package com.ibm.ws.webservices.wssecurity.confimpl;

import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.webservices.wssecurity.Constants;
import com.ibm.ws.webservices.wssecurity.WSSAlgorithmFactory;
import com.ibm.ws.webservices.wssecurity.config.AlgorithmConfig;
import com.ibm.ws.webservices.wssecurity.config.CollectionCertStore;
import com.ibm.ws.webservices.wssecurity.config.EncryptionConsumerConfig;
import com.ibm.ws.webservices.wssecurity.config.KeyInfoConsumerConfig;
import com.ibm.ws.webservices.wssecurity.config.KeyInfoContentConsumerConfig;
import com.ibm.ws.webservices.wssecurity.config.KeyStore;
import com.ibm.ws.webservices.wssecurity.config.ReferencePartConfig;
import com.ibm.ws.webservices.wssecurity.config.SignatureConsumerConfig;
import com.ibm.ws.webservices.wssecurity.config.TimestampConsumerConfig;
import com.ibm.ws.webservices.wssecurity.config.WSSConsumerConfig;
import com.ibm.ws.webservices.wssecurity.confimpl.PrivateCommonConfig;
import com.ibm.ws.webservices.wssecurity.dsig.VerifiedConfig;
import com.ibm.ws.webservices.wssecurity.keyinfo.KeyInfoContentConsumerComponent;
import com.ibm.ws.webservices.wssecurity.token.CertCacheManager;
import com.ibm.ws.webservices.wssecurity.util.ConfigValidation;
import com.ibm.ws.webservices.wssecurity.util.DOMUtil;
import com.ibm.wsspi.wssecurity.SoapSecurityException;
import com.ibm.wsspi.wssecurity.config.TokenConsumerConfig;
import com.ibm.wsspi.wssecurity.id.TrustedIDEvaluator;
import com.ibm.wsspi.wssecurity.keyinfo.KeyLocator;
import com.ibm.wsspi.wssecurity.token.TokenConsumerComponent;
import com.ibm.xml.soapsec.token.NonceManager;
import com.ibm.xml.soapsec.util.ConfigUtil;
import com.ibm.xml.soapsec.util.Tr;
import com.ibm.xml.soapsec.util.TraceComponent;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStoreException;
import java.security.Provider;
import java.security.cert.CertStore;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509CertSelector;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.xml.namespace.QName;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;

/* loaded from: input_file:wasJars/was-wssecurity.jar:com/ibm/ws/webservices/wssecurity/confimpl/PrivateConsumerConfig.class */
public abstract class PrivateConsumerConfig extends PrivateCommonConfig implements WSSConsumerConfig {
    private static final String comp = "security.wssecurity";
    protected String _myActor = null;
    protected boolean _ultimateReceiver = false;
    protected boolean _nonceCacheDistributed = false;
    protected final Set _allowedTransforms = new HashSet();
    protected final Set _allowedCanonicalizationMethods = new HashSet();
    protected final Set _allowedSignatureMethods = new HashSet();
    protected final Set _allowedDigestMethods = new HashSet();
    protected final Set _allowedDataEncryptionMethods = new HashSet();
    protected final Set _allowedKeyEncryptionMethods = new HashSet();
    protected final WSSAlgorithmFactory _algorithmFactory = (WSSAlgorithmFactory) WSSAlgorithmFactory.getInstance();
    protected final Set _defaultKeyInfoContentConsumers = new HashSet();
    protected final Set _defaultTokenConsumers = new HashSet();
    protected final Set _defaultJAASConfigs = new HashSet();
    protected final Set _defaultKeyLocators = new HashSet();
    protected boolean _userDefinedComponentsUsed = false;
    protected boolean _verificationRequired = false;
    protected boolean _decryptionRequired = false;
    protected boolean _tokenRequired = false;
    protected boolean _loginRequired = false;
    protected boolean _timestampRequired = false;
    protected final Set _requiredIntegralParts = new HashSet();
    protected final Set _requiredConfidentialParts = new HashSet();
    protected final Set _requiredSecurityTokens = new HashSet();
    protected final Set _callers = new HashSet();
    protected final Set _signatureConsumers = new HashSet();
    protected final Set _encryptionConsumers = new HashSet();
    protected final Set _tokenConsumers = new HashSet();
    protected TimestampConsumerConfImpl _timestampConsumer = null;
    protected NonceManager _nonceManager = null;
    protected CertCacheManager _certManager = null;
    protected int _timestampMaxAge = -1;
    protected int _timestampClockSkew = -1;
    protected Map _properties = null;
    protected boolean _bypassSecurityHeader = false;
    private static final TraceComponent tc = Tr.register(PrivateConsumerConfig.class, "Web Services Security", "com.ibm.ws.webservices.wssecurity.resources.was-wssecurity");
    private static final String clsName = PrivateConsumerConfig.class.getName();

    /* loaded from: input_file:wasJars/was-wssecurity.jar:com/ibm/ws/webservices/wssecurity/confimpl/PrivateConsumerConfig$CallerConfImpl.class */
    public static class CallerConfImpl implements WSSConsumerConfig.CallerConfig {
        public PrivateCommonConfig.ReferencePartConfImpl _part = null;
        public QName _tokenType = null;
        public QName _tokenConsumerType = null;
        public CallerConfImpl _trustMethod = null;
        public final Map _properties = new HashMap();

        @Override // com.ibm.ws.webservices.wssecurity.config.Configuration
        public void validate() throws SoapSecurityException {
            if (this._tokenType == null || this._tokenConsumerType == null) {
                throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s16", toString());
            }
        }

        @Override // com.ibm.ws.webservices.wssecurity.config.WSSConsumerConfig.CallerConfig
        public ReferencePartConfig getPart() {
            return this._part;
        }

        @Override // com.ibm.ws.webservices.wssecurity.config.WSSConsumerConfig.CallerConfig
        public QName getTokenType() {
            return this._tokenType;
        }

        @Override // com.ibm.ws.webservices.wssecurity.config.WSSConsumerConfig.CallerConfig
        public QName getTokenConsumerType() {
            return this._tokenConsumerType;
        }

        @Override // com.ibm.ws.webservices.wssecurity.config.WSSConsumerConfig.CallerConfig
        public WSSConsumerConfig.CallerConfig getTrustMethod() {
            return this._trustMethod;
        }

        @Override // com.ibm.ws.webservices.wssecurity.config.WSSConsumerConfig.CallerConfig
        public Map getProperties() {
            return this._properties;
        }

        public String toString() {
            StringBuffer append = new StringBuffer(getClass().getName()).append("(");
            append.append("part=[").append(this._part).append("], ");
            append.append("tokenType=[").append(this._tokenType).append("], ");
            append.append("tokenConsumerType=[").append(this._tokenConsumerType).append("], ");
            append.append("trustMethod=[").append(this._trustMethod).append("], ");
            append.append("properties=[").append(this._properties).append("]");
            append.append(")");
            return append.toString();
        }
    }

    /* loaded from: input_file:wasJars/was-wssecurity.jar:com/ibm/ws/webservices/wssecurity/confimpl/PrivateConsumerConfig$EncryptionConsumerConfImpl.class */
    public static class EncryptionConsumerConfImpl implements EncryptionConsumerConfig {
        public PrivateCommonConfig.AlgorithmConfImpl _dataEncryptionMethod = null;
        public PrivateCommonConfig.AlgorithmConfImpl _keyEncryptionMethod = null;
        public KeyInfoConsumerConfImpl _encryptionKeyInfo = null;
        public PrivateCommonConfig.ReferencePartConfImpl _reference = null;
        public final Map _properties = new HashMap();
        public final List _identity = new ArrayList();

        @Override // com.ibm.ws.webservices.wssecurity.config.Configuration
        public void validate() throws SoapSecurityException {
            validate(false);
        }

        public void validate(boolean z) throws SoapSecurityException {
            if (this._dataEncryptionMethod == null) {
                throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s19", toString());
            }
            if (this._encryptionKeyInfo == null) {
                throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s20", toString());
            }
            if (this._reference == null && !z) {
                throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s21", toString());
            }
        }

        @Override // com.ibm.ws.webservices.wssecurity.config.EncryptionConsumerConfig
        public AlgorithmConfig getDataEncryptionMethod() {
            return this._dataEncryptionMethod;
        }

        @Override // com.ibm.ws.webservices.wssecurity.config.EncryptionConsumerConfig
        public AlgorithmConfig getKeyEncryptionMethod() {
            return this._keyEncryptionMethod;
        }

