package com.ibm.ws.wssecurity.trust.server.sts.Util;

import com.ibm.websphere.wssecurity.wssapi.token.SecurityToken;
import com.ibm.ws.wssecurity.trust.server.sts.STSCallbackHandler;
import com.ibm.ws.wssecurity.util.Tr;
import com.ibm.ws.wssecurity.util.TraceComponent;
import com.ibm.wsspi.wssecurity.core.SoapSecurityException;
import com.ibm.xmlns.prod.websphere._200608.securitytokenservice.targets.STSTargetMap;
import com.ibm.xmlns.prod.websphere._200608.securitytokenservice.targets.TokenTypeRule;
import java.net.URI;
import java.util.List;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.xml.namespace.QName;
import org.apache.axis2.context.MessageContext;
import org.eclipse.higgins.sts.IAppliesTo;
import org.eclipse.higgins.sts.IEndpointReference;
import org.eclipse.higgins.sts.IRequestSecurityToken;
import org.eclipse.higgins.sts.ISTSRequest;

/* loaded from: input_file:lib/com.ibm.wsfp.main.jar:com/ibm/ws/wssecurity/trust/server/sts/Util/STSSecurityUtil.class */
public class STSSecurityUtil {
    private static final TraceComponent tc = Tr.register(STSSecurityUtil.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.wssmessages");
    private static final String clsName = STSSecurityUtil.class.getName();
    private STSTargetMap targetMap;
    private Subject subject;
    private URI to = null;
    private URI appliesTo = null;
    private URI issuer = null;
    private Set<SecurityToken> securityTokenSet = null;

    public void invoke(ISTSRequest iSTSRequest, MessageContext messageContext) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "invoke(" + iSTSRequest + ", " + messageContext + ")");
        }
        this.to = iSTSRequest.getAddressingInformation().getTo();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "stsTo: " + this.to);
        }
        List requestSecurityTokenCollection = iSTSRequest.getRequestSecurityTokenCollection();
        if (requestSecurityTokenCollection.isEmpty()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Authorization failed in invokeSecurityLayer()");
            }
            throw SoapSecurityException.format(Constants.TRUST_FAULT_FAILED_AUTHENTICATION, "security.wssecurity.WSEC6851E");
        }
        IRequestSecurityToken iRequestSecurityToken = (IRequestSecurityToken) requestSecurityTokenCollection.get(0);
        IAppliesTo appliesTo = iRequestSecurityToken.getAppliesTo();
        if (appliesTo == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Authorization failed in invokeSecurityLayer()");
            }
            throw SoapSecurityException.format(Constants.TRUST_FAULT_FAILED_AUTHENTICATION, "security.wssecurity.WSEC6851E");
        }
        IEndpointReference endpointReference = appliesTo.getEndpointReference();
        if (endpointReference == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Authorization failed in invokeSecurityLayer()");
            }
            throw SoapSecurityException.format(Constants.TRUST_FAULT_FAILED_AUTHENTICATION, "security.wssecurity.WSEC6851E");
        }
        this.appliesTo = endpointReference.getAddress();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "appliesTo: " + this.appliesTo);
        }
        IEndpointReference issuer = iRequestSecurityToken.getIssuer();
        this.issuer = null;
        if (issuer != null) {
            this.issuer = issuer.getAddress();
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "issuer: " + this.issuer);
        }
        this.targetMap = STSConfigUtil.getSTSTargetMap();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "targetMap: " + this.targetMap);
        }
        this.subject = (Subject) messageContext.getProperties().get(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_TOKEN_WSSSUBJECT);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "subject: " + this.subject);
        }
        this.securityTokenSet = null;
        if (this.subject != null) {
            this.securityTokenSet = this.subject.getPrivateCredentials(SecurityToken.class);
        }
        processTargetMap();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "invoke(request, inMessage)");
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:109:0x00ee, code lost:
    
