package com.ibm.wsspi.wssecurity.token;

import com.ibm.ws.security.util.AccessController;
import com.ibm.ws.webservices.wssecurity.Constants;
import com.ibm.ws.webservices.wssecurity.token.TokenManager;
import com.ibm.ws.webservices.wssecurity.util.ConfigConstants;
import com.ibm.ws.webservices.wssecurity.util.DOMUtil;
import com.ibm.ws.wssecurity.xss4j.dsig.util.Base64;
import com.ibm.wsspi.webservices.rpc.handler.soap.SOAPMessageContext;
import com.ibm.wsspi.wssecurity.SoapSecurityException;
import com.ibm.wsspi.wssecurity.auth.callback.BinaryTokenCallback;
import com.ibm.wsspi.wssecurity.auth.callback.PropertyCallback;
import com.ibm.wsspi.wssecurity.auth.token.LTPAToken;
import com.ibm.wsspi.wssecurity.auth.token.TokenId;
import com.ibm.wsspi.wssecurity.config.CallbackHandlerConfig;
import com.ibm.wsspi.wssecurity.config.TokenGeneratorConfig;
import com.ibm.xml.soapsec.util.Tr;
import com.ibm.xml.soapsec.util.TraceComponent;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.xml.namespace.QName;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:com.ibm.ws.admin.client_6.1.0.jar:com/ibm/wsspi/wssecurity/token/LTPATokenGenerator.class */
public class LTPATokenGenerator implements TokenGeneratorComponent {
    private static final TraceComponent tc;
    private static final String comp = "security.wssecurity";
    private static final String clsName;
    private boolean _initialized = false;
    static Class class$com$ibm$wsspi$wssecurity$token$LTPATokenGenerator;
    static Class class$javax$security$auth$callback$CallbackHandler;
    static Class class$java$lang$String;
    static Class array$C;
    static Class class$java$util$Map;

    @Override // com.ibm.ws.webservices.wssecurity.WSSComponent, com.ibm.wsspi.wssecurity.Initializable
    public void init(Map map) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "init(Map map)");
        }
        if (!this._initialized) {
            this._initialized = true;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "init(Map map)");
        }
    }

    @Override // com.ibm.ws.webservices.wssecurity.WSSGeneratorComponent
    public void invoke(Document document, Element element, Map map) throws SoapSecurityException {
        Object property;
        Class cls;
        Class cls2;
        Class<?> cls3;
        Class<?> cls4;
        Class<?> cls5;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("invoke(Document doc[").append(DOMUtil.getDisplayName(document)).append("],").append("Element parent[").append(DOMUtil.getDisplayName(element)).append("],").append("Map context)").toString());
        }
        TokenGeneratorConfig tokenGeneratorConfig = (TokenGeneratorConfig) map.remove(TokenGeneratorConfig.CONFIG_KEY);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("TokenGeneratorConfig [").append(tokenGeneratorConfig).append("].").toString());
        }
        QName type = tokenGeneratorConfig.getType();
        if (type == null) {
            type = Constants.LTPA_TOKEN;
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("No token value type defined in the Token Generator configuration, defualt [").append(Constants.LTPA_TOKEN.toString()).append("] is used.").toString());
            }
        } else if (!type.equals(Constants.LTPA_TOKEN) && !type.equals(Constants.LTPA_TOKEN_PROPAGATION)) {
            throw SoapSecurityException.format("security.wssecurity.WSEC0160E", new String[]{type.toString(), clsName, new StringBuffer().append(Constants.LTPA_TOKEN.toString()).append(", ").append(Constants.LTPA_TOKEN_PROPAGATION.toString()).toString()});
        }
        SOAPMessageContext sOAPMessageContext = (SOAPMessageContext) map.get(com.ibm.wsspi.wssecurity.Constants.WSSECURITY_MESSAGE_CONTEXT);
        int i = 0;
        Object obj = map.get(Constants.WSS_VERSION);
        if (obj != null && (obj instanceof Integer)) {
            i = ((Integer) obj).intValue();
        }
        boolean isStandAlone = tokenGeneratorConfig.isStandAlone();
        CallbackHandlerConfig callbackHandler = tokenGeneratorConfig.getCallbackHandler();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("CallbackHandlerConfig [").append(tokenGeneratorConfig).append("].").toString());
        }
        byte[] bArr = null;
        if (callbackHandler != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Invoking callback handler...");
            }
            HashMap hashMap = new HashMap();
            String className = callbackHandler.getClassName();
            CallbackHandler callbackHandlerConfig = callbackHandler.getInstance();
            if (callbackHandlerConfig == null) {
                try {
                    String userId = callbackHandler.getUserId();
                    char[] userPassword = callbackHandler.getUserPassword();
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, new StringBuffer().append("Default username is [").append(userId).append("].").toString());
                        Tr.debug(tc, "password is [XXXXXXXX].");
                    }
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, new StringBuffer().append("Instantiating the callback handler [").append(className).append("]...").toString());
                    }
                    ClassLoader classLoader = (ClassLoader) AccessController.doPrivileged(new PrivilegedAction(this) { // from class: com.ibm.wsspi.wssecurity.token.LTPATokenGenerator.1
                        private final LTPATokenGenerator this$0;

