package com.ibm.ws.wssecurity.sc;

import com.ibm.websphere.wssecurity.callbackhandler.PropertyCallback;
import com.ibm.websphere.wssecurity.wssapi.WSSException;
import com.ibm.websphere.wssecurity.wssapi.token.SecurityContextToken;
import com.ibm.ws.policyset.runtime.PolicySetConfiguration;
import com.ibm.ws.wssecurity.admin.BindingPropertyConstants;
import com.ibm.ws.wssecurity.common.Constants;
import com.ibm.ws.wssecurity.common.SCAndTrustConstants;
import com.ibm.ws.wssecurity.confimpl.PrivateConsumerConfig;
import com.ibm.ws.wssecurity.confimpl.PrivateGeneratorConfig;
import com.ibm.ws.wssecurity.impl.auth.callback.SCTCallback;
import com.ibm.ws.wssecurity.platform.auth.SecureConversationCacheHelper;
import com.ibm.ws.wssecurity.sc.util.SecureConversation;
import com.ibm.ws.wssecurity.trust.server.sts.Util.STSTokenUtil;
import com.ibm.ws.wssecurity.trust.server.sts.ext.sct.SCTHelper;
import com.ibm.ws.wssecurity.util.Axis2Util;
import com.ibm.ws.wssecurity.util.DOMUtils;
import com.ibm.ws.wssecurity.util.IdUtils;
import com.ibm.ws.wssecurity.util.PlatformContextUtil;
import com.ibm.ws.wssecurity.util.TokenHolder;
import com.ibm.ws.wssecurity.util.Tr;
import com.ibm.ws.wssecurity.util.TraceComponent;
import com.ibm.ws.wssecurity.wssapi.token.impl.SCT;
import com.ibm.ws.wssecurity.xml.xss4j.domutil.DOMUtil;
import com.ibm.ws.wssecurity.xml.xss4j.dsig.util.Base64;
import com.ibm.wsspi.wssecurity.core.SoapSecurityException;
import com.ibm.wsspi.wssecurity.core.config.CallbackHandlerConfig;
import com.ibm.wsspi.wssecurity.core.config.TokenGeneratorConfig;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.Serializable;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.xml.namespace.QName;
import org.apache.axiom.om.OMDocument;
import org.apache.axiom.om.OMElement;
import org.apache.axis2.AxisFault;
import org.apache.axis2.context.ConfigurationContext;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.description.AxisOperation;
import org.apache.axis2.description.AxisService;
import org.apache.axis2.description.Parameter;

/* loaded from: input_file:lib/com.ibm.wsfp.main.jar:com/ibm/ws/wssecurity/sc/SecureConversationImpl.class */
public class SecureConversationImpl implements Serializable, SecureConversation {
    private static final long serialVersionUID = 1242813010528764538L;
    private static final String comp = "security.wssecurity";
    private static final TraceComponent tc = Tr.register(SecureConversationImpl.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.wssmessages");
    private static final String clsName = SecureConversationImpl.class.getName();
    private static String tokenType = Constants.NS_WSC_SCT;
    private static long tokenTimeout = 0;

    @Override // com.ibm.ws.wssecurity.sc.util.SecureConversation
    public boolean isUsedForSigningAndEncryption(String str, MessageContext messageContext) throws SoapSecurityException {
        String tokenFromContext;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isUsedForSigningAndEncryption(): uuid = " + str + ", MessageContext");
        }
        try {
            if (Axis2Util.isServiceProvider(messageContext)) {
                HashMap hashMap = (HashMap) messageContext.getProperty(Constants.WSS_RAMP_PROPERTYMAP);
                if (hashMap != null) {
                    tokenFromContext = (String) hashMap.get(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_SECURECONVERSATION_IDENTIFIER);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Server side. Found the wss-ramp property map in the message context, sct uuid = " + tokenFromContext);
                    }
                } else {
                    tokenFromContext = TokenHolder.getTokenFromContext(SCAndTrustConstants.INBOUND_SCTOKEN, messageContext);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Server side. Getting SCToken uuid from message context and the key  is INBOUND_SCTOKEN, uuid = " + tokenFromContext);
                    }
                    if (tokenFromContext == null) {
                        tokenFromContext = (String) messageContext.getProperty(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_SECURECONVERSATION_IDENTIFIER);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Server side. Getting SCToken uuid from message context and the key is sessionID, uuid = " + tokenFromContext);
                        }
                    }
                }
                if (tokenFromContext != null && tokenFromContext.equals(str)) {
                    if (!tc.isEntryEnabled()) {
                        return true;
                    }
                    Tr.exit(tc, "isUsedForSigningAndEncryption() returnstrue");
                    return true;
                }
            } else {
                SCT sct = (SCT) SecureConversationCacheHelper.getSecurityContextTokenFromCacheByContext(messageContext);
                if (sct != null && sct.getUUID().equals(str)) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Client side. Found SCT in the cache. ");
                    }
                    if (!tc.isEntryEnabled()) {
                        return true;
                    }
                    Tr.exit(tc, "isUsedForSigningAndEncryption() returnstrue");
                    return true;
                }
            }
            if (!tc.isEntryEnabled()) {
                return false;
            }
            Tr.exit(tc, "isUsedForSigningAndEncryption() returnsfalse");
            return false;
        } catch (Exception e) {
            throw new SoapSecurityException(e.getMessage());
        }
    }

