createKeyInformation", "825", this);
                            Tr.error(tc, "security.wssecurity.KeyStoreKeyLocator.generateIdentifier01", new Object[]{e14});
                            str15 = ConfigUtil.getMessage("security.wssecurity.KeyStoreKeyLocator.generateIdentifier01") + ": " + e14.getClass().getName() + ": " + e14.getMessage();
                        } catch (Exception e15) {
                            i += 4;
                            Tr.processException(e15, clsName + ".createKeyInformation", "839", this);
                            Tr.error(tc, "security.wssecurity.KeyStoreKeyLocator.generateIdentifier04", new Object[]{e15});
                            str15 = ConfigUtil.getMessage("security.wssecurity.KeyStoreKeyLocator.generateIdentifier04") + ":" + e15.getClass().getName() + ": " + e15.getMessage();
                        }
                        key = certificate.getPublicKey();
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "subjectDN[" + str5 + "], encSubjectDN[" + str6 + "], issuerDN[" + name4 + "], encIssuerDN[" + str7 + "], issuerSerial[" + str8 + "], publickey[" + key + "]");
                        }
                    }
                    if (i == 0) {
                        try {
                            byte[] makeThumbprint2 = makeThumbprint(bArr);
                            str11 = Base64.encode(makeThumbprint2);
                            str14 = Hex.encode(makeThumbprint2);
                        } catch (Exception e16) {
                            i += 8;
                            Tr.processException(e16, clsName + ".createKeyInformation", "864", this);
                            Tr.error(tc, "security.wssecurity.KeyStoreKeyLocator.generateIdentifier04", new Object[]{e16});
                            str15 = ConfigUtil.getMessage("security.wssecurity.KeyStoreKeyLocator.generateIdentifier04") + ":" + e16.getClass().getName() + ": " + e16.getMessage();
                        }
                    }
                }
                key2 = privateKeyEntry.getPrivateKey();
            } else if (entry instanceof KeyStore.SecretKeyEntry) {
                str5 = str4;
                str6 = encodeDName;
                SecretKey secretKey = ((KeyStore.SecretKeyEntry) entry).getSecretKey();
                key = secretKey;
                key2 = secretKey;
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "subjectDN[" + str5 + "], encSubjectDN[" + str6 + "], privatekey=publickey[" + key2 + "]");
                }
            }
        }
        KeyInformation keyInformation = new KeyInformation(str, str3, encodeDName, key, key2, x509Certificate, bArr, str5, str6, str7, str8, str9, str10, str11, str12, str13, str14, i, j, DAYS_IN_MS_BEFORE_EXPIRE_WARNING, str15, z2);
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer2 = new StringBuffer("createKeyInformation(");
            stringBuffer2.append("KeyStore, String, char[], String)");
            stringBuffer2.append(" returns KeyInformation[").append(keyInformation).append("]");
            Tr.exit(tc, stringBuffer2.toString());
        }
        return keyInformation;
    }

    public final synchronized KeyInformation getKeyInformationInPkiPath(String str, String str2, char[] cArr, String str3, String str4, char[] cArr2, String str5, List list) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("getKeyInformationInPkiPath(");
            stringBuffer.append("String storePath[").append(str).append("], ");
            stringBuffer.append("String storeType[").append(str2).append("], ");
            stringBuffer.append("char[] storePassword[");
            stringBuffer.append(cArr == null ? "null" : "not null");
            stringBuffer.append("], ");
            stringBuffer.append("String keyStoreRef[").append(str3).append("], ");
            stringBuffer.append("String alias[").append(str4).append("], ");
            stringBuffer.append("char[] keyPassword[");
            stringBuffer.append(cArr2 == null ? "null" : "not null");
            stringBuffer.append("], ");
            stringBuffer.append("String keyName[").append(str5).append("])");
            Tr.entry(tc, stringBuffer.toString());
        }
        KeyInformation keyInformation = getKeyInformation(str, str2, cArr, str3, str4, cArr2, str5, this.PKIPATH, null);
        KeyStore keyStore = getKeyStore(str, str2, cArr, str3);
        byte[] bArr = null;
        try {
            bArr = CertificateUtil.encodePkiPath(keyStore.getProvider(), list, keyStore, str4);
        } catch (Exception e) {
            KeyInformation.access$112(keyInformation, 2);
            Tr.processException(e, clsName + ".getKeyInformationInPkiPath", "937", this);
            Tr.error(tc, "security.wssecurity.PkiPathCallbackHandler.s01", new Object[]{e});
            keyInformation._errorMes = ConfigUtil.getMessage("security.wssecurity.PkiPathCallbackHandler.s01") + ": " + e.getClass().getName() + ": " + e.getMessage();
        }
        keyInformation._binary = bArr;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getKeyInformationInPkiPath( KeyStore keyStore, String storePath, String alias, char[] keyPassword,  String keyName)");
        }
        return keyInformation;
    }

