package com.ibm.ws.webservices.wssecurity.util;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.etools.webservice.wscbnd.LoginBinding;
import com.ibm.etools.webservice.wscommonbnd.CallbackHandlerFactory;
import com.ibm.etools.webservice.wscommonbnd.CanonicalizationMethod;
import com.ibm.etools.webservice.wscommonbnd.CertPathSettings;
import com.ibm.etools.webservice.wscommonbnd.CertStoreList;
import com.ibm.etools.webservice.wscommonbnd.CertStoreRef;
import com.ibm.etools.webservice.wscommonbnd.CollectionCertStore;
import com.ibm.etools.webservice.wscommonbnd.DataEncryptionMethod;
import com.ibm.etools.webservice.wscommonbnd.DigestMethod;
import com.ibm.etools.webservice.wscommonbnd.EncryptionInfo;
import com.ibm.etools.webservice.wscommonbnd.EncryptionKey;
import com.ibm.etools.webservice.wscommonbnd.Key;
import com.ibm.etools.webservice.wscommonbnd.KeyEncryptionMethod;
import com.ibm.etools.webservice.wscommonbnd.KeyLocator;
import com.ibm.etools.webservice.wscommonbnd.LDAPCertStore;
import com.ibm.etools.webservice.wscommonbnd.LDAPServer;
import com.ibm.etools.webservice.wscommonbnd.LoginMapping;
import com.ibm.etools.webservice.wscommonbnd.SignatureMethod;
import com.ibm.etools.webservice.wscommonbnd.SigningInfo;
import com.ibm.etools.webservice.wscommonbnd.SigningKey;
import com.ibm.etools.webservice.wscommonbnd.TokenValueType;
import com.ibm.etools.webservice.wscommonbnd.TrustAnchor;
import com.ibm.etools.webservice.wscommonbnd.TrustAnchorRef;
import com.ibm.etools.webservice.wscommonbnd.TrustAnyCertificate;
import com.ibm.etools.webservice.wscommonbnd.TrustedIDEvaluator;
import com.ibm.etools.webservice.wscommonbnd.TrustedIDEvaluatorRef;
import com.ibm.etools.webservice.wscommonext.AuthMethod;
import com.ibm.etools.webservice.wscommonext.ConfidentialPart;
import com.ibm.etools.webservice.wscommonext.ConfidentialPartPart;
import com.ibm.etools.webservice.wscommonext.Confidentiality;
import com.ibm.etools.webservice.wscommonext.IDAssertion;
import com.ibm.etools.webservice.wscommonext.Integrity;
import com.ibm.etools.webservice.wscommonext.Reference;
import com.ibm.etools.webservice.wscommonext.ReferencePart;
import com.ibm.etools.webservice.wscommonext.RequiredConfidentiality;
import com.ibm.etools.webservice.wscommonext.RequiredIntegrity;
import com.ibm.etools.webservice.wsext.LoginConfig;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.management.util.SecurityHelper;
import com.ibm.ws.runtime.service.VariableMap;
import com.ibm.ws.runtime.service.WSSecurityService;
import com.ibm.ws.webservices.wssecurity.core.ElementSelector;
import com.ibm.ws.webservices.wssecurity.core.WSSecurityDefaultConfiguration;
import com.ibm.wsspi.wssecurity.SoapSecurityException;
import com.ibm.xml.soap.security.dsig.SOAPSignature;
import com.ibm.xml.soapsec.util.ConfigUtil;
import java.io.File;
import java.security.KeyStore;
import java.security.Security;
import java.text.MessageFormat;
import java.util.HashSet;
import java.util.Set;
import org.eclipse.emf.common.util.EList;
import org.eclipse.jst.jsp.core.internal.contentmodel.tld.provisional.JSP11TLDNames;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;

/* loaded from: input_file:eclipse/plugins/com.ibm.websphere.v61_6.1.1/ws_runtime.jar:com/ibm/ws/webservices/wssecurity/util/ConfigValidation.class */
public final class ConfigValidation {
    private VariableMap varMap;
    private WSSecurityDefaultConfiguration config;
    private static String isFipsEnabled = null;
    private static boolean rsaoaepInitialized = false;
    private static boolean rsaoaepSupported = false;
    private static byte[] lock = new byte[0];
    protected final Set allowedEncAlgos;
    protected final Set allowedKeyEncAlgos;
    protected final Set allowedC14nAlgos;
    protected final Set allowedSignAlgos;
    protected final Set allowedDigestAlgos;
    private static final String comp = "security.wssecurity";
    private static final String clsName;
    private static final TraceComponent tc;
    static Class class$com$ibm$ws$webservices$wssecurity$util$ConfigValidation;

    public ConfigValidation() {
        this.varMap = null;
        this.config = null;
        this.allowedEncAlgos = new HashSet();
        this.allowedKeyEncAlgos = new HashSet();
        this.allowedC14nAlgos = new HashSet();
        this.allowedSignAlgos = new HashSet();
        this.allowedDigestAlgos = new HashSet();
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "ConfigValidation()");
        }
        init();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "ConfigValidation()");
        }
    }

    public ConfigValidation(VariableMap variableMap, WSSecurityService wSSecurityService) {
        this.varMap = null;
        this.config = null;
        this.allowedEncAlgos = new HashSet();
        this.allowedKeyEncAlgos = new HashSet();
        this.allowedC14nAlgos = new HashSet();
        this.allowedSignAlgos = new HashSet();
        this.allowedDigestAlgos = new HashSet();
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "ConfigValidation(VariableMap, WSSecurityService):", new Object[]{variableMap, wSSecurityService});
        }
        init();
        this.varMap = variableMap;
        if (wSSecurityService != null) {
            this.config = (WSSecurityDefaultConfiguration) wSSecurityService.getConfig();
        } else {
            this.config = null;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "ConfigValidation()");
        }
    }

    public ConfigValidation(VariableMap variableMap, WSSecurityDefaultConfiguration wSSecurityDefaultConfiguration) {
        this.varMap = null;
        this.config = null;
        this.allowedEncAlgos = new HashSet();
        this.allowedKeyEncAlgos = new HashSet();
        this.allowedC14nAlgos = new HashSet();
        this.allowedSignAlgos = new HashSet();
        this.allowedDigestAlgos = new HashSet();
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "ConfigValidation(VariableMap, WSSecurityDefaultConfiguration):", new Object[]{variableMap, wSSecurityDefaultConfiguration});
        }
        init();
        this.varMap = variableMap;
        this.config = wSSecurityDefaultConfiguration;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "ConfigValidation()");
        }
    }

    private void init() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "init()");
        }
        processAllowedAlgorithms(com.ibm.xml.soapsec.util.DOMUtil.getConfigValidation());
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "init()");
        }
    }

    public void initVarMap(VariableMap variableMap) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initVarMap(VariableMap):", new Object[]{variableMap});
        }
        this.varMap = variableMap;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "initVarMap()");
        }
    }

    public void initDefaultConfig(WSSecurityDefaultConfiguration wSSecurityDefaultConfiguration) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initDefaultConfig(WSSecurityDefaultConfiguration):", new Object[]{wSSecurityDefaultConfiguration});
        }
        this.config = wSSecurityDefaultConfiguration;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "initDefaultConfig()");
        }
    }

    public void initWsService(WSSecurityService wSSecurityService) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initWsService(WSSecurityService):", new Object[]{wSSecurityService});
        }
        if (wSSecurityService != null) {
            this.config = (WSSecurityDefaultConfiguration) wSSecurityService.getConfig();
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "initWsService()");
        }
    }

