package com.sun.xml.wss.impl.misc;

import com.sun.xml.ws.api.server.WSEndpoint;
import com.sun.xml.ws.security.impl.kerberos.KerberosContext;
import com.sun.xml.ws.security.impl.kerberos.KerberosLogin;
import com.sun.xml.ws.security.opt.impl.util.SOAPUtil;
import com.sun.xml.wss.NonceManager;
import com.sun.xml.wss.ProcessingContext;
import com.sun.xml.wss.RealmAuthenticationAdapter;
import com.sun.xml.wss.SecurityEnvironment;
import com.sun.xml.wss.XWSSecurityException;
import com.sun.xml.wss.core.Timestamp;
import com.sun.xml.wss.core.reference.X509SubjectKeyIdentifier;
import com.sun.xml.wss.impl.FilterProcessingContext;
import com.sun.xml.wss.impl.MessageConstants;
import com.sun.xml.wss.impl.SecurableSoapMessage;
import com.sun.xml.wss.impl.WssSoapFaultException;
import com.sun.xml.wss.impl.XWSSecurityRuntimeException;
import com.sun.xml.wss.impl.callback.CertificateValidationCallback;
import com.sun.xml.wss.impl.callback.DecryptionKeyCallback;
import com.sun.xml.wss.impl.callback.DynamicPolicyCallback;
import com.sun.xml.wss.impl.callback.EncryptionKeyCallback;
import com.sun.xml.wss.impl.callback.PasswordCallback;
import com.sun.xml.wss.impl.callback.PasswordValidationCallback;
import com.sun.xml.wss.impl.callback.SAMLValidator;
import com.sun.xml.wss.impl.callback.SignatureKeyCallback;
import com.sun.xml.wss.impl.callback.SignatureVerificationKeyCallback;
import com.sun.xml.wss.impl.callback.TimestampValidationCallback;
import com.sun.xml.wss.impl.callback.UsernameCallback;
import com.sun.xml.wss.impl.configuration.DynamicApplicationContext;
import com.sun.xml.wss.impl.policy.mls.AuthenticationTokenPolicy;
import com.sun.xml.wss.logging.LogStringsMessages;
import com.sun.xml.wss.saml.Assertion;
import com.sun.xml.wss.util.XWSSUtil;
import java.math.BigInteger;
import java.security.AccessController;
import java.security.Key;
import java.security.PrivateKey;
import java.security.PrivilegedAction;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Date;
import java.util.GregorianCalendar;
import java.util.Iterator;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.SecretKey;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.security.auth.x500.X500Principal;
import javax.security.auth.x500.X500PrivateCredential;
import javax.xml.namespace.QName;
import javax.xml.stream.XMLStreamReader;
import org.apache.xml.security.exceptions.Base64DecodingException;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSName;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:com/sun/xml/wss/impl/misc/DefaultSecurityEnvironmentImpl.class */
public class DefaultSecurityEnvironmentImpl implements SecurityEnvironment {
    private static final long offset;
    protected static final Logger log;
    private final SimpleDateFormat calendarFormatter1;
    private final SimpleDateFormat calendarFormatter2;
    private CallbackHandler callbackHandler;
    private boolean isDefaultHandler;
    private X509Certificate selfCertificate;
    private Properties configAssertions;
    private long maxNonceAge;
    private String mnaProperty;
    private String JAASLoginModuleForKeystore;
    private Subject loginContextSubjectForKeystore;
    private String keyStoreCBH;
    private CallbackHandler keystoreCbHandlerClass;

    public DefaultSecurityEnvironmentImpl(CallbackHandler callbackHandler) {
        this.calendarFormatter1 = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
        this.calendarFormatter2 = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'.'SSS'Z'");
        this.callbackHandler = null;
        this.isDefaultHandler = false;
        this.selfCertificate = null;
        this.configAssertions = null;
        this.maxNonceAge = 900000L;
        this.mnaProperty = null;
        this.callbackHandler = callbackHandler;
        if (this.callbackHandler instanceof DefaultCallbackHandler) {
            this.isDefaultHandler = true;
        }
    }

    public DefaultSecurityEnvironmentImpl(CallbackHandler callbackHandler, Properties properties) {
