package com.ibm.ws.wssecurity.wssapi.token.impl;

import com.ibm.websphere.wssecurity.callbackhandler.UNTGUIPromptCallbackHandler;
import com.ibm.websphere.wssecurity.wssapi.token.SecurityToken;
import com.ibm.websphere.wssecurity.wssapi.token.UsernameToken;
import com.ibm.ws.wssecurity.admin.BindingPropertyConstants;
import com.ibm.ws.wssecurity.common.Constants;
import com.ibm.ws.wssecurity.common.SCAndTrustConstants;
import com.ibm.ws.wssecurity.core.token.TokenGeneratorComponent;
import com.ibm.ws.wssecurity.util.Axis2Util;
import com.ibm.ws.wssecurity.util.ConfigUtil;
import com.ibm.ws.wssecurity.util.DOMUtils;
import com.ibm.ws.wssecurity.util.Tr;
import com.ibm.ws.wssecurity.util.TraceComponent;
import com.ibm.ws.wssecurity.util.XMLStructureHelper;
import com.ibm.ws.wssecurity.wssapi.CommonCallbackHandler;
import com.ibm.wsspi.wssecurity.core.SoapSecurityException;
import com.ibm.wsspi.wssecurity.core.config.CallbackHandlerConfig;
import com.ibm.wsspi.wssecurity.core.config.TokenGeneratorConfig;
import com.ibm.wsspi.wssecurity.wssapi.OMStructure;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import javax.xml.namespace.QName;
import org.apache.axiom.om.OMDocument;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMFactory;
import org.apache.axiom.om.OMNamespace;
import org.apache.axiom.om.OMNode;
import org.apache.axis2.util.XMLUtils;

/* loaded from: input_file:com/ibm/ws/wssecurity/wssapi/token/impl/CommonTokenGenerator.class */
public class CommonTokenGenerator implements TokenGeneratorComponent {
    private static final String comp = "security.wssecurity";
    private boolean initialized = false;
    private static final TraceComponent tc = Tr.register(CommonTokenGenerator.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.wssmessages");
    private static final String clsName = CommonTokenGenerator.class.getName();

    @Override // com.ibm.ws.wssecurity.core.WSSComponent, com.ibm.ws.wssecurity.core.Initializable
    public void init(Map<Object, Object> map) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "init(Map map)");
        }
        if (!this.initialized) {
            this.initialized = true;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "init(Map map)");
        }
    }

    @Override // com.ibm.ws.wssecurity.core.WSSGeneratorComponent
    public void invoke(OMDocument oMDocument, OMElement oMElement, final Map<Object, Object> map) throws SoapSecurityException {
        Subject subject;
        OMElement oMElement2;
        Class<?> cls;
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("invoke(");
            stringBuffer.append("OMDocument doc[").append(DOMUtils.getDisplayName(oMDocument)).append("], ");
            stringBuffer.append("OMElement parent[").append(DOMUtils.getDisplayName((OMNode) oMElement)).append("], ");
            stringBuffer.append("Map context)");
            Tr.entry(tc, stringBuffer.toString());
        }
        final TokenGeneratorConfig tokenGeneratorConfig = (TokenGeneratorConfig) map.get(TokenGeneratorConfig.CONFIG_KEY);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "TokenGeneratorConfig [" + tokenGeneratorConfig + "].");
        }
        CallbackHandlerConfig callbackHandler = tokenGeneratorConfig.getCallbackHandler();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "CallbackHandlerConfig [" + tokenGeneratorConfig + "].");
        }
        CallbackHandler callbackHandler2 = null;
        if (callbackHandler != null) {
            callbackHandler2 = callbackHandler.getInstance();
            if (callbackHandler2 == null) {
                final String className = callbackHandler.getClassName();
                try {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Instantiating the callback handler [" + className + "]...");
                    }
                    final ClassLoader classLoader = (ClassLoader) AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: com.ibm.ws.wssecurity.wssapi.token.impl.CommonTokenGenerator.1
                        @Override // java.security.PrivilegedAction
                        public Object run() {
                            if (CommonTokenGenerator.tc.isEntryEnabled()) {
                                Tr.exit(CommonTokenGenerator.tc, "invoke(OMDocument, OMElement, Map");
                            }
                            return Thread.currentThread().getContextClassLoader();
                        }
                    });
                    if (classLoader != null) {
                        try {
                            cls = (Class) AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: com.ibm.ws.wssecurity.wssapi.token.impl.CommonTokenGenerator.2
                                @Override // java.security.PrivilegedExceptionAction
                                public Object run() throws ClassNotFoundException {
                                    return classLoader.loadClass(className);
                                }
                            });
                        } catch (PrivilegedActionException e) {
                            cls = Class.forName(className);
                        }
                    } else {
                        cls = Class.forName(className);
                    }
                    if (!CallbackHandler.class.isAssignableFrom(cls)) {
                        SoapSecurityException format = SoapSecurityException.format("security.wssecurity.ConfigUtil.s17", className, CallbackHandler.class.getName());