    public boolean requiredIntegrityValid(RequiredIntegrity requiredIntegrity) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("requiredIntegrityValid(").append(requiredIntegrity).append(")").toString());
        }
        String str = null;
        boolean z = true;
        if (requiredIntegrity != null) {
            int size = requiredIntegrity.getReferences().size();
            for (int i = 0; i < size; i++) {
                ReferencePart part = ((Reference) requiredIntegrity.getReferences().get(i)).getPart();
                String name = part != null ? part.getName() : null;
                if (!"body".equals(name) && !ElementSelector.PROCESS_TIMESTAMP.equals(name) && !"securitytoken".equals(name)) {
                    z = false;
                    Tr.error(tc, "security.wssecurity.ConfigValidation.required.integrity.invalid", new Object[]{name});
                    String format = MessageFormat.format(ConfigConstants.getMessage("security.wssecurity.ConfigValidation.required.integrity.invalid"), name);
                    str = (str == null || str.length() == 0) ? new String(format) : new String(new StringBuffer().append(str).append(" ; ").append(format).toString());
                }
            }
        }
        if (!z) {
            throw new SoapSecurityException(str);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("requiredIntegrityValid() returns ").append(z).toString());
        }
        return z;
    }

    public boolean requiredConfidentialityValid(RequiredConfidentiality requiredConfidentiality) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("requiredConfidentialityValid(").append(requiredConfidentiality).append(")").toString());
        }
        String str = null;
        boolean z = true;
        if (requiredConfidentiality != null) {
            int size = requiredConfidentiality.getConfidentialParts().size();
            for (int i = 0; i < size; i++) {
                ConfidentialPartPart part = ((ConfidentialPart) requiredConfidentiality.getConfidentialParts().get(i)).getPart();
                String name = part != null ? part.getName() : null;
                if (!JSP11TLDNames.BODYCONTENT.equals(name) && !"usernametoken".equals(name)) {
                    z = false;
                    Tr.error(tc, "security.wssecurity.ConfigValidation.required.conf.invalid", new Object[]{name});
                    String format = MessageFormat.format(ConfigConstants.getMessage("security.wssecurity.ConfigValidation.required.conf.invalid"), name);
                    str = (str == null || str.length() == 0) ? new String(format) : new String(new StringBuffer().append(str).append(" ; ").append(format).toString());
                }
            }
        }
        if (!z) {
            throw new SoapSecurityException(str);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("requiredConfidentialityValid() returns ").append(z).toString());
        }
        return z;
    }

    public boolean integrityValid(Integrity integrity) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("integrityValid(").append(integrity).append(")").toString());
        }
        String str = null;
        boolean z = true;
        if (integrity != null) {
            int size = integrity.getReferences().size();
            for (int i = 0; i < size; i++) {
                ReferencePart part = ((Reference) integrity.getReferences().get(i)).getPart();
                String name = part != null ? part.getName() : null;
                if (!"body".equals(name) && !ElementSelector.PROCESS_TIMESTAMP.equals(name) && !"securitytoken".equals(name)) {
                    z = false;
                    Tr.error(tc, "security.wssecurity.ConfigValidation.integrity.invalid", new Object[]{name});
                    String format = MessageFormat.format(ConfigConstants.getMessage("security.wssecurity.ConfigValidation.integrity.invalid"), name);
                    str = (str == null || str.length() == 0) ? new String(format) : new String(new StringBuffer().append(str).append(" ; ").append(format).toString());
                }
            }
        }
        if (!z) {
            throw new SoapSecurityException(str);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("integrityValid() returns ").append(z).toString());
        }
        return z;
    }

    public boolean confidentialityValid(Confidentiality confidentiality) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("confidentialityValid(").append(confidentiality).append(")").toString());
        }
        String str = null;
        boolean z = true;
        if (confidentiality != null) {
            int size = confidentiality.getConfidentialParts().size();
            for (int i = 0; i < size; i++) {
                ConfidentialPartPart part = ((ConfidentialPart) confidentiality.getConfidentialParts().get(i)).getPart();
                String name = part != null ? part.getName() : null;
                if (!JSP11TLDNames.BODYCONTENT.equals(name) && !"usernametoken".equals(name)) {
                    z = false;
                    Tr.error(tc, "security.wssecurity.ConfigValidation.conf.invalid", new Object[]{name});
                    String format = MessageFormat.format(ConfigConstants.getMessage("security.wssecurity.ConfigValidation.conf.invalid"), name);
                    str = (str == null || str.length() == 0) ? new String(format) : new String(new StringBuffer().append(str).append(" ; ").append(format).toString());
                }
            }
        }
        if (!z) {
            throw new SoapSecurityException(str);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("confidentialityValid() returns ").append(z).toString());
        }
        return z;
    }

    public boolean idAssertionValid(IDAssertion iDAssertion) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("idAssertionValid(").append(iDAssertion).append(")").toString());
        }
        String str = null;
        boolean z = true;
        if (iDAssertion != null) {
            String idType = iDAssertion.getIdType();
            if (!"Username".equals(idType) && !"DN".equals(idType) && !"X509Certificate".equals(idType)) {
                z = false;
                Tr.error(tc, "security.wssecurity.ConfigValidation.idassertion.type.invalid", new Object[]{idType});
                String format = MessageFormat.format(ConfigConstants.getMessage("security.wssecurity.ConfigValidation.idassertion.type.invalid"), idType);
                str = (0 == 0 || str.length() == 0) ? new String(format) : new String(new StringBuffer().append((String) null).append(" ; ").append(format).toString());
            }
            String trustMode = iDAssertion.getTrustMode();
            if (trustMode != null && !SOAPSignature.ELEM_SIGNATURE.equals(trustMode) && !SecurityHelper.basicAuth.equals(trustMode)) {
                z = false;
                Tr.error(tc, "security.wssecurity.ConfigValidation.idassertion.mode.invalid", new Object[]{trustMode});
                String format2 = MessageFormat.format(ConfigConstants.getMessage("security.wssecurity.ConfigValidation.idassertion.mode.invalid"), trustMode);
                str = (str == null || str.length() == 0) ? new String(format2) : new String(new StringBuffer().append(str).append(" ; ").append(format2).toString());
            }
        }
        if (!z) {
            throw new SoapSecurityException(str);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("idAssertionValid() returns ").append(z).toString());
        }
        return z;
    }

    public boolean scopeValid(String str) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("scopeValid(").append(str).append(")").toString());
        }
        String str2 = null;
        boolean z = true;
        if (str != null && !"Session".equals(str) && !"Request".equals(str) && !"Application".equals(str)) {
            z = false;
            Tr.error(tc, "security.wssecurity.ConfigValidation.scope.invalid", new Object[]{str});
            String format = MessageFormat.format(ConfigConstants.getMessage("security.wssecurity.ConfigValidation.scope.invalid"), str);
            str2 = (0 == 0 || str2.length() == 0) ? new String(format) : new String(new StringBuffer().append((String) null).append(" ; ").append(format).toString());
        }
        if (!z) {
            throw new SoapSecurityException(str2);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("scopeValid() returns ").append(z).toString());
        }
        return z;
    }

