package com.ibm.ws.security.ltpa;

import com.ibm.CORBA.iiop.ORB;
import com.ibm.CSIv2Security.LTPAMechOID;
import com.ibm.ISecurityLocalObjectBaseL13Impl.DomainInfo;
import com.ibm.ejs.oa.EJSORB;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.crypto.KeyException;
import com.ibm.websphere.crypto.KeyPair;
import com.ibm.websphere.management.AdminServiceFactory;
import com.ibm.websphere.management.Session;
import com.ibm.websphere.management.cmdframework.AdminCommand;
import com.ibm.websphere.management.cmdframework.CommandMgr;
import com.ibm.websphere.management.cmdframework.CommandResult;
import com.ibm.websphere.management.configservice.ConfigService;
import com.ibm.websphere.management.configservice.ConfigServiceFactory;
import com.ibm.websphere.management.configservice.ConfigServiceHelper;
import com.ibm.websphere.models.config.ipc.ssl.KeyReference;
import com.ibm.websphere.models.config.ipc.ssl.KeySet;
import com.ibm.websphere.models.config.ipc.ssl.KeyStore;
import com.ibm.websphere.models.config.security.LTPA;
import com.ibm.websphere.security.CustomRegistryException;
import com.ibm.websphere.security.EntryNotFoundException;
import com.ibm.websphere.security.WSSecurityException;
import com.ibm.websphere.security.WebSphereRuntimePermission;
import com.ibm.websphere.security.auth.InvalidTokenException;
import com.ibm.websphere.security.auth.TokenCreationFailedException;
import com.ibm.websphere.security.auth.TokenExpiredException;
import com.ibm.websphere.security.auth.WSLoginFailedException;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.crypto.config.KeySetGroupManager;
import com.ibm.ws.crypto.config.KeySetManager;
import com.ibm.ws.crypto.config.WSKeyPairReference;
import com.ibm.ws.crypto.config.WSKeyReference;
import com.ibm.ws.crypto.config.WSKeySet;
import com.ibm.ws.crypto.config.WSKeySetGroup;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.management.configservice.MOFUtil;
import com.ibm.ws.security.auth.BasicAuthData;
import com.ibm.ws.security.auth.WSCredentialImpl;
import com.ibm.ws.security.config.AuthMechanismConfig;
import com.ibm.ws.security.config.SecurityConfig;
import com.ibm.ws.security.config.SecurityConfigManager;
import com.ibm.ws.security.config.SecurityObjectLocator;
import com.ibm.ws.security.core.ContextManager;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.security.jaspi.commands.AdminConstants;
import com.ibm.ws.security.registry.RegistryUtil;
import com.ibm.ws.security.registry.UnsupportedEntryTypeException;
import com.ibm.ws.security.registry.UserRegistryImpl;
import com.ibm.ws.security.server.LTPAConfigException;
import com.ibm.ws.security.server.SecurityServerImpl;
import com.ibm.ws.security.util.AccessController;
import com.ibm.ws.security.util.Base64Coder;
import com.ibm.ws.security.util.ByteArray;
import com.ibm.ws.ssl.commands.utils.CommandConstants;
import com.ibm.ws.ssl.config.KeyStoreManager;
import com.ibm.ws.ssl.config.ManagementScopeManager;
import com.ibm.ws.ssl.config.WSKeyStore;
import com.ibm.wsspi.security.ltpa.Token;
import com.ibm.wsspi.security.ltpa.TokenFactory;
import com.ibm.wsspi.security.token.AttributeNameConstants;
import java.io.UnsupportedEncodingException;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.rmi.RemoteException;
import java.security.Key;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.Security;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.StringTokenizer;
import java.util.concurrent.ConcurrentHashMap;
import javax.crypto.spec.SecretKeySpec;
import javax.management.AttributeList;
import javax.management.ObjectName;
import org.aspectj.apache.bcel.Constants;
import org.eclipse.emf.common.util.EList;

/* loaded from: input_file:wasJars/securityimpl.jar:com/ibm/ws/security/ltpa/LTPAServerObject.class */
public final class LTPAServerObject {
    private static final String NONE = "";
    private static final String ROLETYPE = "role";
    private static final int GROUP = 0;
    private static final int USER = 1;
    private static final int SERVER = 2;
    private static final String realmSeparator = "/";
    private static final String typeSeparator = ":";
    private static final String tokenFactorySeparator = "|";
    private String realm;
    private static long expirationLimit;
    private byte[] adminPassword;
    private byte[] new_adminPassword;
    private static LTPAPublicKey s_ltpaPubKey;
    private LTPAPublicKey ltpaPubKey;
    private static LTPAPrivateKey s_ltpaPrivKey;
    private LTPAPrivateKey ltpaPrivKey;
    private static byte[] s_sharedKey;
    private byte[] sharedKey;
    private static LTPAPublicKey s_new_ltpaPubKey;
    private LTPAPublicKey new_ltpaPubKey;
    private static LTPAPrivateKey s_new_ltpaPrivKey;
    private LTPAPrivateKey new_ltpaPrivKey;
    private byte[] privateKey;
    private byte[] publicKey;
    private byte[] new_sharedKey;
    private byte[] new_privateKey;
    private byte[] new_publicKey;
    private byte[] encryptedPrivateKey;
    private byte[] encryptedSharedKey;
    private byte[] new_encryptedPrivateKey;
    private byte[] new_encryptedSharedKey;
    public static final String SHARED_KEY_PROPERTY = "com.ibm.websphere.ltpa.3DESKey";
    public static final String PUBLIC_KEY_PROPERTY = "com.ibm.websphere.ltpa.PublicKey";
    public static final String PRIVATE_KEY_PROPERTY = "com.ibm.websphere.ltpa.PrivateKey";
    public static final String LTPA_VERSION_PROPERTY = "com.ibm.websphere.ltpa.version";
    public static final String CREATION_DATE_PROPERTY = "com.ibm.websphere.CreationDate";
    public static final String CREATION_HOST_PROPERTY = "com.ibm.websphere.CreationHost";
    public static final String LDAP_REALM_PROPERTY = "com.ibm.websphere.ltpa.Realm";
    private String _domainId;
    private ArrayList primaryTokenFactoryList;
    private HashMap primaryTokenFactoryMap;
    private ArrayList secondaryTokenFactoryList;
    private HashMap secondaryTokenFactoryMap;
    private String ltpaKeySetGroupName;
    private Map generationKeys;
    private Map validationKeys;
    private ObjectName objName;
    private String _sharedString;
    private String _privateString;
    private String _publicString;
    private LinkedList el1;
    private LinkedList el2;
    private HashMap encryptHashMap;
    private LinkedList vl1;
    private LinkedList vl2;
    private HashMap verifyHashMap;
    private LinkedList sl1;
    private LinkedList sl2;
    private HashMap sighHashMap;
    private static final TraceComponent tc = Tr.register(LTPAServerObject.class, "Security", AdminConstants.MSG_BUNDLE_NAME);
    private static final String GROUPTYPE = "group:";
    private static final String USERTYPE = "user:";
    private static final String SERVERTYPE = "server:";
    private static final String[] supportedTypes = {GROUPTYPE, USERTYPE, SERVERTYPE};
    private static String CURRENT_LTPA_VERSION = "1.0";
    static boolean isAdminAgent = false;
    static boolean _useFIPS = false;
    static boolean _forceSoftwareJCEProviderForLTPA = false;
    static String _defaultJCEProvider = "IBMJCE";
    private static SecurityConfigManager scm = null;
    private static ConcurrentHashMap instanceCache = new ConcurrentHashMap();
    private static HashMap s_primaryTokenFactoryMap = new HashMap();
    private static HashMap s_secondaryTokenFactoryMap = new HashMap();
    private static final WebSphereRuntimePermission ACCESS_LTPA_SERVER_OBJECT = new WebSphereRuntimePermission("accessLTPAServerObject");
    private static final WebSphereRuntimePermission MAP_CREDENTIAL = new WebSphereRuntimePermission("mapCredential");
    private static Object syncObject = new Object();
    private static final HashMap tokenFactoryPredictionMap = new HashMap();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:wasJars/securityimpl.jar:com/ibm/ws/security/ltpa/LTPAServerObject$FactoryPrediction.class */
    public final class FactoryPrediction {
        int length = 0;
        int factoryNumber = 0;
        long[] statistics;

        public FactoryPrediction() {
            this.statistics = new long[LTPAServerObject.this.primaryTokenFactoryList.size()];
        }

        public void addResult(int i, int i2) {
            if (i == this.length && i2 == this.factoryNumber) {
                return;
            }
            long[] jArr = this.statistics;
            jArr[i2] = jArr[i2] + 1;
            if (this.statistics[i2] > 1000) {
                synchronized (this.statistics) {
                    long j = 1;
                    for (int i3 = 1; i3 < this.statistics.length; i3++) {
                        if (this.statistics[i3] > 0 && this.statistics[i3] < j) {
                            j = this.statistics[i3];
                        }
                    }
                    long j2 = j - 1;
                    for (int i4 = 0; i4 < this.statistics.length; i4++) {
                        long[] jArr2 = this.statistics;
                        int i5 = i4;
                        jArr2[i5] = jArr2[i5] - j2;
                    }
                }
            }
            int i6 = 0;
            long j3 = this.statistics[0];
            for (int i7 = 1; i7 < this.statistics.length; i7++) {
                if (this.statistics[i7] > j3) {
                    i6 = i7;
                    j3 = this.statistics[i7];
                }
            }
            this.factoryNumber = i6;
        }

        public int getFactoryNumber() {
            return this.factoryNumber;
        }
    }

    public static LTPAServerObject getLTPAServer() throws LTPAConfigException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getLTPAServer");
        }
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "getLTPAServer performing Java 2 Security Permission Check ...");
                Tr.debug(tc, "getLTPAServer expecting : " + ACCESS_LTPA_SERVER_OBJECT.toString());
            }
            securityManager.checkPermission(ACCESS_LTPA_SERVER_OBJECT);
        }
        String str = null;
        if (scm == null) {
            scm = SecurityObjectLocator.getSecurityConfigManager();
        }
        if (scm != null) {
            str = scm.getDomainId();
            isAdminAgent = scm.isAdminAgent();
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "getLTPAServer no SecurityConfigManager instance");
        }
        if (str == null) {
            str = "Admin";
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "getLTPAServer using domainId " + str);
        }
        LTPAServerObject lTPAServerObject = (LTPAServerObject) instanceCache.get(str);
        if (lTPAServerObject == null) {
            synchronized (syncObject) {
                lTPAServerObject = (LTPAServerObject) instanceCache.get(str);
                if (lTPAServerObject == null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "getLTPAServer did not find LTPAServerObject in cache");
                    }
                    lTPAServerObject = initLTPAServer();
                    if (lTPAServerObject != null) {
                        lTPAServerObject.setDomainId(str);
                        instanceCache.put(str, lTPAServerObject);
                    }
                }
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "getLTPAServer found LTPAServerObject in cache");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getLTPAServer " + lTPAServerObject);
        }
        return lTPAServerObject;
    }

    public static void releaseLTPAServer() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "releaseLTPAServer");
        }
        String str = null;
        if (scm == null) {
            scm = SecurityObjectLocator.getSecurityConfigManager();
        }
        if (scm != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "releaseLTPAServer SecurityConfigManager instance " + scm);
            }
            str = scm.getDomainId();
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "releaseLTPAServer no SecurityConfigManager instance");
        }
        if (str == null) {
            str = "Admin";
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "releaseLTPAServer using domainId " + str);
        }
        LTPAServerObject lTPAServerObject = (LTPAServerObject) instanceCache.remove(str);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "releaseLTPAServer " + lTPAServerObject);
        }
    }

    public static LTPAServerObject getInstance() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getInstance");
        }
        LTPAServerObject lTPAServerObject = null;
        try {
            lTPAServerObject = getLTPAServer();
        } catch (LTPAConfigException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.ltpa", "400");
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "getInstance exception getting LTPA server object.", e);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getInstance " + lTPAServerObject);
        }
        return lTPAServerObject;
    }