        this.calendarFormatter1 = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
        this.calendarFormatter2 = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'.'SSS'Z'");
        this.callbackHandler = null;
        this.isDefaultHandler = false;
        this.selfCertificate = null;
        this.configAssertions = null;
        this.maxNonceAge = 900000L;
        this.mnaProperty = null;
        this.configAssertions = properties;
        this.callbackHandler = callbackHandler;
        if (this.callbackHandler instanceof DefaultCallbackHandler) {
            this.isDefaultHandler = true;
        }
        this.mnaProperty = this.configAssertions.getProperty(DefaultCallbackHandler.MAX_NONCE_AGE_PROPERTY);
        if (this.mnaProperty != null) {
            try {
                this.maxNonceAge = SecurityUtil.toLong(this.mnaProperty);
            } catch (XWSSecurityException e) {
                log.log(Level.FINE, " Exception while converting maxNonceAge config property, Setting MaxNonceAge to Default value {0}", (Object) 900000L);
                this.maxNonceAge = 900000L;
            }
        }
        this.JAASLoginModuleForKeystore = this.configAssertions.getProperty(DefaultCallbackHandler.JAAS_KEYSTORE_LOGIN_MODULE);
        this.keyStoreCBH = this.configAssertions.getProperty(DefaultCallbackHandler.KEYSTORE_CBH);
        this.loginContextSubjectForKeystore = initJAASKeyStoreLoginModule();
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public X509Certificate getDefaultCertificate(Map map) throws XWSSecurityException {
        X509Certificate publicCredentialsFromLCSubject = getPublicCredentialsFromLCSubject();
        if (publicCredentialsFromLCSubject != null) {
            return publicCredentialsFromLCSubject;
        }
        SignatureKeyCallback.DefaultPrivKeyCertRequest defaultPrivKeyCertRequest = new SignatureKeyCallback.DefaultPrivKeyCertRequest();
        SignatureKeyCallback signatureKeyCallback = new SignatureKeyCallback(defaultPrivKeyCertRequest);
        if (map != null) {
            ProcessingContext.copy(signatureKeyCallback.getRuntimeProperties(), map);
        }
        try {
            this.callbackHandler.handle(new Callback[]{signatureKeyCallback});
            X509Certificate x509Certificate = defaultPrivKeyCertRequest.getX509Certificate();
            if (x509Certificate != null) {
                return x509Certificate;
            }
            log.log(Level.SEVERE, LogStringsMessages.WSS_0218_CANNOT_LOCATE_DEFAULT_CERT());
            throw new XWSSecurityException("Unable to locate a default certificate");
        } catch (Exception e) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0216_CALLBACKHANDLER_HANDLE_EXCEPTION("SignatureKeyCallback.DefaultPrivKeyCertRequest"), new Object[]{"SignatureKeyCallback.DefaultPrivKeyCertRequest"});
            log.log(Level.SEVERE, LogStringsMessages.WSS_0217_CALLBACKHANDLER_HANDLE_EXCEPTION_LOG(), (Throwable) e);
            throw new XWSSecurityException(e);
        }
    }

    public SignatureKeyCallback.PrivKeyCertRequest getDefaultPrivKeyCertRequest(Map map) throws XWSSecurityException {
        SignatureKeyCallback.DefaultPrivKeyCertRequest defaultPrivKeyCertRequest = new SignatureKeyCallback.DefaultPrivKeyCertRequest();
        SignatureKeyCallback signatureKeyCallback = new SignatureKeyCallback(defaultPrivKeyCertRequest);
        if (map != null) {
            ProcessingContext.copy(signatureKeyCallback.getRuntimeProperties(), map);
        }
        X500PrivateCredential pKCredentialsFromLCSubject = getPKCredentialsFromLCSubject();
        if (pKCredentialsFromLCSubject != null) {
            defaultPrivKeyCertRequest.setX509Certificate(pKCredentialsFromLCSubject.getCertificate());
            defaultPrivKeyCertRequest.setPrivateKey(pKCredentialsFromLCSubject.getPrivateKey());
            return defaultPrivKeyCertRequest;
        }
        try {
            this.callbackHandler.handle(new Callback[]{signatureKeyCallback});