                        Tr.processException(format, clsName + ".invoke", "149", this);
                        throw format;
                    }
                    HashMap hashMap = new HashMap();
                    hashMap.put(CallbackHandlerConfig.CONFIG_KEY, callbackHandler);
                    callbackHandler2 = (CallbackHandler) cls.getConstructor(Map.class).newInstance(hashMap);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Succeeded to Instantiate the callback handler [" + className + "].");
                    }
                    callbackHandler.setInstance(callbackHandler2);
                } catch (SoapSecurityException e2) {
                    Tr.processException(e2, clsName + ".invoke", "153");
                    throw e2;
                } catch (Exception e3) {
                    SoapSecurityException format2 = SoapSecurityException.format("security.wssecurity.X509TokenGenerator.s01", className, e3);
                    Tr.processException(e3, clsName + ".invoke", "159", this);
                    Tr.error(tc, "security.wssecurity.X509TokenGenerator.s01", new Object[]{format2});
                    throw format2;
                }
            }
            if (callbackHandler2 instanceof UNTGUIPromptCallbackHandler) {
                map.put(Constants.UNTGUIPROMPTCALLBACKHANDLER_IS_USED_KEY, new Boolean(true));
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Using GUI UNT Handler, setting flag for caching");
                }
            }
            map.putAll(callbackHandler.getProperties());
            map.put(CallbackHandlerConfig.CONFIG_KEY, callbackHandler);
        }
        Map<Object, Object> properties = tokenGeneratorConfig.getProperties();
        if (properties != null && oMElement != null) {
            String str = (String) properties.get(com.ibm.wsspi.wssecurity.core.Constants.DOM_ELEMENT_ENABLED);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "com.ibm.wsspi.wssecurity.domElementEnabled : " + str);
            }
            if (ConfigUtil.isTrue(str)) {
                Object obj = null;
                if (oMElement != null) {
                    try {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Mapping DOM Element to OMElement for the message...");
                        }
                        obj = XMLUtils.toDOM(oMElement);
                    } catch (Throwable th) {
                        throw SoapSecurityException.format(Axis2Util.setFailedAuthFaultCode(map), "security.wssecurity.X509TokenGenerator.s01", th);
                    }
                }
                map.put(com.ibm.wsspi.wssecurity.core.Constants.DOM_PROCESSING_ELEMENT, obj);
                Object obj2 = (HashMap) map.get(Constants.DOMELEMENT_OMELEMENT_MAP);
                if (obj2 == null) {
                    obj2 = new HashMap();
                    map.put(Constants.DOMELEMENT_OMELEMENT_MAP, obj2);
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "com.ibm.ws.wssecurity.domElementOmElementMap: " + obj2);
                }
            }
        }
        map.put("com.ibm.ws.wssecurity.constants.processingElement", oMElement);
        final String jAASConfig = tokenGeneratorConfig.getJAASConfig();
        map.putAll(tokenGeneratorConfig.getJAASConfigProperties());
        final CommonCallbackHandler commonCallbackHandler = new CommonCallbackHandler(callbackHandler2, map);
        Object obj3 = map.get(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_SUBJECT);
        if (obj3 == null || !(obj3 instanceof Subject)) {
            subject = new Subject();
            map.put(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_SUBJECT, subject);
        } else {
            subject = (Subject) obj3;
        }
        final Subject subject2 = subject;
        boolean z = false;
        LoginModule loginModule = null;
        DKTGenerateLoginModule dKTGenerateLoginModule = null;
        String str2 = (String) tokenGeneratorConfig.getProperties().get(Constants.OUR_LOGIN_CONFIG);
        if (ConfigUtil.hasValue(str2)) {
            if (BindingPropertyConstants.SCT_JAAS_CONFIG_VALUE.equals(str2)) {
                loginModule = new SCTGenerateLoginModule();
                dKTGenerateLoginModule = new DKTGenerateLoginModule();
                z = true;
            } else if ("system.wss.generate.x509".equals(str2)) {
                loginModule = new X509GenerateLoginModule();
                z = true;
            } else if ("system.wss.generate.unt".equals(str2)) {
                loginModule = new UNTGenerateLoginModule();
                z = true;
            }
        }
        if (z) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Avoiding JAAS login for " + jAASConfig);
            }
            HashMap hashMap2 = new HashMap();
            loginModule.initialize(subject2, commonCallbackHandler, hashMap2, new HashMap());
            if (BindingPropertyConstants.SCT_JAAS_CONFIG_VALUE.equals(jAASConfig)) {
                dKTGenerateLoginModule.initialize(subject2, new CommonCallbackHandler(null, map), hashMap2, new HashMap());
            }
            try {
                if (!loginModule.login()) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Failed to login");
                    }
                    throw new LoginException("Login module " + loginModule.getClass().getName() + " login() method returned false");