    private static LTPAServerObject initLTPAServer() throws LTPAConfigException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initLTPAServer");
        }
        LTPAServerObject lTPAServerObject = null;
        AuthMechanismConfig activeAuthMechanism = SecurityObjectLocator.getSecurityConfig().getActiveAuthMechanism();
        boolean z = activeAuthMechanism.getBoolean(AuthMechanismConfig.FORWARDABLE_CRED);
        if ((activeAuthMechanism.getType().equals("LTPA") && z) || activeAuthMechanism.getType().equals(AuthMechanismConfig.TYPE_KERBEROS)) {
            try {
                String string = activeAuthMechanism.getString("password");
                Long valueOf = Long.valueOf(activeAuthMechanism.getLong("timeout"));
                String string2 = activeAuthMechanism.getString("com.ibm.websphere.ltpa.PrivateKey");
                String string3 = activeAuthMechanism.getString("com.ibm.websphere.ltpa.PublicKey");
                String string4 = activeAuthMechanism.getString("com.ibm.websphere.ltpa.3DESKey");
                if (valueOf == null) {
                    TraceComponent traceComponent = tc;
                    Object[] objArr = new Object[1];
                    objArr[0] = valueOf != null ? valueOf.toString() : null;
                    Tr.error(traceComponent, "security.secsrv.badltpconfig", objArr);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Required LTPA configuration data is unavailable.  Initialization failed.");
                    }
                    throw new LTPAConfigException("Required LTPA configuration data is unavailable.  Initialization failed.");
                }
                long longValue = valueOf.longValue();
                byte[] bArr = null;
                if (string != null) {
                    bArr = string.getBytes("UTF8");
                }
                lTPAServerObject = new LTPAServerObject(longValue, bArr, string3, string2, string4);
                if (Boolean.valueOf(SecurityObjectLocator.getSecurityConfig().getProperty("com.ibm.security.useFIPS")).booleanValue()) {
                    _useFIPS = true;
                    _defaultJCEProvider = Security.getProperty("DEFAULT_JCE_PROVIDER");
                }
                String property = SecurityObjectLocator.getSecurityConfig().getProperty(SecurityConfig.FORCE_SOFTWARE_JCE_PROVIDER_FOR_LTPA);
                if (property != null && property.equalsIgnoreCase("true")) {
                    _forceSoftwareJCEProviderForLTPA = true;
                }
            } catch (LTPAConfigException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.ltpa.LTPAServerObject.initLTPAServer", "467");
                throw e;
            } catch (Exception e2) {
                FFDCFilter.processException(e2, "com.ibm.ws.security.ltpa.LTPAServerObject.initLTPAServer", "472");
                Tr.error(tc, "security.secsrv.ltpaconfigerr", new Object[]{e2});
                throw new LTPAConfigException(e2.getMessage());
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "initLTPAServer " + lTPAServerObject);
        }
        return lTPAServerObject;
    }

    private LTPAServerObject(long j, byte[] bArr, String str, String str2, String str3) throws LTPAConfigException {
        this.realm = null;
        this.adminPassword = null;
        this.new_adminPassword = null;
        this._domainId = null;
        this.primaryTokenFactoryList = new ArrayList();
        this.primaryTokenFactoryMap = new HashMap();
        this.secondaryTokenFactoryList = new ArrayList();
        this.secondaryTokenFactoryMap = new HashMap();
        this.ltpaKeySetGroupName = null;
        this.generationKeys = null;
        this.validationKeys = null;
        this.objName = null;
        this._sharedString = null;
        this._privateString = null;
        this._publicString = null;
        this.el1 = new LinkedList();
        this.el2 = new LinkedList();
        this.encryptHashMap = new HashMap();
        this.vl1 = new LinkedList();
        this.vl2 = new LinkedList();
        this.verifyHashMap = new HashMap();
        this.sl1 = new LinkedList();
        this.sl2 = new LinkedList();
        this.sighHashMap = new HashMap();
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, Constants.CONSTRUCTOR_NAME);
        }
        expirationLimit = j;
        this.adminPassword = bArr;
        if (str == null || str2 == null || str3 == null) {
            try {
                initializeKeySetGroupKeys();
            } catch (KeyException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.ltpa.LTPAServerObject.<init>", "544", this);
                Tr.error(tc, "security.ltpa.init.error", new Object[]{e});
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "LTPAServerObject " + hashCode(), e);
                }
                throw new LTPAConfigException(e.getMessage());
            }
        } else {
            try {
                this.encryptedSharedKey = Base64Coder.base64Decode(str3.getBytes("UTF8"));
                this.encryptedPrivateKey = Base64Coder.base64Decode(str2.getBytes("UTF8"));
                this.publicKey = Base64Coder.base64Decode(str.getBytes("UTF8"));
                setLtpaPublicKey(new LTPAPublicKey(this.publicKey));
                setLtpaPrivateKey(new LTPAPrivateKey(getPrivateKey(bArr, this.encryptedPrivateKey)));
                setSharedKey(getSharedKey(bArr, this.encryptedSharedKey));
                HashMap primaryTokenFactoryMap = getPrimaryTokenFactoryMap();
                primaryTokenFactoryMap.put("com.ibm.wsspi.security.ltpa.expiration", new Long(expirationLimit));
                primaryTokenFactoryMap.put("com.ibm.wsspi.security.ltpa.ltpa_shared_key", getSharedKey());
                primaryTokenFactoryMap.put("com.ibm.wsspi.security.ltpa.ltpa_public_key", getLtpaPublicKey());
                primaryTokenFactoryMap.put("com.ibm.wsspi.security.ltpa.ltpa_private_key", getLtpaPrivateKey());
            } catch (UnsupportedEncodingException e2) {
                FFDCFilter.processException(e2, "com.ibm.ws.security.ltpa.LTPAServerObject.LTPAServerObject", "513", this);
                Tr.error(tc, "security.ltpa.init.error", new Object[]{e2});
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "LTPAServerObject " + hashCode(), e2);
                }
                throw new LTPAConfigException(e2.getMessage());
            } catch (Exception e3) {
                FFDCFilter.processException(e3, "com.ibm.ws.security.ltpa.LTPAServerObject.LTPAServerObject", "520", this);
                Tr.error(tc, "security.ltpa.init.error", new Object[]{e3});
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "LTPAServerObject", e3);
                }
                throw new LTPAConfigException(e3.getMessage());
            }
        }
        try {
            StringTokenizer stringTokenizer = new StringTokenizer(SecurityObjectLocator.getSecurityConfig().getProperty("com.ibm.wsspi.security.ltpa.tokenFactory"), "|");
            while (stringTokenizer.hasMoreTokens()) {
                String nextToken = stringTokenizer.nextToken();
                findFactory(nextToken, this.primaryTokenFactoryList, true);
                findFactory(nextToken, this.secondaryTokenFactoryList, false);
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, Constants.CONSTRUCTOR_NAME, this);
            }
        } catch (Exception e4) {
            FFDCFilter.processException(e4, "com.ibm.ws.security.ltpa.LTPAServerObject.LTPAServerObject", "564", this);
            Tr.error(tc, "security.ltpa.init.error", new Object[]{e4});
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "LTPAServerObject " + hashCode(), e4);
            }
            throw new LTPAConfigException(e4.getMessage());
        }
    }

    public LTPAServerObject() {
        this.realm = null;
        this.adminPassword = null;
        this.new_adminPassword = null;
        this._domainId = null;
        this.primaryTokenFactoryList = new ArrayList();
        this.primaryTokenFactoryMap = new HashMap();
        this.secondaryTokenFactoryList = new ArrayList();
        this.secondaryTokenFactoryMap = new HashMap();
        this.ltpaKeySetGroupName = null;
        this.generationKeys = null;
        this.validationKeys = null;
        this.objName = null;
        this._sharedString = null;
        this._privateString = null;
        this._publicString = null;
        this.el1 = new LinkedList();
        this.el2 = new LinkedList();
        this.encryptHashMap = new HashMap();
        this.vl1 = new LinkedList();
        this.vl2 = new LinkedList();
        this.verifyHashMap = new HashMap();
        this.sl1 = new LinkedList();
        this.sl2 = new LinkedList();
        this.sighHashMap = new HashMap();
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, Constants.CONSTRUCTOR_NAME);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, Constants.CONSTRUCTOR_NAME, this);
        }
    }

    public TokenFactory findFactory(String str, List list, boolean z) throws WSLoginFailedException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "findFactory " + hashCode(), new Object[]{str, new Boolean(z)});
        }
        TokenFactory tokenFactory = null;
        TokenFactory[] tokenFactoryArr = (TokenFactory[]) list.toArray(new TokenFactory[0]);
        if (tokenFactoryArr.length > 0) {
            for (int i = 0; i < tokenFactoryArr.length; i++) {
                if (tokenFactoryArr[i].getClass().getName().equals(str)) {
                    tokenFactory = tokenFactoryArr[i];
                }
            }
        }
        if (tokenFactory == null) {
            try {
                tokenFactory = (TokenFactory) Class.forName(str).newInstance();
                if (z) {
                    tokenFactory.initialize(getPrimaryTokenFactoryMap());
                } else {
                    tokenFactory.initialize(getSecondaryTokenFactoryMap());
                }
                list.add(tokenFactory);
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.ltpa.LTPAServerObject.findPrimaryFactory", "623", this);
                Tr.error(tc, "security.ltpa.factory.init.error", new Object[]{str, e});
                throw new WSLoginFailedException(e.getMessage(), e);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "findFactory " + hashCode(), tokenFactory);
        }
        return tokenFactory;
    }

    public void refreshTokenFactories() throws LTPAConfigException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "refreshTokenFactories " + hashCode());
        }
        if (getSharedKey() == null || getLtpaPublicKey() == null || getLtpaPrivateKey() == null) {
            try {
                initializeKeySetGroupKeys();
                TokenFactory[] tokenFactoryArr = (TokenFactory[]) this.primaryTokenFactoryList.toArray(new TokenFactory[0]);
                if (tokenFactoryArr.length > 0) {
                    for (int i = 0; i < tokenFactoryArr.length; i++) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Refreshing primary tokenFactory keys for: " + tokenFactoryArr[i].getClass().getName());
                        }
                        tokenFactoryArr[i].initialize(getPrimaryTokenFactoryMap());
                    }
                }
                TokenFactory[] tokenFactoryArr2 = (TokenFactory[]) this.secondaryTokenFactoryList.toArray(new TokenFactory[0]);
                if (tokenFactoryArr2.length > 0) {
                    for (int i2 = 0; i2 < tokenFactoryArr2.length; i2++) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Refreshing secondary tokenFactory keys for: " + tokenFactoryArr2[i2].getClass().getName());
                        }
                        tokenFactoryArr2[i2].initialize(getSecondaryTokenFactoryMap());
                    }
                }
            } catch (KeyException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.ltpa.LTPAServerObject.refreshTokenFactories", "657", this);
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "refreshTokenFactories", new Object[]{e});
                }
                throw new LTPAConfigException(e.getMessage());
            }
        } else {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Refreshing using old key location.");
            }
            HashMap primaryTokenFactoryMap = getPrimaryTokenFactoryMap();
            primaryTokenFactoryMap.put("com.ibm.wsspi.security.ltpa.expiration", new Long(expirationLimit));
            primaryTokenFactoryMap.put("com.ibm.wsspi.security.ltpa.ltpa_shared_key", getSharedKey());
            primaryTokenFactoryMap.put("com.ibm.wsspi.security.ltpa.ltpa_public_key", getLtpaPublicKey());
            primaryTokenFactoryMap.put("com.ibm.wsspi.security.ltpa.ltpa_private_key", getLtpaPrivateKey());
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "refreshTokenFactories " + hashCode());
        }
    }

