package com.ibm.pvcws.wss.internal.token;

import com.ibm.mqe.trace.MQeTracePoint;
import com.ibm.pvc.samples.orderentry.common.OESystemConstants;
import com.ibm.pvc.txncontainer.internal.util.ejs.Cg;
import com.ibm.pvcws.jaxp.namespace.NSDecl;
import com.ibm.pvcws.jaxp.namespace.NamespaceResolver;
import com.ibm.pvcws.jaxp.util.Attribute;
import com.ibm.pvcws.jaxrpc.msg.Elem;
import com.ibm.pvcws.jaxrpc.msg.MessageContext;
import com.ibm.pvcws.jaxrpc.msg.Text;
import com.ibm.pvcws.wss.internal.ObjectPool;
import com.ibm.pvcws.wss.internal.Token;
import com.ibm.pvcws.wss.internal.TokenGeneratorComponent;
import com.ibm.pvcws.wss.internal.WSSConstants;
import com.ibm.pvcws.wss.internal.WSSException;
import com.ibm.pvcws.wss.internal.auth.callback.ContextCallback;
import com.ibm.pvcws.wss.internal.auth.callback.X509BSCallback;
import com.ibm.pvcws.wss.internal.auth.token.TokenId;
import com.ibm.pvcws.wss.internal.auth.token.X509BSToken;
import com.ibm.pvcws.wss.internal.config.CallbackHandlerConfig;
import com.ibm.pvcws.wss.internal.config.TokenGeneratorConfig;
import com.ibm.pvcws.wss.internal.context.CallbackContext;
import com.ibm.pvcws.wss.internal.context.Context;
import com.ibm.pvcws.wss.internal.context.TokenContext;
import com.ibm.pvcws.wss.internal.resource.WSSMessages;
import com.ibm.pvcws.wss.internal.util.Copyright;
import com.ibm.pvcws.wss.internal.util.KeyStoreSupport;
import com.ibm.pvcws.wss.internal.util.Logger;
import com.ibm.pvcws.wss.internal.util.WSSFactory;
import com.ibm.pvcws.wss.internal.util.WSSUtils;
import com.ibm.pvcws.wss.internal.util.X509Data;
import java.io.IOException;
import java.security.cert.X509Certificate;
import java.util.Hashtable;
import java.util.Vector;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.xml.namespace.QName;

/* loaded from: input_file:rcp/eclipse/plugins/com.ibm.pvcws.wss_6.0.0.20050921/WS-Security.jar:com/ibm/pvcws/wss/internal/token/X509TokenGenerator.class */
public class X509TokenGenerator implements TokenGeneratorComponent {
    private static final String clsName;
    public static final String ALIAS;
    private static final int STATUS_OK = 0;
    private static final int STATUS_CERT_ERROR = 1;
    private static final int STATUS_KEYID_ERROR = 2;
    private final Hashtable _cert2info = new Hashtable();
    static /* synthetic */ Class class$0;
    static /* synthetic */ Class class$1;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:rcp/eclipse/plugins/com.ibm.pvcws.wss_6.0.0.20050921/WS-Security.jar:com/ibm/pvcws/wss/internal/token/X509TokenGenerator$CertInformation.class */
    public static class CertInformation {
        private String _kspath;
        private String _alias;
        private String _binary;
        private String _subjectDN;
        private String _encSubjectDN;
        private String _b64KeyId;
        private int _status;
        private long _expiration;
        private QName _faultCode;
        private String _errorMes;

        CertInformation(String str, String str2, String str3, String str4, String str5, String str6, long j, int i, QName qName, String str7) {
            this._kspath = str;
            this._alias = str2;
            this._binary = str3;
            this._subjectDN = str4;
            this._encSubjectDN = str5;
            this._b64KeyId = str6;
            this._expiration = j;
            this._status = i;
            this._faultCode = qName;
            this._errorMes = str7;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public String getBinary() throws WSSException {
            if ((this._status & 1) == 1) {
                throw new WSSException(this._errorMes);
            }
            checkExpiration();
            return this._binary;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public String getSubjectName() throws WSSException {
            if ((this._status & 1) == 1) {
                throw new WSSException(this._errorMes);
            }
            checkExpiration();
            return this._encSubjectDN;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public String getB64KeyId() throws WSSException {
            if ((this._status & 1) == 1 || (this._status & 2) == 2) {
                throw new WSSException(this._errorMes);
            }
            checkExpiration();
            return this._b64KeyId;
        }

