package com.ibm.ws.webservices.wssecurity.dsig;

import com.ibm.ws.webservices.wssecurity.Constants;
import com.ibm.ws.webservices.wssecurity.WSSConsumerComponent;
import com.ibm.ws.webservices.wssecurity.config.AlgorithmConfig;
import com.ibm.ws.webservices.wssecurity.config.ReferencePartConfig;
import com.ibm.ws.webservices.wssecurity.config.SignatureConsumerConfig;
import com.ibm.ws.webservices.wssecurity.config.SigningReferenceConfig;
import com.ibm.ws.webservices.wssecurity.config.WSSConsumerConfig;
import com.ibm.ws.webservices.wssecurity.core.ElementSelector;
import com.ibm.ws.webservices.wssecurity.dsig.VerificationResult;
import com.ibm.ws.webservices.wssecurity.keyinfo.KeyInfoResult;
import com.ibm.ws.webservices.wssecurity.token.AuthResult;
import com.ibm.ws.webservices.wssecurity.util.DOMUtil;
import com.ibm.ws.webservices.wssecurity.util.IdUtil;
import com.ibm.ws.webservices.wssecurity.util.IntegralDialectElementSelector;
import com.ibm.ws.webservices.wssecurity.util.NonceUtil;
import com.ibm.ws.wssecurity.xss4j.dsig.IDResolver;
import com.ibm.wsspi.wssecurity.SoapSecurityException;
import com.ibm.wsspi.wssecurity.auth.token.Token;
import com.ibm.xml.soapsec.Result;
import com.ibm.xml.soapsec.ResultPool;
import com.ibm.xml.soapsec.token.NonceManager;
import com.ibm.xml.soapsec.util.ConfigUtil;
import com.ibm.xml.soapsec.util.Tr;
import com.ibm.xml.soapsec.util.TraceComponent;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.xml.namespace.QName;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:wasJars/was-wssecurity.jar:com/ibm/ws/webservices/wssecurity/dsig/VerifiedPartChecker.class */
public class VerifiedPartChecker implements WSSConsumerComponent {
    private static final String comp = "security.wssecurity";
    private Map _selectors = null;
    private IDResolver _idResolver = null;
    private boolean _initialized = false;
    private static final TraceComponent tc = Tr.register(VerifiedPartChecker.class, "Web Services Security", "com.ibm.ws.webservices.wssecurity.resources.was-wssecurity");
    private static final String clsName = VerifiedPartChecker.class.getName();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:wasJars/was-wssecurity.jar:com/ibm/ws/webservices/wssecurity/dsig/VerifiedPartChecker$RequiredPart.class */
    public static class RequiredPart {
        private ReferencePartConfig _rconfig;
        private ReferencePartConfig.PartConfig _pconfig;
        private Element _element;
        private NodeList _nodeset;
        private Set _tokens;
        private boolean _isNodeset;
        private boolean _requiredTimestamp;
        private boolean _requiredNonce;
        private boolean _processed;

        RequiredPart(ReferencePartConfig referencePartConfig, ReferencePartConfig.PartConfig partConfig, Element element) {
            this._rconfig = referencePartConfig;
            this._pconfig = partConfig;
            this._element = element;
            this._nodeset = null;
            this._isNodeset = false;
            this._tokens = new HashSet();
            this._processed = false;
            this._requiredTimestamp = false;
            this._requiredNonce = false;
        }

        RequiredPart(ReferencePartConfig referencePartConfig, ReferencePartConfig.PartConfig partConfig, NodeList nodeList) {
            this._rconfig = referencePartConfig;
            this._pconfig = partConfig;
            this._element = null;
            this._nodeset = nodeList;
            this._isNodeset = true;
            this._tokens = new HashSet();
            this._processed = false;
            this._requiredTimestamp = false;
            this._requiredNonce = false;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:wasJars/was-wssecurity.jar:com/ibm/ws/webservices/wssecurity/dsig/VerifiedPartChecker$RequiredParts.class */
    public static class RequiredParts {
        private RequiredPart[] _parts;

