package com.ibm.ws.wssecurity.handler;

import com.ibm.websphere.wssecurity.admin.PolicyAttributesConstants;
import com.ibm.ws.wspolicy.Policy;
import com.ibm.ws.wssecurity.admin.BindingPropertyConstants;
import com.ibm.ws.wssecurity.config.DerivedKeyInfoConfig;
import com.ibm.ws.wssecurity.config.KeyInfoContentGeneratorConfig;
import com.ibm.ws.wssecurity.config.ReferencePartConfig;
import com.ibm.ws.wssecurity.config.SigningReferenceConfig;
import com.ibm.ws.wssecurity.config.WSSGeneratorConfig;
import com.ibm.ws.wssecurity.confimpl.PrivateCommonConfig;
import com.ibm.ws.wssecurity.confimpl.PrivateConsumerConfig;
import com.ibm.ws.wssecurity.confimpl.PrivateGeneratorConfig;
import com.ibm.ws.wssecurity.core.WSSecurityDefaultConfiguration;
import com.ibm.ws.wssecurity.keyinfo.KeyInfoConsumer;
import com.ibm.ws.wssecurity.util.ConfidentialDialectElementSelector;
import com.ibm.ws.wssecurity.util.ConfigUtil;
import com.ibm.ws.wssecurity.util.IntegralDialectElementSelector;
import com.ibm.ws.wssecurity.util.Tr;
import com.ibm.ws.wssecurity.util.TraceComponent;
import com.ibm.wsspi.wssecurity.core.SoapSecurityException;
import com.ibm.wsspi.wssecurity.core.config.Configuration;
import com.ibm.wsspi.wssecurity.core.config.TokenGeneratorConfig;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.xml.namespace.QName;
import org.xmlsoap.schemas.ws._2004._08.addressing.EndpointReferenceType;

/* loaded from: input_file:lib/com.ibm.wsfp.main.jar:com/ibm/ws/wssecurity/handler/PolicyOutboundConfig.class */
public class PolicyOutboundConfig extends PrivateGeneratorConfig {
    private Map<String, TokenGeneratorConfig> nameToken;
    private Map<String, String> encryptionAlgorithms;
    private Map<String, String> keyEncryptionAlgorithms;
    private Map<String, String> asymmetricSignatureAlgorithms;
    private Map<String, String> symmetricSignatureAlgorithms;
    private Map<String, String> canonicalizationAlgorithms;
    private Map<String, String> transformAlgorithms;
    private Map<String, String> digestAlgorithms;
    private static final String comp = "security.wssecurity";
    private static WSSBindings securityBindings;
    private String origin;
    private static final TraceComponent tc = Tr.register(PolicyOutboundConfig.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.wssmessages");
    private static final String clsName = PolicyOutboundConfig.class.getName();
    WSSecurityDefaultConfiguration defaultConfiguration = null;
    Map<String, KeyInfoContentGeneratorConfig> nameKeyInfo = new HashMap();
    private String asymmetricSignatureAlgorithm = null;
    private String symmetricSignatureAlgorithm = null;
    private String digestAlgorithm = null;
    private String transformAlgorithm = "http://www.w3.org/2001/10/xml-exc-c14n#";
    private String canonicalizationAlgorithm = "http://www.w3.org/2001/10/xml-exc-c14n#";
    private String encryptionAlgorithm = null;
    private String keyEncryptionAlgorithm = null;
    private WSSPolicy bootstrapPolicy = null;
    private PrivateGeneratorConfig.TransformInformationGeneratorConfImpl transformInfo = null;
    private boolean isTargetBindingUsing10NS = false;

    public PolicyOutboundConfig(WSSBindings wSSBindings, WSSPolicy wSSPolicy, boolean z, ClassLoader classLoader, WSSecurityDefaultConfiguration wSSecurityDefaultConfiguration) throws SoapSecurityException {
        this.origin = "non-ws-security";
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "PolicyOutboundConfig(WSSBindings appBindings, WSSPolicy appPolicy, boolean isRequest, ClassLoader appClassLoader,WSSecurityDefaultConfiguration defaultConfiguration):", new Object[]{wSSBindings, wSSPolicy, Boolean.valueOf(z), classLoader, wSSecurityDefaultConfiguration});
        }
        WSSOutboundBinding wSSOutboundBinding = null;
        if (wSSBindings != null) {
            securityBindings = wSSBindings;
            List<WSSBinding> securityBindings2 = securityBindings.getSecurityBindings();
            for (int i = 0; i < securityBindings2.size(); i++) {
                WSSBinding wSSBinding = securityBindings2.get(i);
                if (wSSBinding.getName().equals("application")) {
                    wSSOutboundBinding = wSSBinding.getSecurityOutboundBindingConfig();
                }
            }
        } else {
            if (wSSecurityDefaultConfiguration == null) {
                throw new SoapSecurityException("security.wssecurity.PolicyInboundConfig.s02");
            }
            Tr.warning(tc, "No Application Bindings found, will use Default Bindings");
        }
        init(wSSOutboundBinding, wSSPolicy, z, classLoader, wSSecurityDefaultConfiguration);
        this.origin = "ws-security";
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "PolicyOutboundConfig(SecurityBindings appBindings, WSSPolicy appPolicy, boolean isRequest, ClassLoader appClassLoader,WSSecurityDefaultConfiguration defaultConfiguration)", new Object[]{wSSBindings, wSSPolicy, Boolean.valueOf(z), classLoader});
        }
    }

    public PolicyOutboundConfig(WSSOutboundBinding wSSOutboundBinding, WSSPolicy wSSPolicy, boolean z, ClassLoader classLoader, WSSecurityDefaultConfiguration wSSecurityDefaultConfiguration) throws SoapSecurityException {
        this.origin = "non-ws-security";
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "PolicyOutboundConfig(WSSOutboundBinding binding, WSSPolicy policy, boolean isRequest, ClassLoader appClassLoader, WSSecurityDefaultConfiguration defaultConfiguration):", new Object[]{wSSOutboundBinding, wSSPolicy, Boolean.valueOf(z), classLoader});
        }
        if (wSSOutboundBinding == null && wSSecurityDefaultConfiguration == null) {
            throw new SoapSecurityException("security.wssecurity.PolicyInboundConfig.s02");
        }
        init(wSSOutboundBinding, wSSPolicy, z, classLoader, wSSecurityDefaultConfiguration);
        this.origin = "ws-security";
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "PolicyOutboundConfig(WSSOutboundBinding binding, WSSPolicy policy, boolean isRequest, ClassLoader appClassLoader, WSSecurityDefaultConfiguration defaultConfiguration)", new Object[]{wSSOutboundBinding, wSSPolicy, Boolean.valueOf(z), classLoader});
        }
    }

    /*  JADX ERROR: JadxRuntimeException in pass: BlockProcessor
        jadx.core.utils.exceptions.JadxRuntimeException: CFG modification limit reached, blocks count: 2239
        	at jadx.core.dex.visitors.blocks.BlockProcessor.processBlocksTree(BlockProcessor.java:64)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.visit(BlockProcessor.java:44)
        */
    protected final void init(com.ibm.ws.wssecurity.handler.WSSOutboundBinding r12, com.ibm.ws.wssecurity.handler.WSSPolicy r13, boolean r14, java.lang.ClassLoader r15, com.ibm.ws.wssecurity.core.WSSecurityDefaultConfiguration r16) throws com.ibm.wsspi.wssecurity.core.SoapSecurityException {
        /*
            Method dump skipped, instructions count: 19671
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ws.wssecurity.handler.PolicyOutboundConfig.init(com.ibm.ws.wssecurity.handler.WSSOutboundBinding, com.ibm.ws.wssecurity.handler.WSSPolicy, boolean, java.lang.ClassLoader, com.ibm.ws.wssecurity.core.WSSecurityDefaultConfiguration):void");
    }

