package com.ibm.pvcws.wss.internal.token;

import com.ibm.pvcws.jaxrpc.msg.Elem;
import com.ibm.pvcws.wss.internal.KeyLocator;
import com.ibm.pvcws.wss.internal.ObjectPool;
import com.ibm.pvcws.wss.internal.Token;
import com.ibm.pvcws.wss.internal.TokenConsumerComponent;
import com.ibm.pvcws.wss.internal.WSSConstants;
import com.ibm.pvcws.wss.internal.WSSException;
import com.ibm.pvcws.wss.internal.auth.token.X509BSToken;
import com.ibm.pvcws.wss.internal.config.TokenConsumerConfig;
import com.ibm.pvcws.wss.internal.context.Context;
import com.ibm.pvcws.wss.internal.context.KeyLocatorContext;
import com.ibm.pvcws.wss.internal.context.TokenContext;
import com.ibm.pvcws.wss.internal.resource.WSSMessages;
import com.ibm.pvcws.wss.internal.util.Copyright;
import com.ibm.pvcws.wss.internal.util.KeyStoreSupport;
import com.ibm.pvcws.wss.internal.util.Logger;
import com.ibm.pvcws.wss.internal.util.WSSFactory;
import com.ibm.pvcws.wss.internal.util.WSSUtils;
import com.ibm.pvcws.wss.internal.util.X509Data;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.TimeZone;
import javax.xml.namespace.QName;

/* loaded from: input_file:rcp/eclipse/plugins/com.ibm.pvcws.wss_6.0.0.20050921/WS-Security.jar:com/ibm/pvcws/wss/internal/token/X509TokenConsumer.class */
public class X509TokenConsumer implements TokenConsumerComponent {
    private static final String clsName;
    public static final String ALIAS;
    static /* synthetic */ Class class$0;
    static /* synthetic */ Class class$1;
    static /* synthetic */ Class class$2;

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r1v2, types: [java.lang.Throwable] */
    static {
        Class<?> cls = class$0;
        if (cls == null) {
            try {
                cls = Class.forName("com.ibm.pvcws.wss.internal.token.X509TokenConsumer");
                class$0 = cls;
            } catch (ClassNotFoundException unused) {
                throw new NoClassDefFoundError(cls.getMessage());
            }
        }
        clsName = cls.getName();
        ALIAS = clsName;
    }

    static String copyright() {
        return Copyright.IBM_COPYRIGHT_SHORT;
    }

    @Override // com.ibm.pvcws.wss.internal.WSSConsumerComponent
    public String getAlias() {
        return ALIAS;
    }

    @Override // com.ibm.pvcws.wss.internal.WSSConsumerComponent
    public void invoke(Elem elem, Context context) throws WSSException {
        if (Logger.isEntryLogged()) {
            StringBuffer stringBuffer = new StringBuffer("> invoke(");
            stringBuffer.append("Elem target[").append(elem == null ? null : elem.qName).append("],");
            stringBuffer.append("Context context)");
            Logger.log((byte) 3, clsName, stringBuffer.toString());
        }
        TokenContext tokenContext = (TokenContext) context;
        WSSFactory factory = tokenContext.getFactory();
        WSSConstants constants = factory.getConstants();
        TokenConsumerConfig tokenConsumerConfig = (TokenConsumerConfig) tokenContext.getConfiguration();
        if (Logger.isDebugLogged()) {
            Logger.log((byte) 4, clsName, new StringBuffer("The configuraion: ").append(tokenConsumerConfig).toString());
        }
        QName type = tokenConsumerConfig.getType();
        if (!constants.VALUE_X509V3.equals(type)) {
            throw new WSSException(constants.ERROR_INVALID_SECURITY_TOKEN, WSSMessages.getString("459", new Object[]{type, new StringBuffer(String.valueOf(clsName)).append(".invoke").toString()}));
        }
        if (elem == null) {
            invoke(tokenConsumerConfig, factory, constants, tokenContext);
        } else {
            invoke(elem, tokenConsumerConfig, constants, tokenContext);
        }
        if (Logger.isEntryLogged()) {
            Logger.log((byte) 3, clsName, "< invoke(Elem, Context)");
        }
    }

