package com.ibm.ws.webservices.wssecurity.handler;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.etools.webservice.wsbnd.PCBinding;
import com.ibm.etools.webservice.wsbnd.SecurityRequestReceiverBindingConfig;
import com.ibm.etools.webservice.wscommonbnd.CanonicalizationMethod;
import com.ibm.etools.webservice.wscommonbnd.CertPathSettings;
import com.ibm.etools.webservice.wscommonbnd.CertStoreList;
import com.ibm.etools.webservice.wscommonbnd.CertStoreRef;
import com.ibm.etools.webservice.wscommonbnd.CollectionCertStore;
import com.ibm.etools.webservice.wscommonbnd.DataEncryptionMethod;
import com.ibm.etools.webservice.wscommonbnd.DigestMethod;
import com.ibm.etools.webservice.wscommonbnd.EncryptionInfo;
import com.ibm.etools.webservice.wscommonbnd.EncryptionKey;
import com.ibm.etools.webservice.wscommonbnd.KeyEncryptionMethod;
import com.ibm.etools.webservice.wscommonbnd.LDAPCertStore;
import com.ibm.etools.webservice.wscommonbnd.LDAPServer;
import com.ibm.etools.webservice.wscommonbnd.SignatureMethod;
import com.ibm.etools.webservice.wscommonbnd.SigningInfo;
import com.ibm.etools.webservice.wscommonbnd.TrustAnchor;
import com.ibm.etools.webservice.wscommonbnd.TrustedIDEvaluator;
import com.ibm.etools.webservice.wscommonbnd.TrustedIDEvaluatorRef;
import com.ibm.etools.webservice.wscommonbnd.X509Certificate;
import com.ibm.etools.webservice.wscommonext.AddReceivedTimestamp;
import com.ibm.etools.webservice.wscommonext.AuthMethod;
import com.ibm.etools.webservice.wscommonext.ConfidentialPart;
import com.ibm.etools.webservice.wscommonext.IDAssertion;
import com.ibm.etools.webservice.wscommonext.Reference;
import com.ibm.etools.webservice.wscommonext.RequiredConfidentiality;
import com.ibm.etools.webservice.wscommonext.RequiredIntegrity;
import com.ibm.etools.webservice.wsext.LoginConfig;
import com.ibm.etools.webservice.wsext.SecurityRequestReceiverServiceConfig;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.runtime.service.VariableMap;
import com.ibm.ws.runtime.service.WSSecurityService;
import com.ibm.ws.webservices.wssecurity.config.WSSGeneratorConfig;
import com.ibm.ws.webservices.wssecurity.core.NonceManagerFactory;
import com.ibm.ws.webservices.wssecurity.core.WSSecurityDefaultConfiguration;
import com.ibm.ws.webservices.wssecurity.util.ConfigConstants;
import com.ibm.ws.webservices.wssecurity.util.ConfigValidation;
import com.ibm.wsspi.wssecurity.SoapSecurityException;
import com.ibm.wsspi.wssecurity.config.KeyLocator;
import com.ibm.xml.soapsec.Constants;
import com.ibm.xml.soapsec.confimpl.PrivateReceiverConfig;
import com.ibm.xml.soapsec.dsig.VerificationSettings;
import com.ibm.xml.soapsec.enc.EncryptionSettings;
import com.ibm.xml.soapsec.token.LoginMapping;
import com.ibm.xml.soapsec.util.ConfigUtil;
import com.ibm.xml.soapsec.util.DOMUtil;
import com.ibm.xml.soapsec.util.NamespaceUtil;
import java.io.File;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.Security;
import java.security.cert.CertStore;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.LDAPCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509CertSelector;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Map;
import org.eclipse.emf.common.util.EList;

/* loaded from: input_file:lib/com.ibm.ws.runtime.jar:com/ibm/ws/webservices/wssecurity/handler/WSEMFRequestReceiverConfig.class */
public class WSEMFRequestReceiverConfig extends PrivateReceiverConfig {
    private String wsseNS;
    private String wsuNS;
    private String origin;
    static final String WS_SEC = "ws-security";
    static final String NON_WS_SEC = "non-ws-security";
    private static final String comp = "security.wssecurity";
    private static Map keyStores = new Hashtable();
    private static Map certFactories = new Hashtable();
    private static Map certs = new Hashtable();
    private static final String clsName = WSEMFRequestReceiverConfig.class.getName();
    private static final TraceComponent tc = Tr.register((Class<?>) WSEMFRequestReceiverConfig.class, "Web Services Security", "com.ibm.ws.webservices.wssecurity.resources.was-wssecurity");

    public WSEMFRequestReceiverConfig(SecurityRequestReceiverBindingConfig securityRequestReceiverBindingConfig, SecurityRequestReceiverServiceConfig securityRequestReceiverServiceConfig, String str, VariableMap variableMap, WSSecurityService wSSecurityService) throws SoapSecurityException {
        this(securityRequestReceiverBindingConfig, securityRequestReceiverServiceConfig, str, variableMap, wSSecurityService, null, null);
    }

    public WSEMFRequestReceiverConfig(SecurityRequestReceiverBindingConfig securityRequestReceiverBindingConfig, SecurityRequestReceiverServiceConfig securityRequestReceiverServiceConfig, String str, VariableMap variableMap, WSSecurityService wSSecurityService, ClassLoader classLoader) throws SoapSecurityException {
        this(securityRequestReceiverBindingConfig, securityRequestReceiverServiceConfig, str, variableMap, wSSecurityService, null, null);
    }

    public WSEMFRequestReceiverConfig(SecurityRequestReceiverBindingConfig securityRequestReceiverBindingConfig, SecurityRequestReceiverServiceConfig securityRequestReceiverServiceConfig, String str, VariableMap variableMap, WSSecurityService wSSecurityService, ClassLoader classLoader, PCBinding pCBinding) throws SoapSecurityException {