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Succeeded to login");
                }
                if (dKTGenerateLoginModule != null) {
                    if (!dKTGenerateLoginModule.login()) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Failed to login");
                        }
                        throw new LoginException("Login module " + dKTGenerateLoginModule.getClass().getName() + " login() method returned false");
                    }
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Succeeded to login");
                    }
                }
                if (!loginModule.commit()) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Failed to commit");
                    }
                    throw new LoginException("Login module " + loginModule.getClass().getName() + " commit() method returned false");
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Succeeded to commit");
                }
                if (dKTGenerateLoginModule != null) {
                    if (!dKTGenerateLoginModule.commit()) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Failed to commit");
                        }
                        throw new LoginException("Login module " + dKTGenerateLoginModule.getClass().getName() + " commit() method returned false");
                    }
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Succeeded to commit");
                    }
                }
            } catch (LoginException e4) {
                Tr.processException(e4, clsName + ".invoke", "236");
                Tr.error(tc, "security.wssecurity.X509TokenConsumer.s02", new Object[]{e4});
                QName qName = (QName) map.get(SCAndTrustConstants.SC_FAULT_CODE);
                if (qName == null) {
                    throw SoapSecurityException.format("security.wssecurity.X509TokenConsumer.s02", e4);
                }
                throw SoapSecurityException.format(qName, "security.wssecurity.X509TokenConsumer.s02", e4);
            }
        } else {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Performing JAAS login for " + jAASConfig);
            }
            try {
                LoginContext loginContext = (LoginContext) AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: com.ibm.ws.wssecurity.wssapi.token.impl.CommonTokenGenerator.3
                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws LoginException {
                        return new LoginContext(jAASConfig, subject2, commonCallbackHandler);
                    }
                });
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Succeed to construct the login context.");
                }
                loginContext.login();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Succeed to login.");
                }
            } catch (PrivilegedActionException e5) {
                LoginException loginException = (LoginException) e5.getCause();
                Tr.processException(loginException, clsName + ".invoke", "264");
                Tr.error(tc, "security.wssecurity.X509TokenConsumer.s01", new Object[]{loginException});
                throw SoapSecurityException.format("security.wssecurity.X509TokenConsumer.s01", loginException);
            } catch (LoginException e6) {
                Tr.processException(e6, clsName + ".invoke", "268");
                Tr.error(tc, "security.wssecurity.X509TokenConsumer.s02", new Object[]{e6});
                throw SoapSecurityException.format("security.wssecurity.X509TokenConsumer.s02", e6);
            }
        }
        map.remove(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_TOKEN_FOR_ERROR_HANDLING);
        List list = (List) map.remove(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_TOKEN_PROCESSED);
        if (list == null) {
            SoapSecurityException format3 = SoapSecurityException.format("security.wssecurity.X509TokenGenerator.s03", jAASConfig);
            Tr.processException(format3, clsName + ".invoke", "287", this);
            throw format3;
        }
        SecurityTokenManagerImpl securityTokenManagerImpl = (SecurityTokenManagerImpl) map.get(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_SECURITY_TOKEN_MANAGER);
        final String str3 = (String) map.get(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEYINFO_TYPE);
        final String str4 = (String) map.get(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEYINFO_UNIQUE_NAME);
        boolean z2 = false;
        for (int size = list.size() - 1; size >= 0; size--) {
            SecurityToken securityToken = (SecurityToken) list.get(size);
            if (securityTokenManagerImpl.getTokenWrapper(securityToken) == null) {
                final SecurityTokenWrapper securityTokenWrapper = new SecurityTokenWrapper(securityToken);
                AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: com.ibm.ws.wssecurity.wssapi.token.impl.CommonTokenGenerator.4
                    @Override // java.security.PrivilegedAction
                    public Object run() {
                        securityTokenWrapper.setUsedTokenGenerator(tokenGeneratorConfig.hashCode());
                        securityTokenWrapper.setKeyInfoType(str3);
                        securityTokenWrapper.setKeyInfoUniqueID(str4);
                        return null;
                    }
                });