        RequiredParts(RequiredPart[] requiredPartArr) {
            this._parts = requiredPartArr;
        }
    }

    @Override // com.ibm.ws.webservices.wssecurity.WSSComponent, com.ibm.wsspi.wssecurity.Initializable
    public void init(Map map) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "init(Map map)");
        }
        if (!this._initialized) {
            this._selectors = map;
            this._idResolver = (IdUtil) map.get(ElementSelector.IDRESOLVER);
            this._initialized = true;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "init(Map map)");
        }
    }

    @Override // com.ibm.ws.webservices.wssecurity.WSSConsumerComponent
    public void invoke(Node node, Map map) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "invoke(Node target[" + DOMUtil.getDisplayName(node) + "],Map context)");
        }
        if (node == null) {
            throw SoapSecurityException.format("security.wssecurity.VerifiedPartChecker.s05");
        }
        Object obj = map.get(Constants.WSS_VERSION);
        int i = 0;
        if (obj != null && (obj instanceof Integer)) {
            i = ((Integer) obj).intValue();
        }
        String str = Constants.NAMESPACES[0][i];
        String str2 = Constants.NAMESPACES[1][i];
        Document ownerDocument = node.getNodeType() == 9 ? (Document) node : node.getOwnerDocument();
        HashMap hashMap = new HashMap();
        Result[] resultArr = ResultPool.get(map, VerificationResult.class);
        if (resultArr != null && resultArr.length > 0) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, resultArr.length + " verified results found.");
            }
            for (Result result : resultArr) {
                VerificationResult verificationResult = (VerificationResult) result;
                hashMap.put(verificationResult._sconfig, verificationResult._copiedDOM);
            }
        }
        WSSConsumerConfig wSSConsumerConfig = (WSSConsumerConfig) map.get("com.ibm.wsspi.wssecurity.config.wssConsumer.configKey");
        NonceManager nonceManager = wSSConsumerConfig.getNonceManager();
        HashMap hashMap2 = new HashMap(map);
        hashMap2.put(NonceManager.class, nonceManager);
        hashMap2.put(ElementSelector.IDRESOLVER, this._idResolver);
        hashMap2.put(ElementSelector.CONFIG, wSSConsumerConfig.getTokenConsumers());
        Set preprocess = preprocess(ownerDocument, hashMap, wSSConsumerConfig.getRequiredIntegralParts(), wSSConsumerConfig.getSignatureConsumers(), this._selectors, hashMap2);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Processing the verified results...");
        }
        HashSet hashSet = new HashSet();
        if (resultArr != null && resultArr.length > 0) {
            for (Result result2 : resultArr) {
                VerificationResult verificationResult2 = (VerificationResult) result2;
                hashSet.clear();
                for (VerificationResult.VerifiedPart verifiedPart : verificationResult2._verifiedParts) {
                    RequiredPart relatedPart = getRelatedPart(verificationResult2, verifiedPart, preprocess, map);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "VerifiedPart [" + verifiedPart + "], RequiredPart [" + relatedPart + "]");
                    }
                    if (relatedPart != null) {
                        if (relatedPart._requiredNonce) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Checking required nonce...");
                            }
                            if (verifiedPart._nonce == null) {
                                throw SoapSecurityException.format(Constants.FAILED_CHECK, "security.wssecurity.VerifiedPartChecker.s02", relatedPart._pconfig.getKeyword());
                            }
                            NonceUtil.checkNonce(verifiedPart._nonce, str, nonceManager);
                        }
                        if (relatedPart._requiredTimestamp) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Checking required timestamp...");
                            }
                            if (verifiedPart._timestamp == null) {
                                throw SoapSecurityException.format(Constants.FAILED_CHECK, "security.wssecurity.VerifiedPartChecker.s03", relatedPart._pconfig.getKeyword());
                            }
                            NonceUtil.checkTimestamp(verifiedPart._timestamp, str2, wSSConsumerConfig.getTimestampMaxAge(), wSSConsumerConfig.getTimestampClockSkew(), false);
                        }
                        relatedPart._processed = true;
                        relatedPart._tokens.add(verificationResult2._token);
                        hashSet.add(relatedPart._rconfig);
                    }
                }
                checkCaller(verificationResult2, hashSet, wSSConsumerConfig, map);
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Checking whether all required integrity is processed...");
        }
        Iterator it = preprocess.iterator();
        while (it.hasNext()) {
            RequiredPart[] requiredPartArr = ((RequiredParts) it.next())._parts;
            for (int i2 = 0; i2 < requiredPartArr.length; i2++) {
                String usage = requiredPartArr[i2]._pconfig.getUsage();
                String keyword = requiredPartArr[i2]._pconfig.getKeyword();
                if (requiredPartArr[i2]._processed) {
                    if (ConfigUtil.isUsageRejected(usage)) {
                        throw SoapSecurityException.format(Constants.FAILED_CHECK, "security.wssecurity.VerifiedPartChecker.s04", keyword);
                    }
                } else {
                    if (ConfigUtil.isUsageRequired(usage)) {
                        throw SoapSecurityException.format(Constants.FAILED_CHECK, "security.wssecurity.VerifiedPartChecker.s01", keyword);
                    }
                    if ((ConfigUtil.isUsageOptional(usage) || ConfigUtil.isUsageObserved(usage)) && tc.isDebugEnabled()) {
                        Tr.debug(tc, "Optionally signed message part [" + keyword + "] is not signed.");
                    }
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "invoke(Node target,Map context)");
        }
    }

