package com.sun.xml.wss.impl.misc;

import com.sun.xml.ws.api.ResourceLoader;
import com.sun.xml.ws.api.server.Container;
import com.sun.xml.ws.api.server.WSEndpoint;
import com.sun.xml.ws.security.impl.kerberos.KerberosContext;
import com.sun.xml.ws.security.impl.kerberos.KerberosLogin;
import com.sun.xml.ws.security.opt.impl.util.SOAPUtil;
import com.sun.xml.wss.AliasSelector;
import com.sun.xml.wss.NonceManager;
import com.sun.xml.wss.ProcessingContext;
import com.sun.xml.wss.RealmAuthenticationAdapter;
import com.sun.xml.wss.SecurityEnvironment;
import com.sun.xml.wss.XWSSConstants;
import com.sun.xml.wss.XWSSecurityException;
import com.sun.xml.wss.core.Timestamp;
import com.sun.xml.wss.core.reference.X509SubjectKeyIdentifier;
import com.sun.xml.wss.impl.MessageConstants;
import com.sun.xml.wss.impl.SecurityHeaderException;
import com.sun.xml.wss.impl.XWSSecurityRuntimeException;
import com.sun.xml.wss.impl.callback.CertificateValidationCallback;
import com.sun.xml.wss.impl.callback.PasswordValidationCallback;
import com.sun.xml.wss.impl.callback.RuntimeProperties;
import com.sun.xml.wss.impl.callback.SAMLAssertionValidator;
import com.sun.xml.wss.impl.callback.SAMLCallback;
import com.sun.xml.wss.impl.callback.SAMLValidator;
import com.sun.xml.wss.impl.callback.TimestampValidationCallback;
import com.sun.xml.wss.impl.callback.ValidatorExtension;
import com.sun.xml.wss.impl.configuration.DynamicApplicationContext;
import com.sun.xml.wss.impl.policy.mls.AuthenticationTokenPolicy;
import com.sun.xml.wss.impl.policy.mls.PrivateKeyBinding;
import com.sun.xml.wss.logging.LogStringsMessages;
import com.sun.xml.wss.provider.wsit.PipeConstants;
import com.sun.xml.wss.saml.Assertion;
import com.sun.xml.wss.util.XWSSUtil;
import jakarta.security.auth.message.callback.CallerPrincipalCallback;
import jakarta.security.auth.message.callback.CertStoreCallback;
import jakarta.security.auth.message.callback.PrivateKeyCallback;
import jakarta.security.auth.message.callback.SecretKeyCallback;
import jakarta.security.auth.message.callback.TrustStoreCallback;
import java.io.IOException;
import java.math.BigInteger;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLClassLoader;
import java.security.AccessController;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.PrivilegedAction;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertSelector;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Collection;
import java.util.Date;
import java.util.Enumeration;
import java.util.GregorianCalendar;
import java.util.Iterator;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.StringTokenizer;
import java.util.Timer;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.SecretKey;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.security.auth.x500.X500Principal;
import javax.security.auth.x500.X500PrivateCredential;
import javax.xml.stream.XMLStreamReader;
import org.apache.xml.security.utils.RFC2253Parser;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSName;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:com/sun/xml/wss/impl/misc/WSITProviderSecurityEnvironment.class */
public class WSITProviderSecurityEnvironment implements SecurityEnvironment {
    private Map _securityOptions;
    private CallbackHandler _handler;
    public static final String USERNAME_CBH = "username.callback.handler";
    public static final String PASSWORD_CBH = "password.callback.handler";
    static final boolean USE_DAEMON_THREAD = true;
    private String myAlias;
    private String keyPwd;
    private String peerEntityAlias;
    private String myUsername;
    private String myPassword;
    private String samlCBH;
    private String sV;
    private Class samlCbHandler;
    private CallbackHandler samlHandler;
    private Class samlValidator;
    private SAMLAssertionValidator sValidator;
    private String krbLoginModule;
    private String krbServicePrincipal;
    private boolean krbCredentialDelegation;
    private Class usernameCbHandler;
    private Class passwordCbHandler;
    private String mcs;
    private String tfl;
    private String mna;
    protected long maxClockSkewG;
    protected long timestampFreshnessLimitG;
    protected long maxNonceAge;
    private boolean isAppClient;
    private String certSelectorClassName;
    private String crlSelectorClassName;
    private Class certSelectorClass;
    private Class crlSelectorClass;
    protected String revocationEnabledAttr;
    protected boolean revocationEnabled;
    private String keystoreCertSelectorClassName;
    private String truststoreCertSelectorClassName;
    private Class keystoreCertSelectorClass;
    private Class truststoreCertSelectorClass;
    private Container container;
    private String useXWSSCallbacksStr;
    private boolean useXWSSCallbacks;
    private CertificateValidationCallback.CertificateValidator certValidator;
    private Class certificateValidator;
    private Class usernameValidator;
    private Class timestampValidator;
    private PasswordValidationCallback.PasswordValidator pwValidator;
    private TimestampValidationCallback.TimestampValidator tsValidator;
    private String jaasLoginModuleForKeystore;
    private Subject loginContextSubjectForKeystore;
    private String keyStoreCBH;
    private CallbackHandler keystoreCbHandlerClass;
    private CallbackHandler usernameHandler;
    private CallbackHandler passwordHandler;
    protected static final Logger log = Logger.getLogger("javax.enterprise.resource.xml.webservices.security", "com.sun.xml.wss.logging.LogStrings");
    private static final SimpleDateFormat calendarFormatter1 = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
    private static final SimpleDateFormat calendarFormatter2 = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'.'SSS'Z'");
    static final Timer nonceCleanupTimer = new Timer(true);
    protected final long MAX_CLOCK_SKEW = 300000;
    protected final long TIMESTAMP_FRESHNESS_LIMIT = 300000;
    NonceCache nonceCache = null;
    private X509Certificate selfCertificate = null;

    /* loaded from: input_file:com/sun/xml/wss/impl/misc/WSITProviderSecurityEnvironment$PriviledgedHandler.class */
    static class PriviledgedHandler implements CallbackHandler {
        CallbackHandler delegate;

        public PriviledgedHandler(CallbackHandler callbackHandler) {
            this.delegate = null;
            this.delegate = callbackHandler;
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(final Callback[] callbackArr) {
            AccessController.doPrivileged(new PrivilegedAction() { // from class: com.sun.xml.wss.impl.misc.WSITProviderSecurityEnvironment.PriviledgedHandler.1
                @Override // java.security.PrivilegedAction
                public Object run() {
                    try {
                        PriviledgedHandler.this.delegate.handle(callbackArr);
                        return null;
                    } catch (Exception e) {
                        throw new XWSSecurityRuntimeException(e);
                    }
                }
            });
        }
    }