        this.wsseNS = null;
        this.wsuNS = null;
        this.origin = NON_WS_SEC;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "WSEMFRequestReceiverConfig (SecurityRequestReceiverBindingConfig, SecurityRequestReceiverServiceConfig, actorURI, VariableMap, WSSecurityService, ClassLoader, portCmpBnd):", new Object[]{securityRequestReceiverBindingConfig, securityRequestReceiverServiceConfig, str, variableMap, wSSecurityService, classLoader});
        }
        init(securityRequestReceiverBindingConfig, securityRequestReceiverServiceConfig, str, variableMap, wSSecurityService, classLoader, pCBinding);
        this.origin = WS_SEC;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "WSEMFRequestReceiverConfig()");
        }
    }

    WSEMFRequestReceiverConfig() {
        this.wsseNS = null;
        this.wsuNS = null;
        this.origin = NON_WS_SEC;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "WSEMFRequestReceiverConfig");
            Tr.exit(tc, "WSEMFRequestReceiverConfig");
        }
    }

    final void init(SecurityRequestReceiverBindingConfig securityRequestReceiverBindingConfig, SecurityRequestReceiverServiceConfig securityRequestReceiverServiceConfig, String str, VariableMap variableMap, WSSecurityService wSSecurityService, ClassLoader classLoader, PCBinding pCBinding) throws SoapSecurityException {
        String str2;
        EList properties;
        EList parameters;
        EList properties2;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "init(SecurityRequestReceiverBindingConfig, SecurityRequestReceiverServiceConfig, actorURI, VariableMap, WSSecurityService, ClassLoader, portCmpBnd):", new Object[]{securityRequestReceiverBindingConfig, securityRequestReceiverServiceConfig, str, variableMap, wSSecurityService, classLoader});
        }
        AddReceivedTimestamp addReceivedTimestamp = null;
        IDAssertion iDAssertion = null;
        LoginConfig loginConfig = null;
        RequiredConfidentiality requiredConfidentiality = null;
        RequiredIntegrity requiredIntegrity = null;
        WSSecurityDefaultConfiguration wSSecurityDefaultConfiguration = null;
        if (wSSecurityService != null) {
            Object config = wSSecurityService.getConfig();
            if (config instanceof WSSecurityDefaultConfiguration) {
                wSSecurityDefaultConfiguration = (WSSecurityDefaultConfiguration) config;
            }
        }
        Map map = null;
        Map map2 = null;
        Map map3 = null;
        Map map4 = null;
        this._properties = new HashMap();
        if (wSSecurityDefaultConfiguration != null) {
            WSSGeneratorConfig defaultGeneratorBinding = wSSecurityDefaultConfiguration.getDefaultGeneratorBinding();
            if (defaultGeneratorBinding != null) {
                map = defaultGeneratorBinding.getProperties();
                if (map != null) {
                    this._properties.putAll(map);
                }
            } else {
                map = wSSecurityDefaultConfiguration.getProperties();
                if (map != null) {
                    this._properties.putAll(map);
                }
            }
        }
        if (securityRequestReceiverServiceConfig != null && (properties2 = securityRequestReceiverServiceConfig.getProperties()) != null) {
            map2 = ConfigConstants.getProperties(properties2, variableMap);
            if (map2 != null) {
                this._properties.putAll(map2);
            }
        }
        if (pCBinding != null && (parameters = pCBinding.getParameters()) != null) {
            map4 = ConfigConstants.getProperties(parameters, variableMap);
            if (map4 != null) {
                this._properties.putAll(map4);
            }
        }
        if (securityRequestReceiverBindingConfig != null && (properties = securityRequestReceiverBindingConfig.getProperties()) != null) {
            map3 = ConfigConstants.getProperties(properties, variableMap);
            if (map3 != null) {
                this._properties.putAll(map3);
            }
        }
        if (securityRequestReceiverServiceConfig != null) {
            addReceivedTimestamp = securityRequestReceiverServiceConfig.getAddReceivedTimestamp();
            iDAssertion = securityRequestReceiverServiceConfig.getIdAssertion();
            loginConfig = securityRequestReceiverServiceConfig.getLoginConfig();
            requiredConfidentiality = securityRequestReceiverServiceConfig.getRequiredConfidentiality();
            requiredIntegrity = securityRequestReceiverServiceConfig.getRequiredIntegrity();
            if (tc.isDebugEnabled()) {
                if (map2 != null) {
                    Tr.debug(tc, "Request Receiver Deployment Descriptor (AddReceivedTimestamp, IdAssertion, LoginConfig, RequiredConfidentiality, RequiredIntegrity, Property):", new Object[]{addReceivedTimestamp, iDAssertion, loginConfig, requiredConfidentiality, requiredIntegrity, map2});
                } else {