    private boolean signingInfoValid(SigningInfo signingInfo, EList eList, CertStoreList certStoreList, boolean z, boolean z2) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("signingInfoValid(").append(signingInfo).append(", ").append(eList).append(", ").append(certStoreList).append(", ").append(z ? "receiver" : "sender").append(", ").append("signingInfoRequired=").append(z2).append(")").toString());
        }
        String str = null;
        boolean z3 = true;
        if (signingInfo != null) {
            TrustAnchorRef trustAnchorRef = null;
            CertStoreRef certStoreRef = null;
            TrustAnyCertificate trustAnyCertificate = null;
            CanonicalizationMethod canonicalizationMethod = signingInfo.getCanonicalizationMethod();
            String str2 = null;
            if (canonicalizationMethod != null) {
                str2 = canonicalizationMethod.getAlgorithm();
            }
            DigestMethod digestMethod = signingInfo.getDigestMethod();
            String str3 = null;
            if (digestMethod != null) {
                str3 = digestMethod.getAlgorithm();
            }
            SignatureMethod signatureMethod = signingInfo.getSignatureMethod();
            String str4 = null;
            if (signatureMethod != null) {
                str4 = signatureMethod.getAlgorithm();
            }
            if (canonicalizationMethod != null && !canonicalizationMethodValid(str2)) {
                z3 = false;
                Tr.error(tc, "security.wssecurity.ConfigValidation.canon.method.invalid", new Object[]{str2});
                String format = MessageFormat.format(ConfigConstants.getMessage("security.wssecurity.ConfigValidation.canon.method.invalid"), str2);
                str = (0 == 0 || str.length() == 0) ? new String(format) : new String(new StringBuffer().append((String) null).append(" ; ").append(format).toString());
            }
            if (digestMethod != null && !digestMethodValid(str3)) {
                z3 = false;
                Tr.error(tc, "security.wssecurity.ConfigValidation.digest.method.invalid", new Object[]{str3});
                String format2 = MessageFormat.format(ConfigConstants.getMessage("security.wssecurity.ConfigValidation.digest.method.invalid"), str3);
                str = (str == null || str.length() == 0) ? new String(format2) : new String(new StringBuffer().append(str).append(" ; ").append(format2).toString());
            }
            if (signatureMethod != null && !signatureMethodValid(str4)) {
                z3 = false;
                Tr.error(tc, "security.wssecurity.ConfigValidation.sign.method.invalid", new Object[]{str4});
                String format3 = MessageFormat.format(ConfigConstants.getMessage("security.wssecurity.ConfigValidation.sign.method.invalid"), str4);
                str = (str == null || str.length() == 0) ? new String(format3) : new String(new StringBuffer().append(str).append(" ; ").append(format3).toString());
            }
            CertPathSettings certPathSettings = signingInfo.getCertPathSettings();
            if (certPathSettings != null) {
                trustAnchorRef = certPathSettings.getTrustAnchorRef();
                certStoreRef = certPathSettings.getCertStoreRef();
                trustAnyCertificate = certPathSettings.getTrustAnyCertificate();
                if (trustAnyCertificate == null && trustAnchorRef == null) {
                    z3 = false;
                    Tr.error(tc, "security.wssecurity.ConfigValidation.cps.missing.refs");
                    String message = ConfigConstants.getMessage("security.wssecurity.ConfigValidation.cps.missing.refs");
                    str = (str == null || str.length() == 0) ? new String(message) : new String(new StringBuffer().append(str).append(" ; ").append(message).toString());
                }
            } else if (z) {
                z3 = false;
                Tr.error(tc, "security.wssecurity.ConfigValidation.cps.missing");
                String message2 = ConfigConstants.getMessage("security.wssecurity.ConfigValidation.cps.missing");
                str = (str == null || str.length() == 0) ? new String(message2) : new String(new StringBuffer().append(str).append(" ; ").append(message2).toString());
            }
            SigningKey signingKey = signingInfo.getSigningKey();
            if (signingKey != null) {
                String name = signingKey.getName();
                String locatorRef = signingKey.getLocatorRef();
                if (name == null || name.length() == 0) {
                    z3 = false;
                    Tr.error(tc, "security.wssecurity.ConfigValidation.sk.missing.name");
                    String message3 = ConfigConstants.getMessage("security.wssecurity.ConfigValidation.sk.missing.name");
                    str = (str == null || str.length() == 0) ? new String(message3) : new String(new StringBuffer().append(str).append(" ; ").append(message3).toString());
                }
                if (locatorRef == null || locatorRef.length() == 0) {
                    z3 = false;
                    Tr.error(tc, "security.wssecurity.ConfigValidation.sk.missing.ref");
                    String message4 = ConfigConstants.getMessage("security.wssecurity.ConfigValidation.sk.missing.ref");
                    str = (str == null || str.length() == 0) ? new String(message4) : new String(new StringBuffer().append(str).append(" ; ").append(message4).toString());
                }
            } else if (!z) {
                z3 = false;
                Tr.error(tc, "security.wssecurity.ConfigValidation.sk.missing");
                String message5 = ConfigConstants.getMessage("security.wssecurity.ConfigValidation.sk.missing");
                str = (str == null || str.length() == 0) ? new String(message5) : new String(new StringBuffer().append(str).append(" ; ").append(message5).toString());
            }
            if (trustAnyCertificate != null) {
                String str5 = null;
                if (trustAnchorRef != null) {
                    str5 = trustAnchorRef.getRef();
                }
                if (str5 != null && str5.length() != 0) {
                    boolean z4 = false;
                    if (eList != null && !eList.isEmpty()) {
                        KeyStore keyStore = null;
                        int size = eList.size();
                        int i = 0;
                        while (true) {
                            if (i >= size) {
                                break;
                            }
                            TrustAnchor trustAnchor = (TrustAnchor) eList.get(i);
                            if (str5.equals(trustAnchor.getName())) {
                                z4 = true;
                                com.ibm.etools.webservice.wscommonbnd.KeyStore keyStore2 = trustAnchor.getKeyStore();
                                String keyStoreRef = keyStore2.getKeyStoreRef();
                                if (keyStoreRef != null) {
                                    keyStore = ConfigUtil.getKeyStore(keyStoreRef);
                                } else {
                                    try {
                                        keyStore = ConfigUtil.getKeyStore(keyStore2.getType(), this.varMap == null ? new File(keyStore2.getPath()) : new File(this.varMap.expand(keyStore2.getPath())), keyStore2.getStorepass().toCharArray());
                                    } catch (SoapSecurityException e) {
                                    }
                                }
                                if (keyStore == null && tc.isDebugEnabled()) {
                                    Tr.debug(tc, new StringBuffer().append("Unable to open keystore \"").append(keyStore2.getPath()).append("\".").toString());
                                }
                            } else {
                                i++;
                            }
                        }
                        if (keyStore == null && this.config != null) {
                            keyStore = this.config.getTrustAnchor(str5);
                        }
                        if (keyStore == null) {
                            z3 = false;
                            Tr.error(tc, "security.wssecurity.ConfigValidation.keystore.taref.open", new Object[]{str5});
                            String format4 = MessageFormat.format(ConfigConstants.getMessage("security.wssecurity.ConfigValidation.keystore.taref.open"), str5);
                            str = (str == null || str.length() == 0) ? new String(format4) : new String(new StringBuffer().append(str).append(" ; ").append(format4).toString());
                        }
                    }
                    if (!z4 && z) {
                        z3 = false;
                        Tr.error(tc, "security.wssecurity.ConfigValidation.taref.notfound", new Object[]{str5});
                        String format5 = MessageFormat.format(ConfigConstants.getMessage("security.wssecurity.ConfigValidation.taref.notfound"), str5);
                        str = (str == null || str.length() == 0) ? new String(format5) : new String(new StringBuffer().append(str).append(" ; ").append(format5).toString());
                    }
                }
            }
            if (trustAnyCertificate != null) {
                String str6 = null;
                if (certStoreRef != null) {
                    str6 = certStoreRef.getRef();
                }
                if (str6 != null && str6.length() != 0) {
                    boolean z5 = false;
                    if (certStoreList != null) {
                        EList collectionCertStores = certStoreList.getCollectionCertStores();
                        if (collectionCertStores != null && !collectionCertStores.isEmpty()) {
                            int size2 = collectionCertStores.size();
                            int i2 = 0;
                            while (true) {
                                if (i2 >= size2) {
                                    break;
                                }
                                CollectionCertStore collectionCertStore = (CollectionCertStore) collectionCertStores.get(i2);
                                if (str6.equals(collectionCertStore.getName())) {
                                    z5 = true;
                                    String name2 = collectionCertStore.getName();
                                    if (name2 == null || name2.length() == 0) {
                                        z3 = false;
                                        Tr.error(tc, "security.wssecurity.ConfigValidation.ccs.missing.name");
                                        String message6 = ConfigConstants.getMessage("security.wssecurity.ConfigValidation.ccs.missing.name");
                                        str = (str == null || str.length() == 0) ? new String(message6) : new String(new StringBuffer().append(str).append(" ; ").append(message6).toString());
                                    }
                                    String provider = collectionCertStore.getProvider();
                                    if (provider == null || provider.length() == 0) {
                                        z3 = false;
                                        Tr.error(tc, "security.wssecurity.ConfigValidation.ccs.missing.provider");
                                        String message7 = ConfigConstants.getMessage("security.wssecurity.ConfigValidation.ccs.missing.provider");
                                        str = (str == null || str.length() == 0) ? new String(message7) : new String(new StringBuffer().append(str).append(" ; ").append(message7).toString());
                                    }
                                    EList x509Certificates = collectionCertStore.getX509Certificates();
                                    if (x509Certificates == null || x509Certificates.size() < 1) {
                                        z3 = false;
                                        Tr.error(tc, "security.wssecurity.ConfigValidation.ccs.missing.cert");
                                        String message8 = ConfigConstants.getMessage("security.wssecurity.ConfigValidation.ccs.missing.cert");
                                        str = (str == null || str.length() == 0) ? new String(message8) : new String(new StringBuffer().append(str).append(" ; ").append(message8).toString());
                                    }
                                } else {
                                    i2++;
                                }
                            }
                        }
                        EList ldapCertStores = certStoreList.getLdapCertStores();
                        if (ldapCertStores != null && !ldapCertStores.isEmpty()) {
                            int size3 = ldapCertStores.size();
                            int i3 = 0;
                            while (true) {
                                if (i3 >= size3) {
                                    break;
                                }
                                LDAPCertStore lDAPCertStore = (LDAPCertStore) ldapCertStores.get(i3);
                                if (str6.equals(lDAPCertStore.getName())) {
                                    z5 = true;
                                    String name3 = lDAPCertStore.getName();
                                    if (name3 == null || name3.length() == 0) {
                                        z3 = false;
                                        Tr.error(tc, "security.wssecurity.ConfigValidation.lcs.missing.name");
                                        String message9 = ConfigConstants.getMessage("security.wssecurity.ConfigValidation.lcs.missing.name");
                                        str = (str == null || str.length() == 0) ? new String(message9) : new String(new StringBuffer().append(str).append(" ; ").append(message9).toString());
                                    }
                                    String provider2 = lDAPCertStore.getProvider();
                                    if (provider2 == null || provider2.length() == 0) {
                                        z3 = false;
                                        Tr.error(tc, "security.wssecurity.ConfigValidation.lcs.missing.provider");
                                        String message10 = ConfigConstants.getMessage("security.wssecurity.ConfigValidation.lcs.missing.provider");
                                        str = (str == null || str.length() == 0) ? new String(message10) : new String(new StringBuffer().append(str).append(" ; ").append(message10).toString());
                                    }
                                    LDAPServer ldapServer = lDAPCertStore.getLdapServer();
                                    if (ldapServer == null) {
                                        z3 = false;
                                        Tr.error(tc, "security.wssecurity.ConfigValidation.lcs.missing.server");
                                        String message11 = ConfigConstants.getMessage("security.wssecurity.ConfigValidation.lcs.missing.server");
                                        str = (str == null || str.length() == 0) ? new String(message11) : new String(new StringBuffer().append(str).append(" ; ").append(message11).toString());
                                    } else {
                                        String host = ldapServer.getHost();
                                        if (host == null || host.length() == 0) {
                                            z3 = false;
                                            Tr.error(tc, "security.wssecurity.ConfigValidation.ldap.missing.host");
                                            String message12 = ConfigConstants.getMessage("security.wssecurity.ConfigValidation.ldap.missing.host");
                                            str = (str == null || str.length() == 0) ? new String(message12) : new String(new StringBuffer().append(str).append(" ; ").append(message12).toString());
                                        }
                                        String port = ldapServer.getPort();
                                        if (port == null || port.length() == 0) {
                                            z3 = false;
                                            Tr.error(tc, "security.wssecurity.ConfigValidation.ldap.missing.port");
                                            String message13 = ConfigConstants.getMessage("security.wssecurity.ConfigValidation.ldap.missing.port");
                                            str = (str == null || str.length() == 0) ? new String(message13) : new String(new StringBuffer().append(str).append(" ; ").append(message13).toString());
                                        }
                                    }
                                } else {
                                    i3++;
                                }
                            }
                        }
                    }
                    if (!z5 && this.config != null && this.config.getCertStore(str6) != null) {
                        z5 = true;
                    }
                    if (!z5 && z) {
                        z3 = false;
                        Tr.error(tc, "security.wssecurity.ConfigValidation.csref.notfound", new Object[]{str6});
                        String format6 = MessageFormat.format(ConfigConstants.getMessage("security.wssecurity.ConfigValidation.csref.notfound"), str6);
                        str = (str == null || str.length() == 0) ? new String(format6) : new String(new StringBuffer().append(str).append(" ; ").append(format6).toString());
                    }
                }
            }
        } else if (z2) {
            z3 = false;
            Tr.error(tc, "security.wssecurity.ConfigValidation.sign.info.required");
            String message14 = ConfigConstants.getMessage("security.wssecurity.ConfigValidation.sign.info.required");
            str = (0 == 0 || str.length() == 0) ? new String(message14) : new String(new StringBuffer().append((String) null).append(" ; ").append(message14).toString());
        }
        if (!z3) {
            throw new SoapSecurityException(str);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("signingInfoValid() returns ").append(z3).toString());
        }
        return z3;
    }

