package com.ibm.wsspi.wssecurity.keyinfo;

import com.ibm.ws.webservices.wssecurity.keyinfo.WSSKeyInfoComponent;
import com.ibm.ws.webservices.wssecurity.token.TokenManager;
import com.ibm.ws.webservices.wssecurity.util.ConfigConstants;
import com.ibm.ws.webservices.wssecurity.util.NamespaceUtil;
import com.ibm.ws.wssecurity.xss4j.AlgorithmFactory;
import com.ibm.ws.wssecurity.xss4j.dsig.KeyInfo;
import com.ibm.ws.wssecurity.xss4j.dsig.util.Base64;
import com.ibm.wsspi.wssecurity.Constants;
import com.ibm.wsspi.wssecurity.SoapSecurityException;
import com.ibm.wsspi.wssecurity.auth.token.Token;
import com.ibm.wsspi.wssecurity.auth.token.X509BSToken;
import com.ibm.wsspi.wssecurity.config.KeyLocatorConfig;
import com.ibm.wsspi.wssecurity.config.TokenConsumerConfig;
import com.ibm.xml.soapsec.util.ConfigUtil;
import com.ibm.xml.soapsec.util.Hex;
import com.ibm.xml.soapsec.util.Tr;
import com.ibm.xml.soapsec.util.TraceComponent;
import java.security.InvalidAlgorithmParameterException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.X509Certificate;
import java.security.spec.AlgorithmParameterSpec;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import javax.xml.namespace.QName;

/* loaded from: input_file:com.ibm.ws.admin.client_7.0.0.jar:com/ibm/wsspi/wssecurity/keyinfo/KeyStoreKeyLocator.class */
public class KeyStoreKeyLocator implements KeyLocator {
    private static final String comp = "security.wssecurity";
    private static final int ITSHA1_OCTETS = 20;
    private static final int IT60SHA1_OCTETS = 8;
    private static final String OID_KEYIDENTIFIER = "2.5.29.14";
    private static final byte BER_SEQUENCE = 48;
    private static final byte BER_BITSTRING = 3;
    private static final long DAYS_IN_MS = 86400000;
    private static final long DEFAULT_DAYS_IN_MS_BEFORE_EXPIRE_WARNING = 5184000000L;
    private KeyLocatorConfig _config = null;
    private long _daysInMSBeforeExpireWarning = DEFAULT_DAYS_IN_MS_BEFORE_EXPIRE_WARNING;
    protected final Map _keylist = new HashMap();
    private final Map _b64KeyId2KeyName = new HashMap();
    private final Map _b64KeyId602KeyName = new HashMap();
    private final Map _hexKeyId2KeyName = new HashMap();
    private final Map _hexKeyId602KeyName = new HashMap();
    private final Map _subject2KeyName = new HashMap();
    private final Map _issuer2KeyName = new HashMap();
    private final Map _cert2KeyName = new HashMap();
    protected volatile boolean _initialized = false;
    private static final int STATUS_OK = 0;
    private static final int STATUS_CERT_ERROR = 1;
    private static final int STATUS_KEYID_ERROR = 2;
    private static final int STATUS_KEY_ERROR = 4;
    private static final TraceComponent tc = Tr.register(KeyStoreKeyLocator.class, ConfigConstants.TR_GROUP, ConfigConstants.TR_NLSPROPS);
    private static final String clsName = KeyStoreKeyLocator.class.getName();

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:com.ibm.ws.admin.client_7.0.0.jar:com/ibm/wsspi/wssecurity/keyinfo/KeyStoreKeyLocator$KeyInformation.class */
    public static class KeyInformation {
        private String _kspath;
        private String _alias;
        private String _name;
        private Key _publicOrSecretKey;
        private Key _privateOrSecretKey;
        private Certificate _certificate;
        private String _subjectDN;
        private String _encSubjectDN;
        private String _issuerDN;
        private String _encIssuerDN;
        private String _issuerSerial;
        private String _b64KeyId;
        private String _b64KeyId60;
        private String _hexKeyId;
        private String _hexKeyId60;
        private int _status;
        private long _expiration;
        private long _daysInMSBeforeExpireWarning;
        private String _errorMes;

        protected KeyInformation(String str, String str2, String str3, Key key, Key key2, Certificate certificate, String str4, String str5, String str6, String str7, String str8, String str9, String str10, String str11, String str12, int i, long j, long j2, String str13) {
            this._kspath = str;
            this._alias = str2;
            this._name = str3;
            this._publicOrSecretKey = key;
            this._privateOrSecretKey = key2;
            this._certificate = certificate;
            this._subjectDN = str4;
            this._encSubjectDN = str5;
            this._issuerDN = str6;
            this._encIssuerDN = str7;
            this._issuerSerial = str8;
            this._b64KeyId = str9;
            this._b64KeyId60 = str10;
            this._hexKeyId = str11;
            this._hexKeyId60 = str12;
            this._status = i;
            this._expiration = j;
            this._daysInMSBeforeExpireWarning = j2;
            this._errorMes = str13;
        }

        protected String getName() {
            return this._name;
        }

        protected Key getPublicOrSecretKey() throws SoapSecurityException {
            if ((this._status & 1) == 1) {
                throw new SoapSecurityException(this._errorMes);
            }
            checkExpiration();
            return this._publicOrSecretKey;
        }

