package com.ibm.ws.webservices.wssecurity.dsig;

import com.ibm.ws.webservices.wssecurity.Constants;
import com.ibm.ws.webservices.wssecurity.config.KeyInfoConsumerConfig;
import com.ibm.ws.webservices.wssecurity.config.KeyInfoContentConsumerConfig;
import com.ibm.ws.webservices.wssecurity.keyinfo.KeyInfoResult;
import com.ibm.ws.webservices.wssecurity.keyinfo.WSSKeyInfoComponent;
import com.ibm.ws.webservices.wssecurity.token.TokenManager;
import com.ibm.ws.webservices.wssecurity.util.DOMUtil;
import com.ibm.ws.wssecurity.xss4j.dsig.IDResolver;
import com.ibm.ws.wssecurity.xss4j.dsig.KeyInfo;
import com.ibm.wsspi.wssecurity.SoapSecurityException;
import com.ibm.wsspi.wssecurity.auth.token.Token;
import com.ibm.xml.soapsec.Result;
import com.ibm.xml.soapsec.ResultPool;
import com.ibm.xml.soapsec.util.CertificateUtil;
import com.ibm.xml.soapsec.util.ConfigUtil;
import com.ibm.xml.soapsec.util.Tr;
import com.ibm.xml.soapsec.util.TraceComponent;
import java.math.BigInteger;
import java.text.ParseException;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import org.w3c.dom.Element;
import org.w3c.dom.Node;

/* loaded from: input_file:lib/com.ibm.ws.runtime.jar:com/ibm/ws/webservices/wssecurity/dsig/STRDTKeyInfoResolver.class */
public class STRDTKeyInfoResolver {
    private static final String comp = "security.wssecurity";
    private IDResolver _idResolver;
    private Set _tokenSet;
    private Set _dsigKinfoSet;
    private Set _encKinfoSet;
    private Map _context;
    private Map _selectors;
    private static final TraceComponent tc = Tr.register(STRDTKeyInfoResolver.class, "Web Services Security", "com.ibm.ws.webservices.wssecurity.resources.was-wssecurity");
    private static final String clsName = STRDTKeyInfoResolver.class.getName();
    private boolean _generation = false;
    private boolean _storedToken = false;
    private Set _stokens = null;
    private Result[] _results = null;

    /* JADX INFO: Access modifiers changed from: protected */
    public void setDsigKeyInfoSet(Set set) {
        this._dsigKinfoSet = set;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setEncKeyInfoSet(Set set) {
        this._encKinfoSet = set;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setGeneration(boolean z) {
        this._generation = z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setContext(Map map) {
        this._context = map;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setSelectors(Map map) {
        this._selectors = map;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setIdResolver(IDResolver iDResolver) {
        this._idResolver = iDResolver;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Element resolve(Element element, String str) throws SoapSecurityException {
        Element elementInSubject;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "resolve(Element secTokenRef[" + DOMUtil.getDisplayName(element) + "],String keyInfoType[" + str + "])");
        }
        try {
            HashMap hashMap = new HashMap();
            int i = 0;
            Object obj = this._context.get(Constants.WSS_VERSION);
            if (obj != null && (obj instanceof Integer)) {
                i = ((Integer) obj).intValue();
            }
            String str2 = Constants.NAMESPACES[0][i];
            if (this._generation) {
                elementInSubject = getElementInSubject(element, str, str2, this._context);
            } else {
                if (!this._storedToken) {
                    this._stokens = XMLDTKeyInfoResolver.storeSubject(this._context);
                    this._results = XMLDTKeyInfoResolver.storeResult(this._context);
                    this._storedToken = true;
                }
                elementInSubject = getElementInSubject(element, str, str2, this._context);
                if (elementInSubject == null) {
                    elementInSubject = getElement(element, this._dsigKinfoSet, this._encKinfoSet, hashMap, this._selectors, this._context);
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "resolve(Element secTokenRef,String keyInfoType) returns Element[" + DOMUtil.getDisplayName(elementInSubject) + "]");
            }
            return elementInSubject;
        } finally {
            if (this._storedToken) {
                XMLDTKeyInfoResolver.restoreSubject(this._context, this._stokens);
                XMLDTKeyInfoResolver.restoreResult(this._context, this._results);
                this._storedToken = false;
            }
        }
    }