    private final void initDefaultConfig(WSSGeneratorConfig wSSGeneratorConfig, List<ReferencePartConfig> list, boolean z, boolean z2, WSSPolicy wSSPolicy, PrivateCommonConfig.ReferencePartConfImpl referencePartConfImpl, boolean z3, boolean z4, boolean z5) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initDefaultConfig(WSSGeneratorConfig, List):", new Object[]{wSSGeneratorConfig, list});
        }
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        HashMap<QName, Integer> hashMap3 = new HashMap<>();
        boolean z6 = false;
        Iterator<TokenGeneratorConfig> it = wSSGeneratorConfig.getTokenGenerators().iterator();
        while (it.hasNext()) {
            PrivateGeneratorConfig.TokenGeneratorConfImpl tokenGeneratorConfImpl = (PrivateGeneratorConfig.TokenGeneratorConfImpl) it.next();
            String qName = tokenGeneratorConfImpl.getType().toString();
            if (com.ibm.ws.wssecurity.common.Constants.SCT_13.equals(tokenGeneratorConfImpl._type)) {
                if (this._symmetricProtectionTokenAssertion != null) {
                    this._symmetricProtectionTokenAssertion._tokenType = com.ibm.ws.wssecurity.common.Constants.SCT_13;
                } else {
                    if (this._symmetricSignatureTokenAssertion != null) {
                        this._symmetricSignatureTokenAssertion._tokenType = com.ibm.ws.wssecurity.common.Constants.SCT_13;
                    }
                    if (this._symmetricEncryptionTokenAssertion != null) {
                        this._symmetricEncryptionTokenAssertion._tokenType = com.ibm.ws.wssecurity.common.Constants.SCT_13;
                    }
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Replaced sct token Type with [" + com.ibm.ws.wssecurity.common.Constants.SCT_13 + "].");
                }
            } else if (com.ibm.ws.wssecurity.common.Constants.LTPAv2_TOKEN.equals(tokenGeneratorConfImpl._type)) {
                z6 = true;
            } else if ((com.ibm.ws.wssecurity.common.Constants.UNTOKEN.equals(tokenGeneratorConfImpl._type) || com.ibm.ws.wssecurity.common.Constants.UNTOKEN_11.equals(tokenGeneratorConfImpl._type)) && tokenGeneratorConfImpl._callbackHandler != null) {
                String str = (String) tokenGeneratorConfImpl._callbackHandler._properties.get(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_USE_IDASSERTION);
                if (str != null) {
                    if (str.equals("true")) {
                        qName = qName + com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_USE_IDASSERTION;
                        if (hashMap.get(qName) != null) {
                            throw SoapSecurityException.format("security.wssecurity.PolicyOutboundConfig.s04", tokenGeneratorConfImpl.getType().toString());
                        }
                    } else if (hashMap.get(qName) != null) {
                        throw SoapSecurityException.format("security.wssecurity.PolicyOutboundConfig.s03", tokenGeneratorConfImpl.getType().toString());
                    }
                } else if (hashMap.get(qName) != null) {
                    throw SoapSecurityException.format("security.wssecurity.PolicyOutboundConfig.s03", tokenGeneratorConfImpl.getType().toString());
                }
            }
            if (!tokenGeneratorConfImpl._usedForEncryption && !tokenGeneratorConfImpl._usedForSignature) {
                if (hashMap.get(qName) != null) {
                    throw SoapSecurityException.format("security.wssecurity.PolicyOutboundConfig.s05", qName.toString());
                }
                hashMap.put(qName, tokenGeneratorConfImpl);
            }
        }
        if (!z2) {
            List<HashMap<String, ProtectionOrSupportingToken>> callerExactlyOneTokens = wSSPolicy.getCallerExactlyOneTokens();
            int size = callerExactlyOneTokens.size();
            int i = 0;
            boolean z7 = false;
            for (int i2 = 0; i2 < size && !z7; i2++) {
                HashMap<String, ProtectionOrSupportingToken> hashMap4 = callerExactlyOneTokens.get(i2);
                int size2 = hashMap4.size();
                int i3 = 0;
                Iterator<String> it2 = hashMap4.keySet().iterator();
                while (it2.hasNext()) {
                    boolean z8 = false;
                    PrivateCommonConfig.TokenAssertion tokenTypeAssertion = getTokenTypeAssertion(hashMap4.get(it2.next()));
                    QName tokenType = tokenTypeAssertion.getTokenType();
                    Iterator<TokenGeneratorConfig> it3 = wSSGeneratorConfig.getTokenGenerators().iterator();
                    while (it3.hasNext() && !z8) {
                        PrivateGeneratorConfig.TokenGeneratorConfImpl tokenGeneratorConfImpl2 = new PrivateGeneratorConfig.TokenGeneratorConfImpl((PrivateGeneratorConfig.TokenGeneratorConfImpl) it3.next());
                        QName type = tokenGeneratorConfImpl2.getType();
                        if (tokenType != null && type.equals(tokenType)) {
                            if (!tokenGeneratorConfImpl2._type.equals(com.ibm.ws.wssecurity.common.Constants.UNTOKEN) && !tokenGeneratorConfImpl2._type.equals(com.ibm.ws.wssecurity.common.Constants.UNTOKEN_11)) {
                                i3++;
                                z8 = true;
                            } else if (tokenGeneratorConfImpl2._callbackHandler != null) {
                                String str2 = (String) tokenGeneratorConfImpl2._callbackHandler._properties.get(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_USE_IDASSERTION);
                                if (str2 != null) {
                                    if (str2.equals("true") && !tokenTypeAssertion._requirePassword) {
                                        i3++;
                                        z8 = true;
                                    } else if (!str2.equals("true") && tokenTypeAssertion._requirePassword) {
                                        i3++;
                                        z8 = true;
                                    }
                                } else if (tokenTypeAssertion._requirePassword) {
                                    i3++;
                                    z8 = true;
                                }
                            }
                            if (i3 == size2) {
                                z7 = true;
                                i = i2;
                            }
                        }
                    }
                }
            }
            if (z7) {
                HashMap<String, ProtectionOrSupportingToken> hashMap5 = callerExactlyOneTokens.get(i);
                for (String str3 : hashMap5.keySet()) {
                    ProtectionOrSupportingToken protectionOrSupportingToken = hashMap5.get(str3);
                    if (retrieveAssertions(str3, z)) {
                        this._tokenEnabled = true;
                        PrivateGeneratorConfig.TokenGeneratorConfImpl tokenGeneratorConfImpl3 = new PrivateGeneratorConfig.TokenGeneratorConfImpl();
                        tokenGeneratorConfImpl3._standAlone = true;
                        PrivateCommonConfig.TokenAssertion tokenTypeAssertion2 = getTokenTypeAssertion(protectionOrSupportingToken);
                        if (tokenTypeAssertion2 != null) {
                            tokenGeneratorConfImpl3._type = tokenTypeAssertion2._tokenType;
                            tokenGeneratorConfImpl3._aTokenAssertion = tokenTypeAssertion2;
                        }
                        this._securityTokens.add(tokenGeneratorConfImpl3);
                        if (str3 == null || str3.length() == 0) {
                            throw SoapSecurityException.format("security.wssecurity.PrivateGeneratorConfig.s23");
                        }
                        if (this.nameToken.containsKey(str3) && tc.isDebugEnabled()) {
                            Tr.debug(tc, "WARNING: required security token [" + str3 + "] is overwritten.");
                        }
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Adding required security token: " + str3);
                        }
                        this.nameToken.put(str3, tokenGeneratorConfImpl3);
                    }
                }
                callerExactlyOneTokens.clear();
            }
        }
        if (z2) {
            if (z) {
                String str4 = null;
                PrivateGeneratorConfig.TokenGeneratorConfImpl tokenGeneratorConfImpl4 = null;
                for (TokenGeneratorConfig tokenGeneratorConfig : this.nameToken.values()) {
                    if (tokenGeneratorConfig instanceof PrivateGeneratorConfig.TokenGeneratorConfImpl) {
                        tokenGeneratorConfImpl4 = (PrivateGeneratorConfig.TokenGeneratorConfImpl) tokenGeneratorConfig;
                        str4 = tokenGeneratorConfImpl4.getType().toString();
                        if (tokenGeneratorConfImpl4.getType().equals(com.ibm.ws.wssecurity.common.Constants.UNTOKEN) || tokenGeneratorConfImpl4.getType().equals(com.ibm.ws.wssecurity.common.Constants.UNTOKEN_11)) {
                            if (hashMap2.get(str4) != null && hashMap2.get(str4 + com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_USE_IDASSERTION) == null) {
                                str4 = str4 + com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_USE_IDASSERTION;
                            } else if (hashMap2.get(str4) != null && hashMap2.get(str4 + com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_USE_IDASSERTION) != null) {
                                throw SoapSecurityException.format("security.wssecurity.PolicyInOutboundConfig.s24", str4.toString());
                            }
                        } else if (com.ibm.ws.wssecurity.common.Constants.LTPA_TOKEN.equals(tokenGeneratorConfImpl4.getType()) && z6) {
                            tokenGeneratorConfImpl4._type = com.ibm.ws.wssecurity.common.Constants.LTPAv2_TOKEN;
                            str4 = com.ibm.ws.wssecurity.common.Constants.LTPAv2_TOKEN.toString();
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Replaced ltpa token Type with [" + com.ibm.ws.wssecurity.common.Constants.LTPAv2_TOKEN + "].");
                            }
                        }
                    }
                    if (str4 != null && tokenGeneratorConfImpl4 != null) {
                        if (hashMap2.get(str4) != null) {
                            if (!tokenGeneratorConfImpl4._type.equals(com.ibm.ws.wssecurity.common.Constants.UNTOKEN) && !tokenGeneratorConfImpl4._type.equals(com.ibm.ws.wssecurity.common.Constants.UNTOKEN_11)) {
                                throw SoapSecurityException.format("security.wssecurity.PolicyInOutboundConfig.s25", tokenGeneratorConfImpl4._type.toString());
                            }
                            if (!str4.endsWith(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_USE_IDASSERTION)) {
                                throw SoapSecurityException.format("security.wssecurity.PolicyInOutboundConfig.s29", tokenGeneratorConfImpl4._type.toString());
                            }
                            throw SoapSecurityException.format("security.wssecurity.PolicyInOutboundConfig.s28", tokenGeneratorConfImpl4._type.toString());
                        }
                        hashMap2.put(str4, tokenGeneratorConfImpl4);
                        hashMap3 = updateTokenTypeList(hashMap3, tokenGeneratorConfImpl4.getType());
                    }
                }
            }
        } else if (z) {
            for (TokenGeneratorConfig tokenGeneratorConfig2 : this.nameToken.values()) {
                String str5 = null;
                PrivateGeneratorConfig.TokenGeneratorConfImpl tokenGeneratorConfImpl5 = null;
                if (tokenGeneratorConfig2 instanceof PrivateGeneratorConfig.TokenGeneratorConfImpl) {
                    tokenGeneratorConfImpl5 = (PrivateGeneratorConfig.TokenGeneratorConfImpl) tokenGeneratorConfig2;
                    str5 = tokenGeneratorConfImpl5.getType().toString();
                    if ((tokenGeneratorConfImpl5._type.equals(com.ibm.ws.wssecurity.common.Constants.UNTOKEN) || tokenGeneratorConfImpl5._type.equals(com.ibm.ws.wssecurity.common.Constants.UNTOKEN_11)) && !tokenGeneratorConfImpl5._aTokenAssertion._requirePassword) {
                        str5 = str5 + com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_USE_IDASSERTION;
                    } else if (com.ibm.ws.wssecurity.common.Constants.LTPA_TOKEN.equals(tokenGeneratorConfImpl5._type) && z6) {
                        tokenGeneratorConfImpl5._type = com.ibm.ws.wssecurity.common.Constants.LTPAv2_TOKEN;
                        str5 = com.ibm.ws.wssecurity.common.Constants.LTPAv2_TOKEN.toString();
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Replaced ltpa token Type with [" + com.ibm.ws.wssecurity.common.Constants.LTPAv2_TOKEN + "].");
                        }
                    }
                }
                if (str5 != null && tokenGeneratorConfImpl5 != null) {
                    if (hashMap2.get(str5) != null) {
                        if (!tokenGeneratorConfImpl5._type.equals(com.ibm.ws.wssecurity.common.Constants.UNTOKEN) && !tokenGeneratorConfImpl5._type.equals(com.ibm.ws.wssecurity.common.Constants.UNTOKEN_11)) {
                            throw SoapSecurityException.format("security.wssecurity.PolicyInOutboundConfig.s25", tokenGeneratorConfImpl5._type.toString());
                        }
                        if (!str5.endsWith(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_USE_IDASSERTION)) {
                            throw SoapSecurityException.format("security.wssecurity.PolicyInOutboundConfig.s29", tokenGeneratorConfImpl5._type.toString());
                        }
                        throw SoapSecurityException.format("security.wssecurity.PolicyInOutboundConfig.s28", tokenGeneratorConfImpl5._type.toString());
                    }
                    hashMap2.put(str5, tokenGeneratorConfImpl5);
                    hashMap3 = updateTokenTypeList(hashMap3, tokenGeneratorConfImpl5.getType());
                }
            }
        }
        Integer num = hashMap3.get(com.ibm.ws.wssecurity.common.Constants.UNTOKEN);
        if (num != null && num.intValue() == 1 && hashMap.containsKey(com.ibm.ws.wssecurity.common.Constants.UNTOKEN.toString()) && hashMap.containsKey(com.ibm.ws.wssecurity.common.Constants.UNTOKEN.toString() + com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_USE_IDASSERTION)) {
            throw SoapSecurityException.format("security.wssecurity.PolicyOutboundConfig.s06", com.ibm.ws.wssecurity.common.Constants.UNTOKEN.toString());
        }
        Integer num2 = hashMap3.get(com.ibm.ws.wssecurity.common.Constants.UNTOKEN_11);
        if (num2 != null && num2.intValue() == 1 && hashMap.containsKey(com.ibm.ws.wssecurity.common.Constants.UNTOKEN_11.toString()) && hashMap.containsKey(com.ibm.ws.wssecurity.common.Constants.UNTOKEN_11.toString() + com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_USE_IDASSERTION)) {
            throw SoapSecurityException.format("security.wssecurity.PolicyOutboundConfig.s06", com.ibm.ws.wssecurity.common.Constants.UNTOKEN_11.toString());
        }
        for (String str6 : hashMap2.keySet()) {
            PrivateGeneratorConfig.TokenGeneratorConfImpl tokenGeneratorConfImpl6 = (PrivateGeneratorConfig.TokenGeneratorConfImpl) hashMap.get(str6);