        @Override // com.ibm.ws.webservices.wssecurity.config.EncryptionConsumerConfig
        public KeyInfoConsumerConfig getEncryptionKeyInfo() {
            return this._encryptionKeyInfo;
        }

        @Override // com.ibm.ws.webservices.wssecurity.config.EncryptionConsumerConfig
        public ReferencePartConfig getReference() {
            return this._reference;
        }

        @Override // com.ibm.ws.webservices.wssecurity.config.EncryptionConsumerConfig
        public Map getProperties() {
            return this._properties;
        }

        @Override // com.ibm.ws.webservices.wssecurity.config.EncryptionConsumerConfig
        public List getIdentityList() {
            return this._identity;
        }

        public String toString() {
            StringBuffer append = new StringBuffer(getClass().getName()).append("(");
            append.append("dataEncryptionMethod=[").append(this._dataEncryptionMethod).append("], ");
            append.append("keyEncryptionMethod=[").append(this._keyEncryptionMethod).append("], ");
            append.append("encryptionKeyInfo=[").append(this._encryptionKeyInfo).append("], ");
            append.append("reference=[").append(this._reference).append("], ");
            append.append("properties=[").append(this._properties).append("]");
            append.append(")");
            return append.toString();
        }
    }

    /* loaded from: input_file:wasJars/was-wssecurity.jar:com/ibm/ws/webservices/wssecurity/confimpl/PrivateConsumerConfig$KeyInfoConsumerConfImpl.class */
    public static class KeyInfoConsumerConfImpl implements KeyInfoConsumerConfig {
        public List _contentConsumers = null;
        public final List _otherContentConsumers = new ArrayList();

        @Override // com.ibm.ws.webservices.wssecurity.config.Configuration
        public void validate() throws SoapSecurityException {
            if (this._contentConsumers == null || this._contentConsumers.isEmpty()) {
                throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s24", toString());
            }
        }

        @Override // com.ibm.ws.webservices.wssecurity.config.KeyInfoConsumerConfig
        public List getContentConsumers() {
            return this._contentConsumers;
        }

        @Override // com.ibm.ws.webservices.wssecurity.config.KeyInfoConsumerConfig
        public List getOtherContentConsumers() {
            return this._otherContentConsumers;
        }

        public String toString() {
            StringBuffer append = new StringBuffer(getClass().getName()).append("(");
            append.append("contentConsumers=[").append(this._contentConsumers).append("]");
            append.append(")");
            return append.toString();
        }
    }

    /* loaded from: input_file:wasJars/was-wssecurity.jar:com/ibm/ws/webservices/wssecurity/confimpl/PrivateConsumerConfig$KeyInfoContentConsumerConfImpl.class */
    public static class KeyInfoContentConsumerConfImpl implements KeyInfoContentConsumerConfig {
        public String _className = null;
        public KeyInfoContentConsumerComponent _instance = null;
        public String _keyInfoType = null;
        public KeyLocator _keyLocator = null;
        public String _keyName = null;
        public TokenConsumerConfImpl _tokenConsumer = null;
        public final Map _properties = new HashMap();

        @Override // com.ibm.ws.webservices.wssecurity.config.Configuration
        public void validate() throws SoapSecurityException {
            if (this._instance == null) {
                throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s25", toString());
            }
            if (this._keyInfoType == null) {
                throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s26", toString());
            }
        }

        @Override // com.ibm.ws.webservices.wssecurity.config.KeyInfoContentConsumerConfig
        public KeyInfoContentConsumerComponent getInstance() {
            return this._instance;
        }

        @Override // com.ibm.ws.webservices.wssecurity.config.KeyInfoContentConsumerConfig
        public String getKeyInfoType() {
            return this._keyInfoType;
        }

        @Override // com.ibm.ws.webservices.wssecurity.config.KeyInfoContentConsumerConfig
        public KeyLocator getKeyLocator() {
            return this._keyLocator;
        }

        @Override // com.ibm.ws.webservices.wssecurity.config.KeyInfoContentConsumerConfig
        public String getKeyName() {
            return this._keyName;
        }

        @Override // com.ibm.ws.webservices.wssecurity.config.KeyInfoContentConsumerConfig
        public TokenConsumerConfig getTokenConsumer() {
            return this._tokenConsumer;
        }

        @Override // com.ibm.ws.webservices.wssecurity.config.KeyInfoContentConsumerConfig
        public Map getProperties() {
            return this._properties;
        }

        public String toString() {
            StringBuffer append = new StringBuffer(getClass().getName()).append("(");
            append.append("className=[").append(this._className).append("], ");
            append.append("keyInfoType=[").append(this._keyInfoType).append("], ");
            append.append("keyLocator=[").append(this._keyLocator).append("], ");
            append.append("tokenConsumer=[").append(this._tokenConsumer).append("], ");
            append.append("properties=[").append(this._properties).append("]");
            append.append(")");
            return append.toString();
        }
    }

    /* loaded from: input_file:wasJars/was-wssecurity.jar:com/ibm/ws/webservices/wssecurity/confimpl/PrivateConsumerConfig$SignatureConsumerConfImpl.class */
    public static class SignatureConsumerConfImpl implements SignatureConsumerConfig {
        public PrivateCommonConfig.AlgorithmConfImpl _canonicalizationMethod = null;
        public PrivateCommonConfig.AlgorithmConfImpl _signatureMethod = null;
        public PrivateCommonConfig.AlgorithmConfImpl _keyInfoSignature = null;
        public KeyInfoConsumerConfImpl _signingKeyInfo = null;
        public final List _references = new ArrayList();
        public final Map _properties = new HashMap();
        public final Map _identity = new HashMap();
        private boolean _isDecryptionXformEnabled = false;

        @Override // com.ibm.ws.webservices.wssecurity.config.Configuration
        public void validate() throws SoapSecurityException {
            validate(false);
        }

        public void validate(boolean z) throws SoapSecurityException {
            if (this._signingKeyInfo == null) {
                throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s17", toString());
            }
            if (this._references.isEmpty() && !z) {
                throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s18", toString());
            }
        }

        @Override // com.ibm.ws.webservices.wssecurity.config.SignatureConsumerConfig
        public AlgorithmConfig getCanonicalizationMethod() {
            return this._canonicalizationMethod;
        }

        @Override // com.ibm.ws.webservices.wssecurity.config.SignatureConsumerConfig
        public AlgorithmConfig getSignatureMethod() {
            return this._signatureMethod;
        }

        @Override // com.ibm.ws.webservices.wssecurity.config.SignatureConsumerConfig
        public AlgorithmConfig getKeyInfoSignature() {
            return this._keyInfoSignature;
        }

        @Override // com.ibm.ws.webservices.wssecurity.config.SignatureConsumerConfig
        public KeyInfoConsumerConfig getSigningKeyInfo() {
            return this._signingKeyInfo;
        }

        @Override // com.ibm.ws.webservices.wssecurity.config.SignatureConsumerConfig
        public List getReferences() {
            return this._references;
        }

        @Override // com.ibm.ws.webservices.wssecurity.config.SignatureConsumerConfig
        public Map getProperties() {
            return this._properties;
        }

        @Override // com.ibm.ws.webservices.wssecurity.config.SignatureConsumerConfig
        public Map getIdentityMap() {
            return this._identity;
        }

        public String toString() {
            StringBuffer append = new StringBuffer(getClass().getName()).append("(");
            append.append("canonicalizationMethod=[").append(this._canonicalizationMethod).append("], ");
            append.append("signatureMethod=[").append(this._signatureMethod).append("], ");
            append.append("keyInfoSignature=[").append(this._keyInfoSignature).append("], ");
            append.append("signingKeyInfo=[").append(this._signingKeyInfo).append("], ");
            append.append("refereces=[").append(this._references).append("], ");
            append.append("properties=[").append(this._properties).append("], ");
            append.append("isDecryptionXformEnabled=[").append(this._isDecryptionXformEnabled).append("], ");
            append.append(")");
            return append.toString();
        }

        @Override // com.ibm.ws.webservices.wssecurity.config.SignatureConsumerConfig
        public boolean isDecryptionTransformEnabled() {
            return this._isDecryptionXformEnabled;
        }
    }

    /* loaded from: input_file:wasJars/was-wssecurity.jar:com/ibm/ws/webservices/wssecurity/confimpl/PrivateConsumerConfig$TimestampConsumerConfImpl.class */
    public static class TimestampConsumerConfImpl implements TimestampConsumerConfig {
        public String _actor = null;
        public int _timestampMaxAge = 300;
        public int _timestampClockSkew = 0;
        public final Map _properties = new HashMap();