    private static Element getElementInSubject(Element element, String str, String str2, Map map) throws SoapSecurityException {
        String idInSubject;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getElementInSubject(Element secTokenRef[" + DOMUtil.getDisplayName(element) + "],String keyInfoType[" + str + "],String nsWsse[" + str2 + "],Map context)");
        }
        Element element2 = null;
        Set tokens = TokenManager.getTokens(map);
        if (tokens != null && (idInSubject = getIdInSubject(element, str, str2)) != null) {
            Iterator it = tokens.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Token token = (Token) it.next();
                if (idInSubject.equals(token.getId())) {
                    element2 = token.getElement();
                    break;
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getElementInSubject(Element secTokenRef,String keyInfoType,String nsWsse", "Map context) returns Element[" + DOMUtil.getDisplayName(element2) + "]");
        }
        return element2;
    }

    private static String getIdInSubject(Element element, String str, String str2) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getIdInSubject(Element secTokenRef[" + DOMUtil.getDisplayName(element) + "],String keyInfoType[" + str + "],String nsWsse[" + str2 + "])");
        }
        String str3 = null;
        if (ConfigUtil.isKeyInfoKeyid(str)) {
            str3 = DOMUtil.getStringValue(DOMUtil.getOneElement(element, str2, "KeyIdentifier"));
        } else if (ConfigUtil.isKeyInfoX509issuer(str)) {
            String stringValue = DOMUtil.getStringValue(DOMUtil.getOneElement(element, Constants.NS_DSIG, "X509IssuerName"));
            if (stringValue != null) {
                stringValue = KeyInfo.X509Data.encodeDName(stringValue);
            }
            String stringValue2 = DOMUtil.getStringValue(DOMUtil.getOneElement(element, Constants.NS_DSIG, "X509SerialNumber"));
            if (stringValue2 != null) {
                try {
                    new BigInteger(stringValue2);
                } catch (NumberFormatException e) {
                    try {
                        stringValue2 = CertificateUtil.convertSerialNumber(stringValue2).toString();
                    } catch (ParseException e2) {
                        throw SoapSecurityException.format("security.wssecurity.X509LoginModule.s04", stringValue2, e2);
                    }
                }
            }
            str3 = stringValue + ":" + stringValue2;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getIdInSubject(Element secTokenRef,String keyInfoType,String nsWsse) returns String[" + str3 + "]");
        }
        return str3;
    }

    private static Element getElement(Element element, Set set, Set set2, Map map, Map map2, Map map3) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getElement(Element secTokenRef[" + DOMUtil.getDisplayName(element) + "],Set dsigKinfoSet[" + set + "],Set encKinfoSet[" + set2 + "],Map type,Map properties,Map context)");
        }
        Element element2 = null;
        Set lockTokens = lockTokens(map3);
        try {
            KeyInfoResult callKeyInfoConsumer = callKeyInfoConsumer(set, set2, map, map2, getKeyInfoElement(element), map3);
            if (callKeyInfoConsumer != null) {
                String idInSubject = callKeyInfoConsumer.getIdInSubject();
                Token token = TokenManager.getToken(map3, callKeyInfoConsumer.getKeyInfoContentConsumer().getTokenConsumer(), idInSubject);
                if (token == null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "WEARNING: Unable to extract the token with the token identifier [" + idInSubject + "].");
                    }
                } else {
                    if (token.getError() != null) {
                        throw token.getError();
                    }
                    element2 = token.getElement();
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "WEARNING: Unable to get the KeyInfoResult.");
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getElement(Element secTokenRef,Set dsigKinfoSet,Set encKinfoSet,Map type,Map properties,Map context) returns Element[" + DOMUtil.getDisplayName(element2) + "]");
            }
            return element2;
        } finally {
            restoreTokens(map3, lockTokens);
            removeKeyInfoResults(map3);
        }
    }