    public void initializeKeySetGroupKeys() throws KeyException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initializeKeySetGroupKeys " + hashCode());
        }
        LTPAPublicKey lTPAPublicKey = null;
        LTPAPrivateKey lTPAPrivateKey = null;
        byte[] bArr = null;
        this.ltpaKeySetGroupName = SecurityObjectLocator.getSecurityConfig().getActiveAuthMechanism().getString(AuthMechanismConfig.KEY_SET_GROUP);
        KeySetGroupManager keySetGroupManager = KeySetGroupManager.getInstance();
        if (!keySetGroupManager.isInitialized()) {
            keySetGroupManager.initializeKeySetGroups(SecurityObjectLocator.getSecurityConfig().getSCO(), true);
        }
        this.generationKeys = keySetGroupManager.getKeySetGroup(this.ltpaKeySetGroupName).getLatestKeys();
        traceKeyMap(this.generationKeys);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Latest keys: " + this.generationKeys);
        }
        if (this.generationKeys == null) {
            throw new KeyException("Could not generateLTPAKeys from the KeySet name: " + this.ltpaKeySetGroupName);
        }
        Iterator it = this.generationKeys.keySet().iterator();
        while (it.hasNext()) {
            Object obj = this.generationKeys.get((String) it.next());
            if (obj instanceof Key) {
                bArr = ((Key) obj).getEncoded();
            } else if (obj instanceof KeyPair) {
                lTPAPublicKey = new LTPAPublicKey(((KeyPair) obj).getPublicKey().getEncoded());
                lTPAPrivateKey = new LTPAPrivateKey(((KeyPair) obj).getPrivateKey().getEncoded());
            }
        }
        HashMap primaryTokenFactoryMap = getPrimaryTokenFactoryMap();
        primaryTokenFactoryMap.put("com.ibm.wsspi.security.ltpa.expiration", new Long(expirationLimit));
        if (bArr != null) {
            primaryTokenFactoryMap.put("com.ibm.wsspi.security.ltpa.ltpa_shared_key", bArr);
        }
        if (lTPAPublicKey != null) {
            primaryTokenFactoryMap.put("com.ibm.wsspi.security.ltpa.ltpa_public_key", lTPAPublicKey);
        }
        if (lTPAPrivateKey != null) {
            primaryTokenFactoryMap.put("com.ibm.wsspi.security.ltpa.ltpa_private_key", lTPAPrivateKey);
        }
        this.validationKeys = KeySetGroupManager.getInstance().getKeySetGroup(this.ltpaKeySetGroupName).getAllKeysByVersion();
        traceValidationKeys(this.validationKeys);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "All keys: " + this.validationKeys);
        }
        HashMap secondaryTokenFactoryMap = getSecondaryTokenFactoryMap();
        secondaryTokenFactoryMap.put("com.ibm.wsspi.security.ltpa.expiration", new Long(expirationLimit));
        secondaryTokenFactoryMap.put("com.ibm.wsspi.security.ltpa.ltpa_validation_keys", this.validationKeys);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "initializeKeySetGroupKeys " + hashCode());
        }
    }

    public Token createLTPAToken(String str, String str2) throws WSLoginFailedException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createLTPAToken " + hashCode(), new Object[]{str, str2});
        }
        if (str2 == null) {
            throw new WSLoginFailedException("TokenFactory is null");
        }
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Performing Java 2 Security Permission Check ...");
                Tr.debug(tc, "Expecting : " + MAP_CREDENTIAL.toString());
            }
            securityManager.checkPermission(MAP_CREDENTIAL);
        }
        Token token = null;
        try {
            if (getUserRegistry() != null) {
                String uniqueUserId = (str.startsWith(supportedTypes[1]) || str.startsWith(supportedTypes[2])) ? str : getUserRegistry().getUniqueUserId(str);
                if (uniqueUserId == null) {
                    Tr.error(tc, "security.ltpa.credmap.failed.nullaccessid");
                    throw new WSLoginFailedException("Cannot create token since accessID is null");
                }
                TokenFactory findFactory = findFactory(str2, this.primaryTokenFactoryList, true);
                if (findFactory == null) {
                    Tr.error(tc, "security.ltpa.factory.null.error", new Object[]{str2});
                    throw new WSLoginFailedException("TokenFactory is null");
                }
                HashMap hashMap = new HashMap();
                hashMap.put(AttributeNameConstants.WSCREDENTIAL_UNIQUEID, uniqueUserId);
                token = findFactory.createToken(hashMap);
                if (token == null) {
                    Tr.error(tc, "security.ltpa.validate.nulltoken");
                    throw new WSLoginFailedException("Token is null");
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "createLTPAToken " + hashCode(), token);
            }
            return token;
        } catch (WSLoginFailedException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.ltpa.LTPAServerObject.createLTPAToken", "861", this);
            throw e;
        } catch (Exception e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.ltpa.LTPAServerObject.createLTPAToken", "866", this);
            Tr.error(tc, "security.ltpa.factory.tokencreate.error", new Object[]{str2, e2});
            throw new WSLoginFailedException(e2.getMessage(), e2);
        }
    }

    public WSCredential createLTPAToken(WSCredential wSCredential) throws TokenCreationFailedException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createLTPAToken(final cred) " + hashCode(), new Object[]{wSCredential});
        }
        return createLTPAToken(wSCredential, LTPAMechOID.value);
    }

    public WSCredential createLTPAToken(final WSCredential wSCredential, final String str) throws TokenCreationFailedException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createLTPAToken " + hashCode(), new Object[]{wSCredential, str});
        }
        String property = SecurityObjectLocator.getSecurityConfig().getProperty("com.ibm.wsspi.security.token.authenticationTokenFactory");
        try {
            String accessId = wSCredential.getAccessId();
            if (accessId == null) {
                Tr.error(tc, "security.ltpa.credmap.failed.nullaccessid");
                throw new TokenCreationFailedException("Cannot create token since accessID is null");
            }
            TokenFactory findFactory = findFactory(property, this.primaryTokenFactoryList, true);
            if (findFactory == null) {
                Tr.error(tc, "security.ltpa.factory.null.error", new Object[]{property});
            }
            HashMap hashMap = new HashMap();
            hashMap.put(AttributeNameConstants.WSCREDENTIAL_UNIQUEID, accessId);
            final Token createToken = findFactory.createToken(hashMap);
            try {
                WSCredential wSCredential2 = (WSCredential) AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.ws.security.ltpa.LTPAServerObject.1
                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws Exception {
                        return new WSCredentialImpl(wSCredential, str, createToken, true, createToken.getExpiration());
                    }
                });
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "createLTPAToken " + hashCode(), wSCredential2);
                }
                return wSCredential2;
            } catch (PrivilegedActionException e) {
                Exception exception = e.getException();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception occurred creating new WS cred.", new Object[]{exception});
                }
                FFDCFilter.processException(exception, "com.ibm.ws.security.ltpa.LTPAServerObject.createLTPAToken", "939", this);
                throw new TokenCreationFailedException(exception != null ? exception.getMessage() : "Exception occurred creating new WS cred.");
            }
        } catch (Exception e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.ltpa.LTPAServerObject.createLTPAToken", "913", this);
            Tr.error(tc, "security.ltpa.factory.tokencreate.error", new Object[]{property, e2});
            throw new TokenCreationFailedException(e2.getMessage());
        }
    }

    public WSCredential authenticate(BasicAuthData basicAuthData) throws WSLoginFailedException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "authenticate " + hashCode(), basicAuthData);
        }
        WSCredential wSCredential = null;
        try {
            ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
            if (getUserRegistry() == null) {
                wSCredential = contextManagerFactory.getUnauthenticatedCredential();
            }
            if (wSCredential == null) {
                String realm = basicAuthData.getRealm();
                if (realm == null) {
                    realm = contextManagerFactory.getDefaultRealm();
                } else if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "realm from basicAuth  = " + realm);
                }
                UserRegistryImpl userRegistry = getUserRegistry(realm);
                wSCredential = userRegistry.createCredential(userRegistry.checkPassword(basicAuthData.getUserid(), basicAuthData.getPassword()));
            }
            if (wSCredential == null) {
                throw new WSLoginFailedException("Credential returned by createCredential is null");
            }
            WSCredential createLTPAToken = createLTPAToken(wSCredential);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "authenticate " + hashCode(), createLTPAToken);
            }
            return createLTPAToken;
        } catch (TokenCreationFailedException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.ltpa.LTPAServerObject.authenticate", "991", this);
            Tr.error(tc, "security.ltpa.authenticate", new Object[]{e.getMessage()});
            throw new WSLoginFailedException(e.getMessage(), e);
        } catch (WSLoginFailedException e2) {
            throw e2;
        } catch (Exception e3) {
            FFDCFilter.processException(e3, "com.ibm.ws.security.ltpa.LTPAServerObject.authenticate", "997", this);
            Tr.error(tc, "security.ltpa.authenticate", new Object[]{e3.getMessage()});
            throw new WSLoginFailedException(e3.getMessage(), e3);
        }
    }

    public WSCredential authenticateLoginToken(byte[] bArr) throws WSLoginFailedException, RemoteException {
        throw new WSLoginFailedException("LTPAServerObject: authenticateLoginToken not implemented " + hashCode());
    }

    public Token validateTokenAndRealm(byte[] bArr) throws WSLoginFailedException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "validateTokenAndRealm(byte[]) " + hashCode(), bArr);
        }
        Token validateToken = validateToken(bArr, false);
        realmsMatch(validateToken);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "validateTokenAndRealm(byte[]) " + hashCode(), validateToken);
        }
        return validateToken;
    }

    public Token validateToken(byte[] bArr) throws WSLoginFailedException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "validateToken(byte[]) " + hashCode(), bArr);
        }
        Token validateToken = validateToken(bArr, false);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "validateToken(byte[]) " + hashCode(), validateToken);
        }
        return validateToken;
    }

    public Token validateToken(byte[] bArr, boolean z) throws WSLoginFailedException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "validateToken(byte[], boolean) " + hashCode(), "credTok = " + bArr + ", refreshIfExpired = " + z);
        }
        if (bArr == null) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "validate: LTPA validate failed " + hashCode());
            }
            Tr.error(tc, "security.ltpa.validate.nulltoken");
            throw new WSLoginFailedException("LTPAServerObject: token passed in is null.");
        }
        if (getUserRegistry() == null) {
            return null;
        }
        Token token = null;
        WSLoginFailedException wSLoginFailedException = null;
        WSLoginFailedException wSLoginFailedException2 = null;
        try {
            token = validateToken(bArr, this.primaryTokenFactoryList, true, z);
        } catch (WSLoginFailedException e) {
            if (e.getCause() instanceof TokenExpiredException) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "validateToken: token is expired. " + hashCode());
                }
                FFDCFilter.processException(e, "com.ibm.ws.security.ltpa.LTPAServerObject.validateToken", "1068", this);
                throw e;
            }
            wSLoginFailedException = e;
        }
        if (token == null && this.secondaryTokenFactoryList != null) {
            try {
                token = validateToken(bArr, this.secondaryTokenFactoryList, false, z);
            } catch (WSLoginFailedException e2) {
                if (e2.getCause() instanceof TokenExpiredException) {
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "validateToken: token is expired. " + hashCode(), e2);
                    }
                    FFDCFilter.processException(e2, "com.ibm.ws.security.ltpa.LTPAServerObject.validateToken", "1090", this);
                    throw e2;
                }
                FFDCFilter.processException(e2, "com.ibm.ws.security.ltpa.LTPAServerObject.validateToken", "1146", this);
                wSLoginFailedException2 = e2;
            }
        }
        if (token != null) {
            realmsMatch(token);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "validateToken(byte[],boolean) " + hashCode(), token);
            }
            return token;
        }
        Tr.debug(tc, "security.ltpa.validate.verifytoken.failed");
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "LTPAServerObject: LTPATokenFactory.validateToken error due to invalid keys or token type. " + hashCode());
        }
        if (wSLoginFailedException2 != null) {
            throw wSLoginFailedException2;
        }
        if (wSLoginFailedException != null) {
            throw wSLoginFailedException;
        }
        throw new WSLoginFailedException("Validation of LTPA token failed due to invalid keys or token type.");
    }