    @Override // com.ibm.ws.wssecurity.sc.util.SecureConversation
    public List getSignedParts(String str, MessageContext messageContext) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSignedParts(): uuid = " + str + ", MessageContext");
        }
        ArrayList arrayList = (ArrayList) ((HashMap) messageContext.getProperty("SIGNED_ELEMENTS_MAP")).get(str);
        if (tc.isEntryEnabled()) {
            if (arrayList != null) {
                Tr.exit(tc, "getSignedParts() returns parts of " + arrayList.size());
            } else {
                Tr.exit(tc, "getSignedParts() returns null");
            }
        }
        return arrayList;
    }

    @Override // com.ibm.ws.wssecurity.sc.util.SecureConversation
    public List getEncryptedParts(String str, MessageContext messageContext) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getEncryptionParts(): uuid = " + str + ", MessageContext");
        }
        ArrayList arrayList = (ArrayList) ((HashMap) messageContext.getProperty("DECRYPTED_ELEMENTS_MAP")).get(str);
        if (tc.isEntryEnabled()) {
            if (arrayList != null) {
                Tr.exit(tc, "getEncryptionParts()) returns parts of " + arrayList.size());
            } else {
                Tr.exit(tc, "getEncryptionParts() returns null");
            }
        }
        return arrayList;
    }