        r0 = r0.getTokenTypeRule().iterator();
     */
    /* JADX WARN: Code restructure failed: missing block: B:111:0x0105, code lost:
    
        if (r0.hasNext() == false) goto L123;
     */
    /* JADX WARN: Code restructure failed: missing block: B:112:0x0108, code lost:
    
        r0 = r0.next();
     */
    /* JADX WARN: Code restructure failed: missing block: B:113:0x011b, code lost:
    
        if (identityRuleExists(r0, null) == false) goto L125;
     */
    /* JADX WARN: Code restructure failed: missing block: B:114:0x011e, code lost:
    
        r7 = true;
        r6 = processTokenTypeRule(r0, null);
     */
    /* JADX WARN: Code restructure failed: missing block: B:115:0x012a, code lost:
    
        if (r6 != true) goto L126;
     */
    /* JADX WARN: Code restructure failed: missing block: B:20:0x00bf, code lost:
    
        if (com.ibm.ws.wssecurity.trust.server.sts.Util.STSSecurityUtil.tc.isDebugEnabled() == false) goto L20;
     */
    /* JADX WARN: Code restructure failed: missing block: B:21:0x00c2, code lost:
    
        com.ibm.ws.wssecurity.util.Tr.debug(com.ibm.ws.wssecurity.trust.server.sts.Util.STSSecurityUtil.tc, "  they are equivalent");
     */
    /* JADX WARN: Code restructure failed: missing block: B:22:0x00ca, code lost:
    
        r8 = true;
        r0 = r0.getDefaultIssuerRule();
     */
    /* JADX WARN: Code restructure failed: missing block: B:23:0x00d5, code lost:
    
        if (r0 != null) goto L25;
     */
    /* JADX WARN: Code restructure failed: missing block: B:25:0x00e0, code lost:
    
        if (com.ibm.ws.wssecurity.trust.server.sts.Util.STSSecurityUtil.tc.isDebugEnabled() == false) goto L34;
     */
    /* JADX WARN: Code restructure failed: missing block: B:26:0x00e3, code lost:
    
        com.ibm.ws.wssecurity.util.Tr.debug(com.ibm.ws.wssecurity.trust.server.sts.Util.STSSecurityUtil.tc, "NO JAAS config found for Issuer==null");
     */
    /* JADX WARN: Code restructure failed: missing block: B:28:0x0134, code lost:
    
        if (r6 != false) goto L81;
     */
    /* JADX WARN: Code restructure failed: missing block: B:29:0x0137, code lost:
    
        r0 = r0.getIssuerRule().iterator();
     */
    /* JADX WARN: Code restructure failed: missing block: B:31:0x014e, code lost:
    
        if (r0.hasNext() == false) goto L115;
     */
    /* JADX WARN: Code restructure failed: missing block: B:32:0x0151, code lost:
    
        r0 = r0.next();
     */
    /* JADX WARN: Code restructure failed: missing block: B:33:0x0165, code lost:
    
        if (com.ibm.ws.wssecurity.trust.server.sts.Util.STSSecurityUtil.tc.isDebugEnabled() == false) goto L42;
     */
    /* JADX WARN: Code restructure failed: missing block: B:34:0x0168, code lost:
    
        com.ibm.ws.wssecurity.util.Tr.debug(com.ibm.ws.wssecurity.trust.server.sts.Util.STSSecurityUtil.tc, "  - processing rule (" + r0 + ")");
     */
    /* JADX WARN: Code restructure failed: missing block: B:35:0x0187, code lost:
    
        r0 = r0.getIssuerURI();
     */
    /* JADX WARN: Code restructure failed: missing block: B:36:0x0196, code lost:
    
        if (com.ibm.ws.wssecurity.trust.server.sts.Util.STSSecurityUtil.tc.isDebugEnabled() == false) goto L45;
     */
    /* JADX WARN: Code restructure failed: missing block: B:37:0x0199, code lost:
    