                    Tr.debug(tc, "Request Receiver Deployment Descriptor (AddReceivedTimestamp, IdAssertion, LoginConfig, RequiredConfidentiality, RequiredIntegrity):", new Object[]{addReceivedTimestamp, iDAssertion, loginConfig, requiredConfidentiality, requiredIntegrity});
                }
            }
        }
        ConfigValidation configValidation = new ConfigValidation(variableMap, wSSecurityDefaultConfiguration);
        if (!configValidation.requiredConfidentialityValid(requiredConfidentiality)) {
            throw new SoapSecurityException("Invalid RequiredConfidentiality");
        }
        if (!configValidation.requiredIntegrityValid(requiredIntegrity)) {
            throw new SoapSecurityException("Invalid RequiredIntegrity");
        }
        if (!configValidation.idAssertionValid(iDAssertion)) {
            throw new SoapSecurityException("Invalid IDAssertion");
        }
        if (str != null) {
            String trim = str.trim();
            if (trim.length() != 0) {
                this.myactor = trim;
            }
        } else {
            this.myactor = null;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "actorURI = " + this.myactor);
        }
        this.enableReceivedTimestamp = false;
        if (addReceivedTimestamp != null) {
            this.enableReceivedTimestamp = addReceivedTimestamp.isFlag();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Adding enableReceivedTimestamp: " + this.enableReceivedTimestamp);
            }
        }
        this.idType = null;
        this.trustMode = null;
        if (iDAssertion != null) {
            this.idType = iDAssertion.getIdType();
            this.idType = this.idType == null ? this.idType : this.idType.trim();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Adding IDAssertion Type: " + this.idType);
            }
            this.trustMode = iDAssertion.getTrustMode();
            this.trustMode = this.trustMode == null ? this.trustMode : this.trustMode.trim();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Adding IDAssertion TrustMode: " + this.trustMode);
            }
        }
        if (requiredIntegrity != null) {
            int size = requiredIntegrity.getReferences().size();
            for (int i = 0; i < size; i++) {
                String name = ((Reference) requiredIntegrity.getReferences().get(i)).getPart().getName();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Adding integrity part: " + name);
                }
                this.requiredIntegralParts.add(name);
            }
        }
        if (requiredConfidentiality != null) {
            int size2 = requiredConfidentiality.getConfidentialParts().size();
            for (int i2 = 0; i2 < size2; i2++) {
                String name2 = ((ConfidentialPart) requiredConfidentiality.getConfidentialParts().get(i2)).getPart().getName();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Adding confidentiality part: " + name2);
                }
                this.requiredConfidentialParts.add(name2);
            }
        }
        if (loginConfig != null) {
            int size3 = loginConfig.getAuthMethods().size();
            boolean z = false;
            for (int i3 = 0; i3 < size3; i3++) {
                AuthMethod authMethod = (AuthMethod) loginConfig.getAuthMethods().get(i3);
                if (authMethod != null) {
                    String text = authMethod.getText();
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Adding authMethod name: " + text);
                    }
                    this.authMethods.add(text);
                    z = Constants.STR_BASIC.equals(text);
                }
            }
            if (map2 != null && !map2.isEmpty()) {
                String str3 = (String) map2.get(ConfigConstants.BASICAUTH_NONCE_REQUIRED);
                if (str3 != null) {
                    String trim2 = str3.trim();
                    if (trim2.length() != 0) {
                        this.checkNonce = Boolean.valueOf(trim2).booleanValue();
                        if (this.checkNonce) {
                            if (z) {
                                this.checkNonceTimestamp = true;
                            } else {
                                this.checkNonce = false;
                                this.checkNonceTimestamp = false;
                                StringBuffer stringBuffer = new StringBuffer();
                                for (int i4 = 0; i4 < this.authMethods.size(); i4++) {
                                    stringBuffer.append(this.authMethods.get(i4)).append(",");
                                }
                                String stringBuffer2 = stringBuffer.toString();
                                Tr.warning(tc, "security.wssecurity.WSEC0113W", new Object[]{stringBuffer2.substring(0, stringBuffer2.length() - 1)});
                            }
                        }
                    }
                }
                String str4 = (String) map2.get(ConfigConstants.BASICAUTH_NONCE_TIMESTAMP_REQUIRED);
                if (str4 != null) {
                    String trim3 = str4.trim();
                    if (trim3.length() != 0) {
                        this.checkNonceTimestamp = Boolean.valueOf(trim3).booleanValue();