            return defaultPrivKeyCertRequest;
        } catch (Exception e) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0216_CALLBACKHANDLER_HANDLE_EXCEPTION("SignatureKeyCallback.DefaultPrivKeyCertRequest"), new Object[]{"SignatureKeyCallback.DefaultPrivKeyCertRequest"});
            log.log(Level.SEVERE, LogStringsMessages.WSS_0217_CALLBACKHANDLER_HANDLE_EXCEPTION_LOG(), (Throwable) e);
            throw new XWSSecurityException(e);
        }
    }

    public SignatureKeyCallback.AliasPrivKeyCertRequest getAliasPrivKeyCertRequest(String str) throws XWSSecurityException {
        SignatureKeyCallback.AliasPrivKeyCertRequest aliasPrivKeyCertRequest = new SignatureKeyCallback.AliasPrivKeyCertRequest(str);
        X500PrivateCredential pKCredentialsFromLCSubject = getPKCredentialsFromLCSubject();
        if (pKCredentialsFromLCSubject != null && str.equals(pKCredentialsFromLCSubject.getAlias())) {
            aliasPrivKeyCertRequest.setX509Certificate(pKCredentialsFromLCSubject.getCertificate());
            aliasPrivKeyCertRequest.setPrivateKey(pKCredentialsFromLCSubject.getPrivateKey());
            return aliasPrivKeyCertRequest;
        }
        try {
            this.callbackHandler.handle(new Callback[]{new SignatureKeyCallback(aliasPrivKeyCertRequest)});
            return aliasPrivKeyCertRequest;
        } catch (Exception e) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0216_CALLBACKHANDLER_HANDLE_EXCEPTION("SignatureKeyCallback.AliasPrivKeyCertRequest"), new Object[]{"SignatureKeyCallback.AliasPrivKeyCertRequest"});
            log.log(Level.SEVERE, LogStringsMessages.WSS_0217_CALLBACKHANDLER_HANDLE_EXCEPTION_LOG(), (Throwable) e);
            throw new XWSSecurityException(e);
        }
    }

    public PrivateKey getDefaultPrivateKey(Map map) throws XWSSecurityException {
        X500PrivateCredential pKCredentialsFromLCSubject = getPKCredentialsFromLCSubject();
        if (pKCredentialsFromLCSubject != null) {
            return pKCredentialsFromLCSubject.getPrivateKey();
        }
        SignatureKeyCallback.DefaultPrivKeyCertRequest defaultPrivKeyCertRequest = new SignatureKeyCallback.DefaultPrivKeyCertRequest();
        SignatureKeyCallback signatureKeyCallback = new SignatureKeyCallback(defaultPrivKeyCertRequest);
        if (map != null) {
            ProcessingContext.copy(signatureKeyCallback.getRuntimeProperties(), map);
        }
        try {
            this.callbackHandler.handle(new Callback[]{signatureKeyCallback});
            PrivateKey privateKey = defaultPrivKeyCertRequest.getPrivateKey();
            if (privateKey != null) {
                return privateKey;
            }
            log.log(Level.SEVERE, LogStringsMessages.WSS_0219_CANNOT_LOCATE_DEFAULT_PRIVKEY());
            throw new XWSSecurityException("Unable to locate a default certificate");
        } catch (Exception e) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0216_CALLBACKHANDLER_HANDLE_EXCEPTION("SignatureKeyCallback.DefaultPrivKeyCertRequest"), new Object[]{"SignatureKeyCallback.DefaultPrivKeyCertRequest"});
            log.log(Level.SEVERE, LogStringsMessages.WSS_0217_CALLBACKHANDLER_HANDLE_EXCEPTION_LOG(), (Throwable) e);
            throw new XWSSecurityException(e);
        }
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public SecretKey getSecretKey(Map map, String str, boolean z) throws XWSSecurityException {
        SecretKey symmetricKey;
        if (z) {
            EncryptionKeyCallback.AliasSymmetricKeyRequest aliasSymmetricKeyRequest = new EncryptionKeyCallback.AliasSymmetricKeyRequest(str);
            EncryptionKeyCallback encryptionKeyCallback = new EncryptionKeyCallback(aliasSymmetricKeyRequest);
            ProcessingContext.copy(encryptionKeyCallback.getRuntimeProperties(), map);
            try {
                this.callbackHandler.handle(new Callback[]{encryptionKeyCallback});
                symmetricKey = aliasSymmetricKeyRequest.getSymmetricKey();
            } catch (Exception e) {