            if (tokenGeneratorConfImpl6 == null) {
                if (str6.startsWith(com.ibm.ws.wssecurity.common.Constants.UNTOKEN.toString())) {
                    throw SoapSecurityException.format("security.wssecurity.PolicyOutboundConfig.s07", com.ibm.ws.wssecurity.common.Constants.UNTOKEN.toString());
                }
                if (!str6.startsWith(com.ibm.ws.wssecurity.common.Constants.UNTOKEN_11.toString())) {
                    throw SoapSecurityException.format("security.wssecurity.PolicyOutboundConfig.s07", str6);
                }
                throw SoapSecurityException.format("security.wssecurity.PolicyOutboundConfig.s07", com.ibm.ws.wssecurity.common.Constants.UNTOKEN_11.toString());
            }
            PrivateGeneratorConfig.TokenGeneratorConfImpl tokenGeneratorConfImpl7 = (PrivateGeneratorConfig.TokenGeneratorConfImpl) hashMap2.get(str6);
            tokenGeneratorConfImpl6._standAlone = tokenGeneratorConfImpl7._standAlone;
            tokenGeneratorConfImpl6._aTokenAssertion = tokenGeneratorConfImpl7._aTokenAssertion;
            this._tokenGenerators.add(tokenGeneratorConfImpl6);
        }
        if (!z) {
            boolean z9 = wSSGeneratorConfig.isExplicitlyProtectSignatureConfirmation();
            if (this._signatureConfirmationRequired && !z9) {
                if (!z4) {
                    if (this._integralParts.size() > 0) {
                        PrivateCommonConfig.ReferencePartConfImpl referencePartConfImpl2 = (PrivateCommonConfig.ReferencePartConfImpl) this._integralParts.get(0);
                        PrivateCommonConfig.PartConfImpl partConfImpl = new PrivateCommonConfig.PartConfImpl();
                        partConfImpl._dialect = com.ibm.ws.wssecurity.common.Constants.DIALECT_WAS;
                        partConfImpl._keyword = IntegralDialectElementSelector.WASDIALECTS[14];
                        referencePartConfImpl2._parts.add(partConfImpl);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Adding SignatureConfirmation to required integrity for default binding");
                        }
                    } else {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Cannot sign SignatureConfirmation element since nothing else on the message is signed");
                        }
                        Tr.warning(tc, ConfigUtil.getMessage("security.wssecurity.PolicyInOutboundConfig.s23"));
                    }
                }
                if (!z5) {
                    if (this._confidentialParts.size() > 0) {
                        PrivateCommonConfig.ReferencePartConfImpl referencePartConfImpl3 = (PrivateCommonConfig.ReferencePartConfImpl) this._confidentialParts.get(0);
                        PrivateCommonConfig.PartConfImpl partConfImpl2 = new PrivateCommonConfig.PartConfImpl();
                        partConfImpl2._dialect = com.ibm.ws.wssecurity.common.Constants.DIALECT_WAS;
                        partConfImpl2._keyword = ConfidentialDialectElementSelector.WASDIALECTS[6];
                        referencePartConfImpl3._parts.add(partConfImpl2);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Adding SignatureConfirmation to required confidentiality for default binding");
                        }
                    } else {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Cannot encrypt SignatureConfirmation element since nothing else on the message is encrypted");
                        }
                        Tr.warning(tc, ConfigUtil.getMessage("security.wssecurity.PolicyInOutboundConfig.s22"));
                    }
                }
            }
        }
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        arrayList2.addAll(this._confidentialParts);
        arrayList.addAll(this._integralParts);
        for (Configuration configuration : wSSGeneratorConfig.getOperationGenerators()) {
            if (configuration instanceof PrivateGeneratorConfig.EncryptionGeneratorConfImpl) {
                PrivateGeneratorConfig.EncryptionGeneratorConfImpl encryptionGeneratorConfImpl = (PrivateGeneratorConfig.EncryptionGeneratorConfImpl) configuration;
                if (encryptionGeneratorTokenMatch(encryptionGeneratorConfImpl, z)) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Setting up encryption generation information from default bindings.");
                    }
                    Iterator it4 = arrayList2.iterator();
                    while (it4.hasNext()) {
                        PrivateCommonConfig.ReferencePartConfImpl referencePartConfImpl4 = (PrivateCommonConfig.ReferencePartConfImpl) it4.next();
                        it4.remove();
                        PrivateGeneratorConfig.EncryptionGeneratorConfImpl encryptionGeneratorConfImpl2 = new PrivateGeneratorConfig.EncryptionGeneratorConfImpl();
                        encryptionGeneratorConfImpl2._reference = referencePartConfImpl4;
                        encryptionGeneratorConfImpl2._reference.getBindings().add(encryptionGeneratorConfImpl2);
                        PrivateCommonConfig.AlgorithmConfImpl algorithmConfImpl = new PrivateCommonConfig.AlgorithmConfImpl();
                        algorithmConfImpl._algorithm = this.encryptionAlgorithm;
                        encryptionGeneratorConfImpl2._dataEncryptionMethod = algorithmConfImpl;
                        if (encryptionGeneratorConfImpl._isKeyEncryption) {
                            PrivateCommonConfig.AlgorithmConfImpl algorithmConfImpl2 = new PrivateCommonConfig.AlgorithmConfImpl();
                            algorithmConfImpl2._algorithm = this.keyEncryptionAlgorithm;
                            encryptionGeneratorConfImpl2._keyEncryptionMethod = algorithmConfImpl2;
                        }
                        encryptionGeneratorConfImpl2._encryptionKeyInfo = encryptionGeneratorConfImpl._encryptionKeyInfo;
                        encryptionGeneratorConfImpl2._properties.putAll(encryptionGeneratorConfImpl.getProperties());
                        encryptionGeneratorConfImpl2._encryptionKeyInfo.getContentGenerator();
                        if (z2) {
                            Integer num3 = (Integer) encryptionGeneratorConfImpl2._properties.get(com.ibm.ws.wssecurity.common.Constants.ORDER);
                            if (num3 == null) {
                                throw new SoapSecurityException(ConfigUtil.getMessage("security.wssecurity.PolicyOutboundConfig.encorder"));
                            }
                            encryptionGeneratorConfImpl2._reference._order = num3.intValue();
                            boolean z10 = false;
                            Iterator<ReferencePartConfig> it5 = list.iterator();
                            int i4 = 0;
                            while (true) {
                                if (!it5.hasNext()) {
                                    break;
                                }
                                if (encryptionGeneratorConfImpl2._reference._order < ((PrivateCommonConfig.ReferencePartConfImpl) it5.next())._order) {
                                    z10 = true;
                                    list.add(i4, encryptionGeneratorConfImpl2._reference);
                                    break;
                                }
                                i4++;
                            }
                            if (!z10) {
                                list.add(encryptionGeneratorConfImpl2._reference);
                            }
                            ConfigUtil.insertGenerator(this._operationGenerators, list, ConfigUtil.getPosition(list, encryptionGeneratorConfImpl2._reference), encryptionGeneratorConfImpl2);
                        } else if (wSSPolicy.getPolicyBinding().isSignBeforeEncrypting()) {
                            this._operationGenerators.add(encryptionGeneratorConfImpl2);
                        } else {
                            this._operationGenerators.add(0, encryptionGeneratorConfImpl2);
                        }
                    }
                } else {
                    continue;
                }
            } else {
                PrivateGeneratorConfig.SignatureGeneratorConfImpl signatureGeneratorConfImpl = (PrivateGeneratorConfig.SignatureGeneratorConfImpl) configuration;
                if (signatureGeneratorTokenMatch(signatureGeneratorConfImpl, z)) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Setting up signature generation information from default bindings.");
                    }
                    Iterator<SigningReferenceConfig> it6 = signatureGeneratorConfImpl._references.iterator();
                    while (it6.hasNext()) {
                        PrivateCommonConfig.SigningReferenceConfImpl signingReferenceConfImpl = (PrivateCommonConfig.SigningReferenceConfImpl) it6.next();
                        if (!arrayList.isEmpty()) {
                            Iterator it7 = arrayList.iterator();
                            while (it7.hasNext()) {
                                PrivateCommonConfig.ReferencePartConfImpl referencePartConfImpl5 = (PrivateCommonConfig.ReferencePartConfImpl) it7.next();
                                it7.remove();
                                PrivateGeneratorConfig.SignatureGeneratorConfImpl signatureGeneratorConfImpl2 = new PrivateGeneratorConfig.SignatureGeneratorConfImpl();
                                PrivateCommonConfig.SigningReferenceConfImpl signingReferenceConfImpl2 = new PrivateCommonConfig.SigningReferenceConfImpl();
                                signatureGeneratorConfImpl2._properties.putAll(signatureGeneratorConfImpl._properties);
                                signingReferenceConfImpl2._reference = referencePartConfImpl5;
                                signingReferenceConfImpl2._reference.getBindings().add(signatureGeneratorConfImpl2);
                                if (z2) {
                                    Integer num4 = (Integer) signatureGeneratorConfImpl2._properties.get(com.ibm.ws.wssecurity.common.Constants.ORDER);
                                    if (num4 == null) {
                                        throw new SoapSecurityException(ConfigUtil.getMessage("security.wssecurity.PolicyOutboundConfig.sigorder"));
                                    }
                                    signingReferenceConfImpl2._reference._order = num4.intValue();
                                    boolean z11 = false;
                                    Iterator<ReferencePartConfig> it8 = list.iterator();
                                    int i5 = 0;
                                    while (true) {
                                        if (!it8.hasNext()) {
                                            break;
                                        }
                                        if (signingReferenceConfImpl2._reference._order < ((PrivateCommonConfig.ReferencePartConfImpl) it8.next())._order) {
                                            z11 = true;
                                            list.add(i5, signingReferenceConfImpl2._reference);
                                            break;
                                        }
                                        i5++;
                                    }
                                    if (!z11) {
                                        list.add(signingReferenceConfImpl2._reference);
                                    }
                                } else if (wSSPolicy.getPolicyBinding().isSignBeforeEncrypting()) {
                                    list.add(0, signingReferenceConfImpl2._reference);
                                } else {
                                    list.add(signingReferenceConfImpl2._reference);
                                }
                                PrivateCommonConfig.AlgorithmConfImpl algorithmConfImpl3 = new PrivateCommonConfig.AlgorithmConfImpl();
                                algorithmConfImpl3._algorithm = this.digestAlgorithm;
                                signingReferenceConfImpl2._digestMethod = algorithmConfImpl3;
                                signingReferenceConfImpl2._transforms.addAll(signingReferenceConfImpl._transforms);
                                signatureGeneratorConfImpl2._references.add(signingReferenceConfImpl2);
                                PrivateCommonConfig.AlgorithmConfImpl algorithmConfImpl4 = new PrivateCommonConfig.AlgorithmConfImpl();
                                algorithmConfImpl4._algorithm = this.canonicalizationAlgorithm;
                                signatureGeneratorConfImpl2._canonicalizationMethod = algorithmConfImpl4;
                                PrivateCommonConfig.AlgorithmConfImpl algorithmConfImpl5 = new PrivateCommonConfig.AlgorithmConfImpl();
                                if (this._symmetricBinding) {
                                    algorithmConfImpl5._algorithm = this.symmetricSignatureAlgorithm;
                                } else {
                                    algorithmConfImpl5._algorithm = this.asymmetricSignatureAlgorithm;
                                }
                                signatureGeneratorConfImpl2._signatureMethod = algorithmConfImpl5;
                                signatureGeneratorConfImpl2._signingKeyInfo = signatureGeneratorConfImpl._signingKeyInfo;
                                if (z2) {
                                    ConfigUtil.insertGenerator(this._operationGenerators, list, ConfigUtil.getMinimumPosition(list, signatureGeneratorConfImpl2._references), signatureGeneratorConfImpl2);
                                } else if (wSSPolicy.getPolicyBinding().isSignBeforeEncrypting()) {
                                    this._operationGenerators.add(0, signatureGeneratorConfImpl2);
                                } else {
                                    this._operationGenerators.add(signatureGeneratorConfImpl2);
                                }
                            }
                        }
                    }
                } else {
                    continue;
                }
            }
        }
        if (!arrayList.isEmpty()) {
            throw SoapSecurityException.format("security.wssecurity.PolicyOutboundConfig.s08");
        }
        if (!arrayList2.isEmpty()) {
            throw SoapSecurityException.format("security.wssecurity.PolicyOutboundConfig.s09");
        }
        if (this._encryptSignature && !z2 && z3 && this._operationGenerators.size() > 0) {
            Iterator<Configuration> it9 = this._operationGenerators.iterator();
            boolean z12 = false;
            while (it9.hasNext() && !z12) {
                Configuration next = it9.next();
                if (next instanceof PrivateGeneratorConfig.EncryptionGeneratorConfImpl) {
                    PrivateGeneratorConfig.EncryptionGeneratorConfImpl encryptionGeneratorConfImpl3 = new PrivateGeneratorConfig.EncryptionGeneratorConfImpl((PrivateGeneratorConfig.EncryptionGeneratorConfImpl) next);
                    encryptionGeneratorConfImpl3._reference = referencePartConfImpl;
                    this._operationGenerators.add(encryptionGeneratorConfImpl3);
                    z12 = true;
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "initDefaultConfig(WSSGeneratorConfig, List):", new Object[]{wSSGeneratorConfig, list});
        }
    }