                        if (this.checkNonceTimestamp && !this.checkNonce) {
                            this.checkNonceTimestamp = false;
                            Tr.warning(tc, "security.wssecurity.WSEC0114W");
                        }
                    }
                }
            }
        }
        CertStoreList certStoreList = null;
        EList eList = null;
        EList eList2 = null;
        EList eList3 = null;
        EList eList4 = null;
        EList eList5 = null;
        TrustedIDEvaluator trustedIDEvaluator = null;
        TrustedIDEvaluatorRef trustedIDEvaluatorRef = null;
        if (securityRequestReceiverBindingConfig != null) {
            certStoreList = securityRequestReceiverBindingConfig.getCertStoreList();
            eList = securityRequestReceiverBindingConfig.getEncryptionInfos();
            eList2 = securityRequestReceiverBindingConfig.getKeyLocators();
            eList3 = securityRequestReceiverBindingConfig.getLoginMappings();
            eList4 = securityRequestReceiverBindingConfig.getSigningInfos();
            eList5 = securityRequestReceiverBindingConfig.getTrustAnchors();
            trustedIDEvaluator = securityRequestReceiverBindingConfig.getTrustedIDEvaluator();
            trustedIDEvaluatorRef = securityRequestReceiverBindingConfig.getTrustedIDEvaluatorRef();
            if (tc.isDebugEnabled()) {
                if (map3 != null) {
                    Tr.debug(tc, "Request Receiver Binding (CertStoreList, EncryptionInfos, KeyLocators, LoginMappings, SigningInfos, TrustAnchors, TrustedIDEvaluator, TrustedIDEvaluatorRef, Property):", new Object[]{certStoreList, eList, eList2, eList3, eList4, eList5, trustedIDEvaluator, trustedIDEvaluatorRef, map3});
                } else {
                    Tr.debug(tc, "Request Receiver Binding (CertStoreList, EncryptionInfos, KeyLocators, LoginMappings, SigningInfos, TrustAnchors, TrustedIDEvaluator, TrustedIDEvaluatorRef):", new Object[]{certStoreList, eList, eList2, eList3, eList4, eList5, trustedIDEvaluator, trustedIDEvaluatorRef});
                }
            }
            if ((map3 != null || map3.size() != 0) && (str2 = (String) map3.get(ConfigConstants.WSSE_NS)) != null && str2.length() != 0) {
                if (!NamespaceUtil.isWsse(str2)) {
                    throw SoapSecurityException.format("security.wssecurity.WSEC0152E", str2);
                }
                this.wsseNS = str2;
                this.wsuNS = NamespaceUtil.getCorrespondingWSUNS(this.wsseNS);
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Namespace configured to be used to send the request, wsse=" + this.wsseNS + ", wsu=" + this.wsuNS);
            }
        }
        this._bypassSecurityHeader = ConfigUtil.getIsTruePropertyEnv(this._properties, com.ibm.ws.webservices.wssecurity.Constants.BYPASS_HEADER);
        if (!configValidation.receiverSigningInfoValid(eList4, eList5, certStoreList, requiredIntegrity)) {
            throw new SoapSecurityException("Invalid receiver SigningInfo");
        }
        if (!configValidation.encryptionInfosValid(eList, eList2, requiredConfidentiality)) {
            throw new SoapSecurityException("Invalid EncryptionInfo");
        }
        if (!configValidation.loginMappingValid(eList3, loginConfig)) {
            throw new SoapSecurityException("Invalid LoginMappings");
        }
        if (!configValidation.trustedIDEvaluatorRefValid(trustedIDEvaluatorRef)) {
            throw new SoapSecurityException("Invalid TrustedIDEvaluatorRef");
        }
        if (!configValidation.trustedIDEvaluatorValid(trustedIDEvaluator)) {
            throw new SoapSecurityException("Invalid TrustedIDEvaluator");
        }
        this.nonceMaxAge = (wSSecurityDefaultConfiguration == null ? 300 : wSSecurityDefaultConfiguration.getNonceMaxAge()) * 1000;
        this.nonceClockSkew = (wSSecurityDefaultConfiguration == null ? 0 : wSSecurityDefaultConfiguration.getNonceClockSkew()) * 1000;
        this.nonceManager = NonceManagerFactory.getInstance();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "default Nonce.maxAge = " + this.nonceMaxAge + " ms, default Nonce.clockSkew = " + this.nonceClockSkew + " ms");
            Tr.debug(tc, "NonceManager = " + this.nonceManager);
        }
        if (eList3 != null) {
            int size4 = eList3.size();
            for (int i5 = 0; i5 < size4; i5++) {
                LoginMapping readLoginMapping = ConfigConstants.readLoginMapping((com.ibm.etools.webservice.wscommonbnd.LoginMapping) eList3.get(i5), variableMap, classLoader);
                this.am2lm.put(readLoginMapping.getAuthMethod(), readLoginMapping);
                if (readLoginMapping.getTokenValueType() != null) {
                    this.tvt2lm.put(readLoginMapping.getTokenValueType(), readLoginMapping);
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Adding binding LoginMapping: ", new Object[]{readLoginMapping});
                }
                processNonceBinding(readLoginMapping.getAuthMethod(), readLoginMapping.getProperties(), wSSecurityDefaultConfiguration);
            }
        }
        for (String str5 : this.authMethods) {