    public Token validateToken(byte[] bArr, List list, boolean z, boolean z2) throws WSLoginFailedException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "validateToken(byte[],List,boolean,boolean)" + hashCode(), new Object[]{bArr, "tokenFactoryList=" + list, "primary=" + z, "refreshIfExpired=" + z2});
        }
        WSLoginFailedException wSLoginFailedException = null;
        Token token = null;
        TokenFactory[] tokenFactoryArr = (TokenFactory[]) list.toArray(new TokenFactory[0]);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "BEGIN VALIDATING TOKEN: some errors may occur, look for SUCCESS:");
        }
        try {
            Integer num = new Integer(bArr.length);
            FactoryPrediction factoryPrediction = (FactoryPrediction) tokenFactoryPredictionMap.get(num);
            if (factoryPrediction == null) {
                synchronized (tokenFactoryPredictionMap) {
                    factoryPrediction = new FactoryPrediction();
                    tokenFactoryPredictionMap.put(num, factoryPrediction);
                }
            }
            int factoryNumber = factoryPrediction.getFactoryNumber();
            for (int i = 0; i < 2; i++) {
                for (int i2 = 0; i2 < tokenFactoryArr.length; i2++) {
                    if ((i == 0 && i2 == factoryNumber) || (i == 1 && i2 != factoryNumber)) {
                        try {
                            try {
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "Calling tokenFactory[" + i2 + "].validateTokenBytes() -> " + tokenFactoryArr[i2].getClass().getName());
                                }
                                token = tokenFactoryArr[i2].validateTokenBytes(bArr);
                                if (token != null && token.isValid()) {
                                    if (tc.isEntryEnabled()) {
                                        Tr.exit(tc, "validateToken(byte[],List,boolean,boolean) -> SUCCESS: validated using tokenFactoryArray[" + i2 + "]: " + tokenFactoryArr[i2].getClass().getName() + " " + hashCode());
                                    }
                                    factoryPrediction.addResult(bArr.length, i2);
                                    if (factoryNumber == i2) {
                                        if (tc.isDebugEnabled()) {
                                            Tr.debug(tc, "Prediction successful:token:" + tokenFactoryArr[i2].getClass().getName() + "::" + bArr.length);
                                        }
                                    } else if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "Prediction failed:token:" + tokenFactoryArr[i2].getClass().getName() + "::" + bArr.length);
                                    }
                                    return token;
                                }
                            } catch (TokenExpiredException e) {
                                if (!z2) {
                                    FFDCFilter.processException(e, "com.ibm.ws.security.ltpa.LTPAServerObject.validate", "1258", this);
                                    Tr.warning(tc, "security.ltpa.validate.tokenexpired", new Object[]{e.getMessage()});
                                    throw new WSLoginFailedException(e.getMessage(), e);
                                }
                                Token token2 = (Token) token.clone();
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "The Token has been cloned, the expiration time is set to " + new Date(token2.getExpiration()));
                                }
                                if (tc.isEntryEnabled()) {
                                    Tr.exit(tc, "validateToken(byte[],List,boolean,boolean) -> SUCCESS: validated using tokenFactoryArray[" + i2 + "]: " + tokenFactoryArr[i2].getClass().getName() + " " + hashCode(), token2);
                                }
                                return token2;
                            }
                        } catch (InvalidTokenException e2) {
                            if (i2 >= tokenFactoryArr.length) {
                                wSLoginFailedException.addException(e2);
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "Exception occurred processing TokenFactory validateTokenBytes.", new Object[]{wSLoginFailedException});
                                }
                                throw wSLoginFailedException;
                            }
                            if (wSLoginFailedException == null) {
                                wSLoginFailedException = new WSLoginFailedException(e2.getMessage(), e2);
                            } else {
                                wSLoginFailedException.addException(e2);
                            }
                        } catch (Exception e3) {
                            if (i2 >= tokenFactoryArr.length) {
                                wSLoginFailedException.addException(e3);
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "Exception occurred processing TokenFactory validateTokenBytes.", new Object[]{wSLoginFailedException});
                                }
                                throw wSLoginFailedException;
                            }
                            if (wSLoginFailedException == null) {
                                wSLoginFailedException = new WSLoginFailedException(e3.getMessage(), e3);
                            } else {
                                wSLoginFailedException.addException(e3);
                            }
                        }
                    }
                }
            }
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "validateToken -> FAILED for " + (z ? "primary." : "secondary. ") + hashCode());
            return null;
        } catch (WSLoginFailedException e4) {
            ArrayList exceptions = e4.getExceptions();
            for (int i3 = 0; i3 < exceptions.size(); i3++) {
                Throwable th = (Throwable) exceptions.get(i3);
                FFDCFilter.processException(th, "com.ibm.ws.security.ltpa.LTPAServerObject.validate", "1291", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception occurred processing TokenFactory validateTokenBytes.", new Object[]{th});
                }
            }
            throw e4;
        }
    }

    public Token validateTokenAndRealm(byte[] bArr, String str) throws WSLoginFailedException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "validateTokenAndRealm(byte[], String) " + hashCode(), new Object[]{bArr, str});
        }
        Token validateToken = validateToken(bArr, str, false);
        realmsMatch(validateToken);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "validateTokenAndRealm(byte[], String) " + hashCode(), validateToken);
        }
        return validateToken;
    }

    public Token validateToken(byte[] bArr, String str, boolean z) throws WSLoginFailedException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "validateToken(byte[],String,boolean) " + hashCode(), new Object[]{bArr, "factoryClass=" + str, "refreshIfExpired=" + z});
        }
        if (str == null) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "factoryClass is null " + hashCode());
            }
            throw new WSLoginFailedException("LTPAServerObject: factoryClass String is null.");
        }
        if (bArr == null) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "validate: LTPA validate failed " + hashCode());
            }
            Tr.error(tc, "security.ltpa.validate.nulltoken");
            throw new WSLoginFailedException("LTPAServerObject: token passed in is null.");
        }
        if (getUserRegistry() == null) {
            return null;
        }
        Token token = null;
        WSLoginFailedException wSLoginFailedException = null;
        WSLoginFailedException wSLoginFailedException2 = null;
        TokenFactory findFactory = findFactory(str, this.primaryTokenFactoryList, true);
        try {
        } catch (WSLoginFailedException e) {
            if (e.getCause() instanceof TokenExpiredException) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "validateToken (Primary): token is expired. " + hashCode(), e);
                }
                throw e;
            }
            wSLoginFailedException = e;
        }
        if (findFactory == null) {
            Tr.error(tc, "security.ltpa.factory.null.error", new Object[]{str});
            WSLoginFailedException wSLoginFailedException3 = new WSLoginFailedException("Primary TokenFactory is null");
            FFDCFilter.processException(wSLoginFailedException3, "com.ibm.ws.security.ltpa.LTPAServerObject.validate", "1345");
            throw wSLoginFailedException3;
        }
        token = validateToken(bArr, findFactory, z);
        if (token == null && this.secondaryTokenFactoryList != null) {
            TokenFactory findFactory2 = findFactory(str, this.secondaryTokenFactoryList, false);
            try {
                if (findFactory2 == null) {
                    Tr.error(tc, "security.ltpa.factory.null.error", new Object[]{str});
                    WSLoginFailedException wSLoginFailedException4 = new WSLoginFailedException("Secondary TokenFactory is null");
                    FFDCFilter.processException(wSLoginFailedException4, "com.ibm.ws.security.ltpa.LTPAServerObject.validate", "1374");
                    throw wSLoginFailedException4;
                }
                token = validateToken(bArr, findFactory2, z);
            } catch (WSLoginFailedException e2) {
                if (e2.getCause() instanceof TokenExpiredException) {
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "validateToken (Secondary): token is expired. " + hashCode(), e2);
                    }
                    throw e2;
                }
                wSLoginFailedException2 = e2;
            }
        }
        if (token != null) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "validateToken with factoryClass " + hashCode(), token);
            }
            return token;
        }
        Tr.debug(tc, "security.ltpa.validate.verifytoken.failed");
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "LTPAServerObject: LTPATokenFactory.validateToken error due to invalid keys or token type. " + hashCode());
        }
        if (wSLoginFailedException2 != null) {
            throw wSLoginFailedException2;
        }
        if (wSLoginFailedException != null) {
            throw wSLoginFailedException;
        }
        throw new WSLoginFailedException("Validation of LTPA token failed due to invalid keys or token type.");
    }

    public Token validateToken(byte[] bArr, TokenFactory tokenFactory, boolean z) throws WSLoginFailedException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "validateToken(byte[],TokenFactory,boolean) " + hashCode(), new Object[]{bArr, "tokenFactory=" + tokenFactory, "refreshIfExpired=" + z});
        }
        Token token = null;
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "BEGIN VALIDATING TOKEN: with specific TokenFactory, look for SUCCESS:");
        }
        if (tokenFactory == null) {
            Tr.error(tc, "security.ltpa.factory.null.error");
            WSLoginFailedException wSLoginFailedException = new WSLoginFailedException("TokenFactory is null");
            FFDCFilter.processException(wSLoginFailedException, "com.ibm.ws.security.ltpa.LTPAServerObject.validate", "1427");
            throw wSLoginFailedException;
        }
        try {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Calling tokenFactory.validateTokenBytes() -> " + tokenFactory.getClass().getName());
            }
            token = tokenFactory.validateTokenBytes(bArr);
            if (token != null && token.isValid()) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "validateToken(byte[],TokenFactory,boolean) -> SUCCESS: validated using specified TokenFactory " + hashCode(), token);
                }
                return token;
            }
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "validateToken -> FAILED. " + hashCode());
            return null;
        } catch (InvalidTokenException e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception occurred processing TokenFactory validateTokenBytes.", new Object[]{e});
            }
            throw new WSLoginFailedException(e.getMessage(), e);
        } catch (TokenExpiredException e2) {
            if (!z) {
                FFDCFilter.processException(e2, "com.ibm.ws.security.ltpa.LTPAServerObject.validate", "1458", this);
                Tr.warning(tc, "security.ltpa.validate.tokenexpired", new Object[]{e2.getMessage()});
                throw new WSLoginFailedException(e2.getMessage(), e2);
            }
            Token token2 = (Token) token.clone();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "The Token has been cloned, the expiration time is set to " + new Date(token2.getExpiration()));
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "validateToken(byte[],TokenFactory,boolean) -> SUCCESS: validated using specified tokenFactory (cloned) " + hashCode(), token2);
            }
            return token2;
        } catch (Exception e3) {
            WSLoginFailedException wSLoginFailedException2 = new WSLoginFailedException(e3.getMessage(), e3);
            FFDCFilter.processException(e3, "com.ibm.ws.security.ltpa.LTPAServerObject.validate", "1466", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception occurred processing TokenFactory validateTokenBytes.", new Object[]{wSLoginFailedException2});
            }
            throw wSLoginFailedException2;
        }
    }

    public WSCredential validate(byte[] bArr) throws WSLoginFailedException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "validate(credTok) " + hashCode(), Integer.valueOf(new ByteArray(bArr).hashCode()));
        }
        Token validateToken = validateToken(bArr);
        if (validateToken == null) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "Problem validating token, returning null. " + hashCode());
            }
            throw new WSLoginFailedException("Problem validating LTPA token.");
        }
        WSCredential validate = validate(validateToken);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "validate (bytes) " + hashCode(), validate);
        }
        return validate;
    }