    private static void invoke(TokenConsumerConfig tokenConsumerConfig, WSSFactory wSSFactory, WSSConstants wSSConstants, TokenContext tokenContext) throws WSSException {
        if (Logger.isEntryLogged()) {
            StringBuffer stringBuffer = new StringBuffer("> invoke(TokenConsumerConfig config, ");
            stringBuffer.append("WSSFactory factory, WSSConstants consts, TokenContext context)");
            Logger.log((byte) 3, clsName, stringBuffer.toString());
        }
        String tokenId = tokenContext.getTokenId();
        ObjectPool objectPool = tokenContext.getObjectPool();
        switch (tokenContext.getKeyInfoType()) {
            case 0:
            case 1:
                X509BSToken x509BSToken = new X509BSToken(tokenId, null, wSSConstants.VALUE_X509V3);
                x509BSToken.setUsedTokenConsumer(tokenConsumerConfig);
                objectPool.add(x509BSToken);
                KeyLocator keyLocator = tokenContext.getKeyLocator();
                KeyLocatorContext keyLocatorContext = tokenContext.getKeyLocatorContext();
                if (keyLocator != null) {
                    keyLocator.getKey(keyLocatorContext);
                    X509Certificate certificate = keyLocatorContext.getCertificate();
                    validateCert(certificate, tokenConsumerConfig, wSSConstants);
                    x509BSToken.setCert(certificate);
                    break;
                } else {
                    throw new WSSException(wSSConstants.ERROR_INVALID_SECURITY_TOKEN, WSSMessages.getString("165", new StringBuffer(String.valueOf(clsName)).append(".invoke()").toString()));
                }
            case 2:
                Token token = objectPool.getToken(tokenConsumerConfig, tokenId);
                if (!(token instanceof X509BSToken)) {
                    Object[] objArr = new Object[2];
                    objArr[0] = token.getClass().getName();
                    Class<?> cls = class$1;
                    if (cls == null) {
                        try {
                            cls = Class.forName("com.ibm.pvcws.wss.internal.auth.token.X509BSToken");
                            class$1 = cls;
                        } catch (ClassNotFoundException unused) {
                            throw new NoClassDefFoundError("047".getMessage());
                        }
                    }
                    objArr[1] = cls.getName();
                    throw new WSSException(wSSConstants.ERROR_INVALID_SECURITY_TOKEN, WSSMessages.getString("047", objArr));
                }
                break;
        }
        if (Logger.isEntryLogged()) {
            StringBuffer stringBuffer2 = new StringBuffer("< invoke(TokenConsumerConfig, ");
            stringBuffer2.append("WSSFactory, WSSConstants, TokenContext)");
            Logger.log((byte) 3, clsName, stringBuffer2.toString());
        }
    }

    private static void invoke(Elem elem, TokenConsumerConfig tokenConsumerConfig, WSSConstants wSSConstants, TokenContext tokenContext) throws WSSException {
        if (Logger.isEntryLogged()) {
            StringBuffer stringBuffer = new StringBuffer("> invoke(");
            stringBuffer.append("Elem target[").append(elem == null ? null : elem.qName).append("],");
            stringBuffer.append("TokenConsumerConfig config, WSSConstants consts, TokenContext context)");
            Logger.log((byte) 3, clsName, stringBuffer.toString());
        }
        String id = WSSUtils.getId(elem, wSSConstants, true);
        ObjectPool objectPool = tokenContext.getObjectPool();
        X509BSToken x509BSToken = new X509BSToken(id, null, tokenConsumerConfig.getType());
        x509BSToken.setElement(elem);
        x509BSToken.setUsedTokenConsumer(tokenConsumerConfig);
        objectPool.add(x509BSToken);
        if (id == null) {
            throw new WSSException(wSSConstants.ERROR_INVALID_SECURITY_TOKEN, WSSMessages.getString("400", new Object[]{elem == null ? null : elem.qName, new StringBuffer(String.valueOf(clsName)).append(".invoke()").toString()}));
        }
        QName valueType = WSSUtils.getValueType(elem, true, wSSConstants);
        if (!wSSConstants.VALUE_X509V3.equals(valueType)) {
            throw new WSSException(wSSConstants.ERROR_INVALID_SECURITY_TOKEN, WSSMessages.getString("459", new Object[]{valueType, new StringBuffer(String.valueOf(clsName)).append(".invoke()").toString()}));
        }
        QName encodingType = WSSUtils.getEncodingType(elem, true, wSSConstants);
        if (!wSSConstants.VALUE_BASE64BINARY.equals(encodingType)) {
            throw new WSSException(wSSConstants.ERROR_INVALID_SECURITY_TOKEN, WSSMessages.getString("407", new Object[]{encodingType, new StringBuffer(String.valueOf(clsName)).append(".invoke()").toString()}));
        }
        Certificate generateCertificate = KeyStoreSupport.generateCertificate(WSSUtils.decode_base64(WSSUtils.eraseSpaces(WSSUtils.getTextValue(elem))), wSSConstants);
        if (generateCertificate == null) {
            throw new WSSException(wSSConstants.ERROR_INVALID_SECURITY_TOKEN, WSSMessages.getString("408"));
        }
        if (generateCertificate instanceof X509Certificate) {
            X509Certificate x509Certificate = (X509Certificate) generateCertificate;
            validateCert(x509Certificate, tokenConsumerConfig, wSSConstants);
            x509BSToken.setCert(x509Certificate);
            if (Logger.isEntryLogged()) {
                StringBuffer stringBuffer2 = new StringBuffer("< invoke(Elem, TokenConsumerConfig, ");
                stringBuffer2.append("WSSConstants, TokenContext)");
                Logger.log((byte) 3, clsName, stringBuffer2.toString());
                return;
            }
            return;
        }
        Object[] objArr = new Object[2];
        objArr[0] = generateCertificate.getClass().getName();
        Class<?> cls = class$2;
        if (cls == null) {
            try {
                cls = Class.forName("java.security.cert.X509Certificate");
                class$2 = cls;
            } catch (ClassNotFoundException unused) {
                throw new NoClassDefFoundError("047".getMessage());
            }
        }
        objArr[1] = cls.getName();
        throw new WSSException(wSSConstants.ERROR_INVALID_SECURITY_TOKEN, WSSMessages.getString("047", objArr));
    }