        /* JADX INFO: Access modifiers changed from: protected */
        public Key getPrivateOrSecretKey() throws SoapSecurityException {
            if ((this._status & 1) == 1 || (this._status & 4) == 4) {
                throw new SoapSecurityException(this._errorMes);
            }
            checkExpiration();
            return this._privateOrSecretKey;
        }

        protected Certificate getCertificate() throws SoapSecurityException {
            if ((this._status & 1) == 1) {
                throw new SoapSecurityException(this._errorMes);
            }
            checkExpiration();
            return this._certificate;
        }

        protected String getSubjectDN() throws SoapSecurityException {
            if ((this._status & 1) == 1) {
                throw new SoapSecurityException(this._errorMes);
            }
            checkExpiration();
            return this._encSubjectDN;
        }

        protected String getIssuerDN() throws SoapSecurityException {
            if ((this._status & 1) == 1) {
                throw new SoapSecurityException(this._errorMes);
            }
            checkExpiration();
            return this._encIssuerDN;
        }

        protected String getIssuerSerial() throws SoapSecurityException {
            if ((this._status & 1) == 1) {
                throw new SoapSecurityException(this._errorMes);
            }
            checkExpiration();
            return this._issuerSerial;
        }

        protected String getB64KeyId() throws SoapSecurityException {
            if ((this._status & 1) == 1 || (this._status & 2) == 4) {
                throw new SoapSecurityException(this._errorMes);
            }
            checkExpiration();
            return this._b64KeyId;
        }

        protected String getB64KeyId60() throws SoapSecurityException {
            if ((this._status & 1) == 1 || (this._status & 2) == 4) {
                throw new SoapSecurityException(this._errorMes);
            }
            checkExpiration();
            return this._b64KeyId60;
        }

        protected String getHexKeyId() throws SoapSecurityException {
            if ((this._status & 1) == 1 || (this._status & 2) == 4) {
                throw new SoapSecurityException(this._errorMes);
            }
            checkExpiration();
            return this._hexKeyId;
        }

        protected String getHexKeyId60() throws SoapSecurityException {
            if ((this._status & 1) == 1 || (this._status & 2) == 4) {
                throw new SoapSecurityException(this._errorMes);
            }
            checkExpiration();
            return this._hexKeyId60;
        }

        private void checkExpiration() throws SoapSecurityException {
            if (this._expiration >= 0) {
                long currentTimeMillis = this._expiration - System.currentTimeMillis();
                if (currentTimeMillis < 0) {
                    this._status++;
                    this._errorMes = ConfigUtil.getMessage("security.wssecurity.WSEC5181E", new String[]{this._subjectDN, this._alias, this._kspath, "expiration time - current system time = " + currentTimeMillis + " ms."});
                    throw new SoapSecurityException(this._errorMes);
                }
                if (currentTimeMillis < this._daysInMSBeforeExpireWarning) {
                    Tr.warning(KeyStoreKeyLocator.tc, "security.wssecurity.WSEC5189W", new Object[]{this._subjectDN, this._alias, this._kspath, new Long(currentTimeMillis / 86400000)});
                }
            }
        }

        public String toString() {
            StringBuffer append = new StringBuffer(getClass().getName()).append("(");
            append.append("keystorePath=[").append(this._kspath).append("], ");
            append.append("alias=[").append(this._alias).append("], ");
            append.append("name=[").append(this._name).append("], ");
            append.append("status=[").append(this._status).append("], ");
            append.append(")");
            return append.toString();
        }
    }