        com.ibm.ws.wssecurity.util.Tr.debug(com.ibm.ws.wssecurity.trust.server.sts.Util.STSSecurityUtil.tc, "issuer: " + r0 + com.ibm.websphere.wssecurity.admin.PolicyAttributesConstants.DELIMITER);
     */
    /* JADX WARN: Code restructure failed: missing block: B:39:0x01c0, code lost:
    
        if (com.ibm.ws.wssecurity.trust.server.sts.Util.STSSecurityUtil.tc.isDebugEnabled() == false) goto L48;
     */
    /* JADX WARN: Code restructure failed: missing block: B:40:0x01c3, code lost:
    
        com.ibm.ws.wssecurity.util.Tr.debug(com.ibm.ws.wssecurity.trust.server.sts.Util.STSSecurityUtil.tc, "comparing issuer and this.issuer");
     */
    /* JADX WARN: Code restructure failed: missing block: B:42:0x01cd, code lost:
    
        if (r0 == null) goto L65;
     */
    /* JADX WARN: Code restructure failed: missing block: B:44:0x01d9, code lost:
    
        if (r0.equals(r5.issuer) == false) goto L65;
     */
    /* JADX WARN: Code restructure failed: missing block: B:46:0x01e4, code lost:
    
        if (com.ibm.ws.wssecurity.trust.server.sts.Util.STSSecurityUtil.tc.isDebugEnabled() == false) goto L55;
     */
    /* JADX WARN: Code restructure failed: missing block: B:47:0x01e7, code lost:
    
        com.ibm.ws.wssecurity.util.Tr.debug(com.ibm.ws.wssecurity.trust.server.sts.Util.STSSecurityUtil.tc, "issuer equals this.issuer");
     */
    /* JADX WARN: Code restructure failed: missing block: B:48:0x01ef, code lost:
    
        r0 = r0.getTokenTypeRule().iterator();
     */
    /* JADX WARN: Code restructure failed: missing block: B:50:0x0206, code lost:
    
        if (r0.hasNext() == false) goto L120;
     */
    /* JADX WARN: Code restructure failed: missing block: B:51:0x0209, code lost:
    
        r0 = r0.next();
     */
    /* JADX WARN: Code restructure failed: missing block: B:52:0x021f, code lost:
    
        if (identityRuleExists(r0, r5.issuer) == false) goto L121;
     */
    /* JADX WARN: Code restructure failed: missing block: B:53:0x0222, code lost:
    
        r7 = true;
        r6 = processTokenTypeRule(r0, r5.issuer);
     */
    /* JADX WARN: Code restructure failed: missing block: B:54:0x0231, code lost:
    
        if (r6 != true) goto L122;
     */
    /* JADX WARN: Code restructure failed: missing block: B:58:0x0254, code lost:
    
        if (r7 != false) goto L81;
     */
    /* JADX WARN: Code restructure failed: missing block: B:60:0x025f, code lost:
    
        if (com.ibm.ws.wssecurity.trust.server.sts.Util.STSSecurityUtil.tc.isDebugEnabled() == false) goto L74;
     */
    /* JADX WARN: Code restructure failed: missing block: B:61:0x0262, code lost:
    
        com.ibm.ws.wssecurity.util.Tr.debug(com.ibm.ws.wssecurity.trust.server.sts.Util.STSSecurityUtil.tc, "  tokenTypeRuleList is empty, therefore there are no JAASConfig settings");
        com.ibm.ws.wssecurity.util.Tr.debug(com.ibm.ws.wssecurity.trust.server.sts.Util.STSSecurityUtil.tc, "  comparing " + r5.appliesTo.toString() + " and " + r5.to.toString());
     */
    /* JADX WARN: Code restructure failed: missing block: B:63:0x02aa, code lost:
    