    private static Set preprocess(Document document, Map map, Set set, Set set2, Map map2, Map map3) throws SoapSecurityException {
        RequiredPart[] requiredPartArr;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "preprocess(Document doc[" + DOMUtil.getDisplayName(document) + "],Map docMap[" + map + "],Set requiredIntegrity[" + set + "],Set sconsumers,Map selectors,Map selectorMap)");
        }
        HashSet<RequiredParts> hashSet = new HashSet();
        HashSet<ReferencePartConfig.PartConfig> hashSet2 = new HashSet();
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        HashMap hashMap3 = new HashMap();
        Iterator it = set.iterator();
        while (it.hasNext()) {
            ReferencePartConfig referencePartConfig = (ReferencePartConfig) it.next();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Processing ReferencePartConfig [" + referencePartConfig + "]...");
            }
            HashMap hashMap4 = new HashMap(map3);
            Document necessaryInfo = setNecessaryInfo(hashMap4, set2, referencePartConfig, document, map);
            for (ReferencePartConfig.PartConfig partConfig : referencePartConfig.getParts()) {
                if (partConfig.isTimestamp() || partConfig.isNonce()) {
                    hashSet2.add(partConfig);
                    hashMap.put(partConfig, hashMap4);
                    hashMap2.put(partConfig, referencePartConfig);
                    hashMap3.put(partConfig, necessaryInfo);
                } else {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Processing PartConfig [" + partConfig + "]...");
                    }
                    String dialect = partConfig.getDialect();
                    String keyword = partConfig.getKeyword();
                    NodeList messagePart = SignatureGenerator.getMessagePart(necessaryInfo, dialect, keyword, ElementSelector.VERIFICATION_MODE, map2, IntegralDialectElementSelector.class, hashMap4);
                    if (messagePart == null || messagePart.getLength() <= 0) {
                        throw SoapSecurityException.format("security.wssecurity.SignatureGenerator.s14", dialect, keyword);
                    }
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, messagePart.getLength() + " parts found.");
                    }
                    if (messagePart instanceof PartList) {
                        requiredPartArr = new RequiredPart[]{new RequiredPart(referencePartConfig, partConfig, messagePart)};
                    } else {
                        requiredPartArr = new RequiredPart[messagePart.getLength()];
                        for (int i = 0; i < requiredPartArr.length; i++) {
                            requiredPartArr[i] = new RequiredPart(referencePartConfig, partConfig, (Element) messagePart.item(i));
                        }
                    }
                    hashSet.add(new RequiredParts(requiredPartArr));
                }
            }
        }
        for (ReferencePartConfig.PartConfig partConfig2 : hashSet2) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Processing PartConfig [" + partConfig2 + "]...");
            }
            Map map4 = (Map) hashMap.get(partConfig2);
            ReferencePartConfig referencePartConfig2 = (ReferencePartConfig) hashMap2.get(partConfig2);
            Document document2 = (Document) hashMap3.get(partConfig2);
            if (partConfig2.isTimestamp() || partConfig2.isNonce()) {
                NodeList noncePart = SignatureGenerator.getNoncePart(document2, null, partConfig2, ElementSelector.VERIFICATION_MODE, map2, IntegralDialectElementSelector.class, map4);
                if (noncePart == null || noncePart.getLength() <= 0) {
                    throw SoapSecurityException.format("security.wssecurity.SignatureGenerator.s14", partConfig2.getDialect(), partConfig2.getKeyword());
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, noncePart.getLength() + " parts found.");
                }
                boolean z = false;
                for (int i2 = 0; i2 < noncePart.getLength(); i2++) {
                    Node item = noncePart.item(i2);
                    if (item.getNodeType() == 1) {
                        Element element = (Element) item;
                        for (RequiredParts requiredParts : hashSet) {
                            int i3 = 0;
                            while (true) {
                                if (i3 < requiredParts._parts.length) {
                                    RequiredPart requiredPart = requiredParts._parts[i3];
                                    if (DOMUtil.equals(element, requiredPart._element)) {
                                        if (partConfig2.isTimestamp()) {
                                            requiredPart._requiredTimestamp = partConfig2.isTimestamp();
                                        }
                                        if (partConfig2.isNonce()) {
                                            requiredPart._requiredNonce = partConfig2.isNonce();
                                        }
                                        z = true;
                                    } else {
                                        i3++;
                                    }
                                }
                            }
                        }
                        if (!z) {
                            RequiredPart[] requiredPartArr2 = {new RequiredPart(referencePartConfig2, partConfig2, element)};
                            requiredPartArr2[0]._requiredTimestamp = partConfig2.isTimestamp();
                            requiredPartArr2[0]._requiredNonce = partConfig2.isNonce();
                            hashSet.add(new RequiredParts(requiredPartArr2));
                        }
                    }
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "preprocess(Document doc,Map docMap,Set requiredIntegrity,Set sconsumers,Map selectors,Map selectorMap) returns Set[" + hashSet + "]");
        }
        return hashSet;
    }