            if (!this.am2lm.containsKey(str5) && wSSecurityDefaultConfiguration != null) {
                LoginMapping loginMapping = wSSecurityDefaultConfiguration.getLoginMapping(str5);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Adding default LoginMapping: ", new Object[]{loginMapping});
                }
                this.am2lm.put(str5, loginMapping);
                processNonceBinding(loginMapping.getAuthMethod(), loginMapping.getProperties(), wSSecurityDefaultConfiguration);
                if (loginMapping.getTokenValueType() != null) {
                    this.tvt2lm.put(loginMapping.getTokenValueType(), loginMapping);
                }
            }
        }
        if (trustedIDEvaluator != null) {
            com.ibm.wsspi.wssecurity.id.TrustedIDEvaluator readTrustedIDEvaluator = ConfigConstants.readTrustedIDEvaluator(trustedIDEvaluator, variableMap, classLoader);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Adding TrustID Evaluator.");
            }
            this.trustedIDEvaluator = readTrustedIDEvaluator;
        }
        if (eList != null) {
            int size5 = eList.size();
            for (int i6 = 0; i6 < size5; i6++) {
                EncryptionInfo encryptionInfo = (EncryptionInfo) eList.get(i6);
                EncryptionKey encryptionKey = encryptionInfo.getEncryptionKey();
                String str6 = null;
                String str7 = null;
                if (encryptionKey != null) {
                    str6 = encryptionKey.getName();
                    str7 = encryptionKey.getLocatorRef();
                }
                KeyLocator findKeyLocator = ConfigConstants.findKeyLocator(eList2, str7, variableMap, wSSecurityDefaultConfiguration, classLoader);
                DataEncryptionMethod encryptionMethod = encryptionInfo.getEncryptionMethod();
                String algorithm = encryptionMethod != null ? encryptionMethod.getAlgorithm() : null;
                KeyEncryptionMethod keyEncryptionMethod = encryptionInfo.getKeyEncryptionMethod();
                String algorithm2 = keyEncryptionMethod != null ? keyEncryptionMethod.getAlgorithm() : null;
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Adding Encryption Info.", new Object[]{"Locator: " + findKeyLocator, "dataEncAlg: " + algorithm, "keyEncAlg: " + algorithm2, "encKeyName: " + str6});
                }
                if (algorithm == null || str6 == null || findKeyLocator == null) {
                    if (algorithm == null) {
                        Tr.warning(tc, "security.wssecurity.IncompleteEncryptionInfo", "Data Encryption Algorithm");
                    }
                    if (str6 == null) {
                        Tr.warning(tc, "security.wssecurity.IncompleteEncryptionInfo", "Encryption Key Name");
                    }
                    if (findKeyLocator == null) {
                        Tr.warning(tc, "security.wssecurity.IncompleteEncryptionInfo", "Key Locator");
                    }
                }
                this.encryptionSettingsList.add(new EncryptionSettings(algorithm, algorithm2, str6, findKeyLocator));
            }
        }
        if (eList4 != null) {
            int size6 = eList4.size();
            for (int i7 = 0; i7 < size6; i7++) {
                PKIXBuilderParameters pKIXBuilderParameters = null;
                Provider provider = null;
                HashSet hashSet = new HashSet();
                String str8 = null;
                boolean z2 = false;
                SigningInfo signingInfo = (SigningInfo) eList4.get(i7);
                CanonicalizationMethod canonicalizationMethod = signingInfo.getCanonicalizationMethod();
                String str9 = null;
                if (canonicalizationMethod == null) {
                    Tr.warning(tc, "security.wssecurity.nocanonicalization.algo");
                } else {
                    str9 = canonicalizationMethod.getAlgorithm();
                }
                SignatureMethod signatureMethod = signingInfo.getSignatureMethod();
                String str10 = null;
                if (signatureMethod == null) {
                    Tr.warning(tc, "security.wssecurity.nosignature.algo");
                } else {
                    str10 = signatureMethod.getAlgorithm();
                }
                DigestMethod digestMethod = signingInfo.getDigestMethod();
                String str11 = null;
                if (digestMethod == null) {
                    Tr.warning(tc, "security.wssecurity.nodigest.algo");
                } else {
                    str11 = digestMethod.getAlgorithm();
                }
                CertPathSettings certPathSettings = signingInfo.getCertPathSettings();
                if (certPathSettings.getTrustAnyCertificate() != null) {
                    z2 = true;
                } else {
                    KeyStore keyStore = null;
                    str8 = certPathSettings.getTrustAnchorRef().getRef();
                    boolean z3 = false;
                    int i8 = 0;
                    while (true) {
                        if (i8 >= eList5.size()) {
                            break;
                        }
                        TrustAnchor trustAnchor = (TrustAnchor) eList5.get(i8);
