package com.ibm.ws.security.ltpa;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.crypto.KeyPair;
import com.ibm.websphere.security.auth.InvalidTokenException;
import com.ibm.websphere.security.auth.TokenCreationFailedException;
import com.ibm.websphere.security.auth.TokenExpiredException;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.jaspi.commands.AdminConstants;
import com.ibm.ws.webservices.wssecurity.KRBConstants;
import com.ibm.wsspi.security.ltpa.Token;
import com.ibm.wsspi.security.ltpa.TokenFactory;
import com.ibm.wsspi.security.token.AttributeNameConstants;
import java.security.Key;
import java.util.Map;

/* loaded from: input_file:wasJars/securityimpl.jar:com/ibm/ws/security/ltpa/LTPAToken2Factory.class */
public class LTPAToken2Factory implements TokenFactory {
    private static final TraceComponent tc = Tr.register((Class<?>) LTPAToken2Factory.class, KRBConstants.ELM_SECURITY, AdminConstants.MSG_BUNDLE_NAME);
    private Long _expirationLimit = null;
    private byte[] _sharedKey = null;
    private LTPAPublicKey _publicKey = null;
    private LTPAPrivateKey _privateKey = null;
    private Map _validationKeys = null;

    @Override // com.ibm.wsspi.security.ltpa.TokenFactory
    public void initialize(Map map) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initialize");
        }
        try {
            this._expirationLimit = (Long) map.get("com.ibm.wsspi.security.ltpa.expiration");
            this._sharedKey = (byte[]) map.get("com.ibm.wsspi.security.ltpa.ltpa_shared_key");
            this._publicKey = (LTPAPublicKey) map.get("com.ibm.wsspi.security.ltpa.ltpa_public_key");
            this._privateKey = (LTPAPrivateKey) map.get("com.ibm.wsspi.security.ltpa.ltpa_private_key");
            this._validationKeys = (Map) map.get("com.ibm.wsspi.security.ltpa.ltpa_validation_keys");
            if (this._sharedKey != null) {
                LTPACrypto.setIVS8(this._sharedKey);
                LTPACrypto.setIVS16(this._sharedKey);
            }
        } catch (Exception e) {
            Tr.debug(tc, "Exception initializing LTPAToken2Factory.", new Object[]{e});
            FFDCFilter.processException(e, "com.ibm.ws.security.ltpa.LTPAToken2Factory.initialize", "56");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "initialize");
        }
    }

    @Override // com.ibm.wsspi.security.ltpa.TokenFactory
    public Token validateTokenBytes(byte[] bArr) throws InvalidTokenException, TokenExpiredException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "validateTokenBytes");
        }
        if (this._sharedKey != null && this._publicKey != null && this._privateKey != null) {
            LTPAToken2 lTPAToken2 = new LTPAToken2(bArr, this._sharedKey, this._privateKey, this._publicKey);
            if (lTPAToken2 != null) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "validateTokenBytes (success)");
                }
                return lTPAToken2;
            }
        } else if (this._validationKeys != null) {
            Exception exc = null;
            for (Map map : this._validationKeys.values()) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Validating using keyMap: " + map);
                }
                if (map != null) {
                    byte[] bArr2 = null;
                    LTPAPublicKey lTPAPublicKey = null;
                    LTPAPrivateKey lTPAPrivateKey = null;
                    for (Object obj : map.values()) {
                        if (obj instanceof Key) {
                            bArr2 = ((Key) obj).getEncoded();
                            LTPACrypto.setIVS8(bArr2);
                            LTPACrypto.setIVS16(bArr2);
                        } else if (obj instanceof KeyPair) {
                            lTPAPublicKey = new LTPAPublicKey(((KeyPair) obj).getPublicKey().getEncoded());
                            lTPAPrivateKey = new LTPAPrivateKey(((KeyPair) obj).getPrivateKey().getEncoded());
                        }
                    }
                    if (bArr2 != null && lTPAPublicKey != null && lTPAPrivateKey != null) {
                        try {
                            LTPAToken2 lTPAToken22 = new LTPAToken2(bArr, bArr2, lTPAPrivateKey, lTPAPublicKey);
                            if (lTPAToken22 != null) {
                                if (tc.isEntryEnabled()) {
                                    Tr.exit(tc, "validateTokenBytes (success)");
                                }
                                return lTPAToken22;
                            }
                            continue;
                        } catch (Exception e) {
                            if (e instanceof TokenExpiredException) {
                                if (tc.isEntryEnabled()) {
                                    Tr.exit(tc, "validateTokenBytes (expired)");
                                }
                                throw ((TokenExpiredException) e);
                            }
                            exc = e;
                            Tr.debug(tc, "Exception validating LTPAToken using validation keys.", new Object[]{e.getMessage()});
                        }
                    }
                }
            }
            if (exc != null && (exc instanceof InvalidTokenException)) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "validateTokenBytes (invalid token)");
                }
                throw ((InvalidTokenException) exc);
            }
            if (exc != null) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "validateTokenBytes (" + exc.getClass().getName() + ")");
                }
                throw new InvalidTokenException(exc.getMessage(), exc);
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "validateTokenBytes (unknown error)");
            }
            throw new InvalidTokenException("Error validating LTPA token.");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "validateTokenBytes (no keys)");
        }
        throw new InvalidTokenException("Token factory not properly initialized.");
    }

    @Override // com.ibm.wsspi.security.ltpa.TokenFactory
    public Token createToken(Map map) throws TokenCreationFailedException {
        String str = (String) map.get(AttributeNameConstants.WSCREDENTIAL_UNIQUEID);
        if (str == null || str.length() == 0) {
            throw new TokenCreationFailedException("UniqueID is null.");
        }
        return new LTPAToken2(str, this._expirationLimit.longValue(), this._sharedKey, this._privateKey, this._publicKey);
    }
}