    private static Document setNecessaryInfo(Map map, Set set, ReferencePartConfig referencePartConfig, Document document, Map map2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setNecessaryInfo(Map selectorMap,Set sconsumers,ReferencePartConfig rconfig[" + referencePartConfig + "],Document doc[" + document + "],Map docMap)");
        }
        boolean z = false;
        String str = null;
        Document document2 = document;
        SigningReferenceConfig signingReferenceConfig = null;
        Iterator it = set.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            SignatureConsumerConfig signatureConsumerConfig = (SignatureConsumerConfig) it.next();
            Iterator it2 = signatureConsumerConfig.getReferences().iterator();
            while (true) {
                if (!it2.hasNext()) {
                    break;
                }
                signingReferenceConfig = (SigningReferenceConfig) it2.next();
                if (signingReferenceConfig.getReference().equals(referencePartConfig)) {
                    z = true;
                    break;
                }
            }
            if (z) {
                AlgorithmConfig keyInfoSignature = signatureConsumerConfig.getKeyInfoSignature();
                if (keyInfoSignature != null) {
                    str = keyInfoSignature.getAlgorithm();
                }
                Document document3 = (Document) map2.get(signatureConsumerConfig);
                if (document3 != null) {
                    document2 = document3;
                }
            }
        }
        if (str != null) {
            map.put(IntegralDialectElementSelector.KEYSIGN_TYPE, str);
        } else {
            map.remove(IntegralDialectElementSelector.KEYSIGN_TYPE);
        }
        SignatureGenerator.prepareTransform(signingReferenceConfig, map);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setNecessaryInfo(Map selectorMap,Set sconsumers,ReferencePartConfig rconfig,Docoment doc,Map docMap)");
        }
        return document2;
    }