    private HashMap<QName, Integer> updateTokenTypeList(HashMap<QName, Integer> hashMap, QName qName) {
        Integer num = hashMap.get(qName);
        if (num == null) {
            hashMap.put(qName, new Integer(1));
        } else {
            hashMap.put(qName, Integer.valueOf(num.intValue() + 1));
        }
        return hashMap;
    }

    final String getOrigin() {
        return this.origin;
    }

    private boolean encryptionGeneratorTokenMatch(PrivateGeneratorConfig.EncryptionGeneratorConfImpl encryptionGeneratorConfImpl, boolean z) throws SoapSecurityException {
        boolean z2 = false;
        if (encryptionGeneratorConfImpl.getEncryptionKeyInfo() == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "No EncryptionKeyInfo found in encryptionGeneratorConfig = " + encryptionGeneratorConfImpl);
            }
            throw new SoapSecurityException(ConfigUtil.getMessage("security.wssecurity.KeyInfoGenerator.getKey01"));
        }
        KeyInfoContentGeneratorConfig contentGenerator = encryptionGeneratorConfImpl.getEncryptionKeyInfo().getContentGenerator();
        if (contentGenerator == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "No keyInfoContentGenerator found in KeyInfoGeneratorConfig = " + encryptionGeneratorConfImpl.getEncryptionKeyInfo());
            }
            throw new SoapSecurityException(ConfigUtil.getMessage("security.wssecurity.KeyInfoGenerator.getKey01"));
        }
        QName type = contentGenerator.getTokenGenerator().getType();
        if (type != null) {
            if (this._symmetricBinding) {
                if (this._symmetricProtectionTokenAssertion != null) {
                    z2 = this._symmetricProtectionTokenAssertion.getTokenType().equals(type);
                } else if (this._symmetricEncryptionTokenAssertion != null) {
                    z2 = this._symmetricEncryptionTokenAssertion.getTokenType().equals(type);
                }
            } else if (z) {
                if (!this._recipientTokens.isEmpty()) {
                    z2 = this._recipientTokenQNames.indexOf(type) >= 0;
                } else if (!this._recipientEncryptionTokens.isEmpty()) {
                    z2 = this._recipientEncryptionTokenQNames.indexOf(type) >= 0;
                }
            } else if (!this._initiatorTokens.isEmpty()) {
                z2 = this._initiatorTokenQNames.indexOf(type) >= 0;
            } else if (!this._initiatorEncryptionTokens.isEmpty()) {
                z2 = this._initiatorEncryptionTokenQNames.indexOf(type) >= 0;
            }
        }
        return z2;
    }