    public WSITProviderSecurityEnvironment(CallbackHandler callbackHandler, Map map, Properties properties) throws XWSSecurityException {
        this.samlHandler = null;
        this.krbLoginModule = null;
        this.krbServicePrincipal = null;
        this.krbCredentialDelegation = false;
        this.maxNonceAge = 900000L;
        this.isAppClient = true;
        this.revocationEnabled = false;
        this.container = null;
        this.useXWSSCallbacks = false;
        this._handler = new PriviledgedHandler(callbackHandler);
        this._securityOptions = map;
        if (this._securityOptions != null) {
            String str = (String) this._securityOptions.get("ALIASES");
            String str2 = (String) this._securityOptions.get("PASSWORDS");
            if (str == null || str2 == null || new StringTokenizer(str, " ").countTokens() != new StringTokenizer(str2, " ").countTokens()) {
            }
            this.container = (Container) this._securityOptions.get(PipeConstants.CONTAINER);
        }
        this.myAlias = properties.getProperty(DefaultCallbackHandler.MY_ALIAS);
        this.keyPwd = properties.getProperty(DefaultCallbackHandler.KEY_PASSWORD);
        this.peerEntityAlias = properties.getProperty(DefaultCallbackHandler.PEER_ENTITY_ALIAS);
        this.krbLoginModule = properties.getProperty(DefaultCallbackHandler.KRB5_LOGIN_MODULE);
        this.krbServicePrincipal = properties.getProperty(DefaultCallbackHandler.KRB5_SERVICE_PRINCIPAL);
        this.krbCredentialDelegation = Boolean.parseBoolean(properties.getProperty(DefaultCallbackHandler.KRB5_CREDENTIAL_DELEGATION));
        String property = properties.getProperty("username.callback.handler");
        String property2 = properties.getProperty("password.callback.handler");
        this.myUsername = properties.getProperty(DefaultCallbackHandler.MY_USERNAME);
        this.myPassword = properties.getProperty(DefaultCallbackHandler.MY_PASSWORD);
        this.samlCBH = properties.getProperty(DefaultCallbackHandler.SAML_CBH);
        if (this.samlCBH != null) {
            this.samlCbHandler = loadClass(this.samlCBH);
        }
        if (this.samlCbHandler != null) {
            try {
                this.samlHandler = (CallbackHandler) this.samlCbHandler.getConstructor(new Class[0]).newInstance(new Object[0]);
            } catch (ReflectiveOperationException e) {
                log.log(Level.SEVERE, LogStringsMessages.WSS_0715_EXCEPTION_CREATING_NEWINSTANCE(), (Throwable) e);
                throw new XWSSecurityException(e);
            }
        }
        this.sV = properties.getProperty(DefaultCallbackHandler.SAML_VALIDATOR);
        if (this.sV != null) {
            this.samlValidator = loadClass(this.sV);
        }
        if (this.samlValidator != null) {
            try {
                this.sValidator = (SAMLAssertionValidator) this.samlValidator.getConstructor(new Class[0]).newInstance(new Object[0]);
            } catch (ReflectiveOperationException e2) {
                log.log(Level.SEVERE, LogStringsMessages.WSS_0715_EXCEPTION_CREATING_NEWINSTANCE(), (Throwable) e2);
                throw new XWSSecurityException(e2);
            }
        }
        this.mcs = properties.getProperty(DefaultCallbackHandler.MAX_CLOCK_SKEW_PROPERTY);
        this.tfl = properties.getProperty(DefaultCallbackHandler.TIMESTAMP_FRESHNESS_LIMIT_PROPERTY);
        this.mna = properties.getProperty(DefaultCallbackHandler.MAX_NONCE_AGE_PROPERTY);
        this.revocationEnabledAttr = properties.getProperty(DefaultCallbackHandler.REVOCATION_ENABLED);
        if (this.revocationEnabledAttr != null) {
            this.revocationEnabled = Boolean.parseBoolean(this.revocationEnabledAttr);
        }
        this.maxClockSkewG = SecurityUtil.toLong(this.mcs);
        this.timestampFreshnessLimitG = SecurityUtil.toLong(this.tfl);
        if (this.mna != null) {
            this.maxNonceAge = SecurityUtil.toLong(this.mna);
        }
        this.useXWSSCallbacksStr = properties.getProperty(DefaultCallbackHandler.USE_XWSS_CALLBACKS);
        if (this.useXWSSCallbacksStr != null) {
            this.useXWSSCallbacks = Boolean.parseBoolean(this.useXWSSCallbacksStr);
        }
        this.certificateValidator = loadClass(properties.getProperty(DefaultCallbackHandler.CERTIFICATE_VALIDATOR));
        String property3 = properties.getProperty(DefaultCallbackHandler.USERNAME_VALIDATOR);
        String property4 = properties.getProperty(DefaultCallbackHandler.TIMESTAMP_VALIDATOR);
        this.usernameValidator = loadClass(property3);
        this.timestampValidator = loadClass(property4);
        this.usernameCbHandler = loadClass(property);
        this.passwordCbHandler = loadClass(property2);
        try {
            if (this.certificateValidator != null) {
                this.certValidator = (CertificateValidationCallback.CertificateValidator) this.certificateValidator.getConstructor(new Class[0]).newInstance(new Object[0]);
            }
            if (this.usernameValidator != null) {
                this.pwValidator = (PasswordValidationCallback.PasswordValidator) this.usernameValidator.getConstructor(new Class[0]).newInstance(new Object[0]);
            }
            if (this.timestampValidator != null) {
                this.tsValidator = (TimestampValidationCallback.TimestampValidator) this.timestampValidator.getConstructor(new Class[0]).newInstance(new Object[0]);
            }
            try {
                this._handler.handle(new Callback[]{new NameCallback("Username: ")});
            } catch (Exception e3) {
                this.isAppClient = false;
            }
            this.certSelectorClassName = properties.getProperty(DefaultCallbackHandler.CERTSTORE_CERTSELECTOR);
            this.crlSelectorClassName = properties.getProperty(DefaultCallbackHandler.CERTSTORE_CRLSELECTOR);
            this.certSelectorClass = loadClass(this.certSelectorClassName);
            this.crlSelectorClass = loadClass(this.crlSelectorClassName);
            this.keystoreCertSelectorClassName = properties.getProperty(DefaultCallbackHandler.KEYSTORE_CERTSELECTOR);
            this.truststoreCertSelectorClassName = properties.getProperty(DefaultCallbackHandler.TRUSTSTORE_CERTSELECTOR);
            this.keystoreCertSelectorClass = loadClass(this.keystoreCertSelectorClassName);
            this.truststoreCertSelectorClass = loadClass(this.truststoreCertSelectorClassName);
            this.jaasLoginModuleForKeystore = properties.getProperty(DefaultCallbackHandler.JAAS_KEYSTORE_LOGIN_MODULE);
            this.keyStoreCBH = properties.getProperty(DefaultCallbackHandler.KEYSTORE_CBH);
            this.loginContextSubjectForKeystore = initJAASKeyStoreLoginModule();
        } catch (Exception e4) {
            log.log(Level.SEVERE, com.sun.xml.wss.logging.impl.misc.LogStringsMessages.WSS_1523_ERROR_GETTING_NEW_INSTANCE_CALLBACK_HANDLER(), (Throwable) e4);
            throw new XWSSecurityException(e4);
        }
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public PrivateKey getPrivateKey(Map map, String str) throws XWSSecurityException {
        if (str == null && map != null) {
            Object obj = map.get(XWSSConstants.PRIVATEKEY_PROPERTY);
            if (obj instanceof PrivateKey) {
                return (PrivateKey) obj;
            }
        }
        try {
            Callback privateKeyCallback = new PrivateKeyCallback(new PrivateKeyCallback.AliasRequest(str));
            this._handler.handle(this.useXWSSCallbacks ? new Callback[]{new RuntimeProperties(map), privateKeyCallback} : new Callback[]{privateKeyCallback});
            PrivateKey key = privateKeyCallback.getKey();
            if (key != null) {
                return key;
            }
            log.log(Level.SEVERE, LogStringsMessages.WSS_0222_CANNOT_LOCATE_PRIVKEY(str), new Object[]{str});
            throw new XWSSecurityException("Unable to locate private key for the alias: " + str);
        } catch (Exception e) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0216_CALLBACKHANDLER_HANDLE_EXCEPTION("PrivateKeyCallback.AliasRequest"), new Object[]{"PrivateKeyCallback.AliasRequest"});
            log.log(Level.SEVERE, LogStringsMessages.WSS_0217_CALLBACKHANDLER_HANDLE_EXCEPTION_LOG(), (Throwable) e);
            throw new XWSSecurityException(e);
        }
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public PrivateKey getPrivateKey(Map map, byte[] bArr) throws XWSSecurityException {
        Set<X500PrivateCredential> privateCredentials;
        if (map != null) {
            Object obj = map.get(XWSSConstants.PRIVATEKEY_PROPERTY);
            if (obj instanceof PrivateKey) {
                PrivateKey privateKey = (PrivateKey) obj;
                if (XWSSUtil.matchesProgrammaticInfo(map.get(XWSSConstants.CERTIFICATE_PROPERTY), bArr, "Identifier") != null) {
                    return privateKey;
                }
            }
        }
        try {
            Subject subject = getSubject(map);
            if (subject != null && (privateCredentials = subject.getPrivateCredentials(X500PrivateCredential.class)) != null) {
                for (X500PrivateCredential x500PrivateCredential : privateCredentials) {
                    if (matchesKeyIdentifier(java.util.Base64.getMimeDecoder().decode(bArr), x500PrivateCredential.getCertificate())) {
                        return x500PrivateCredential.getPrivateKey();
                    }
                }
            }
            Callback privateKeyCallback = new PrivateKeyCallback(new PrivateKeyCallback.SubjectKeyIDRequest(bArr));
            this._handler.handle(this.useXWSSCallbacks ? new Callback[]{new RuntimeProperties(map), privateKeyCallback} : new Callback[]{privateKeyCallback});
            return privateKeyCallback.getKey();
        } catch (Exception e) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0216_CALLBACKHANDLER_HANDLE_EXCEPTION("PrivateKeyCallback.SubjectKeyIDRequest"), new Object[]{"PrivateKeyCallback.SubjectKeyIDRequest"});
            log.log(Level.SEVERE, LogStringsMessages.WSS_0217_CALLBACKHANDLER_HANDLE_EXCEPTION_LOG(), (Throwable) e);
            throw new XWSSecurityException(e);
        }
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public PrivateKey getPrivateKey(Map map, X509Certificate x509Certificate) throws XWSSecurityException {
        Set<X500PrivateCredential> privateCredentials;
        if (map != null) {
            try {
                Object obj = map.get(XWSSConstants.CERTIFICATE_PROPERTY);
                if (x509Certificate != null && x509Certificate.equals(obj)) {
                    Object obj2 = map.get(XWSSConstants.PRIVATEKEY_PROPERTY);
                    if (obj2 instanceof PrivateKey) {
                        return (PrivateKey) obj2;
                    }
                }
            } catch (Exception e) {
                log.log(Level.SEVERE, LogStringsMessages.WSS_0216_CALLBACKHANDLER_HANDLE_EXCEPTION("PrivateKeyCallback.IssuerSerialNumRequest"), new Object[]{"PrivateKeyCallback.IssuerSerialNumRequest"});
                log.log(Level.SEVERE, LogStringsMessages.WSS_0217_CALLBACKHANDLER_HANDLE_EXCEPTION_LOG(), (Throwable) e);
                throw new XWSSecurityException(e);
            }
        }
        Subject subject = getSubject(map);
        if (subject != null && (privateCredentials = subject.getPrivateCredentials(X500PrivateCredential.class)) != null) {
            String normalize = RFC2253Parser.normalize(x509Certificate.getIssuerX500Principal().getName());
            for (X500PrivateCredential x500PrivateCredential : privateCredentials) {
                X509Certificate certificate = x500PrivateCredential.getCertificate();
                BigInteger serialNumber = certificate.getSerialNumber();
                X500Principal issuerX500Principal = certificate.getIssuerX500Principal();
                X500Principal x500Principal = new X500Principal(normalize);
                if (serialNumber.equals(x509Certificate.getSerialNumber()) && issuerX500Principal.equals(x500Principal)) {
                    return x500PrivateCredential.getPrivateKey();
                }
            }
        }
        Callback privateKeyCallback = new PrivateKeyCallback(new PrivateKeyCallback.IssuerSerialNumRequest(x509Certificate.getIssuerX500Principal(), x509Certificate.getSerialNumber()));
        this._handler.handle(this.useXWSSCallbacks ? new Callback[]{new RuntimeProperties(map), privateKeyCallback} : new Callback[]{privateKeyCallback});
        return privateKeyCallback.getKey();
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public PrivateKey getPrivateKey(Map map, BigInteger bigInteger, String str) throws XWSSecurityException {
        PrivateKey programmaticPrivateKey;
        Set<X500PrivateCredential> privateCredentials;
        if (map != null) {
            try {
                if (XWSSUtil.matchesProgrammaticInfo(map.get(XWSSConstants.CERTIFICATE_PROPERTY), bigInteger, str) != null && (programmaticPrivateKey = XWSSUtil.getProgrammaticPrivateKey(map)) != null) {
                    return programmaticPrivateKey;
                }
            } catch (Exception e) {
                log.log(Level.SEVERE, LogStringsMessages.WSS_0216_CALLBACKHANDLER_HANDLE_EXCEPTION("PrivateKeyCallback.IssuerSerialNumRequest"), new Object[]{"PrivateKeyCallback.IssuerSerialNumRequest"});
                log.log(Level.SEVERE, LogStringsMessages.WSS_0217_CALLBACKHANDLER_HANDLE_EXCEPTION_LOG(), (Throwable) e);
                throw new XWSSecurityException(e);
            }
        }
        Subject subject = getSubject(map);
        if (subject != null && (privateCredentials = subject.getPrivateCredentials(X500PrivateCredential.class)) != null) {
            for (X500PrivateCredential x500PrivateCredential : privateCredentials) {
                X509Certificate certificate = x500PrivateCredential.getCertificate();
                BigInteger serialNumber = certificate.getSerialNumber();
                X500Principal issuerX500Principal = certificate.getIssuerX500Principal();
                X500Principal x500Principal = new X500Principal(str);
                if (serialNumber.equals(bigInteger) && issuerX500Principal.equals(x500Principal)) {
                    return x500PrivateCredential.getPrivateKey();
                }
            }
        }
        Callback privateKeyCallback = new PrivateKeyCallback(new PrivateKeyCallback.IssuerSerialNumRequest(new X500Principal(str), bigInteger));
        this._handler.handle(this.useXWSSCallbacks ? new Callback[]{new RuntimeProperties(map), privateKeyCallback} : new Callback[]{privateKeyCallback});
        return privateKeyCallback.getKey();
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public X509Certificate getDefaultCertificate(Map map) throws XWSSecurityException {
        Set publicCredentials;
        if (map != null) {
            Object obj = map.get(XWSSConstants.CERTIFICATE_PROPERTY);
            if (obj instanceof X509Certificate) {
                return (X509Certificate) obj;
            }
        }
        Subject subject = getSubject(map);
        if (subject != null && (publicCredentials = subject.getPublicCredentials(X509Certificate.class)) != null && publicCredentials.size() == 1) {
            return (X509Certificate) publicCredentials.toArray()[0];
        }
        if (this.myAlias != null || this.keystoreCertSelectorClass != null) {
            return getCertificate(map, this.myAlias, true);
        }
        Callback privateKeyCallback = new PrivateKeyCallback((PrivateKeyCallback.Request) null);
        try {
            this._handler.handle(this.useXWSSCallbacks ? new Callback[]{new RuntimeProperties(map), privateKeyCallback} : new Callback[]{privateKeyCallback});