    public boolean receiverSigningInfoValid(EList eList, EList eList2, CertStoreList certStoreList, RequiredIntegrity requiredIntegrity) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("receiverSigningInfoValid(").append(eList).append(", ").append(eList2).append(", ").append(certStoreList).append(", ").append(requiredIntegrity).append(")").toString());
        }
        String str = null;
        boolean z = false;
        if (requiredIntegrity != null) {
            int size = requiredIntegrity.getReferences().size();
            int i = 0;
            while (true) {
                if (i >= size) {
                    break;
                }
                ReferencePart part = ((Reference) requiredIntegrity.getReferences().get(i)).getPart();
                String name = part != null ? part.getName() : null;
                if (name != null && name.length() != 0) {
                    z = true;
                    break;
                }
                i++;
            }
        }
        boolean z2 = true;
        if (eList != null && !eList.isEmpty()) {
            boolean z3 = false;
            int size2 = eList.size();
            for (int i2 = 0; i2 < size2; i2++) {
                SigningInfo signingInfo = (SigningInfo) eList.get(i2);
                if (!signingInfoValid(signingInfo, eList2, certStoreList, true, z)) {
                    z2 = false;
                }
                if (z && signingInfo != null && signingInfo.getSignatureMethod() != null && signingInfo.getDigestMethod() != null && signingInfo.getCanonicalizationMethod() != null) {
                    z3 = true;
                }
            }
            if (z && !z3) {
                z2 = false;
                Tr.error(tc, "security.wssecurity.ConfigValidation.sign.algos.required");
                String message = ConfigConstants.getMessage("security.wssecurity.ConfigValidation.sign.algos.required");
                str = (0 == 0 || str.length() == 0) ? new String(message) : new String(new StringBuffer().append((String) null).append(" ; ").append(message).toString());
            }
        } else if (z) {
            z2 = false;
            Tr.error(tc, "security.wssecurity.ConfigValidation.sign.info.required");
            String message2 = ConfigConstants.getMessage("security.wssecurity.ConfigValidation.sign.info.required");
            str = (0 == 0 || str.length() == 0) ? new String(message2) : new String(new StringBuffer().append((String) null).append(" ; ").append(message2).toString());
        }
        if (!z2) {
            throw new SoapSecurityException(str);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("receiverSigningInfoValid() returns ").append(z2).toString());
        }
        return z2;
    }

    public boolean senderSigningInfoValid(SigningInfo signingInfo, EList eList, CertStoreList certStoreList, Integrity integrity) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("senderSigningInfoValid(").append(signingInfo).append(", ").append(eList).append(", ").append(certStoreList).append(", ").append(integrity).append(")").toString());
        }
        String str = null;
        boolean z = false;
        if (integrity != null) {
            int size = integrity.getReferences().size();
            int i = 0;
            while (true) {
                if (i >= size) {
                    break;
                }
                ReferencePart part = ((Reference) integrity.getReferences().get(i)).getPart();
                String str2 = null;
                if (part != null) {
                    str2 = part.getName();
                }
                if (str2 != null && str2.length() != 0) {
                    z = true;
                    break;
                }
                i++;
            }
        }
        boolean signingInfoValid = signingInfoValid(signingInfo, eList, certStoreList, false, z);
        if (z && signingInfo != null && (signingInfo.getSignatureMethod() == null || signingInfo.getDigestMethod() == null || signingInfo.getCanonicalizationMethod() == null)) {
            signingInfoValid = false;
            Tr.error(tc, "security.wssecurity.ConfigValidation.sign.algos.required");
            String message = ConfigConstants.getMessage("security.wssecurity.ConfigValidation.sign.algos.required");
            str = (0 == 0 || str.length() == 0) ? new String(message) : new String(new StringBuffer().append((String) null).append(" ; ").append(message).toString());
        }
        if (!signingInfoValid) {
            throw new SoapSecurityException(str);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("senderSigningInfoValid() returns ").append(signingInfoValid).toString());
        }
        return signingInfoValid;
    }