        @Override // com.ibm.ws.webservices.wssecurity.config.Configuration
        public void validate() throws SoapSecurityException {
        }

        @Override // com.ibm.ws.webservices.wssecurity.config.TimestampConsumerConfig
        public String getActor() {
            return this._actor;
        }

        @Override // com.ibm.ws.webservices.wssecurity.config.TimestampConsumerConfig
        public int getTimestampMaxAge() {
            return this._timestampMaxAge;
        }

        @Override // com.ibm.ws.webservices.wssecurity.config.TimestampConsumerConfig
        public int getTimestampClockSkew() {
            return this._timestampClockSkew;
        }

        @Override // com.ibm.ws.webservices.wssecurity.config.TimestampConsumerConfig
        public Map getProperties() {
            return this._properties;
        }

        public String toString() {
            StringBuffer append = new StringBuffer(getClass().getName()).append("(");
            append.append("actor=[").append(this._actor).append("], ");
            append.append("timestampMaxAge=[").append(this._timestampMaxAge).append("], ");
            append.append("timestampClockSkew=[").append(this._timestampClockSkew).append("], ");
            append.append("properties=[").append(this._properties).append("]");
            append.append(")");
            return append.toString();
        }
    }

    /* loaded from: input_file:wasJars/was-wssecurity.jar:com/ibm/ws/webservices/wssecurity/confimpl/PrivateConsumerConfig$TokenConsumerConfImpl.class */
    public static class TokenConsumerConfImpl implements TokenConsumerConfig {
        public String _name = null;
        public String _className = null;
        public TokenConsumerComponent _instance = null;
        public String _usage = null;
        public QName _type = null;
        public TrustedIDEvaluator _trustedIDEvaluator = null;
        public boolean _trustAny = false;
        public Provider _provider = null;
        public PKIXBuilderParameters _pkixBuilderParams = null;
        public boolean _callerRequired = false;
        public Map _callerProperties = null;
        public boolean _trustMethodRequired = false;
        public Map _trustMethodProperties = null;
        public String _jaasConfig = null;
        public final Map _jaasConfigProperties = new HashMap();
        public boolean _usedForVerification = false;
        public boolean _usedForDecryption = false;
        public final Map _properties = new HashMap();
        private volatile boolean _initialized = false;
        public List _certStores = new ArrayList();
        public String _trustAnchorRef = null;
        public KeyStore _trustAnchorKeyStore = null;

        @Override // com.ibm.ws.webservices.wssecurity.config.Configuration
        public void validate() throws SoapSecurityException {
            if (PrivateConsumerConfig.tc.isEntryEnabled()) {
                Tr.entry(PrivateConsumerConfig.tc, "TokenConsumerConfImpl.validate");
            }
            if (this._instance == null) {
                throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s22", toString());
            }
            if (this._type == null) {
                throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s23", toString());
            }
            if (this._certStores.isEmpty() && this._provider == null) {
                String str = (String) this._properties.get(Constants.CERTSTORE_PROVIDER);
                if (ConfigUtil.hasValue(str)) {
                    throw new SoapSecurityException("The cert store security provider '" + str + "' active for the token consumer '" + this._name + "' does not exist.  The cert store security provider is configured on the '" + Constants.CERTSTORE_PROVIDER + "' property.");
                }
            }
            if (PrivateConsumerConfig.tc.isEntryEnabled()) {
                Tr.exit(PrivateConsumerConfig.tc, "TokenConsumerConfImpl.validate");
            }
        }

        protected synchronized void initCerts() {
            if (PrivateConsumerConfig.tc.isEntryEnabled()) {
                Tr.entry(PrivateConsumerConfig.tc, "initCerts()");
            }
            if (this._initialized) {
                if (PrivateConsumerConfig.tc.isEntryEnabled()) {
                    Tr.exit(PrivateConsumerConfig.tc, "initCerts()");
                    return;
                }
                return;
            }
            if (PrivateConsumerConfig.tc.isDebugEnabled()) {
                Tr.debug(PrivateConsumerConfig.tc, "_pkixBuilderParams is " + this._pkixBuilderParams);
                Tr.debug(PrivateConsumerConfig.tc, "_trustAnchorKeyStore is " + this._trustAnchorKeyStore);
                Tr.debug(PrivateConsumerConfig.tc, "_trustAnchorRef is " + this._trustAnchorRef);
            }
            if (this._pkixBuilderParams == null && this._trustAnchorKeyStore != null) {
                if (PrivateConsumerConfig.tc.isDebugEnabled()) {
                    Tr.debug(PrivateConsumerConfig.tc, "Getting java.security.KeyStore instance from trust anchor " + this._trustAnchorRef);
                }
                java.security.KeyStore keyStore = this._trustAnchorKeyStore.getInstance();
                if (PrivateConsumerConfig.tc.isDebugEnabled()) {
                    Tr.debug(PrivateConsumerConfig.tc, "Got java.security.KeyStore instance: " + keyStore);
                }
                if (keyStore == null) {
                    Tr.warning(PrivateConsumerConfig.tc, "security.wssecurity.ConfigValidation.keystore.taref.open", new Object[]{this._trustAnchorRef});
                }
                try {
                    if (PrivateConsumerConfig.tc.isDebugEnabled()) {
                        Tr.debug(PrivateConsumerConfig.tc, "Creating X509CertSelector.");
                    }
                    X509CertSelector x509CertSelector = new X509CertSelector();
                    if (PrivateConsumerConfig.tc.isDebugEnabled()) {
                        Tr.debug(PrivateConsumerConfig.tc, "Creating PKIXBuilderParameters.");
                    }
                    this._pkixBuilderParams = new PKIXBuilderParameters(keyStore, x509CertSelector);
                    this._pkixBuilderParams.setDate(null);
                } catch (InvalidAlgorithmParameterException e) {
                    FFDCFilter.processException(e, PrivateConsumerConfig.clsName + ".WSEMFRequestConsumerConfig", "1291", this);
                    Tr.warning(PrivateConsumerConfig.tc, "security.wssecurity.CommonReceiverConfig.s12", new Object[]{e});
                } catch (KeyStoreException e2) {
                    FFDCFilter.processException(e2, PrivateConsumerConfig.clsName + ".WSEMFRequestConsumerConfig", "1295", this);
                    Tr.warning(PrivateConsumerConfig.tc, "security.wssecurity.CommonReceiverConfig.s12", new Object[]{e2});
                }
            }
            if (this._certStores != null) {
                if (PrivateConsumerConfig.tc.isDebugEnabled()) {
                    Tr.debug(PrivateConsumerConfig.tc, "_certStores is non-null");
                }
                Iterator it = this._certStores.iterator();
                if (!it.hasNext() && PrivateConsumerConfig.tc.isDebugEnabled()) {
                    Tr.debug(PrivateConsumerConfig.tc, "_certStores is empty");
                }
                while (it.hasNext()) {
                    Object next = it.next();
                    if (next instanceof CollectionCertStore) {
                        if (PrivateConsumerConfig.tc.isDebugEnabled()) {
                            Tr.debug(PrivateConsumerConfig.tc, "Instance is a CollectionCertStore, creating CertStore instance.");
                        }
                        CertStore collectionCertStore = ((CollectionCertStore) next).getInstance();
                        if (collectionCertStore != null) {
                            if (this._pkixBuilderParams != null) {
                                if (PrivateConsumerConfig.tc.isDebugEnabled()) {
                                    Tr.debug(PrivateConsumerConfig.tc, "Adding CertStore to pkixBuilderParams.");
                                }
                                this._pkixBuilderParams.addCertStore(collectionCertStore);
                            } else if (PrivateConsumerConfig.tc.isDebugEnabled()) {
                                Tr.debug(PrivateConsumerConfig.tc, "pkixBuilderParams was null; not adding CertStore.");
                            }
                            this._provider = collectionCertStore.getProvider();
                        } else if (PrivateConsumerConfig.tc.isDebugEnabled()) {
                            Tr.debug(PrivateConsumerConfig.tc, "CollectionCertStore.getInstance() returned null.");
                        }
                    } else if (PrivateConsumerConfig.tc.isDebugEnabled()) {
                        Tr.debug(PrivateConsumerConfig.tc, "Instance not a CollectionCertStore, nothing to do.");
                    }
                }
            } else if (PrivateConsumerConfig.tc.isDebugEnabled()) {
                Tr.debug(PrivateConsumerConfig.tc, "_certStores is null");
            }
            this._initialized = true;
            if (PrivateConsumerConfig.tc.isEntryEnabled()) {
                Tr.exit(PrivateConsumerConfig.tc, "initCerts()");
            }
        }