    public final synchronized KeyInformation getKeyInformationInPKCS7(String str, String str2, char[] cArr, String str3, String str4, char[] cArr2, String str5, List list) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("getKeyInformationInPKCS7(");
            stringBuffer.append("String storePath[").append(str).append("], ");
            stringBuffer.append("String storeType[").append(str2).append("], ");
            stringBuffer.append("char[] storePassword[");
            stringBuffer.append(cArr == null ? "null" : "not null");
            stringBuffer.append("], ");
            stringBuffer.append("String keyStoreRef[").append(str3).append("], ");
            stringBuffer.append("String alias[").append(str4).append("], ");
            stringBuffer.append("char[] keyPassword[");
            stringBuffer.append(cArr2 == null ? "null" : "not null");
            stringBuffer.append("], ");
            stringBuffer.append("String keyName[").append(str5).append("])");
            Tr.entry(tc, stringBuffer.toString());
        }
        KeyInformation keyInformation = getKeyInformation(str, str2, cArr, str3, str4, cArr2, str5, this.PKCS7, list);
        byte[] bArr = null;
        try {
            bArr = CertificateUtil.encodePKCS7(null, list, getKeyStore(str, str2, cArr, str3), str4);
        } catch (Exception e) {
            KeyInformation.access$112(keyInformation, 2);
            Tr.processException(e, clsName + ".getKeyInformationInPKCS7", "984", this);
            Tr.error(tc, "security.wssecurity.PKCS7CallbackHandler.s01", new Object[]{e});
            keyInformation._errorMes = ConfigUtil.getMessage("security.wssecurity.WSEC6806E") + ": " + e.getClass().getName() + ": " + e.getMessage();
        }
        keyInformation._binary = bArr;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getKeyInformationInPKCS7(String storePath, String storeType, +char[] storePassword, String keyStoreRef, String alias, char[] keyPassword, String keyName, List certStores)");
        }
        return keyInformation;
    }

    public final KeyStore getKeyStore(KeyStoreConfig keyStoreConfig) throws SoapSecurityException {
        return getKeyStore(keyStoreConfig, false);
    }

    public final KeyStore getKeyStore(KeyStoreConfig keyStoreConfig, boolean z) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getKeyStore(KeyStoreConfig[" + ConfigUtil.getObjState(keyStoreConfig) + "], reloadKeystore[" + z + "])");
        }
        KeyStore keyStore = null;
        if (keyStoreConfig != null && (ConfigUtil.hasValue(keyStoreConfig.getPath()) || ConfigUtil.hasValue(keyStoreConfig.getKsRef()))) {
            keyStore = getKeyStore(keyStoreConfig.getPath(), keyStoreConfig.getType(), ConfigUtil.getTrimmedCharArray(keyStoreConfig.getPassword()), keyStoreConfig.getKsRef(), z);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getKeyStore(KeyStoreConfig) returns[" + ConfigUtil.getObjState(keyStore) + "])");
        }
        return keyStore;
    }