                        {
                            this.this$0 = this;
                        }

                        @Override // java.security.PrivilegedAction
                        public Object run() {
                            return Thread.currentThread().getContextClassLoader();
                        }
                    });
                    Class<?> loadClass = classLoader != null ? classLoader.loadClass(className) : Class.forName(className);
                    if (class$javax$security$auth$callback$CallbackHandler == null) {
                        cls = class$("javax.security.auth.callback.CallbackHandler");
                        class$javax$security$auth$callback$CallbackHandler = cls;
                    } else {
                        cls = class$javax$security$auth$callback$CallbackHandler;
                    }
                    if (!cls.isAssignableFrom(loadClass)) {
                        if (class$javax$security$auth$callback$CallbackHandler == null) {
                            cls2 = class$("javax.security.auth.callback.CallbackHandler");
                            class$javax$security$auth$callback$CallbackHandler = cls2;
                        } else {
                            cls2 = class$javax$security$auth$callback$CallbackHandler;
                        }
                        throw SoapSecurityException.format("security.wssecurity.ConfigUtil.s17", className, cls2.getName());
                    }
                    hashMap.put(CallbackHandlerConfig.CONFIG_KEY, callbackHandler);
                    Class<?> cls6 = loadClass;
                    Class<?>[] clsArr = new Class[3];
                    if (class$java$lang$String == null) {
                        cls3 = class$("java.lang.String");
                        class$java$lang$String = cls3;
                    } else {
                        cls3 = class$java$lang$String;
                    }
                    clsArr[0] = cls3;
                    if (array$C == null) {
                        cls4 = class$("[C");
                        array$C = cls4;
                    } else {
                        cls4 = array$C;
                    }
                    clsArr[1] = cls4;
                    if (class$java$util$Map == null) {
                        cls5 = class$("java.util.Map");
                        class$java$util$Map = cls5;
                    } else {
                        cls5 = class$java$util$Map;
                    }
                    clsArr[2] = cls5;
                    callbackHandlerConfig = (CallbackHandler) cls6.getConstructor(clsArr).newInstance(userId, userPassword, hashMap);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, new StringBuffer().append("Succeeded to Instantiate the callback handler [").append(className).append("].").toString());
                    }
                    callbackHandler.setInstance(callbackHandlerConfig);
                } catch (SoapSecurityException e) {
                    throw e;
                } catch (Exception e2) {
                    Tr.processException(e2, new StringBuffer().append(clsName).append(".invoke").toString(), "237");
                    Tr.error(tc, "security.wssecurity.X509TokenGenerator.s01", new Object[]{className, e2});
                    throw SoapSecurityException.format("security.wssecurity.X509TokenGenerator.s01", className, e2);
                }
            }
            HashMap hashMap2 = new HashMap();
            if (sOAPMessageContext != null) {
                hashMap2.put(com.ibm.wsspi.wssecurity.Constants.WSSECURITY_MESSAGE_CONTEXT, sOAPMessageContext);
                hashMap2.put(Constants.WSSECURITY_CONTEXT, map);
                hashMap2.put(Constants.TOKEN_TYPE, type);
            }
            Callback[] callbackArr = {new BinaryTokenCallback("BinaryTokenCallback: "), new PropertyCallback(hashMap2)};
            try {
                AccessController.doPrivileged(new PrivilegedExceptionAction(this, callbackHandlerConfig, callbackArr) { // from class: com.ibm.wsspi.wssecurity.token.LTPATokenGenerator.2
                    private final CallbackHandler val$_handler;
                    private final Callback[] val$callbacks;
                    private final LTPATokenGenerator this$0;

