package com.ibm.ws.wssecurity.wssapi.token.impl;

import com.ibm.security.trust10.client.om.STSConstantsImpl;
import com.ibm.websphere.wssecurity.callbackhandler.SCTGenerateCallbackHandler;
import com.ibm.websphere.wssecurity.wssapi.WSSConsumingContext;
import com.ibm.websphere.wssecurity.wssapi.WSSException;
import com.ibm.websphere.wssecurity.wssapi.WSSGenerationContext;
import com.ibm.websphere.wssecurity.wssapi.token.DerivedKeyToken;
import com.ibm.ws.wssecurity.admin.BindingPropertyConstants;
import com.ibm.ws.wssecurity.common.Constants;
import com.ibm.ws.wssecurity.common.SCAndTrustConstants;
import com.ibm.ws.wssecurity.platform.auth.SecureConversationCacheHelper;
import com.ibm.ws.wssecurity.sc.SecureConversationImpl;
import com.ibm.ws.wssecurity.trust.client.ITrustClient;
import com.ibm.ws.wssecurity.trust.client.ITrustConstants;
import com.ibm.ws.wssecurity.trust.client.ITrustRequestSecurityToken;
import com.ibm.ws.wssecurity.trust.client.ITrustRequestSecurityTokenResponse;
import com.ibm.ws.wssecurity.trust.client.ITrustRequestSecurityTokenResponseCollection;
import com.ibm.ws.wssecurity.trust.client.ITrustRequestSecurityTokenTemplate;
import com.ibm.ws.wssecurity.trust.client.impl.TrustClientFactory;
import com.ibm.ws.wssecurity.trust.client.impl.TrustException;
import com.ibm.ws.wssecurity.util.DOMUtils;
import com.ibm.ws.wssecurity.util.SecurityUIDGenerator;
import com.ibm.ws.wssecurity.util.Tr;
import com.ibm.ws.wssecurity.util.TraceComponent;
import com.ibm.ws.wssecurity.util.WSSNonceGenerator;
import com.ibm.ws.wssecurity.wssapi.DefaultValueManager;
import com.ibm.ws.wssecurity.wssapi.OMStructure;
import com.ibm.ws.wssecurity.wssapi.token.impl.SCT;
import com.ibm.ws.wssecurity.xml.xss4j.dsig.util.Base64;
import com.ibm.wsspi.wssecurity.core.SoapSecurityException;
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import org.apache.axiom.om.OMElement;
import org.apache.axis2.client.ServiceClient;
import org.apache.axis2.context.ConfigurationContext;
import org.apache.axis2.description.AxisService;
import org.apache.axis2.description.Parameter;
import org.apache.axis2.engine.AxisConfiguration;
import org.apache.axis2.jaxws.ClientConfigurationFactory;
import org.apache.axis2.jaxws.description.EndpointDescription;
import org.apache.axis2.jaxws.spi.BindingProvider;

/* loaded from: input_file:lib/com.ibm.wsfp.main.jar:com/ibm/ws/wssecurity/wssapi/token/impl/SCTWrapper.class */
public class SCTWrapper extends SCT {
    private static final TraceComponent tc = Tr.register(SCTWrapper.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.wssmessages");
    private static final String clsName = SCTWrapper.class.getName();
    private static final long serialVersionUID = -3367052060192133610L;
    private SCT sctReference;
    private String currentInstance;
    private BindingProvider bindingProvider;
    private static final String comp = "security.wssecurity";
    private SecurityTokenManagerImpl securityTokenManager;

    public SCTWrapper() {
        this.sctReference = null;
        this.currentInstance = null;
        this.bindingProvider = null;
        this.securityTokenManager = null;
    }

    public SCTWrapper(String str, SCT.KeyHistoryEntry[] keyHistoryEntryArr, String str2, String str3) {
        super(str, keyHistoryEntryArr);
        this.sctReference = null;
        this.currentInstance = null;
        this.bindingProvider = null;
        this.securityTokenManager = null;
        this.id = str2;
        this.currentInstance = str3;
    }

    public SCT getSCT() {
        return this.sctReference;
    }

    public void setSCT(SCT sct) {
        if (this.readOnly) {
            return;
        }
        this.sctReference = sct;
        this.valueType = sct.getValueType();
    }

    public String getCurrentInstance() {
        return this.currentInstance;
    }

    public void setCurrentInstance(String str) {
        if (this.readOnly) {
            return;
        }
        this.currentInstance = str;
    }

    @Override // com.ibm.ws.wssecurity.wssapi.token.impl.SCT, com.ibm.websphere.wssecurity.wssapi.token.SecurityContextToken, com.ibm.websphere.wssecurity.wssapi.token.SecurityContextToken13
    public void renew() throws WSSException {
        renew(getSCT().getWssGenerationContext(), getSCT().getWssConsumingContext());
    }