    @Override // com.ibm.ws.wssecurity.sc.util.SecureConversation
    public SecurityContextToken getSCToken(MessageContext messageContext) throws SoapSecurityException {
        String tokenFromContext;
        Class<?> cls;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSCTToken(): MessageContext");
        }
        PrivateGeneratorConfig parseMessageContext = parseMessageContext(messageContext);
        if (parseMessageContext == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Cannot get Policy/Binding information");
            }
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "getSCTToken(): MessageContext returns NULL");
            return null;
        }
        if (!parseMessageContext.isSCEnabled()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Secure Conversation is not enabled!");
            }
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "getSCTToken(): MessageContext returns NULL");
            return null;
        }
        try {
            SecurityContextToken securityContextToken = null;
            if (Axis2Util.isServiceProvider(messageContext)) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Service side. Getting SCToken from message context");
                }
                HashMap hashMap = (HashMap) messageContext.getProperty(Constants.WSS_RAMP_PROPERTYMAP);
                if (hashMap != null) {
                    tokenFromContext = (String) hashMap.get(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_SECURECONVERSATION_IDENTIFIER);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Server side. Found the wss-ramp property map in the message context, sct uuid = " + tokenFromContext);
                    }
                } else {
                    tokenFromContext = TokenHolder.getTokenFromContext(SCAndTrustConstants.INBOUND_SCTOKEN, messageContext);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Server side. Getting SCToken uuid from message context and the key is INBOUND_SCTOKEN, uuid = " + tokenFromContext);
                    }
                    if (tokenFromContext == null) {
                        tokenFromContext = (String) messageContext.getProperty(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_SECURECONVERSATION_IDENTIFIER);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Server side. Getting SCToken uuid from message context and the key is sessionID, uuid = " + tokenFromContext);
                        }
                    }
                }
                if (tokenFromContext != null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Getting the SecurityContextToken from the service side cache and the  uuid = " + tokenFromContext);
                    }
                    try {
                        securityContextToken = (SecurityContextToken) STSTokenUtil.getToken(tokenFromContext, tokenType);
                        if (securityContextToken != null && tc.isDebugEnabled()) {
                            Tr.debug(tc, "Got the SCToken from the service side cache sucessfully!");
                        }
                    } catch (AxisFault e) {
                        Tr.processException(e.getCause(), clsName, "getSCToken(MessageContext)");
                        throw new SoapSecurityException(e.getMessage());
                    }
                }
            } else {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "client side. Getting SCToken from global cache");
                }
                securityContextToken = (SecurityContextToken) SecureConversationCacheHelper.getSecurityContextTokenFromCacheByContext(messageContext);
                if (securityContextToken == null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "No SCT in the cache. Invoke callback handler");
                    }
                    if (parseMessageContext != null && parseMessageContext.isSCEnabled()) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "SC is in use");
                        }
                        Iterator<TokenGeneratorConfig> it = parseMessageContext.getTokenGenerators().iterator();
                        String str = null;
                        boolean z = false;
                        CallbackHandlerConfig callbackHandlerConfig = null;
                        TokenGeneratorConfig tokenGeneratorConfig = null;
                        while (true) {
                            if (!it.hasNext()) {
                                break;
                            }
                            tokenGeneratorConfig = it.next();
                            str = tokenGeneratorConfig.getCallbackHandler().getClassName();
                            if (str != null && str.equals(BindingPropertyConstants.SCT_CALLBACK_CLASSNAME_VALUE)) {
                                z = true;
                                callbackHandlerConfig = tokenGeneratorConfig.getCallbackHandler();
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "CallbackHandlerConfig [" + callbackHandlerConfig + "].");
                                }
                            }
                        }
                        if (z) {
                            try {
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "About to Instantiate the callback handler [" + str + "]...");
                                }
                                HashMap hashMap2 = new HashMap();
                                ClassLoader classLoader = (ClassLoader) AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.wssecurity.sc.SecureConversationImpl.1
                                    @Override // java.security.PrivilegedAction
                                    public Object run() {
                                        return Thread.currentThread().getContextClassLoader();
                                    }
                                });
                                if (classLoader != null) {
                                    try {
                                        cls = classLoader.loadClass(str);
                                    } catch (Exception e2) {
                                        cls = Class.forName(str);
                                    }
                                } else {
                                    cls = Class.forName(str);
                                }
                                if (!CallbackHandler.class.isAssignableFrom(cls)) {
                                    throw SoapSecurityException.format("security.wssecurity.ConfigUtil.s17", str, CallbackHandler.class.getName());
                                }
                                hashMap2.put(CallbackHandlerConfig.CONFIG_KEY, callbackHandlerConfig);
                                CallbackHandler callbackHandler = (CallbackHandler) cls.getConstructor(Map.class).newInstance(hashMap2);
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "Succeeded to Instantiate the callback handler [" + str + "].");
                                }
                                HashMap hashMap3 = new HashMap();
                                hashMap3.put(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_MESSAGE_CONTEXT, messageContext);
                                hashMap3.put("com.ibm.wsspi.wssecurity.config.wssGenerator.configKey", parseMessageContext);
                                hashMap3.put(TokenGeneratorConfig.CONFIG_KEY, tokenGeneratorConfig);
                                SCTCallback sCTCallback = new SCTCallback();
                                Callback[] callbackArr = {sCTCallback, new PropertyCallback(hashMap3)};
                                try {
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "Invoking the callback handler [" + str + "].");
                                    }
                                    callbackHandler.handle(callbackArr);
                                    securityContextToken = sCTCallback.getToken();
                                    callbackHandlerConfig.setInstance(callbackHandler);
                                    tokenType = securityContextToken.getValueType().getLocalPart();
                                    long rMSequenceInactivityTimeoutInterval = Axis2Util.getRMSequenceInactivityTimeoutInterval(messageContext);
                                    if (tokenTimeout == 0) {
                                        getSCTokenTimeOut(null);
                                    }
                                    if (rMSequenceInactivityTimeoutInterval > tokenTimeout) {
                                        Tr.warning(tc, "RM Sequence inactivity timeout interval is more than the SCT life time. When using managed persistent policy, SCT life time should be more than RM Sequence inactivity timeout");
                                    }
                                } catch (IOException e3) {
                                    IOException iOException = e3;
                                    if (e3.getCause() != null) {
                                        iOException = e3.getCause();
                                    }
                                    Tr.processException(e3, clsName + ".invoke", "388");
                                    Tr.error(tc, "security.wssecurity.XTokenGenerator.s02", new Object[]{str});
                                    SoapSecurityException format = SoapSecurityException.format("security.wssecurity.X509TokenGenerator.s02", str, iOException);
                                    format.initCause(e3);
                                    throw format;
                                } catch (UnsupportedCallbackException e4) {
                                    Tr.processException(e4, clsName + ".invoke", "379");
                                    Tr.error(tc, "security.wssecurity.X509TokenGenerator.s02", new Object[]{str});
                                    SoapSecurityException format2 = SoapSecurityException.format("security.wssecurity.X509TokenGenerator.s02", str, e4);
                                    format2.initCause(e4);
                                    throw format2;
                                }
                            } catch (Exception e5) {
                                Tr.processException(e5, clsName + ".invoke", "311");
                                Tr.error(tc, "security.wssecurity.X509TokenGenerator.s01", new Object[]{str});
                                throw SoapSecurityException.format("security.wssecurity.X509TokenGenerator.s01", str, e5);
                            }
                        }
                    } else if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "SC is not used");
                    }
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getSCTToken() returns " + securityContextToken);
            }
            return securityContextToken;
        } catch (Exception e6) {
            throw new SoapSecurityException(e6.getMessage());
        }
    }

