package com.ibm.ws.security.auth.rsatoken;

import com.ibm.ejs.ras.RasHelper;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ffdc.Manager;
import com.ibm.websphere.security.WSSecurityException;
import com.ibm.websphere.security.auth.WSLoginFailedException;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.security.auth.SubjectHelper;
import com.ibm.ws.security.config.AuthMechanismConfig;
import com.ibm.ws.security.config.SecurityConfig;
import com.ibm.ws.security.config.SecurityObjectLocator;
import com.ibm.ws.security.core.ContextManager;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.ssl.core.Constants;
import com.ibm.wsspi.security.token.AttributeNameConstants;
import com.ibm.wsspi.security.token.WSOpaqueTokenHelper;
import com.ibm.wsspi.wssecurity.saml.config.SamlConstants;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.concurrent.ConcurrentHashMap;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.Subject;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.jst.jsp.core.internal.java.JSPTranslator;

/* loaded from: input_file:wasJars/sas.jar:com/ibm/ws/security/auth/rsatoken/RSAPropagationManager.class */
public class RSAPropagationManager {
    private static final TraceComponent tc = Tr.register((Class<?>) RSAPropagationManager.class, "SASRas", "com.ibm.ISecurityL13SupportImpl.sec");
    private static RSAPropagationManager rpm = null;
    private static ConcurrentHashMap<String, String> signerCertificateAliasCache;
    private static int signerCertificateAliasCacheMaxSize;
    private NonceManager nonceManager = null;
    private SecretKeyToken skt = null;
    private byte[] sktBytes = null;
    private long sktExpiration = 0;
    X509Certificate admin_certificate = null;
    PrivateKey admin_private_key = null;
    private boolean rsaPropagationEnabled = false;
    private boolean rsaPropagationEnabledSet = false;
    private String adminPreferredAuthContextClass = null;
    private String adminPreferredAuthMechOID = null;
    private String profileUUID = null;
    RSAPropagationToken rpt = null;

    public static synchronized RSAPropagationManager getInstance() {
        if (rpm == null) {
            rpm = new RSAPropagationManager();
        }
        return rpm;
    }

    RSAPropagationManager() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "RSAPropagationManager <init>");
        }
        try {
            if (RasHelper.isServer()) {
                createSecretKeyToken();
            }
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception initializing the RSAPropagationManager.", new Object[]{e});
            }
            Manager.Ffdc.log(e, this, "com.ibm.ws.security.auth.rsatoken.RSAPropagationManager.<init>", "99", this);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "RSAPropagationManager <init>");
        }
    }

    public NonceManager getNonceManager() {
        if (this.nonceManager == null) {
            this.nonceManager = new NonceManager(500, Long.valueOf(SecurityObjectLocator.getSecurityConfig("security").getAuthMechanism(AuthMechanismConfig.TYPE_RSATOKEN).getLong(AuthMechanismConfig.RSA_TOKEN_NONCE_CACHE_TIMEOUT)).longValue());
        }
        return this.nonceManager;
    }

    public boolean isRSAPropagationEnabled() {
        if (!RasHelper.isServer()) {
            return false;
        }
        if (!this.rsaPropagationEnabledSet) {
            this.rsaPropagationEnabled = SecurityObjectLocator.getSecurityConfig("security").getAdminPreferredAuthMechanism().getType().equals(AuthMechanismConfig.TYPE_RSATOKEN);
        }
        return this.rsaPropagationEnabled;
    }

    public String getAdminPreferredAuthContextClass() {
        if (this.adminPreferredAuthContextClass == null) {
            this.adminPreferredAuthContextClass = SecurityObjectLocator.getSecurityConfig("security").getAdminPreferredAuthMechanism().getString(AuthMechanismConfig.AUTH_CONTEXT_IMPL_CLASS);
        }
        return this.adminPreferredAuthContextClass;
    }

    public String getAdminPreferredAuthMechOID() {
        if (this.adminPreferredAuthMechOID == null) {
            this.adminPreferredAuthMechOID = SecurityObjectLocator.getSecurityConfig("security").getAdminPreferredAuthMechanism().getString(AuthMechanismConfig.OID);
        }
        return this.adminPreferredAuthMechOID;
    }

    public String getOID() {
        return SecurityObjectLocator.getSecurityConfig("security").getAuthMechanism(AuthMechanismConfig.TYPE_RSATOKEN).getString(AuthMechanismConfig.OID);
    }