    @Override // com.ibm.ws.wssecurity.wssapi.token.impl.SCT, com.ibm.websphere.wssecurity.wssapi.token.SecurityContextToken, com.ibm.websphere.wssecurity.wssapi.token.SecurityContextToken13
    public void renew(WSSGenerationContext wSSGenerationContext, WSSConsumingContext wSSConsumingContext) throws WSSException {
        String str;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "renew in SCTWrapper (WSSGenerateionContext gencont, WSSConsumingContext concont)");
        }
        SCT sct = getSCT();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "SCT config map = " + sct.getMap());
            Tr.debug(tc, "Current SCT information, SCT UUID = " + sct.getUUID());
            Tr.debug(tc, "SCTWrapper, Current Instance = " + this.currentInstance);
            Tr.debug(tc, "SCT ID = " + this.id);
            Tr.debug(tc, "SCT element = " + DOMUtils.toString(((OMStructure) this.xml).getNode()));
            String[] instances = getInstances();
            for (int i = 0; i < instances.length; i++) {
                Tr.debug(tc, "SCT Instance [" + i + "] = " + instances[i]);
            }
        }
        if (!sct.isValid(this.currentInstance, 0L) && !sct.isRenewableAfterExpiration()) {
            throw WSSException.format("security.wssecurity.WSEC7072E");
        }
        sct.setWssGenerationContext(wSSGenerationContext);
        sct.setWssConsumingContext(wSSConsumingContext);
        Map map = sct.getMap();
        Map map2 = (Map) map.get(ITrustConstants.STSCONFIGURATION);
        String str2 = (String) map2.get(ITrustConstants.TRUST_LEVEL);
        String str3 = (String) map2.get("TokenType");
        String str4 = (String) map2.get("KeySize");
        String str5 = (String) map2.get(ITrustConstants.ADDRESSING_LEVEL);
        int intValue = new Integer(str4).intValue();
        String str6 = (String) map2.get(ITrustConstants.MESSAGE_TO);
        String str7 = null;
        String str8 = null;
        if (Constants.NS_WSC_SCT_13.equals(str3)) {
            str7 = SCAndTrustConstants.SC_TRUST_ACTION_NAMESPACES[1][0];
            str8 = SCAndTrustConstants.SC_TRUST_ACTION_NAMESPACES[1][1];
        } else if (Constants.NS_WSC_SCT.equals(str3)) {
            str7 = SCAndTrustConstants.SC_TRUST_ACTION_NAMESPACES[5][0];
            str8 = SCAndTrustConstants.SC_TRUST_ACTION_NAMESPACES[5][1];
        }
        try {
            ITrustClient trustClient = TrustClientFactory.getTrustClient(str2);
            ITrustRequestSecurityTokenTemplate sTSRequestSecurityTokenTemplate = trustClient.getSTSRequestSecurityTokenTemplate();
            sTSRequestSecurityTokenTemplate.setWSANamespace(str5);
            sTSRequestSecurityTokenTemplate.addTokenType(str3);
            sTSRequestSecurityTokenTemplate.addRequestType(str7);
            sTSRequestSecurityTokenTemplate.addKeySize(str4);
            byte[] generateBytes = WSSNonceGenerator.generateBytes(intValue * 8);
            sTSRequestSecurityTokenTemplate.addEntropyNonce(Base64.encode(generateBytes));
            sTSRequestSecurityTokenTemplate.setTo(str6);
            sTSRequestSecurityTokenTemplate.setAction(str8);
            String createUID = SecurityUIDGenerator.createUID();
            sTSRequestSecurityTokenTemplate.setMessageID(createUID);
            sTSRequestSecurityTokenTemplate.addRenewTarget(((OMStructure) this.xml).getNode());
            HashMap hashMap = new HashMap();
            hashMap.putAll(map2);
            hashMap.put(ITrustConstants.MESSAGE_ID, createUID);
            hashMap.put(ITrustConstants.MESSAGE_ACTION, str8);
            try {
                HashMap hashMap2 = new HashMap();
                hashMap2.put(ITrustConstants.STSCONFIGURATION, hashMap);
                hashMap2.put(ITrustConstants.RSTTEMPLATE, sTSRequestSecurityTokenTemplate);
                HashMap hashMap3 = new HashMap();
                hashMap3.put(Constants.WSSAPI_CONFIG_KEY_GENERATOR, wSSGenerationContext);
                hashMap3.put(Constants.WSSAPI_CONFIG_KEY_CONSUMER, wSSConsumingContext);
                hashMap2.put(ITrustConstants.AXIS2_MESSAGECONTEXT_PROPERTYMAP, hashMap3);
                hashMap2.put(ITrustConstants.CONFIG_CONTEXT, getConfigurationContext(str6));
                new HashMap().putAll(hashMap2);
                ITrustRequestSecurityToken createRequestSecurityToken = trustClient.createRequestSecurityToken(sTSRequestSecurityTokenTemplate, hashMap2);
                AxisService axisService = createRequestSecurityToken.getAxisService();
                if (axisService != null) {
                    axisService.addParameter(new Parameter("Sandesha2UnreliableMessage", "true"));
                }
                ServiceClient serviceClient = createRequestSecurityToken.getServiceClient();
                wSSGenerationContext.process(serviceClient);
                wSSConsumingContext.process(serviceClient);
                byte[] bArr = null;
                String str9 = null;
                String str10 = null;
                Date date = null;
                Date date2 = null;
                String str11 = "true";
                String str12 = "false";
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "About to call Trust client with Renew request.");
                }
                ITrustRequestSecurityTokenResponseCollection renew = trustClient.renew(createRequestSecurityToken);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Trust client Renew is successful.");
                }
                OMElement oMElement = null;
                Iterator<ITrustRequestSecurityTokenResponse> rSTRCollection = renew.getRSTRCollection();
                if (rSTRCollection.hasNext()) {
                    ITrustRequestSecurityTokenResponse next = rSTRCollection.next();
                    oMElement = next.getSecurityContextTokenElement();
                    str9 = next.getUUID();
                    str10 = next.getInstance();
                    bArr = next.getServerSecretBytes();
                    date = next.getCreatedDate();
                    date2 = next.getExpiresDate();
                    Integer valueOf = Integer.valueOf(next.getKeySize());
                    if (valueOf != null) {
                        intValue = valueOf.intValue();
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Key Size from the RSTR = " + intValue);
                        }
                    }
                    str11 = next.getRenewable();
                    str12 = next.getRenewableAfterExpiration();
                }
                SCT.KeyHistoryEntry keyHistoryEntry = new SCT.KeyHistoryEntry(str10, generateBytes, bArr, date, date2, SCT.SCTState.RENEWED);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "RSTR returns with Requested Security Token: uuid = " + str9 + ", id = " + this.id + ", created = " + date.toString() + ", expires = " + date2.toString() + ", and instance = " + str10 + ", serverSecret = " + Base64.encode(bArr) + ", clientEntropy = " + Base64.encode(generateBytes));
                }
                if (Constants.NS_WSC_SCT_13.equals(str3)) {
                    sct = new SCT13(str9);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Token Value Type = " + sct.getValueType().getLocalPart());
                    }
                } else if (Constants.NS_WSC_SCT.equals(str3)) {
                    sct = new SCT(str9);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Token Value Type = " + sct.getValueType().getLocalPart());
                    }
                }
                sct.setUUID(str9);
                sct.setId(this.id);
                if (getSCT() != null) {
                    for (String str13 : getSCT().getInstances()) {
                        sct.setKeyHistoryEntry(getSCT().getKeyHistoryEntry(str13));
                    }
                }
                sct.setKeyHistoryEntry(keyHistoryEntry);
                sct.setTokenID(this.id);
                sct.setReferenceURI("#" + this.id);
                sct.setClientID(str9);
                sct.setMap(map);
                sct.setUsedForSigAndEnc(true);
                sct.setWssConsumingContext(wSSConsumingContext);
                sct.setWssGenerationContext(wSSGenerationContext);
                sct.setKeySize(intValue);
                sct.setXML(new OMStructure(oMElement));
                sct.setRenewable(Boolean.valueOf(str11).booleanValue());
                sct.setRenewableAfterExpiration(Boolean.valueOf(str12).booleanValue());
                setUUID(str9);
                setKeyHistoryEntry(keyHistoryEntry);
                this.xml = new OMStructure(oMElement);
                this.currentInstance = str10;
                setSCT(sct);
                setWssGenerationContext(wSSGenerationContext);
                setWssConsumingContext(wSSConsumingContext);
                setMap(map);
                SecureConversationCacheHelper.setSecurityContextTokenToCache(str9, null, sct, null);
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "SCTWrapper, renew(WSSGenerateionContext gencont, WSSConsumingContext concont) return");
                }
            } catch (Exception e) {
                throw WSSException.format(str, e);
            } finally {
                Tr.processException(e, clsName + ".renew", "%C", this);
                WSSException format = WSSException.format("security.wssecurity.WSEC7070E", e);
            }
        } catch (TrustException e2) {
            throw WSSException.format(str, e2);
        }
    }