    @Override // com.ibm.ws.wssecurity.sc.util.SecureConversation
    public SecurityContextToken getSCToken(String str) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSCTToken(uuid = " + str + ")");
        }
        SecurityContextToken securityContextToken = (SecurityContextToken) SecureConversationCacheHelper.getSecurityContextTokenFromCacheByUUID(str);
        SecurityContextToken securityContextToken2 = securityContextToken;
        if (securityContextToken == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Did not find the token in the client side cache. Try trust service cache..");
            }
            if (SCTHelper.getCache() != null) {
                securityContextToken2 = (SCT) SCTHelper.getCache().getToken(str);
            }
            if (securityContextToken2 == null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Did not find the token in the cache helper. Try trust service cache..");
                }
                try {
                    securityContextToken2 = (SCT) STSTokenUtil.getToken(str, tokenType);
                } catch (Exception e) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Exception while getting SCT from trust service:" + e.getMessage());
                    }
                }
            }
            if (securityContextToken2 == null) {
                Tr.error(tc, "security.wssecurity.SecureConversationImpl.s01", new Object[]{str});
                throw SoapSecurityException.format("security.wssecurity.SecureConversationImpl.s01", str);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getSCTToken() returns");
        }
        return securityContextToken2;
    }

    @Override // com.ibm.ws.wssecurity.sc.util.SecureConversation
    public byte[] getSCTokenBytes(String str) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSCTTokenBytes(uuid = " + str + ")");
        }
        SecurityContextToken sCToken = getSCToken(str);
        if (sCToken == null) {
            Tr.error(tc, "security.wssecurity.SecureConversationImpl.s01", new Object[]{str});
            throw SoapSecurityException.format("security.wssecurity.SecureConversationImpl.s01", str);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getSCTTokenBytes(String uuid) returns");
        }
        return ((SCT) sCToken).getSerializationBytes();
    }

    @Override // com.ibm.ws.wssecurity.sc.util.SecureConversation
    public SecurityContextToken getSCTokenFromBytes(byte[] bArr) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSCTTokenFromBytes(byte[] token)");
            Tr.exit(tc, "getSCTTokenFromBytes() returns");
        }
        SCT sct = new SCT();
        try {
            sct.readExternal(new ObjectInputStream(new ByteArrayInputStream(bArr)));
            return sct;
        } catch (Exception e) {
            Tr.error(tc, "Error deserializing SCT, encountered " + e.toString());
            throw new SoapSecurityException(e.toString());
        }
    }