    /* JADX WARN: Code restructure failed: missing block: B:104:0x02be, code lost:
    
        r12 = r0[r16];
     */
    /* JADX WARN: Code restructure failed: missing block: B:109:0x0285, code lost:
    
        r12 = r0[r16];
     */
    /* JADX WARN: Code restructure failed: missing block: B:86:0x0254, code lost:
    
        r12 = r0[r16];
     */
    /* JADX WARN: Code restructure failed: missing block: B:91:0x021b, code lost:
    
        r12 = r0[r16];
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static com.ibm.ws.webservices.wssecurity.dsig.VerifiedPartChecker.RequiredPart getRelatedPart(com.ibm.ws.webservices.wssecurity.dsig.VerificationResult r5, com.ibm.ws.webservices.wssecurity.dsig.VerificationResult.VerifiedPart r6, java.util.Set r7, java.util.Map r8) throws com.ibm.wsspi.wssecurity.SoapSecurityException {
        /*
            Method dump skipped, instructions count: 792
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ws.webservices.wssecurity.dsig.VerifiedPartChecker.getRelatedPart(com.ibm.ws.webservices.wssecurity.dsig.VerificationResult, com.ibm.ws.webservices.wssecurity.dsig.VerificationResult$VerifiedPart, java.util.Set, java.util.Map):com.ibm.ws.webservices.wssecurity.dsig.VerifiedPartChecker$RequiredPart");
    }

    private static boolean hasSameUri(Element element, Element element2) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "hasSameUri(Element rpart[" + DOMUtil.getDisplayName(element) + "],Element vpart[" + DOMUtil.getDisplayName(element2) + "])");
        }
        boolean z = false;
        String id = IdUtil.getInstance().getId(element);
        String id2 = IdUtil.getInstance().getId(element2);
        if (id != null && id.length() > 0 && id2 != null && id2.length() > 0 && id.equals(id2)) {
            z = true;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "hasSameUri(Element rpart,Element vpart) returns boolean[" + z + "]");
        }
        return z;
    }