    private static void validateCert(X509Certificate x509Certificate, TokenConsumerConfig tokenConsumerConfig, WSSConstants wSSConstants) throws WSSException {
        X509Certificate x509Certificate2;
        if (Logger.isEntryLogged()) {
            StringBuffer stringBuffer = new StringBuffer("> validateCert(");
            stringBuffer.append("X509Certificate cert[").append(x509Certificate.getSubjectDN().getName()).append("], ");
            stringBuffer.append("TokenConsumerConfig config, WSSConstants consts)");
            Logger.log((byte) 3, clsName, stringBuffer.toString());
        }
        long time = Calendar.getInstance(TimeZone.getTimeZone("UTC")).getTime().getTime();
        if (time > x509Certificate.getNotAfter().getTime()) {
            throw new WSSException(wSSConstants.ERROR_INVALID_SECURITY_TOKEN, WSSMessages.getString("401", new Object[]{x509Certificate.getSubjectDN().getName(), x509Certificate}));
        }
        boolean z = false;
        if (tokenConsumerConfig.isTrustAnyCertificate()) {
            z = true;
        }
        if (!z) {
            String name = x509Certificate.getIssuerDN().getName();
            String name2 = x509Certificate.getSubjectDN().getName();
            if (name == null) {
                throw new WSSException(wSSConstants.ERROR_INVALID_SECURITY_TOKEN, WSSMessages.getString("402", x509Certificate));
            }
            if (name2 == null) {
                throw new WSSException(wSSConstants.ERROR_INVALID_SECURITY_TOKEN, WSSMessages.getString("403", x509Certificate));
            }
            if (name.equals(name2)) {
                x509Certificate2 = x509Certificate;
            } else {
                Certificate certificate = tokenConsumerConfig.getTrustAnchor().getKeyInfoBySubjectDN(X509Data.encodeDName(name.toString())).getCertificate();
                if (certificate == null) {
                    throw new WSSException(wSSConstants.ERROR_INVALID_SECURITY_TOKEN, WSSMessages.getString("404", name));
                }
                if (!(certificate instanceof X509Certificate)) {
                    Object[] objArr = new Object[2];
                    objArr[0] = certificate.getClass().getName();
                    Class<?> cls = class$2;
                    if (cls == null) {
                        try {
                            cls = Class.forName("java.security.cert.X509Certificate");
                            class$2 = cls;
                        } catch (ClassNotFoundException unused) {
                            throw new NoClassDefFoundError("047".getMessage());
                        }
                    }
                    objArr[1] = cls.getName();
                    throw new WSSException(wSSConstants.ERROR_INVALID_SECURITY_TOKEN, WSSMessages.getString("047", objArr));
                }
                x509Certificate2 = (X509Certificate) certificate;
                if (time > x509Certificate2.getNotAfter().getTime()) {
                    throw new WSSException(wSSConstants.ERROR_INVALID_SECURITY_TOKEN, WSSMessages.getString("405", new Object[]{x509Certificate2.getSubjectDN().getName(), x509Certificate}));
                }
            }
            try {
                x509Certificate.verify(x509Certificate2.getPublicKey());
            } catch (Exception e) {
                throw new WSSException(wSSConstants.ERROR_INVALID_SECURITY_TOKEN, WSSMessages.getString("406", new Object[]{name2, x509Certificate2.getSubjectDN().getName()}), e);
            }
        }
        if (Logger.isEntryLogged()) {
            StringBuffer stringBuffer2 = new StringBuffer("< validateCert(X509Certificate, ");
            stringBuffer2.append("TokenConsumerConfig, WSSConstants)");
            Logger.log((byte) 3, clsName, stringBuffer2.toString());
        }
    }
}