        private void checkExpiration() throws WSSException {
            if (this._expiration >= 0) {
                long currentTimeMillis = this._expiration - System.currentTimeMillis();
                if (currentTimeMillis < 0) {
                    this._status++;
                    this._errorMes = WSSMessages.getString("101", new Object[]{this._subjectDN, this._alias, this._kspath, new StringBuffer("expiration time - current system time = ").append(currentTimeMillis).append(" ms").toString()});
                    throw new WSSException(this._faultCode, this._errorMes);
                }
            }
        }

        public String toString() {
            StringBuffer append = new StringBuffer(getClass().getName()).append(Cg.LP);
            append.append("keystorePath=[").append(this._kspath).append("], ");
            append.append("alias=[").append(this._alias).append("], ");
            append.append("status=[").append(this._status).append("], ");
            append.append(Cg.RP);
            return append.toString();
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r1v2, types: [java.lang.Throwable] */
    static {
        Class<?> cls = class$0;
        if (cls == null) {
            try {
                cls = Class.forName("com.ibm.pvcws.wss.internal.token.X509TokenGenerator");
                class$0 = cls;
            } catch (ClassNotFoundException unused) {
                throw new NoClassDefFoundError(cls.getMessage());
            }
        }
        clsName = cls.getName();
        ALIAS = clsName;
    }

    static String copyright() {
        return Copyright.IBM_COPYRIGHT_SHORT;
    }

    @Override // com.ibm.pvcws.wss.internal.WSSGeneratorComponent
    public String getAlias() {
        return ALIAS;
    }