    public DerivedKeyToken getDerivedKeyToken() throws WSSException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "SCTWrapper, getDerivedKeyToken()");
        }
        SCT sct = getSCT();
        Map<String, Object> keyAlgorithm = getKeyAlgorithm(DefaultValueManager.getInstance().getDefaultSignatureAlgorithm());
        Map<String, Object> keyAlgorithm2 = getKeyAlgorithm(DefaultValueManager.getInstance().getDefaultEncryptionAlgorithm());
        SCTGenerateCallbackHandler sCTGenerateCallbackHandler = new SCTGenerateCallbackHandler(this, sct.getWssGenerationContext(), sct.getWssConsumingContext(), (String) keyAlgorithm.get("algorithm"), ((Integer) keyAlgorithm.get(DefaultValueManager.KEY_KEYLENGTH)).intValue(), (String) keyAlgorithm2.get("algorithm"), ((Integer) keyAlgorithm2.get(DefaultValueManager.KEY_KEYLENGTH)).intValue(), com.ibm.ws.wssecurity.trust.server.sts.Util.Constants.CONFIG_GROUP_NAME_DEFAULT, com.ibm.ws.wssecurity.trust.server.sts.Util.Constants.CONFIG_GROUP_NAME_DEFAULT);
        DKToken dKToken = new DKToken();
        dKToken.setrefTokenId(this.id);
        dKToken.setDerivableSecurityToken(this);
        this.securityTokenManager.addTokenWrapper(new SecurityTokenWrapper(dKToken, sCTGenerateCallbackHandler, BindingPropertyConstants.SCT_JAAS_CONFIG_VALUE));
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "SCTWrapper, getDerivedKeyToken() return");
        }
        return dKToken;
    }

    public DerivedKeyToken getDerivedKeyToken(String str) throws WSSException {
        return getDerivedKeyToken(str, com.ibm.ws.wssecurity.trust.server.sts.Util.Constants.CONFIG_GROUP_NAME_DEFAULT, com.ibm.ws.wssecurity.trust.server.sts.Util.Constants.CONFIG_GROUP_NAME_DEFAULT);
    }