    public String getAdminTrustStoreName() {
        return SecurityObjectLocator.getSecurityConfig("security").getAuthMechanism(AuthMechanismConfig.TYPE_RSATOKEN).getString(AuthMechanismConfig.RSA_TOKEN_TRUST_STORE_NAME);
    }

    public X509Certificate getAdminRSAPropagationCertificate() throws CertificateExpiredException, CertificateNotYetValidException {
        Certificate[] certificateArr = (Certificate[]) SecurityObjectLocator.getSecurityConfig("security").getAuthMechanism(AuthMechanismConfig.TYPE_RSATOKEN).getObject(AuthMechanismConfig.RSA_TOKEN_CERTIFICATE);
        for (Certificate certificate : certificateArr) {
            try {
                ((X509Certificate) certificate).checkValidity();
            } catch (CertificateExpiredException e) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception checking the validity of the RSA token ", new Object[]{e});
                }
                Manager.Ffdc.log(e, this, "com.ibm.ws.security.auth.rsatoken.RSAPropagationManager.getAdminRSAPropagationCertificate", "205", this);
                throw e;
            } catch (CertificateNotYetValidException e2) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception checking the validity of the RSA token ", new Object[]{e2});
                }
                Manager.Ffdc.log(e2, this, "com.ibm.ws.security.auth.rsatoken.RSAPropagationManager.getAdminRSAPropagationCertificate", "211", this);
                throw e2;
            }
        }
        return (X509Certificate) certificateArr[0];
    }

    private PrivateKey getAdminRSAPropagationPrivateKey() {
        return (PrivateKey) SecurityObjectLocator.getSecurityConfig("security").getAuthMechanism(AuthMechanismConfig.TYPE_RSATOKEN).getObject(AuthMechanismConfig.RSA_TOKEN_PRIVATE_KEY);
    }

    private synchronized void createSecretKeyToken() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createSecretKeyToken");
        }
        try {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Creating a new secret key token.");
            }
            SecureRandom secureRandom = SecureRandom.getInstance("IBMSecureRandom");
            String name = secureRandom.getProvider().getName();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "The provider is " + name);
            }
            byte[] bArr = new byte[16];
            if (name.equals(Constants.IBMJCECCA_NAME)) {
                secureRandom.nextBytes(bArr);
            } else {
                bArr = secureRandom.generateSeed(16);
            }
            byte[] encoded = SecretKeyFactory.getInstance("AES").generateSecret(new SecretKeySpec(bArr, "AES")).getEncoded();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Secret key byte length: " + encoded.length);
            }
            this.skt = new SecretKeyToken(encoded, 128, "AES", "CBC", "PKCS5Padding", 1);
            this.sktBytes = this.skt.getBytes();
            this.sktExpiration = System.currentTimeMillis() + SamlConstants.DEFAULT_SAML_EXPIRES_IN_MILLISECONDS;
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception creating a secret key token.", new Object[]{e});
            }
            Manager.Ffdc.log(e, this, "com.ibm.ws.security.auth.rsatoken.RSAPropagationManager.createSecretKeyToken", "185", this);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createSecretKeyToken");
        }
    }