                    {
                        this.this$0 = this;
                        this.val$_handler = callbackHandlerConfig;
                        this.val$callbacks = callbackArr;
                    }

                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws PrivilegedActionException {
                        try {
                            this.val$_handler.handle(this.val$callbacks);
                            return null;
                        } catch (Exception e3) {
                            throw new PrivilegedActionException(e3);
                        }
                    }
                });
                bArr = ((BinaryTokenCallback) callbackArr[0]).getCredToken();
            } catch (PrivilegedActionException e3) {
                PrivilegedActionException privilegedActionException = e3;
                if (privilegedActionException.getCause() != null) {
                    privilegedActionException = privilegedActionException.getCause();
                    if (privilegedActionException.getCause() != null) {
                        privilegedActionException = privilegedActionException.getCause();
                    }
                }
                Tr.processException(e3, new StringBuffer().append(clsName).append(".invoke").toString(), "289");
                Tr.error(tc, "security.wssecurity.X509TokenGenerator.s02", new Object[]{className, privilegedActionException});
                SoapSecurityException format = SoapSecurityException.format("security.wssecurity.X509TokenGenerator.s02", className, privilegedActionException);
                format.initCause(e3);
                throw format;
            }
        }
        if (bArr == null || bArr.length == 0) {
            throw SoapSecurityException.format("security.wssecurity.WSEC0161E");
        }
        map.remove(com.ibm.wsspi.wssecurity.Constants.WSSECURITY_KEY_EMBID);
        map.remove(com.ibm.wsspi.wssecurity.Constants.WSSECURITY_KEY_REFERENCE);
        map.remove(com.ibm.wsspi.wssecurity.Constants.WSSECURITY_KEY_ID);
        map.remove(com.ibm.wsspi.wssecurity.Constants.WSSECURITY_KEY_NAME);
        map.remove(com.ibm.wsspi.wssecurity.Constants.WSSECURITY_KEY_ISSUERNAME);
        map.remove(com.ibm.wsspi.wssecurity.Constants.WSSECURITY_KEY_ISSUERSERIAL);
        String str = null;
        if (isStandAlone && sOAPMessageContext != null && (property = sOAPMessageContext.getProperty(com.ibm.wsspi.wssecurity.Constants.WSSECURITY_TOKEN_PROPERGATION)) != null && (property instanceof Set)) {
            for (Object obj2 : (Set) property) {
                if (obj2 instanceof TokenId) {
                    TokenId tokenId = (TokenId) obj2;
                    if (type.equals(tokenId.getType())) {
                        if (str == null) {
                            str = tokenId.getId();
                        } else if (tc.isDebugEnabled()) {
                            Tr.debug(tc, new StringBuffer().append("More than one TokenId objects are found. Since the runtime tentatively uses the first identifier + \"").append(str).append("\",").append(" it neglects the identifier \"").append(tokenId.getId()).append("\".").toString());
                        }
                    }
                }
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("TokenIdentifier [").append(str).append("].").toString());
        }
        if (!checkToken(map, tokenGeneratorConfig, bArr)) {
            setTokenToSubject(map, tokenGeneratorConfig, bArr, str, (Element) element.insertBefore(createTokenElement(document, element, tokenGeneratorConfig, bArr, str, i), element.getFirstChild()));
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "invoke(Document doc,Element parent,Map context)");
        }
    }

    private static boolean checkToken(Map map, TokenGeneratorConfig tokenGeneratorConfig, byte[] bArr) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkToken(Map context,TokenGeneratorConfig config,byte[] credToken)");
        }
        boolean z = false;
        Set tokens = TokenManager.getTokens(map);
        if (tokens != null && tokens.size() > 0) {
            int i = 0;
            for (byte b : bArr) {
                i = (31 * i) + b;
            }
            String valueOf = String.valueOf(i);
            for (Object obj : tokens) {
                if (obj instanceof LTPAToken) {
                    LTPAToken lTPAToken = (LTPAToken) obj;
                    if (lTPAToken.getUsedTokenGenerator().equals(tokenGeneratorConfig) && lTPAToken.getUniqueID().equals(valueOf)) {
                        z = true;
                    }
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("checkToken(Map context,TokenGeneratorConfig config,byte[] credToken) returns boolean[").append(z).append("]").toString());
        }
        return z;
    }