    @Override // com.ibm.ws.webservices.wssecurity.WSSComponent, com.ibm.wsspi.wssecurity.Initializable
    public void init(Map map) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "init(Map map)");
        }
        this._config = (KeyLocatorConfig) map.get(KeyLocatorConfig.CONFIG_KEY);
        if (this._config.getProperties() != null) {
            String trim = ConfigUtil.trim((String) this._config.getProperties().get(Constants.WSSECURITY_DAYS_BEFORE_EXPIRE_WARNING_KEYS));
            if (trim != null && trim.length() > 0) {
                try {
                    this._daysInMSBeforeExpireWarning = Long.parseLong(trim) * 86400000;
                } catch (NumberFormatException e) {
                    Tr.processException(e, clsName + ".init", "148", this);
                    Tr.warning(tc, "security.wssecurity.WSEC5190W", new Object[]{Constants.WSSECURITY_DAYS_BEFORE_EXPIRE_WARNING_KEYS, trim, new Long(60L)});
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "No value define for: " + Constants.WSSECURITY_DAYS_BEFORE_EXPIRE_WARNING_KEYS);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "init(Map map)");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public synchronized void doInit() throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "doInit()");
        }
        if (this._initialized) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "doInit()");
                return;
            }
            return;
        }
        KeyLocatorConfig.KeyStoreConfig keyStore = this._config.getKeyStore();
        Set<KeyLocatorConfig.KeyInformationConfig> keyInformationList = this._config.getKeyInformationList();
        if (keyStore != null && keyInformationList != null) {
            KeyStore loadKeyStore = loadKeyStore(keyStore);
            for (KeyLocatorConfig.KeyInformationConfig keyInformationConfig : keyInformationList) {
                try {
                    String encodeDName = KeyInfo.X509Data.encodeDName(keyInformationConfig.getName());
                    if (encodeDName == null || encodeDName.length() == 0) {
                        encodeDName = keyInformationConfig.getName();
                    }
                    Certificate certificate = loadKeyStore.getCertificate(keyInformationConfig.getAlias());
                    String str = null;
                    String str2 = null;
                    String str3 = null;
                    String str4 = null;
                    PublicKey publicKey = null;
                    PublicKey publicKey2 = null;
                    int i = 0;
                    String str5 = null;
                    if (certificate != null && (certificate instanceof X509Certificate)) {
                        X509Certificate x509Certificate = (X509Certificate) certificate;
                        this._cert2KeyName.put(certificate, encodeDName);
                        String name = x509Certificate.getSubjectDN().getName();
                        String encodeDName2 = KeyInfo.X509Data.encodeDName(name);
                        this._subject2KeyName.put(encodeDName2, encodeDName);
                        String name2 = x509Certificate.getIssuerDN().getName();
                        String encodeDName3 = KeyInfo.X509Data.encodeDName(name2);
                        String bigInteger = x509Certificate.getSerialNumber().toString();
                        this._issuer2KeyName.put(encodeDName3 + ":" + bigInteger, encodeDName);
                        try {
                            x509Certificate.checkValidity();
                        } catch (CertificateExpiredException e) {
                            i = 0 + 1;
                            Tr.processException(e, clsName + ".doInit", "220", this);
                            Tr.error(tc, "security.wssecurity.WSEC5181E", new Object[]{name, keyInformationConfig.getAlias(), keyStore.getPath(), e});
                            str5 = ConfigUtil.getMessage("security.wssecurity.WSEC5181E", new String[]{name, keyInformationConfig.getAlias(), keyStore.getPath(), e.getClass().getName() + ": " + e.getMessage()});
                        } catch (CertificateException e2) {
                            i = 0 + 1;
                            Tr.processException(e2, clsName + ".doInit", "227", this);
                            Tr.error(tc, "security.wssecurity.WSEC5182E", new Object[]{name, keyInformationConfig.getAlias(), keyStore.getPath(), e2});
                            str5 = ConfigUtil.getMessage("security.wssecurity.WSEC5182E", new String[]{name, keyInformationConfig.getAlias(), keyStore.getPath(), e2.getClass().getName() + ": " + e2.getMessage()});
                        }
                        long time = x509Certificate.getNotAfter().getTime();
                        if (str5 == null && time - System.currentTimeMillis() < this._daysInMSBeforeExpireWarning) {
                            Tr.warning(tc, "security.wssecurity.WSEC5189W", new Object[]{name, keyInformationConfig.getAlias(), keyStore.getPath(), new Long((time - System.currentTimeMillis()) / 86400000)});
                        }
                        if (i == 0) {
                            try {
                                try {
                                    byte[] makeIdentifier = makeIdentifier(certificate, null);
                                    str = Base64.encode(makeIdentifier);
                                    this._b64KeyId2KeyName.put(str, encodeDName);
                                    str3 = Hex.encode(makeIdentifier);
                                    this._hexKeyId2KeyName.put(str3, encodeDName);
                                    byte[] makeIdentifier2 = makeIdentifier(certificate, com.ibm.ws.webservices.wssecurity.Constants.IT60SHA1);
                                    str2 = Base64.encode(makeIdentifier2);
                                    this._b64KeyId602KeyName.put(str2, encodeDName);
                                    str4 = Hex.encode(makeIdentifier2);
                                    this._hexKeyId602KeyName.put(str4, encodeDName);
                                } catch (Exception e3) {
                                    i += 2;
                                    Tr.processException(e3, clsName + ".doInit", "268", this);
                                    Tr.error(tc, "security.wssecurity.KeyStoreKeyLocator.generateIdentifier01", new Object[]{e3});
                                    str5 = ConfigUtil.getMessage("security.wssecurity.KeyStoreKeyLocator.generateIdentifier01") + ":" + e3.getClass().getName() + ": " + e3.getMessage();
                                }
                            } catch (InvalidAlgorithmParameterException e4) {
                                i += 2;
                                Tr.processException(e4, clsName + ".doInit", "262", this);
                                Tr.error(tc, "security.wssecurity.KeyStoreKeyLocator.generateIdentifier01", new Object[]{e4});
                                str5 = ConfigUtil.getMessage("security.wssecurity.KeyStoreKeyLocator.generateIdentifier01") + ":" + e4.getClass().getName() + ": " + e4.getMessage();
                            } catch (NoSuchAlgorithmException e5) {
                                i += 2;
                                Tr.processException(e5, clsName + ".doInit", "256", this);
                                Tr.error(tc, "security.wssecurity.KeyStoreKeyLocator.generateIdentifier01", new Object[]{e5});
                                str5 = ConfigUtil.getMessage("security.wssecurity.KeyStoreKeyLocator.generateIdentifier01") + ": " + e5.getClass().getName() + ": " + e5.getMessage();
                            }
                            publicKey = certificate.getPublicKey();
                            if (keyInformationConfig.getKeyPass() != null) {
                                try {
                                    try {
                                        publicKey2 = loadKeyStore.getKey(keyInformationConfig.getAlias(), keyInformationConfig.getKeyPass().toCharArray());
                                        if (publicKey2 == null && tc.isDebugEnabled()) {
                                            Tr.debug(tc, "The key with alias \"" + keyInformationConfig.getAlias() + "\" of keystore \"" + keyStore.getPath() + "\" is not key entry.");
                                            Tr.debug(tc, "Or alias \"" + keyInformationConfig.getAlias() + "\" is not found in keystore \"" + keyStore.getPath() + "\".");
                                        }
                                    } catch (NoSuchAlgorithmException e6) {
                                        i += 4;
                                        Tr.processException(e6, clsName + ".doInit", "286", this);
                                        Tr.error(tc, "security.wssecurity.WSEC5183E", new Object[]{keyInformationConfig.getAlias(), keyStore.getPath(), e6});
                                        str5 = ConfigUtil.getMessage("security.wssecurity.WSEC5183E", new String[]{keyInformationConfig.getAlias(), keyStore.getPath(), e6.getClass().getName() + ": " + e6.getMessage()});
                                    }
                                } catch (UnrecoverableKeyException e7) {
                                    i += 4;
                                    Tr.processException(e7, clsName + ".doInit", "293", this);
                                    Tr.error(tc, "security.wssecurity.WSEC5184E", new Object[]{keyInformationConfig.getAlias(), keyStore.getPath(), e7});
                                    str5 = ConfigUtil.getMessage("security.wssecurity.WSEC5184E", new String[]{keyInformationConfig.getAlias(), keyStore.getPath(), e7.getClass().getName() + ": " + e7.getMessage()});
                                }
                            }
                        }
                        this._keylist.put(encodeDName, new KeyInformation(keyStore.getPath(), keyInformationConfig.getAlias(), keyInformationConfig.getName(), publicKey, publicKey2, certificate, name, encodeDName2, name2, encodeDName3, bigInteger, str, str2, str3, str4, i, time, this._daysInMSBeforeExpireWarning, str5));
                    } else if (keyInformationConfig.getKeyPass() != null) {
                        String str6 = encodeDName;
                        String encodeDName4 = KeyInfo.X509Data.encodeDName(str6);
                        if (encodeDName4 == null || encodeDName4.length() == 0) {
                            encodeDName4 = str6;
                        }
                        this._subject2KeyName.put(encodeDName4, encodeDName);
                        try {
                            publicKey2 = loadKeyStore.getKey(keyInformationConfig.getAlias(), keyInformationConfig.getKeyPass().toCharArray());
                            publicKey = publicKey2;
                        } catch (NoSuchAlgorithmException e8) {
                            i = 0 + 4;
                            Tr.processException(e8, clsName + ".doInit", "323", this);
                            Tr.error(tc, "security.wssecurity.WSEC5183E", new Object[]{keyInformationConfig.getAlias(), keyStore.getPath(), e8});
                            str5 = ConfigUtil.getMessage("security.wssecurity.WSEC5183E", new String[]{keyInformationConfig.getAlias(), keyStore.getPath(), e8.getMessage()});
                        } catch (UnrecoverableKeyException e9) {
                            i = 4;
                            Tr.processException(e9, clsName + ".init", "329", this);
                            Tr.error(tc, "security.wssecurity.WSEC5184E", new Object[]{keyInformationConfig.getAlias(), keyStore.getPath(), e9});
                            str5 = ConfigUtil.getMessage("security.wssecurity.WSEC5184E", new String[]{keyInformationConfig.getAlias(), keyStore.getPath(), e9.getMessage()});
                        }
                        this._keylist.put(encodeDName, new KeyInformation(keyStore.getPath(), keyInformationConfig.getAlias(), keyInformationConfig.getName(), publicKey, publicKey2, certificate, str6, encodeDName4, null, null, null, null, null, null, null, i, -1L, this._daysInMSBeforeExpireWarning, str5));
                    }
                } catch (KeyStoreException e10) {
                    Tr.processException(e10, clsName + ".init", "345", this);
                    Tr.error(tc, "security.wssecurity.KeyStoreKeyLocator.exception", new Object[]{keyStore.getPath(), e10});
                    throw new SoapSecurityException(e10);
                }
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "KeyLocatorConfig [" + this._config + "], KeyInformationList [" + this._keylist + "].");
        }
        this._initialized = true;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "doInit()");
        }
    }