                log.log(Level.SEVERE, LogStringsMessages.WSS_0216_CALLBACKHANDLER_HANDLE_EXCEPTION("EncryptionKeyCallback.AliasSymmetricKeyRequest"), new Object[]{"EncryptionKeyCallback.AliasSymmetricKeyRequest"});
                log.log(Level.SEVERE, LogStringsMessages.WSS_0217_CALLBACKHANDLER_HANDLE_EXCEPTION_LOG(), (Throwable) e);
                throw new XWSSecurityException(e);
            }
        } else {
            DecryptionKeyCallback.AliasSymmetricKeyRequest aliasSymmetricKeyRequest2 = new DecryptionKeyCallback.AliasSymmetricKeyRequest(str);
            DecryptionKeyCallback decryptionKeyCallback = new DecryptionKeyCallback(aliasSymmetricKeyRequest2);
            ProcessingContext.copy(decryptionKeyCallback.getRuntimeProperties(), map);
            try {
                this.callbackHandler.handle(new Callback[]{decryptionKeyCallback});
                symmetricKey = aliasSymmetricKeyRequest2.getSymmetricKey();
            } catch (Exception e2) {
                log.log(Level.SEVERE, LogStringsMessages.WSS_0216_CALLBACKHANDLER_HANDLE_EXCEPTION("DecryptionKeyCallback.AliasSymmetricKeyRequest"), new Object[]{"DecryptionKeyCallback.AliasSymmetricKeyRequest"});
                log.log(Level.SEVERE, LogStringsMessages.WSS_0217_CALLBACKHANDLER_HANDLE_EXCEPTION_LOG(), (Throwable) e2);
                throw new XWSSecurityException(e2);
            }
        }
        if (symmetricKey != null) {
            return symmetricKey;
        }
        log.log(Level.SEVERE, LogStringsMessages.WSS_0220_CANNOT_LOCATE_SYMMETRICKEY_FOR_DECRYPT());
        throw new XWSSecurityException("Could not locate the symmetric key for alias '" + str + "'");
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public X509Certificate getCertificate(Map map, String str, boolean z) throws XWSSecurityException {
        X509Certificate x509Certificate;
        if (str == null || (MessageConstants.EMPTY_STRING.equals(str) && z)) {
            return getDefaultCertificate(map);
        }
        X509Certificate publicCredentialsFromLCSubject = getPublicCredentialsFromLCSubject();
        if (publicCredentialsFromLCSubject != null) {
            return publicCredentialsFromLCSubject;
        }
        if (z) {
            SignatureKeyCallback.AliasPrivKeyCertRequest aliasPrivKeyCertRequest = new SignatureKeyCallback.AliasPrivKeyCertRequest(str);
            SignatureKeyCallback signatureKeyCallback = new SignatureKeyCallback(aliasPrivKeyCertRequest);
            ProcessingContext.copy(signatureKeyCallback.getRuntimeProperties(), map);
            try {
                this.callbackHandler.handle(new Callback[]{signatureKeyCallback});
                x509Certificate = aliasPrivKeyCertRequest.getX509Certificate();
            } catch (Exception e) {
                log.log(Level.SEVERE, LogStringsMessages.WSS_0216_CALLBACKHANDLER_HANDLE_EXCEPTION("SignatureKeyCallback.AliasPrivKeyCertRequest"), new Object[]{"SignatureKeyCallback.AliasPrivKeyCertRequest"});
                log.log(Level.SEVERE, LogStringsMessages.WSS_0217_CALLBACKHANDLER_HANDLE_EXCEPTION_LOG(), (Throwable) e);
                throw new XWSSecurityException(e);
            }
        } else {
            EncryptionKeyCallback.AliasX509CertificateRequest aliasX509CertificateRequest = new EncryptionKeyCallback.AliasX509CertificateRequest(str);
            EncryptionKeyCallback encryptionKeyCallback = new EncryptionKeyCallback(aliasX509CertificateRequest);
            ProcessingContext.copy(encryptionKeyCallback.getRuntimeProperties(), map);
            try {
                this.callbackHandler.handle(new Callback[]{encryptionKeyCallback});
                x509Certificate = aliasX509CertificateRequest.getX509Certificate();
            } catch (Exception e2) {
                log.log(Level.SEVERE, LogStringsMessages.WSS_0216_CALLBACKHANDLER_HANDLE_EXCEPTION("EncryptionKeyCallback.AliasX509CertificateRequest"), new Object[]{"EncryptionKeyCallback.AliasX509CertificateRequest"});