        @Override // com.ibm.wsspi.wssecurity.config.TokenConsumerConfig
        public TokenConsumerComponent getInstance() {
            return this._instance;
        }

        @Override // com.ibm.wsspi.wssecurity.config.TokenConsumerConfig
        public String getUsage() {
            return this._usage;
        }

        @Override // com.ibm.wsspi.wssecurity.config.TokenConsumerConfig
        public QName getType() {
            return this._type;
        }

        @Override // com.ibm.wsspi.wssecurity.config.TokenConsumerConfig
        public TrustedIDEvaluator getTrustedIDEvaluator() {
            return this._trustedIDEvaluator;
        }

        @Override // com.ibm.wsspi.wssecurity.config.TokenConsumerConfig
        public boolean isTrustAnyCertificate() {
            return this._trustAny;
        }

        @Override // com.ibm.wsspi.wssecurity.config.TokenConsumerConfig
        public Provider getProvider() {
            initCerts();
            return this._provider;
        }

        @Override // com.ibm.wsspi.wssecurity.config.TokenConsumerConfig
        public PKIXBuilderParameters getPKIXBuilderParameters() {
            initCerts();
            return this._pkixBuilderParams;
        }

        @Override // com.ibm.wsspi.wssecurity.config.TokenConsumerConfig
        public boolean isCallerRequired() {
            return this._callerRequired;
        }

        @Override // com.ibm.wsspi.wssecurity.config.TokenConsumerConfig
        public Map getCallerProperties() {
            return this._callerProperties;
        }

        @Override // com.ibm.wsspi.wssecurity.config.TokenConsumerConfig
        public boolean isTrustMethodRequired() {
            return this._trustMethodRequired;
        }

        @Override // com.ibm.wsspi.wssecurity.config.TokenConsumerConfig
        public Map getTrustMethodProperties() {
            return this._trustMethodProperties;
        }

        @Override // com.ibm.wsspi.wssecurity.config.TokenConsumerConfig
        public String getJAASConfig() {
            return this._jaasConfig;
        }

        @Override // com.ibm.wsspi.wssecurity.config.TokenConsumerConfig
        public Map getJAASConfigProperties() {
            return this._jaasConfigProperties;
        }

        @Override // com.ibm.wsspi.wssecurity.config.TokenConsumerConfig
        public boolean isUsedForVerification() {
            return this._usedForVerification;
        }

        @Override // com.ibm.wsspi.wssecurity.config.TokenConsumerConfig
        public boolean isUsedForDecryption() {
            return this._usedForDecryption;
        }

        @Override // com.ibm.wsspi.wssecurity.config.TokenConsumerConfig
        public Map getProperties() {
            return this._properties;
        }

        public String toString() {
            StringBuffer append = new StringBuffer(getClass().getName()).append("(");
            append.append("className=[").append(this._className).append("], ");
            append.append("usage=[").append(this._usage).append("], ");
            append.append("type=[").append(this._type).append("], ");
            append.append("trustedIdEvaluator=[").append(this._trustedIDEvaluator).append("], ");
            append.append("trustAny=[").append(this._trustAny).append("], ");
            append.append("provider=[").append(this._provider).append("], ");
            append.append("pkixBuilderParams=[").append(this._pkixBuilderParams).append("], ");
            append.append("callerRequired=[").append(this._callerRequired).append("], ");
            append.append("callerProperties=[").append(this._callerProperties).append("], ");
            append.append("trustMethodRequired=[").append(this._trustMethodRequired).append("], ");
            append.append("trustMethodProperties=[").append(this._trustMethodProperties).append("], ");
            append.append("jaasConfig=[").append(this._jaasConfig).append("], ");
            append.append("jaasConfigProperties=[").append(this._jaasConfigProperties).append("], ");
            append.append("usedForVerification=[").append(this._usedForVerification).append("], ");
            append.append("usedForDecryption=[").append(this._usedForDecryption).append("], ");
            append.append("properties=[").append(this._properties).append("]");
            append.append(")");
            return append.toString();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void processPrivateConfig(Document document) throws SoapSecurityException {
        boolean z;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "processPrivateConfig(Document pconfig[" + document + "])");
        }
        if (ConfigValidation.isFipsEnabled()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "isFipsEnabled() is true; getting FIPS algorithms");
            }
            z = true;
        } else {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "isFipsEnabled() is false; getting non-FIPS algorithms");
            }
            z = false;
        }
        NodeList elementsByTagNameNS = document.getElementsByTagNameNS("http://www.ibm.com/xml/soapsec/config", "Transform");
        int length = elementsByTagNameNS.getLength();
        for (int i = 0; i < length; i++) {
            this._allowedTransforms.add(DOMUtil.getAttribute((Element) elementsByTagNameNS.item(i), "algorithm"));
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Allowed Transforms:", new Object[]{this._allowedTransforms});
        }
        if (this._allowedTransforms.isEmpty()) {
            Tr.warning(tc, "security.wssecurity.PrivateGeneratorConfig.s11");
        }
        NodeList elementsByTagNameNS2 = document.getElementsByTagNameNS("http://www.ibm.com/xml/soapsec/config", "canonicalizationMethod");
        int length2 = elementsByTagNameNS2.getLength();
        for (int i2 = 0; i2 < length2; i2++) {
            this._allowedCanonicalizationMethods.add(DOMUtil.getAttribute((Element) elementsByTagNameNS2.item(i2), "algorithm"));
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Allowed canonicalizationMethods:", new Object[]{this._allowedCanonicalizationMethods});
        }
        if (this._allowedCanonicalizationMethods.isEmpty()) {
            Tr.warning(tc, "security.wssecurity.PrivateGeneratorConfig.s12");
        }
        NodeList elementsByTagNameNS3 = z ? document.getElementsByTagNameNS("http://www.ibm.com/xml/soapsec/config", "fipsSignatureMethod") : document.getElementsByTagNameNS("http://www.ibm.com/xml/soapsec/config", "signatureMethod");
        int length3 = elementsByTagNameNS3.getLength();
        for (int i3 = 0; i3 < length3; i3++) {
            this._allowedSignatureMethods.add(DOMUtil.getAttribute((Element) elementsByTagNameNS3.item(i3), "algorithm"));
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Allowed signatureMethods:", new Object[]{this._allowedSignatureMethods});
        }
        if (this._allowedSignatureMethods.isEmpty()) {
            Tr.warning(tc, "security.wssecurity.PrivateGeneratorConfig.s13");
        }
        NodeList elementsByTagNameNS4 = z ? document.getElementsByTagNameNS("http://www.ibm.com/xml/soapsec/config", "fipsDigestMethod") : document.getElementsByTagNameNS("http://www.ibm.com/xml/soapsec/config", "digestMethod");
        int length4 = elementsByTagNameNS4.getLength();
        for (int i4 = 0; i4 < length4; i4++) {
            this._allowedDigestMethods.add(DOMUtil.getAttribute((Element) elementsByTagNameNS4.item(i4), "algorithm"));
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Allowed digestMethods:", new Object[]{this._allowedDigestMethods});
        }
        if (this._allowedDigestMethods.isEmpty()) {
            Tr.warning(tc, "security.wssecurity.PrivateGeneratorConfig.s14");
        }
        NodeList elementsByTagNameNS5 = z ? document.getElementsByTagNameNS("http://www.ibm.com/xml/soapsec/config", "fipsEncryptionMethod") : document.getElementsByTagNameNS("http://www.ibm.com/xml/soapsec/config", "encryptionMethod");
        int length5 = elementsByTagNameNS5.getLength();
        for (int i5 = 0; i5 < length5; i5++) {
            this._allowedDataEncryptionMethods.add(DOMUtil.getAttribute((Element) elementsByTagNameNS5.item(i5), "algorithm"));
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Allowed encryptionMethods:", new Object[]{this._allowedDataEncryptionMethods});
        }
        if (this._allowedDataEncryptionMethods.isEmpty()) {
            Tr.warning(tc, "security.wssecurity.PrivateGeneratorConfig.s15");
        }
        NodeList elementsByTagNameNS6 = z ? document.getElementsByTagNameNS("http://www.ibm.com/xml/soapsec/config", "fipsKeyEncryptionMethod") : document.getElementsByTagNameNS("http://www.ibm.com/xml/soapsec/config", "keyEncryptionMethod");
        int length6 = elementsByTagNameNS6.getLength();
        for (int i6 = 0; i6 < length6; i6++) {
            String attribute = DOMUtil.getAttribute((Element) elementsByTagNameNS6.item(i6), "algorithm");
            if (ConfigValidation.isAlgoSupportedByRuntime(attribute)) {
                this._allowedKeyEncryptionMethods.add(attribute);
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Allowed keyEncryptionMethods:", new Object[]{this._allowedKeyEncryptionMethods});
        }
        if (this._allowedKeyEncryptionMethods.isEmpty()) {
            Tr.warning(tc, "security.wssecurity.PrivateGeneratorConfig.s16");
        }
        NodeList elementsByTagNameNS7 = document.getElementsByTagNameNS("http://www.ibm.com/xml/soapsec/config", "KeyInfoContentConsumer");
        int length7 = elementsByTagNameNS7.getLength();
        for (int i7 = 0; i7 < length7; i7++) {
            this._defaultKeyInfoContentConsumers.add(DOMUtil.getAttribute((Element) elementsByTagNameNS7.item(i7), "class"));
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Default KeyInfoContentConsumer:", new Object[]{this._defaultKeyInfoContentConsumers});
        }
        if (this._defaultKeyInfoContentConsumers.isEmpty()) {
            Tr.warning(tc, "security.wssecurity.WSEC6711W");
        }
        NodeList elementsByTagNameNS8 = document.getElementsByTagNameNS("http://www.ibm.com/xml/soapsec/config", "TokenConsumer");
        int length8 = elementsByTagNameNS8.getLength();
        for (int i8 = 0; i8 < length8; i8++) {
            this._defaultTokenConsumers.add(DOMUtil.getAttribute((Element) elementsByTagNameNS8.item(i8), "class"));
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Default TokenConsumer:", new Object[]{this._defaultTokenConsumers});
        }
        if (this._defaultTokenConsumers.isEmpty()) {
            Tr.warning(tc, "security.wssecurity.WSEC6712W");
        }
        NodeList elementsByTagNameNS9 = document.getElementsByTagNameNS("http://www.ibm.com/xml/soapsec/config", "JAASConfig");
        int length9 = elementsByTagNameNS9.getLength();
        for (int i9 = 0; i9 < length9; i9++) {
            this._defaultJAASConfigs.add(DOMUtil.getAttribute((Element) elementsByTagNameNS9.item(i9), "name"));
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Default JAAS configuration:", new Object[]{this._defaultJAASConfigs});
        }
        if (this._defaultJAASConfigs.isEmpty()) {
            Tr.warning(tc, "security.wssecurity.WSEC6713W");
        }
        NodeList elementsByTagNameNS10 = document.getElementsByTagNameNS("http://www.ibm.com/xml/soapsec/config", "KeyLocator");
        int length10 = elementsByTagNameNS10.getLength();
        for (int i10 = 0; i10 < length10; i10++) {
            this._defaultKeyLocators.add(DOMUtil.getAttribute((Element) elementsByTagNameNS10.item(i10), "class"));
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Default KeyLocator:", new Object[]{this._defaultKeyLocators});
        }
        if (this._defaultKeyLocators.isEmpty()) {
            Tr.warning(tc, "security.wssecurity.WSEC6714W");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "processPrivateConfig(Document pconfig)");
        }
    }