    private static KeyStore loadKeyStore(KeyLocatorConfig.KeyStoreConfig keyStoreConfig) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "loadKeyStore(KeyStoreConfig config)");
        }
        KeyStore keyStore = null;
        String type = keyStoreConfig.getType();
        String path = keyStoreConfig.getPath();
        String password = keyStoreConfig.getPassword();
        String ksRef = keyStoreConfig.getKsRef();
        if (ksRef != null && ksRef.length() != 0) {
            keyStore = ConfigUtil.getKeyStore(ksRef);
        } else if (type != null && path != null && password != null) {
            keyStore = ConfigUtil.getKeyStore(type, path, password.toCharArray());
        }
        if (keyStore == null) {
            throw SoapSecurityException.format("security.wssecurity.KeyStoreKeyLocator.loadKeyStore01");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "loadKeyStore(KeyStoreConfig config) returns KeyStore[" + keyStore + "]");
        }
        return keyStore;
    }

    @Override // com.ibm.wsspi.wssecurity.keyinfo.KeyLocator
    public Key getKey(Map map, Map map2) throws SoapSecurityException {
        boolean isKeyInfoKeyname;
        boolean isKeyInfoKeyid;
        boolean isKeyInfoStrref;
        boolean isKeyInfoEmb;
        boolean isKeyInfoX509issuer;
        boolean equals;
        boolean equals2;
        boolean equals3;
        boolean equals4;
        Key decryptingKey;
        String encodeDName;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getKey(Map type,Map context)");
        }
        if (!this._initialized) {
            doInit();
        }
        String str = (String) map.get(Constants.WSSECURITY_KEYINFO_TYPE);
        if (str == null) {
            isKeyInfoX509issuer = false;
            isKeyInfoEmb = false;
            isKeyInfoStrref = false;
            isKeyInfoKeyid = false;
            isKeyInfoKeyname = false;
        } else {
            isKeyInfoKeyname = ConfigUtil.isKeyInfoKeyname(str);
            isKeyInfoKeyid = ConfigUtil.isKeyInfoKeyid(str);
            isKeyInfoStrref = ConfigUtil.isKeyInfoStrref(str);
            isKeyInfoEmb = ConfigUtil.isKeyInfoEmb(str);
            isKeyInfoX509issuer = ConfigUtil.isKeyInfoX509issuer(str);
        }
        String str2 = (String) map.get(Constants.WSSECURITY_KEY_TYPE);
        if (str2 == null) {
            equals4 = false;
            equals3 = false;
            equals2 = false;
            equals = false;
        } else {
            equals = WSSKeyInfoComponent.KEY_SIGNING.equals(str2);
            equals2 = WSSKeyInfoComponent.KEY_VERIFYING.equals(str2);
            equals3 = WSSKeyInfoComponent.KEY_ENCRYPTING.equals(str2);
            equals4 = WSSKeyInfoComponent.KEY_DECRYPTING.equals(str2);
        }
        String str3 = (String) map.get(Constants.WSSECURITY_KEY_NAMEREF);
        if (str3 != null && (encodeDName = KeyInfo.X509Data.encodeDName(str3)) != null && encodeDName.length() > 0) {
            str3 = encodeDName;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "KeyInfoType [" + str + "].");
            Tr.debug(tc, "KeyInfoType: isKeyName, isKeyId, isStrref, isEmb, isX509: " + isKeyInfoKeyname + ", " + isKeyInfoKeyid + ", " + isKeyInfoStrref + ", " + isKeyInfoEmb + ", " + isKeyInfoX509issuer + ".");
            Tr.debug(tc, "KeyType [" + str2 + "].");
            Tr.debug(tc, "keyType: isSigning, isVerifying, isEncrypting, isDecrypting: " + equals + ", " + equals2 + ", " + equals3 + ", " + equals4 + ".");
            Tr.debug(tc, "Reference name of a key [" + str3 + "].");
        }
        if (equals) {
            if (str3 == null) {
                throw SoapSecurityException.format("security.wssecurity.KeyStoreKeyLocator.getKey01");
            }
            decryptingKey = getSigningKey(str3, isKeyInfoKeyname, isKeyInfoKeyid, isKeyInfoStrref, isKeyInfoEmb, isKeyInfoX509issuer, map, map2);
        } else if (equals2) {
            decryptingKey = getVerifyingKey(isKeyInfoKeyname, isKeyInfoKeyid, isKeyInfoStrref, isKeyInfoEmb, isKeyInfoX509issuer, map, map2);
        } else if (equals3) {
            if (str3 == null) {
                throw SoapSecurityException.format("security.wssecurity.KeyStoreKeyLocator.getKey01");
            }
            decryptingKey = getEncryptingKey(str3, isKeyInfoKeyname, isKeyInfoKeyid, isKeyInfoStrref, isKeyInfoEmb, isKeyInfoX509issuer, map, map2);
        } else {
            if (!equals4) {
                throw SoapSecurityException.format("security.wssecurity.KeyStoreKeyLocator.getKey02", str2);
            }
            decryptingKey = getDecryptingKey(isKeyInfoKeyname, isKeyInfoKeyid, isKeyInfoStrref, isKeyInfoEmb, isKeyInfoX509issuer, map, map2);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getKey(Map type,Map context) returns Key[" + decryptingKey + "]");
        }
        return decryptingKey;
    }