    private static void checkCaller(VerificationResult verificationResult, Set set, WSSConsumerConfig wSSConsumerConfig, Map map) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkCaller(VerificationResult vresult[" + verificationResult + "],Set rpconfigs[" + set + "],WSSConsumerConfig gconfig,Map context)");
        }
        Set<WSSConsumerConfig.CallerConfig> callers = wSSConsumerConfig.getCallers();
        boolean z = true;
        if (callers != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, callers.size() + " Callers found, so start to process it...");
            }
            if (verificationResult._token != null) {
                boolean isTrusted = verificationResult._token.isTrusted();
                for (WSSConsumerConfig.CallerConfig callerConfig : callers) {
                    if (!isTrusted) {
                        QName tokenType = callerConfig.getTokenType();
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Checking the value type of the caller[" + tokenType + "]");
                        }
                        if (tokenType != null && !tokenType.equals(verificationResult._token.getType())) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "The value types are different: Caller config[" + tokenType + "] and verified result[" + verificationResult._token.getType() + "]");
                            }
                            z = false;
                        }
                        if (z) {
                            ReferencePartConfig part = callerConfig.getPart();
                            if (part == null) {
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "ReferencePart of Caller Config is null.");
                                }
                            } else if (part.isOneOfIntegralParts()) {
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "Checking the part of Caller config[" + part + "]");
                                }
                                if (set.contains(part)) {
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "Linked the token[" + verificationResult._token + "] and the Caller[" + callerConfig + "].");
                                    }
                                    ResultPool.add(map, new AuthResult(verificationResult._token, callerConfig));
                                }
                            } else if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "ReferencePart of Caller Config is not integral part.");
                            }
                        }
                    }
                    z = true;
                    WSSConsumerConfig.CallerConfig trustMethod = callerConfig.getTrustMethod();
                    if (trustMethod != null && isTrusted) {
                        QName tokenType2 = trustMethod.getTokenType();
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Checking the value type of the TrustMethod[" + tokenType2 + "]");
                        }
                        if (tokenType2 != null && !tokenType2.equals(verificationResult._token.getType())) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "The value types are different: TrustMethod Config[" + tokenType2 + "] and Verified Result[" + verificationResult._token.getType() + "]");
                            }
                            z = false;
                        }
                        if (z) {
                            ReferencePartConfig part2 = trustMethod.getPart();
                            if (part2 == null) {
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "ReferencePart of TrustMethod Config is null.");
                                }
                            } else if (part2.isOneOfIntegralParts()) {
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "Checking the ReferencePart config[" + part2 + "]");
                                }
                                if (set.contains(part2)) {
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "Linked the token[" + verificationResult._token + "] and the TrustMethod[" + trustMethod + "].");
                                    }
                                    ResultPool.add(map, new AuthResult(verificationResult._token, trustMethod));
                                }
                            } else if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "ReferencePart of TrustMethod Config is not integral part.");
                            }
                        }
                    }
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "The token used for signature verification not found...");
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "checkCaller(VerificationResult vresult,Set rpconfigs,WSSConsumerConfig gconfig,Map context)");
        }
    }

    private static SoapSecurityException checkBinding(Set set, VerificationResult verificationResult) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkBinding(Set bindings[" + set + "],VerificationResult vresult[" + verificationResult + "])");
        }
        SoapSecurityException soapSecurityException = null;
        boolean contains = set.contains(verificationResult._sconfig);
        if (!contains) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "The configuration of signature consumer used for verification was NOT found in the bindings.");
            }
            Iterator it = set.iterator();
            while (!contains && it.hasNext()) {
                SignatureConsumerConfig signatureConsumerConfig = (SignatureConsumerConfig) it.next();
                Iterator it2 = signatureConsumerConfig.getReferences().iterator();
                while (true) {
                    if (!contains && it2.hasNext()) {
                        KeyInfoResult keyInfoResult = (KeyInfoResult) verificationResult._identities.get(new VerifiedConfig(signatureConsumerConfig, (SigningReferenceConfig) it2.next()));
                        if (keyInfoResult != null) {
                            Exception error = keyInfoResult.getError();
                            if (error == null) {
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "The keyinfo result has no exception.");
                                }
                                Token token = (Token) verificationResult._kresults.get(keyInfoResult);
                                if (token == null) {
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "There is no token corresponding to the keyinfo result.");
                                    }
                                } else if (token.getError() == null) {
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "The token [" + token + "] has no exception.");
                                    }
                                    contains = true;
                                } else {
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "The token [" + token + "] has the exception [" + error.getMessage() + "].");
                                    }
                                    soapSecurityException = token.getError();
                                }
                            } else {
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "The keyinfo result has the exception [" + error.getMessage() + "].");
                                }
                                soapSecurityException = error instanceof SoapSecurityException ? (SoapSecurityException) error : SoapSecurityException.format("security.wssecurity.KeyInfoConsumer.getKey04", error);
                            }
                        } else if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "There is no keyinfo result corresponding to the SigningReferenceConfig.");
                        }
                    }
                }
            }
            if (contains) {
                soapSecurityException = null;
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "The configuration of signature consumer used for verification was found in the bindings.");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "checkBinding(Set bindings,VerificationResult vresult) returns SoapSecurityException[" + (soapSecurityException == null ? "null" : soapSecurityException.toString()) + "]");
        }
        return soapSecurityException;
    }
}