    @Override // com.ibm.ws.wssecurity.sc.util.SecureConversation
    public SecurityContextToken getSCTokenBySecurityTokenReference(OMElement oMElement, MessageContext messageContext) throws SoapSecurityException {
        OMElement childElement;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSCTTokenBySecurityTokenReference(OMElement, MessageContext)");
        }
        try {
            boolean isServiceProvider = Axis2Util.isServiceProvider(messageContext);
            String str = null;
            String str2 = null;
            SecurityContextToken securityContextToken = null;
            if (oMElement != null) {
                str = DOMUtils.getChildElement(oMElement, Constants.NS_WSSE, "Reference").getAttributeValue(new QName("", "URI"));
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "wsse:Reference URI in the RM supplied SecurityTokenReference element: " + str);
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "No Reference element found");
            }
            if (str != null && str.startsWith("#")) {
                String substring = str.substring(1);
                OMDocument ownerDocument = DOMUtil.getOwnerDocument(messageContext.getEnvelope().getHeader());
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "The original RM message to be processed : " + DOMUtils.toString(ownerDocument.getOMDocumentElement()));
                }
                OMElement resolveID = IdUtils.getInstance().resolveID(ownerDocument, substring);
                if (resolveID != null) {
                    if (new QName(Constants.NS_WSC_SC, "SecurityContextToken").equals(resolveID.getQName()) && (childElement = DOMUtils.getChildElement(resolveID, Constants.NS_WSC_SC, "Identifier")) != null) {
                        str2 = DOMUtils.getStringValue(childElement);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Found the matching SCT (Attached reference)for wsu:Id = " + substring + ", the uuid Identifier = " + str2);
                        }
                    }
                }
                if (str2 == null && tc.isDebugEnabled()) {
                    Tr.debug(tc, "No SecurityContextToken element with the wsu:Id = " + substring + " Found.");
                }
            } else if (str != null && str.startsWith("uuid")) {
                str2 = str;
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Found the matching SCT (Unattached reference)for wsu:Id = " + str + ", the uuid Identifier = " + str2);
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "No URI attribute found");
            }
            if (str2 != null) {
                if (isServiceProvider) {
                    try {
                        securityContextToken = (SecurityContextToken) STSTokenUtil.getToken(str2, tokenType);
                        if (securityContextToken != null && tc.isDebugEnabled()) {
                            Tr.debug(tc, "Got the SecurityContextToken from the service side cache sucessfully!");
                        }
                    } catch (AxisFault e) {
                        Tr.processException(e.getCause(), clsName, "getSCTokenBySecurityTokenReference(OMElement STRElem, MessageContext msgCtx)");
                        throw new SoapSecurityException(e.getMessage());
                    }
                } else {
                    securityContextToken = (SecurityContextToken) SecureConversationCacheHelper.getSecurityContextTokenFromCacheByUUID(str2);
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "SCT referenced in the STR element(either direct reference by Identifier or indirect reference by wsu:Id) is NOT found in the message");
            }
            if (securityContextToken != null) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "getSCTTokenBySecurityTokenReference(OMElement, MessageContext) returns " + securityContextToken);
                }
                return securityContextToken;
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "SCT referenced by uuid = " + str2 + " not found");
            }
            Tr.error(tc, "security.wssecuritySCTConsumeLoginModule.invalidSCT03");
            throw SoapSecurityException.format("security.wssecuritySCTConsumeLoginModule.invalidSCT03");
        } catch (Exception e2) {
            throw new SoapSecurityException(e2.getMessage());
        }
    }

    public static PrivateGeneratorConfig parseMessageContext(MessageContext messageContext) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "parseMessageContext(MessageContext)");
        }
        PrivateGeneratorConfig privateGeneratorConfig = null;
        AxisOperation axisOperation = messageContext.getAxisOperation();
        Parameter parameter = null;
        Object obj = null;
        if (axisOperation != null) {
            parameter = axisOperation.getParameter("WASAxis2PolicySet");
        }
        if (parameter != null) {
            obj = parameter.getValue();
        }
        PolicySetConfiguration policySetConfiguration = null;
        if (obj == null || !(obj instanceof PolicySetConfiguration)) {
            AxisService axisService = messageContext.getAxisService();
            if (axisService != null) {
                parameter = axisService.getParameter("WASAxis2PolicySet");
            }
            if (parameter != null) {
                obj = parameter.getValue();
            }
            if (obj != null && (obj instanceof PolicySetConfiguration)) {
                policySetConfiguration = (PolicySetConfiguration) obj;
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "PolicySet from the service context");
                }
            }
        } else {
            policySetConfiguration = (PolicySetConfiguration) obj;
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "PolicySet from the operation context");
            }
        }
        if (policySetConfiguration != null) {
            Object policyTypeBinding = policySetConfiguration.getPolicyTypeBinding(PrivateGeneratorConfig.class);
            if (policyTypeBinding != null && (policyTypeBinding instanceof PrivateGeneratorConfig)) {
                privateGeneratorConfig = (PrivateGeneratorConfig) policyTypeBinding;
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "app policy = " + privateGeneratorConfig);
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "No PolicyType Binding");
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "No PolicySet configuration");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "parseMessageContext(MessageContext) returns " + privateGeneratorConfig);
        }
        return privateGeneratorConfig;
    }