    private boolean signatureGeneratorTokenMatch(PrivateGeneratorConfig.SignatureGeneratorConfImpl signatureGeneratorConfImpl, boolean z) throws SoapSecurityException {
        boolean z2 = false;
        if (signatureGeneratorConfImpl.getSigningKeyInfo() == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "No SigningKeyInfo found in signatureGeneratorConfig = " + signatureGeneratorConfImpl);
            }
            throw new SoapSecurityException(ConfigUtil.getMessage("security.wssecurity.KeyInfoGenerator.getKey01"));
        }
        KeyInfoContentGeneratorConfig contentGenerator = signatureGeneratorConfImpl.getSigningKeyInfo().getContentGenerator();
        if (contentGenerator == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "No keyInfoContentGenerator found in KeyInfoGeneratorConfig = " + signatureGeneratorConfImpl.getSigningKeyInfo());
            }
            throw new SoapSecurityException(ConfigUtil.getMessage("security.wssecurity.KeyInfoGenerator.getKey01"));
        }
        QName type = contentGenerator.getTokenGenerator().getType();
        if (type != null) {
            if (this._symmetricBinding) {
                if (this._symmetricProtectionTokenAssertion != null) {
                    z2 = this._symmetricProtectionTokenAssertion.getTokenType().equals(type);
                } else if (this._symmetricSignatureTokenAssertion != null) {
                    z2 = this._symmetricSignatureTokenAssertion.getTokenType().equals(type);
                }
            } else if (z) {
                if (!this._initiatorTokens.isEmpty()) {
                    z2 = this._initiatorTokenQNames.indexOf(type) >= 0;
                } else if (!this._initiatorSignatureTokens.isEmpty()) {
                    z2 = this._initiatorSignatureTokenQNames.indexOf(type) >= 0;
                }
            } else if (!this._recipientTokens.isEmpty()) {
                z2 = this._recipientTokenQNames.indexOf(type) >= 0;
            } else if (!this._recipientSignatureTokens.isEmpty()) {
                z2 = this._recipientSignatureTokenQNames.indexOf(type) >= 0;
            }
        }
        return z2;
    }

    private String getKeyInfoTypeForEncryption(QName qName, boolean z) throws SoapSecurityException {
        int indexOf;
        int indexOf2;
        String str = null;
        PrivateCommonConfig.TokenAssertion tokenAssertion = null;
        if (qName != null) {
            if (this._symmetricBinding) {
                if (this._symmetricProtectionTokenAssertion != null) {
                    if (this._symmetricProtectionTokenAssertion.getTokenType().equals(qName)) {
                        tokenAssertion = this._symmetricProtectionTokenAssertion;
                    }
                } else if (this._symmetricEncryptionTokenAssertion != null && this._symmetricEncryptionTokenAssertion.getTokenType().equals(qName)) {
                    tokenAssertion = this._symmetricEncryptionTokenAssertion;
                }
            } else if (z) {
                if (!this._recipientTokens.isEmpty()) {
                    int indexOf3 = this._recipientTokenQNames.indexOf(qName);
                    if (indexOf3 >= 0) {
                        tokenAssertion = this._recipientTokens.get(indexOf3);
                    }
                } else if (!this._recipientEncryptionTokens.isEmpty() && (indexOf2 = this._recipientEncryptionTokenQNames.indexOf(qName)) >= 0) {
                    tokenAssertion = this._recipientEncryptionTokens.get(indexOf2);
                }
            } else if (!this._initiatorTokens.isEmpty()) {
                int indexOf4 = this._initiatorTokenQNames.indexOf(qName);
                if (indexOf4 >= 0) {
                    tokenAssertion = this._initiatorTokens.get(indexOf4);
                }
            } else if (!this._initiatorEncryptionTokens.isEmpty() && (indexOf = this._initiatorEncryptionTokenQNames.indexOf(qName)) >= 0) {
                tokenAssertion = this._initiatorEncryptionTokens.get(indexOf);
            }
        }
        if (tokenAssertion != null) {
            str = getKeyInfoType(tokenAssertion);
        }
        return str;
    }

    private String getKeyInfoTypeForSignature(QName qName, boolean z) throws SoapSecurityException {
        int indexOf;
        int indexOf2;
        PrivateCommonConfig.TokenAssertion tokenAssertion = null;
        String str = null;
        if (qName != null) {
            if (this._symmetricBinding) {
                if (this._symmetricProtectionTokenAssertion != null) {
                    if (this._symmetricProtectionTokenAssertion.getTokenType().equals(qName)) {
                        tokenAssertion = this._symmetricProtectionTokenAssertion;
                    }
                } else if (this._symmetricSignatureTokenAssertion != null && this._symmetricSignatureTokenAssertion.getTokenType().equals(qName)) {
                    tokenAssertion = this._symmetricSignatureTokenAssertion;
                }
            } else if (z) {
                if (!this._initiatorTokens.isEmpty()) {
                    int indexOf3 = this._initiatorTokenQNames.indexOf(qName);
                    if (indexOf3 >= 0) {
                        tokenAssertion = this._initiatorTokens.get(indexOf3);
                    }
                } else if (!this._initiatorSignatureTokens.isEmpty() && (indexOf2 = this._initiatorSignatureTokenQNames.indexOf(qName)) >= 0) {
                    tokenAssertion = this._initiatorSignatureTokens.get(indexOf2);
                }
            } else if (!this._recipientTokens.isEmpty()) {
                int indexOf4 = this._recipientTokenQNames.indexOf(qName);
                if (indexOf4 >= 0) {
                    tokenAssertion = this._recipientTokens.get(indexOf4);
                }
            } else if (!this._recipientSignatureTokens.isEmpty() && (indexOf = this._recipientSignatureTokenQNames.indexOf(qName)) >= 0) {
                tokenAssertion = this._recipientSignatureTokens.get(indexOf);
            }
        }
        if (tokenAssertion != null) {
            str = getKeyInfoType(tokenAssertion);
        }
        return str;
    }

    private String getKeyInfoType(PrivateCommonConfig.TokenAssertion tokenAssertion) {
        String str = null;
        if (tokenAssertion != null) {
            if (tokenAssertion.requireKeyIdentifierReference()) {
                str = KeyInfoConsumer.KEYID;
            } else if (tokenAssertion.requireIssuerSerialReference()) {
                str = KeyInfoConsumer.X509ISSUER;
            } else if (tokenAssertion.requireEmbeddedTokenReference()) {
                str = KeyInfoConsumer.EMB;
            } else if (tokenAssertion.requireThumbprintReference()) {
                str = KeyInfoConsumer.THUMBPRINT;
            } else if (tokenAssertion.requireSTRReference()) {
                str = KeyInfoConsumer.STRREF;
            }
        }
        return str;
    }