    @Override // com.ibm.ws.webservices.wssecurity.config.Configuration
    public void validate() throws SoapSecurityException {
        validate(false);
    }

    public void validate(boolean z) throws SoapSecurityException {
        String str;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "validate(boolean defaultConfig[" + z + "])");
        }
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        for (PrivateCommonConfig.ReferencePartConfImpl referencePartConfImpl : this._requiredIntegralParts) {
            int i = 0;
            int i2 = 0;
            int i3 = 0;
            referencePartConfImpl.validate();
            if (referencePartConfImpl._usage != null && ConfigUtil.isUsage(referencePartConfImpl._usage) < 0) {
                throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s02", referencePartConfImpl._usage, referencePartConfImpl.toString());
            }
            for (PrivateCommonConfig.PartConfImpl partConfImpl : referencePartConfImpl._parts) {
                partConfImpl.validate();
                if (partConfImpl.isNonce()) {
                    i2++;
                } else if (partConfImpl.isTimestamp()) {
                    i3++;
                } else {
                    i++;
                }
                String str2 = partConfImpl._dialect;
                String str3 = partConfImpl._keyword;
                if (Constants.DIALECT_WAS.equals(str2)) {
                    int isIntegralWASDialect = ConfigUtil.isIntegralWASDialect(str3);
                    if (isIntegralWASDialect == 1 && partConfImpl.isTimestamp()) {
                        throw new SoapSecurityException("security.wssecurity.TimestampGenerator.s02");
                    }
                    if (isIntegralWASDialect == 3) {
                        hashSet.add(referencePartConfImpl);
                    } else if (isIntegralWASDialect == 4) {
                        hashSet2.add(referencePartConfImpl);
                    } else if (isIntegralWASDialect < 0) {
                        throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s03", str3, partConfImpl.toString());
                    }
                } else if (Constants.DIALECT_FUNCTION.equals(str2)) {
                    if (str3 == null) {
                        throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s04", str2, partConfImpl.toString());
                    }
                } else {
                    if (!Constants.DIALECT_XPATH.equals(str2)) {
                        throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s05", str2, partConfImpl.toString());
                    }
                    if (str3 == null) {
                        throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s04", str2, partConfImpl.toString());
                    }
                }
            }
            if (i2 > 0 || i3 > 0) {
                if (i <= 0) {
                    throw new SoapSecurityException("security.wssecurity.PrivateConsumerConfig.s36");
                }
            }
        }
        for (PrivateCommonConfig.ReferencePartConfImpl referencePartConfImpl2 : this._requiredConfidentialParts) {
            int i4 = 0;
            int i5 = 0;
            int i6 = 0;
            referencePartConfImpl2.validate();
            if (referencePartConfImpl2._usage != null && ConfigUtil.isUsage(referencePartConfImpl2._usage) < 0) {
                throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s02", referencePartConfImpl2._usage, referencePartConfImpl2.toString());
            }
            for (PrivateCommonConfig.PartConfImpl partConfImpl2 : referencePartConfImpl2._parts) {
                partConfImpl2.validate();
                if (partConfImpl2.isNonce()) {
                    i5++;
                } else if (partConfImpl2.isTimestamp()) {
                    i6++;
                } else {
                    i4++;
                }
                String str4 = partConfImpl2._dialect;
                String str5 = partConfImpl2._keyword;
                if (Constants.DIALECT_WAS.equals(str4)) {
                    if (ConfigUtil.isConfidentialWASDialect(str5) < 0) {
                        throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s03", str5, partConfImpl2.toString());
                    }
                } else if (Constants.DIALECT_FUNCTION.equals(str4)) {
                    if (str5 == null) {
                        throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s04", str4, partConfImpl2.toString());
                    }
                } else {
                    if (!Constants.DIALECT_XPATH.equals(str4)) {
                        throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s05", str4, partConfImpl2.toString());
                    }
                    if (str5 == null) {
                        throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s04", str4, partConfImpl2.toString());
                    }
                }
            }
            if (i5 > 0 || i6 > 0) {
                if (i4 <= 0) {
                    throw new SoapSecurityException("security.wssecurity.PrivateConsumerConfig.s36");
                }
            }
        }
        if (z) {
            HashMap hashMap = new HashMap();
            for (TokenConsumerConfImpl tokenConsumerConfImpl : this._tokenConsumers) {
                hashMap.put(tokenConsumerConfImpl.getType(), tokenConsumerConfImpl);
            }
            for (TokenConsumerConfImpl tokenConsumerConfImpl2 : this._requiredSecurityTokens) {
                QName type = tokenConsumerConfImpl2.getType();
                if (((TokenConsumerConfImpl) hashMap.get(type)) == null) {
                    throw new SoapSecurityException("There is a required security token that does not have a matching token consumer. Its name is [" + tokenConsumerConfImpl2._name + "] and its type is [" + type + "].");
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Found token consumer of type [" + type + "].");
                }
            }
        } else {
            for (TokenConsumerConfImpl tokenConsumerConfImpl3 : this._requiredSecurityTokens) {
                if (!this._tokenConsumers.contains(tokenConsumerConfImpl3)) {
                    throw new SoapSecurityException("There is a required security token that no token consumer references. Its name is [" + tokenConsumerConfImpl3._name + "].");
                }
            }
        }
        if (this._callers != null) {
            for (CallerConfImpl callerConfImpl : this._callers) {
                callerConfImpl.validate();
                QName qName = callerConfImpl._tokenType;
                PrivateCommonConfig.ReferencePartConfImpl referencePartConfImpl3 = callerConfImpl._part;
                if (referencePartConfImpl3 != null && (Constants.UNTOKEN.equals(qName) || Constants.KERBEROSV5_ST.equals(qName) || Constants.KERBEROSV5_TGT.equals(qName))) {
                    throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s06", callerConfImpl.toString());
                }
                if (referencePartConfImpl3 != null && !ConfigUtil.isUsageRequired(referencePartConfImpl3._usage)) {
                    throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s33", callerConfImpl.toString());
                }
                if (!checkCallerRequired(this._tokenConsumers)) {
                    throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s34", qName.toString());
                }
                CallerConfImpl callerConfImpl2 = callerConfImpl._trustMethod;
                if (callerConfImpl2 != null) {
                    QName qName2 = callerConfImpl2._tokenType;
                    PrivateCommonConfig.ReferencePartConfImpl referencePartConfImpl4 = callerConfImpl2._part;
                    if (referencePartConfImpl4 != null && (qName2 == null || Constants.UNTOKEN.equals(qName2) || Constants.KERBEROSV5_ST.equals(qName2) || Constants.KERBEROSV5_TGT.equals(qName2))) {
                        throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s07", callerConfImpl2.toString());
                    }
                    if (referencePartConfImpl4 != null && !ConfigUtil.isUsageRequired(referencePartConfImpl4._usage)) {
                        throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s33", callerConfImpl2.toString());
                    }
                    if (qName2 != null && !checkTrustMethodRequired(this._tokenConsumers)) {
                        throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s34", qName2.toString());
                    }
                }
            }
        }
        for (SignatureConsumerConfImpl signatureConsumerConfImpl : this._signatureConsumers) {
            signatureConsumerConfImpl.validate(z);
            PrivateCommonConfig.AlgorithmConfImpl algorithmConfImpl = signatureConsumerConfImpl._canonicalizationMethod;
            if (algorithmConfImpl != null) {
                algorithmConfImpl.validate();
                if (!this._allowedCanonicalizationMethods.contains(algorithmConfImpl._algorithm)) {
                    throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s08", algorithmConfImpl._algorithm);
                }
            }
            PrivateCommonConfig.AlgorithmConfImpl algorithmConfImpl2 = signatureConsumerConfImpl._signatureMethod;
            boolean z2 = false;
            String str6 = null;
            if (algorithmConfImpl2 != null) {
                algorithmConfImpl2.validate();
                if (!this._allowedSignatureMethods.contains(algorithmConfImpl2._algorithm)) {
                    throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s09", algorithmConfImpl2._algorithm);
                }
                str6 = algorithmConfImpl2._algorithm;
                z2 = ConfigUtil.isSecretKeyAlgorithm(str6);
            }
            PrivateCommonConfig.AlgorithmConfImpl algorithmConfImpl3 = signatureConsumerConfImpl._keyInfoSignature;