    private Key getSigningKey(String str, boolean z, boolean z2, boolean z3, boolean z4, boolean z5, Map map, Map map2) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSigningKey(String  keyNameRef[" + str + "],boolean isKeyName[" + z + "],boolean isKeyId[" + z2 + "],boolean isStrref[" + z3 + "],boolean isEmb[" + z4 + "],boolean isX509[" + z5 + "],Map type,Map context)");
        }
        Token token = getToken(z, z2, z3, z4, z5, map, map2);
        KeyInformation keyInformation = (KeyInformation) this._keylist.get(str);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Key information [" + keyInformation + "]");
        }
        if (keyInformation == null) {
            if (str != null) {
                throw SoapSecurityException.format("security.wssecurity.KeyStoreKeyLocator.getPrivateKey02", str);
            }
            throw SoapSecurityException.format("security.wssecurity.KeyStoreKeyLocator.getPrivateKey03");
        }
        Key privateOrSecretKey = keyInformation.getPrivateOrSecretKey();
        if (privateOrSecretKey == null) {
            throw SoapSecurityException.format("security.wssecurity.KeyStoreKeyLocator.getPrivateKey01");
        }
        if (token == null) {
            setInfo(z, z2, z3, z4, z5, keyInformation, map2);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getSigningKey(String knameRef,boolean isKeyName,boolean isKeyId,boolean isStrref,boolean isEmb,boolean isX509,Map type,Map context) returns Key[" + privateOrSecretKey + "]");
        }
        return privateOrSecretKey;
    }

    private Key getVerifyingKey(boolean z, boolean z2, boolean z3, boolean z4, boolean z5, Map map, Map map2) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getVerifyingKey(boolean isKeyName[" + z + "],boolean isKeyId[" + z2 + "],boolean isStrref[" + z3 + "],boolean isEmb[" + z4 + "],boolean isX509[" + z5 + "],Map type,Map context)");
        }
        TokenConsumerConfig tokenConsumerConfig = (TokenConsumerConfig) map.remove(Constants.WSSECURITY_KEYINFO_TOKEN_REFERENCE);
        Key key = (Key) map2.remove(getClass());
        if (key == null) {
            KeyInformation info = getInfo(tokenConsumerConfig, z, z2, z3, z4, z5, map, map2);
            key = info.getPublicOrSecretKey();
            map2.put(X509BSToken.CERT_INFO, info.getCertificate());
            if (info.getCertificate() != null) {
                map2.put(key, info.getCertificate());
                if (tc.isEntryEnabled()) {
                    Tr.debug(tc, "(key, certificate) from kinfo put in context");
                }
            }
            map2.put(getClass(), key);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getVerifyingKey(boolean isKeyName,boolean isKeyId,boolean isStrref,boolean isEmb,boolean isX509,Map type,Map context) returns Key[" + key + "]");
        }
        return key;
    }

    private Key getEncryptingKey(String str, boolean z, boolean z2, boolean z3, boolean z4, boolean z5, Map map, Map map2) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getEncryptingKey(String knameRef[" + str + "],boolean isKeyName[" + z + "],boolean isKeyId[" + z2 + "],boolean isStrref[" + z3 + "],boolean isEmb[" + z4 + "],boolean isX509[" + z5 + "],Map type,Map context)");
        }
        Token token = getToken(z, z2, z3, z4, z5, map, map2);
        KeyInformation keyInformation = (KeyInformation) this._keylist.get(str);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Key information [" + keyInformation + "]");
        }
        if (keyInformation == null) {
            if (str != null) {
                throw SoapSecurityException.format("security.wssecurity.KeyStoreKeyLocator.getPrivateKey02", str);
            }
            throw SoapSecurityException.format("security.wssecurity.KeyStoreKeyLocator.getPrivateKey03");
        }
        Key publicOrSecretKey = keyInformation.getPublicOrSecretKey();
        if (publicOrSecretKey == null) {
            throw SoapSecurityException.format("security.wssecurity.KeyStoreKeyLocator.getPrivateKey01");
        }
        Certificate certificate = null;
        if (token == null) {
            setInfo(z, z2, z3, z4, z5, keyInformation, map2);
        } else if (token instanceof X509BSToken) {
            certificate = ((X509BSToken) token).getCert();
        }
        if (certificate == null) {
            certificate = keyInformation.getCertificate();
        }
        if (certificate != null) {
            map2.put(publicOrSecretKey, certificate);
            if (tc.isEntryEnabled()) {
                Tr.debug(tc, "(key, certificate) put in context");
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getEncryptingKey(String knameRef,boolean isKeyName,boolean isKeyId,boolean isStrref,boolean isEmb,boolean isX509,Map type,Map context) returns Key[" + publicOrSecretKey + "]");
        }
        return publicOrSecretKey;
    }