            Certificate[] chain = privateKeyCallback.getChain();
            if (chain != null) {
                return (X509Certificate) chain[0];
            }
            log.log(Level.SEVERE, LogStringsMessages.WSS_0296_NULL_CHAIN_CERT());
            throw new XWSSecurityException("Empty certificate chain returned by PrivateKeyCallback");
        } catch (Exception e) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0216_CALLBACKHANDLER_HANDLE_EXCEPTION("PrivateKeyCallback with null argument"), new Object[]{"PrivateKeyCallback with null argument"});
            log.log(Level.SEVERE, LogStringsMessages.WSS_0217_CALLBACKHANDLER_HANDLE_EXCEPTION_LOG(), (Throwable) e);
            throw new XWSSecurityException(e);
        }
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public boolean authenticateUser(Map map, String str, String str2) throws XWSSecurityException {
        if (this.pwValidator != null) {
            PasswordValidationCallback passwordValidationCallback = new PasswordValidationCallback(new PasswordValidationCallback.PlainTextPasswordRequest(str, str2));
            ProcessingContext.copy(passwordValidationCallback.getRuntimeProperties(), map);
            passwordValidationCallback.setValidator(this.pwValidator);
            return passwordValidationCallback.getResult();
        }
        char[] charArray = str2 == null ? null : str2.toCharArray();
        Callback passwordValidationCallback2 = new jakarta.security.auth.message.callback.PasswordValidationCallback(getRequesterSubject(map), str, charArray);
        try {
            this._handler.handle(this.useXWSSCallbacks ? new Callback[]{new RuntimeProperties(map), passwordValidationCallback2} : new Callback[]{passwordValidationCallback2});
            if (charArray != null) {
                passwordValidationCallback2.clearPassword();
            }
            if (log.isLoggable(Level.FINE)) {
                log.log(Level.FINE, "Username Authentication done for " + str);
            }
            return passwordValidationCallback2.getResult();
        } catch (Exception e) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0216_CALLBACKHANDLER_HANDLE_EXCEPTION("Authenticating User against list of Known username-password pairs"), new Object[]{"Authenticating User against list of Known username-password pairs"});
            throw new XWSSecurityException(e);
        }
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public String authenticateUser(Map map, String str) {
        String str2 = null;
        if (this.pwValidator != null) {
            PasswordValidationCallback.DerivedKeyPasswordRequest derivedKeyPasswordRequest = new PasswordValidationCallback.DerivedKeyPasswordRequest(str);
            PasswordValidationCallback passwordValidationCallback = new PasswordValidationCallback(derivedKeyPasswordRequest);
            ProcessingContext.copy(passwordValidationCallback.getRuntimeProperties(), map);
            if (this.pwValidator != null && (this.pwValidator instanceof PasswordValidationCallback.DerivedKeyPasswordValidator)) {
                ((PasswordValidationCallback.DerivedKeyPasswordValidator) this.pwValidator).setPassword(derivedKeyPasswordRequest);
                passwordValidationCallback.setValidator(this.pwValidator);
            }
            passwordValidationCallback.getResult();
            str2 = derivedKeyPasswordRequest.getPassword();
        }
        return str2;
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public boolean authenticateUser(Map map, String str, String str2, String str3, String str4) throws XWSSecurityException {
        if (this.pwValidator != null) {
            PasswordValidationCallback.DigestPasswordRequest digestPasswordRequest = new PasswordValidationCallback.DigestPasswordRequest(str, str2, str3, str4);
            PasswordValidationCallback passwordValidationCallback = new PasswordValidationCallback(digestPasswordRequest);
            ProcessingContext.copy(passwordValidationCallback.getRuntimeProperties(), map);
            if (this.pwValidator != null && (this.pwValidator instanceof PasswordValidationCallback.WsitDigestPasswordValidator)) {
                ((PasswordValidationCallback.WsitDigestPasswordValidator) this.pwValidator).setPassword(digestPasswordRequest);
                passwordValidationCallback.setValidator(this.pwValidator);
            }
            return passwordValidationCallback.getResult();
        }
        if (this.useXWSSCallbacks) {
            PasswordValidationCallback passwordValidationCallback2 = new PasswordValidationCallback(new PasswordValidationCallback.DigestPasswordRequest(str, str2, str3, str4));
            ProcessingContext.copy(passwordValidationCallback2.getRuntimeProperties(), map);
            try {
                this._handler.handle(new Callback[]{passwordValidationCallback2});
                if (passwordValidationCallback2.getValidator() != null) {
                    boolean result = passwordValidationCallback2.getResult();
                    if (result) {
                        try {
                            this._handler.handle(new Callback[]{new CallerPrincipalCallback(getSubject(map), str)});
                        } catch (Exception e) {
                            log.log(Level.SEVERE, LogStringsMessages.WSS_0216_CALLBACKHANDLER_HANDLE_EXCEPTION("CallerPrincipalCallback"), new Object[]{"CallerPrincipalCallback"});
                            throw new XWSSecurityRuntimeException(e);
                        }
                    }
                    return result;
                }
            } catch (UnsupportedCallbackException e2) {
                if (log.isLoggable(Level.FINE)) {
                    log.log(Level.FINE, "The Supplied JMAC CallbackHandler does not support com.sun.xml.wss.impl.callback.PasswordValidationCallback.DigestPasswordRequest");
                }
            } catch (Exception e3) {
                log.log(Level.SEVERE, LogStringsMessages.WSS_0225_FAILED_PASSWORD_VALIDATION_CALLBACK(), (Throwable) e3);
                throw new XWSSecurityException(e3);
            }
        }
        try {
            RealmAuthenticationAdapter newInstance = RealmAuthenticationAdapter.newInstance(null);
            if (newInstance == null) {
                log.log(Level.SEVERE, LogStringsMessages.WSS_0295_PASSWORD_VAL_NOT_CONFIG_USERNAME_VAL());
                throw new XWSSecurityException("Error: No PasswordValidator Configured for UsernameToken Validation");
            }
            boolean authenticate = newInstance.authenticate(getSubject(map), str, str2, str3, str4, map);
            if (log.isLoggable(Level.FINE)) {
                log.log(Level.FINE, "Username Authentication done for " + str);
            }
            return authenticate;
        } catch (Exception e4) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0225_FAILED_PASSWORD_VALIDATION_CALLBACK(), (Throwable) e4);
            throw new XWSSecurityException(e4);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v49, types: [java.util.List] */
    @Override // com.sun.xml.wss.SecurityEnvironment
    public boolean validateCertificate(X509Certificate x509Certificate, Map map) throws XWSSecurityException {
        if (this.certValidator != null) {
            CertificateValidationCallback certificateValidationCallback = new CertificateValidationCallback(x509Certificate, map);
            certificateValidationCallback.setValidator(this.certValidator);
            certificateValidationCallback.setRevocationEnabled(this.revocationEnabled);
            return certificateValidationCallback.getResult();
        }
        if (this.useXWSSCallbacks) {
            CertificateValidationCallback certificateValidationCallback2 = new CertificateValidationCallback(x509Certificate, map);
            certificateValidationCallback2.setRevocationEnabled(this.revocationEnabled);
            try {
                this._handler.handle(new Callback[]{certificateValidationCallback2});
                if (log.isLoggable(Level.FINE)) {
                    log.log(Level.FINE, "Certificate Validation called on certificate " + String.valueOf(x509Certificate.getSubjectX500Principal()));
                }
                return certificateValidationCallback2.getResult();
            } catch (Exception e) {
                log.log(Level.SEVERE, LogStringsMessages.WSS_0223_FAILED_CERTIFICATE_VALIDATION());
                throw SOAPUtil.newSOAPFaultException(MessageConstants.WSSE_INVALID_SECURITY_TOKEN, "Certificate validation failed", e, true);
            }
        }
        try {
            x509Certificate.checkValidity();
            if (x509Certificate.getIssuerX500Principal().equals(x509Certificate.getSubjectX500Principal())) {
                if (isTrustedSelfSigned(x509Certificate)) {
                    return true;
                }
                log.log(Level.SEVERE, com.sun.xml.wss.logging.impl.misc.LogStringsMessages.WSS_1533_X_509_SELF_SIGNED_CERTIFICATE_NOT_VALID());
                throw new XWSSecurityException("Validation of self signed certificate failed");
            }
            X509CertSelector x509CertSelector = new X509CertSelector();
            x509CertSelector.setCertificate(x509Certificate);
            ArrayList arrayList = new ArrayList();
            boolean z = false;
            X500Principal x500Principal = null;
            int i = 0;
            boolean z2 = false;
            Callback[] callbackArr = null;
            CertStoreCallback certStoreCallback = null;
            TrustStoreCallback trustStoreCallback = null;
            try {
                if (0 == 0 && 0 == 0) {
                    certStoreCallback = new CertStoreCallback();
                    trustStoreCallback = new TrustStoreCallback();
                    callbackArr = new Callback[]{certStoreCallback, trustStoreCallback};
                } else if (0 == 0) {
                    certStoreCallback = new CertStoreCallback();
                    callbackArr = new Callback[]{certStoreCallback};
                } else if (0 == 0) {
                    trustStoreCallback = new TrustStoreCallback();
                    callbackArr = new Callback[]{trustStoreCallback};
                }
                try {
                    this._handler.handle(callbackArr);
                    Certificate[] certificateArr = null;
                    String certificateAlias = trustStoreCallback.getTrustStore().getCertificateAlias(x509Certificate);
                    if (certificateAlias != null) {
                        certificateArr = trustStoreCallback.getTrustStore().getCertificateChain(certificateAlias);
                    }
                    if (certificateArr == null) {
                        arrayList.add(x509Certificate);
                        x500Principal = x509Certificate.getIssuerX500Principal();
                        i = trustStoreCallback.getTrustStore().size();
                    } else {
                        arrayList = Arrays.asList(certificateArr);
                    }
                    while (!z) {
                        int i2 = i;
                        i--;
                        if (i2 != 0 && certificateArr == null) {
                            Enumeration<String> aliases = trustStoreCallback.getTrustStore().aliases();
                            while (true) {
                                if (!aliases.hasMoreElements()) {
                                    break;
                                }
                                Certificate certificate = trustStoreCallback.getTrustStore().getCertificate(aliases.nextElement());
                                if (certificate != null && "X.509".equals(certificate.getType()) && !arrayList.contains(certificate)) {
                                    X509Certificate x509Certificate2 = (X509Certificate) certificate;
                                    if (x500Principal.equals(x509Certificate2.getSubjectX500Principal())) {
                                        arrayList.add(certificate);
                                        if (x509Certificate2.getSubjectX500Principal().equals(x509Certificate2.getIssuerX500Principal())) {
                                            z = true;
                                            break;
                                        }
                                        x500Principal = x509Certificate2.getIssuerX500Principal();
                                        if (!z2) {
                                            z2 = true;
                                        }
                                    }
                                }
                            }
                            if (!z) {
                                if (!z2) {
                                    break;
                                }
                                z2 = false;
                            }
                        }
                    }
                    try {
                        CertPath generateCertPath = CertificateFactory.getInstance("X.509").generateCertPath(arrayList);
                        CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX");
                        PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(trustStoreCallback.getTrustStore(), x509CertSelector);
                        pKIXBuilderParameters.setRevocationEnabled(this.revocationEnabled);
                        pKIXBuilderParameters.addCertStore(certStoreCallback.getCertStore());
                        try {
                            certPathValidator.validate(generateCertPath, pKIXBuilderParameters);
                            if (!log.isLoggable(Level.FINE)) {
                                return true;
                            }
                            log.log(Level.FINE, "Certificate Validation called on certificate " + String.valueOf(x509Certificate.getSubjectX500Principal()));
                            return true;
                        } catch (Exception e2) {
                            log.log(Level.SEVERE, LogStringsMessages.WSS_0223_FAILED_CERTIFICATE_VALIDATION(), (Throwable) e2);
                            throw SOAPUtil.newSOAPFaultException(MessageConstants.WSSE_INVALID_SECURITY_TOKEN, e2.getMessage(), e2);
                        }
                    } catch (Exception e3) {
                        log.log(Level.SEVERE, com.sun.xml.wss.logging.impl.misc.LogStringsMessages.WSS_1518_FAILEDTO_VALIDATE_CERTIFICATE(), (Throwable) e3);
                        throw new CertificateValidationCallback.CertificateValidationException(e3.getMessage(), e3);
                    }
                } catch (Exception e4) {
                    log.log(Level.SEVERE, LogStringsMessages.WSS_0216_CALLBACKHANDLER_HANDLE_EXCEPTION("Validate an X509Certificate"), new Object[]{"Validate an X509Certificate"});
                    throw new XWSSecurityException(e4);
                }
            } catch (Exception e5) {
                log.log(Level.SEVERE, LogStringsMessages.WSS_0223_FAILED_CERTIFICATE_VALIDATION(), (Throwable) e5);
                throw SOAPUtil.newSOAPFaultException(MessageConstants.WSSE_INVALID_SECURITY_TOKEN, e5.getMessage(), e5);
            }
        } catch (CertificateExpiredException e6) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0298_X_509_EXPIRED(), (Throwable) e6);
            throw SOAPUtil.newSOAPFaultException(MessageConstants.WSSE_INVALID_SECURITY_TOKEN, "X509Certificate Expired", e6, true);
        } catch (CertificateNotYetValidException e7) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0299_X_509_NOT_VALID(), (Throwable) e7);
            throw SOAPUtil.newSOAPFaultException(MessageConstants.WSSE_INVALID_SECURITY_TOKEN, "X509Certificate not yet valid", e7, true);
        }
    }