            if (algorithmConfImpl3 != null) {
                algorithmConfImpl3.validate();
                if (ConfigUtil.isKeyInfoSignature(algorithmConfImpl3._algorithm) < 0) {
                    throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s10", algorithmConfImpl3._algorithm);
                }
            }
            PrivateCommonConfig.ReferencePartConfImpl referencePartConfImpl5 = null;
            for (PrivateCommonConfig.SigningReferenceConfImpl signingReferenceConfImpl : signatureConsumerConfImpl.getReferences()) {
                signingReferenceConfImpl.validate();
                PrivateCommonConfig.AlgorithmConfImpl algorithmConfImpl4 = signingReferenceConfImpl._digestMethod;
                if (algorithmConfImpl4 != null) {
                    algorithmConfImpl4.validate();
                    if (!this._allowedDigestMethods.contains(algorithmConfImpl4._algorithm)) {
                        throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s11", algorithmConfImpl4._algorithm);
                    }
                }
                boolean z3 = false;
                for (PrivateCommonConfig.AlgorithmConfImpl algorithmConfImpl5 : signingReferenceConfImpl.getTransforms()) {
                    algorithmConfImpl5.validate();
                    if (!this._allowedTransforms.contains(algorithmConfImpl5._algorithm)) {
                        throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s12", algorithmConfImpl5._algorithm);
                    }
                    if ("http://www.w3.org/2002/07/decrypt#XML".equals(algorithmConfImpl5._algorithm)) {
                        signatureConsumerConfImpl._isDecryptionXformEnabled = true;
                    } else if ("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform".equals(algorithmConfImpl5._algorithm)) {
                        z3 = true;
                    }
                }
                if (z3 && referencePartConfImpl5 == null) {
                    if (hashSet.contains(signingReferenceConfImpl._reference)) {
                        referencePartConfImpl5 = signingReferenceConfImpl._reference;
                    } else if (hashSet2.contains(signingReferenceConfImpl._reference)) {
                        referencePartConfImpl5 = signingReferenceConfImpl._reference;
                    }
                }
            }
            KeyInfoConsumerConfImpl keyInfoConsumerConfImpl = signatureConsumerConfImpl._signingKeyInfo;
            keyInfoConsumerConfImpl.validate();
            for (KeyInfoContentConsumerConfImpl keyInfoContentConsumerConfImpl : keyInfoConsumerConfImpl._contentConsumers) {
                keyInfoContentConsumerConfImpl.validate();
                if (ConfigUtil.isKeyInfoType(keyInfoContentConsumerConfImpl._keyInfoType) < 0) {
                    throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s13", keyInfoContentConsumerConfImpl.toString());
                }
                if (z2) {
                    if (ConfigUtil.isKeyInfoEmb(keyInfoContentConsumerConfImpl._keyInfoType)) {
                        throw SoapSecurityException.format("security.wssecurity.PrivateGeneratorConfig.s08", str6, keyInfoContentConsumerConfImpl._keyInfoType);
                    }
                    if (ConfigUtil.isKeyInfoX509issuer(keyInfoContentConsumerConfImpl._keyInfoType)) {
                        throw SoapSecurityException.format("security.wssecurity.PrivateGeneratorConfig.s08", str6, keyInfoContentConsumerConfImpl._keyInfoType);
                    }
                } else if (referencePartConfImpl5 != null && keyInfoContentConsumerConfImpl._tokenConsumer == null) {
                    throw SoapSecurityException.format("security.wssecurity.PrivateGeneratorConfig.s35");
                }
            }
            checkIdentity(signatureConsumerConfImpl, this._signatureConsumers);
        }
        if (this._signatureConsumers.size() > 1) {
            for (SignatureConsumerConfImpl signatureConsumerConfImpl2 : this._signatureConsumers) {
                KeyInfoConsumerConfImpl keyInfoConsumerConfImpl2 = signatureConsumerConfImpl2._signingKeyInfo;
                for (SignatureConsumerConfImpl signatureConsumerConfImpl3 : this._signatureConsumers) {
                    if (!signatureConsumerConfImpl2.equals(signatureConsumerConfImpl3)) {
                        keyInfoConsumerConfImpl2._otherContentConsumers.addAll(signatureConsumerConfImpl3._signingKeyInfo._contentConsumers);
                    }
                }
            }
        }
        for (EncryptionConsumerConfImpl encryptionConsumerConfImpl : this._encryptionConsumers) {
            encryptionConsumerConfImpl.validate(z);
            PrivateCommonConfig.AlgorithmConfImpl algorithmConfImpl6 = encryptionConsumerConfImpl._dataEncryptionMethod;
            algorithmConfImpl6.validate();
            if (!this._allowedDataEncryptionMethods.contains(algorithmConfImpl6._algorithm)) {
                throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s14", algorithmConfImpl6._algorithm);
            }
            String str7 = algorithmConfImpl6._algorithm;
            boolean isSecretKeyAlgorithm = ConfigUtil.isSecretKeyAlgorithm(str7);
            PrivateCommonConfig.AlgorithmConfImpl algorithmConfImpl7 = encryptionConsumerConfImpl._keyEncryptionMethod;
            if (algorithmConfImpl7 != null) {
                algorithmConfImpl7.validate();
                if (!this._allowedKeyEncryptionMethods.contains(algorithmConfImpl7._algorithm)) {
                    throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s15", algorithmConfImpl7._algorithm);
                }
                str7 = algorithmConfImpl7._algorithm;
                isSecretKeyAlgorithm = ConfigUtil.isSecretKeyAlgorithm(str7);
            }
            KeyInfoConsumerConfImpl keyInfoConsumerConfImpl3 = encryptionConsumerConfImpl._encryptionKeyInfo;
            keyInfoConsumerConfImpl3.validate();
            for (KeyInfoContentConsumerConfImpl keyInfoContentConsumerConfImpl2 : keyInfoConsumerConfImpl3._contentConsumers) {
                keyInfoContentConsumerConfImpl2.validate();
                if (ConfigUtil.isKeyInfoType(keyInfoContentConsumerConfImpl2._keyInfoType) < 0) {
                    throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s13", keyInfoContentConsumerConfImpl2.toString());
                }
                if (isSecretKeyAlgorithm) {
                    if (ConfigUtil.isKeyInfoEmb(keyInfoContentConsumerConfImpl2._keyInfoType)) {
                        throw SoapSecurityException.format("security.wssecurity.PrivateGeneratorConfig.s08", str7, keyInfoContentConsumerConfImpl2._keyInfoType);
                    }
                    if (ConfigUtil.isKeyInfoX509issuer(keyInfoContentConsumerConfImpl2._keyInfoType)) {
                        throw SoapSecurityException.format("security.wssecurity.PrivateGeneratorConfig.s08", str7, keyInfoContentConsumerConfImpl2._keyInfoType);
                    }
                }
            }
            checkIdentity(encryptionConsumerConfImpl, this._encryptionConsumers);
        }
        if (this._encryptionConsumers.size() > 1) {
            for (EncryptionConsumerConfImpl encryptionConsumerConfImpl2 : this._encryptionConsumers) {
                KeyInfoConsumerConfImpl keyInfoConsumerConfImpl4 = encryptionConsumerConfImpl2._encryptionKeyInfo;
                for (EncryptionConsumerConfImpl encryptionConsumerConfImpl3 : this._encryptionConsumers) {
                    if (!encryptionConsumerConfImpl2.equals(encryptionConsumerConfImpl3)) {
                        keyInfoConsumerConfImpl4._otherContentConsumers.addAll(encryptionConsumerConfImpl3._encryptionKeyInfo._contentConsumers);
                    }
                }
            }
        }
        for (TokenConsumerConfImpl tokenConsumerConfImpl4 : this._tokenConsumers) {
            tokenConsumerConfImpl4.validate();
            if (tokenConsumerConfImpl4._trustAnchorKeyStore != null) {
                tokenConsumerConfImpl4._trustAnchorKeyStore.validate();
            }
            if (tokenConsumerConfImpl4._usage != null && ConfigUtil.isUsage(tokenConsumerConfImpl4._usage) < 0) {
                throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s02", tokenConsumerConfImpl4._usage, tokenConsumerConfImpl4.toString());
            }
            if (this._requiredSecurityTokens.contains(tokenConsumerConfImpl4)) {
                if (tokenConsumerConfImpl4._usedForVerification) {
                    throw new SoapSecurityException("The token consumer [" + tokenConsumerConfImpl4._name + "] that refers to the required security token in DD is used for signature verification. The required security token should be used for \"stand-alone\" tokens.  Please check the configuration.");
                }
                if (tokenConsumerConfImpl4._usedForDecryption) {
                    throw new SoapSecurityException("The token consumer [" + tokenConsumerConfImpl4._name + "] that refers to the required security token in DD is used for decryption. The required security token should be used for \"stand-alone\" tokens.  Please check the configuration.");
                }
            }
        }
        if (this._timestampConsumer != null) {
            this._timestampConsumer.validate();
            String str8 = (String) this._timestampConsumer._properties.get(com.ibm.wsspi.wssecurity.Constants.WSSECURITY_TIMESTAMP_DIALECT);
            if (str8 != null && Constants.DIALECT_WAS.equals(str8) && (str = (String) this._timestampConsumer._properties.get(com.ibm.wsspi.wssecurity.Constants.WSSECURITY_TIMESTAMP_KEYWORD)) != null && ConfigUtil.isTimestampWASDialect(str) < 0) {
                throw SoapSecurityException.format("security.wssecurity.PrivateConsumerConfig.s03", str, this._timestampConsumer.toString());
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "validate(boolean)");
        }
    }