    @Override // com.ibm.ws.wssecurity.wssapi.token.impl.SCT, com.ibm.websphere.wssecurity.wssapi.token.SecurityContextToken, com.ibm.websphere.wssecurity.wssapi.token.SecurityContextToken13
    public DerivedKeyToken getDerivedKeyToken(String str, String str2, String str3) throws WSSException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "SCTWrapper, getDerivedKeyToken( " + str + ", " + str2 + ", " + str3 + ")");
        }
        if (str2 == null) {
            str2 = com.ibm.ws.wssecurity.trust.server.sts.Util.Constants.CONFIG_GROUP_NAME_DEFAULT;
        }
        if (str3 == null) {
            str3 = com.ibm.ws.wssecurity.trust.server.sts.Util.Constants.CONFIG_GROUP_NAME_DEFAULT;
        }
        SCT sct = getSCT();
        Map<String, Object> keyAlgorithm = getKeyAlgorithm(str);
        SCTGenerateCallbackHandler sCTGenerateCallbackHandler = ((Boolean) keyAlgorithm.get("isSignature")).booleanValue() ? new SCTGenerateCallbackHandler(this, sct.getWssGenerationContext(), sct.getWssConsumingContext(), (String) keyAlgorithm.get("algorithm"), ((Integer) keyAlgorithm.get(DefaultValueManager.KEY_KEYLENGTH)).intValue(), null, 0, str2, str3) : new SCTGenerateCallbackHandler(this, sct.getWssGenerationContext(), sct.getWssConsumingContext(), null, 0, (String) keyAlgorithm.get("algorithm"), ((Integer) keyAlgorithm.get(DefaultValueManager.KEY_KEYLENGTH)).intValue(), str2, str3);
        DKToken dKToken = new DKToken();
        dKToken.setrefTokenId(this.id);
        dKToken.setDerivableSecurityToken(this);
        this.securityTokenManager.addTokenWrapper(new SecurityTokenWrapper(dKToken, sCTGenerateCallbackHandler, BindingPropertyConstants.SCT_JAAS_CONFIG_VALUE));
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "SCTWrapper, getDerivedKeyToken(String, String )");
        }
        return dKToken;
    }

    public DerivedKeyToken getDerivedKeyToken(String str, int i) throws WSSException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "SCTWrapper, getDerivedKeyToken( " + str + ", " + i + ")");
        }
        Map<String, Object> keyAlgorithm = getKeyAlgorithm(str);
        SCT sct = getSCT();
        SCTGenerateCallbackHandler sCTGenerateCallbackHandler = ((Boolean) keyAlgorithm.get("isSignature")).booleanValue() ? new SCTGenerateCallbackHandler(this, sct.getWssGenerationContext(), sct.getWssConsumingContext(), (String) keyAlgorithm.get("algorithm"), i, null, 0, com.ibm.ws.wssecurity.trust.server.sts.Util.Constants.CONFIG_GROUP_NAME_DEFAULT, "Defalut") : new SCTGenerateCallbackHandler(this, sct.getWssGenerationContext(), sct.getWssConsumingContext(), null, 0, (String) keyAlgorithm.get("algorithm"), i, com.ibm.ws.wssecurity.trust.server.sts.Util.Constants.CONFIG_GROUP_NAME_DEFAULT, "Defalut");
        DKToken dKToken = new DKToken();
        dKToken.setrefTokenId(this.id);
        dKToken.setDerivableSecurityToken(this);
        this.securityTokenManager.addTokenWrapper(new SecurityTokenWrapper(dKToken, sCTGenerateCallbackHandler, BindingPropertyConstants.SCT_JAAS_CONFIG_VALUE));
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "SCTWrapper, getDerivedKeyToken(String, int)");
        }
        return dKToken;
    }

    @Override // com.ibm.ws.wssecurity.wssapi.token.impl.SCT
    public DerivedKeyToken getDerivedKeyToken(String str, int i, String str2, String str3) throws WSSException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "SCTWrapper, getDerivedKeyToken( " + str + ", " + i + " , " + str2 + " , " + str3 + ")");
        }
        if (str2 == null) {
            str2 = com.ibm.ws.wssecurity.trust.server.sts.Util.Constants.CONFIG_GROUP_NAME_DEFAULT;
        }
        if (str3 == null) {
            str3 = com.ibm.ws.wssecurity.trust.server.sts.Util.Constants.CONFIG_GROUP_NAME_DEFAULT;
        }
        SCT sct = getSCT();
        Map<String, Object> keyAlgorithm = getKeyAlgorithm(str);
        SCTGenerateCallbackHandler sCTGenerateCallbackHandler = ((Boolean) keyAlgorithm.get("isSignature")).booleanValue() ? new SCTGenerateCallbackHandler(this, sct.getWssGenerationContext(), sct.getWssConsumingContext(), (String) keyAlgorithm.get("algorithm"), i, null, 0, str2, str3) : new SCTGenerateCallbackHandler(this, sct.getWssGenerationContext(), sct.getWssConsumingContext(), null, 0, (String) keyAlgorithm.get("algorithm"), i, str2, str3);
        DKToken dKToken = new DKToken();
        dKToken.setrefTokenId(this.id);
        dKToken.setDerivableSecurityToken(this);
        this.securityTokenManager.addTokenWrapper(new SecurityTokenWrapper(dKToken, sCTGenerateCallbackHandler, BindingPropertyConstants.SCT_JAAS_CONFIG_VALUE));
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "SCTWrapper, getDerivedKeyToken(String, int, String)");
        }
        return dKToken;
    }