        if (0 != com.ibm.ws.wssecurity.trust.server.sts.Util.STSUriUtil.URICompare(r5.appliesTo.toString(), r5.to.toString())) goto L77;
     */
    /* JADX WARN: Code restructure failed: missing block: B:64:0x02ad, code lost:
    
        r0 = true;
     */
    /* JADX WARN: Code restructure failed: missing block: B:65:0x02b2, code lost:
    
        r6 = r0;
     */
    /* JADX WARN: Code restructure failed: missing block: B:66:0x02bb, code lost:
    
        if (com.ibm.ws.wssecurity.trust.server.sts.Util.STSSecurityUtil.tc.isDebugEnabled() == false) goto L81;
     */
    /* JADX WARN: Code restructure failed: missing block: B:67:0x02be, code lost:
    
        com.ibm.ws.wssecurity.util.Tr.debug(com.ibm.ws.wssecurity.trust.server.sts.Util.STSSecurityUtil.tc, "  URICompare returned: " + r6);
     */
    /* JADX WARN: Code restructure failed: missing block: B:68:0x02b1, code lost:
    
        r0 = false;
     */
    /* JADX WARN: Code restructure failed: missing block: B:77:0x0245, code lost:
    
        if (com.ibm.ws.wssecurity.trust.server.sts.Util.STSSecurityUtil.tc.isDebugEnabled() == false) goto L119;
     */
    /* JADX WARN: Code restructure failed: missing block: B:78:0x0248, code lost:
    
        com.ibm.ws.wssecurity.util.Tr.debug(com.ibm.ws.wssecurity.trust.server.sts.Util.STSSecurityUtil.tc, "  issuer does NOT equal this.issuer");
     */
    /* JADX WARN: Code restructure failed: missing block: B:83:0x02df, code lost:
    
        if (com.ibm.ws.wssecurity.trust.server.sts.Util.STSSecurityUtil.tc.isDebugEnabled() == false) goto L85;
     */
    /* JADX WARN: Code restructure failed: missing block: B:84:0x02e2, code lost:
    
        com.ibm.ws.wssecurity.util.Tr.debug(com.ibm.ws.wssecurity.trust.server.sts.Util.STSSecurityUtil.tc, "Target element was found: breaking from targets iteration.");
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void processTargetMap() throws com.ibm.wsspi.wssecurity.core.SoapSecurityException {
        /*
            Method dump skipped, instructions count: 979
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ws.wssecurity.trust.server.sts.Util.STSSecurityUtil.processTargetMap():void");
    }

    private boolean identityRuleExists(TokenTypeRule tokenTypeRule, URI uri) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "identityRuleExists(TokenTypeRule tokenTypeRule[" + tokenTypeRule + "], URI issuer[" + uri + "])");
        }
        boolean z = false;
        try {
            if (!processToken(tokenTypeRule, uri, null)) {
                z = true;
            }
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Failed to process token");
            }
            Tr.processException(e, clsName + ".identityRuleExists", "297", this);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "identityRuleExists(TokenTypeRule tokenTypeRule, URI issuer) returns boolean[" + z + "]");
        }
        return z;
    }

    private boolean processTokenTypeRule(TokenTypeRule tokenTypeRule, URI uri) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "processTokenTypeRule(TokenTypeRule tokenTypeRule[" + tokenTypeRule + "], URI issuer[" + uri + "])");
        }
        boolean z = false;
        try {
            String requiredTokenTypeURI = tokenTypeRule.getRequiredTokenTypeURI();
            for (SecurityToken securityToken : this.securityTokenSet) {
                QName valueType = securityToken.getValueType();
                String localPart = valueType != null ? valueType.getLocalPart() : null;
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "  comparing " + requiredTokenTypeURI + " and " + localPart);
                }
                if (requiredTokenTypeURI.equals(localPart)) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "  they are equal");
                    }
                    z = processToken(tokenTypeRule, uri, securityToken);
                    if (z) {
                        break;
                    }
                }
            }
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Failed to process token*");
            }
            Tr.processException(e, clsName + ".processTokenTypeRule", "337", this);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "processTokenTypeRule(TokenTypeRule tokenTypeRule, URI issuer) returns boolean[" + z + "]");
        }
        return z;
    }