    public Subject validateRSAPropagationToken(byte[] bArr) throws IllegalArgumentException, WSLoginFailedException, CertificateExpiredException, CertificateNotYetValidException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "validateRSAPropagationToken");
        }
        if (bArr == null || bArr.length == 0) {
            throw new IllegalArgumentException("RSA propagation token bytes are null.");
        }
        try {
            RSAPropagationToken rSAPropagationToken = new RSAPropagationToken(getAdminRSAPropagationCertificate(), getAdminRSAPropagationPrivateKey(), bArr);
            if (rSAPropagationToken == null) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "validateRSAPropagationToken (error)");
                }
                throw new WSSecurityException("RSA propagation token is null after validation.");
            }
            RSAToken rSATokenObject = rSAPropagationToken.getRSATokenObject();
            long expiration = rSATokenObject.getExpiration();
            if (expiration < System.currentTimeMillis()) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "validateRSAPropagationToken (error)");
                }
                Tr.error(tc, "security.JSAS0801E", new Object[]{new Date(expiration), new Date(System.currentTimeMillis())});
                throw new WSLoginFailedException("JSAS0801E:  The received admin RSA token has an expired timestamp of " + new Date(expiration) + " where the current local timestamp is " + new Date(System.currentTimeMillis()) + ".  Check for clock skew issues between servers.");
            }
            if (getNonceManager().validate(rSATokenObject.getNonce())) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "validateRSAPropagationToken (creating Subject)");
                }
                return createSubjectFromRSAToken(rSATokenObject, rSAPropagationToken.getSendingX509Certificate());
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "validateRSAPropagationToken (error)");
            }
            Tr.error(tc, "security.JSAS0802E", new Object[]{rSATokenObject.getNonce()});
            throw new WSLoginFailedException("JSAS0802E: The received admin RSA token has a nonce value of " + rSATokenObject.getNonce() + " that has been used recently in this process.  This could indicate a replay attack.");
        } catch (Exception e) {
            Tr.error(tc, "security.JSAS0803E", new Object[]{e.getMessage()});
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception validating RSA token.", new Object[]{e});
            }
            Manager.Ffdc.log(e, this, "com.ibm.ws.security.auth.rsatoken.RSAPropagationManager.validateRSAPropagationToken", "256", this);
            if (e instanceof WSLoginFailedException) {
                throw ((WSLoginFailedException) e);
            }
            throw new WSLoginFailedException(e.getMessage(), e);
        }
    }

    public byte[] createRSAPropagationToken(X509Certificate x509Certificate, Subject subject) throws IllegalArgumentException, WSSecurityException, CertificateExpiredException, CertificateNotYetValidException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createRSAPropagationToken", new Object[]{subject.getPublicCredentials()});
        }
        if (subject == null) {
            throw new IllegalArgumentException("Subject is null.");
        }
        if (x509Certificate == null) {
            x509Certificate = getAdminRSAPropagationCertificate();
        }
        try {
            WSCredential wSCredentialFromSubject = SubjectHelper.getWSCredentialFromSubject(subject);
            String securityName = wSCredentialFromSubject.getSecurityName();
            String accessId = wSCredentialFromSubject.getAccessId();
            String realmName = wSCredentialFromSubject.getRealmName();
            String generate = getNonceManager().generate();
            ArrayList arrayList = null;
            if (wSCredentialFromSubject.getGroupIds() != null) {
                arrayList = wSCredentialFromSubject.getGroupIds();
            }
            Properties properties = (Properties) wSCredentialFromSubject.get("customRSAProperties");
            if (getProfileUUID() != null) {
                if (properties == null) {
                    properties = new Properties();
                }
                properties.setProperty("sendingProfileUUID", getProfileUUID());
            }
            RSAToken rSAToken = new RSAToken(realmName, securityName, accessId, null, arrayList, properties, generate, System.currentTimeMillis() + (Long.valueOf(SecurityObjectLocator.getSecurityConfig("security").getAuthMechanism(AuthMechanismConfig.TYPE_RSATOKEN).getLong(AuthMechanismConfig.RSA_TOKEN_EXPIRATION)).longValue() * 1000), 1);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "RSAToken creating with the following information.", new Object[]{rSAToken.toString()});
            }
            if (System.currentTimeMillis() > this.sktExpiration) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Creating a new SecretKeyToken.");
                }
                createSecretKeyToken();
            }
            RSAPropagationToken rSAPropagationToken = new RSAPropagationToken(getAdminRSAPropagationCertificate(), getAdminRSAPropagationPrivateKey(), x509Certificate, this.sktBytes, rSAToken.getBytes(), 1);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "createRSAPropagationToken");
            }
            return rSAPropagationToken.writeBytes();
        } catch (Exception e) {
            Tr.error(tc, "security.JSAS0804E", new Object[]{x509Certificate.getSubjectDN(), e.getMessage()});
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception creating RSA token.", new Object[]{e});
            }
            Manager.Ffdc.log(e, this, "com.ibm.ws.security.auth.rsatoken.RSAPropagationManager.validateRSAPropagationToken", "337", this);
            if (e instanceof WSSecurityException) {
                throw ((WSSecurityException) e);
            }
            throw new WSSecurityException(e.getMessage(), e);
        }
    }