    public final KeyStore getKeyStore(String str, String str2, char[] cArr, String str3) throws SoapSecurityException {
        return getKeyStore(str, str2, cArr, str3, false);
    }

    public final synchronized KeyStore getKeyStore(String str, String str2, char[] cArr, String str3, boolean z) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("getKeyStore(");
            stringBuffer.append("String storePath[").append(str).append("], ");
            stringBuffer.append("String storeType[").append(str2).append("], ");
            stringBuffer.append("char[] storePassword[");
            stringBuffer.append(cArr == null ? "null" : "not null");
            stringBuffer.append("], ");
            stringBuffer.append("String keyStoreRef[").append(str3).append("], ");
            stringBuffer.append("boolean reloadKeystore[").append(z).append("])");
            Tr.entry(tc, stringBuffer.toString());
        }
        boolean z2 = str3 != null && str3.length() > 0;
        boolean z3 = str != null && str.length() > 0;
        if (!z2 && !z3) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Both KeyStoreRef and StorePass are null or empty length");
            }
            SoapSecurityException format = SoapSecurityException.format("security.wssecurity.KeyStoreManager.noKeyStoreRefAndStorePath");
            Tr.processException(format, clsName + ".getKeyStore", "1061", this);
            Tr.error(tc, "security.wssecurity.KeyStoreManager.noKeyStoreRefAndStorePath", new Object[]{format});
            throw format;
        }
        KeyStore keyStore = null;
        if (z2) {
            keyStore = ConfigUtil.getKeyStore(str3);
        }
        if (keyStore == null) {
            if (z3) {
                String expandInstallLocation = ConfigUtil.expandInstallLocation(str);
                String str4 = expandInstallLocation;
                if (cArr != null && cArr.length > 0) {
                    str4 = str4 + new String(cArr).hashCode();
                }
                if (!z) {
                    keyStore = this.keyStoreCache.get(str4);
                    if (keyStore == null && tc.isDebugEnabled()) {
                        StringBuffer stringBuffer2 = new StringBuffer("There is no cached key store with the keystore [");
                        stringBuffer2.append(expandInstallLocation);
                        stringBuffer2.append("]. So a new key store is loaded.");
                        Tr.debug(tc, stringBuffer2.toString());
                    }
                } else if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "reloadKeystore=" + z + " The keystore with the path [" + expandInstallLocation + "] will be reloaded.");
                }
                if (keyStore == null) {
                    keyStore = ConfigUtil.getKeyStore(str2, expandInstallLocation, cArr);
                    if (!z) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Caching keystore.");
                        }
                        this.keyStoreCache.put(str4, keyStore);
                    } else if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "reloadKeystore=" + z + " The new keystore will NOT be cached.");
                    }
                }
            }
        } else if (tc.isDebugEnabled()) {
            StringBuffer stringBuffer3 = new StringBuffer("There is cached key store with the keystore reference [");
            stringBuffer3.append(str3);
            stringBuffer3.append("]. So the key store is used.");
            Tr.debug(tc, stringBuffer3.toString());
        }
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer4 = new StringBuffer("getKeyStore(");
            stringBuffer4.append("String, String, char[], String)");
            stringBuffer4.append(" returns KeyStore[").append(keyStore).append("]");
            Tr.exit(tc, stringBuffer4.toString());
        }
        return keyStore;
    }

    private static final byte[] certToSubjectKeyIdentifier(Certificate certificate) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "certToSubjectKeyIdentifier(Certificate cert)");
        }
        if (!(certificate instanceof X509Certificate)) {
            return null;
        }
        byte[] bArr = null;
        byte[] extensionValue = ((X509Certificate) certificate).getExtensionValue(OID_SUBJECTKEYIDENTIFIER);
        if (extensionValue != null) {
            bArr = new byte[extensionValue.length - 4];
            System.arraycopy(extensionValue, 4, bArr, 0, extensionValue.length - 4);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "certToSubjectKeyIdentifier(Certificate)");
        }
        return bArr;
    }