    private boolean processToken(TokenTypeRule tokenTypeRule, URI uri, SecurityToken securityToken) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "processToken(TokenTypeRule tokenTypeRule[" + tokenTypeRule + "], URI issuer[" + uri + "], SecurityToken token[" + securityToken + "]");
        }
        boolean z = false;
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "calling tokenTypeRule.getCallbackHandler()");
        }
        try {
            String requiredTokenTypeURI = tokenTypeRule.getRequiredTokenTypeURI();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "tokenType: " + requiredTokenTypeURI);
            }
            URI uri2 = null;
            if (requiredTokenTypeURI != null) {
                uri2 = new URI(requiredTokenTypeURI);
            }
            String callbackHandler = tokenTypeRule.getCallbackHandler();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "callbackHandlerString: " + callbackHandler);
            }
            Class<?> cls = Class.forName(callbackHandler);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "callbackHandlerClass: " + cls);
            }
            CallbackHandler callbackHandler2 = (CallbackHandler) cls.newInstance();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, " calling STSCallbackHandler.class.isAssignableFrom(callbackHandlerClass)");
            }
            if (STSCallbackHandler.class.isAssignableFrom(cls)) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "  STSCallbackHandler.class.isAssignableFrom(callbackHandlerClass) returned true");
                }
                ((STSCallbackHandler) callbackHandler2).setAppliesTo(this.appliesTo);
                ((STSCallbackHandler) callbackHandler2).setIssuer(uri);
                ((STSCallbackHandler) callbackHandler2).setTokenType(uri2);
                ((STSCallbackHandler) callbackHandler2).setToken(securityToken);
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "  STSCallbackHandler.class.isAssignableFrom(callbackHandlerClass) returned false");
            }
            String jAASConfigName = tokenTypeRule.getJAASConfigName();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "  jaasConfigName: " + jAASConfigName);
            }
            z = processJAASConfig(jAASConfigName, callbackHandler2);
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Failed to process JAAS config");
            }
            Tr.processException(e, clsName + ".CheckToken", "402", this);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "processToken(TokenTypeRule tokenTypeRule, URI issuer, SecurityToken token) returns boolean[" + z + "] ");
        }
        return z;
    }

    private boolean processJAASConfig(String str, CallbackHandler callbackHandler) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "processJAASConfig(String jaasConfigName[" + str + "], CallbackHandler callbackHandler[" + callbackHandler + "])");
        }
        try {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "callbackHandler.getClass().getName(): " + callbackHandler.getClass().getName());
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "creating LoginContext");
            }
            LoginContext loginContext = new LoginContext(str, this.subject, callbackHandler);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Succeeded to construct the login context.");
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "invoking LoginModules");
            }
            loginContext.login();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "STSSecurityLayer JAAS login succeeded.");
            }
            try {
                if (tc.isEntryEnabled()) {
                    Tr.entry(tc, "logging out of context");
                }
                loginContext.logout();
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "processJAASConfig(String jaasConfigName, CallbackHandler callbackHandler) returns boolean[true]");
                }
                return true;
            } catch (LoginException e) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "STSSecurityLayer JAAS logout failed.");
                }
                throw SoapSecurityException.format(com.ibm.ws.wssecurity.common.Constants.FAILED_AUTHENTICATION, ".X509TokenConsumer.s02", e);
            }
        } catch (LoginException e2) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "STSSecurityLayer JAAS login failed.");
            }
            throw SoapSecurityException.format(com.ibm.ws.wssecurity.common.Constants.FAILED_AUTHENTICATION, ".X509TokenConsumer.s02", e2);
        }
    }
}