                        if (str8.equals(trustAnchor.getName())) {
                            com.ibm.etools.webservice.wscommonbnd.KeyStore keyStore2 = trustAnchor.getKeyStore();
                            keyStore = ConfigUtil.getKeyStore(keyStore2.getType(), variableMap == null ? keyStore2.getPath() : variableMap.expand(keyStore2.getPath()), keyStore2.getStorepass().toCharArray());
                            z3 = true;
                        } else {
                            i8++;
                        }
                    }
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "(from application binding) Keystore for TrustAnchor: " + str8 + " = " + keyStore + "Found = " + z3);
                    }
                    if (!z3 && wSSecurityDefaultConfiguration != null) {
                        keyStore = wSSecurityDefaultConfiguration.getTrustAnchor(str8);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "(from default binding) Keystore for TrustAnchor: " + str8 + " = " + keyStore);
                        }
                    }
                    if (keyStore == null) {
                        throw SoapSecurityException.format("security.wssecurity.ConfigValidation.keystore.taref.open", str8);
                    }
                    try {
                        pKIXBuilderParameters = new PKIXBuilderParameters(keyStore, new X509CertSelector());
                        pKIXBuilderParameters.setDate(null);
                        CertStoreRef certStoreRef = certPathSettings.getCertStoreRef();
                        r47 = certStoreRef != null ? certStoreRef.getRef() : null;
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "CertStoreRef = " + r47);
                        }
                        boolean z4 = false;
                        if (certStoreList != null) {
                            EList collectionCertStores = certStoreList.getCollectionCertStores();
                            int size7 = collectionCertStores.size();
                            int i9 = 0;
                            while (true) {
                                if (i9 >= size7) {
                                    break;
                                }
                                CollectionCertStore collectionCertStore = (CollectionCertStore) collectionCertStores.get(i9);
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "collectionCertStores.get(" + i9 + ") = " + collectionCertStore.getName());
                                }
                                if (r47 == null || !r47.equals(collectionCertStore.getName())) {
                                    i9++;
                                } else {
                                    provider = Security.getProvider(collectionCertStore.getProvider());
                                    EList x509Certificates = collectionCertStore.getX509Certificates();
                                    int size8 = x509Certificates.size();
                                    HashMap hashMap = new HashMap();
                                    for (int i10 = 0; i10 < size8; i10++) {
                                        X509Certificate x509Certificate = (X509Certificate) x509Certificates.get(i10);
                                        String path = variableMap == null ? x509Certificate.getPath() : variableMap.expand(x509Certificate.getPath());
                                        CertificateFactory certificateFactory = (CertificateFactory) hashMap.get("");
                                        if (certificateFactory == null) {
                                            certificateFactory = ConfigUtil.createCertificateFactory("");
                                            hashMap.put("", certificateFactory);
                                        }
                                        hashSet.add(ConfigUtil.getX509Certificate(new File(path), certificateFactory));
                                    }
                                    CollectionCertStoreParameters collectionCertStoreParameters = null;
                                    try {
                                        collectionCertStoreParameters = new CollectionCertStoreParameters(hashSet);
                                        pKIXBuilderParameters.addCertStore("".equals(provider) ? CertStore.getInstance("Collection", collectionCertStoreParameters) : CertStore.getInstance("Collection", collectionCertStoreParameters, provider));
                                        if (tc.isDebugEnabled()) {
                                            Tr.debug(tc, "Found CertStore for " + r47);
                                        }
                                        z4 = true;
                                    } catch (InvalidAlgorithmParameterException e) {
                                        TraceComponent traceComponent = tc;
                                        Object[] objArr = new Object[1];
                                        objArr[0] = collectionCertStoreParameters.toString() == null ? "" : collectionCertStoreParameters.toString();
                                        Tr.error(traceComponent, "security.wssecurity.CommonReceiverConfig.s21", objArr);