    private PrivateCommonConfig.TokenAssertion tokenAssertion(String str, List<?> list) throws SoapSecurityException {
        PrivateCommonConfig.TokenAssertion tokenAssertion;
        if (str.equals(PolicyAttributesConstants.X509TOKEN)) {
            tokenAssertion = new PrivateCommonConfig.TokenAssertion();
            boolean z = false;
            if (list != null && list.size() != 0) {
                for (int i = 0; i < list.size(); i++) {
                    Object obj = list.get(i);
                    if (obj instanceof String) {
                        String str2 = (String) obj;
                        if ("RequireDerivedKeys".equals(str2)) {
                            tokenAssertion._requireDerivedKeys = true;
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "the policy assertion for X509TOKEN has added RequireDerivedKeys");
                            }
                        } else if ("RequireImplicitDerivedKeys".equals(str2)) {
                            tokenAssertion._requireImplicitDerivedKeys = true;
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "the policy assertion for X509TOKEN has added RequireImplicitDerivedKeys");
                            }
                        } else if ("RequireExplicitDerivedKeys".equals(str2)) {
                            tokenAssertion._requireExplicitDerivedKeys = true;
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "the policy assertion for X509TOKEN has added RequireExplicitDerivedKeys");
                            }
                        } else if ("WssX509V3Token10".equals(str2)) {
                            tokenAssertion._tokenType = com.ibm.ws.wssecurity.common.Constants.X509V3_OLD;
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "the policy assertion for X509TOKEN has added WssX509V3Token10");
                            }
                        } else if ("WssX509Pkcs7Token10".equals(str2)) {
                            tokenAssertion._tokenType = com.ibm.ws.wssecurity.common.Constants.PKCS7;
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "the policy assertion for X509TOKEN has added WssX509Pkcs7Token10");
                            }
                        } else if ("WssX509PkiPathV1Token10".equals(str2)) {
                            tokenAssertion._tokenType = com.ibm.ws.wssecurity.common.Constants.PKI_PATH;
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "the policy assertion for X509TOKEN has added WssX509PkiPathV1Token10");
                            }
                        } else if ("WssX509V1Token11".equals(str2)) {
                            tokenAssertion._tokenType = com.ibm.ws.wssecurity.common.Constants.X509V3_11_V1;
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "the policy assertion for X509TOKEN has added WssX509V1Token11");
                            }
                        } else if ("WssX509V3Token11".equals(str2)) {
                            tokenAssertion._tokenType = com.ibm.ws.wssecurity.common.Constants.X509V3_11_V3;
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "the policy assertion for X509TOKEN has added WssX509V3Token11");
                            }
                        } else if ("WssX509Pkcs7Token11".equals(str2)) {
                            tokenAssertion._tokenType = com.ibm.ws.wssecurity.common.Constants.PKCS711;
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "the policy assertion for X509TOKEN has added WssX509Pkcs7Token11");
                            }
                        } else if ("WssX509PkiPathV1Token11".equals(str2)) {
                            tokenAssertion._tokenType = com.ibm.ws.wssecurity.common.Constants.PKI_PATH11;
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "the policy assertion for X509TOKEN has added WssX509PkiPathV1Token11");
                            }
                        } else if (PolicyConfigUtil.REQUIRE_KEY_IDENTIFIER_REFERENCE.equals(str2)) {
                            if (z) {
                                throw new SoapSecurityException(ConfigUtil.getMessage("security.wssecurity.PolicyInOutboundConfig.s05", new String[]{str2}));
                            }
                            z = true;
                            tokenAssertion._requireKeyIdentifierReference = true;
                            tokenAssertion._requireSTRReference = false;
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "the policy assertion for X509TOKEN has added RequireKeyIdentifierReference");
                            }
                        } else if (PolicyConfigUtil.REQUIRE_ISSUER_SERIAL_REFERENCE.equals(str2)) {
                            if (z) {
                                throw new SoapSecurityException(ConfigUtil.getMessage("security.wssecurity.PolicyInOutboundConfig.s05", new String[]{str2}));
                            }
                            z = true;
                            tokenAssertion._requireIssuerSerialReference = true;
                            tokenAssertion._requireSTRReference = false;
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "the policy assertion for X509TOKEN has added RequireIssuerSerialReference");
                            }
                        } else if (PolicyConfigUtil.REQUIRE_EMBEDDED_TOKEN_REFERENCE.equals(str2)) {
                            if (z) {
                                throw new SoapSecurityException(ConfigUtil.getMessage("security.wssecurity.PolicyInOutboundConfig.s05", new String[]{str2}));
                            }
                            z = true;
                            tokenAssertion._requireEmbeddedTokenReference = true;
                            tokenAssertion._requireSTRReference = false;
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "the policy assertion for X509TOKEN has added RequireEmbeddedTokenReference");
                            }
                        } else if (!PolicyConfigUtil.REQUIRE_THUMBPRINT_REFERENCE.equals(str2)) {
                            continue;
                        } else {
                            if (z) {
                                throw new SoapSecurityException(ConfigUtil.getMessage("security.wssecurity.PolicyInOutboundConfig.s05", new String[]{str2}));
                            }
                            z = true;
                            tokenAssertion._requireThumbprintReference = true;
                            tokenAssertion._requireSTRReference = false;
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "the policy assertion for X509TOKEN has added RequireThumbprintReference");
                            }
                        }
                    }
                }
            }
        } else if (str.equals("UsernameToken")) {
            tokenAssertion = new PrivateCommonConfig.TokenAssertion();
            if (list != null && list.size() != 0) {
                for (int i2 = 0; i2 < list.size(); i2++) {
                    Object obj2 = list.get(i2);
                    if (obj2 instanceof String) {
                        String str3 = (String) obj2;
                        if ("RequireDerivedKeys".equals(str3)) {
                            tokenAssertion._requireDerivedKeys = true;
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "the policy assertion for USERNAMETOKEN has added RequireDerivedKeys");
                            }
                        } else if ("RequireImplicitDerivedKeys".equals(str3)) {
                            tokenAssertion._requireImplicitDerivedKeys = true;
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "the policy assertion for USERNAMETOKEN has added RequireImplicitDerivedKeys");
                            }
                        } else if ("RequireExplicitDerivedKeys".equals(str3)) {
                            tokenAssertion._requireExplicitDerivedKeys = true;
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "the policy assertion for USERNAMETOKEN has added RequireExplicitDerivedKeys");
                            }
                        } else if ("NoPassword".equals(str3)) {
                            tokenAssertion._requirePassword = false;
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "the policy assertion for USERNAMETOKEN has set requirePassword to false");
                            }
                        } else if ("WssUsernameToken10".equals(str3)) {
                            if (tokenAssertion._tokenType != null) {
                                throw new SoapSecurityException(ConfigUtil.getMessage("security.wssecurity.PolicyInOutboundConfig.s18", new String[]{tokenAssertion._tokenType.toString(), str3}));
                            }
                            tokenAssertion._tokenType = com.ibm.ws.wssecurity.common.Constants.UNTOKEN;
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "WssUsernameToken10");
                            }
                        } else if (!"WssUsernameToken11".equals(str3)) {
                            continue;
                        } else {
                            if (tokenAssertion._tokenType != null) {
                                throw new SoapSecurityException(ConfigUtil.getMessage("security.wssecurity.PolicyInOutboundConfig.s18", new String[]{tokenAssertion._tokenType.toString(), str3}));
                            }
                            tokenAssertion._tokenType = com.ibm.ws.wssecurity.common.Constants.UNTOKEN_11;
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "WssUsernameToken11");
                            }
                        }
                    }
                }
            }
        } else if (str.equals("KerberosToken")) {
            tokenAssertion = new PrivateCommonConfig.TokenAssertion();
            if (list != null && list.size() != 0) {
                for (int i3 = 0; i3 < list.size(); i3++) {
                    Object obj3 = list.get(i3);
                    if (obj3 instanceof String) {
                        String str4 = (String) obj3;
                        if ("RequireDerivedKeys".equals(str4)) {
                            tokenAssertion._requireDerivedKeys = true;
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "the policy assertion for KERBEROS_TOKEN has added RequireDerivedKeys");
                            }
                        } else if ("RequireImplicitDerivedKeys".equals(str4)) {
                            tokenAssertion._requireImplicitDerivedKeys = true;
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "the policy assertion for KERBEROS_TOKEN has added RequireImplicitDerivedKeys");
                            }
                            Tr.warning(tc, ConfigUtil.getMessage("security.wssecurity.PolicyInOutboundConfig.s05", new String[]{str4}));
                        } else if ("RequireExplicitDerivedKeys".equals(str4)) {
                            tokenAssertion._requireExplicitDerivedKeys = true;
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "the policy assertion for KERBEROS_TOKEN has added RequireExplicitDerivedKeys");
                            }
                            Tr.warning(tc, ConfigUtil.getMessage("security.wssecurity.PolicyInOutboundConfig.s05", new String[]{str4}));
                        } else if (PolicyConfigUtil.REQUIRE_KEY_IDENTIFIER_REFERENCE.equals(str4)) {
                            tokenAssertion._requireKeyIdentifierReference = true;
                            tokenAssertion._requireSTRReference = false;
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "the policy assertion for KERBEROS_TOKEN has added RequireExplicitDerivedKeys");
                            }
                        } else if ("WssKerberosV5ApReqToken11".equals(str4)) {
                            if (tokenAssertion._tokenType != null) {
                                Tr.error(tc, ConfigUtil.getMessage("security.wssecurity.PolicyInOutboundConfig.s06"));
                                throw new SoapSecurityException(ConfigUtil.getMessage("security.wssecurity.PolicyInOutboundConfig.s06"));
                            }
                            tokenAssertion._tokenType = com.ibm.ws.wssecurity.common.Constants.KERBEROSV5;
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "WssKerberosV5ApReqToken11");
                            }
                        } else if (!"WssGssKerberosV5ApReqToken11".equals(str4)) {
                            continue;
                        } else {
                            if (tokenAssertion._tokenType != null) {
                                Tr.error(tc, ConfigUtil.getMessage("security.wssecurity.PolicyInOutboundConfig.s07"));
                                throw new SoapSecurityException(ConfigUtil.getMessage("security.wssecurity.PolicyInOutboundConfig.s06"));
                            }
                            tokenAssertion._tokenType = com.ibm.ws.wssecurity.common.Constants.KERBEROSV5_GSS;
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "WssGssKerberosV5ApReqToken11");
                            }
                        }
                    }
                }
            }
        } else if (str.equals(PolicyAttributesConstants.SC_TOKEN)) {
            tokenAssertion = new PrivateCommonConfig.TokenAssertion();
            this._scEnabled = true;
            if (list != null && list.size() != 0) {
                for (int i4 = 0; i4 < list.size(); i4++) {
                    Object obj4 = list.get(i4);
                    if (obj4 instanceof String) {
                        String str5 = (String) obj4;
                        if ("RequireDerivedKeys".equals(str5)) {
                            tokenAssertion._requireDerivedKeys = true;
                            if (this.transformInfo != null) {
                                this.transformInfo._requireDerivedKeys = true;
                            }
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "the policy assertion for SECURECONVERSATIONTOKEN has added RequireDerivedKeys");
                            }
                        } else if ("RequireImplicitDerivedKeys".equals(str5)) {
                            tokenAssertion._requireImplicitDerivedKeys = true;
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "the policy assertion for SECURECONVERSATIONTOKEN has added RequireImplicitDerivedKeys");
                            }
                        } else if ("RequireExplicitDerivedKeys".equals(str5)) {
                            tokenAssertion._requireExplicitDerivedKeys = true;
                            if (this.transformInfo != null) {
                                this.transformInfo._requireExplicitDerivedKeys = true;
                            }
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "the policy assertion for SECURECONVERSATIONTOKEN has added RequireExplicitDerivedKeys");
                            }
                        } else if ("RequireExternalUriReference".equals(str5)) {
                            tokenAssertion._requireExternalUriReference = true;
                            if (this.transformInfo != null) {
                                this.transformInfo._requireExternalURIReference = true;
                            }
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "the policy assertion for SECURECONVERSATIONTOKEN has added RequireExternalUriReference");
                            }
                        } else if ("SC200502SecurityContextToken".equals(str5)) {
                            tokenAssertion._tokenType = com.ibm.ws.wssecurity.common.Constants.SC_200502;
                            if (this.transformInfo != null) {
                                this.transformInfo._scTokenType = com.ibm.ws.wssecurity.common.Constants.SC_200502;
                            }
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "the policy assertion for SECURECONVERSATIONTOKEN has added SC200502SecurityContextToken");
                            }
                        } else if ("SC13SecurityContextToken".equals(str5)) {
                            tokenAssertion._tokenType = com.ibm.ws.wssecurity.common.Constants.SCT_13;
                            if (this.transformInfo != null) {
                                this.transformInfo._scTokenType = com.ibm.ws.wssecurity.common.Constants.SCT_13;
                            }
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "the policy assertion for SECURECONVERSATIONTOKEN has added SC13SecurityContextToken");
                            }
                        } else if (PolicyAttributesConstants.BOOTSTRAP.equals(str5)) {
                            if (this._request) {
                                tokenAssertion._hasBootStrap = true;
                                if (this.transformInfo != null) {
                                    this.transformInfo._hasBootstrap = true;
                                }
                                try {
                                    if (this._useDefault) {
                                        this._bootstrapConsumerConfig = new PolicyInboundConfig((WSSInboundBinding) null, this.bootstrapPolicy, false, (ClassLoader) null, this.defaultConfiguration);
                                        this._bootstrapGeneratorConfig = new PolicyOutboundConfig((WSSOutboundBinding) null, this.bootstrapPolicy, true, (ClassLoader) null, this.defaultConfiguration);
                                    } else {
                                        List<WSSBinding> securityBindings2 = securityBindings.getSecurityBindings();
                                        for (int i5 = 0; i5 < securityBindings2.size(); i5++) {
                                            WSSBinding wSSBinding = securityBindings2.get(i5);
                                            if (wSSBinding.getName().equals(BindingPropertyConstants.BOOTSTRAP)) {
                                                WSSOutboundBinding securityOutboundBindingConfig = wSSBinding.getSecurityOutboundBindingConfig();
                                                this._bootstrapConsumerConfig = new PolicyInboundConfig(wSSBinding.getSecurityInboundBindingConfig(), this.bootstrapPolicy, false, (ClassLoader) null, this.defaultConfiguration);
                                                this._bootstrapGeneratorConfig = new PolicyOutboundConfig(securityOutboundBindingConfig, this.bootstrapPolicy, true, (ClassLoader) null, this.defaultConfiguration);
                                            }
                                        }
                                    }
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "The assertion for BootstrapPolicy processed");
                                    }
                                } catch (Exception e) {
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "Exception while loading bootstrap config:", e);
                                    }
                                    Tr.error(tc, "Fail to load Bootstrap configuration:" + e);
                                    throw new SoapSecurityException(e.getMessage());
                                }
                            } else if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "BootstrapPolicy not processed since this is a response.");
                            }
                        }
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "The SecureConversation assertion processed");
                        }
                    }
                }
            }
        } else if (str.equals(PolicyAttributesConstants.LTPA_TOKEN) || str.equals(PolicyAttributesConstants.LTPA_PROPGATION_TOKEN) || str.equals(PolicyAttributesConstants.CUSTOM_TOKEN)) {
            tokenAssertion = new PrivateCommonConfig.TokenAssertion();
            if (list != null && list.size() != 0) {
                for (int i6 = 0; i6 < list.size(); i6++) {
                    Object obj5 = list.get(i6);
                    if (obj5 instanceof QName) {
                        tokenAssertion._tokenType = (QName) obj5;
                    }
                }
            }
        } else {
            tokenAssertion = null;
            Tr.warning(tc, "security.wssecurity.PolicyInOutboundConfig.s01", new String[]{str});
        }
        return tokenAssertion;
    }