    private static Element createTokenElement(Document document, Element element, TokenGeneratorConfig tokenGeneratorConfig, byte[] bArr, String str, int i) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("createTokenElement(Document doc[").append(document).append("],").append("Element parent[").append(DOMUtil.getDisplayName(element)).append("],").append("TokenGeneratorConfig config,").append("byte[] credToken,").append("String id[").append(str).append("],").append("int wssVersion[").append(i).append("])").toString());
        }
        String str2 = Constants.NAMESPACES[0][i];
        String str3 = Constants.NAMESPACES[1][i];
        boolean z = false;
        String str4 = null;
        if (element != null) {
            str4 = DOMUtil.getNamespacePrefix(element, str2);
        }
        if (str4 == null) {
            z = true;
            str4 = "wsse:";
        } else if (str4.length() > 0) {
            str4 = new StringBuffer().append(str4).append(":").toString();
        }
        Element createElementNS = document.createElementNS(str2, new StringBuffer().append(str4).append("BinarySecurityToken").toString());
        if (z) {
            createElementNS.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:wsse", str2);
        }
        if (str != null) {
            boolean z2 = false;
            String namespacePrefix = DOMUtil.getNamespacePrefix(element, str3);
            if (namespacePrefix == null) {
                z2 = true;
                namespacePrefix = "wsu:";
            } else if (str4.length() > 0) {
                namespacePrefix = new StringBuffer().append(namespacePrefix).append(":").toString();
            }
            if (z2) {
                createElementNS.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:wsu", str3);
            }
            createElementNS.setAttributeNS(Constants.NS_WSU, new StringBuffer().append(namespacePrefix).append("Id").toString(), str);
        }
        QName type = tokenGeneratorConfig.getType();
        if (type == null) {
            type = Constants.LTPA_TOKEN;
        }
        createElementNS.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:wsst", type.getNamespaceURI());
        DOMUtil.setQNameAttr(createElementNS, null, "ValueType", type, i);
        createElementNS.appendChild(document.createTextNode(Base64.encode(bArr)));
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("createTokenElement(Document doc,Element parent,TokenGeneratorConfig config,byte[] credToken,String id,int wssVersion) returns Element[").append(createElementNS).append("]").toString());
        }
        return createElementNS;
    }

    private static void setTokenToSubject(Map map, TokenGeneratorConfig tokenGeneratorConfig, byte[] bArr, String str, Element element) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("setTokenToSubject(Map context,TokenGeneratorConfig config,byte[] credToken[").append(bArr).append("],").append("String id[").append(str).append("],").append("Element elem[").append(DOMUtil.getDisplayName(element)).append("])").toString());
        }
        LTPAToken lTPAToken = new LTPAToken(str, bArr);
        lTPAToken.setElement(element);
        lTPAToken.setReferenced(!tokenGeneratorConfig.isStandAlone());
        lTPAToken.setUsedTokenGenerator(tokenGeneratorConfig);
        TokenManager.setToken(map, lTPAToken);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setTokenToSubject(Map context,TokenGeneratorConfig config,byte[] credToken,String id,Element elem)");
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        Class cls2;
        if (class$com$ibm$wsspi$wssecurity$token$LTPATokenGenerator == null) {
            cls = class$("com.ibm.wsspi.wssecurity.token.LTPATokenGenerator");
            class$com$ibm$wsspi$wssecurity$token$LTPATokenGenerator = cls;
        } else {
            cls = class$com$ibm$wsspi$wssecurity$token$LTPATokenGenerator;
        }
        tc = Tr.register(cls, ConfigConstants.TR_GROUP, ConfigConstants.TR_NLSPROPS);
        if (class$com$ibm$wsspi$wssecurity$token$LTPATokenGenerator == null) {
            cls2 = class$("com.ibm.wsspi.wssecurity.token.LTPATokenGenerator");
            class$com$ibm$wsspi$wssecurity$token$LTPATokenGenerator = cls2;
        } else {
            cls2 = class$com$ibm$wsspi$wssecurity$token$LTPATokenGenerator;
        }
        clsName = cls2.getName();
    }
}