                log.log(Level.SEVERE, LogStringsMessages.WSS_0217_CALLBACKHANDLER_HANDLE_EXCEPTION_LOG(), (Throwable) e2);
                throw new XWSSecurityException(e2);
            }
        }
        if (x509Certificate != null) {
            return x509Certificate;
        }
        String str2 = z ? "Signature" : "Key Encryption";
        log.log(Level.SEVERE, LogStringsMessages.WSS_0221_CANNOT_LOCATE_CERT(str2), new Object[]{str2});
        throw new XWSSecurityException("Unable to locate certificate for the alias '" + str + "'");
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public X509Certificate getCertificate(Map map, PublicKey publicKey, boolean z) throws XWSSecurityException {
        X509Certificate publicCredentialsFromLCSubject = getPublicCredentialsFromLCSubject();
        if (publicCredentialsFromLCSubject != null && publicCredentialsFromLCSubject.getPublicKey().equals(publicKey)) {
            return publicCredentialsFromLCSubject;
        }
        if (z) {
            EncryptionKeyCallback.PublicKeyBasedRequest publicKeyBasedRequest = new EncryptionKeyCallback.PublicKeyBasedRequest(publicKey);
            EncryptionKeyCallback encryptionKeyCallback = new EncryptionKeyCallback(publicKeyBasedRequest);
            ProcessingContext.copy(encryptionKeyCallback.getRuntimeProperties(), map);
            try {
                this.callbackHandler.handle(new Callback[]{encryptionKeyCallback});
            } catch (UnsupportedCallbackException e) {
            } catch (Exception e2) {
                log.log(Level.SEVERE, LogStringsMessages.WSS_0216_CALLBACKHANDLER_HANDLE_EXCEPTION("EncryptionKeyCallback.PublicKeyBasedRequest"), new Object[]{"EncryptionKeyCallback.PublicKeyBasedRequest"});
                log.log(Level.SEVERE, LogStringsMessages.WSS_0217_CALLBACKHANDLER_HANDLE_EXCEPTION_LOG(), (Throwable) e2);
                throw new XWSSecurityException(e2);
            }
            return publicKeyBasedRequest.getX509Certificate();
        }
        SignatureVerificationKeyCallback.PublicKeyBasedRequest publicKeyBasedRequest2 = new SignatureVerificationKeyCallback.PublicKeyBasedRequest(publicKey);
        SignatureVerificationKeyCallback signatureVerificationKeyCallback = new SignatureVerificationKeyCallback(publicKeyBasedRequest2);
        ProcessingContext.copy(signatureVerificationKeyCallback.getRuntimeProperties(), map);
        try {
            this.callbackHandler.handle(new Callback[]{signatureVerificationKeyCallback});
        } catch (UnsupportedCallbackException e3) {
        } catch (Exception e4) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0216_CALLBACKHANDLER_HANDLE_EXCEPTION("SignatureVerificationKeyCallback.PublicKeyBasedRequest"), new Object[]{"SignatureVerificationKeyCallback.PublicKeyBasedRequest"});
            log.log(Level.SEVERE, LogStringsMessages.WSS_0217_CALLBACKHANDLER_HANDLE_EXCEPTION_LOG(), (Throwable) e4);
            throw new XWSSecurityException(e4);
        }
        return publicKeyBasedRequest2.getX509Certificate();
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public PrivateKey getPrivateKey(Map map, String str) throws XWSSecurityException {
        if (str == null) {
            return getDefaultPrivateKey(map);
        }
        X500PrivateCredential pKCredentialsFromLCSubject = getPKCredentialsFromLCSubject();
        if (pKCredentialsFromLCSubject != null && pKCredentialsFromLCSubject.getAlias().equals(str)) {
            return pKCredentialsFromLCSubject.getPrivateKey();
        }
        SignatureKeyCallback.AliasPrivKeyCertRequest aliasPrivKeyCertRequest = new SignatureKeyCallback.AliasPrivKeyCertRequest(str);
        SignatureKeyCallback signatureKeyCallback = new SignatureKeyCallback(aliasPrivKeyCertRequest);
        ProcessingContext.copy(signatureKeyCallback.getRuntimeProperties(), map);
        try {
            this.callbackHandler.handle(new Callback[]{signatureKeyCallback});
            PrivateKey privateKey = aliasPrivKeyCertRequest.getPrivateKey();
            if (privateKey != null) {
                return privateKey;