    public boolean encryptionInfosValid(EList eList, EList eList2, RequiredConfidentiality requiredConfidentiality) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("encryptionInfosValid(").append(eList).append(", ").append(eList2).append(", ").append(requiredConfidentiality).append(")").toString());
        }
        String str = null;
        boolean z = false;
        if (requiredConfidentiality != null) {
            int size = requiredConfidentiality.getConfidentialParts().size();
            int i = 0;
            while (true) {
                if (i >= size) {
                    break;
                }
                ConfidentialPartPart part = ((ConfidentialPart) requiredConfidentiality.getConfidentialParts().get(i)).getPart();
                String name = part != null ? part.getName() : null;
                if (name != null && name.length() != 0) {
                    z = true;
                    break;
                }
                i++;
            }
        }
        boolean z2 = true;
        if (eList != null && !eList.isEmpty()) {
            int size2 = eList.size();
            for (int i2 = 0; i2 < size2; i2++) {
                if (!privateEncInfoValid((EncryptionInfo) eList.get(i2), eList2, z)) {
                    z2 = false;
                }
            }
        } else if (z) {
            z2 = false;
            Tr.error(tc, "security.wssecurity.ConfigValidation.enc.info.required");
            String message = ConfigConstants.getMessage("security.wssecurity.ConfigValidation.enc.info.required");
            str = (0 == 0 || str.length() == 0) ? new String(message) : new String(new StringBuffer().append((String) null).append(" ; ").append(message).toString());
        }
        if (!z2) {
            throw new SoapSecurityException(str);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("encryptionInfosValid() returns ").append(z2).toString());
        }
        return z2;
    }

    public boolean encryptionInfoValid(EncryptionInfo encryptionInfo, EList eList, Confidentiality confidentiality) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("encryptionInfoValid(").append(encryptionInfo).append(", ").append(eList).append(", ").append(confidentiality).append(")").toString());
        }
        boolean z = false;
        if (confidentiality != null) {
            int size = confidentiality.getConfidentialParts().size();
            int i = 0;
            while (true) {
                if (i >= size) {
                    break;
                }
                ConfidentialPartPart part = ((ConfidentialPart) confidentiality.getConfidentialParts().get(i)).getPart();
                String str = null;
                if (part != null) {
                    str = part.getName();
                }
                if (str != null && str.length() != 0) {
                    z = true;
                    break;
                }
                i++;
            }
        }
        boolean privateEncInfoValid = privateEncInfoValid(encryptionInfo, eList, z);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("encryptionInfoValid() returns ").append(privateEncInfoValid).toString());
        }
        return privateEncInfoValid;
    }

    private boolean privateEncInfoValid(EncryptionInfo encryptionInfo, EList eList, boolean z) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("privateEncInfoValid(").append(encryptionInfo).append(", ").append(eList).append(", ").append(z).append(")").toString());
        }
        String str = null;
        boolean z2 = true;
        if (encryptionInfo != null) {
            String str2 = null;
            EncryptionKey encryptionKey = encryptionInfo.getEncryptionKey();
            DataEncryptionMethod encryptionMethod = encryptionInfo.getEncryptionMethod();
            KeyEncryptionMethod keyEncryptionMethod = encryptionInfo.getKeyEncryptionMethod();
            if (encryptionKey == null) {
                z2 = false;
                Tr.error(tc, "security.wssecurity.ConfigValidation.ei.missing.key");
                String message = ConfigConstants.getMessage("security.wssecurity.ConfigValidation.ei.missing.key");
                str = (0 == 0 || str.length() == 0) ? new String(message) : new String(new StringBuffer().append((String) null).append(" ; ").append(message).toString());
            } else {
                str2 = encryptionKey.getLocatorRef();
                if (str2 == null || str2.length() == 0) {
                    z2 = false;
                    Tr.error(tc, "security.wssecurity.ConfigValidation.ei.missing.key.loc.ref");
                    String message2 = ConfigConstants.getMessage("security.wssecurity.ConfigValidation.ei.missing.key.loc.ref");
                    str = (0 == 0 || str.length() == 0) ? new String(message2) : new String(new StringBuffer().append((String) null).append(" ; ").append(message2).toString());
                }
            }
            if (encryptionMethod == null) {
                z2 = false;
                Tr.error(tc, "security.wssecurity.ConfigValidation.ei.missing.enc.method");
                String message3 = ConfigConstants.getMessage("security.wssecurity.ConfigValidation.ei.missing.enc.method");
                str = (str == null || str.length() == 0) ? new String(message3) : new String(new StringBuffer().append(str).append(" ; ").append(message3).toString());
            } else {
                String algorithm = encryptionMethod.getAlgorithm();
                if (!encryptionMethodValid(algorithm)) {
                    z2 = false;
                    Tr.error(tc, "security.wssecurity.ConfigValidation.enc.method.invalid", new Object[]{algorithm});
                    String format = MessageFormat.format(ConfigConstants.getMessage("security.wssecurity.ConfigValidation.enc.method.invalid"), algorithm);
                    str = (str == null || str.length() == 0) ? new String(format) : new String(new StringBuffer().append(str).append(" ; ").append(format).toString());
                }
            }
            if (keyEncryptionMethod != null) {
                String algorithm2 = keyEncryptionMethod.getAlgorithm();
                if (!keyEncryptionMethodValid(algorithm2)) {
                    z2 = false;
                    Tr.error(tc, "security.wssecurity.ConfigValidation.keyenc.method.invalid", new Object[]{algorithm2});
                    String format2 = MessageFormat.format(ConfigConstants.getMessage("security.wssecurity.ConfigValidation.keyenc.method.invalid"), algorithm2);
                    str = (str == null || str.length() == 0) ? new String(format2) : new String(new StringBuffer().append(str).append(" ; ").append(format2).toString());
                }
            }
            if (str2 != null && str2.length() > 0) {
                boolean z3 = false;
                if (eList != null && !eList.isEmpty()) {
                    int size = eList.size();
                    int i = 0;
                    while (true) {
                        if (i >= size) {
                            break;
                        }
                        KeyLocator keyLocator = (KeyLocator) eList.get(i);
                        if (str2.equals(keyLocator.getName())) {
                            z3 = true;
                            if (keyLocator.getClassname() == null || keyLocator.getClassname().length() == 0) {
                                z2 = false;
                                Tr.error(tc, "security.wssecurity.ConfigValidation.keyloc.missing.classname");
                                String message4 = ConfigConstants.getMessage("security.wssecurity.ConfigValidation.keyloc.missing.classname");
                                str = (str == null || str.length() == 0) ? new String(message4) : new String(new StringBuffer().append(str).append(" ; ").append(message4).toString());
                            }
                            com.ibm.etools.webservice.wscommonbnd.KeyStore keyStore = keyLocator.getKeyStore();
                            KeyStore keyStore2 = null;
                            if (keyStore != null) {
                                String keyStoreRef = keyStore.getKeyStoreRef();
                                if (keyStoreRef != null) {
                                    keyStore2 = ConfigUtil.getKeyStore(keyStoreRef);
                                } else {
                                    try {
                                        keyStore2 = ConfigUtil.getKeyStore(keyStore.getType(), this.varMap == null ? new File(keyStore.getPath()) : new File(this.varMap.expand(keyStore.getPath())), keyStore.getStorepass().toCharArray());
                                    } catch (SoapSecurityException e) {
                                    }
                                }
                                if (keyStore2 == null) {
                                    z2 = false;
                                    Tr.error(tc, "security.wssecurity.ConfigValidation.keystore.open", new Object[]{keyStore.getPath()});
                                    String format3 = MessageFormat.format(ConfigConstants.getMessage("security.wssecurity.ConfigValidation.keystore.open"), keyStore.getPath());
                                    str = (str == null || str.length() == 0) ? new String(format3) : new String(new StringBuffer().append(str).append(" ; ").append(format3).toString());
                                }
                            }
                            EList keys = keyLocator.getKeys();
                            if (keys != null && !keys.isEmpty()) {
                                int size2 = keys.size();
                                for (int i2 = 0; i2 < size2; i2++) {
                                    Key key = (Key) keys.get(i2);
                                    String alias = key.getAlias();
                                    String keypass = key.getKeypass();
                                    String name = key.getName();
                                    if (alias == null || alias.length() == 0) {
                                        z2 = false;
                                        Tr.error(tc, "security.wssecurity.ConfigValidation.key.missing.alias");
                                        String message5 = ConfigConstants.getMessage("security.wssecurity.ConfigValidation.key.missing.alias");
                                        str = (str == null || str.length() == 0) ? new String(message5) : new String(new StringBuffer().append(str).append(" ; ").append(message5).toString());
                                    }
                                    if (keypass == null || keypass.length() == 0) {
                                        z2 = false;
                                        Tr.error(tc, "security.wssecurity.ConfigValidation.key.missing.keypass");
                                        String message6 = ConfigConstants.getMessage("security.wssecurity.ConfigValidation.key.missing.keypass");
                                        str = (str == null || str.length() == 0) ? new String(message6) : new String(new StringBuffer().append(str).append(" ; ").append(message6).toString());
                                    }
                                    if (name == null || name.length() == 0) {
                                        z2 = false;
                                        Tr.error(tc, "security.wssecurity.ConfigValidation.key.missing.name");
                                        String message7 = ConfigConstants.getMessage("security.wssecurity.ConfigValidation.key.missing.name");
                                        str = (str == null || str.length() == 0) ? new String(message7) : new String(new StringBuffer().append(str).append(" ; ").append(message7).toString());
                                    }
                                }
                            }
                        } else {
                            i++;
                        }
                    }
                }
                if (!z3 && this.config != null && this.config.getKeyLocator(str2).getKeyLocator5(null) != null) {
                    z3 = true;
                }
                if (!z3) {
                    z2 = false;
                    Tr.error(tc, "security.wssecurity.ConfigValidation.keylocref.notfound", new Object[]{str2});
                    String format4 = MessageFormat.format(ConfigConstants.getMessage("security.wssecurity.ConfigValidation.keylocref.notfound"), str2);
                    str = (str == null || str.length() == 0) ? new String(format4) : new String(new StringBuffer().append(str).append(" ; ").append(format4).toString());
                }
            }
        } else if (z) {
            z2 = false;
            Tr.error(tc, "security.wssecurity.ConfigValidation.enc.info.required");
            String message8 = ConfigConstants.getMessage("security.wssecurity.ConfigValidation.enc.info.required");
            str = (0 == 0 || str.length() == 0) ? new String(message8) : new String(new StringBuffer().append((String) null).append(" ; ").append(message8).toString());
        }
        if (!z2) {
            throw new SoapSecurityException(str);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("privateEncInfoValid() returns ").append(z2).toString());
        }
        return z2;
    }