    private Map<String, Object> getKeyAlgorithm(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "SCTWrapper, getKeyAlgorithm(String algName): algName=" + str);
        }
        Map<String, Object> map = DefaultValueManager.getInstance().getSignatureAlgorithmMap().get(str);
        if (map != null) {
            map.put("isSignature", Boolean.TRUE);
        }
        if (map == null) {
            map = DefaultValueManager.getInstance().getEncryptionAlgorithmMap().get(str);
            if (map != null) {
                map.put("isSignature", Boolean.FALSE);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "SCTWrapper, getKeyAlgorithm(String algName, int keyBytesLength) returns map" + map);
        }
        return map;
    }

    @Override // com.ibm.ws.wssecurity.wssapi.token.impl.SCT, com.ibm.websphere.wssecurity.wssapi.token.SecurityContextToken, com.ibm.websphere.wssecurity.wssapi.token.SecurityContextToken13
    public void cancel() throws WSSException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "SCTWrapper, cancel()");
        }
        final SCT sct = getSCT();
        final BindingProvider bindingProvider = getBindingProvider();
        if (bindingProvider != null) {
            try {
                AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: com.ibm.ws.wssecurity.wssapi.token.impl.SCTWrapper.1
                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws WSSException {
                        SCTWrapper.this.cancel(bindingProvider);
                        return null;
                    }
                });
            } catch (PrivilegedActionException e) {
                throw ((WSSException) e.getException());
            }
        } else {
            try {
                AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: com.ibm.ws.wssecurity.wssapi.token.impl.SCTWrapper.2
                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws WSSException {
                        sct.cancel();
                        return null;
                    }
                });
            } catch (PrivilegedActionException e2) {
                throw ((WSSException) e2.getException());
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "SCTWrapper, cancel()");
        }
    }

    @Override // com.ibm.ws.wssecurity.wssapi.token.impl.SCT, com.ibm.websphere.wssecurity.wssapi.token.SecurityContextToken, com.ibm.websphere.wssecurity.wssapi.token.SecurityContextToken13
    public void cancel(final WSSGenerationContext wSSGenerationContext, final WSSConsumingContext wSSConsumingContext) throws WSSException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "SCTWrapper, cancelSCT(WSSGenerationContext gencont, WSSConsumingContext concont)");
        }
        getSCT();
        final BindingProvider bindingProvider = getBindingProvider();
        if (bindingProvider != null) {
            try {
                AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: com.ibm.ws.wssecurity.wssapi.token.impl.SCTWrapper.3
                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws WSSException {
                        SCTWrapper.this.cancel(bindingProvider);
                        return null;
                    }
                });
            } catch (PrivilegedActionException e) {
                throw ((WSSException) e.getException());
            }
        } else {
            try {
                AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: com.ibm.ws.wssecurity.wssapi.token.impl.SCTWrapper.4
                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws WSSException {
                        SCTWrapper.this.cancelSCT(wSSGenerationContext, wSSConsumingContext);
                        return null;
                    }
                });
            } catch (PrivilegedActionException e2) {
                throw ((WSSException) e2.getException());
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "SCTWrapper, cancelSCT(WSSGenerationContext gencont, WSSConsumingContext concont) return");
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void cancel(BindingProvider bindingProvider) throws WSSException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "cancel(BindingProvider bp)");
        }
        EndpointDescription endpointDescription = bindingProvider.getEndpointDescription();
        AxisService axisService = null;
        if (endpointDescription != null) {
            axisService = endpointDescription.getAxisService();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "AxisService from the binding provider = " + axisService);
            }
        }
        try {
            cancel(axisService);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "SCT cancel is done");
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "cancel(BindingProvider bp)");
            }
        } catch (Exception e) {
            Tr.processException(e, clsName + ".cancel", "%C", this);
            throw WSSException.format("security.wssecurity.WSEC7067E", e);
        }
    }

    private void cancel(AxisService axisService) throws WSSException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "cancelSCT(AxisService aService)");
        }
        SCT sct = null;
        Parameter parameter = axisService.getParameter(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_SECURECONVERSATION_IDENTIFIER);
        if (parameter != null) {
            sct = (SCT) SecureConversationCacheHelper.getSecurityContextTokenFromCacheByUUID((String) parameter.getValue());
        }
        if (sct.isCancelled()) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "SecurityContextToken is already cancelled.");
                return;
            }
            return;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Cancel SCT using Policy Set");
        }
        try {
            SecureConversationImpl.cancelSCT(axisService);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "cancelSCT(AxisService aService)");
            }
        } catch (Exception e) {
            Tr.processException(e, clsName + ".cancel", "%C", this);
            throw WSSException.format("security.wssecurity.WSEC7067E", e);
        }
    }