    @Override // com.ibm.pvcws.wss.internal.WSSGeneratorComponent
    public void invoke(Elem elem, Context context) throws WSSException {
        Object property;
        if (Logger.isEntryLogged()) {
            StringBuffer stringBuffer = new StringBuffer("> invoke(");
            stringBuffer.append("Elem parent[").append(elem == null ? null : elem.qName).append("], ");
            stringBuffer.append("Context context)");
            Logger.log((byte) 3, clsName, stringBuffer.toString());
        }
        if (elem == null) {
            throw new WSSException(WSSMessages.getString("530", new StringBuffer(String.valueOf(clsName)).append(".invoke()").toString()));
        }
        TokenContext tokenContext = (TokenContext) context;
        MessageContext messageContext = tokenContext.getMessageContext();
        WSSConstants constants = tokenContext.getFactory().getConstants();
        ObjectPool objectPool = tokenContext.getObjectPool();
        TokenGeneratorConfig tokenGeneratorConfig = (TokenGeneratorConfig) tokenContext.getConfiguration();
        CallbackHandlerConfig callbackHandler = tokenGeneratorConfig.getCallbackHandler();
        if (Logger.isDebugLogged()) {
            Logger.log((byte) 4, clsName, new StringBuffer("The configuraion: ").append(tokenGeneratorConfig).toString());
        }
        QName type = tokenGeneratorConfig.getType();
        if (!constants.VALUE_X509V3.equals(type)) {
            throw new WSSException(constants.ERROR_INVALID_SECURITY, WSSMessages.getString("459", new Object[]{type, new StringBuffer(String.valueOf(clsName)).append(".invoke").toString()}));
        }
        boolean isStandAlone = tokenGeneratorConfig.isStandAlone();
        int keyInfoType = tokenContext.getKeyInfoType();
        boolean z = keyInfoType == 2;
        boolean z2 = keyInfoType == 0;
        boolean z3 = keyInfoType == 1;
        if (Logger.isDebugLogged()) {
            StringBuffer stringBuffer2 = new StringBuffer("Is the token stand-alone?: ");
            stringBuffer2.append(isStandAlone).append(OESystemConstants.DEFAULT_FILEDIR);
            Logger.log((byte) 4, clsName, stringBuffer2.toString());
            StringBuffer stringBuffer3 = new StringBuffer("The type of KeyInfo: ");
            stringBuffer3.append(keyInfoType).append(OESystemConstants.DEFAULT_FILEDIR);
            Logger.log((byte) 4, clsName, stringBuffer3.toString());
        }
        X509Certificate x509Certificate = null;
        String str = null;
        String str2 = null;
        if (callbackHandler != null) {
            String className = callbackHandler.getClassName();
            CallbackHandler callbackHandlerConfig = callbackHandler.getInstance();
            if (callbackHandlerConfig == null) {
                if (Logger.isDebugLogged()) {
                    StringBuffer stringBuffer4 = new StringBuffer("Instantiating the callback handler [");
                    stringBuffer4.append(className).append("]...");
                    Logger.log((byte) 4, clsName, stringBuffer4.toString());
                }
                Object createInstance = WSSFactory.createInstance(className);
                if (!(createInstance instanceof CallbackHandler)) {
                    Object[] objArr = new Object[2];
                    objArr[0] = createInstance.getClass().getName();
                    Class<?> cls = class$1;
                    if (cls == null) {
                        try {
                            cls = Class.forName("javax.security.auth.callback.CallbackHandler");
                            class$1 = cls;
                        } catch (ClassNotFoundException unused) {
                            throw new NoClassDefFoundError("047".getMessage());
                        }
                    }
                    objArr[1] = cls.getName();
                    throw new WSSException(constants.ERROR_INVALID_SECURITY, WSSMessages.getString("047", objArr));
                }
                callbackHandlerConfig = (CallbackHandler) createInstance;
                if (Logger.isDebugLogged()) {
                    StringBuffer stringBuffer5 = new StringBuffer("Succeeded to instantiate the callback handler [");
                    stringBuffer5.append(className).append("].");
                    Logger.log((byte) 4, clsName, stringBuffer5.toString());
                }
                callbackHandler.setInstance(callbackHandlerConfig);
            }
            Callback[] callbackArr = {new X509BSCallback(), new ContextCallback(new CallbackContext(tokenContext, callbackHandler, tokenContext.getKeyNameRef()))};
            if (Logger.isDebugLogged()) {
                StringBuffer stringBuffer6 = new StringBuffer("Invoking the callback handler [");
                stringBuffer6.append(className).append("]...");
                Logger.log((byte) 4, clsName, stringBuffer6.toString());
            }
            try {
                callbackHandlerConfig.handle(callbackArr);
                X509BSCallback x509BSCallback = (X509BSCallback) callbackArr[0];
                x509Certificate = x509BSCallback.getCert();
                byte[] binary = x509BSCallback.getBinary();
                r24 = binary != null ? WSSUtils.encode_base64(binary) : null;
                str = x509BSCallback.getKeyStorePath();
                str2 = x509BSCallback.getAlias();
                if (Logger.isDebugLogged()) {
                    StringBuffer stringBuffer7 = new StringBuffer("Succeeded to invoke the callback handler [");
                    stringBuffer7.append(className).append("].");
                    Logger.log((byte) 4, clsName, stringBuffer7.toString());
                }
            } catch (IOException e) {
                throw new WSSException(constants.ERROR_INVALID_SECURITY, WSSMessages.getString("415", className), e);
            } catch (UnsupportedCallbackException e2) {
                throw new WSSException(constants.ERROR_INVALID_SECURITY, WSSMessages.getString("415", className), e2);
            }
        }
        CertInformation info = getInfo(this._cert2info, str, str2, x509Certificate, r24, constants);
        if (info == null) {
            Logger.log((byte) 1, clsName, WSSMessages.getString("416", x509Certificate == null ? null : x509Certificate.getSubjectDN().getName()));
        } else if (r24 == null) {
            r24 = info.getBinary();
        }
        if (x509Certificate == null || r24 == null) {
            throw new WSSException(constants.ERROR_INVALID_SECURITY, WSSMessages.getString("410", new StringBuffer(String.valueOf(clsName)).append(".invoke()").toString()));
        }
        X509BSToken checkToken = checkToken(tokenGeneratorConfig, x509Certificate, keyInfoType, constants, objectPool);
        boolean z4 = false;
        boolean z5 = false;
        String str3 = null;
        String str4 = null;
        if (isStandAlone || z) {
            r31 = checkToken == null;
            if (messageContext != null && (property = messageContext.getProperty(WSSConstants.WSS_TOKEN_PROPERGATION)) != null && (property instanceof Vector)) {
                Vector vector = (Vector) property;
                int size = vector.size();
                for (int i = 0; i < size; i++) {
                    Object elementAt = vector.elementAt(i);
                    if (elementAt instanceof TokenId) {
                        TokenId tokenId = (TokenId) elementAt;
                        if (tokenGeneratorConfig.getType().equals(tokenId.getType())) {
                            if (str4 == null) {
                                str4 = tokenId.getId();
                            } else {
                                Logger.log((byte) 1, clsName, WSSMessages.getString("463", new Object[]{tokenId.getId(), str4}));
                            }
                        }
                    }
                }
            }
            if (str4 == null) {
                str4 = WSSUtils.makeUniqueId("x509bst_");
            }
            z4 = true;
            z5 = true;
            if (z) {
                str3 = str4;
                tokenContext.setTokenRef(str4);
                tokenContext.setValueInMessage(new StringBuffer(MQeTracePoint.SUBSTITUTION_MARKER).append(str4).toString());
            } else if (isStandAlone) {
                str3 = str4;
            }
        } else if (z2) {
            if (info != null) {
                str4 = info.getB64KeyId();
                tokenContext.setTokenRef(str4);
                tokenContext.setValueInMessage(str4);
                if (checkToken != null && str4.equals(checkToken.getId())) {
                    r31 = false;
                }
            }
        } else if (z3 && info != null) {
            str4 = info.getSubjectName();
            tokenContext.setTokenRef(str4);
            tokenContext.setValueInMessage(str4);
            if (checkToken != null && str4.equals(checkToken.getId())) {
                r31 = false;
            }
        }
        Elem createToken = (z5 || r31) ? createToken(z4 ? elem : null, tokenGeneratorConfig.getType(), r24, str3, constants) : null;
        if (z5) {
            elem.insertChildAt(createToken, 0);
        }
        if (r31) {
            setTokenToPool(tokenGeneratorConfig, x509Certificate, str4, keyInfoType, createToken, objectPool);
        }
        if (Logger.isEntryLogged()) {
            Logger.log((byte) 3, clsName, "< invoke(Elem, Context)");
        }
    }