    private Key getDecryptingKey(boolean z, boolean z2, boolean z3, boolean z4, boolean z5, Map map, Map map2) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getDecryptingKey(boolean isKeyName[" + z + "],boolean isKeyId[" + z2 + "],boolean isStrref[" + z3 + "],boolean isEmb[" + z4 + "],boolean isX509[" + z5 + "],Map type,Map context)");
        }
        TokenConsumerConfig tokenConsumerConfig = (TokenConsumerConfig) map.remove(Constants.WSSECURITY_KEYINFO_TOKEN_REFERENCE);
        Key key = (Key) map2.remove(getClass());
        if (key == null) {
            KeyInformation info = getInfo(tokenConsumerConfig, z, z2, z3, z4, z5, map, map2);
            key = info.getPrivateOrSecretKey();
            map2.put(X509BSToken.CERT_INFO, info.getCertificate());
            map2.put(getClass(), key);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getDecryptingKey(boolean isKeyName,boolean isKeyId,boolean isStrref,boolean isEmb,boolean isX509,Map type,Map context) returns Key[" + key + "]");
        }
        return key;
    }

    private KeyInformation getInfo(TokenConsumerConfig tokenConsumerConfig, boolean z, boolean z2, boolean z3, boolean z4, boolean z5, Map map, Map map2) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getInfo(TokenConsumerConfig tconfig[" + tokenConsumerConfig + "],boolean isKeyName[" + z + "],boolean isKeyId[" + z2 + "],boolean isStrref[" + z3 + "],boolean isEmb[" + z4 + "],boolean isX509[" + z5 + "],Map type,Map context)");
        }
        String str = null;
        if (z) {
            String str2 = (String) map.get(Constants.WSSECURITY_KEY_NAME);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "SubjectDN is [" + str2 + "].");
            }
            if (str2 == null) {
                throw SoapSecurityException.format("security.wssecurity.KeyNameContentConsumer.getKeyName01");
            }
            str = (String) this._subject2KeyName.get(str2);
        } else if (z2) {
            String str3 = (String) map.get(Constants.WSSECURITY_KEY_ID);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "The key identifier is [" + str3 + "]");
            }
            if (str3 == null) {
                throw SoapSecurityException.format("security.wssecurity.KeyIdContentConsumer.getKey01");
            }
            QName qName = (QName) map.get(Constants.WSSECURITY_KEY_IDTYPE);
            QName qName2 = (QName) map.get(Constants.WSSECURITY_KEY_ENCODING);
            QName qName3 = (QName) map.get(Constants.WSSECURITY_KEY_VALUETYPE);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Calcuration method of key identifier is [" + qName + "].");
                Tr.debug(tc, "Encoding type of key identifier is [" + qName2 + "].");
                Tr.debug(tc, "Value type of key identifier is [" + qName3 + "].");
            }
            if (qName3 == null) {
                throw SoapSecurityException.format("security.wssecurity.KeyStoreKeyLocator.generateIdentifier02");
            }
            if (!com.ibm.ws.webservices.wssecurity.Constants.X509_SKI.equals(qName3) && !com.ibm.ws.webservices.wssecurity.Constants.X509_SKI_OLD.equals(qName3)) {
                throw SoapSecurityException.format("security.wssecurity.KeyStoreKeyLocator.generateIdentifier03", com.ibm.ws.webservices.wssecurity.Constants.X509_SKI.toString() + ", " + com.ibm.ws.webservices.wssecurity.Constants.X509_SKI_OLD.toString(), qName3.toString());
            }
            if (qName2 == null || NamespaceUtil.equals(qName2, com.ibm.ws.webservices.wssecurity.Constants.BASE64_BINARY)) {
                if (qName == null || NamespaceUtil.equals(qName, com.ibm.ws.webservices.wssecurity.Constants.ITSHA1)) {
                    str = (String) this._b64KeyId2KeyName.get(str3);
                } else {
                    if (!NamespaceUtil.equals(qName, com.ibm.ws.webservices.wssecurity.Constants.IT60SHA1)) {
                        throw new SoapSecurityException(ConfigUtil.getMessage("security.wssecurityKeyStoreKeyLocator.generateIdentifier01") + ": " + qName);
                    }
                    str = (String) this._b64KeyId602KeyName.get(str3);
                }
            } else {
                if (!NamespaceUtil.equals(qName2, com.ibm.ws.webservices.wssecurity.Constants.HEX_BINARY)) {
                    throw SoapSecurityException.format("security.wssecurity.BinaryTokenReceiver.token15", qName2.toString());
                }
                if (qName == null || NamespaceUtil.equals(qName, com.ibm.ws.webservices.wssecurity.Constants.ITSHA1)) {
                    str = (String) this._hexKeyId2KeyName.get(str3);
                } else {
                    if (!NamespaceUtil.equals(qName, com.ibm.ws.webservices.wssecurity.Constants.IT60SHA1)) {
                        throw new SoapSecurityException(ConfigUtil.getMessage("security.wssecurityKeyStoreKeyLocator.generateIdentifier01") + ": " + qName);
                    }
                    str = (String) this._hexKeyId602KeyName.get(str3);
                }
            }
        } else if (z3) {
            String str4 = (String) map.get(Constants.WSSECURITY_KEY_REFERENCE);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "The referene URI to a token is [" + str4 + "].");
            }
            if (str4 == null) {
                throw SoapSecurityException.format("security.wssecurity.STRReferenceContentConsumer.getKey01");
            }
            Token token = TokenManager.getToken(map2, tokenConsumerConfig, str4);
            if (token == null || !(token instanceof X509BSToken)) {
                throw SoapSecurityException.format("security.wssecurity.SignatureReceiver.dsig10", str4);
            }
            X509Certificate cert = ((X509BSToken) token).getCert();
            if (cert == null) {
                throw new SoapSecurityException(ConfigUtil.getMessage("security.wssecurity.WSSConsumer.s32") + ": " + token);
            }
            str = (String) this._cert2KeyName.get(cert);
        } else if (z4) {
            String str5 = (String) map.get(Constants.WSSECURITY_KEY_EMBID);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "The embedded token identifier is [" + str5 + "].");
            }
            if (str5 == null) {
                throw SoapSecurityException.format("security.wssecurity.EmbeddedContentConsumer.getEmbeddedToken02");
            }
            Token token2 = TokenManager.getToken(map2, tokenConsumerConfig, str5);
            if (token2 == null || !(token2 instanceof X509BSToken)) {
                throw SoapSecurityException.format("security.wssecurity.SignatureReceiver.dsig10", str5);
            }
            X509Certificate cert2 = ((X509BSToken) token2).getCert();
            if (cert2 == null) {
                throw new SoapSecurityException(ConfigUtil.getMessage("security.wssecurity.WSSConsumer.s32") + ": " + token2);
            }
            str = (String) this._cert2KeyName.get(cert2);
        } else if (z5) {
            String str6 = (String) map.get(Constants.WSSECURITY_KEY_ISSUERNAME);
            String str7 = (String) map.get(Constants.WSSECURITY_KEY_ISSUERSERIAL);
            if ((str6 == null || str7 == null) && tc.isDebugEnabled()) {
                Tr.debug(tc, "WARNING: Unable to get issuer name or issuer serial.");
            }
            str = (String) this._issuer2KeyName.get(str6 + ":" + str7);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "The key name is [" + str + "].");
        }
        KeyInformation keyInformation = null;
        if (str != null) {
            keyInformation = (KeyInformation) this._keylist.get(str);
        }
        if (keyInformation == null) {
            if (str != null) {
                throw SoapSecurityException.format("security.wssecurity.KeyStoreKeyLocator.getPrivateKey02", str);
            }
            throw SoapSecurityException.format("security.wssecurity.KeyStoreKeyLocator.getPrivateKey03");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getInfo(TokenConsumerConfig tconfig,boolean isKeyName,boolean isKeyId,boolean isStrref,boolean isEmb,boolean isX509,Map type,Map context) returns KeyInformation[" + keyInformation + "]");
        }
        return keyInformation;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Token getToken(boolean z, boolean z2, boolean z3, boolean z4, boolean z5, Map map, Map map2) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getToken(boolean isKeyName[" + z + "],boolean isKeyId[" + z2 + "],boolean isStrref[" + z3 + "],boolean isEmb[" + z4 + "],boolean isX509[" + z5 + "],Map type,Map context)");
        }
        Token token = null;
        String str = null;
        if (z) {
            str = (String) map.get(Constants.WSSECURITY_KEY_NAME);
        } else if (z2) {
            str = (String) map.get(Constants.WSSECURITY_KEY_ID);
        } else if (z3) {
            str = (String) map.get(Constants.WSSECURITY_KEY_REFERENCE);
        } else if (z4) {
            str = (String) map.get(Constants.WSSECURITY_KEY_EMBID);
        } else if (z5) {
            String str2 = (String) map.get(Constants.WSSECURITY_KEY_ISSUERNAME);
            String str3 = (String) map.get(Constants.WSSECURITY_KEY_ISSUERSERIAL);
            if (str2 != null && str3 != null) {
                str = str2 + ":" + str3;
            }
        }
        if (str != null) {
            token = TokenManager.getToken(map2, str);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getToken(boolean isKeyName[" + z + "],boolean isKeyId[" + z2 + "],boolean isStrref[" + z3 + "],boolean isEmb[" + z4 + "],boolean isX509[" + z5 + "],Map type,Map context) returns Token[" + token + "]");
        }
        return token;
    }