    private Subject initJAASKeyStoreLoginModule() {
        LoginContext loginContext;
        if (this.jaasLoginModuleForKeystore == null) {
            return null;
        }
        try {
            if (this.keyStoreCBH != null) {
                this.keystoreCbHandlerClass = (CallbackHandler) loadClass(this.keyStoreCBH).getConstructor(new Class[0]).newInstance(new Object[0]);
                loginContext = new LoginContext(this.jaasLoginModuleForKeystore, this.keystoreCbHandlerClass);
            } else {
                loginContext = new LoginContext(this.jaasLoginModuleForKeystore);
            }
            loginContext.login();
            return loginContext.getSubject();
        } catch (XWSSecurityException | ReflectiveOperationException | LoginException e) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0817_KEYSTORE_LOGIN_MODULE_LOGIN_ERROR(), e);
            throw new XWSSecurityRuntimeException(e);
        }
    }

    private boolean isTrustedSelfSigned(X509Certificate x509Certificate) {
        Callback[] callbackArr = null;
        TrustStoreCallback trustStoreCallback = null;
        try {
            if (0 == 0 && 0 == 0) {
                CertStoreCallback certStoreCallback = new CertStoreCallback();
                trustStoreCallback = new TrustStoreCallback();
                callbackArr = new Callback[]{certStoreCallback, trustStoreCallback};
            } else if (0 == 0) {
                callbackArr = new Callback[]{new CertStoreCallback()};
            } else if (0 == 0) {
                trustStoreCallback = new TrustStoreCallback();
                callbackArr = new Callback[]{trustStoreCallback};
            }
            try {
                this._handler.handle(callbackArr);
                if (trustStoreCallback.getTrustStore() == null) {
                    return false;
                }
                Enumeration<String> aliases = trustStoreCallback.getTrustStore().aliases();
                while (aliases.hasMoreElements()) {
                    Certificate certificate = trustStoreCallback.getTrustStore().getCertificate(aliases.nextElement());
                    if (certificate != null && "X.509".equals(certificate.getType())) {
                        X509Certificate x509Certificate2 = (X509Certificate) certificate;
                        if (x509Certificate2 != null && x509Certificate2.equals(x509Certificate)) {
                            return true;
                        }
                    }
                }
                return false;
            } catch (Exception e) {
                log.log(Level.SEVERE, LogStringsMessages.WSS_0216_CALLBACKHANDLER_HANDLE_EXCEPTION("Validate an X509Certificate"), new Object[]{"Validate an X509Certificate"});
                throw new XWSSecurityException(e);
            }
        } catch (Exception e2) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0223_FAILED_CERTIFICATE_VALIDATION(), (Throwable) e2);
            throw SOAPUtil.newSOAPFaultException(MessageConstants.WSSE_INVALID_SECURITY_TOKEN, e2.getMessage(), e2);
        }
    }

    public X509Certificate getMatchingCertificate(Map map, byte[] bArr) throws XWSSecurityException {
        X509Certificate matchingCertificate;
        Set privateCredentials;
        Subject subject = getSubject(map);
        if (subject != null && (privateCredentials = subject.getPrivateCredentials(X500PrivateCredential.class)) != null) {
            Iterator it = privateCredentials.iterator();
            while (it.hasNext()) {
                X509Certificate certificate = ((X500PrivateCredential) it.next()).getCertificate();
                if (matchesKeyIdentifier(bArr, certificate)) {
                    return certificate;
                }
            }
        }
        Callback privateKeyCallback = new PrivateKeyCallback(new PrivateKeyCallback.SubjectKeyIDRequest(bArr));
        Callback certStoreCallback = new CertStoreCallback();
        Callback trustStoreCallback = new TrustStoreCallback();
        try {
            this._handler.handle(this.useXWSSCallbacks ? new Callback[]{new RuntimeProperties(map), privateKeyCallback, trustStoreCallback, certStoreCallback} : new Callback[]{privateKeyCallback, trustStoreCallback, certStoreCallback});
            Certificate[] chain = privateKeyCallback.getChain();
            if (chain != null) {
                if (chain.length == 1) {
                    return (X509Certificate) chain[0];
                }
                for (Certificate certificate2 : chain) {
                    X509Certificate x509Certificate = (X509Certificate) certificate2;
                    if (matchesKeyIdentifier(bArr, x509Certificate)) {
                        return x509Certificate;
                    }
                }
            }
            CertStore certStore = certStoreCallback.getCertStore();
            if (certStore != null) {
                try {
                    Collection<? extends Certificate> certificates = certStore.getCertificates(0 == 0 ? new KeyIdentifierCertSelector(bArr) : null);
                    if (!certificates.isEmpty()) {
                        return (X509Certificate) certificates.iterator().next();
                    }
                } catch (CertStoreException e) {
                    log.log(Level.SEVERE, LogStringsMessages.WSS_0713_ERROR_IN_CERTSTORE_LOOKUP(), (Throwable) e);
                    throw new XWSSecurityException(e);
                }
            }
            KeyStore trustStore = trustStoreCallback.getTrustStore();
            if (trustStore != null && (matchingCertificate = getMatchingCertificate(bArr, trustStore)) != null) {
                return matchingCertificate;
            }
            log.log(Level.SEVERE, LogStringsMessages.WSS_0706_NO_MATCHING_CERT(bArr), new Object[]{bArr});
            throw new XWSSecurityException("No Matching Certificate for :" + new String(bArr) + " found in KeyStore or TrustStore");
        } catch (Exception e2) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0216_CALLBACKHANDLER_HANDLE_EXCEPTION("PrivateKeyCallback.SubjectKeyIDRequest"), new Object[]{"PrivateKeyCallback.SubjectKeyIDRequest"});
            throw new XWSSecurityException(e2);
        }
    }

    public X509Certificate getMatchingCertificate(Map map, BigInteger bigInteger, String str) throws XWSSecurityException {
        Set privateCredentials;
        Subject subject = getSubject(map);
        if (subject != null && (privateCredentials = subject.getPrivateCredentials(X500PrivateCredential.class)) != null) {
            Iterator it = privateCredentials.iterator();
            while (it.hasNext()) {
                X509Certificate certificate = ((X500PrivateCredential) it.next()).getCertificate();
                BigInteger serialNumber = certificate.getSerialNumber();
                X500Principal issuerX500Principal = certificate.getIssuerX500Principal();
                X500Principal x500Principal = new X500Principal(str);
                if (serialNumber.equals(bigInteger) && issuerX500Principal.equals(x500Principal)) {
                    return certificate;
                }
            }
        }
        Callback privateKeyCallback = new PrivateKeyCallback(new PrivateKeyCallback.IssuerSerialNumRequest(new X500Principal(str), bigInteger));
        Callback trustStoreCallback = new TrustStoreCallback();
        Callback certStoreCallback = new CertStoreCallback();
        try {
            this._handler.handle(this.useXWSSCallbacks ? new Callback[]{new RuntimeProperties(map), privateKeyCallback, trustStoreCallback, certStoreCallback} : new Callback[]{privateKeyCallback, trustStoreCallback, certStoreCallback});
            Certificate[] chain = privateKeyCallback.getChain();
            if (chain != null) {
                if (chain.length == 1) {
                    return (X509Certificate) chain[0];
                }
                for (Certificate certificate2 : chain) {
                    X509Certificate x509Certificate = (X509Certificate) certificate2;
                    if (matchesIssuerSerialAndName(bigInteger, str, x509Certificate)) {
                        return x509Certificate;
                    }
                }
            } else if (log.isLoggable(Level.FINE)) {
                log.log(Level.FINE, LogStringsMessages.WSS_0296_NULL_CHAIN_CERT());
            }
            CertStore certStore = certStoreCallback.getCertStore();
            if (certStore != null) {
                try {
                    Collection<? extends Certificate> certificates = certStore.getCertificates(0 == 0 ? new IssuerNameAndSerialCertSelector(bigInteger, str) : null);
                    if (!certificates.isEmpty()) {
                        return (X509Certificate) certificates.iterator().next();
                    }
                } catch (CertStoreException e) {
                    log.log(Level.SEVERE, LogStringsMessages.WSS_0713_ERROR_IN_CERTSTORE_LOOKUP(), (Throwable) e);
                    throw new XWSSecurityException(e);
                }
            }
            KeyStore trustStore = trustStoreCallback.getTrustStore();
            if (trustStore != null) {
                X509Certificate matchingCertificate = getMatchingCertificate(bigInteger, str, trustStore);
                if (matchingCertificate != null) {
                    return matchingCertificate;
                }
            } else {
                log.log(Level.SEVERE, LogStringsMessages.WSS_0707_NULL_TRUSTSTORE());
            }
            log.log(Level.SEVERE, LogStringsMessages.WSS_0706_NO_MATCHING_CERT(str + " : " + String.valueOf(bigInteger)), new Object[]{str + " : " + String.valueOf(bigInteger)});
            throw new XWSSecurityException("No Matching Certificate for :" + str + " : " + String.valueOf(bigInteger) + " found in KeyStore or TrustStore");
        } catch (Exception e2) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0216_CALLBACKHANDLER_HANDLE_EXCEPTION("PrivateKeyCallback.IssuerSerialNumRequest"), new Object[]{"PrivateKeyCallback.IssuerSerialNumRequest"});
            throw new XWSSecurityException(e2);
        }
    }