    public boolean loginMappingValid(EList eList, LoginConfig loginConfig) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("loginMappingValid(").append(eList).append(", ").append(loginConfig).append(")").toString());
        }
        String str = null;
        boolean z = true;
        if (loginConfig != null) {
            EList authMethods = loginConfig.getAuthMethods();
            if (authMethods == null || authMethods.isEmpty()) {
                z = false;
                Tr.error(tc, "security.wssecurity.ConfigValidation.lc.missing.authmethod");
                String message = ConfigConstants.getMessage("security.wssecurity.ConfigValidation.lc.missing.authmethod");
                str = (0 == 0 || str.length() == 0) ? new String(message) : new String(new StringBuffer().append((String) null).append(" ; ").append(message).toString());
            } else {
                int size = authMethods.size();
                for (int i = 0; i < size; i++) {
                    AuthMethod authMethod = (AuthMethod) authMethods.get(i);
                    String text = authMethod != null ? authMethod.getText() : null;
                    if (text == null || text.length() == 0) {
                        z = false;
                        Tr.error(tc, "security.wssecurity.ConfigValidation.lc.missing.authmethod");
                        String message2 = ConfigConstants.getMessage("security.wssecurity.ConfigValidation.lc.missing.authmethod");
                        str = (str == null || str.length() == 0) ? new String(message2) : new String(new StringBuffer().append(str).append(" ; ").append(message2).toString());
                    } else {
                        boolean z2 = false;
                        if (eList != null && !eList.isEmpty()) {
                            int size2 = eList.size();
                            int i2 = 0;
                            while (true) {
                                if (i2 >= size2) {
                                    break;
                                }
                                if (text.equals(((LoginMapping) eList.get(i2)).getAuthMethod())) {
                                    z2 = true;
                                    break;
                                }
                                i2++;
                            }
                        }
                        if (!z2 && this.config != null && this.config.getLoginMapping(text) != null) {
                            z2 = true;
                        }
                        if (!z2) {
                            z = false;
                            Tr.error(tc, "security.wssecurity.ConfigValidation.lc.authmethod.invalid", new Object[]{text});
                            String format = MessageFormat.format(ConfigConstants.getMessage("security.wssecurity.ConfigValidation.lc.authmethod.invalid"), text);
                            str = (str == null || str.length() == 0) ? new String(format) : new String(new StringBuffer().append(str).append(" ; ").append(format).toString());
                        }
                    }
                }
            }
        }
        if (eList != null && !eList.isEmpty()) {
            int size3 = eList.size();
            for (int i3 = 0; i3 < size3; i3++) {
                boolean z3 = false;
                LoginMapping loginMapping = (LoginMapping) eList.get(i3);
                String authMethod2 = loginMapping.getAuthMethod();
                if (authMethod2 == null || authMethod2.length() == 0) {
                    z = false;
                    Tr.error(tc, "security.wssecurity.ConfigValidation.lm.missing.authmethod");
                    String message3 = ConfigConstants.getMessage("security.wssecurity.ConfigValidation.lm.missing.authmethod");
                    str = (str == null || str.length() == 0) ? new String(message3) : new String(new StringBuffer().append(str).append(" ; ").append(message3).toString());
                } else if (!authMethodValid(authMethod2)) {
                    z = false;
                    Tr.error(tc, "security.wssecurity.ConfigValidation.lm.authmethod.invalid", new Object[]{authMethod2});
                    String format2 = MessageFormat.format(ConfigConstants.getMessage("security.wssecurity.ConfigValidation.lm.authmethod.invalid"), authMethod2);
                    str = (str == null || str.length() == 0) ? new String(format2) : new String(new StringBuffer().append(str).append(" ; ").append(format2).toString());
                } else if (!authMethodKnown(authMethod2)) {
                    z3 = true;
                }
                if (z3) {
                    TokenValueType tokenValueType = loginMapping.getTokenValueType();
                    if (tokenValueType == null) {
                        z = false;
                        Tr.error(tc, "security.wssecurity.ConfigValidation.lm.missing.tokvaltype");
                        String message4 = ConfigConstants.getMessage("security.wssecurity.ConfigValidation.lm.missing.tokvaltype");
                        str = (str == null || str.length() == 0) ? new String(message4) : new String(new StringBuffer().append(str).append(" ; ").append(message4).toString());
                    } else {
                        String uri = tokenValueType.getUri();
                        String localName = tokenValueType.getLocalName();
                        if (uri == null || uri.length() == 0) {
                            z = false;
                            Tr.error(tc, "security.wssecurity.ConfigValidation.tvt.missing.uri");
                            String message5 = ConfigConstants.getMessage("security.wssecurity.ConfigValidation.tvt.missing.uri");
                            str = (str == null || str.length() == 0) ? new String(message5) : new String(new StringBuffer().append(str).append(" ; ").append(message5).toString());
                        }
                        if (localName == null || localName.length() == 0) {
                            z = false;
                            Tr.error(tc, "security.wssecurity.ConfigValidation.tvt.missing.localname");
                            String message6 = ConfigConstants.getMessage("security.wssecurity.ConfigValidation.tvt.missing.localname");
                            str = (str == null || str.length() == 0) ? new String(message6) : new String(new StringBuffer().append(str).append(" ; ").append(message6).toString());
                        }
                    }
                }
                String configName = loginMapping.getConfigName();
                if (configName == null || configName.length() == 0) {
                    z = false;
                    Tr.error(tc, "security.wssecurity.ConfigValidation.lm.missing.configname");
                    String message7 = ConfigConstants.getMessage("security.wssecurity.ConfigValidation.lm.missing.configname");
                    str = (str == null || str.length() == 0) ? new String(message7) : new String(new StringBuffer().append(str).append(" ; ").append(message7).toString());
                }
                CallbackHandlerFactory callbackHandlerFactory = loginMapping.getCallbackHandlerFactory();
                if (callbackHandlerFactory == null) {
                    z = false;
                    Tr.error(tc, "security.wssecurity.ConfigValidation.lm.missing.ch.factory");
                    String message8 = ConfigConstants.getMessage("security.wssecurity.ConfigValidation.lm.missing.ch.factory");
                    str = (str == null || str.length() == 0) ? new String(message8) : new String(new StringBuffer().append(str).append(" ; ").append(message8).toString());
                } else {
                    String classname = callbackHandlerFactory.getClassname();
                    if (classname == null || classname.length() == 0) {
                        z = false;
                        Tr.error(tc, "security.wssecurity.ConfigValidation.lm.missing.ch.classname");
                        String message9 = ConfigConstants.getMessage("security.wssecurity.ConfigValidation.lm.missing.ch.classname");
                        str = (str == null || str.length() == 0) ? new String(message9) : new String(new StringBuffer().append(str).append(" ; ").append(message9).toString());
                    }
                }
            }
        }
        if (!z) {
            throw new SoapSecurityException(str);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("loginMappingValid() returns ").append(z).toString());
        }
        return z;
    }