    public WSCredential validate(final Token token) throws WSLoginFailedException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "validate(token) " + hashCode(), token);
        }
        ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
        if (getUserRegistry() == null || token == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Bootstrap mode: returning unauthenticated cred.");
            }
            try {
                return contextManagerFactory.getUnauthenticatedCredential();
            } catch (WSSecurityException e) {
                throw new WSLoginFailedException(e.getMessage(), e);
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "validation successful - to create credential");
        }
        String str = null;
        try {
            WSCredential wSCredential = null;
            String[] attributes = token.getAttributes("u");
            boolean z = false;
            boolean isUserFromThisRealm = CrossRealmUtil.isUserFromThisRealm(attributes[0]);
            if (!isUserFromThisRealm) {
                z = CrossRealmUtil.isUserFromTrustedForeignRealm(attributes[0]);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "user: " + attributes[0] + " is not from this realm: is user from trusted foreign relam: " + new Boolean(z));
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "user: " + attributes[0] + " is from this realm");
            }
            if (z) {
                wSCredential = CrossRealmUtil.getCredForForeignUser(attributes[0]);
                str = attributes[0];
            }
            if (isUserFromThisRealm || !z) {
                str = getSecurityName(attributes[0]);
            }
            if (SecurityObjectLocator.getSecurityConfig().getActiveUserRegistry().getBoolean("com.ibm.websphere.security.registry.UseTAM") && !RegistryUtil.checkValidUserifTAM(str, getUserRegistry())) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "throwing WSLoginFailedException - User is not valid in Access Manager " + hashCode());
                }
                throw new WSLoginFailedException("User is not valid in Access Manager");
            }
            if (SecurityObjectLocator.getAdminData().getString("com.ibm.ws.security.internalServerId") != null && contextManagerFactory.isInternalServerId(str)) {
                WSCredential serverCredential = contextManagerFactory.getServerCredential();
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "validate: returning server cred " + hashCode(), serverCredential);
                }
                return serverCredential;
            }
            if (wSCredential == null && isUserFromThisRealm) {
                wSCredential = getUserRegistry().createCredential(str);
            }
            final WSCredential wSCredential2 = wSCredential;
            try {
                WSCredential wSCredential3 = (WSCredential) AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.ws.security.ltpa.LTPAServerObject.2
                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws Exception {
                        return new WSCredentialImpl(wSCredential2, LTPAMechOID.value, token, true, token.getExpiration());
                    }
                });
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "validate " + hashCode(), wSCredential3);
                }
                return wSCredential3;
            } catch (PrivilegedActionException e2) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception occurred creating new WS cred.", new Object[]{e2.getException()});
                }
                FFDCFilter.processException(e2.getException(), "com.ibm.ws.security.ltpa.LTPAServerObject.createLTPAToken", "1602", this);
                Exception exception = e2.getException();
                throw new WSLoginFailedException(exception != null ? exception.getMessage() : "Exception occurred creating new WS cred.", exception);
            }
        } catch (WSLoginFailedException e3) {
            FFDCFilter.processException(e3, "com.ibm.ws.security.ltpa.LTPAServerObject.validate", "1613", this);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "validate: LTPA validation failed", e3);
            }
            Tr.error(tc, "security.ltpa.validate.createcredential.failed", new Object[]{null, e3});
            throw e3;
        } catch (Exception e4) {
            FFDCFilter.processException(e4, "com.ibm.ws.security.ltpa.LTPAServerObject.validate", "1620", this);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "validate: LTPA validation failed", e4);
            }
            Tr.error(tc, "security.ltpa.validate.createcredential.failed", new Object[]{null, e4});
            throw new WSLoginFailedException(e4.getMessage(), e4);
        }
    }

    public String validateGetUser(byte[] bArr) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "validateGetUser " + hashCode(), bArr);
        }
        String str = null;
        try {
            Token validateToken = validateToken(bArr);
            if (validateToken == null || !validateToken.isValid()) {
                Tr.error(tc, "security.ltpa.validate.tokenexpired");
            }
            str = getSecurityName(validateToken.getAttributes("u")[0]);
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "validateGetUser: LTPA token is not valid " + hashCode(), e);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "validateGetUser " + hashCode(), str);
        }
        return str;
    }

    public long getExpiration(byte[] bArr) throws InvalidTokenException, TokenExpiredException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getExpiration " + hashCode(), bArr);
        }
        if (bArr == null) {
            throw new InvalidTokenException();
        }
        long j = 0;
        try {
            Token validateToken = validateToken(bArr);
            if (validateToken != null && validateToken.isValid()) {
                j = validateToken.getExpiration();
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getExpiration " + hashCode(), new Long(j));
            }
            return j;
        } catch (Exception e) {
            throw new TokenExpiredException();
        }
    }

    private String getSecurityName(String str) throws CustomRegistryException, EntryNotFoundException, UnsupportedEntryTypeException, RemoteException {
        String groupSecurityName;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSecurityName " + hashCode(), str);
        }
        ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
        String string = SecurityObjectLocator.getAdminData().getString("com.ibm.ws.security.internalServerId");
        if (string != null && contextManagerFactory.isInternalServerId(str)) {
            return string;
        }
        String relativeName = getRelativeName(str);
        if (str.startsWith(supportedTypes[1])) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Calling userRegistry.getUserSecName");
            }
            groupSecurityName = getUserRegistry().getUserSecurityName(relativeName);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Back from  userRegistry.getUserSecName");
            }
        } else {
            if (!str.startsWith(supportedTypes[0])) {
                UnsupportedEntryTypeException unsupportedEntryTypeException = new UnsupportedEntryTypeException("not USER or GROUP");
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "getSecurityName " + hashCode(), unsupportedEntryTypeException);
                }
                Tr.error(tc, "security.ltpa.badtype", new Object[]{unsupportedEntryTypeException});
                throw unsupportedEntryTypeException;
            }
            groupSecurityName = getUserRegistry().getGroupSecurityName(relativeName);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getSecurityName " + hashCode(), groupSecurityName);
        }
        return groupSecurityName;
    }

    private String getRelativeName(String str) throws CustomRegistryException, RemoteException {
        int indexOf = str.indexOf("/");
        String str2 = str;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getRelativeName " + hashCode(), str);
        }
        this.realm = getUserRegistry().getRealm();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "realm from userRegistry.getRealm(): " + this.realm + "\n realm length: " + this.realm.length());
            Tr.debug(tc, "realmIndex: " + indexOf);
        }
        if (indexOf >= 0) {
            int indexOf2 = str.indexOf(":");
            if ((indexOf - indexOf2) - 1 != this.realm.length() || !str.startsWith(this.realm, indexOf2 + 1)) {
                Tr.error(tc, "security.ltpa.realm_mismatch");
                throw new CustomRegistryException("The realm in the token: " + str.substring(indexOf2 + 1, indexOf) + " does not match the current realm: " + this.realm);
            }
            str2 = str.substring(indexOf + 1);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getRelativeName " + hashCode(), str2);
        }
        return str2;
    }

    private byte[] getPrivateKey(byte[] bArr, byte[] bArr2) {
        return new KeyEncryptor(bArr).decrypt((byte[]) bArr2.clone());
    }

    private byte[] getSharedKey(byte[] bArr, byte[] bArr2) {
        return new KeyEncryptor(bArr).decrypt((byte[]) bArr2.clone());
    }

    private byte[] getPublicKey() throws RemoteException {
        return this.publicKey;
    }

    private byte[] getEncPrivateKey() throws RemoteException {
        return this.encryptedPrivateKey;
    }

    private byte[] getEncSharedKey() throws RemoteException {
        return this.encryptedSharedKey;
    }

    public void updateLTPAKeysFromMap(Map map) throws RemoteException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "updateLTPAKeysFromMap " + hashCode(), new Object[]{map});
        }
        LTPAPublicKey lTPAPublicKey = null;
        LTPAPrivateKey lTPAPrivateKey = null;
        byte[] bArr = null;
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Latest keys: " + map);
        }
        if (map != null) {
            Iterator it = map.keySet().iterator();
            while (it.hasNext()) {
                Object obj = map.get((String) it.next());
                if (obj instanceof Key) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Found secret key from Map.");
                    }
                    bArr = ((Key) obj).getEncoded();
                } else if (obj instanceof KeyPair) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Found key pair from Map.");
                    }
                    lTPAPublicKey = new LTPAPublicKey(((KeyPair) obj).getPublicKey().getEncoded());
                    lTPAPrivateKey = new LTPAPrivateKey(((KeyPair) obj).getPrivateKey().getEncoded());
                }
            }
            HashMap primaryTokenFactoryMap = getPrimaryTokenFactoryMap();
            primaryTokenFactoryMap.put("com.ibm.wsspi.security.ltpa.expiration", new Long(expirationLimit));
            if (bArr != null) {
                primaryTokenFactoryMap.put("com.ibm.wsspi.security.ltpa.ltpa_shared_key", bArr);
            }
            if (lTPAPublicKey != null) {
                primaryTokenFactoryMap.put("com.ibm.wsspi.security.ltpa.ltpa_public_key", lTPAPublicKey);
            }
            if (lTPAPrivateKey != null) {
                primaryTokenFactoryMap.put("com.ibm.wsspi.security.ltpa.ltpa_private_key", lTPAPrivateKey);
            }
            TokenFactory[] tokenFactoryArr = (TokenFactory[]) this.primaryTokenFactoryList.toArray(new TokenFactory[0]);
            if (tokenFactoryArr.length > 0) {
                for (int i = 0; i < tokenFactoryArr.length; i++) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Refreshing primary tokenFactory keys for: " + tokenFactoryArr[i].getClass().getName());
                    }
                    tokenFactoryArr[i].initialize(getPrimaryTokenFactoryMap());
                }
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "The keys passed in are null, not updating keys.");
        }
        try {
            ContextManagerFactory.getInstance().refreshServerSubject();
            LTPACrypto.rsaKeysMap.clear();
            LTPACrypto.verifyKeysMap.clear();
            LTPACrypto.cryptoKeysMap.clear();
        } catch (WSSecurityException e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception refreshing server Subject after key generation.", new Object[]{e});
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "updateLTPAKeysFromMap " + hashCode());
        }
    }

    public Map generateKeysForKeySetGroup(Session session, Boolean bool) throws RemoteException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "generateKeysForKeySetGroup " + hashCode(), new Object[]{session, bool});
        }
        ConfigService configService = ConfigServiceFactory.getConfigService();
        Boolean bool2 = Boolean.FALSE;
        if (session == null) {
            session = new Session();
            bool2 = Boolean.TRUE;
        }
        String processType = ManagementScopeManager.getInstance().getProcessType();
        if (processType == null || !(processType.equals("DeploymentManager") || processType.equals(com.ibm.websphere.management.AdminConstants.STANDALONE_PROCESS) || processType.equals(com.ibm.websphere.management.AdminConstants.JOB_MANAGER_PROCESS) || processType.equals(com.ibm.websphere.management.AdminConstants.ADMIN_AGENT_PROCESS))) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Only generate keys in the AdminAgent, JobManager, BASE, UnManagedProcess, or DeploymentManager processes, current process type: " + ManagementScopeManager.getInstance().getProcessType());
            }
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "generateKeysForKeySetGroup (null) " + hashCode());
            return null;
        }
        try {
            this.ltpaKeySetGroupName = SecurityObjectLocator.getSecurityConfig().getActiveAuthMechanism().getString(AuthMechanismConfig.KEY_SET_GROUP);
            AdminCommand createCommand = CommandMgr.getCommandMgr().createCommand("generateKeyForKeySetGroup");
            createCommand.setConfigSession(session);
            createCommand.setParameter("keySetGroupName", this.ltpaKeySetGroupName);
            if (processType.equals("DeploymentManager")) {
                createCommand.setParameter("keySetGroupScope", ManagementScopeManager.getInstance().getCellScopeName());
            } else {
                createCommand.setParameter("keySetGroupScope", ManagementScopeManager.getInstance().getNodeScopeName());
            }
            createCommand.setParameter("keySetGroupUpdateRuntime", bool);
            createCommand.setParameter("keySetGroupSaveConfig", Boolean.FALSE);
            createCommand.execute();
            CommandResult commandResult = createCommand.getCommandResult();
            if (!commandResult.isSuccessful()) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "generateKeysForKeySetGroup: command task result is failure. " + hashCode(), new Object[]{commandResult.getException()});
                }
                throw new RemoteException(commandResult.getException().getMessage());
            }
            Map map = (Map) commandResult.getResult();
            if (bool2 == Boolean.TRUE) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, " Saving the security.xml changes.");
                }
                configService.save(session, true);
                configService.discard(session);
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "generateKeysForKeySetGroup (success) " + hashCode());
            }
            return map;
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.ltpa.LTPAServerObject.generateKeysForKeySetGroup", "1987", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Problem generating SSO keys.  Using old keys still.");
            }
            Tr.error(tc, "security.ltpa.importkeys", new Object[]{e});
            throw new RemoteException("Problem generating SSO keys. Using original values. The exception is " + e.getMessage());
        }
    }