    private static final byte[] pubkeyToSubjectKeyIdentifier(Certificate certificate, QName qName) throws Exception {
        int i;
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("pubkeyToSubjectKeyIdentifier(");
            stringBuffer.append("Certificate cert, ");
            stringBuffer.append("QName idty[").append(qName).append("])");
            Tr.entry(tc, stringBuffer.toString());
        }
        byte[] bArr = null;
        if (certificate != null) {
            byte[] encoded = certificate.getPublicKey().getEncoded();
            if (encoded[0] != BER_SEQUENCE) {
                RuntimeException runtimeException = new RuntimeException(ConfigUtil.getMessage("security.wssecurity.WSEC6801E", new String[]{Hex.encode(encoded)}));
                Tr.processException(runtimeException, clsName + ".pubkeyToSubjectKeyIdentifier", "1169");
                throw runtimeException;
            }
            int i2 = encoded[1] & 255;
            int i3 = (i2 & 128) == 0 ? 2 : 2 + (i2 & 127);
            int i4 = encoded[i3 + 1] & 255;
            if ((i4 & 128) == 0) {
                i = i3 + 2;
            } else {
                int i5 = i3 + 2;
                i = i3 + 2 + (i4 & 127);
                switch (i4 & 127) {
                    case 1:
                        i4 = encoded[i5] & 255;
                        break;
                    case 2:
                        i4 = ((encoded[i5] & 255) << 8) + (encoded[i5 + 1] & 255);
                        break;
                    case 3:
                        i4 = ((encoded[i5] & 255) << 16) + ((encoded[i5 + 1] & 255) << 8) + (encoded[i5 + 2] & 255);
                        break;
                    case 4:
                        i4 = ((encoded[i5] & 255) << 24) + ((encoded[i5 + 1] & 255) << 16) + ((encoded[i5 + 2] & 255) << 8) + (encoded[i5 + 3] & 255);
                        break;
                    default:
                        RuntimeException runtimeException2 = new RuntimeException(ConfigUtil.getMessage("security.wssecurity.WSEC6802E", new String[]{Hex.encode(encoded)}));
                        Tr.processException(runtimeException2, clsName + ".pubkeyToSubjectKeyIdentifier", "1204");
                        throw runtimeException2;
                }
            }
            int i6 = i + i4;
            if (encoded[i6] != 3) {
                RuntimeException runtimeException3 = new RuntimeException(ConfigUtil.getMessage("security.wssecurity.WSEC6803E", new String[]{Integer.toString(encoded[i6] & 255, 16)}));
                Tr.processException(runtimeException3, clsName + ".pubkeyToSubjectKeyIdentifier", "1216");
                throw runtimeException3;
            }
            int i7 = encoded[i6 + 1] & 255;
            int i8 = i6 + ((i7 & 128) == 0 ? 3 : 3 + (i7 & 127));
            AlgorithmFactory algorithmFactory = AlgorithmFactory.getInstance();
            MessageDigest messageDigest = algorithmFactory.getMessageDigest("http://www.w3.org/2000/09/xmldsig#sha1", null);
            if (NamespaceUtil.equals(qName, Constants.ITSHA1) || qName == null) {
                messageDigest.update(encoded, i8, encoded.length - i8);
                bArr = messageDigest.digest();
                algorithmFactory.releaseMessageDigest("http://www.w3.org/2000/09/xmldsig#sha1", messageDigest);
            } else {
                if (!NamespaceUtil.equals(qName, Constants.IT60SHA1)) {
                    algorithmFactory.releaseMessageDigest("http://www.w3.org/2000/09/xmldsig#sha1", messageDigest);
                    IllegalArgumentException illegalArgumentException = new IllegalArgumentException(ConfigUtil.getMessage("security.wssecurity.WSEC6804E", new String[]{qName.toString()}));
                    Tr.processException(illegalArgumentException, clsName + ".pubkeyToSubjectKeyIdentifier", "1243");
                    throw illegalArgumentException;
                }
                messageDigest.update(encoded, i8, encoded.length - i8);
                byte[] digest = messageDigest.digest();
                algorithmFactory.releaseMessageDigest("http://www.w3.org/2000/09/xmldsig#sha1", messageDigest);
                bArr = new byte[8];
                bArr[0] = (byte) (64 + (digest[digest.length - 8] & 15));
                System.arraycopy(digest, (digest.length - 8) + 1, bArr, 1, bArr.length - 1);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "pubkeyToSubjectKeyIdentifier(Certificate, QName)");
        }
        return bArr;
    }