    private PrivateCommonConfig.TokenAssertion getTokenTypeAssertion(ProtectionOrSupportingToken protectionOrSupportingToken) throws SoapSecurityException {
        String type = protectionOrSupportingToken.getType();
        PrivateCommonConfig.TokenAssertion tokenAssertion = null;
        List<String> tokenAssertions = protectionOrSupportingToken.getTokenAssertions();
        if (tokenAssertions != null && tokenAssertions.size() > 0) {
            if (protectionOrSupportingToken.isSecureConversationToken()) {
                this.bootstrapPolicy = protectionOrSupportingToken.getBootstrapPolicy();
            }
            tokenAssertion = tokenAssertion(type, tokenAssertions);
        }
        List<QName> wssTokenAssertions = protectionOrSupportingToken.getWssTokenAssertions();
        if (wssTokenAssertions != null && wssTokenAssertions.size() > 0) {
            tokenAssertion = tokenAssertion(type, wssTokenAssertions);
        }
        if (tokenAssertion != null) {
            tokenAssertion._includeToken = protectionOrSupportingToken.getIncludeToken();
            EndpointReferenceType issuer = protectionOrSupportingToken.getIssuer();
            if (issuer == null) {
                org.w3._2005._08.addressing.EndpointReferenceType issuer200508 = protectionOrSupportingToken.getIssuer200508();
                if (issuer200508 != null && (issuer200508 instanceof org.w3._2005._08.addressing.EndpointReferenceType)) {
                    tokenAssertion._issuer200508 = protectionOrSupportingToken.getIssuer200508();
                }
            } else if (issuer instanceof EndpointReferenceType) {
                tokenAssertion._issuer = protectionOrSupportingToken.getIssuer();
            }
        }
        return tokenAssertion;
    }

    private void algorithmSuiteAssertion(String str) {
        if (PolicyConfigUtil.isValidAlgorithmSuite(str)) {
            if (this._symmetricBinding) {
                this.algorithmSuite = str;
                this.symmetricSignatureAlgorithm = PolicyConfigUtil.getAlgorithm(str, 0);
            } else {
                this.asymmetricSignatureAlgorithm = PolicyConfigUtil.getAlgorithm(str, 1);
            }
            this.digestAlgorithm = PolicyConfigUtil.getAlgorithm(str, 2);
            this.encryptionAlgorithm = PolicyConfigUtil.getAlgorithm(str, 3);
            this.keyEncryptionAlgorithm = PolicyConfigUtil.getAlgorithm(str, 5);
            return;
        }
        if ("InclusiveC14N".equals(str)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Found C14N inclusive");
            }
            this.transformAlgorithm = "http://www.w3.org/2001/10/xml-c14n#";
            this.canonicalizationAlgorithm = "http://www.w3.org/2001/10/xml-c14n#";
            return;
        }
        if ("SOAPNormalization10".equals(str)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Found SOAPNormalization10");
                return;
            }
            return;
        }
        if ("STRTransform10".equals(str)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Found STRT10");
                return;
            }
            return;
        }
        if ("XPath10".equals(str)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Found XPATH10");
            }
        } else if ("XPath20".equals(str)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Found STRT10");
            }
        } else if ("AbsXPath".equals(str)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Found ABSXPATH");
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "WARNING: invalid algorithm suite [" + str + "] specified on EncryptedParts .");
        }
    }

    private String layoutAssertion(String str) {
        String str2 = null;
        if (Policy.STRICT.equals(str)) {
            str2 = Policy.STRICT;
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Found Strict");
            }
        } else if ("Lax".equals(str)) {
            str2 = "Lax";
            if (tc.isDebugEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Found Lax");
            }
        } else if ("LaxTsFirst".equals(str)) {
            str2 = "LaxTsFirst";
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Found LaxTsFirst");
            }
        } else if ("LaxTsLast".equals(str)) {
            str2 = "LaxTsLast";
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Found LaxTsLast");
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "WARNING: invalid algorithm suite [" + str + "] specified on EncryptedParts .");
        }
        return str2;
    }

    private boolean retrieveAssertions(String str, boolean z) {
        boolean z2;
        if (str == null) {
            z2 = false;
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "No wsu:Id for Policy element found; ignoring.");
            }
        } else if (str.startsWith("request:") && z) {
            z2 = true;
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Matching outbound request wsu:Id found: " + str);
            }
        } else if (!str.startsWith("response:") || z) {
            z2 = false;
            if (tc.isDebugEnabled()) {
                if (z) {
                    Tr.debug(tc, "wsu:Id found not applicable for outbound request messages: " + str);
                } else {
                    Tr.debug(tc, "wsu:Id found not applicable for outbound response messages: " + str);
                }
            }
        } else {
            z2 = true;
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Matching outbound response wsu:Id found: " + str);
            }
        }
        return z2;
    }

    @Override // com.ibm.ws.wssecurity.confimpl.PrivateGeneratorConfig
    public PrivateGeneratorConfig getBootstrapGeneratorConfig() {
        return this._bootstrapGeneratorConfig;
    }