    private List getAdminRolesFromSubject(Subject subject, WSCredential wSCredential) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getAdminRolesFromSubject");
        }
        if (subject == null) {
            throw new IllegalArgumentException("null Subject");
        }
        if (wSCredential == null) {
            throw new IllegalArgumentException("null WSCredential");
        }
        if (wSCredential.getRoles() == null) {
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "getAdminRolesFromSubject (null)");
            return null;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Admin roles exist in WSCredential.", new Object[]{wSCredential.getRoles()});
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getAdminRolesFromSubject");
        }
        return wSCredential.getRoles();
    }

    public Subject createSubjectFromRSAToken(RSAToken rSAToken) throws WSLoginFailedException {
        return createSubjectFromRSAToken(rSAToken, null);
    }

    public Subject createSubjectFromRSAToken(RSAToken rSAToken, X509Certificate x509Certificate) throws WSLoginFailedException {
        String property;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createSubjectFromRSAToken", new Object[]{rSAToken});
        }
        try {
            if (rSAToken == null) {
                throw new WSLoginFailedException("RSA token is null");
            }
            Hashtable hashtable = new Hashtable();
            String accessId = rSAToken.getAccessId();
            if (accessId != null && accessId.length() > 0) {
                hashtable.put(AttributeNameConstants.WSCREDENTIAL_UNIQUEID, accessId);
            }
            String realm = rSAToken.getRealm();
            if (realm != null && realm.length() > 0) {
                hashtable.put(AttributeNameConstants.WSCREDENTIAL_REALM, realm);
            }
            String principal = rSAToken.getPrincipal();
            if (principal != null && principal.length() > 0) {
                hashtable.put(AttributeNameConstants.WSCREDENTIAL_SECURITYNAME, principal);
            }
            List groups = rSAToken.getGroups();
            if (groups != null && groups.size() > 0) {
                hashtable.put(AttributeNameConstants.WSCREDENTIAL_GROUPS, groups);
            }
            Subject subject = new Subject();
            subject.getPublicCredentials().add(hashtable);
            ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
            contextManagerFactory.put(WSOpaqueTokenHelper.getInstance().getOpaqueTokenLookup(), null);
            Subject login = contextManagerFactory.login(rSAToken.getRealm(), rSAToken.getPrincipal(), "system.DEFAULT", (HttpServletRequest) null, (HttpServletResponse) null, (Map) null, subject);
            WSCredential wSCredentialFromSubject = SubjectHelper.getWSCredentialFromSubject(login);
            Properties customProperties = rSAToken.getCustomProperties();
            if (customProperties != null) {
                wSCredentialFromSubject.set("customRSAProperties", customProperties);
            }
            if (x509Certificate != null) {
                wSCredentialFromSubject.set("sendingRSACertificate", x509Certificate);
                String uUIDFromCert = getUUIDFromCert(x509Certificate);
                if (uUIDFromCert != null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "sendingProfileUUID: " + uUIDFromCert);
                    }
                    wSCredentialFromSubject.set("sendingProfileUUID", uUIDFromCert);
                } else if (customProperties != null && (property = customProperties.getProperty("sendingProfileUUID")) != null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "sendingProfileUUID from customProperties: " + property);
                    }
                    wSCredentialFromSubject.set("sendingProfileUUID", property);
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "createSubjectFromRSAToken");
            }
            return login;
        } catch (WSLoginFailedException e) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "createSubjectFromRSAToken");
            }
            Manager.Ffdc.log(e, this, "com.ibm.ws.security.token.WSCredentialTokenMapper.createSubjectFromRSAToken", "430", this);
            throw e;
        } catch (Exception e2) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "createWSCredentialFromProperties");
            }
            Manager.Ffdc.log(e2, this, "com.ibm.ws.security.token.WSCredentialTokenMapper.createSubjectFromRSAToken", "436", this);
            throw new WSLoginFailedException(e2.getMessage(), e2);
        }
    }

    public boolean verifyCertificate(X509Certificate[] x509CertificateArr) throws Exception {
        if (this.rpt == null) {
            this.rpt = new RSAPropagationToken(getAdminRSAPropagationCertificate());
        }
        return this.rpt.verifyCertificate(x509CertificateArr);
    }

    public String toString() {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("");
        stringBuffer.append(JSPTranslator.ENDL);
        return stringBuffer.toString();
    }