    public X509Certificate getMatchingCertificate(Map map, byte[] bArr, String str) throws XWSSecurityException {
        X509Certificate matchingCertificate;
        Set privateCredentials;
        X509Certificate matchesProgrammaticInfo = XWSSUtil.matchesProgrammaticInfo(map, bArr, str);
        if (matchesProgrammaticInfo != null) {
            return matchesProgrammaticInfo;
        }
        if ("Identifier".equals(str)) {
            return getMatchingCertificate(map, bArr);
        }
        if (!MessageConstants.THUMB_PRINT_TYPE.equals(str)) {
            throw new XWSSecurityException("Internal Error : Unsupported Valuetype :" + str + " passed to getMatchingCertificate()");
        }
        Subject subject = getSubject(map);
        if (subject != null && (privateCredentials = subject.getPrivateCredentials(X500PrivateCredential.class)) != null) {
            Iterator it = privateCredentials.iterator();
            while (it.hasNext()) {
                X509Certificate certificate = ((X500PrivateCredential) it.next()).getCertificate();
                if (matchesThumbPrint(bArr, certificate)) {
                    return certificate;
                }
            }
        }
        Callback privateKeyCallback = new PrivateKeyCallback(new PrivateKeyCallback.DigestRequest(bArr, MessageConstants.SHA_1));
        Callback trustStoreCallback = new TrustStoreCallback();
        Callback certStoreCallback = new CertStoreCallback();
        try {
            this._handler.handle(this.useXWSSCallbacks ? new Callback[]{new RuntimeProperties(map), privateKeyCallback, trustStoreCallback, certStoreCallback} : new Callback[]{privateKeyCallback, trustStoreCallback, certStoreCallback});
            Certificate[] chain = privateKeyCallback.getChain();
            if (chain != null) {
                if (chain.length == 1) {
                    return (X509Certificate) chain[0];
                }
                for (Certificate certificate2 : chain) {
                    X509Certificate x509Certificate = (X509Certificate) certificate2;
                    if (matchesThumbPrint(bArr, x509Certificate)) {
                        return x509Certificate;
                    }
                }
            }
            CertStore certStore = certStoreCallback.getCertStore();
            if (certStore != null) {
                try {
                    Collection<? extends Certificate> certificates = certStore.getCertificates(0 == 0 ? new DigestCertSelector(bArr, MessageConstants.SHA_1) : null);
                    if (!certificates.isEmpty()) {
                        return (X509Certificate) certificates.iterator().next();
                    }
                } catch (CertStoreException e) {
                    log.log(Level.SEVERE, LogStringsMessages.WSS_0713_ERROR_IN_CERTSTORE_LOOKUP(), (Throwable) e);
                    throw new XWSSecurityException(e);
                }
            }
            KeyStore trustStore = trustStoreCallback.getTrustStore();
            if (trustStore != null && (matchingCertificate = getMatchingCertificate(bArr, trustStore, str)) != null) {
                return matchingCertificate;
            }
            log.log(Level.SEVERE, LogStringsMessages.WSS_0706_NO_MATCHING_CERT(bArr), new Object[]{bArr});
            throw new XWSSecurityException("No Matching Certificate for :" + new String(bArr) + " found in KeyStore or TrustStore");
        } catch (Exception e2) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0216_CALLBACKHANDLER_HANDLE_EXCEPTION("PrivateKeyCallback.SubjectKeyIDRequest"), new Object[]{"PrivateKeyCallback.SubjectKeyIDRequest"});
            throw new XWSSecurityException(e2);
        }
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public SecretKey getSecretKey(Map map, String str, boolean z) throws XWSSecurityException {
        Callback secretKeyCallback = new SecretKeyCallback(new SecretKeyCallback.AliasRequest(str));
        try {
            this._handler.handle(this.useXWSSCallbacks ? new Callback[]{new RuntimeProperties(map), secretKeyCallback} : new Callback[]{secretKeyCallback});
            return secretKeyCallback.getKey();
        } catch (Exception e) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0216_CALLBACKHANDLER_HANDLE_EXCEPTION("SecretKeyCallback.AliasRequest"), new Object[]{"SecretKeyCallback.AliasRequest"});
            throw new XWSSecurityException(e);
        }
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public X509Certificate getCertificate(Map map, String str, boolean z) throws XWSSecurityException {
        Set<X500PrivateCredential> privateCredentials;
        CertSelector certSelector;
        CertSelector certSelector2;
        String str2 = str;
        X509Certificate x509Certificate = null;
        if (str == null || "".equals(str)) {
            if (z) {
                if (map != null) {
                    Object obj = map.get(XWSSConstants.CERTIFICATE_PROPERTY);
                    if (obj instanceof X509Certificate) {
                        return (X509Certificate) obj;
                    }
                    if (obj != null) {
                        throw new RuntimeException("CERTIFICATE_PROPERTY does not seem to be set to a valid X509Ceritificate");
                    }
                }
                if (this.myAlias != null) {
                    str2 = this.myAlias;
                } else if (this.keystoreCertSelectorClass != null) {
                    try {
                        str2 = ((AliasSelector) this.keystoreCertSelectorClass.getConstructor(new Class[0]).newInstance(new Object[0])).select(map);
                    } catch (ReflectiveOperationException e) {
                        log.log(Level.SEVERE, LogStringsMessages.WSS_0811_EXCEPTION_INSTANTIATING_ALIASSELECTOR(), (Throwable) e);
                        throw new RuntimeException(e);
                    }
                }
            } else {
                if (map != null) {
                    Object obj2 = map.get(XWSSConstants.SERVER_CERTIFICATE_PROPERTY);
                    if (obj2 instanceof X509Certificate) {
                        return (X509Certificate) obj2;
                    }
                }
                if (this.peerEntityAlias != null) {
                    str2 = this.peerEntityAlias;
                }
            }
        }
        if (z) {
            try {
                Subject subject = getSubject(map);
                if (subject != null && (privateCredentials = subject.getPrivateCredentials(X500PrivateCredential.class)) != null) {
                    for (X500PrivateCredential x500PrivateCredential : privateCredentials) {
                        if (x500PrivateCredential.getAlias().equals(str2)) {
                            return x500PrivateCredential.getCertificate();
                        }
                    }
                }
                Callback privateKeyCallback = new PrivateKeyCallback(new PrivateKeyCallback.AliasRequest(str2));
                this._handler.handle(this.useXWSSCallbacks ? new Callback[]{new RuntimeProperties(map), privateKeyCallback} : new Callback[]{privateKeyCallback});
                Certificate[] chain = privateKeyCallback.getChain();
                if (chain != null) {
                    x509Certificate = (X509Certificate) chain[0];
                } else if (log.isLoggable(Level.FINE)) {
                    log.log(Level.SEVERE, LogStringsMessages.WSS_0296_NULL_CHAIN_CERT());
                }
            } catch (Exception e2) {
                log.log(Level.SEVERE, LogStringsMessages.WSS_0221_CANNOT_LOCATE_CERT(str), new Object[]{str});
                throw new XWSSecurityException(e2);
            }
        } else if (str2 == null || "".equals(str2)) {
            if (this.certSelectorClass != null) {
                Callback certStoreCallback = new CertStoreCallback();
                try {
                    this._handler.handle(this.useXWSSCallbacks ? new Callback[]{new RuntimeProperties(map), certStoreCallback} : new Callback[]{certStoreCallback});
                    if (certStoreCallback.getCertStore() != null && (certSelector2 = XWSSUtil.getCertSelector(this.certSelectorClass, map)) != null) {
                        try {
                            Collection<? extends Certificate> certificates = certStoreCallback.getCertStore().getCertificates(certSelector2);
                            if (certificates.size() > 0) {
                                x509Certificate = (X509Certificate) certificates.iterator().next();
                            }
                        } catch (CertStoreException e3) {
                            log.log(Level.SEVERE, LogStringsMessages.WSS_0813_FAILEDTO_GETCERTIFICATE(), (Throwable) e3);
                            throw new RuntimeException(e3);
                        }
                    }
                } catch (IOException e4) {
                    log.log(Level.SEVERE, LogStringsMessages.WSS_0221_CANNOT_LOCATE_CERT(str), new Object[]{str});
                    throw new XWSSecurityException(e4);
                } catch (UnsupportedCallbackException e5) {
                    log.log(Level.SEVERE, LogStringsMessages.WSS_0221_CANNOT_LOCATE_CERT(str), new Object[]{str});
                    throw new XWSSecurityException(e5);
                }
            }
            if (x509Certificate == null && this.truststoreCertSelectorClass != null) {
                Callback trustStoreCallback = new TrustStoreCallback();
                try {
                    this._handler.handle(this.useXWSSCallbacks ? new Callback[]{new RuntimeProperties(map), trustStoreCallback} : new Callback[]{trustStoreCallback});
                    KeyStore trustStore = trustStoreCallback.getTrustStore();
                    if (trustStore != null && this.truststoreCertSelectorClass != null && (certSelector = XWSSUtil.getCertSelector(this.truststoreCertSelectorClass, map)) != null) {
                        try {
                            Enumeration<String> aliases = trustStore.aliases();
                            while (aliases.hasMoreElements()) {
                                try {
                                    Certificate certificate = trustStore.getCertificate(aliases.nextElement());
                                    if ((certificate instanceof X509Certificate) && certSelector.match(certificate)) {
                                        return (X509Certificate) certificate;
                                    }
                                } catch (KeyStoreException e6) {
                                    log.log(Level.SEVERE, LogStringsMessages.WSS_0813_FAILEDTO_GETCERTIFICATE(), (Throwable) e6);
                                    throw new RuntimeException(e6);
                                }
                            }
                        } catch (KeyStoreException e7) {
                            log.log(Level.SEVERE, LogStringsMessages.WSS_0813_FAILEDTO_GETCERTIFICATE(), (Throwable) e7);
                            throw new RuntimeException(e7);
                        }
                    }
                } catch (IOException e8) {
                    log.log(Level.SEVERE, LogStringsMessages.WSS_0221_CANNOT_LOCATE_CERT(str), new Object[]{str});
                    throw new XWSSecurityException(e8);
                } catch (UnsupportedCallbackException e9) {
                    log.log(Level.SEVERE, LogStringsMessages.WSS_0221_CANNOT_LOCATE_CERT(str), new Object[]{str});
                    throw new XWSSecurityException(e9);
                }
            }
            if (x509Certificate == null) {
                x509Certificate = getDynamicCertificate(map);
            }
        } else {
            Callback trustStoreCallback2 = new TrustStoreCallback();
            try {
                this._handler.handle(this.useXWSSCallbacks ? new Callback[]{new RuntimeProperties(map), trustStoreCallback2} : new Callback[]{trustStoreCallback2});
                if (trustStoreCallback2.getTrustStore() != null) {
                    try {
                        x509Certificate = (X509Certificate) trustStoreCallback2.getTrustStore().getCertificate(str2);
                    } catch (KeyStoreException e10) {
                        log.log(Level.SEVERE, LogStringsMessages.WSS_0221_CANNOT_LOCATE_CERT(str), new Object[]{str});
                        throw new XWSSecurityException(e10);
                    }
                }
            } catch (IOException e11) {
                log.log(Level.SEVERE, LogStringsMessages.WSS_0221_CANNOT_LOCATE_CERT(str), new Object[]{str});
                throw new XWSSecurityException(e11);
            } catch (UnsupportedCallbackException e12) {
                log.log(Level.SEVERE, LogStringsMessages.WSS_0221_CANNOT_LOCATE_CERT(str), new Object[]{str});
                throw new XWSSecurityException(e12);
            }
        }
        if (x509Certificate != null) {
            return x509Certificate;
        }
        log.log(Level.SEVERE, LogStringsMessages.WSS_0221_CANNOT_LOCATE_CERT(str2));
        throw new XWSSecurityException("Unable to locate certificate for the alias '" + str2 + "'");
    }

    private boolean isMyCert(X509Certificate x509Certificate, Map map) {
        try {
            X509Certificate defaultCertificate = getDefaultCertificate(map);
            if (defaultCertificate != null) {
                return defaultCertificate.equals(x509Certificate);
            }
            return false;
        } catch (XWSSecurityException e) {
            return false;
        }
    }

    private Class loadUsingResourceLoader(String str) {
        if (log.isLoggable(Level.FINE)) {
            log.log(Level.FINE, "Entered loadUsingResourceLoader to load class.." + str);
        }
        if (this.container == null) {
            if (!log.isLoggable(Level.FINE)) {
                return null;
            }
            log.log(Level.FINE, "Failed to obtain \"Container\" for getting ResourceLoader SPI ....");
            return null;
        }
        ResourceLoader resourceLoader = (ResourceLoader) this.container.getSPI(ResourceLoader.class);
        if (resourceLoader == null) {
            if (!log.isLoggable(Level.FINE)) {
                return null;
            }
            log.log(Level.FINE, "Failed to obtain ResourceLoader instance....");
            return null;
        }
        if (log.isLoggable(Level.FINE)) {
            log.log(Level.FINE, "Obtained Non null ResourceLoader instance....");
        }
        try {
            return URLClassLoader.newInstance(new URL[]{resourceLoader.getResource(str)}, getClass().getClassLoader()).loadClass(str);
        } catch (ClassNotFoundException | MalformedURLException e) {
            if (!log.isLoggable(Level.FINE)) {
                return null;
            }
            log.log(Level.FINE, "Failed load class using ResourceLoader instance....", e);
            return null;
        }
    }

    private boolean matchesKeyIdentifier(byte[] bArr, X509Certificate x509Certificate) throws XWSSecurityException {
        byte[] subjectKeyIdentifier = X509SubjectKeyIdentifier.getSubjectKeyIdentifier(x509Certificate);
        if (subjectKeyIdentifier == null) {
            return false;
        }
        return Arrays.equals(bArr, subjectKeyIdentifier);
    }

    private boolean matchesThumbPrint(byte[] bArr, X509Certificate x509Certificate) throws XWSSecurityException {
        byte[] thumbprintIdentifier = XWSSUtil.getThumbprintIdentifier(x509Certificate);
        if (thumbprintIdentifier == null) {
            return false;
        }
        return Arrays.equals(bArr, thumbprintIdentifier);
    }

    private X509Certificate getMatchingCertificate(byte[] bArr, KeyStore keyStore) throws XWSSecurityException {
        X509Certificate x509Certificate;
        byte[] subjectKeyIdentifier;
        if (keyStore == null) {
            return null;
        }
        try {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                Certificate certificate = keyStore.getCertificate(aliases.nextElement());
                if (certificate != null && "X.509".equals(certificate.getType()) && (subjectKeyIdentifier = X509SubjectKeyIdentifier.getSubjectKeyIdentifier((x509Certificate = (X509Certificate) certificate))) != null && Arrays.equals(bArr, subjectKeyIdentifier)) {
                    return x509Certificate;
                }
            }
            return null;
        } catch (KeyStoreException e) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0706_NO_MATCHING_CERT(bArr), new Object[]{bArr});
            throw new XWSSecurityException("No Matching Certificate for :" + new String(bArr) + " found in KeyStore.", e);
        }
    }

    private X509Certificate getMatchingCertificate(byte[] bArr, KeyStore keyStore, String str) throws XWSSecurityException {
        if ("Identifier".equals(str)) {
            return getMatchingCertificate(bArr, keyStore);
        }
        if (!MessageConstants.THUMB_PRINT_TYPE.equals(str)) {
            throw new XWSSecurityException("Internal Error : Unsupported Valuetype :" + str + " passed to getMatchingCertificate()");
        }
        if (keyStore == null) {
            return null;
        }
        try {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                Certificate certificate = keyStore.getCertificate(aliases.nextElement());
                if (certificate != null && "X.509".equals(certificate.getType())) {
                    X509Certificate x509Certificate = (X509Certificate) certificate;
                    if (Arrays.equals(bArr, XWSSUtil.getThumbprintIdentifier(x509Certificate))) {
                        return x509Certificate;
                    }
                }
            }
            return null;
        } catch (KeyStoreException e) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0706_NO_MATCHING_CERT(bArr), new Object[]{bArr});
            throw new XWSSecurityException("No Matching Certificate for :" + new String(bArr) + " found in KeyStore.", e);
        }
    }

    private boolean matchesIssuerSerialAndName(BigInteger bigInteger, String str, X509Certificate x509Certificate) {
        return x509Certificate.getSerialNumber().equals(bigInteger) && x509Certificate.getIssuerX500Principal().equals(new X500Principal(str));
    }