    public boolean trustedIDEvaluatorRefValid(TrustedIDEvaluatorRef trustedIDEvaluatorRef) throws SoapSecurityException {
        String ref;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("trustedIDEvaluatorRefValid(").append(trustedIDEvaluatorRef).append(")").toString());
        }
        String str = null;
        boolean z = true;
        if (trustedIDEvaluatorRef != null && ((ref = trustedIDEvaluatorRef.getRef()) == null || ref.length() == 0)) {
            z = false;
            Tr.error(tc, "security.wssecurity.ConfigValidation.tier.missing.ref");
            String message = ConfigConstants.getMessage("security.wssecurity.ConfigValidation.tier.missing.ref");
            str = (0 == 0 || str.length() == 0) ? new String(message) : new String(new StringBuffer().append((String) null).append(" ; ").append(message).toString());
        }
        if (!z) {
            throw new SoapSecurityException(str);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("trustedIDEvaluatorRefValid() returns ").append(z).toString());
        }
        return z;
    }

    public boolean trustedIDEvaluatorValid(TrustedIDEvaluator trustedIDEvaluator) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("trustedIDEvaluatorValid(").append(trustedIDEvaluator).append(")").toString());
        }
        String str = null;
        boolean z = true;
        if (trustedIDEvaluator != null) {
            String classname = trustedIDEvaluator.getClassname();
            String name = trustedIDEvaluator.getName();
            if (classname == null || classname.length() == 0) {
                z = false;
                Tr.error(tc, "security.wssecurity.ConfigValidation.tie.missing.classname");
                String message = ConfigConstants.getMessage("security.wssecurity.ConfigValidation.tie.missing.classname");
                str = (0 == 0 || str.length() == 0) ? new String(message) : new String(new StringBuffer().append((String) null).append(" ; ").append(message).toString());
            }
            if (name == null || name.length() == 0) {
                z = false;
                Tr.error(tc, "security.wssecurity.ConfigValidation.tie.missing.name");
                String message2 = ConfigConstants.getMessage("security.wssecurity.ConfigValidation.tie.missing.name");
                str = (str == null || str.length() == 0) ? new String(message2) : new String(new StringBuffer().append(str).append(" ; ").append(message2).toString());
            }
        }
        if (!z) {
            throw new SoapSecurityException(str);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("trustedIDEvaluatorValid() returns ").append(z).toString());
        }
        return z;
    }

    public boolean loginBindingValid(LoginBinding loginBinding, com.ibm.etools.webservice.wscext.LoginConfig loginConfig) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("loginBindingValid(").append(loginBinding).append(", ").append(loginConfig).append(")").toString());
        }
        String str = null;
        boolean z = true;
        if (loginConfig != null) {
            String authMethod = loginConfig.getAuthMethod();
            if (authMethod == null || authMethod.length() == 0) {
                z = false;
                Tr.error(tc, "security.wssecurity.ConfigValidation.lc.missing.authmethod");
                String message = ConfigConstants.getMessage("security.wssecurity.ConfigValidation.lc.missing.authmethod");
                str = (0 == 0 || str.length() == 0) ? new String(message) : new String(new StringBuffer().append((String) null).append(" ; ").append(message).toString());
            } else {
                boolean z2 = false;
                if (loginBinding != null && authMethod.equals(loginBinding.getAuthMethod())) {
                    z2 = true;
                }
                if (!z2) {
                    z = false;
                    Tr.error(tc, "security.wssecurity.ConfigValidation.lc.authmethod.invalid", new Object[]{authMethod});
                    String format = MessageFormat.format(ConfigConstants.getMessage("security.wssecurity.ConfigValidation.lc.authmethod.invalid"), authMethod);
                    str = (0 == 0 || str.length() == 0) ? new String(format) : new String(new StringBuffer().append((String) null).append(" ; ").append(format).toString());
                }
            }
        }
        if (loginBinding != null) {
            String authMethod2 = loginBinding.getAuthMethod();
            boolean z3 = false;
            if (authMethod2 == null || authMethod2.length() == 0) {
                z = false;
                Tr.error(tc, "security.wssecurity.ConfigValidation.lb.missing.authmethod");
                String message2 = ConfigConstants.getMessage("security.wssecurity.ConfigValidation.lb.missing.authmethod");
                str = (str == null || str.length() == 0) ? new String(message2) : new String(new StringBuffer().append(str).append(" ; ").append(message2).toString());
            } else if (!authMethodValid(authMethod2)) {
                z = false;
                Tr.error(tc, "security.wssecurity.ConfigValidation.lb.authmethod.invalid", new Object[]{authMethod2});
                String format2 = MessageFormat.format(ConfigConstants.getMessage("security.wssecurity.ConfigValidation.lb.authmethod.invalid"), authMethod2);
                str = (str == null || str.length() == 0) ? new String(format2) : new String(new StringBuffer().append(str).append(" ; ").append(format2).toString());
            } else if (!authMethodKnown(authMethod2)) {
                z3 = true;
            }
            if (z3) {
                TokenValueType tokenValueType = loginBinding.getTokenValueType();
                if (tokenValueType == null) {
                    z = false;
                    Tr.error(tc, "security.wssecurity.ConfigValidation.lb.missing.tokvaltype", new Object[]{authMethod2});
                    String format3 = MessageFormat.format(ConfigConstants.getMessage("security.wssecurity.ConfigValidation.lb.missing.tokvaltype"), authMethod2);
                    str = (str == null || str.length() == 0) ? new String(format3) : new String(new StringBuffer().append(str).append(" ; ").append(format3).toString());
                } else {
                    String uri = tokenValueType.getUri();
                    String localName = tokenValueType.getLocalName();
                    if (uri == null || uri.length() == 0) {
                        z = false;
                        Tr.error(tc, "security.wssecurity.ConfigValidation.tvt.missing.uri");
                        String message3 = ConfigConstants.getMessage("security.wssecurity.ConfigValidation.tvt.missing.uri");
                        str = (str == null || str.length() == 0) ? new String(message3) : new String(new StringBuffer().append(str).append(" ; ").append(message3).toString());
                    }
                    if (localName == null || localName.length() == 0) {
                        z = false;
                        Tr.error(tc, "security.wssecurity.ConfigValidation.tvt.missing.localname");
                        String message4 = ConfigConstants.getMessage("security.wssecurity.ConfigValidation.tvt.missing.localname");
                        str = (str == null || str.length() == 0) ? new String(message4) : new String(new StringBuffer().append(str).append(" ; ").append(message4).toString());
                    }
                }
            }
            String callbackHandler = loginBinding.getCallbackHandler();
            if (callbackHandler == null || callbackHandler.length() == 0) {
                z = false;
                Tr.error(tc, "security.wssecurity.ConfigValidation.lb.missing.callbackhandler");
                String message5 = ConfigConstants.getMessage("security.wssecurity.ConfigValidation.lb.missing.callbackhandler");
                str = (str == null || str.length() == 0) ? new String(message5) : new String(new StringBuffer().append(str).append(" ; ").append(message5).toString());
            }
        }
        if (!z) {
            throw new SoapSecurityException(str);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("loginBindingValid() returns ").append(z).toString());
        }
        return z;
    }