    public static boolean cancelSCT(AxisService axisService) throws WSSException {
        Class<?> cls;
        SCT sct = null;
        Parameter parameter = axisService.getParameter(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_SECURECONVERSATION_IDENTIFIER);
        if (parameter != null) {
            sct = (SCT) SecureConversationCacheHelper.getSecurityContextTokenFromCacheByUUID((String) parameter.getValue());
        }
        PrivateGeneratorConfig generatorConfigFromService = getGeneratorConfigFromService(axisService);
        if (generatorConfigFromService == null || !generatorConfigFromService.isSCEnabled()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "cancel SCT using WSSAPI");
            }
            try {
                sct.cancel();
                return true;
            } catch (WSSException e) {
                throw e;
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "client side with security policy enabled. cancel SCT");
        }
        if (sct == null || sct.isCancelled()) {
            if (!tc.isDebugEnabled()) {
                return true;
            }
            Tr.debug(tc, "There is no SCT to cancel.");
            return true;
        }
        Iterator<TokenGeneratorConfig> it = generatorConfigFromService.getTokenGenerators().iterator();
        String str = null;
        while (it.hasNext()) {
            str = it.next().getCallbackHandler().getClassName();
            if (str != null && str.equals(BindingPropertyConstants.SCT_CALLBACK_CLASSNAME_VALUE)) {
                break;
            }
        }
        if (str == null) {
            return true;
        }
        try {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "SCT is not found. Instantiating the callback handler [" + str + "]...");
            }
            HashMap hashMap = new HashMap();
            ClassLoader classLoader = (ClassLoader) AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.wssecurity.sc.SecureConversationImpl.2
                @Override // java.security.PrivilegedAction
                public Object run() {
                    return Thread.currentThread().getContextClassLoader();
                }
            });
            if (classLoader != null) {
                try {
                    cls = classLoader.loadClass(str);
                } catch (Exception e2) {
                    cls = Class.forName(str);
                }
            } else {
                cls = Class.forName(str);
            }
            if (!CallbackHandler.class.isAssignableFrom(cls)) {
                throw SoapSecurityException.format("", str, CallbackHandler.class.getName());
            }
            CallbackHandler callbackHandler = (CallbackHandler) cls.getConstructor(Map.class).newInstance(hashMap);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Succeeded to Instantiate the callback handler [" + str + "].");
            }
            HashMap hashMap2 = new HashMap();
            hashMap2.put(Constants.WSSECURITY_AXIS_SERVICE, axisService);
            hashMap2.put("com.ibm.wsspi.wssecurity.config.wssGenerator.configKey", generatorConfigFromService);
            hashMap2.put(Constants.SCT_CANCEL, "true");
            hashMap2.put(Constants.WSSECURITY_SCT, sct);
            PropertyCallback propertyCallback = new PropertyCallback(null);
            propertyCallback.setProperties(hashMap2);
            Callback[] callbackArr = {new SCTCallback(), propertyCallback};
            try {
                callbackHandler.handle(callbackArr);
                ((SCTCallback) callbackArr[0]).getToken();
                return true;
            } catch (IOException e3) {
                IOException iOException = e3;
                if (e3.getCause() != null) {
                    iOException = e3.getCause();
                }
                Tr.error(tc, "", new Object[]{str, iOException});
                SoapSecurityException.format("", str, iOException).initCause(e3);
                return false;
            } catch (UnsupportedCallbackException e4) {
                Tr.error(tc, "", new Object[]{str, e4});
                SoapSecurityException.format("", str, e4).initCause(e4);
                return false;
            }
        } catch (Exception e5) {
            Tr.error(tc, "", new Object[]{str, e5});
            return false;
        }
    }

    public static PrivateConsumerConfig getConsumerConfigFromService(AxisService axisService) {
        Object policyTypeBinding;
        PrivateConsumerConfig privateConsumerConfig = null;
        PolicySetConfiguration policySetConfiguration = null;
        Object value = axisService.getParameter("WASAxis2PolicySet").getValue();
        if (value != null && (value instanceof PolicySetConfiguration)) {
            policySetConfiguration = (PolicySetConfiguration) value;
        }
        if (policySetConfiguration != null && (policyTypeBinding = policySetConfiguration.getPolicyTypeBinding(PrivateConsumerConfig.class)) != null && (policyTypeBinding instanceof PrivateConsumerConfig)) {
            privateConsumerConfig = (PrivateConsumerConfig) policyTypeBinding;
        }
        return privateConsumerConfig;
    }