    public void cancelSCT(WSSGenerationContext wSSGenerationContext, WSSConsumingContext wSSConsumingContext) throws WSSException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "cancelSCT(WSSGenerationContext gencont, WSSConsumingContext concont)");
        }
        SCT sct = getSCT();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "SCT config map = " + sct.getMap());
            Tr.debug(tc, "Current SCT information, SCT UUID = " + sct.getUUID());
            Tr.debug(tc, "SCTWrapper, Current Instance = " + this.currentInstance);
            Tr.debug(tc, "SCT ID = " + this.id);
            Tr.debug(tc, "SCT element = " + DOMUtils.toString(((OMStructure) this.xml).getNode()));
            String[] instances = getInstances();
            for (int i = 0; i < instances.length; i++) {
                Tr.debug(tc, "SCT Instance [" + i + "] = " + instances[i]);
            }
        }
        if (!sct.isValid(this.currentInstance, 0L) && !sct.isRenewableAfterExpiration()) {
            throw WSSException.format("security.wssecurity.WSEC7072E");
        }
        sct.setWssGenerationContext(wSSGenerationContext);
        sct.setWssConsumingContext(wSSConsumingContext);
        sct.getIdentifier();
        Map map = sct.getMap();
        Map map2 = (Map) map.get(ITrustConstants.STSCONFIGURATION);
        String str = (String) map2.get(ITrustConstants.TRUST_LEVEL);
        String str2 = (String) map2.get("TokenType");
        String str3 = (String) map2.get(ITrustConstants.MESSAGE_TO);
        String str4 = (String) map2.get(ITrustConstants.ADDRESSING_LEVEL);
        String str5 = null;
        String str6 = null;
        if (Constants.NS_WSC_SCT_13.equals(str2)) {
            str5 = SCAndTrustConstants.SC_TRUST_ACTION_NAMESPACES[2][0];
            str6 = SCAndTrustConstants.SC_TRUST_ACTION_NAMESPACES[2][1];
        } else if (Constants.NS_WSC_SCT.equals(str2)) {
            str5 = SCAndTrustConstants.SC_TRUST_ACTION_NAMESPACES[6][0];
            str6 = SCAndTrustConstants.SC_TRUST_ACTION_NAMESPACES[6][1];
        }
        try {
            ITrustClient trustClient = TrustClientFactory.getTrustClient(str);
            ITrustRequestSecurityTokenTemplate sTSRequestSecurityTokenTemplate = trustClient.getSTSRequestSecurityTokenTemplate();
            sTSRequestSecurityTokenTemplate.setWSANamespace(str4);
            sTSRequestSecurityTokenTemplate.addTokenType(str2);
            sTSRequestSecurityTokenTemplate.addRequestType(str5);
            sTSRequestSecurityTokenTemplate.setTo(str3);
            sTSRequestSecurityTokenTemplate.setAction(str6);
            String createUID = SecurityUIDGenerator.createUID();
            sTSRequestSecurityTokenTemplate.setMessageID(createUID);
            sTSRequestSecurityTokenTemplate.addCancelTarget(((OMStructure) this.xml).getNode());
            HashMap hashMap = new HashMap();
            hashMap.putAll(map2);
            hashMap.put(ITrustConstants.MESSAGE_ID, createUID);
            hashMap.put(ITrustConstants.MESSAGE_ACTION, str6);
            try {
                HashMap hashMap2 = new HashMap();
                hashMap2.put(ITrustConstants.STSCONFIGURATION, hashMap);
                hashMap2.put(ITrustConstants.RSTTEMPLATE, sTSRequestSecurityTokenTemplate);
                HashMap hashMap3 = new HashMap();
                hashMap3.put(Constants.SCT_CANCEL, new Boolean(true));
                hashMap3.put(Constants.WSSAPI_CONFIG_KEY_GENERATOR, wSSGenerationContext);
                hashMap3.put(Constants.WSSAPI_CONFIG_KEY_CONSUMER, wSSConsumingContext);
                hashMap2.put(ITrustConstants.AXIS2_MESSAGECONTEXT_PROPERTYMAP, hashMap3);
                hashMap2.put(ITrustConstants.CONFIG_CONTEXT, getConfigurationContext(str3));
                new HashMap().putAll(hashMap2);
                ITrustRequestSecurityToken createRequestSecurityToken = trustClient.createRequestSecurityToken(sTSRequestSecurityTokenTemplate, hashMap2);
                AxisService axisService = createRequestSecurityToken.getAxisService();
                if (axisService != null) {
                    axisService.addParameter(new Parameter("Sandesha2UnreliableMessage", "true"));
                }
                ServiceClient serviceClient = createRequestSecurityToken.getServiceClient();
                wSSGenerationContext.process(serviceClient);
                wSSConsumingContext.process(serviceClient);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "About to call Trust client with Cancel request.");
                }
                ITrustRequestSecurityTokenResponseCollection cancel = trustClient.cancel(createRequestSecurityToken);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Trust client Cancel is successful.");
                }
                Iterator<ITrustRequestSecurityTokenResponse> rSTRCollection = cancel.getRSTRCollection();
                while (rSTRCollection.hasNext()) {
                    ITrustRequestSecurityTokenResponse next = rSTRCollection.next();
                    OMElement requestedTokenCancelledElement = next.getRequestedTokenCancelledElement();
                    if (requestedTokenCancelledElement != null && tc.isDebugEnabled()) {
                        Tr.debug(tc, "Cancel Element:" + requestedTokenCancelledElement.toString());
                    }
                    Boolean isTokenCancelled = next.isTokenCancelled();
                    if (isTokenCancelled != null && isTokenCancelled.booleanValue()) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Token Successfully Cancelled");
                        }
                        SecureConversationCacheHelper.invalidateCache(sct.getIdentifier());
                        sct.setCancelState();
                    }
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "cancelSCT(WSSGenerationContext gencont, WSSConsumingContext concont) return");
                }
            } catch (Exception e) {
                Tr.processException(e, clsName + ".cancelSCT", "%C", this);
                throw WSSException.format("security.wssecurity.WSEC7068E", e);
            } catch (Throwable th) {
                Tr.processException(th, clsName + ".cancelSCT", "%C", this);
                throw WSSException.format("security.wssecurity.WSEC7068E", th);
            }
        } catch (TrustException e2) {
            Tr.processException(e2, clsName + ".renew", "%C", this);
            throw WSSException.format("security.wssecurity.WSEC7070E", e2);
        }
    }