    public synchronized Map importSSOPropertiesToKeySetGroup(Properties properties, byte[] bArr, Session session, Boolean bool) throws Exception {
        if (tc.isEntryEnabled()) {
            TraceComponent traceComponent = tc;
            String str = "importSSOProperties " + hashCode();
            Object[] objArr = new Object[4];
            objArr[0] = properties;
            objArr[1] = bArr == null ? "null" : "*****";
            objArr[2] = session;
            objArr[3] = bool;
            Tr.entry(traceComponent, str, objArr);
        }
        ConfigService configService = ConfigServiceFactory.getConfigService();
        String processType = ManagementScopeManager.getInstance().getProcessType();
        if (processType == null || !(processType.equals("DeploymentManager") || processType.equals(com.ibm.websphere.management.AdminConstants.STANDALONE_PROCESS) || processType.equals(com.ibm.websphere.management.AdminConstants.JOB_MANAGER_PROCESS) || processType.equals(com.ibm.websphere.management.AdminConstants.ADMIN_AGENT_PROCESS))) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Only import properties in the AdminAgent, JobManager, BASE, UnManagedProcess, or DeploymentManager processes, current process type: " + ManagementScopeManager.getInstance().getProcessType());
            }
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "importSSOProperties (null) " + hashCode());
            return null;
        }
        Boolean bool2 = Boolean.FALSE;
        if (session == null) {
            session = new Session();
            bool2 = Boolean.TRUE;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Executing importSSOProperties");
        }
        String property = properties.getProperty("com.ibm.websphere.ltpa.3DESKey");
        String property2 = properties.getProperty("com.ibm.websphere.ltpa.PrivateKey");
        String property3 = properties.getProperty("com.ibm.websphere.ltpa.PublicKey");
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Shared key: " + property);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Private key: " + property2);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Public key: " + property3);
        }
        HashMap hashMap = new HashMap();
        try {
            this.ltpaKeySetGroupName = SecurityObjectLocator.getSecurityConfig().getActiveAuthMechanism().getString(AuthMechanismConfig.KEY_SET_GROUP);
            AdminCommand createCommand = CommandMgr.getCommandMgr().createCommand("getKeySetGroup");
            createCommand.setConfigSession(session);
            createCommand.setParameter("name", this.ltpaKeySetGroupName);
            if (processType.equals("DeploymentManager")) {
                createCommand.setParameter("scopeName", ManagementScopeManager.getInstance().getCellScopeName());
            } else {
                createCommand.setParameter("scopeName", ManagementScopeManager.getInstance().getNodeScopeName());
            }
            createCommand.execute();
            CommandResult commandResult = createCommand.getCommandResult();
            if (!commandResult.isSuccessful()) {
                throw new RemoteException(commandResult.getException().getMessage());
            }
            List list = (List) ConfigServiceHelper.getAttributeValue((AttributeList) commandResult.getResult(), CommandConstants.KEY_SET);
            for (int i = 0; i < list.size(); i++) {
                KeySet keySet = (KeySet) MOFUtil.convertToEObject(session, (ObjectName) list.get(i));
                String name = keySet.getName();
                String scopeName = keySet.getManagementScope().getScopeName();
                boolean isIsKeyPair = keySet.isIsKeyPair();
                WSKeyStore wSKeyStore = new WSKeyStore(keySet.getKeyStore());
                WSKeySet wSKeySet = new WSKeySet(keySet);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Creating new KeyReference for KeySet: " + name);
                }
                AdminCommand createCommand2 = CommandMgr.getCommandMgr().createCommand("createKeyReference");
                createCommand2.setConfigSession(session);
                createCommand2.setParameter("keySetName", name);
                createCommand2.setParameter("keySetScope", scopeName);
                createCommand2.setParameter("keyReferenceSaveConfig", Boolean.FALSE);
                createCommand2.execute();
                CommandResult commandResult2 = createCommand2.getCommandResult();
                if (!commandResult2.isSuccessful()) {
                    throw new RemoteException(commandResult2.getException().getMessage());
                }
                KeyReference keyReference = (KeyReference) MOFUtil.convertToEObject(session, (ObjectName) commandResult2.getResult());
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "New KeyReference version: " + keyReference.getVersion());
                }
                if (isIsKeyPair) {
                    KeyPair keyPair = new KeyPair(new LTPAPublicKey(Base64Coder.base64Decode(property3.getBytes("UTF8"))), new LTPAPrivateKey(getPrivateKey(bArr, Base64Coder.base64Decode(property2.getBytes("UTF8")))));
                    wSKeySet.addKeyReference(new WSKeyPairReference(keyReference, keyPair, wSKeySet, wSKeyStore));
                    hashMap.put(wSKeySet.getAliasPrefix() + "_" + keyReference.getVersion(), keyPair);
                } else {
                    SecretKeySpec secretKeySpec = new SecretKeySpec(getSharedKey(bArr, Base64Coder.base64Decode(property.getBytes("UTF8"))), 0, 24, "3DES");
                    wSKeySet.addKeyReference(new WSKeyReference(keyReference, secretKeySpec, wSKeySet, wSKeyStore));
                    hashMap.put(wSKeySet.getAliasPrefix() + "_" + keyReference.getVersion(), secretKeySpec);
                }
            }
            if (bool != null && bool.booleanValue()) {
                this.objName = getMBean();
                for (ObjectName objectName : AdminServiceFactory.getAdminService().queryNames(new ObjectName("WebSphere:type=SecurityAdmin,*"), null)) {
                    try {
                        if (!this.objName.equals(objectName)) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, " SecurityAdmin object name = " + objectName);
                            }
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, " SecurityAdmin object version is = " + objectName.getKeyProperty("version"));
                            }
                            if (objectName.getKeyProperty("version").startsWith("5.") || objectName.getKeyProperty("version").startsWith("6.0")) {
                                AdminServiceFactory.getAdminService().invoke(objectName, "importLTPAKeys", new Object[]{properties, bArr}, new String[]{"java.util.Properties", "[B"});
                            } else {
                                AdminServiceFactory.getAdminService().invoke(objectName, "updateRuntimeKeys", new Object[]{hashMap}, new String[]{"java.util.Map"});
                            }
                        }
                    } catch (Exception e) {
                        FFDCFilter.processException(e, "com.ibm.ws.ssl.commands.GenerateKeyForKeySetGroup.beforeStepsExecuted", "2160", this);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Exception on MBean call.", new Object[]{e});
                        }
                        throw e;
                    }
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, " SecurityAdmin object name (self) = " + this.objName);
                }
                AdminServiceFactory.getAdminService().invoke(this.objName, "updateRuntimeKeys", new Object[]{hashMap}, new String[]{"java.util.Map"});
            }
            if (bool2 == Boolean.TRUE) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, " Saving the security.xml changes.");
                }
                configService.save(session, true);
                configService.discard(session);
            }
            traceKeyMap(hashMap);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "importSSOProperties (success) " + hashCode());
            }
            return hashMap;
        } catch (Exception e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.ltpa.LTPAServerObject.importSSOPropertiesToKeySetGroup", "2185", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Problem importing SSO keys.  Using old keys still.");
            }
            Tr.error(tc, "security.ltpa.importkeys", new Object[]{e2});
            throw new Exception("Problem importing SSO keys. Using original values. The exception is " + e2.getMessage());
        }
    }

    private ObjectName getMBean() throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getMBean " + hashCode());
        }
        if (this.objName != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Returning MBean");
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getMBean " + hashCode(), this.objName);
            }
            return this.objName;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Getting MBean");
        }
        try {
            this.objName = new ObjectName("WebSphere:type=SecurityAdmin,process=" + AdminServiceFactory.getAdminService().getProcessName() + ",*");
            Iterator it = AdminServiceFactory.getAdminService().queryNames(this.objName, null).iterator();
            if (!it.hasNext()) {
                Tr.error(tc, "security.ctr.nombean.error");
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "getMBean " + hashCode());
                }
                throw new Exception("No SecurityAdmin MBean found: returning null");
            }
            this.objName = (ObjectName) it.next();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, " SecurityAdmin object name = " + this.objName);
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getMBean " + hashCode(), this.objName);
            }
            return this.objName;
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.ltpa.LTPAServerObject.getMBean", "2225", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception on MBean call.", new Object[]{e});
            }
            throw e;
        }
    }

    public synchronized void generateKeys(byte[] bArr) throws RemoteException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "generateKeys " + hashCode());
        }
        this.adminPassword = bArr;
        if (getSharedKey() == null || getLtpaPublicKey() == null || getLtpaPrivateKey() == null) {
            generateKeysForKeySetGroup(null, Boolean.TRUE);
        } else {
            KeyEncryptor keyEncryptor = new KeyEncryptor(this.adminPassword);
            LTPAKeyPair generateLTPAKeyPair = LTPADigSignature.generateLTPAKeyPair();
            this.publicKey = generateLTPAKeyPair.getPublic().getEncoded();
            this.privateKey = generateLTPAKeyPair.getPrivate().getEncoded();
            setLtpaPublicKey(new LTPAPublicKey(this.publicKey));
            setLtpaPrivateKey(new LTPAPrivateKey(this.privateKey));
            this.encryptedPrivateKey = keyEncryptor.encrypt((byte[]) this.privateKey.clone());
            new LTPACrypto();
            setSharedKey(LTPACrypto.generate3DESKey());
            this.encryptedSharedKey = keyEncryptor.encrypt((byte[]) getSharedKey().clone());
            refreshTokenFactories();
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "generateKeys " + hashCode());
        }
    }

    public Properties genKeys(byte[] bArr) throws Exception {
        String property;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "genKeys " + hashCode(), bArr == null ? "null" : "******");
        }
        KeyEncryptor keyEncryptor = new KeyEncryptor(bArr);
        LTPAKeyPair generateLTPAKeyPair = LTPADigSignature.generateLTPAKeyPair();
        byte[] encoded = generateLTPAKeyPair.getPublic().getEncoded();
        byte[] encrypt = keyEncryptor.encrypt((byte[]) generateLTPAKeyPair.getPrivate().getEncoded().clone());
        new LTPACrypto();
        byte[] base64Encode = Base64Coder.base64Encode(keyEncryptor.encrypt((byte[]) LTPACrypto.generate3DESKey().clone()));
        byte[] base64Encode2 = Base64Coder.base64Encode(encrypt);
        byte[] base64Encode3 = Base64Coder.base64Encode(encoded);
        Properties properties = new Properties();
        try {
            properties.put("com.ibm.websphere.ltpa.3DESKey", new String(base64Encode, "UTF8"));
            properties.put("com.ibm.websphere.ltpa.PrivateKey", new String(base64Encode2, "UTF8"));
            properties.put("com.ibm.websphere.ltpa.PublicKey", new String(base64Encode3, "UTF8"));
            properties.put("com.ibm.websphere.ltpa.version", CURRENT_LTPA_VERSION);
            properties.put("com.ibm.websphere.CreationDate", new Date().toString());
            properties.put("com.ibm.websphere.CreationHost", InetAddress.getLocalHost().getHostName());
            ORB oRBInstance = EJSORB.getORBInstance();
            if (oRBInstance != null && (property = oRBInstance.getProperty("com.ibm.CORBA.principalName")) != null && property.length() > 0) {
                properties.put("com.ibm.websphere.ltpa.Realm", property.substring(0, property.indexOf("/")));
            }
        } catch (UnsupportedEncodingException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.ltpa.LTPAServerObject.genKeys", "2322", this);
            Tr.error(tc, "security.ltpa.exportkeys", new Object[]{e});
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Unsupported encoding: UTF8");
            }
            throw new Exception(e.getMessage());
        } catch (UnknownHostException e2) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Unknown host exception");
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "genKeys " + hashCode(), properties);
        }
        return properties;
    }