    private static Element getKeyInfoElement(Node node) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getKeyInfoElement(Node node[" + DOMUtil.getDisplayName(node) + "])");
        }
        Element element = null;
        Node parentNode = node.getParentNode();
        if (parentNode != null) {
            element = (parentNode.getNodeType() == 1 && DOMUtil.equals(parentNode, Constants.NS_DSIG, "KeyInfo")) ? (Element) parentNode : getKeyInfoElement(parentNode);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getKeyInfoElement(Node node)returns Element[" + DOMUtil.getDisplayName(element) + "]");
        }
        return element;
    }

    private static KeyInfoResult callKeyInfoConsumer(Set set, Set set2, Map map, Map map2, Element element, Map map3) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "callKeyInfoConsumer(Set dsigKinfoSet,Set encKinfoSet,Map type,Map properties,Element target[" + DOMUtil.getDisplayName(element) + "],Map context)");
        }
        boolean z = false;
        Exception exc = null;
        Iterator it = set.iterator();
        while (it.hasNext()) {
            try {
                SignatureConsumer.callKeyInfoConsumer((KeyInfoConsumerConfig) it.next(), WSSKeyInfoComponent.KEY_VERIFYING, map, map2, element, map3);
                z = true;
                break;
            } catch (Exception e) {
                exc = e;
                removeKeyInfoResults(map3);
            }
        }
        if (z) {
            getProcessedResult(SignatureConsumer.getKeyInfoResults(map3), set);
        } else {
            Iterator it2 = set2.iterator();
            while (it2.hasNext()) {
                try {
                    SignatureConsumer.callKeyInfoConsumer((KeyInfoConsumerConfig) it2.next(), WSSKeyInfoComponent.KEY_DECRYPTING, map, map2, element, map3);
                    z = true;
                    break;
                } catch (Exception e2) {
                    exc = e2;
                    removeKeyInfoResults(map3);
                }
            }
        }
        if (!z) {
            throw SoapSecurityException.format("security.wssecurity.DTKeyInfoResolver.s01", exc);
        }
        KeyInfoResult processedResult = getProcessedResult(SignatureConsumer.getKeyInfoResults(map3), set2);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "callKeyInfoConsumer(boolean signature,Set keyInfoSet,Map type,Map properties,Element target,Map context) returns KeyInfoResult[" + processedResult + "]");
        }
        return processedResult;
    }

    private static KeyInfoResult getProcessedResult(KeyInfoResult[] keyInfoResultArr, Set set) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getProcessedResult(KeyInfoResult[] results,Set keyInfoSet");
        }
        KeyInfoResult keyInfoResult = null;
        if (keyInfoResultArr != null) {
            for (KeyInfoResult keyInfoResult2 : keyInfoResultArr) {
                KeyInfoContentConsumerConfig keyInfoContentConsumer = keyInfoResult2.getKeyInfoContentConsumer();
                Iterator it = set.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    if (((KeyInfoConsumerConfig) it.next()).getContentConsumers().contains(keyInfoContentConsumer) && keyInfoResult2.getError() == null) {
                        keyInfoResult = keyInfoResult2;
                        break;
                    }
                }
                if (keyInfoResult != null) {
                    break;
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getProcessedResult(KeyInfoResult[] results,Set keyInfoSet) returns KeyInfoResult[" + keyInfoResult + "]");
        }
        return keyInfoResult;
    }

    private static Set lockTokens(Map map) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "lockTokens(Map context)");
        }
        HashSet hashSet = new HashSet(TokenManager.getTokens(map));
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "lockTokens(Map context)");
        }
        return hashSet;
    }

    private static void removeKeyInfoResults(Map map) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "removeKeyInfoResults(Map context)");
        }
        Result[] resultArr = ResultPool.get(map, KeyInfoResult.class);
        if (resultArr != null && resultArr.length > 0) {
            ResultPool.remove(map, resultArr);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "removeKeyInfoResults(Map context)");
        }
    }

    private static void restoreTokens(Map map, Set set) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "restoreTokens(Map context,Set tokens)");
        }
        TokenManager.removeAllTokens(map);
        TokenManager.setTokens(map, set);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "restoreResults(Map context,Set tokens)");
        }
    }
}