    @Override // com.ibm.ws.wssecurity.confimpl.PrivateGeneratorConfig
    public PrivateConsumerConfig getBootstrapConsumerConfig() {
        return this._bootstrapConsumerConfig;
    }

    public String getEncryptionAlgorithm() {
        return this.encryptionAlgorithm;
    }

    public String getSymmetricSignatureAlgorithm() {
        return this.symmetricSignatureAlgorithm;
    }

    public String getAlgorithmSuite() {
        return this.algorithmSuite;
    }

    public String getSCTIssuer() {
        if (this._symmetricProtectionTokenAssertion == null) {
            return null;
        }
        if (this._symmetricProtectionTokenAssertion._issuer != null && this._symmetricProtectionTokenAssertion._issuer.getAddress() != null) {
            return this._symmetricProtectionTokenAssertion._issuer.getAddress().getValue();
        }
        if (this._symmetricProtectionTokenAssertion._issuer200508 == null || this._symmetricProtectionTokenAssertion._issuer200508.getAddress() == null) {
            return null;
        }
        return this._symmetricProtectionTokenAssertion._issuer200508.getAddress().getValue();
    }

    private void mapPolicyAssertionsToProperties(boolean z, boolean z2) {
        List<PrivateCommonConfig.TokenAssertion> list;
        int indexOf;
        List<PrivateCommonConfig.TokenAssertion> list2;
        int indexOf2;
        List<PrivateCommonConfig.TokenAssertion> list3;
        int indexOf3;
        List<PrivateCommonConfig.TokenAssertion> list4;
        int indexOf4;
        Iterator<TokenGeneratorConfig> it = this._tokenGenerators.iterator();
        while (it.hasNext()) {
            PrivateGeneratorConfig.TokenGeneratorConfImpl tokenGeneratorConfImpl = (PrivateGeneratorConfig.TokenGeneratorConfImpl) it.next();
            PrivateCommonConfig.TokenAssertion tokenAssertion = null;
            if (!z && (tokenGeneratorConfImpl._type.equals(com.ibm.ws.wssecurity.common.Constants.KERBEROSV5) || tokenGeneratorConfImpl._type.equals(com.ibm.ws.wssecurity.common.Constants.KERBEROSV5_GSS))) {
                if ((this._symmetricProtectionTokenAssertion != null || this._symmetricEncryptionTokenAssertion != null) && tokenGeneratorConfImpl._usedForEncryption) {
                    tokenAssertion = this._symmetricProtectionTokenAssertion != null ? this._symmetricProtectionTokenAssertion : this._symmetricEncryptionTokenAssertion;
                }
                if ((this._symmetricProtectionTokenAssertion != null || this._symmetricSignatureTokenAssertion != null) && tokenGeneratorConfImpl._usedForSignature) {
                    tokenAssertion = this._symmetricProtectionTokenAssertion != null ? this._symmetricProtectionTokenAssertion : this._symmetricSignatureTokenAssertion;
                }
                if (tokenAssertion != null) {
                    if (tokenAssertion._requireDerivedKeys) {
                        tokenGeneratorConfImpl._properties.put(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KRB5TOKEN_USEDERIVEDKEY, "true");
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Added to Kerberos callback handler property map a property for derived keys");
                        }
                    } else {
                        tokenGeneratorConfImpl._properties.remove(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KRB5TOKEN_USEDERIVEDKEY);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Removed property for derived keys, as policy takes precendence");
                        }
                    }
                }
            } else if (z || !(tokenGeneratorConfImpl._type.equals(com.ibm.ws.wssecurity.common.Constants.UNTOKEN) || tokenGeneratorConfImpl._type.equals(com.ibm.ws.wssecurity.common.Constants.UNTOKEN_11))) {
                if ((this._symmetricProtectionTokenAssertion != null || this._symmetricEncryptionTokenAssertion != null) && tokenGeneratorConfImpl._usedForEncryption) {
                    tokenAssertion = this._symmetricProtectionTokenAssertion != null ? this._symmetricProtectionTokenAssertion : this._symmetricEncryptionTokenAssertion;
                }
                if ((this._symmetricProtectionTokenAssertion != null || this._symmetricSignatureTokenAssertion != null) && tokenGeneratorConfImpl._usedForSignature) {
                    tokenAssertion = this._symmetricProtectionTokenAssertion != null ? this._symmetricProtectionTokenAssertion : this._symmetricSignatureTokenAssertion;
                }
                if (tokenAssertion != null && tokenAssertion._requireImplicitDerivedKeys) {
                    tokenGeneratorConfImpl.getProperties().put(com.ibm.ws.wssecurity.common.Constants.REQUIRED_IMPLIED_DERIVED_KEYS, Boolean.valueOf(tokenAssertion._requireImplicitDerivedKeys));
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Added token config property for implicit derived keys");
                    }
                }
            } else if (tokenGeneratorConfImpl._aTokenAssertion != null && !tokenGeneratorConfImpl._aTokenAssertion._requirePassword && tokenGeneratorConfImpl._callbackHandler != null) {
                tokenGeneratorConfImpl._callbackHandler._properties.put(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_USE_IDASSERTION, "true");
            }
        }
        if (z) {
            return;
        }
        Iterator<String> it2 = this.nameKeyInfo.keySet().iterator();
        while (it2.hasNext()) {
            PrivateGeneratorConfig.KeyInfoContentGeneratorConfImpl keyInfoContentGeneratorConfImpl = (PrivateGeneratorConfig.KeyInfoContentGeneratorConfImpl) this.nameKeyInfo.get(it2.next());
            PrivateGeneratorConfig.TokenGeneratorConfImpl tokenGeneratorConfImpl2 = keyInfoContentGeneratorConfImpl._tokenGenerator;
            PrivateCommonConfig.TokenAssertion tokenAssertion2 = null;
            if (this._symmetricBinding) {
                if (tokenGeneratorConfImpl2._usedForEncryption) {
                    if (this._symmetricProtectionTokenAssertion != null || this._symmetricEncryptionTokenAssertion != null) {
                        tokenAssertion2 = this._symmetricProtectionTokenAssertion != null ? this._symmetricProtectionTokenAssertion : this._symmetricEncryptionTokenAssertion;
                    }
                } else if (tokenGeneratorConfImpl2._usedForSignature && (this._symmetricProtectionTokenAssertion != null || this._symmetricSignatureTokenAssertion != null)) {
                    tokenAssertion2 = this._symmetricProtectionTokenAssertion != null ? this._symmetricProtectionTokenAssertion : this._symmetricSignatureTokenAssertion;
                }
            } else if (tokenGeneratorConfImpl2._usedForEncryption) {
                if (z2) {
                    if (!this._recipientTokens.isEmpty() || !this._recipientEncryptionTokens.isEmpty()) {
                        if (this._recipientTokens.isEmpty()) {
                            list4 = this._recipientEncryptionTokens;
                            indexOf4 = this._recipientEncryptionTokenQNames.indexOf(tokenGeneratorConfImpl2._type);
                        } else {
                            list4 = this._recipientTokens;
                            indexOf4 = this._recipientTokenQNames.indexOf(tokenGeneratorConfImpl2._type);
                        }
                        if (indexOf4 >= 0) {
                            tokenAssertion2 = list4.get(indexOf4);
                        }
                    }
                } else if (!this._initiatorTokens.isEmpty() || !this._initiatorEncryptionTokens.isEmpty()) {
                    if (this._initiatorTokens.isEmpty()) {
                        list3 = this._initiatorEncryptionTokens;
                        indexOf3 = this._initiatorEncryptionTokenQNames.indexOf(tokenGeneratorConfImpl2._type);
                    } else {
                        list3 = this._initiatorTokens;
                        indexOf3 = this._initiatorTokenQNames.indexOf(tokenGeneratorConfImpl2._type);
                    }
                    if (indexOf3 >= 0) {
                        tokenAssertion2 = list3.get(indexOf3);
                    }
                }
            } else if (tokenGeneratorConfImpl2._usedForSignature) {
                if (z2) {
                    if (!this._initiatorTokens.isEmpty() || !this._initiatorSignatureTokens.isEmpty()) {
                        if (this._initiatorTokens.isEmpty()) {
                            list2 = this._initiatorSignatureTokens;
                            indexOf2 = this._initiatorSignatureTokenQNames.indexOf(tokenGeneratorConfImpl2._type);
                        } else {
                            list2 = this._initiatorTokens;
                            indexOf2 = this._initiatorTokenQNames.indexOf(tokenGeneratorConfImpl2._type);
                        }
                        if (indexOf2 >= 0) {
                            tokenAssertion2 = list2.get(indexOf2);
                        }
                    }
                } else if (!this._recipientTokens.isEmpty() || !this._recipientSignatureTokens.isEmpty()) {
                    if (this._recipientTokens.isEmpty()) {
                        list = this._recipientSignatureTokens;
                        indexOf = this._recipientSignatureTokenQNames.indexOf(tokenGeneratorConfImpl2._type);
                    } else {
                        list = this._recipientTokens;
                        indexOf = this._recipientTokenQNames.indexOf(tokenGeneratorConfImpl2._type);
                    }
                    if (indexOf >= 0) {
                        tokenAssertion2 = list.get(indexOf);
                    }
                }
            }
            if (tokenAssertion2 != null) {
                if (keyInfoContentGeneratorConfImpl._derivedKeyInfo == null) {
                    keyInfoContentGeneratorConfImpl._derivedKeyInfo = new DerivedKeyInfoConfig();
                }
                if (keyInfoContentGeneratorConfImpl._derivedKeyInfo != null) {
                    keyInfoContentGeneratorConfImpl._derivedKeyInfo.setRequireDerivedKeys(tokenAssertion2._requireDerivedKeys);
                    keyInfoContentGeneratorConfImpl._derivedKeyInfo.setRequireExplicitDerivedKeys(tokenAssertion2._requireExplicitDerivedKeys);
                    keyInfoContentGeneratorConfImpl._derivedKeyInfo.setRequireImpliedDerivedKeys(tokenAssertion2._requireImplicitDerivedKeys);
                }
                keyInfoContentGeneratorConfImpl._isRequireExternalUriReference = tokenAssertion2._requireExternalUriReference;
            }
        }
    }
}