    public void checkImportSSOProperties(Properties properties, byte[] bArr) throws Exception {
        if (tc.isEntryEnabled()) {
            TraceComponent traceComponent = tc;
            String str = "checkImportSSOProperties " + hashCode();
            Object[] objArr = new Object[2];
            objArr[0] = properties;
            objArr[1] = bArr == null ? "null" : "******";
            Tr.entry(traceComponent, str, objArr);
        }
        String property = properties.getProperty("com.ibm.websphere.ltpa.3DESKey");
        String property2 = properties.getProperty("com.ibm.websphere.ltpa.PrivateKey");
        String property3 = properties.getProperty("com.ibm.websphere.ltpa.PublicKey");
        try {
            byte[] base64Decode = Base64Coder.base64Decode(property.getBytes("UTF8"));
            byte[] base64Decode2 = Base64Coder.base64Decode(property2.getBytes("UTF8"));
            new LTPAPublicKey(Base64Coder.base64Decode(property3.getBytes("UTF8")));
            new LTPAPrivateKey(getPrivateKey(bArr, base64Decode2));
            getSharedKey(bArr, base64Decode);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "checkImportSSOProperties " + hashCode());
            }
        } catch (NullPointerException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.ltpa.LTPAServerObject.checkImportSSOProperties", "2358", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Problem importingSSO keys. Using original values. Make sure that the password is correct.");
            }
            Tr.error(tc, "security.ltpa.checkimportltpakeys", new Object[]{e});
            throw new Exception("Problem importingSSO keys. Using original values. Make sure the password is correct.");
        } catch (Exception e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.ltpa.LTPAServerObject.checkImportSSOProperties", "2365", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Problem importingSSO keys. Using original values.");
            }
            Tr.error(tc, "security.ltpa.checkimportltpakeys", new Object[]{e2});
            throw new Exception("Problem importingSSO keys. Using original values. Check the Password. The exception is " + e2);
        }
    }

    public synchronized void importSSOProperties(Properties properties, byte[] bArr) throws Exception {
        if (tc.isEntryEnabled()) {
            TraceComponent traceComponent = tc;
            String str = "importSSOProperties " + hashCode();
            Object[] objArr = new Object[2];
            objArr[0] = properties;
            objArr[1] = bArr == null ? "null" : "******";
            Tr.entry(traceComponent, str, objArr);
        }
        this.new_adminPassword = bArr;
        String property = properties.getProperty("com.ibm.websphere.ltpa.3DESKey");
        String property2 = properties.getProperty("com.ibm.websphere.ltpa.PrivateKey");
        String property3 = properties.getProperty("com.ibm.websphere.ltpa.PublicKey");
        try {
            this.new_encryptedSharedKey = Base64Coder.base64Decode(property.getBytes("UTF8"));
            this.new_encryptedPrivateKey = Base64Coder.base64Decode(property2.getBytes("UTF8"));
            this.new_publicKey = Base64Coder.base64Decode(property3.getBytes("UTF8"));
            setNewLtpaPublicKey(new LTPAPublicKey(this.new_publicKey));
            this.new_privateKey = getPrivateKey(bArr, this.new_encryptedPrivateKey);
            setNewLtpaPrivateKey(new LTPAPrivateKey(this.new_privateKey));
            this.new_sharedKey = getSharedKey(bArr, this.new_encryptedSharedKey);
            if (getSharedKey() == null || getLtpaPublicKey() == null || getLtpaPrivateKey() == null) {
                importSSOPropertiesToKeySetGroup(properties, bArr, null, Boolean.TRUE);
            } else {
                this.adminPassword = this.new_adminPassword;
                this.encryptedSharedKey = this.new_encryptedSharedKey;
                this.encryptedPrivateKey = this.new_encryptedPrivateKey;
                this.publicKey = this.new_publicKey;
                this.privateKey = this.new_privateKey;
                setLtpaPublicKey(getNewLtpaPublicKey());
                setLtpaPrivateKey(getNewLtpaPrivateKey());
                setSharedKey(this.new_sharedKey);
                refreshTokenFactories();
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "importSSOProperties " + hashCode());
            }
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.ltpa.LTPAServerObject.importSSOProperties", "2404", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Problem importingSSO keys. Using original values.");
            }
            Tr.error(tc, "security.ltpa.importkeys", new Object[]{e});
            throw new Exception("Problem importingSSO keys. Using original values. The exception is " + e.getMessage());
        }
    }

    public Properties exportSSOProperties(byte[] bArr) throws Exception {
        String property;
        if (tc.isEntryEnabled()) {
            TraceComponent traceComponent = tc;
            String str = "exportSSOProperties" + hashCode();
            Object[] objArr = new Object[1];
            objArr[0] = bArr == null ? "null" : "******";
            Tr.entry(traceComponent, str, objArr);
        }
        KeyEncryptor keyEncryptor = bArr != null ? new KeyEncryptor(bArr) : new KeyEncryptor(this.adminPassword);
        byte[] bArr2 = null;
        byte[] bArr3 = null;
        byte[] bArr4 = null;
        if (this.encryptedSharedKey != null && this.encryptedPrivateKey != null && this.publicKey != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exporting the old-style keys.");
            }
            bArr2 = Base64Coder.base64Encode(this.encryptedSharedKey);
            bArr3 = Base64Coder.base64Encode(this.encryptedPrivateKey);
            bArr4 = Base64Coder.base64Encode(this.publicKey);
        } else if (this.generationKeys == null) {
            initializeKeySetGroupKeys();
        } else {
            this.generationKeys = KeySetGroupManager.getInstance().getKeySetGroup(this.ltpaKeySetGroupName).getLatestKeys();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Latest keys: " + this.generationKeys);
            }
        }
        if (this.generationKeys == null) {
            Exception exc = new Exception("Keys do not exist. Make sure the LTPA configuration is setup");
            Tr.error(tc, "security.ltpa.importkeys", new Object[]{exc});
            throw exc;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Exporting the latest keys from the KeySetGroup.");
        }
        Iterator it = this.generationKeys.keySet().iterator();
        while (it.hasNext()) {
            Object obj = this.generationKeys.get((String) it.next());
            if (obj instanceof Key) {
                bArr2 = Base64Coder.base64Encode(keyEncryptor.encrypt((byte[]) ((Key) obj).getEncoded().clone()));
            } else if (obj instanceof KeyPair) {
                LTPAPublicKey lTPAPublicKey = new LTPAPublicKey(((KeyPair) obj).getPublicKey().getEncoded());
                LTPAPrivateKey lTPAPrivateKey = new LTPAPrivateKey(((KeyPair) obj).getPrivateKey().getEncoded());
                byte[] encoded = lTPAPublicKey.getEncoded();
                bArr3 = Base64Coder.base64Encode(keyEncryptor.encrypt((byte[]) lTPAPrivateKey.getEncoded().clone()));
                bArr4 = Base64Coder.base64Encode(encoded);
            }
        }
        Properties properties = new Properties();
        try {
            properties.put("com.ibm.websphere.ltpa.3DESKey", new String(bArr2, "UTF8"));
            properties.put("com.ibm.websphere.ltpa.PrivateKey", new String(bArr3, "UTF8"));
            properties.put("com.ibm.websphere.ltpa.PublicKey", new String(bArr4, "UTF8"));
            properties.put("com.ibm.websphere.ltpa.version", CURRENT_LTPA_VERSION);
            properties.put("com.ibm.websphere.CreationDate", new Date().toString());
            properties.put("com.ibm.websphere.CreationHost", InetAddress.getLocalHost().getHostName());
            ORB oRBInstance = EJSORB.getORBInstance();
            if (oRBInstance != null && (property = oRBInstance.getProperty("com.ibm.CORBA.principalName")) != null && property.length() > 0) {
                properties.put("com.ibm.websphere.ltpa.Realm", property.substring(0, property.indexOf("/")));
            }
        } catch (UnsupportedEncodingException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.ltpa.LTPAServerObject.exportSSOProperties", "2546", this);
            Tr.error(tc, "security.ltpa.exportkeys", new Object[]{e});
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Unsupported encoding: UTF8");
            }
            throw new Exception(e.getMessage());
        } catch (UnknownHostException e2) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Unknown host exception");
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "exportSSOProperties " + hashCode(), properties);
        }
        return properties;
    }

    public byte[] issueLoginToken(BasicAuthData basicAuthData) throws RemoteException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "issueLoginToken " + hashCode());
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "issueLoginToken " + hashCode());
        }
        throw new RemoteException("issueLoginToken not implemented");
    }

    private static byte[] toBytes(String str) {
        byte[] bArr = null;
        try {
            bArr = str.getBytes("UTF8");
        } catch (UnsupportedEncodingException e) {
            Tr.debug(tc, "to UTF8 bytes =" + e.toString());
        }
        return bArr;
    }

    static UserRegistryImpl getUserRegistry() {
        return (UserRegistryImpl) SecurityServerImpl.getRegistryImpl();
    }

    static UserRegistryImpl getUserRegistry(String str) {
        return (UserRegistryImpl) SecurityServerImpl.getRegistryImpl(str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean useFIPS() {
        return _useFIPS;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean forceSoftwareJCEProviderForLTPA() {
        return _forceSoftwareJCEProviderForLTPA;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String defaultJCEProvider() {
        return _defaultJCEProvider;
    }