                                        throw SoapSecurityException.format("security.wssecurity.CommonReceiverConfig.s21", collectionCertStoreParameters.toString() == null ? "" : collectionCertStoreParameters.toString(), e);
                                    } catch (NoSuchAlgorithmException e2) {
                                        Tr.error(tc, "security.wssecurity.CommonReceiverConfig.s20", new Object[]{"Collection"});
                                        throw SoapSecurityException.format("security.wssecurity.CommonReceiverConfig.s20", "Collection", e2);
                                    } catch (Throwable th) {
                                        Tr.error(tc, "security.wssecurity.load.collectioncertstore.failed", new Object[]{collectionCertStore.getName(), th});
                                        throw SoapSecurityException.format("security.wssecurity.load.collectioncertstore.failed", collectionCertStore.getName(), th);
                                    }
                                }
                            }
                            if (!z4) {
                                EList ldapCertStores = certStoreList.getLdapCertStores();
                                int size9 = ldapCertStores.size();
                                int i11 = 0;
                                while (true) {
                                    if (i11 >= size9) {
                                        break;
                                    }
                                    LDAPCertStore lDAPCertStore = (LDAPCertStore) ldapCertStores.get(i11);
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "ldapCertStores.get(" + i11 + ") = " + lDAPCertStore.getName());
                                    }
                                    if (r47 == null || !r47.equals(lDAPCertStore.getName())) {
                                        i11++;
                                    } else {
                                        LDAPServer ldapServer = lDAPCertStore.getLdapServer();
                                        String host = ldapServer.getHost();
                                        try {
                                            int parseInt = Integer.parseInt(ldapServer.getPort());
                                            provider = Security.getProvider(lDAPCertStore.getProvider());
                                            LDAPCertStoreParameters lDAPCertStoreParameters = new LDAPCertStoreParameters(host, parseInt);
                                            try {
                                                pKIXBuilderParameters.addCertStore("".equals(provider) ? CertStore.getInstance("LDAP", lDAPCertStoreParameters) : CertStore.getInstance("LDAP", lDAPCertStoreParameters, provider));
                                                if (tc.isDebugEnabled()) {
                                                    Tr.debug(tc, "Found CertStore for " + r47);
                                                }
                                                z4 = true;
                                            } catch (InvalidAlgorithmParameterException e3) {
                                                FFDCFilter.processException(e3, clsName + ".CommonReceiverConfig", "698", this);
                                                Tr.error(tc, "security.wssecurity.CommonReceiverConfig.s21", pKIXBuilderParameters.toString());
                                                throw SoapSecurityException.format("security.wssecurity.CommonReceiverConfig.s21", pKIXBuilderParameters.toString());
                                            } catch (NoSuchAlgorithmException e4) {
                                                FFDCFilter.processException(e4, clsName + ".CommonReceiverConfig", "693", this);
                                                Tr.error(tc, "security.wssecurity.CommonReceiverConfig.s20", "LDAP");
                                                throw SoapSecurityException.format("security.wssecurity.CommonReceiverConfig.s20", "LDAP");
                                            }
                                        } catch (NumberFormatException e5) {
                                            String port = ldapServer.getPort();
                                            FFDCFilter.processException(e5, clsName + ".CommonReceiverConfig", "677", this);
                                            Tr.error(tc, "security.wssecurity.CommonReceiverConfig.s19", port);
                                            throw SoapSecurityException.format("security.wssecurity.CommonReceiverConfig.s19", port, e5);
                                        }
                                    }
                                }
                            }
                        }
                        if (!z4 && r47 != null && wSSecurityDefaultConfiguration != null) {
                            CertStore certStore = wSSecurityDefaultConfiguration.getCertStore(r47);
                            if (certStore == null) {
                                Tr.error(tc, "security.wssecurity.ConfigValidation.csref.notfound", new Object[]{r47});