    private X509Certificate getMatchingCertificate(BigInteger bigInteger, String str, KeyStore keyStore) throws XWSSecurityException {
        if (keyStore == null) {
            return null;
        }
        try {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                Certificate certificate = keyStore.getCertificate(aliases.nextElement());
                if (certificate != null && "X.509".equals(certificate.getType())) {
                    X509Certificate x509Certificate = (X509Certificate) certificate;
                    X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
                    X500Principal x500Principal = new X500Principal(str);
                    if (x509Certificate.getSerialNumber().equals(bigInteger) && issuerX500Principal.getName().equals(x500Principal)) {
                        return x509Certificate;
                    }
                }
            }
            return null;
        } catch (KeyStoreException e) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0706_NO_MATCHING_CERT(str + " : " + String.valueOf(bigInteger)), new Object[]{str + " : " + String.valueOf(bigInteger)});
            throw new XWSSecurityException("No Matching Certificate for :" + str + " : " + String.valueOf(bigInteger) + " found in KeyStore.", e);
        }
    }

    private X509Certificate getMatchingCertificate(PublicKey publicKey, KeyStore keyStore) throws XWSSecurityException {
        if (keyStore == null) {
            return null;
        }
        try {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                Certificate certificate = keyStore.getCertificate(aliases.nextElement());
                if (certificate != null && "X.509".equals(certificate.getType())) {
                    X509Certificate x509Certificate = (X509Certificate) certificate;
                    if (x509Certificate.getPublicKey().equals(publicKey)) {
                        return x509Certificate;
                    }
                }
            }
            return null;
        } catch (KeyStoreException e) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0706_NO_MATCHING_CERT(publicKey), new Object[]{publicKey});
            throw new XWSSecurityException("No Matching Certificate for :" + String.valueOf(publicKey) + " found in KeyStore.", e);
        }
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public void updateOtherPartySubject(Subject subject, String str, String str2) {
        try {
            this._handler.handle(new Callback[]{new CallerPrincipalCallback(subject, str)});
        } catch (Exception e) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0216_CALLBACKHANDLER_HANDLE_EXCEPTION("CallerPrincipalCallback"), new Object[]{"CallerPrincipalCallback"});
            throw new XWSSecurityRuntimeException(e);
        }
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public void updateOtherPartySubject(final Subject subject, final X509Certificate x509Certificate) {
        X500Principal subjectX500Principal = x509Certificate.getSubjectX500Principal();
        AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: com.sun.xml.wss.impl.misc.WSITProviderSecurityEnvironment.1
            @Override // java.security.PrivilegedAction
            public Object run() {
                subject.getPublicCredentials().add(x509Certificate);
                return null;
            }
        });
        try {
            this._handler.handle(new Callback[]{new CallerPrincipalCallback(subject, subjectX500Principal)});
        } catch (Exception e) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0216_CALLBACKHANDLER_HANDLE_EXCEPTION("CallerPrincipalCallback"), new Object[]{"CallerPrincipalCallback"});
            throw new XWSSecurityRuntimeException(e);
        }
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public void updateOtherPartySubject(final Subject subject, final Assertion assertion) {
        if (this.sValidator instanceof SAMLValidator) {
            return;
        }
        AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: com.sun.xml.wss.impl.misc.WSITProviderSecurityEnvironment.2
            @Override // java.security.PrivilegedAction
            public Object run() {
                subject.getPublicCredentials().add(assertion);
                return null;
            }
        });
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public PublicKey getPublicKey(Map map, BigInteger bigInteger, String str) throws XWSSecurityException {
        return getCertificate(map, bigInteger, str).getPublicKey();
    }

    public PublicKey getPublicKey(String str) throws XWSSecurityException {
        try {
            return getMatchingCertificate((Map) null, getDecodedBase64EncodedData(str)).getPublicKey();
        } catch (Exception e) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0706_NO_MATCHING_CERT(str), new Object[]{str});
            throw new XWSSecurityException("No Matching Certificate for :" + str + " found in KeyStore ");
        }
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public PublicKey getPublicKey(Map map, byte[] bArr) throws XWSSecurityException {
        try {
            return getCertificate(map, bArr).getPublicKey();
        } catch (Exception e) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0706_NO_MATCHING_CERT(bArr), new Object[]{bArr});
            throw new XWSSecurityException(e);
        }
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public PublicKey getPublicKey(Map map, byte[] bArr, String str) throws XWSSecurityException {
        return getCertificate(map, bArr, str).getPublicKey();
    }

    private byte[] getDecodedBase64EncodedData(String str) throws XWSSecurityException {
        try {
            return java.util.Base64.getMimeDecoder().decode(str);
        } catch (IllegalArgumentException e) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0144_UNABLETO_DECODE_BASE_64_DATA(e.getMessage()), (Throwable) e);
            throw new SecurityHeaderException("Unable to decode Base64 encoded data", e);
        }
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public X509Certificate getCertificate(Map map, BigInteger bigInteger, String str) throws XWSSecurityException {
        X509Certificate matchesProgrammaticInfo;
        return (map == null || (matchesProgrammaticInfo = XWSSUtil.matchesProgrammaticInfo(map.get(XWSSConstants.SERVER_CERTIFICATE_PROPERTY), bigInteger, str)) == null) ? getMatchingCertificate(map, bigInteger, str) : matchesProgrammaticInfo;
    }

    public X509Certificate getCertificate(String str) throws XWSSecurityException {
        try {
            return getMatchingCertificate((Map) null, getDecodedBase64EncodedData(str));
        } catch (Exception e) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0711_ERROR_MATCH_CERT_FOR_DECODED_STRING(), (Throwable) e);
            throw new XWSSecurityException(e);
        }
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public PrivateKey getPrivateKey(Map map, PublicKey publicKey, boolean z) {
        PrivateKey programmaticPrivateKey;
        if (XWSSUtil.matchesProgrammaticInfo(map, publicKey) != null && (programmaticPrivateKey = XWSSUtil.getProgrammaticPrivateKey(map)) != null) {
            return programmaticPrivateKey;
        }
        try {
            if (getCertificate(map, this.myAlias, true).getPublicKey().equals(publicKey)) {
                return getPrivateKey(map, this.myAlias);
            }
            throw new XWSSecurityRuntimeException("Could not locate Matching Private Key for: " + String.valueOf(publicKey));
        } catch (XWSSecurityException e) {
            throw new XWSSecurityRuntimeException(e);
        }
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public X509Certificate getCertificate(Map map, byte[] bArr) {
        X509Certificate matchesProgrammaticInfo = XWSSUtil.matchesProgrammaticInfo(map, bArr, "Identifier");
        if (matchesProgrammaticInfo != null) {
            return matchesProgrammaticInfo;
        }
        try {
            return getMatchingCertificate(map, bArr);
        } catch (XWSSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public X509Certificate getCertificate(Map map, PublicKey publicKey, boolean z) throws XWSSecurityException {
        X509Certificate matchingCertificate;
        Set privateCredentials;
        X509Certificate matchesProgrammaticInfo;
        if (map != null && (matchesProgrammaticInfo = XWSSUtil.matchesProgrammaticInfo(map.get(XWSSConstants.SERVER_CERTIFICATE_PROPERTY), publicKey)) != null) {
            return matchesProgrammaticInfo;
        }
        Subject subject = getSubject(map);
        if (subject != null && (privateCredentials = subject.getPrivateCredentials(X500PrivateCredential.class)) != null) {
            Iterator it = privateCredentials.iterator();
            while (it.hasNext()) {
                X509Certificate certificate = ((X500PrivateCredential) it.next()).getCertificate();
                if (certificate.getPublicKey().equals(publicKey)) {
                    return certificate;
                }
            }
        }
        if (!z) {
            Callback certStoreCallback = new CertStoreCallback();
            Callback trustStoreCallback = new TrustStoreCallback();
            try {
                this._handler.handle(this.useXWSSCallbacks ? new Callback[]{new RuntimeProperties(map), certStoreCallback, trustStoreCallback} : new Callback[]{certStoreCallback, trustStoreCallback});
                CertStore certStore = certStoreCallback.getCertStore();
                if (certStore != null) {
                    PublicKeyCertSelector publicKeyCertSelector = null;
                    if (0 == 0) {
                        publicKeyCertSelector = new PublicKeyCertSelector(publicKey);
                    }
                    try {
                        Collection<? extends Certificate> certificates = certStore.getCertificates(publicKeyCertSelector);
                        if (!certificates.isEmpty()) {
                            return (X509Certificate) certificates.iterator().next();
                        }
                    } catch (CertStoreException e) {
                        log.log(Level.SEVERE, LogStringsMessages.WSS_0713_ERROR_IN_CERTSTORE_LOOKUP(), (Throwable) e);
                        throw new XWSSecurityException(e);
                    }
                }
                KeyStore trustStore = trustStoreCallback.getTrustStore();
                if (trustStore != null && (matchingCertificate = getMatchingCertificate(publicKey, trustStore)) != null) {
                    return matchingCertificate;
                }
            } catch (Exception e2) {
                log.log(Level.SEVERE, LogStringsMessages.WSS_0216_CALLBACKHANDLER_HANDLE_EXCEPTION("CertStoreCallback"), new Object[]{"CertStoreCallback"});
                throw new XWSSecurityException(e2);
            }
        }
        log.log(Level.SEVERE, LogStringsMessages.WSS_0216_CALLBACKHANDLER_HANDLE_EXCEPTION(publicKey), new Object[]{publicKey});
        throw new XWSSecurityException("No Matching Certificate for :" + String.valueOf(publicKey) + " found in KeyStore or TrustStore");
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public X509Certificate getCertificate(Map map, byte[] bArr, String str) throws XWSSecurityException {
        X509Certificate matchesProgrammaticInfo;
        return (map == null || (matchesProgrammaticInfo = XWSSUtil.matchesProgrammaticInfo(map.get(XWSSConstants.SERVER_CERTIFICATE_PROPERTY), bArr, str)) == null) ? "Identifier".equals(str) ? getMatchingCertificate(map, bArr) : getMatchingCertificate(map, bArr, str) : matchesProgrammaticInfo;
    }

    public boolean validateSamlIssuer(String str) {
        return true;
    }

    public boolean validateSamlUser(String str, String str2, String str3) {
        return true;
    }

    public void setSubject(Subject subject, Map map) {
        map.put(MessageConstants.SELF_SUBJECT, subject);
    }

    public void setRequesterSubject(Subject subject, Map map) {
        map.put(MessageConstants.AUTH_SUBJECT, subject);
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public Subject getSubject() {
        return null;
    }

    public Subject getSubject(Map map) {
        if (map == null) {
            return null;
        }
        return this.loginContextSubjectForKeystore != null ? this.loginContextSubjectForKeystore : (Subject) map.get(MessageConstants.SELF_SUBJECT);
    }

    public Subject getRequesterSubject(final Map map) {
        if (map == null) {
            return null;
        }
        Subject subject = (Subject) map.get(MessageConstants.AUTH_SUBJECT);
        return subject != null ? subject : (Subject) AccessController.doPrivileged(new PrivilegedAction<Subject>() { // from class: com.sun.xml.wss.impl.misc.WSITProviderSecurityEnvironment.3
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Subject run() {
                Subject subject2 = new Subject();
                map.put(MessageConstants.AUTH_SUBJECT, subject2);
                return subject2;
            }
        });
    }