    private static void setInfo(boolean z, boolean z2, boolean z3, boolean z4, boolean z5, KeyInformation keyInformation, Map map) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setInfo(boolean isKeyName[" + z + "],boolean isKeyId[" + z2 + "],boolean isStrref[" + z3 + "],boolean isEmb[" + z4 + "],boolean isX509[" + z5 + "],KeyInformation kinfo[" + keyInformation + "],Map context)");
        }
        String str = null;
        String str2 = null;
        String str3 = null;
        String str4 = null;
        if (z) {
            str = keyInformation.getSubjectDN();
        } else if (z2) {
            QName qName = (QName) map.remove(Constants.WSSECURITY_KEY_ENCODING);
            QName qName2 = (QName) map.remove(Constants.WSSECURITY_KEY_IDTYPE);
            if (qName == null || NamespaceUtil.equals(qName, com.ibm.ws.webservices.wssecurity.Constants.BASE64_BINARY)) {
                if (qName2 == null || NamespaceUtil.equals(qName2, com.ibm.ws.webservices.wssecurity.Constants.ITSHA1)) {
                    str2 = keyInformation.getB64KeyId();
                } else {
                    if (!NamespaceUtil.equals(qName2, com.ibm.ws.webservices.wssecurity.Constants.IT60SHA1)) {
                        throw new SoapSecurityException(ConfigUtil.getMessage("security.wssecurityKeyStoreKeyLocator.generateIdentifier01") + ": " + qName2);
                    }
                    str2 = keyInformation.getB64KeyId60();
                }
            } else {
                if (!NamespaceUtil.equals(qName, com.ibm.ws.webservices.wssecurity.Constants.HEX_BINARY)) {
                    throw SoapSecurityException.format("security.wssecurity.BinaryTokenReceiver.token15", qName.toString());
                }
                if (qName2 == null || NamespaceUtil.equals(qName2, com.ibm.ws.webservices.wssecurity.Constants.ITSHA1)) {
                    str2 = keyInformation.getHexKeyId();
                } else {
                    if (!NamespaceUtil.equals(qName2, com.ibm.ws.webservices.wssecurity.Constants.IT60SHA1)) {
                        throw new SoapSecurityException(ConfigUtil.getMessage("security.wssecurityKeyStoreKeyLocator.generateIdentifier01") + ": " + qName2);
                    }
                    str2 = keyInformation.getHexKeyId60();
                }
            }
        } else if (z3) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "WARNING: TokenGenerator is responsible to set a X509 token to the Subject in case of STRREF.");
            }
        } else if (z4) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "WARNING: TokenGenerator is responsible to set a X509 token to the Subject in case of EMB.");
            }
        } else if (z5) {
            str3 = keyInformation.getIssuerDN();
            str4 = keyInformation.getIssuerSerial();
        }
        if (str != null) {
            map.put(Constants.WSSECURITY_KEY_NAME, str);
        } else {
            map.remove(Constants.WSSECURITY_KEY_NAME);
        }
        if (str2 != null) {
            map.put(Constants.WSSECURITY_KEY_ID, str2);
        } else {
            map.remove(Constants.WSSECURITY_KEY_ID);
        }
        if (str3 != null) {
            map.put(Constants.WSSECURITY_KEY_ISSUERNAME, str3);
        } else {
            map.remove(Constants.WSSECURITY_KEY_ISSUERNAME);
        }
        if (str4 != null) {
            map.put(Constants.WSSECURITY_KEY_ISSUERSERIAL, str4);
        } else {
            map.remove(Constants.WSSECURITY_KEY_ISSUERSERIAL);
        }
        map.remove(Constants.WSSECURITY_KEY_EMBID);
        map.remove(Constants.WSSECURITY_KEY_REFERENCE);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setInfo(boolean isKeyName,boolean isKeyId,boolean isStrref,boolean isEmb,boolean isX509,KeyInformation kinfo,Map context)");
        }
    }