    public String getUUIDFromCert(X509Certificate x509Certificate) throws Exception {
        try {
            Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
            if (subjectAlternativeNames != null && subjectAlternativeNames.size() > 0) {
                for (List<?> list : subjectAlternativeNames) {
                    if (list != null && list.size() > 0) {
                        for (int i = 0; i < list.size(); i++) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Alt name value is: " + list.get(i));
                            }
                            String obj = list.get(i).toString();
                            if (obj.startsWith("ProfileUUID:")) {
                                return obj.substring("ProfileUUID:".length());
                            }
                        }
                    }
                }
            }
            return null;
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception while checking AltSubjectNames.", new Object[]{e});
            }
            throw e;
        }
    }

    private String getProfileUUID() {
        if (this.profileUUID == null) {
            try {
                this.profileUUID = (String) Class.forName("com.ibm.wsspi.management.profile.ProfileUtility").getMethod("getUUID", new Class[0]).invoke(null, new Object[0]);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Retrieved the following profileUUID for the process: " + this.profileUUID);
                }
            } catch (Exception e) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception creating profileUUID.", new Object[]{e});
                }
            }
        }
        return this.profileUUID;
    }

    public static void addSignerCertificateAliasToCache(String str, String str2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "addSignerCertificateAliasToCache");
        }
        if (signerCertificateAliasCache.size() > signerCertificateAliasCacheMaxSize) {
            if (tc.isEntryEnabled()) {
                Tr.debug(tc, "Max cache size reached removing an arbitrary entry.  Consider increasing the cache size by setting the com.ibm.websphere.security.rsaCertificateAliasCache property to a larger value.");
            }
            Iterator<Map.Entry<String, String>> it = signerCertificateAliasCache.entrySet().iterator();
            if (it.hasNext()) {
                it.next();
                it.remove();
            }
        }
        signerCertificateAliasCache.put(str, str2);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "addSignerCertificateAliasToCache (size: " + signerCertificateAliasCache.size() + ")");
        }
    }

    public static String getSignerCertificateAliasFromCache(String str) {
        return signerCertificateAliasCache.get(str);
    }

    /* JADX WARN: Code restructure failed: missing block: B:24:0x005f, code lost:
    
        if (com.ibm.ws.security.auth.rsatoken.RSAPropagationManager.tc.isEntryEnabled() == false) goto L17;
     */
    /* JADX WARN: Code restructure failed: missing block: B:25:0x0062, code lost:
    
        com.ibm.ejs.ras.Tr.debug(com.ibm.ws.security.auth.rsatoken.RSAPropagationManager.tc, "Removing alias from cache");
     */
    /* JADX WARN: Code restructure failed: missing block: B:26:0x006b, code lost:
    