    private static X509BSToken checkToken(TokenGeneratorConfig tokenGeneratorConfig, X509Certificate x509Certificate, int i, WSSConstants wSSConstants, ObjectPool objectPool) throws WSSException {
        if (Logger.isEntryLogged()) {
            StringBuffer stringBuffer = new StringBuffer("> checkToken(");
            stringBuffer.append("TokenGeneratorConfig config, ");
            stringBuffer.append("X509Certificate cert[").append(x509Certificate == null ? null : x509Certificate.getSubjectDN().getName()).append("], ");
            stringBuffer.append("int kitype[").append(i).append("], ");
            stringBuffer.append("WSSConstants consts, ObjectPool pool)");
            Logger.log((byte) 3, clsName, stringBuffer.toString());
        }
        X509BSToken x509BSToken = null;
        Token[] tokens = objectPool.getTokens();
        int length = tokens.length;
        if (length > 0) {
            for (int i2 = 0; i2 < length; i2++) {
                if (tokens[i2] instanceof X509BSToken) {
                    X509BSToken x509BSToken2 = (X509BSToken) tokens[i2];
                    if (x509BSToken2.getUsedTokenGenerator().equals(tokenGeneratorConfig) && x509BSToken2.getKeyInfoType() == i && x509BSToken2.getCert(wSSConstants).equals(x509Certificate)) {
                        x509BSToken = x509BSToken2;
                    }
                }
            }
        }
        if (Logger.isEntryLogged()) {
            StringBuffer stringBuffer2 = new StringBuffer("< checkToken(TokenGeneratorConfig, ");
            stringBuffer2.append("X509Certificate, int, WSSConstants, ObjectPool) ");
            stringBuffer2.append("returns Token[").append(x509BSToken).append("]");
            Logger.log((byte) 3, clsName, stringBuffer2.toString());
        }
        return x509BSToken;
    }