    @Override // com.ibm.ws.wssecurity.wssapi.token.impl.SCT, com.ibm.websphere.wssecurity.wssapi.token.SecurityContextToken, com.ibm.websphere.wssecurity.wssapi.token.SecurityContextToken13
    public boolean validate() throws WSSException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "validate()");
            Tr.exit(tc, "validate()");
        }
        return validate(getSCT().getWssGenerationContext(), getSCT().getWssConsumingContext());
    }

    @Override // com.ibm.ws.wssecurity.wssapi.token.impl.SCT, com.ibm.websphere.wssecurity.wssapi.token.SecurityContextToken, com.ibm.websphere.wssecurity.wssapi.token.SecurityContextToken13
    public boolean validate(WSSGenerationContext wSSGenerationContext, WSSConsumingContext wSSConsumingContext) throws WSSException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "validate(WSSGenerateionContext gencont, WSSConsumingContext concont)");
        }
        SCT sct = getSCT();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "SCT config map = " + sct.getMap());
            Tr.debug(tc, "Current SCT information, SCT UUID = " + sct.getUUID());
            Tr.debug(tc, "SCTWrapper, Current Instance = " + this.currentInstance);
            Tr.debug(tc, "SCT ID = " + this.id);
            Tr.debug(tc, "SCT element = " + DOMUtils.toString(((OMStructure) this.xml).getNode()));
            String[] instances = getInstances();
            for (int i = 0; i < instances.length; i++) {
                Tr.debug(tc, "SCT Instance [" + i + "] = " + instances[i]);
            }
        }
        if (!sct.isValid(this.currentInstance, 0L) && !sct.isRenewableAfterExpiration()) {
            throw WSSException.format("security.wssecurity.WSEC7072E");
        }
        sct.setWssGenerationContext(wSSGenerationContext);
        sct.setWssConsumingContext(wSSConsumingContext);
        Map map = sct.getMap();
        Map map2 = (Map) map.get(ITrustConstants.STSCONFIGURATION);
        String str = (String) map2.get(ITrustConstants.TRUST_LEVEL);
        String str2 = (String) map2.get("TokenType");
        String str3 = (String) map2.get(ITrustConstants.MESSAGE_TO);
        String str4 = (String) map2.get(ITrustConstants.ADDRESSING_LEVEL);
        String str5 = null;
        String str6 = null;
        if (Constants.NS_WSC_SCT_13.equals(str2)) {
            str5 = SCAndTrustConstants.SC_TRUST_ACTION_NAMESPACES[3][0];
            str6 = SCAndTrustConstants.SC_TRUST_ACTION_NAMESPACES[3][1];
        } else if (Constants.NS_WSC_SCT.equals(str2)) {
            str5 = SCAndTrustConstants.SC_TRUST_ACTION_NAMESPACES[7][0];
            str6 = SCAndTrustConstants.SC_TRUST_ACTION_NAMESPACES[7][1];
        }
        try {
            ITrustClient trustClient = TrustClientFactory.getTrustClient(str);
            ITrustRequestSecurityTokenTemplate sTSRequestSecurityTokenTemplate = trustClient.getSTSRequestSecurityTokenTemplate();
            sTSRequestSecurityTokenTemplate.setWSANamespace(str4);
            sTSRequestSecurityTokenTemplate.addTokenType(str2);
            sTSRequestSecurityTokenTemplate.addRequestType(str5);
            sTSRequestSecurityTokenTemplate.setTo(str3);
            sTSRequestSecurityTokenTemplate.setAction(str6);
            String createUID = SecurityUIDGenerator.createUID();
            sTSRequestSecurityTokenTemplate.setMessageID(createUID);
            sTSRequestSecurityTokenTemplate.addValidateTarget(((OMStructure) this.xml).getNode());
            HashMap hashMap = new HashMap();
            hashMap.putAll(map2);
            hashMap.put(ITrustConstants.MESSAGE_ID, createUID);
            hashMap.put(ITrustConstants.MESSAGE_ACTION, str6);
            try {
                HashMap hashMap2 = new HashMap();
                hashMap2.put(ITrustConstants.STSCONFIGURATION, hashMap);
                hashMap2.put(ITrustConstants.RSTTEMPLATE, sTSRequestSecurityTokenTemplate);
                HashMap hashMap3 = new HashMap();
                hashMap3.put(Constants.WSSAPI_CONFIG_KEY_GENERATOR, wSSGenerationContext);
                hashMap3.put(Constants.WSSAPI_CONFIG_KEY_CONSUMER, wSSConsumingContext);
                hashMap2.put(ITrustConstants.AXIS2_MESSAGECONTEXT_PROPERTYMAP, hashMap3);
                hashMap2.put(ITrustConstants.CONFIG_CONTEXT, getConfigurationContext(str3));
                new HashMap().putAll(hashMap2);
                ITrustRequestSecurityToken createRequestSecurityToken = trustClient.createRequestSecurityToken(sTSRequestSecurityTokenTemplate, hashMap2);
                AxisService axisService = createRequestSecurityToken.getAxisService();
                if (axisService != null) {
                    axisService.addParameter(new Parameter("Sandesha2UnreliableMessage", "true"));
                }
                ServiceClient serviceClient = createRequestSecurityToken.getServiceClient();
                wSSGenerationContext.process(serviceClient);
                wSSConsumingContext.process(serviceClient);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "About to call Trust client with Validate request.");
                }
                ITrustRequestSecurityTokenResponseCollection validate = trustClient.validate(createRequestSecurityToken);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Trust client validate is successful.");
                }
                Iterator<ITrustRequestSecurityTokenResponse> rSTRCollection = validate.getRSTRCollection();
                if (!rSTRCollection.hasNext()) {
                    if (!tc.isEntryEnabled()) {
                        return false;
                    }
                    Tr.exit(tc, "validate(WSSGenerateionContext gencont, WSSConsumingContext concont) return");
                    return false;
                }
                ITrustRequestSecurityTokenResponse next = rSTRCollection.next();
                String statusCode = next.getStatusCode();
                String statusReason = next.getStatusReason();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Status Code=" + statusCode);
                    Tr.debug(tc, "Status Reason=" + statusReason);
                }
                if (!statusCode.equals(str + STSConstantsImpl.STATUS_CODE_INVALID)) {
                    if (!tc.isEntryEnabled()) {
                        return true;
                    }
                    Tr.exit(tc, "validate(WSSGenerateionContext gencont, WSSConsumingContext concont) return true.");
                    return true;
                }
                SecureConversationCacheHelper.invalidateCache(this.id);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "This sct is removed from cache.");
                }
                if (!tc.isEntryEnabled()) {
                    return false;
                }
                Tr.exit(tc, "validate(WSSGenerateionContext gencont, WSSConsumingContext concont) return false.");
                return false;
            } catch (Exception e) {
                Tr.processException(e, clsName + ".validate", "%C", this);
                throw WSSException.format("security.wssecurity.WSEC7071E", e);
            } catch (Throwable th) {
                Tr.processException(th, clsName + ".validate", "%C", this);
                throw WSSException.format("security.wssecurity.WSEC7071E", th);
            }
        } catch (TrustException e2) {
            Tr.processException(e2, clsName + ".renew", "%C", this);
            throw WSSException.format("security.wssecurity.WSEC7070E", e2);
        }
    }