                                throw SoapSecurityException.format("security.wssecurity.ConfigValidation.csref.notfound", r47);
                            }
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Found CertStore for " + r47);
                            }
                            pKIXBuilderParameters.addCertStore(certStore);
                        }
                        if (str8 != null && provider == null) {
                            HashMap hashMap2 = new HashMap();
                            provider = ConfigUtil.setupCertStoreProvider(this._properties, hashMap2, null);
                            if (provider == null) {
                                String str12 = (String) hashMap2.get(com.ibm.ws.webservices.wssecurity.Constants.CERTSTORE_PROVIDER);
                                if (ConfigUtil.hasValue(str12)) {
                                    throw new SoapSecurityException("The cert store security provider '" + str12 + "' does not exist.  The cert store security provider is configured on the '" + com.ibm.ws.webservices.wssecurity.Constants.CERTSTORE_PROVIDER + "' property.");
                                }
                            }
                        }
                    } catch (InvalidAlgorithmParameterException e6) {
                        FFDCFilter.processException(e6, clsName + ".WSEMFResponseReceiverConfig", "567", this);
                        Tr.error(tc, "security.wssecurity.CommonReceiverConfig.s12");
                        throw SoapSecurityException.format("security.wssecurity.CommonReceiverConfig.s12", e6);
                    } catch (KeyStoreException e7) {
                        FFDCFilter.processException(e7, clsName + ".WSEMFResponseReceiverConfig", "572", this);
                        Tr.error(tc, "security.wssecurity.CommonReceiverConfig.s12");
                        throw SoapSecurityException.format("security.wssecurity.CommonReceiverConfig.s12", e7);
                    }
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Adding Signing Info.", new Object[]{"c14nAlgorithm: " + str9, "digestAlgorithm: " + str11, "signatureAlgorithm: " + str10, "provider: " + provider, "eeCerts: " + hashSet, "anchorRef: " + str8, "storeRef: " + r47, "trustAny: " + z2});
                }
                this.verificationSettingsList.add(new VerificationSettings(str9, str11, str10, pKIXBuilderParameters, provider, hashSet, str8, r47, z2));
            }
        }
        if (trustedIDEvaluator == null && trustedIDEvaluatorRef != null) {
            String ref = trustedIDEvaluatorRef.getRef();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Adding TrustID Evaluator Reference: " + ref);
            }
            this.trustedIDEvaluator = wSSecurityDefaultConfiguration.getTrustedIDEvaluator(ref);
        }
        processPrivateConfig(DOMUtil.getPrivateConfig(false));
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, getLogProperties(map, map4, map2, map3, "request", "receiver"));
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "init()");
        }
    }

    private void processNonceBinding(String str, Map map, WSSecurityDefaultConfiguration wSSecurityDefaultConfiguration) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "processNonceBinding", new Object[]{str, map});
        }
        if (map != null && !map.isEmpty()) {
            String str2 = (String) map.get(ConfigConstants.BASICAUTH_NONCE_MAX_AGE);
            String str3 = (String) map.get(ConfigConstants.BASICAUTH_NONCE_CLOCK_SKEW);
            if (Constants.STR_BASIC.equals(str) && this.checkNonce && this.checkNonceTimestamp) {
                if (wSSecurityDefaultConfiguration == null) {
                    if (str2 != null) {
                        this.nonceMaxAge = ConfigConstants.processNonceMaxAge(str2, 600) * 1000;
                    }
                    if (str3 != null) {
                        this.nonceClockSkew = ConfigConstants.processNonceClockSkew(str3, (int) (this.nonceMaxAge / 1000)) * 1000;
                    }
                } else {
                    if (str2 != null) {
                        this.nonceMaxAge = ConfigConstants.processNonceMaxAge(str2, wSSecurityDefaultConfiguration.getNonceCacheTimeout()) * 1000;
                    }
                    if (str3 != null) {
                        this.nonceClockSkew = ConfigConstants.processNonceClockSkew(str3, (int) (this.nonceMaxAge / 1000)) * 1000;
                    }
                }
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Nonce.maxAge = " + this.nonceMaxAge + " ms, Nonce.clockSkew = " + this.nonceClockSkew + " ms");
            }
            map.remove(ConfigConstants.BASICAUTH_NONCE_MAX_AGE);
            map.remove(ConfigConstants.BASICAUTH_NONCE_CLOCK_SKEW);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "processNonceBinding");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final String getOrigin() {
        return this.origin;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final String getWSSENS() {
        return this.wsseNS;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final String getWSUNS() {
        return this.wsuNS;
    }
}