    private static Elem createToken(Elem elem, QName qName, String str, String str2, WSSConstants wSSConstants) throws WSSException {
        if (Logger.isEntryLogged()) {
            StringBuffer stringBuffer = new StringBuffer("> createToken(");
            stringBuffer.append("Elem parent[").append(elem == null ? null : elem.qName).append("], ");
            stringBuffer.append("QName vtype[").append(qName).append("], ");
            stringBuffer.append("String binary[").append(str).append("], ");
            stringBuffer.append("String insertId[").append(str2).append("], ");
            stringBuffer.append("WSSConstants consts)");
            Logger.log((byte) 3, clsName, stringBuffer.toString());
        }
        Vector vector = null;
        boolean z = str2 != null;
        String str3 = wSSConstants.URI_WSUTILITY;
        String str4 = null;
        String str5 = wSSConstants.URI_WSSECURITY;
        String str6 = null;
        if (z) {
            if (elem != null) {
                str4 = NamespaceResolver.getPrefix(str3, elem);
            }
            if (str4 == null) {
                str4 = WSSUtils.getNewPrefix(elem, WSSConstants.PREFIX_WSUTILITY, str3);
                if (0 == 0) {
                    vector = new Vector();
                }
                vector.addElement(new NSDecl(str4, str3));
            }
        }
        if (elem != null) {
            str6 = NamespaceResolver.getPrefix(str5, elem);
        }
        if (str6 == null) {
            str6 = WSSUtils.getNewPrefix(elem, WSSConstants.PREFIX_WSSECURITY, str5);
            if (vector == null) {
                vector = new Vector();
            }
            vector.addElement(new NSDecl(str6, str5));
        }
        Elem elem2 = new Elem(new QName(str5, wSSConstants.QNAME_BST.getLocalPart(), str6), elem, vector);
        elem.addChild(elem2);
        String xMLString = NamespaceResolver.toXMLString(wSSConstants.VALUE_BASE64BINARY, elem2);
        if (xMLString == null) {
            throw new WSSException(wSSConstants.ERROR_INVALID_SECURITY, WSSMessages.getString("417", new Object[]{wSSConstants.VALUE_BASE64BINARY, elem2}));
        }
        elem2.addAttribute(new Attribute(WSSConstants.ATTR_ENCODING_TYPE, xMLString));
        String xMLString2 = NamespaceResolver.toXMLString(qName, elem2);
        if (xMLString2 == null) {
            throw new WSSException(wSSConstants.ERROR_INVALID_SECURITY, WSSMessages.getString("417", new Object[]{qName, elem2}));
        }
        elem2.addAttribute(new Attribute(WSSConstants.ATTR_VALUE_TYPE, xMLString2));
        if (z) {
            elem2.addAttribute(new Attribute(new QName(str3, wSSConstants.ATTR_WSUID.getLocalPart(), str4), str2));
        }
        elem.delChild(elem2);
        elem2.addChild(new Text(str, elem2), true);
        if (Logger.isEntryLogged()) {
            StringBuffer stringBuffer2 = new StringBuffer("< createToken(Elem, QName, ");
            stringBuffer2.append("String, String, WSSConstants) returns Elem[");
            stringBuffer2.append(elem2.qName).append("]");
            Logger.log((byte) 3, clsName, stringBuffer2.toString());
        }
        return elem2;
    }