    private boolean authMethodValid(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("authMethodValid(").append(str).append(")").toString());
        }
        boolean z = (str == null || str.length() == 0) ? false : true;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("authMethodValid() returns ").append(z).toString());
        }
        return z;
    }

    private boolean authMethodKnown(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("authMethodKnown(").append(str).append(")").toString());
        }
        boolean z = (str == null || str.length() == 0) ? false : SecurityHelper.basicAuth.equals(str) || "IDAssertion".equals(str) || SOAPSignature.ELEM_SIGNATURE.equals(str);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("authMethodKnown() returns ").append(z).toString());
        }
        return z;
    }

    private void addToSet(Document document, String str, Set set) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("addToSet(").append(document).append(", ").append(str).append(", ").append(set).append(")").toString());
        }
        NodeList elementsByTagNameNS = document.getElementsByTagNameNS("http://www.ibm.com/xml/soapsec/config", str);
        int length = elementsByTagNameNS.getLength();
        if (length != 0) {
            for (int i = 0; i < length; i++) {
                try {
                    set.add(com.ibm.xml.soapsec.util.DOMUtil.getAttribute((Element) elementsByTagNameNS.item(i), "algorithm"));
                } catch (SoapSecurityException e) {
                    FFDCFilter.processException(e, new StringBuffer().append(clsName).append(".addToSet").toString(), "1867", this);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, new StringBuffer().append("\"algorithm\" attribute not found in \"").append(str).append("\" element.").toString());
                    }
                }
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Allowed ").append(str).append(" set: ").toString(), new Object[]{set});
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("No allowed ").append(str).append(" elements found.").toString());
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "addToSet()");
        }
    }

    protected void processAllowedAlgorithms(Document document) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("processAllowedAlgorithms(").append(document).append(")").toString());
        }
        if (document == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Allowed Algorithms Document is null, exiting.");
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "processAllowedAlgorithms()");
                return;
            }
            return;
        }
        if (isFipsEnabled()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "isFipsEnabled() is true; getting FIPS algorithms");
            }
            addToSet(document, "fipsEncryptionMethod", this.allowedEncAlgos);
            addToSet(document, "fipsKeyEncryptionMethod", this.allowedKeyEncAlgos);
            addToSet(document, "fipsSignatureMethod", this.allowedSignAlgos);
            addToSet(document, "fipsDigestMethod", this.allowedDigestAlgos);
        } else {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "isFipsEnabled() is false; getting non-FIPS algorithms");
            }
            addToSet(document, "encryptionMethod", this.allowedEncAlgos);
            addToSet(document, "keyEncryptionMethod", this.allowedKeyEncAlgos);
            addToSet(document, "signatureMethod", this.allowedSignAlgos);
            addToSet(document, "digestMethod", this.allowedDigestAlgos);
        }
        addToSet(document, "canonicalizationMethod", this.allowedC14nAlgos);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "processAllowedAlgorithms()");
        }
    }

    protected boolean encryptionMethodValid(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("encryptionMethodValid(").append(str).append(")").toString());
        }
        boolean contains = this.allowedEncAlgos.contains(str);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("encryptionMethodValid() returns ").append(contains).toString());
        }
        return contains;
    }

    protected boolean keyEncryptionMethodValid(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("keyEncryptionMethodValid(").append(str).append(")").toString());
        }
        boolean contains = this.allowedKeyEncAlgos.contains(str);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("keyEncryptionMethodValid() returns ").append(contains).toString());
        }
        return contains;
    }

    protected boolean canonicalizationMethodValid(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("canonicalizationMethodValid(").append(str).append(")").toString());
        }
        boolean contains = this.allowedC14nAlgos.contains(str);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("canonicalizationMethodValid() returns ").append(contains).toString());
        }
        return contains;
    }

    protected boolean signatureMethodValid(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("signatureMethodValid(").append(str).append(")").toString());
        }
        boolean contains = this.allowedSignAlgos.contains(str);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("signatureMethodValid() returns ").append(contains).toString());
        }
        return contains;
    }

    protected boolean digestMethodValid(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("digestMethodValid(").append(str).append(")").toString());
        }
        boolean contains = this.allowedDigestAlgos.contains(str);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("digestMethodValid() returns ").append(contains).toString());
        }
        return contains;
    }

    public static boolean isFipsEnabled() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isFipsEnabled");
        }
        if (isFipsEnabled == null) {
            isFipsEnabled = Security.getProperty("com.ibm.websphere.security.fips.enabled");
            if (isFipsEnabled == null || !isFipsEnabled.equalsIgnoreCase("true")) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Read java.security.Security property; FIPS mode is not enabled");
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Read java.security.Security property; FIPS mode is enabled");
            }
        }
        if (isFipsEnabled != null && isFipsEnabled.equalsIgnoreCase("true")) {
            if (!tc.isEntryEnabled()) {
                return true;
            }
            Tr.exit(tc, "isFipsEnabled -> true");
            return true;
        }
        isFipsEnabled = "false";
        if (!tc.isEntryEnabled()) {
            return false;
        }
        Tr.exit(tc, "isFipsEnabled -> false");
        return false;
    }

    public static boolean isAlgoSupportedByRuntime(String str) {
        boolean z = true;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("isAlgoSupportedByRuntime(String algo[").append(str).append("])").toString());
        }
        if ("http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p".equals(str)) {
            z = isRsaoaepSupported(str);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("isAlgoSupportedByRuntime returns ").append(z).toString());
        }
        return z;
    }

    /* JADX WARN: Removed duplicated region for block: B:34:0x01a2 A[Catch: all -> 0x01b5, TryCatch #0 {, blocks: (B:15:0x0047, B:17:0x005c, B:20:0x0071, B:22:0x0078, B:24:0x007f, B:26:0x0085, B:28:0x00af, B:46:0x00d9, B:48:0x00e2, B:32:0x019c, B:34:0x01a2, B:35:0x01ac, B:36:0x01b1, B:54:0x0118, B:56:0x0140, B:60:0x0165, B:62:0x016e), top: B:14:0x0047, inners: #1, #2 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static boolean isRsaoaepSupported(java.lang.String r5) {
        /*
            Method dump skipped, instructions count: 485
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ws.webservices.wssecurity.util.ConfigValidation.isRsaoaepSupported(java.lang.String):boolean");
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        Class cls2;
        if (class$com$ibm$ws$webservices$wssecurity$util$ConfigValidation == null) {
            cls = class$("com.ibm.ws.webservices.wssecurity.util.ConfigValidation");
            class$com$ibm$ws$webservices$wssecurity$util$ConfigValidation = cls;
        } else {
            cls = class$com$ibm$ws$webservices$wssecurity$util$ConfigValidation;
        }
        clsName = cls.getName();
        if (class$com$ibm$ws$webservices$wssecurity$util$ConfigValidation == null) {
            cls2 = class$("com.ibm.ws.webservices.wssecurity.util.ConfigValidation");
            class$com$ibm$ws$webservices$wssecurity$util$ConfigValidation = cls2;
        } else {
            cls2 = class$com$ibm$ws$webservices$wssecurity$util$ConfigValidation;
        }
        tc = Tr.register(cls2, ConfigConstants.TR_GROUP, ConfigConstants.TR_NLSPROPS);
    }
}