    public static PrivateGeneratorConfig getGeneratorConfigFromService(AxisService axisService) {
        Object policyTypeBinding;
        PrivateGeneratorConfig privateGeneratorConfig = null;
        PolicySetConfiguration policySetConfiguration = null;
        Object value = axisService.getParameter("WASAxis2PolicySet").getValue();
        if (value != null && (value instanceof PolicySetConfiguration)) {
            policySetConfiguration = (PolicySetConfiguration) value;
        }
        if (policySetConfiguration != null && (policyTypeBinding = policySetConfiguration.getPolicyTypeBinding(PrivateGeneratorConfig.class)) != null && (policyTypeBinding instanceof PrivateGeneratorConfig)) {
            privateGeneratorConfig = (PrivateGeneratorConfig) policyTypeBinding;
        }
        return privateGeneratorConfig;
    }

    @Override // com.ibm.ws.wssecurity.sc.util.SecureConversation
    public byte[] getWSSPropertyMapByteArray(MessageContext messageContext) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getWSSPropertyMapByteArray(MessageContext msgCtx)");
        }
        byte[] bArr = new byte[0];
        HashMap hashMap = null;
        if (messageContext != null) {
            hashMap = (HashMap) messageContext.getProperty(Constants.WSS_RAMP_PROPERTYMAP);
            if (hashMap == null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Did not find property map in the current message context.");
                    Tr.debug(tc, "Look for it in the prev inbound message context.");
                }
                hashMap = TokenHolder.getPropertyMapFromInboundMessageContext(messageContext);
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "MessageContext is null!");
        }
        if (hashMap != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Found property map in the message context.");
            }
            try {
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                new ObjectOutputStream(byteArrayOutputStream).writeObject(hashMap);
                bArr = byteArrayOutputStream.toByteArray();
            } catch (IOException e) {
                IOException iOException = e;
                if (e.getCause() != null) {
                    iOException = e.getCause();
                }
                Tr.error(tc, "", new Object[]{iOException});
                SoapSecurityException format = SoapSecurityException.format("", iOException);
                format.initCause(e);
                throw format;
            }
        } else {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Did not find property map in the message context.");
            }
            String str = (String) messageContext.getProperty(Constants.INSTANCE_FROM_MESSAGE);
            String str2 = (String) messageContext.getProperty(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_SECURECONVERSATION_IDENTIFIER);
            if (str != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Found instance in the message context: " + str);
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Did not find instance in the message context.");
            }
            if (str2 != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Found SCT uuid in the message context: " + str2);
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Did not find SCT uuid in the message context.");
            }
        }
        if (tc.isDebugEnabled() && bArr.length > 1) {
            Tr.debug(tc, "The WSS RAMP property map bytes = " + Base64.encode(bArr));
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getWSSPropertyMapByteArray(MessageContext msgCtx) returns byte array");
        }
        return bArr;
    }

    @Override // com.ibm.ws.wssecurity.sc.util.SecureConversation
    public HashMap getWSSPropertyMapFromByteArray(byte[] bArr, MessageContext messageContext) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getWSSPropertyMapFromByteArray(byte[] wssmap, MessageContext msgCtx)");
        }
        HashMap hashMap = null;
        if (bArr != null && bArr.length > 0) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "valid wss propertymap bytes.");
            }
            try {
                hashMap = (HashMap) new ObjectInputStream(new ByteArrayInputStream(bArr)).readObject();
            } catch (IOException e) {
                IOException iOException = e;
                if (e.getCause() != null) {
                    iOException = e.getCause();
                }
                Tr.error(tc, "", new Object[]{iOException});
                SoapSecurityException format = SoapSecurityException.format("", iOException);
                format.initCause(e);
                throw format;
            } catch (ClassNotFoundException e2) {
                ClassNotFoundException classNotFoundException = e2;
                if (e2.getCause() != null) {
                    classNotFoundException = e2.getCause();
                }
                Tr.error(tc, "", new Object[]{classNotFoundException});
                SoapSecurityException format2 = SoapSecurityException.format("", classNotFoundException);
                format2.initCause(e2);
                throw format2;
            }
        }
        if (hashMap != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "valid wss propertymap");
                Tr.debug(tc, "Save the wss property map using com.ibm.ws.wssecurity.WSS_RAMP_PROPERTYMAP key");
            }
            messageContext.setProperty(Constants.WSS_RAMP_PROPERTYMAP, hashMap);
            String str = (String) hashMap.get(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_SECURECONVERSATION_IDENTIFIER);
            if (str != null) {
                try {
                    if (messageContext.getAxisService() != null && messageContext.getAxisService().getParameter(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_SECURECONVERSATION_IDENTIFIER) == null) {
                        Parameter parameter = new Parameter(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_SECURECONVERSATION_IDENTIFIER, str);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Add Client sessionId to AxisService = " + str);
                        }
                        messageContext.getAxisService().addParameter(parameter);
                    }
                } catch (Exception e3) {
                    Tr.debug(tc, "Unable to add client sessionId to AxisService. " + e3.getMessage());
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getWSSPropertyMapFromByteArray(byte[] wssmap, MessageContext msgCtx) returns = " + hashMap);
        }
        return hashMap;
    }