    public ConfigurationContext getConfigurationContext(String str) throws Exception {
        ClientConfigurationFactory newInstance = ClientConfigurationFactory.newInstance();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "ClientConfigurationFactory.newInstance(): " + newInstance);
        }
        if (newInstance == null) {
            Tr.error(tc, "security.wssecurity.SCTGenerateLoginModule.getClientConfigurationFactory");
            throw SoapSecurityException.format("security.wssecurity.SCTGenerateLoginModule.getClientConfigurationFactory");
        }
        ConfigurationContext clientConfigurationContext = newInstance.getClientConfigurationContext();
        if (clientConfigurationContext == null) {
            Tr.error(tc, "security.wssecurity.SCTGenerateLoginModule.getConfigurationContext");
            throw SoapSecurityException.format("security.wssecurity.SCTGenerateLoginModule.getConfigurationContext");
        }
        AxisConfiguration axisConfiguration = clientConfigurationContext.getAxisConfiguration();
        if (axisConfiguration == null) {
            Tr.error(tc, "security.wssecurity.SCTGenerateLoginModule.getAxisConfiguration");
            throw SoapSecurityException.format("security.wssecurity.SCTGenerateLoginModule.getAxisConfiguration");
        }
        if (axisConfiguration.getService(str) == null) {
            AxisService axisService = new AxisService(str);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "AxisService: " + axisService);
            }
            if (axisService == null) {
                Tr.warning(tc, "security.wssecurity.SCTGenerateLoginModule.getAxisService", new Object[]{str});
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "creating an empty AxisService.");
                }
                axisService = new AxisService();
                if (axisService == null) {
                    Tr.error(tc, "UNABLE TO CREATE EMPTY AxisService");
                }
            }
            axisConfiguration.addService(axisService);
            newInstance.completeAxis2Configuration(axisService);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "ccf.completeAxis2Configuration(): " + newInstance);
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Found Target axisService from AxisConfiguration.");
        }
        return clientConfigurationContext;
    }

    public void setBindingProvider(BindingProvider bindingProvider) {
        this.bindingProvider = bindingProvider;
    }

    public BindingProvider getBindingProvider() {
        return this.bindingProvider;
    }

    @Override // com.ibm.ws.wssecurity.wssapi.token.impl.SCT
    public void setSecurityTokenManagerImpl(SecurityTokenManagerImpl securityTokenManagerImpl) {
        this.securityTokenManager = securityTokenManagerImpl;
    }
}