    public synchronized Map importLTPAKeysToKeySetGroup(String str, String str2, String str3, byte[] bArr, Session session, com.ibm.websphere.models.config.security.Security security) throws Exception {
        if (tc.isEntryEnabled()) {
            TraceComponent traceComponent = tc;
            String str4 = "importLTPAKeysToKeySetGroup " + hashCode();
            Object[] objArr = new Object[4];
            objArr[0] = "privateKeyString: " + str;
            objArr[1] = "publicKeyString: " + str2;
            objArr[2] = "sharedKeyString: " + str3;
            objArr[3] = new StringBuilder().append("password: ").append(bArr).toString() == null ? "null" : "******";
            Tr.entry(traceComponent, str4, objArr);
        }
        Boolean bool = Boolean.FALSE;
        if (session == null) {
            session = new Session();
            bool = Boolean.TRUE;
        }
        HashMap hashMap = new HashMap();
        try {
            EList<KeyStore> keyStores = security.getKeyStores();
            if (keyStores != null) {
                for (KeyStore keyStore : keyStores) {
                    String name = keyStore.getName();
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Key store Name:" + name);
                    }
                    if (name.endsWith(com.ibm.ws.ssl.core.Constants.LTPA_KEYS)) {
                        String expand = KeyStoreManager.getInstance().expand(keyStore.getLocation());
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Key store location:" + expand);
                        }
                        keyStore.setLocation(expand);
                    }
                }
            }
            Iterator it = security.getAuthMechanisms().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Object next = it.next();
                if ((next instanceof LTPA) && ((LTPA) next) != null) {
                    KeyStoreManager.getInstance().loadKeyStores(security);
                    KeySetManager.getInstance().initializeKeySets(security, true);
                    KeySetGroupManager.getInstance().initializeKeySetGroups(security, true);
                    this.ltpaKeySetGroupName = ((LTPA) security.getActiveAuthMechanism()).getKeySetGroup().getName();
                    break;
                }
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "ltpaKeySetGroupName:" + this.ltpaKeySetGroupName);
            }
            WSKeySetGroup keySetGroup = KeySetGroupManager.getInstance().getKeySetGroup(this.ltpaKeySetGroupName);
            if (keySetGroup != null) {
                keySetGroup.getLatestKeys();
            }
            WSKeySet[] allKeySets = keySetGroup.getAllKeySets();
            for (int i = 0; i < allKeySets.length; i++) {
                String name2 = allKeySets[i].getName();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "keySetName:" + name2);
                }
                String managementScopeName = allKeySets[i].getManagementScopeName();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "keySetScope:" + managementScopeName);
                }
                boolean isKeyPair = allKeySets[i].getIsKeyPair();
                WSKeyStore wSKeyStore = allKeySets[i].getWSKeyStore();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Creating new KeyReference for KeySet: " + name2);
                }
                AdminCommand createCommand = CommandMgr.getCommandMgr().createCommand("createKeyReference");
                createCommand.setConfigSession(session);
                createCommand.setParameter("keySetName", name2);
                createCommand.setParameter("keySetScope", managementScopeName);
                createCommand.setParameter("keyReferenceSaveConfig", bool);
                createCommand.execute();
                CommandResult commandResult = createCommand.getCommandResult();
                if (!commandResult.isSuccessful()) {
                    throw new RemoteException(commandResult.getException().getMessage());
                }
                KeyReference keyReference = (KeyReference) MOFUtil.convertToEObject(session, (ObjectName) commandResult.getResult());
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "New KeyReference version: " + keyReference.getVersion());
                }
                if (isKeyPair) {
                    KeyPair keyPair = new KeyPair(new LTPAPublicKey(Base64Coder.base64Decode(str2.getBytes("UTF8"))), new LTPAPrivateKey(getPrivateKey(bArr, Base64Coder.base64Decode(str.getBytes("UTF8")))));
                    allKeySets[i].addKeyReference(new WSKeyPairReference(keyReference, keyPair, allKeySets[i], wSKeyStore));
                    hashMap.put(allKeySets[i].getAliasPrefix() + "_" + keyReference.getVersion(), keyPair);
                } else {
                    SecretKeySpec secretKeySpec = new SecretKeySpec(getSharedKey(bArr, Base64Coder.base64Decode(str3.getBytes("UTF8"))), 0, 24, "3DES");
                    allKeySets[i].addKeyReference(new WSKeyReference(keyReference, secretKeySpec, allKeySets[i], wSKeyStore));
                    hashMap.put(allKeySets[i].getAliasPrefix() + "_" + keyReference.getVersion(), secretKeySpec);
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "importLTPAKeysToKeySetGroup (success) " + hashCode(), hashMap);
            }
            return hashMap;
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.ltpa.LTPAServerObject.importLTPAKeysToKeySetGroup", "2764", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Problem importing previous version keys. ");
            }
            Tr.error(tc, "security.ltpa.importLTPAKeysToKeySetGroup", new Object[]{e});
            throw new Exception("Problem importing previous version keys. The exception is " + e.getMessage());
        }
    }

    private void traceKeyMap(Map map) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "traceKeyMap using default LTPA password to produce encrypted key strings. " + hashCode());
        }
        try {
            if (map != null) {
                KeyEncryptor keyEncryptor = new KeyEncryptor(com.ibm.ws.ssl.core.Constants.DEFAULT_KEYSTORE_PASSWORD.getBytes("UTF8"));
                byte[] bArr = null;
                byte[] bArr2 = null;
                byte[] bArr3 = null;
                Iterator it = map.keySet().iterator();
                while (it.hasNext()) {
                    Object obj = map.get((String) it.next());
                    if (obj instanceof Key) {
                        bArr = Base64Coder.base64Encode(keyEncryptor.encrypt((byte[]) ((Key) obj).getEncoded().clone()));
                    } else if (obj instanceof KeyPair) {
                        LTPAPublicKey lTPAPublicKey = new LTPAPublicKey(((KeyPair) obj).getPublicKey().getEncoded());
                        LTPAPrivateKey lTPAPrivateKey = new LTPAPrivateKey(((KeyPair) obj).getPrivateKey().getEncoded());
                        byte[] encoded = lTPAPublicKey.getEncoded();
                        bArr2 = Base64Coder.base64Encode(keyEncryptor.encrypt((byte[]) lTPAPrivateKey.getEncoded().clone()));
                        bArr3 = Base64Coder.base64Encode(encoded);
                    }
                }
                String str = new String(bArr, "UTF8");
                String str2 = new String(bArr2, "UTF8");
                String str3 = new String(bArr3, "UTF8");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Shared key: " + str);
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Public key: " + str3);
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Private key: " + str2);
                }
                if (tc.isDebugEnabled()) {
                    this._sharedString = str;
                    this._privateString = str2;
                    this._publicString = str3;
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Keys do not exist. Make sure the LTPA configuration is setup");
            }
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Could not trace keys, received exception.", new Object[]{e});
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "traceKeyMap " + hashCode());
        }
    }

    private void traceValidationKeys(Map map) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "traceValidationKeys " + hashCode());
        }
        if (map != null) {
            for (Map map2 : map.values()) {
                if (map2 != null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Validation keyMap: " + map2);
                    }
                    traceKeyMap(map2);
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "traceValidationKeys " + hashCode());
        }
    }

    public void realmsMatch(Token token) throws WSLoginFailedException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "realmsMatch " + hashCode(), token);
        }
        boolean z = false;
        boolean z2 = false;
        try {
            String[] attributes = token.getAttributes("u");
            if (attributes != null && attributes[0] != null) {
                z = CrossRealmUtil.isUserFromThisRealm(attributes[0]);
                if (!z) {
                    z2 = CrossRealmUtil.isUserFromTrustedForeignRealm(attributes[0]);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "user: " + attributes[0] + " is not from this realm: is user from trusted foreign relam: " + new Boolean(z2));
                    }
                } else if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "user: " + attributes[0] + " is from this realm");
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "encountered a null accessID attribute in token");
            }
            if (!z && !z2) {
                throw new WSLoginFailedException("the realms do not match");
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "realmsMatch true " + hashCode());
            }
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule.login", "2898", this);
            Tr.error(tc, "security.ltpa.realm_mismatch");
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "Exception checking for realms match. " + hashCode(), e);
            }
            throw new WSLoginFailedException(e.getMessage(), e);
        }
    }

    public WSCredential authenticateAppUser(BasicAuthData basicAuthData) throws WSLoginFailedException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "authenticateAppUser " + hashCode(), basicAuthData);
        }
        WSCredential wSCredential = null;
        try {
            if (getUserRegistry() == null) {
                wSCredential = ContextManagerFactory.getInstance().getUnauthenticatedCredential();
            }
            if (wSCredential == null) {
                wSCredential = getAppUserRegistry().createCredential(getAppUserRegistry().checkPassword(basicAuthData.getUserid(), basicAuthData.getPassword()));
            }
            if (wSCredential == null) {
                throw new WSLoginFailedException("Credential returned by createCredential is null");
            }
            WSCredential createLTPAToken = createLTPAToken(wSCredential);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "authenticateAppUser " + hashCode(), createLTPAToken);
            }
            return createLTPAToken;
        } catch (TokenCreationFailedException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.ltpa.LTPAServerObject.authenticate", "2948", this);
            Tr.error(tc, "security.ltpa.authenticate", new Object[]{e.getMessage()});
            throw new WSLoginFailedException(e.getMessage(), e);
        } catch (WSLoginFailedException e2) {
            throw e2;
        } catch (Exception e3) {
            FFDCFilter.processException(e3, "com.ibm.ws.security.ltpa.LTPAServerObject.authenticate", "2954", this);
            Tr.error(tc, "security.ltpa.authenticate", new Object[]{e3.getMessage()});
            throw new WSLoginFailedException(e3.getMessage(), e3);
        }
    }

    static UserRegistryImpl getAppUserRegistry() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getAppUserRegistry");
        }
        return (UserRegistryImpl) SecurityServerImpl.getAppRegistryImpl(DomainInfo.getAppRealm());
    }

    public HashMap getLTPAKeyCache(int i) {
        HashMap hashMap = null;
        switch (i) {
            case 1:
                hashMap = this.encryptHashMap;
                break;
            case 2:
                hashMap = this.verifyHashMap;
                break;
            case 3:
                hashMap = this.sighHashMap;
                break;
        }
        return hashMap;
    }

    public LinkedList getLinkedList1(int i) {
        LinkedList linkedList = null;
        switch (i) {
            case 1:
                linkedList = this.el1;
                break;
            case 2:
                linkedList = this.vl1;
                break;
            case 3:
                linkedList = this.sl1;
                break;
        }
        return linkedList;
    }

    public LinkedList getLinkedList2(int i) {
        LinkedList linkedList = null;
        switch (i) {
            case 1:
                linkedList = this.el2;
                break;
            case 2:
                linkedList = this.vl2;
                break;
            case 3:
                linkedList = this.sl2;
                break;
        }
        return linkedList;
    }

    public String getDomainId() {
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getDomainId " + hashCode(), this._domainId);
        }
        return this._domainId;
    }

    public void setDomainId(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setDomainId " + hashCode(), new Object[]{str, this._domainId});
        }
        this._domainId = str;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setDomainId " + hashCode());
        }
    }

    public String toString() {
        return "LTPAServerObject: " + hashCode() + " domainId: " + getDomainId();
    }

    public void getDebugLTPAkeys() {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Shared key: " + this._sharedString);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Public key: " + this._publicString);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Private key: " + this._privateString);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public HashMap getPrimaryTokenFactoryMap() {
        return isAdminAgent ? this.primaryTokenFactoryMap : s_primaryTokenFactoryMap;
    }

    HashMap getSecondaryTokenFactoryMap() {
        return isAdminAgent ? this.secondaryTokenFactoryMap : s_secondaryTokenFactoryMap;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] getSharedKey() {
        return isAdminAgent ? this.sharedKey : s_sharedKey;
    }

    void setSharedKey(byte[] bArr) {
        if (isAdminAgent) {
            this.sharedKey = bArr;
        } else {
            s_sharedKey = bArr;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public LTPAPublicKey getLtpaPublicKey() {
        return isAdminAgent ? this.ltpaPubKey : s_ltpaPubKey;
    }

    void setLtpaPublicKey(LTPAPublicKey lTPAPublicKey) {
        if (isAdminAgent) {
            this.ltpaPubKey = lTPAPublicKey;
        } else {
            s_ltpaPubKey = lTPAPublicKey;
        }
    }

    LTPAPublicKey getNewLtpaPublicKey() {
        return isAdminAgent ? this.new_ltpaPubKey : s_new_ltpaPubKey;
    }

    void setNewLtpaPublicKey(LTPAPublicKey lTPAPublicKey) {
        if (isAdminAgent) {
            this.new_ltpaPubKey = lTPAPublicKey;
        } else {
            s_new_ltpaPubKey = lTPAPublicKey;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public LTPAPrivateKey getLtpaPrivateKey() {
        return isAdminAgent ? this.ltpaPrivKey : s_ltpaPrivKey;
    }

    void setLtpaPrivateKey(LTPAPrivateKey lTPAPrivateKey) {
        if (isAdminAgent) {
            this.ltpaPrivKey = lTPAPrivateKey;
        } else {
            s_ltpaPrivKey = lTPAPrivateKey;
        }
    }

    LTPAPrivateKey getNewLtpaPrivateKey() {
        return isAdminAgent ? this.new_ltpaPrivKey : s_new_ltpaPrivKey;
    }

    void setNewLtpaPrivateKey(LTPAPrivateKey lTPAPrivateKey) {
        if (isAdminAgent) {
            this.new_ltpaPrivKey = lTPAPrivateKey;
        } else {
            s_new_ltpaPrivKey = lTPAPrivateKey;
        }
    }
}