    private static void setTokenToPool(TokenGeneratorConfig tokenGeneratorConfig, X509Certificate x509Certificate, String str, int i, Elem elem, ObjectPool objectPool) {
        if (Logger.isEntryLogged()) {
            StringBuffer stringBuffer = new StringBuffer("> setTokenToPool(");
            stringBuffer.append("TokenGeneratorConfig config, ");
            stringBuffer.append("X509Certificate cert[").append(x509Certificate == null ? null : x509Certificate.getSubjectDN().getName()).append("], ");
            stringBuffer.append("String tid[").append(str).append("], ");
            stringBuffer.append("int kitype[").append(i).append("], ");
            stringBuffer.append("Elem elem[").append(elem == null ? null : elem.qName).append("], ");
            stringBuffer.append("ObjectPool pool)");
            Logger.log((byte) 3, clsName, stringBuffer.toString());
        }
        X509BSToken x509BSToken = new X509BSToken(str, x509Certificate, tokenGeneratorConfig.getType());
        x509BSToken.setElement(elem);
        x509BSToken.setReferenced(!tokenGeneratorConfig.isStandAlone());
        x509BSToken.setUsedTokenGenerator(tokenGeneratorConfig);
        x509BSToken.setKeyInfoType(i);
        objectPool.add(x509BSToken);
        if (Logger.isEntryLogged()) {
            StringBuffer stringBuffer2 = new StringBuffer("< setTokenToPool(TokenGeneratorConfig, ");
            stringBuffer2.append("X509Certificate, String, int, Elem, ObjectPool)");
            Logger.log((byte) 3, clsName, stringBuffer2.toString());
        }
    }

    private static CertInformation getInfo(Hashtable hashtable, String str, String str2, X509Certificate x509Certificate, String str3, WSSConstants wSSConstants) throws WSSException {
        if (Logger.isEntryLogged()) {
            StringBuffer stringBuffer = new StringBuffer("> getInfo(");
            stringBuffer.append("Hashtable cert2info, ");
            stringBuffer.append("String kspath[").append(str).append("], ");
            stringBuffer.append("String alias[").append(str2).append("], ");
            stringBuffer.append("X509Certificate cert[").append(x509Certificate == null ? null : x509Certificate.getSubjectDN().getName()).append("], ");
            stringBuffer.append("String binary[").append(str3).append("], ");
            stringBuffer.append("WSSConstants consts)");
            Logger.log((byte) 3, clsName, stringBuffer.toString());
        }
        CertInformation certInformation = (CertInformation) hashtable.get(x509Certificate);
        if (certInformation != null) {
            if (Logger.isDebugLogged()) {
                Logger.log((byte) 4, clsName, "The cached information corresponding the specified certficate is found.");
            }
        } else if (x509Certificate != null) {
            int i = 0;
            String str4 = null;
            String name = x509Certificate.getSubjectDN().getName();
            String encodeDName = X509Data.encodeDName(name);
            if (str3 == null) {
                try {
                    str3 = WSSUtils.encode_base64(x509Certificate.getEncoded());
                } catch (Exception unused) {
                    str4 = WSSMessages.getString("670", new StringBuffer(String.valueOf(clsName)).append(".getInfo()").toString());
                }
            }
            long time = x509Certificate.getNotAfter().getTime();
            long currentTimeMillis = time - System.currentTimeMillis();
            if (currentTimeMillis < 0) {
                i = 0 + 1;
                str4 = WSSMessages.getString("101", new Object[]{name, str2, str, new StringBuffer("expiration time - current system time = ").append(currentTimeMillis).append(" ms").toString()});
            }
            if (i == 0) {
                byte[] bArr = (byte[]) null;
                try {
                    bArr = KeyStoreSupport.getKeyId(x509Certificate.getPublicKey().getEncoded(), wSSConstants);
                } catch (Exception e) {
                    i = 2;
                    str4 = e.getMessage();
                }
                certInformation = new CertInformation(str, str2, str3, name, encodeDName, WSSUtils.encode_base64(bArr), time, i, wSSConstants.ERROR_INVALID_SECURITY, str4);
                hashtable.put(x509Certificate, certInformation);
            }
        }
        if (Logger.isEntryLogged()) {
            StringBuffer stringBuffer2 = new StringBuffer("< getInfo(Hashtable, String, String, ");
            stringBuffer2.append("X509Certificate, String, WSSConstants) returns[CertInformation[");
            stringBuffer2.append(certInformation).append("]");
            Logger.log((byte) 3, clsName, stringBuffer2.toString());
        }
        return certInformation;
    }
}