    @Override // com.ibm.ws.webservices.wssecurity.config.WSSConsumerConfig
    public String getMyActor() {
        return this._myActor;
    }

    @Override // com.ibm.ws.webservices.wssecurity.config.WSSConsumerConfig
    public boolean isUltimateReceiver() {
        return this._ultimateReceiver;
    }

    @Override // com.ibm.ws.webservices.wssecurity.config.WSSConsumerConfig
    public boolean isNonceCacheDistributed() {
        return this._nonceCacheDistributed;
    }

    @Override // com.ibm.ws.webservices.wssecurity.config.WSSConsumerConfig
    public Set getAllowedTransforms() {
        return this._allowedTransforms;
    }

    @Override // com.ibm.ws.webservices.wssecurity.config.WSSConsumerConfig
    public Set getAllowedCanonicalizationMethods() {
        return this._allowedCanonicalizationMethods;
    }

    @Override // com.ibm.ws.webservices.wssecurity.config.WSSConsumerConfig
    public Set getAllowedSignatureMethods() {
        return this._allowedSignatureMethods;
    }

    @Override // com.ibm.ws.webservices.wssecurity.config.WSSConsumerConfig
    public Set getAllowedDigestMethods() {
        return this._allowedDigestMethods;
    }

    @Override // com.ibm.ws.webservices.wssecurity.config.WSSConsumerConfig
    public Set getAllowedDataEncryptionMethods() {
        return this._allowedDataEncryptionMethods;
    }

    @Override // com.ibm.ws.webservices.wssecurity.config.WSSConsumerConfig
    public Set getAllowedKeyEncryptionMethods() {
        return this._allowedKeyEncryptionMethods;
    }

    @Override // com.ibm.ws.webservices.wssecurity.config.WSSConsumerConfig
    public WSSAlgorithmFactory getAlgorithmFactory() {
        return this._algorithmFactory;
    }

    @Override // com.ibm.ws.webservices.wssecurity.config.WSSConsumerConfig
    public boolean isVerificationRequired() {
        return this._verificationRequired;
    }

    @Override // com.ibm.ws.webservices.wssecurity.config.WSSConsumerConfig
    public boolean isDecryptionRequired() {
        return this._decryptionRequired;
    }

    @Override // com.ibm.ws.webservices.wssecurity.config.WSSConsumerConfig
    public boolean isTokenRequired() {
        return this._tokenRequired;
    }

    @Override // com.ibm.ws.webservices.wssecurity.config.WSSConsumerConfig
    public boolean isLoginRequired() {
        return this._loginRequired;
    }

    @Override // com.ibm.ws.webservices.wssecurity.config.WSSConsumerConfig
    public boolean isTimestampRequired() {
        return this._timestampRequired;
    }

    @Override // com.ibm.ws.webservices.wssecurity.config.WSSConsumerConfig
    public Set getRequiredIntegralParts() {
        return this._requiredIntegralParts;
    }

    @Override // com.ibm.ws.webservices.wssecurity.config.WSSConsumerConfig
    public Set getRequiredConfidentialParts() {
        return this._requiredConfidentialParts;
    }

    @Override // com.ibm.ws.webservices.wssecurity.config.WSSConsumerConfig
    public Set getRequiredSecurityTokens() {
        return this._requiredSecurityTokens;
    }

    @Override // com.ibm.ws.webservices.wssecurity.config.WSSConsumerConfig
    public Set getCallers() {
        return this._callers;
    }

    @Override // com.ibm.ws.webservices.wssecurity.config.WSSConsumerConfig
    public Set getSignatureConsumers() {
        return this._signatureConsumers;
    }

    @Override // com.ibm.ws.webservices.wssecurity.config.WSSConsumerConfig
    public Set getEncryptionConsumers() {
        return this._encryptionConsumers;
    }

    @Override // com.ibm.ws.webservices.wssecurity.config.WSSConsumerConfig
    public Set getTokenConsumers() {
        return this._tokenConsumers;
    }

    @Override // com.ibm.ws.webservices.wssecurity.config.WSSConsumerConfig
    public TimestampConsumerConfig getTimestampConsumer() {
        return this._timestampConsumer;
    }

    @Override // com.ibm.ws.webservices.wssecurity.config.WSSConsumerConfig
    public NonceManager getNonceManager() {
        return this._nonceManager;
    }

    @Override // com.ibm.ws.webservices.wssecurity.config.WSSConsumerConfig
    public CertCacheManager getCertManager() {
        return this._certManager;
    }

    @Override // com.ibm.ws.webservices.wssecurity.config.WSSConsumerConfig
    public int getTimestampMaxAge() {
        return this._timestampMaxAge;
    }