    @Override // com.ibm.ws.wssecurity.sc.util.SecureConversation
    public void restoreSCToken(byte[] bArr) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "restoreSCT(byte[] token)");
        }
        if (bArr == null) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "restoreSCT(byte[] token) returns, null token");
                return;
            }
            return;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "token bytes = " + Base64.encode(bArr));
        }
        SCT sct = new SCT();
        try {
            sct.readExternal(new ObjectInputStream(new ByteArrayInputStream(bArr)));
            tokenType = sct.getValueType().getLocalPart();
            if (PlatformContextUtil.isWebSphereServerProcess() && sct != null) {
                if (SecureConversationCacheHelper.getSecurityContextTokenFromCacheByUUID(sct.getUUID()) == null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "client cache does not have the SCT that is persisted. Update the cache");
                    }
                    SecureConversationCacheHelper.setSecurityContextTokenToCache(sct.getUUID(), null, sct, null);
                }
                if (SCTHelper.getCache() == null) {
                    try {
                        if (STSTokenUtil.getToken(sct.getUUID(), tokenType) == null) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "service cache does not have the SCT that is persisted. Update the cache");
                            }
                            STSTokenUtil.putToken(sct, tokenType);
                        }
                    } catch (Exception e) {
                        Tr.error(tc, "error updating Service token cache");
                        throw new SoapSecurityException(e.toString());
                    }
                } else if (SCTHelper.getCache().getToken(sct.getUUID()) == null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Did not find the token in the service cache. But the STS config is completed. Update thru SCTHelper");
                    }
                    long j = 7200000;
                    if (SCTHelper.getSCTConfigProperties() != null) {
                        int intValue = Integer.valueOf(SCTHelper.getSCTConfigProperties().getProperty("renewalWindowMinutes", "120")).intValue() * 60000;
                        String[] instances = sct.getInstances();
                        Date date = new Date(0L);
                        Date date2 = date;
                        if (instances != null) {
                            for (String str : instances) {
                                Date expiration = sct.getExpiration(str);
                                if (expiration != null && expiration.after(date2)) {
                                    date2 = expiration;
                                }
                            }
                            Date date3 = new Date();
                            if (!date2.equals(date)) {
                                j = (date2.getTime() - date3.getTime()) + intValue;
                            }
                        }
                    }
                    boolean cacheToken = SCTHelper.getCache().cacheToken(sct.getUUID(), sct, j);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Update the token in the service cache. result = " + cacheToken);
                    }
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "restoreSCToken(byte[] token)");
            }
        } catch (Exception e2) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Error when deserializing SCT. " + e2.toString());
            }
            throw new SoapSecurityException(e2.toString());
        }
    }

    @Override // com.ibm.ws.wssecurity.sc.util.SecureConversation
    public long getSCTokenTimeOut(ConfigurationContext configurationContext) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSCTokenTimeOut(ConfigurationContext cContext)");
        }
        if (PlatformContextUtil.isWebSphereServerProcess() && SCTHelper.getSCTConfigProperties() != null) {
            tokenTimeout = Integer.valueOf(SCTHelper.getSCTConfigProperties().getProperty("lifetimeMinutes", "120")).intValue() * 60;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "SCT lifetime = " + tokenTimeout);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getSCTokenTimeOut(ConfigurationContext cContext)");
        }
        return tokenTimeout;
    }
}