        r0.remove();
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static void removeSignerCertificateAliasFromCache(java.lang.String r7) {
        /*
            com.ibm.ejs.ras.TraceComponent r0 = com.ibm.ws.security.auth.rsatoken.RSAPropagationManager.tc
            boolean r0 = r0.isEntryEnabled()
            if (r0 == 0) goto L19
            com.ibm.ejs.ras.TraceComponent r0 = com.ibm.ws.security.auth.rsatoken.RSAPropagationManager.tc
            java.lang.String r1 = "removeSignerCertificateAliasFromCache"
            r2 = 1
            java.lang.Object[] r2 = new java.lang.Object[r2]
            r3 = r2
            r4 = 0
            r5 = r7
            r3[r4] = r5
            com.ibm.ejs.ras.Tr.entry(r0, r1, r2)
        L19:
            r0 = r7
            if (r0 == 0) goto L77
            java.util.concurrent.ConcurrentHashMap<java.lang.String, java.lang.String> r0 = com.ibm.ws.security.auth.rsatoken.RSAPropagationManager.signerCertificateAliasCache     // Catch: java.lang.Exception -> L7a
            r1 = r7
            boolean r0 = r0.containsValue(r1)     // Catch: java.lang.Exception -> L7a
            if (r0 == 0) goto L77
            java.util.concurrent.ConcurrentHashMap<java.lang.String, java.lang.String> r0 = com.ibm.ws.security.auth.rsatoken.RSAPropagationManager.signerCertificateAliasCache     // Catch: java.lang.Exception -> L7a
            java.util.Set r0 = r0.entrySet()     // Catch: java.lang.Exception -> L7a
            java.util.Iterator r0 = r0.iterator()     // Catch: java.lang.Exception -> L7a
            r8 = r0
        L33:
            r0 = r8
            boolean r0 = r0.hasNext()     // Catch: java.lang.Exception -> L7a
            if (r0 == 0) goto L77
            r0 = r8
            java.lang.Object r0 = r0.next()     // Catch: java.lang.Exception -> L7a
            java.lang.String r0 = (java.lang.String) r0     // Catch: java.lang.Exception -> L7a
            r9 = r0
            java.util.concurrent.ConcurrentHashMap<java.lang.String, java.lang.String> r0 = com.ibm.ws.security.auth.rsatoken.RSAPropagationManager.signerCertificateAliasCache     // Catch: java.lang.Exception -> L7a
            r1 = r9
            java.lang.Object r0 = r0.get(r1)     // Catch: java.lang.Exception -> L7a
            java.lang.String r0 = (java.lang.String) r0     // Catch: java.lang.Exception -> L7a
            r10 = r0
            r0 = r10
            r1 = r7
            boolean r0 = r0.equals(r1)     // Catch: java.lang.Exception -> L7a
            if (r0 == 0) goto L74
            com.ibm.ejs.ras.TraceComponent r0 = com.ibm.ws.security.auth.rsatoken.RSAPropagationManager.tc     // Catch: java.lang.Exception -> L7a
            boolean r0 = r0.isEntryEnabled()     // Catch: java.lang.Exception -> L7a
            if (r0 == 0) goto L6b
            com.ibm.ejs.ras.TraceComponent r0 = com.ibm.ws.security.auth.rsatoken.RSAPropagationManager.tc     // Catch: java.lang.Exception -> L7a
            java.lang.String r1 = "Removing alias from cache"
            com.ibm.ejs.ras.Tr.debug(r0, r1)     // Catch: java.lang.Exception -> L7a
        L6b:
            r0 = r8
            r0.remove()     // Catch: java.lang.Exception -> L7a
            goto L77
        L74:
            goto L33
        L77:
            goto La1
        L7a:
            r8 = move-exception
            com.ibm.ejs.ras.TraceComponent r0 = com.ibm.ws.security.auth.rsatoken.RSAPropagationManager.tc
            boolean r0 = r0.isEntryEnabled()
            if (r0 == 0) goto La1
            com.ibm.ejs.ras.TraceComponent r0 = com.ibm.ws.security.auth.rsatoken.RSAPropagationManager.tc
            java.lang.StringBuilder r1 = new java.lang.StringBuilder
            r2 = r1
            r2.<init>()
            java.lang.String r2 = "Exception received removing alias from cache "
            java.lang.StringBuilder r1 = r1.append(r2)
            r2 = r8
            java.lang.String r2 = r2.getMessage()
            java.lang.StringBuilder r1 = r1.append(r2)
            java.lang.String r1 = r1.toString()
            com.ibm.ejs.ras.Tr.debug(r0, r1)
        La1:
            com.ibm.ejs.ras.TraceComponent r0 = com.ibm.ws.security.auth.rsatoken.RSAPropagationManager.tc
            boolean r0 = r0.isEntryEnabled()
            if (r0 == 0) goto Lb2
            com.ibm.ejs.ras.TraceComponent r0 = com.ibm.ws.security.auth.rsatoken.RSAPropagationManager.tc
            java.lang.String r1 = "removeSignerCertificateAliasFromCache"
            com.ibm.ejs.ras.Tr.entry(r0, r1)
        Lb2:
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ws.security.auth.rsatoken.RSAPropagationManager.removeSignerCertificateAliasFromCache(java.lang.String):void");
    }

    static {
        signerCertificateAliasCache = null;
        signerCertificateAliasCacheMaxSize = 0;
        try {
            SecurityConfig securityConfig = SecurityObjectLocator.getSecurityConfig();
            if (securityConfig != null) {
                signerCertificateAliasCacheMaxSize = new Integer(securityConfig.getProperty(SecurityConfig.RSA_CERTIFICATE_ALIAS_CACHE)).intValue();
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Initializing certificate alias cache, max size is " + signerCertificateAliasCacheMaxSize);
            }
            signerCertificateAliasCache = new ConcurrentHashMap<>();
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Error initializing certificate alias cache: " + e);
            }
            Tr.error(tc, "Exception " + e.toString() + " in static initializer");
        }
    }
}