    private Date getGMTDateWithSkewAdjusted(Calendar calendar, boolean z) {
        long j = calendar.get(15);
        if (calendar.getTimeZone().inDaylightTime(calendar.getTime())) {
            j += calendar.getTimeZone().getDSTSavings();
        }
        long timeInMillis = calendar.getTimeInMillis() - j;
        calendar.setTimeInMillis(z ? timeInMillis + 300000 : timeInMillis - 300000);
        return calendar.getTime();
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public String getUsername(Map map) {
        if (map == null) {
            return null;
        }
        if (this.myUsername != null) {
            return this.myUsername;
        }
        String str = (String) map.get(XWSSConstants.USERNAME_PROPERTY);
        if (str == null) {
            str = (String) map.get("jakarta.xml.ws.security.auth.username");
        }
        if (str != null) {
            return str;
        }
        Callback nameCallback = new NameCallback("Username: ");
        try {
            Callback[] callbackArr = this.useXWSSCallbacks ? new Callback[]{new RuntimeProperties(map), nameCallback} : new Callback[]{nameCallback};
            if (this.usernameCbHandler != null) {
                this.usernameHandler = (CallbackHandler) this.usernameCbHandler.getConstructor(new Class[0]).newInstance(new Object[0]);
                this.usernameHandler.handle(callbackArr);
                nameCallback.setName(((NameCallback) callbackArr[0]).getName());
            } else {
                if (log.isLoggable(Level.FINE)) {
                    log.log(Level.FINE, "Got NULL for Username Callback Handler");
                }
                if (!this.isAppClient) {
                    return null;
                }
                this._handler.handle(callbackArr);
            }
            return nameCallback.getName();
        } catch (Exception e) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0216_CALLBACKHANDLER_HANDLE_EXCEPTION("NameCallback"), new Object[]{"NameCallback"});
            throw new RuntimeException(e);
        }
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public String getPassword(Map map) throws XWSSecurityException {
        if (this.myPassword != null) {
            if (!this.myPassword.startsWith("$")) {
                return this.myPassword;
            }
            Callback secretKeyCallback = new SecretKeyCallback(new SecretKeyCallback.AliasRequest(this.myPassword.substring(1)));
            try {
                this._handler.handle(this.useXWSSCallbacks ? new Callback[]{new RuntimeProperties(map), secretKeyCallback} : new Callback[]{secretKeyCallback});
                return new String(secretKeyCallback.getKey().getEncoded());
            } catch (Exception e) {
                log.log(Level.SEVERE, LogStringsMessages.WSS_0216_CALLBACKHANDLER_HANDLE_EXCEPTION("SecretKeyCallback.AliasRequest"), new Object[]{"SecretKeyCallback.AliasRequest"});
                throw new XWSSecurityException(e);
            }
        }
        String str = (String) map.get("password");
        if (str == null) {
            str = (String) map.get("jakarta.xml.ws.security.auth.password");
        }
        if (str != null) {
            return str;
        }
        PasswordCallback passwordCallback = new PasswordCallback("Password: ", false);
        Callback[] callbackArr = this.useXWSSCallbacks ? new Callback[]{new RuntimeProperties(map), passwordCallback} : new Callback[]{passwordCallback};
        try {
            if (this.passwordCbHandler != null) {
                this.passwordHandler = (CallbackHandler) this.passwordCbHandler.getConstructor(new Class[0]).newInstance(new Object[0]);
                this.passwordHandler.handle(callbackArr);
                passwordCallback.setPassword(((PasswordCallback) callbackArr[0]).getPassword());
            } else {
                if (!this.isAppClient) {
                    return null;
                }
                this._handler.handle(this.useXWSSCallbacks ? new Callback[]{new RuntimeProperties(map), passwordCallback} : new Callback[]{passwordCallback});
            }
            if (passwordCallback.getPassword() == null) {
                return null;
            }
            return new String(passwordCallback.getPassword());
        } catch (Exception e2) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0225_FAILED_PASSWORD_VALIDATION_CALLBACK(), (Throwable) e2);
            throw new RuntimeException(e2);
        }
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public boolean validateAndCacheNonce(Map map, String str, String str2, long j) throws XWSSecurityException {
        return (this.mna != null ? NonceManager.getInstance(this.maxNonceAge, (WSEndpoint) map.get(MessageConstants.WSENDPOINT)) : NonceManager.getInstance(j, (WSEndpoint) map.get(MessageConstants.WSENDPOINT))).validateNonce(str, str2);
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public void validateTimestamp(Map map, String str, String str2, long j, long j2) throws XWSSecurityException {
        if (this.tsValidator != null) {
            TimestampValidationCallback timestampValidationCallback = new TimestampValidationCallback(new TimestampValidationCallback.UTCTimestampRequest(str, str2, j, j2));
            ProcessingContext.copy(timestampValidationCallback.getRuntimeProperties(), map);
            timestampValidationCallback.setValidator(this.tsValidator);
            try {
                timestampValidationCallback.getResult();
                return;
            } catch (TimestampValidationCallback.TimestampValidationException e) {
                log.log(Level.SEVERE, LogStringsMessages.WSS_0229_FAILED_VALIDATING_TIME_STAMP(), (Throwable) e);
                throw SOAPUtil.newSOAPFaultException(MessageConstants.WSSE_INVALID_SECURITY_TOKEN, e.getMessage(), e);
            }
        }
        if (this.useXWSSCallbacks) {
            TimestampValidationCallback timestampValidationCallback2 = new TimestampValidationCallback(new TimestampValidationCallback.UTCTimestampRequest(str, str2, j, j2));
            ProcessingContext.copy(timestampValidationCallback2.getRuntimeProperties(), map);
            try {
                this._handler.handle(new Callback[]{timestampValidationCallback2});
                return;
            } catch (UnsupportedCallbackException e2) {
            } catch (Exception e3) {
                log.log(Level.SEVERE, LogStringsMessages.WSS_0229_FAILED_VALIDATING_TIME_STAMP(), (Throwable) e3);
                throw SOAPUtil.newSOAPFaultException(MessageConstants.WSSE_INVALID_SECURITY_TOKEN, e3.getMessage(), e3);
            }
        }
        if (expiresBeforeCreated(str, str2)) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0232_EXPIRED_MESSAGE());
            throw DefaultSecurityEnvironmentImpl.newSOAPFaultException(MessageConstants.WSU_MESSAGE_EXPIRED, "Message expired!", new XWSSecurityException("Message expired!"));
        }
        validateCreationTime(map, str, j, j2);
        validateExpirationTime(str2, j, j2);
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public void validateTimestamp(Map map, Timestamp timestamp, long j, long j2) throws XWSSecurityException {
        validateTimestamp(map, timestamp.getCreated(), timestamp.getExpires(), j, j2);
    }

    private static boolean expiresBeforeCreated(String str, String str2) throws XWSSecurityException {
        Date parse;
        Date date = null;
        try {
            try {
                synchronized (calendarFormatter1) {
                    parse = calendarFormatter1.parse(str);
                }
                if (str2 != null) {
                    synchronized (calendarFormatter1) {
                        date = calendarFormatter1.parse(str2);
                    }
                }
            } catch (ParseException e) {
                synchronized (calendarFormatter2) {
                    parse = calendarFormatter2.parse(str);
                    if (str2 != null) {
                        synchronized (calendarFormatter2) {
                            date = calendarFormatter2.parse(str2);
                        }
                    }
                }
            }
            return date != null && date.before(parse);
        } catch (ParseException e2) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0394_ERROR_PARSING_EXPIRATIONTIME());
            throw new XWSSecurityException(e2.getMessage());
        }
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public void validateCreationTime(Map map, String str, long j, long j2) throws XWSSecurityException {
        Date parse;
        if (this.tsValidator != null) {
            TimestampValidationCallback.UTCTimestampRequest uTCTimestampRequest = new TimestampValidationCallback.UTCTimestampRequest(str, null, j, j2);
            uTCTimestampRequest.isUsernameToken(true);
            TimestampValidationCallback timestampValidationCallback = new TimestampValidationCallback(uTCTimestampRequest);
            ProcessingContext.copy(timestampValidationCallback.getRuntimeProperties(), map);
            timestampValidationCallback.setValidator(this.tsValidator);
            try {
                timestampValidationCallback.getResult();
                return;
            } catch (TimestampValidationCallback.TimestampValidationException e) {
                log.log(Level.SEVERE, LogStringsMessages.WSS_0229_FAILED_VALIDATING_TIME_STAMP(), (Throwable) e);
                throw SOAPUtil.newSOAPFaultException(MessageConstants.WSSE_INVALID_SECURITY_TOKEN, e.getMessage(), e);
            }
        }
        if (this.useXWSSCallbacks) {
            TimestampValidationCallback timestampValidationCallback2 = new TimestampValidationCallback(new TimestampValidationCallback.UTCTimestampRequest(str, null, j, j2));
            ProcessingContext.copy(timestampValidationCallback2.getRuntimeProperties(), map);
            try {
                this._handler.handle(new Callback[]{timestampValidationCallback2});
                return;
            } catch (UnsupportedCallbackException e2) {
            } catch (Exception e3) {
                log.log(Level.SEVERE, LogStringsMessages.WSS_0229_FAILED_VALIDATING_TIME_STAMP(), (Throwable) e3);
                throw SOAPUtil.newSOAPFaultException(MessageConstants.WSSE_INVALID_SECURITY_TOKEN, e3.getMessage(), e3);
            }
        }
        long j3 = j;
        long j4 = j2;
        if (this.mcs != null && this.maxClockSkewG >= 0) {
            j3 = this.maxClockSkewG;
        }
        if (this.tfl != null && this.timestampFreshnessLimitG > 0) {
            j4 = this.timestampFreshnessLimitG;
        }
        try {
            synchronized (calendarFormatter1) {
                parse = calendarFormatter1.parse(str);
            }
        } catch (ParseException e4) {
            try {
                synchronized (calendarFormatter2) {
                    parse = calendarFormatter2.parse(str);
                }
            } catch (ParseException e5) {
                log.log(Level.SEVERE, LogStringsMessages.WSS_0226_FAILED_VALIDATING_DEFAULT_CREATION_TIME(), (Throwable) e5);
                throw new XWSSecurityException("Exception while parsing Creation Time :" + e5.getMessage());
            }
        }
        if (parse.before(getFreshnessAndSkewAdjustedDate(j3, j4))) {
            throw SOAPUtil.newSOAPFaultException(MessageConstants.WSSE_INVALID_SECURITY, "Creation Time is older than configured Timestamp Freshness Interval!", new XWSSecurityException("Creation Time is older than configured Timestamp Freshness Interval!"), true);
        }
        if (getGMTDateWithSkewAdjusted(new GregorianCalendar(), j3, true).before(parse)) {
            throw SOAPUtil.newSOAPFaultException(MessageConstants.WSSE_INVALID_SECURITY, "Creation Time ahead of Current Time!", new XWSSecurityException("Creation Time ahead of Current Time!"), true);
        }
    }