    private static byte[] certToIdentifier(Certificate certificate) {
        byte[] extensionValue;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "certToIdentifier(Certificate cert)");
        }
        if (!(certificate instanceof X509Certificate) || (extensionValue = ((X509Certificate) certificate).getExtensionValue(OID_KEYIDENTIFIER)) == null) {
            return null;
        }
        byte[] bArr = new byte[extensionValue.length - 4];
        System.arraycopy(extensionValue, 4, bArr, 0, extensionValue.length - 4);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "certToIdentifier(Certificate cert)");
        }
        return bArr;
    }

    private static byte[] pubkeyToIdentifier(Certificate certificate, QName qName) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        int i;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "pubkeyToIdentifier(Certificate cert,QName idty[" + qName + "])");
        }
        byte[] bArr = null;
        if (certificate != null) {
            byte[] encoded = certificate.getPublicKey().getEncoded();
            if (encoded[0] != 48) {
                throw new RuntimeException("Unknown encoded key: " + Hex.encode(encoded));
            }
            int i2 = encoded[1] & 255;
            int i3 = (i2 & 128) == 0 ? 2 : 2 + (i2 & 127);
            int i4 = encoded[i3 + 1] & 255;
            if ((i4 & 128) == 0) {
                i = i3 + 2;
            } else {
                int i5 = i3 + 2;
                i = i3 + 2 + (i4 & 127);
                switch (i4 & 127) {
                    case 1:
                        i4 = encoded[i5] & 255;
                        break;
                    case 2:
                        i4 = ((encoded[i5] & 255) << 8) + (encoded[i5 + 1] & 255);
                        break;
                    case 3:
                        i4 = ((encoded[i5] & 255) << 16) + ((encoded[i5 + 1] & 255) << 8) + (encoded[i5 + 2] & 255);
                        break;
                    case 4:
                        i4 = ((encoded[i5] & 255) << 24) + ((encoded[i5 + 1] & 255) << 16) + ((encoded[i5 + 2] & 255) << 8) + (encoded[i5 + 3] & 255);
                        break;
                    default:
                        throw new RuntimeException("Integer overflow: " + Hex.encode(encoded));
                }
            }
            int i6 = i + i4;
            if (encoded[i6] != 3) {
                throw new RuntimeException("Non BIT STRING: 0x" + Integer.toString(encoded[i6] & 255, 16));
            }
            int i7 = encoded[i6 + 1] & 255;
            int i8 = i6 + ((i7 & 128) == 0 ? 3 : 3 + (i7 & 127));
            AlgorithmFactory algorithmFactory = AlgorithmFactory.getInstance();
            MessageDigest messageDigest = algorithmFactory.getMessageDigest("http://www.w3.org/2000/09/xmldsig#sha1", (AlgorithmParameterSpec) null);
            if (NamespaceUtil.equals(qName, com.ibm.ws.webservices.wssecurity.Constants.ITSHA1) || qName == null) {
                messageDigest.update(encoded, i8, encoded.length - i8);
                bArr = messageDigest.digest();
                algorithmFactory.releaseMessageDigest("http://www.w3.org/2000/09/xmldsig#sha1", messageDigest);
            } else {
                if (!NamespaceUtil.equals(qName, com.ibm.ws.webservices.wssecurity.Constants.IT60SHA1)) {
                    algorithmFactory.releaseMessageDigest("http://www.w3.org/2000/09/xmldsig#sha1", messageDigest);
                    throw new IllegalArgumentException("Internal Error: " + qName);
                }
                messageDigest.update(encoded, i8, encoded.length - i8);
                byte[] digest = messageDigest.digest();
                algorithmFactory.releaseMessageDigest("http://www.w3.org/2000/09/xmldsig#sha1", messageDigest);
                bArr = new byte[8];
                bArr[0] = (byte) (64 + (digest[digest.length - 8] & 15));
                System.arraycopy(digest, (digest.length - 8) + 1, bArr, 1, bArr.length - 1);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "pubkeyToIdentifier(Certificate cert,QName idty)");
        }
        return bArr;
    }

    private static byte[] makeIdentifier(Certificate certificate, QName qName) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "makeIdentifier(Certificate cert,QName idty[" + qName + "])");
        }
        byte[] bArr = null;
        if (certificate != null) {
            bArr = certToIdentifier(certificate);
            if (bArr == null || qName != null) {
                if (qName == null || NamespaceUtil.equals(qName, com.ibm.ws.webservices.wssecurity.Constants.ITSHA1)) {
                    if (bArr == null || bArr.length != 20) {
                        bArr = pubkeyToIdentifier(certificate, qName);
                    }
                } else {
                    if (!NamespaceUtil.equals(qName, com.ibm.ws.webservices.wssecurity.Constants.IT60SHA1)) {
                        throw new IllegalArgumentException("Internal Error: " + qName);
                    }
                    if (bArr == null || bArr.length != 8) {
                        bArr = pubkeyToIdentifier(certificate, qName);
                    }
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "makeIdentifier(Certificate cert,QName idty)");
        }
        return bArr;
    }
}