                securityTokenManagerImpl.addTokenWrapper(securityTokenWrapper);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "SecurityTokenWrapper[" + size + "] added: " + securityTokenWrapper);
                }
            }
            if (!z2) {
                map.put(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_TOKEN_LOGININFO, securityToken);
                z2 = true;
            }
        }
        List list2 = (List) map.remove(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_TOKEN_TO_BE_INSERTED);
        if (list2 != null && list2.size() > 0) {
            OMNode oMNode = (OMNode) map.get(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_TOKENELEMENT_REFERENCED);
            final XMLStructureHelper xMLStructureHelper = new XMLStructureHelper();
            for (int size2 = list2.size() - 1; size2 >= 0; size2--) {
                final SecurityToken securityToken2 = (SecurityToken) list2.get(size2);
                if (securityToken2 instanceof UsernameToken) {
                    try {
                        oMElement2 = (OMElement) AccessController.doPrivileged(new PrivilegedExceptionAction<OMElement>() { // from class: com.ibm.ws.wssecurity.wssapi.token.impl.CommonTokenGenerator.5
                            /* JADX WARN: Can't rename method to resolve collision */
                            @Override // java.security.PrivilegedExceptionAction
                            public OMElement run() throws SoapSecurityException {
                                return xMLStructureHelper.getOMElement(securityToken2, map);
                            }
                        });
                    } catch (PrivilegedActionException e7) {
                        throw new SoapSecurityException(e7.getException());
                    }
                } else {
                    oMElement2 = xMLStructureHelper.getOMElement(securityToken2, map);
                }
                Boolean bool = new Boolean(false);
                if (map.get("ImpliedDerivedKey") != null) {
                    bool = (Boolean) map.remove("ImpliedDerivedKey");
                }
                if (oMElement2 != null && !bool.booleanValue()) {
                    if (oMNode == null) {
                        OMNode firstOMChild = oMElement.getFirstOMChild();
                        if (firstOMChild == null) {
                            oMElement.addChild(oMElement2);
                        } else {
                            firstOMChild.insertSiblingBefore(oMElement2);
                        }
                    } else {
                        oMNode.insertSiblingAfter(oMElement2);
                    }
                    createSecurityTokenReferenceElement(securityToken2, securityTokenManagerImpl, map, false);
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "invoke(OMDocument, OMElement, Map)");
        }
    }

    public static OMElement createSecurityTokenReferenceElement(SecurityToken securityToken, SecurityTokenManagerImpl securityTokenManagerImpl, Map map, boolean z) {
        boolean z2 = false;
        if (z) {
            z2 = true;
        } else {
            TokenGeneratorConfig tokenGeneratorConfig = (TokenGeneratorConfig) map.get(TokenGeneratorConfig.CONFIG_KEY);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "TokenGeneratorConfig [" + tokenGeneratorConfig + "].");
            }
            String str = (String) tokenGeneratorConfig.getProperties().get(com.ibm.wsspi.wssecurity.core.Constants.CREATE_SECURITY_TOKEN_REFERENCE);
            if (str != null && str.trim().equalsIgnoreCase("true")) {
                z2 = true;
            }
        }
        if (!z2) {
            if (!tc.isDebugEnabled()) {
                return null;
            }
            Tr.debug(tc, "Do not create STR to replace token.");
            return null;
        }
        OMStructure oMStructure = (OMStructure) securityToken.getXML();
        OMElement oMElement = null;
        if (oMStructure != null) {
            oMElement = oMStructure.getNode();
        }
        OMFactory oMFactory = oMElement.getOMFactory();
        int i = 0;
        Object obj = map.get(Constants.WSS_VERSION);
        if (obj != null && (obj instanceof Integer)) {
            i = ((Integer) obj).intValue();
        }
        String str2 = Constants.NAMESPACES[0][i];
        String str3 = Constants.NAMESPACES[1][i];
        boolean z3 = false;
        String str4 = null;
        if (oMElement != null) {
            str4 = DOMUtils.getNamespacePrefix(oMElement, str2);
        }
        if (str4 == null) {
            z3 = true;
            str4 = "wsse";
        }
        OMElement createOMElement = oMFactory.createOMElement("SecurityTokenReference", str2, str4);
        if (z3) {
            createOMElement.declareNamespace(str2, "wsse");
        }
        OMElement createOMElement2 = oMFactory.createOMElement("KeyIdentifier", str2, str4);
        createOMElement2.addAttribute("ValueType", securityToken.getKeyIdentifierValueType().getLocalPart(), (OMNamespace) null);
        createOMElement2.setText(securityToken.getKeyIdentifier());
        createOMElement.addChild(createOMElement2);
        if (createOMElement != null) {
            oMElement.insertSiblingAfter(createOMElement);
        }
        securityTokenManagerImpl.getTokenWrapper(securityToken).setSignedSecurityTokenReference(createOMElement);
        return createOMElement;
    }
}