    private void validateExpirationTime(String str, long j, long j2) throws XWSSecurityException {
        Date parse;
        long j3 = j;
        if (this.mcs != null && this.maxClockSkewG >= 0) {
            j3 = this.maxClockSkewG;
        }
        if (this.tfl != null && this.timestampFreshnessLimitG > 0) {
            long j4 = this.timestampFreshnessLimitG;
        }
        if (str != null) {
            try {
                synchronized (calendarFormatter1) {
                    parse = calendarFormatter1.parse(str);
                }
            } catch (ParseException e) {
                try {
                    synchronized (calendarFormatter2) {
                        parse = calendarFormatter2.parse(str);
                    }
                } catch (ParseException e2) {
                    log.log(Level.SEVERE, LogStringsMessages.WSS_0394_ERROR_PARSING_EXPIRATIONTIME());
                    throw new XWSSecurityException("Exception while parsing Expiration Time :" + e2.getMessage());
                }
            }
            if (parse.before(getGMTDateWithSkewAdjusted(new GregorianCalendar(), j3, false))) {
                throw DefaultSecurityEnvironmentImpl.newSOAPFaultException(MessageConstants.WSU_MESSAGE_EXPIRED, "Message Expired!", new XWSSecurityException("Message Expired!"));
            }
        }
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public CallbackHandler getCallbackHandler() {
        return this._handler;
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public void validateSAMLAssertion(Map map, Element element) {
        if (this.sValidator != null) {
            if (this.sValidator instanceof ValidatorExtension) {
                ((ValidatorExtension) this.sValidator).setRuntimeProperties(map);
            }
            if (this.sValidator instanceof SAMLValidator) {
                ((SAMLValidator) this.sValidator).validate(element, map, getRequesterSubject(map));
            } else {
                this.sValidator.validate(element);
            }
        }
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public Element locateSAMLAssertion(Map map, Element element, String str, Document document) throws XWSSecurityException {
        if (this.samlHandler == null) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0717_NO_SAML_CALLBACK_HANDLER());
            throw new XWSSecurityException(new UnsupportedCallbackException(null, "A Required SAML Callback Handler was not specified in configuration : Cannot Populate SAML Assertion"));
        }
        SAMLCallback sAMLCallback = new SAMLCallback();
        sAMLCallback.setAssertionId(str);
        sAMLCallback.setAuthorityBindingElement(element);
        try {
            this.samlHandler.handle(new Callback[]{sAMLCallback});
            return sAMLCallback.getAssertionElement();
        } catch (IOException e) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0718_EXCEPTION_INVOKING_SAML_HANDLER(), (Throwable) e);
            throw new XWSSecurityException(e);
        } catch (UnsupportedCallbackException e2) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0718_EXCEPTION_INVOKING_SAML_HANDLER(), (Throwable) e2);
            throw new XWSSecurityException(e2);
        }
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public AuthenticationTokenPolicy.SAMLAssertionBinding populateSAMLPolicy(Map map, AuthenticationTokenPolicy.SAMLAssertionBinding sAMLAssertionBinding, DynamicApplicationContext dynamicApplicationContext) throws XWSSecurityException {
        AuthenticationTokenPolicy.SAMLAssertionBinding sAMLAssertionBinding2 = (AuthenticationTokenPolicy.SAMLAssertionBinding) sAMLAssertionBinding.clone();
        if ("SV".equals(sAMLAssertionBinding.getAssertionType())) {
            if (this.samlHandler == null) {
                log.log(Level.SEVERE, LogStringsMessages.WSS_0717_NO_SAML_CALLBACK_HANDLER());
                throw new XWSSecurityException(new UnsupportedCallbackException(null, "A Required SAML Callback Handler was not specified in configuration : Cannot Populate SAML Assertion"));
            }
            SAMLCallback sAMLCallback = new SAMLCallback();
            SecurityUtil.copy(sAMLCallback.getRuntimeProperties(), map);
            sAMLCallback.setConfirmationMethod(SAMLCallback.SV_ASSERTION_TYPE);
            sAMLCallback.setSAMLVersion(sAMLAssertionBinding.getSAMLVersion());
            try {
                this.samlHandler.handle(new Callback[]{sAMLCallback});
                sAMLAssertionBinding2.setAssertion(sAMLCallback.getAssertionElement());
                sAMLAssertionBinding2.setAssertion(sAMLCallback.getAssertionReader());
                sAMLAssertionBinding2.setAuthorityBinding(sAMLCallback.getAuthorityBindingElement());
                sAMLAssertionBinding2.setSAMLVersion(sAMLCallback.getSAMLVersion());
            } catch (IOException e) {
                log.log(Level.SEVERE, LogStringsMessages.WSS_0718_EXCEPTION_INVOKING_SAML_HANDLER(), (Throwable) e);
                throw new XWSSecurityException(e);
            } catch (UnsupportedCallbackException e2) {
                log.log(Level.SEVERE, LogStringsMessages.WSS_0718_EXCEPTION_INVOKING_SAML_HANDLER(), (Throwable) e2);
                throw new XWSSecurityException(e2);
            }
        } else {
            if (this.samlHandler == null) {
                log.log(Level.SEVERE, LogStringsMessages.WSS_0717_NO_SAML_CALLBACK_HANDLER());
                throw new XWSSecurityException(new UnsupportedCallbackException(null, "A Required SAML Callback Handler was not specified in configuration : Cannot Populate SAML Assertion"));
            }
            SAMLCallback sAMLCallback2 = new SAMLCallback();
            SecurityUtil.copy(sAMLCallback2.getRuntimeProperties(), map);
            sAMLCallback2.setConfirmationMethod(SAMLCallback.HOK_ASSERTION_TYPE);
            sAMLCallback2.setSAMLVersion(sAMLAssertionBinding.getSAMLVersion());
            try {
                this.samlHandler.handle(new Callback[]{sAMLCallback2});
                sAMLAssertionBinding2.setAssertion(sAMLCallback2.getAssertionElement());
                sAMLAssertionBinding2.setAuthorityBinding(sAMLCallback2.getAuthorityBindingElement());
                sAMLAssertionBinding2.setAssertion(sAMLCallback2.getAssertionReader());
                ((PrivateKeyBinding) sAMLAssertionBinding2.newPrivateKeyBinding()).setPrivateKey(getPrivateKey(map, this.myAlias));
                sAMLAssertionBinding2.setAssertionId(sAMLCallback2.getAssertionId());
                sAMLAssertionBinding2.setSAMLVersion(sAMLCallback2.getSAMLVersion());
            } catch (IOException e3) {
                log.log(Level.SEVERE, LogStringsMessages.WSS_0718_EXCEPTION_INVOKING_SAML_HANDLER(), (Throwable) e3);
                throw new XWSSecurityException(e3);
            } catch (UnsupportedCallbackException e4) {
                log.log(Level.SEVERE, LogStringsMessages.WSS_0718_EXCEPTION_INVOKING_SAML_HANDLER(), (Throwable) e4);
                throw new XWSSecurityException(e4);
            }
        }
        return sAMLAssertionBinding2;
    }

    private static Date getGMTDateWithSkewAdjusted(Calendar calendar, long j, boolean z) {
        long j2 = calendar.get(15);
        if (calendar.getTimeZone().inDaylightTime(calendar.getTime())) {
            j2 += calendar.getTimeZone().getDSTSavings();
        }
        long timeInMillis = calendar.getTimeInMillis() - j2;
        calendar.setTimeInMillis(z ? timeInMillis + j : timeInMillis - j);
        return calendar.getTime();
    }

    private static Date getFreshnessAndSkewAdjustedDate(long j, long j2) {
        GregorianCalendar gregorianCalendar = new GregorianCalendar();
        long j3 = gregorianCalendar.get(15);
        if (gregorianCalendar.getTimeZone().inDaylightTime(gregorianCalendar.getTime())) {
            j3 += gregorianCalendar.getTimeZone().getDSTSavings();
        }
        gregorianCalendar.setTimeInMillis(((gregorianCalendar.getTimeInMillis() - j3) - j) - j2);
        return gregorianCalendar.getTime();
    }

    private X509Certificate getDynamicCertificate(Map map) {
        X509Certificate x509Certificate = null;
        X509Certificate x509Certificate2 = null;
        Subject requesterSubject = getRequesterSubject(map);
        if (requesterSubject == null) {
            return null;
        }
        Iterator<Object> it = requesterSubject.getPublicCredentials().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Object next = it.next();
            if (next instanceof X509Certificate) {
                X509Certificate x509Certificate3 = (X509Certificate) next;
                if (!isMyCert(x509Certificate3, map)) {
                    x509Certificate = x509Certificate3;
                    break;
                }
                x509Certificate2 = x509Certificate3;
            }
        }
        return x509Certificate != null ? x509Certificate : x509Certificate2;
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public PrivateKey getPrivateKey(Map map, byte[] bArr, String str) throws XWSSecurityException {
        Set<X500PrivateCredential> privateCredentials;
        PrivateKey programmaticPrivateKey;
        if (XWSSUtil.matchesProgrammaticInfo(map, bArr, str) != null && (programmaticPrivateKey = XWSSUtil.getProgrammaticPrivateKey(map)) != null) {
            return programmaticPrivateKey;
        }
        if ("Identifier".equals(str)) {
            return getPrivateKey(map, bArr);
        }
        if (!MessageConstants.THUMB_PRINT_TYPE.equals(str)) {
            throw new XWSSecurityException("Internal Error : Unsupported Valuetype :" + str + " passed to getPrivateKey()");
        }
        try {
            Subject subject = getSubject(map);
            if (subject != null && (privateCredentials = subject.getPrivateCredentials(X500PrivateCredential.class)) != null) {
                for (X500PrivateCredential x500PrivateCredential : privateCredentials) {
                    if (matchesThumbPrint(java.util.Base64.getMimeDecoder().decode(bArr), x500PrivateCredential.getCertificate())) {
                        return x500PrivateCredential.getPrivateKey();
                    }
                }
            }
            Callback privateKeyCallback = new PrivateKeyCallback(new PrivateKeyCallback.DigestRequest(bArr, MessageConstants.SHA_1));
            this._handler.handle(this.useXWSSCallbacks ? new Callback[]{new RuntimeProperties(map), privateKeyCallback} : new Callback[]{privateKeyCallback});
            return privateKeyCallback.getKey();
        } catch (Exception e) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0216_CALLBACKHANDLER_HANDLE_EXCEPTION("PrivateKeyCallback.SubjectKeyIDRequest"), new Object[]{"PrivateKeyCallback.SubjectKeyIDRequest"});
            throw new XWSSecurityException(e);
        }
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public void validateSAMLAssertion(Map map, XMLStreamReader xMLStreamReader) throws XWSSecurityException {
        if (this.sValidator != null) {
            if (this.sValidator instanceof ValidatorExtension) {
                ((ValidatorExtension) this.sValidator).setRuntimeProperties(map);
            }
            if (this.sValidator instanceof SAMLValidator) {
                ((SAMLValidator) this.sValidator).validate(xMLStreamReader, map, getRequesterSubject(map));
            } else {
                this.sValidator.validate(xMLStreamReader);
            }
        }
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public void updateOtherPartySubject(final Subject subject, final XMLStreamReader xMLStreamReader) {
        if (this.sValidator instanceof SAMLValidator) {
            return;
        }
        AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: com.sun.xml.wss.impl.misc.WSITProviderSecurityEnvironment.4
            @Override // java.security.PrivilegedAction
            public Object run() {
                subject.getPublicCredentials().add(xMLStreamReader);
                return null;
            }
        });
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public boolean isSelfCertificate(X509Certificate x509Certificate) {
        return false;
    }

    private Class loadClass(String str) throws XWSSecurityException {
        Class loadUsingResourceLoader;
        if (str == null) {
            return null;
        }
        Class<?> cls = null;
        ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
        if (contextClassLoader != null) {
            try {
                cls = contextClassLoader.loadClass(str);
                return cls;
            } catch (ClassNotFoundException e) {
                if (log.isLoggable(Level.FINE)) {
                    log.log(Level.FINE, "Failed to load class Thread Context ClassLoader..." + str);
                }
            }
        }
        try {
            cls = getClass().getClassLoader().loadClass(str);
            return cls;
        } catch (ClassNotFoundException e2) {
            if (log.isLoggable(Level.FINE)) {
                log.log(Level.FINE, "Failed to load class using this.getClass().getClassLoader()..." + str);
            }
            if (log.isLoggable(Level.FINE)) {
                log.log(Level.FINE, "Calling loadUsingResourceLoader to load class.." + str);
            }
            if (cls == null && (loadUsingResourceLoader = loadUsingResourceLoader(str)) != null) {
                return loadUsingResourceLoader;
            }
            log.log(Level.SEVERE, LogStringsMessages.WSS_0714_ERROR_GETTING_USER_CLASS(str), new Object[]{str});
            throw new XWSSecurityException("Could not find User Class " + str);
        }
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public void updateOtherPartySubject(Subject subject, Subject subject2) {
        SecurityUtil.copySubject(subject, subject2);
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public KerberosContext doKerberosLogin() throws XWSSecurityException {
        if (this.krbLoginModule == null || this.krbLoginModule.equals("")) {
            throw new XWSSecurityException("Login Module for Kerberos login is not set or could not be obtained");
        }
        if (this.krbServicePrincipal == null || this.krbServicePrincipal.equals("")) {
            throw new XWSSecurityException("Kerberos Service Principal is not set or could not be obtained");
        }
        return new KerberosLogin().login(this.krbLoginModule, this.krbServicePrincipal, this.krbCredentialDelegation);
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public KerberosContext doKerberosLogin(byte[] bArr) throws XWSSecurityException {
        return new KerberosLogin().login(this.krbLoginModule, bArr);
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public void updateOtherPartySubject(final Subject subject, final GSSName gSSName, final GSSCredential gSSCredential) {
        try {
            final KerberosPrincipal kerberosPrincipal = new KerberosPrincipal(gSSName.toString());
            this._handler.handle(new Callback[]{new CallerPrincipalCallback(subject, kerberosPrincipal.getName())});
            AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: com.sun.xml.wss.impl.misc.WSITProviderSecurityEnvironment.5
                @Override // java.security.PrivilegedAction
                public Object run() {
                    subject.getPrincipals().add(kerberosPrincipal);
                    subject.getPublicCredentials().add(gSSName);
                    if (gSSCredential == null) {
                        return null;
                    }
                    subject.getPrivateCredentials().add(gSSCredential);
                    return null;
                }
            });
        } catch (Exception e) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0216_CALLBACKHANDLER_HANDLE_EXCEPTION("CallerPrincipalCallback"), new Object[]{"CallerPrincipalCallback"});
            throw new XWSSecurityRuntimeException(e);
        }
    }
}