    private static final byte[] makeSubjectKeyIdentifier(Certificate certificate, QName qName) throws Exception {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("makeSubjectKeyIdentifier(");
            stringBuffer.append("Certificate cert, ");
            stringBuffer.append("QName idty[").append(qName).append("])");
            Tr.entry(tc, stringBuffer.toString());
        }
        byte[] bArr = null;
        if (certificate != null) {
            bArr = certToSubjectKeyIdentifier(certificate);
            if (bArr == null || qName != null) {
                if (qName == null || NamespaceUtil.equals(qName, Constants.ITSHA1)) {
                    if (bArr == null || bArr.length != 20) {
                        bArr = pubkeyToSubjectKeyIdentifier(certificate, qName);
                    }
                } else {
                    if (!NamespaceUtil.equals(qName, Constants.IT60SHA1)) {
                        IllegalArgumentException illegalArgumentException = new IllegalArgumentException(ConfigUtil.getMessage("security.wssecurity.WSEC6804E", new String[]{qName.toString()}));
                        Tr.processException(illegalArgumentException, clsName + ".makeSubjectKeyIdentifier", "1283");
                        throw illegalArgumentException;
                    }
                    if (bArr == null || bArr.length != 8) {
                        bArr = pubkeyToSubjectKeyIdentifier(certificate, qName);
                    }
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "makeIdentifier(Certificate, QName)");
        }
        return bArr;
    }

    private static final MessageDigest getSHA1Digest() throws NoSuchAlgorithmException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSHA1Digest()");
        }
        MessageDigest messageDigest = null;
        synchronized (sha1Pool) {
            if (!sha1Pool.empty()) {
                messageDigest = sha1Pool.pop();
                messageDigest.reset();
            }
        }
        if (messageDigest == null) {
            messageDigest = MessageDigest.getInstance(MESSAGE_DIGEST_SHA1);
        }
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("getSHA1Digest()");
            stringBuffer.append(" returns MessageDigest [").append(messageDigest).append("]");
            Tr.exit(tc, stringBuffer.toString());
        }
        return messageDigest;
    }

    private static final void releaseSHA1Digest(MessageDigest messageDigest) {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("releaseSHA1Digest(");
            stringBuffer.append("MessageDigest digest[").append(messageDigest).append("](");
            Tr.entry(tc, stringBuffer.toString());
        }
        synchronized (sha1Pool) {
            sha1Pool.push(messageDigest);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "releaseSHA1Digest(MessageDigest)");
        }
    }

    private static final byte[] makeThumbprint(byte[] bArr) throws NoSuchAlgorithmException {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("makeThumbprint(");
            stringBuffer.append("byte[] certBinary)");
            Tr.entry(tc, stringBuffer.toString());
        }
        byte[] bArr2 = null;
        if (bArr != null) {
            MessageDigest messageDigest = null;
            try {
                messageDigest = getSHA1Digest();
                bArr2 = messageDigest.digest(bArr);
                if (messageDigest != null) {
                    releaseSHA1Digest(messageDigest);
                }
            } catch (Throwable th) {
                if (messageDigest != null) {
                    releaseSHA1Digest(messageDigest);
                }
                throw th;
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "makeThumbprint(Certificate cert, QName idty)");
        }
        return bArr2;
    }

    private static String getKsName(String str, String str2) {
        if (str != null && str.length() != 0) {
            return str;
        }
        if (str2 == null || str2.length() == 0) {
            return null;
        }
        return str2;
    }
}