    @Override // com.ibm.ws.webservices.wssecurity.config.WSSConsumerConfig
    public int getTimestampClockSkew() {
        return this._timestampClockSkew;
    }

    @Override // com.ibm.ws.webservices.wssecurity.config.WSSConsumerConfig
    public boolean isUserDefinedComponentsUsed() {
        return this._userDefinedComponentsUsed;
    }

    @Override // com.ibm.ws.webservices.wssecurity.config.WSSConsumerConfig
    public Map getProperties() {
        return this._properties;
    }

    @Override // com.ibm.ws.webservices.wssecurity.config.WSSConsumerConfig
    public Object getProperty(Object obj) {
        if (this._properties != null) {
            return this._properties.get(obj);
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getLogProperties(Map map, Map map2, Map map3, String str) {
        String str2 = null;
        if (tc.isDebugEnabled()) {
            str2 = super.getLogProperties(map, map2, map3, this._properties, str, "consumer");
        }
        return str2;
    }

    public String toSring() {
        StringBuffer append = new StringBuffer(getClass().getName()).append("(");
        append.append("myActor=[").append(this._myActor).append("], ");
        append.append("ultimateReceiver=[").append(this._ultimateReceiver).append("], ");
        append.append("nonceCacheDistributed=[").append(this._nonceCacheDistributed).append("], ");
        append.append("allowedTransforms=[").append(this._allowedTransforms).append("], ");
        append.append("allowedCanonicalizations=[").append(this._allowedCanonicalizationMethods).append("], ");
        append.append("allowedSignatures=[").append(this._allowedSignatureMethods).append("], ");
        append.append("allowedDigests=[").append(this._allowedDigestMethods).append("], ");
        append.append("allowedDataEncryptions=[").append(this._allowedDataEncryptionMethods).append("], ");
        append.append("allowedKeyEncryptions=[").append(this._allowedKeyEncryptionMethods).append("], ");
        append.append("algorithmFactory=[").append(this._algorithmFactory).append("], ");
        append.append("verificationRequired=[").append(this._verificationRequired).append("], ");
        append.append("decryptionRequired=[").append(this._decryptionRequired).append("], ");
        append.append("tokenRequired=[").append(this._tokenRequired).append("], ");
        append.append("timestampRequired=[").append(this._timestampRequired).append("], ");
        append.append("requiredIntegralParts=[").append(this._requiredIntegralParts).append("], ");
        append.append("requiredConfidentialParts=[").append(this._requiredConfidentialParts).append("], ");
        append.append("callers=[").append(this._callers).append("], ");
        append.append("signatureConsumers=[").append(this._signatureConsumers).append("], ");
        append.append("encryptionConsumers=[").append(this._encryptionConsumers).append("], ");
        append.append("tokenConsumers=[").append(this._tokenConsumers).append("], ");
        append.append("timestampConsumer=[").append(this._timestampConsumer).append("], ");
        append.append("nonceManager=[").append(this._nonceManager).append("], ");
        append.append("timestampMaxAge=[").append(this._timestampMaxAge).append("], ");
        append.append("timestampClockSkew=[").append(this._timestampClockSkew).append("], ");
        append.append("userDefinedComponentsUsed=[").append(this._userDefinedComponentsUsed).append("], ");
        append.append("bypassSecurityHeader=[").append(this._bypassSecurityHeader).append("], ");
        append.append("properties=[").append(this._properties).append("]");
        append.append(")");
        return append.toString();
    }

    private boolean checkCallerRequired(Set set) {
        boolean z = false;
        Iterator it = set.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            if (((TokenConsumerConfImpl) it.next())._callerRequired) {
                z = true;
                break;
            }
        }
        return z;
    }

    private boolean checkTrustMethodRequired(Set set) {
        boolean z = false;
        Iterator it = set.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            if (((TokenConsumerConfImpl) it.next())._trustMethodRequired) {
                z = true;
                break;
            }
        }
        return z;
    }

    private void checkIdentity(SignatureConsumerConfImpl signatureConsumerConfImpl, Set set) {
        if (set.size() > 1) {
            String str = signatureConsumerConfImpl._canonicalizationMethod._algorithm;
            String str2 = signatureConsumerConfImpl._signatureMethod._algorithm;
            String str3 = signatureConsumerConfImpl._keyInfoSignature == null ? null : signatureConsumerConfImpl._keyInfoSignature._algorithm;
            List<PrivateCommonConfig.SigningReferenceConfImpl> list = signatureConsumerConfImpl._references;
            List list2 = signatureConsumerConfImpl._signingKeyInfo._contentConsumers;
            Iterator it = set.iterator();
            while (it.hasNext()) {
                SignatureConsumerConfImpl signatureConsumerConfImpl2 = (SignatureConsumerConfImpl) it.next();
                if (!signatureConsumerConfImpl2.equals(signatureConsumerConfImpl) && str.equals(signatureConsumerConfImpl2._canonicalizationMethod._algorithm) && str2.equals(signatureConsumerConfImpl2._signatureMethod._algorithm)) {
                    PrivateCommonConfig.AlgorithmConfImpl algorithmConfImpl = signatureConsumerConfImpl2._keyInfoSignature;
                    for (PrivateCommonConfig.SigningReferenceConfImpl signingReferenceConfImpl : list) {
                        List list3 = (List) signatureConsumerConfImpl._identity.get(signingReferenceConfImpl);
                        if (list3 == null) {
                            list3 = new ArrayList();
                            signatureConsumerConfImpl._identity.put(signingReferenceConfImpl, list3);
                        }
                        String str4 = signingReferenceConfImpl._digestMethod._algorithm;
                        HashSet hashSet = new HashSet();
                        Iterator it2 = signingReferenceConfImpl._transforms.iterator();
                        while (it2.hasNext()) {
                            hashSet.add(((PrivateCommonConfig.AlgorithmConfImpl) it2.next())._algorithm);
                        }
                        for (PrivateCommonConfig.SigningReferenceConfImpl signingReferenceConfImpl2 : signatureConsumerConfImpl2._references) {
                            if (str4.equals(signingReferenceConfImpl2._digestMethod._algorithm)) {
                                boolean z = true;
                                Iterator it3 = signingReferenceConfImpl2._transforms.iterator();
                                while (true) {
                                    if (it3.hasNext()) {
                                        if (!hashSet.contains(((PrivateCommonConfig.AlgorithmConfImpl) it3.next())._algorithm)) {
                                            z = false;
                                            break;
                                        }
                                    } else {
                                        break;
                                    }
                                }
                                if (z) {
                                    list3.add(new VerifiedConfig(signatureConsumerConfImpl2, signingReferenceConfImpl2));
                                }
                            }
                        }
                    }
                }
            }
        }
    }

    private void checkIdentity(EncryptionConsumerConfImpl encryptionConsumerConfImpl, Set set) {
        if (set.size() > 1) {
            String str = encryptionConsumerConfImpl._dataEncryptionMethod._algorithm;
            String str2 = encryptionConsumerConfImpl._keyEncryptionMethod == null ? null : encryptionConsumerConfImpl._keyEncryptionMethod._algorithm;
            List list = encryptionConsumerConfImpl._encryptionKeyInfo._contentConsumers;
            Iterator it = set.iterator();
            while (it.hasNext()) {
                EncryptionConsumerConfImpl encryptionConsumerConfImpl2 = (EncryptionConsumerConfImpl) it.next();
                if (!encryptionConsumerConfImpl2.equals(encryptionConsumerConfImpl) && str.equals(encryptionConsumerConfImpl2._dataEncryptionMethod._algorithm)) {
                    PrivateCommonConfig.AlgorithmConfImpl algorithmConfImpl = encryptionConsumerConfImpl2._keyEncryptionMethod;
                    if (str2 == null) {
                        if (algorithmConfImpl == null) {
                            encryptionConsumerConfImpl._identity.add(encryptionConsumerConfImpl2);
                        }
                    } else if (algorithmConfImpl != null && str2.equals(algorithmConfImpl._algorithm)) {
                        encryptionConsumerConfImpl._identity.add(encryptionConsumerConfImpl2);
                    }
                }
            }
        }
    }

    @Override // com.ibm.ws.webservices.wssecurity.config.WSSConsumerConfig
    public boolean getBypassSecurityHeaderSetting() {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "com.ibm.wsspi.wssecurity.config.disableWSSIfApplicationSecurityDisabled=" + this._bypassSecurityHeader);
        }
        return this._bypassSecurityHeader;
    }
}