            }
            log.log(Level.SEVERE, LogStringsMessages.WSS_0222_CANNOT_LOCATE_PRIVKEY(str), new Object[]{str});
            throw new XWSSecurityException("Unable to locate private key for the alias " + str);
        } catch (Exception e) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0216_CALLBACKHANDLER_HANDLE_EXCEPTION("SignatureKeyCallback.AliasPrivKeyCertRequest"), new Object[]{"SignatureKeyCallback.AliasPrivKeyCertRequest"});
            log.log(Level.SEVERE, LogStringsMessages.WSS_0217_CALLBACKHANDLER_HANDLE_EXCEPTION_LOG(), (Throwable) e);
            throw new XWSSecurityException(e);
        }
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public PrivateKey getPrivateKey(Map map, byte[] bArr, String str) throws XWSSecurityException {
        if ("Identifier".equals(str)) {
            return getPrivateKey(map, bArr);
        }
        X500PrivateCredential pKCredentialsFromLCSubject = getPKCredentialsFromLCSubject();
        if (pKCredentialsFromLCSubject != null) {
            try {
                if (matchesThumbPrint(Base64.decode(bArr), pKCredentialsFromLCSubject.getCertificate())) {
                    return pKCredentialsFromLCSubject.getPrivateKey();
                }
            } catch (Exception e) {
                log.log(Level.SEVERE, (String) null, (Throwable) e);
                throw new XWSSecurityException(e);
            }
        }
        DecryptionKeyCallback.ThumbprintBasedRequest thumbprintBasedRequest = new DecryptionKeyCallback.ThumbprintBasedRequest(bArr);
        DecryptionKeyCallback decryptionKeyCallback = new DecryptionKeyCallback(thumbprintBasedRequest);
        ProcessingContext.copy(decryptionKeyCallback.getRuntimeProperties(), map);
        try {
            this.callbackHandler.handle(new Callback[]{decryptionKeyCallback});
            PrivateKey privateKey = thumbprintBasedRequest.getPrivateKey();
            if (privateKey != null) {
                return privateKey;
            }
            log.log(Level.SEVERE, LogStringsMessages.WSS_0222_CANNOT_LOCATE_PRIVKEY(bArr), new Object[]{bArr});
            throw new XWSSecurityException("No Matching private key for " + Base64.encode(bArr) + " thumb print identifier found");
        } catch (Exception e2) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0216_CALLBACKHANDLER_HANDLE_EXCEPTION("DecryptionKeyCallback.ThumbprintBasedRequest"), new Object[]{"DecryptionKeyCallback.ThumbprintBasedRequest"});
            log.log(Level.SEVERE, LogStringsMessages.WSS_0217_CALLBACKHANDLER_HANDLE_EXCEPTION_LOG(), (Throwable) e2);
            throw new XWSSecurityException(e2);
        }
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public PrivateKey getPrivateKey(Map map, byte[] bArr) throws XWSSecurityException {
        X500PrivateCredential pKCredentialsFromLCSubject = getPKCredentialsFromLCSubject();
        if (pKCredentialsFromLCSubject != null) {
            try {
                if (matchesKeyIdentifier(Base64.decode(bArr), pKCredentialsFromLCSubject.getCertificate())) {
                    return pKCredentialsFromLCSubject.getPrivateKey();
                }
            } catch (Base64DecodingException e) {
                log.log(Level.SEVERE, (String) null, e);
                throw new XWSSecurityException(e);
            }
        }
        DecryptionKeyCallback.X509SubjectKeyIdentifierBasedRequest x509SubjectKeyIdentifierBasedRequest = new DecryptionKeyCallback.X509SubjectKeyIdentifierBasedRequest(bArr);
        DecryptionKeyCallback decryptionKeyCallback = new DecryptionKeyCallback(x509SubjectKeyIdentifierBasedRequest);
        ProcessingContext.copy(decryptionKeyCallback.getRuntimeProperties(), map);
        try {
            this.callbackHandler.handle(new Callback[]{decryptionKeyCallback});
            PrivateKey privateKey = x509SubjectKeyIdentifierBasedRequest.getPrivateKey();
            if (privateKey != null) {
                return privateKey;
            }
            log.log(Level.SEVERE, LogStringsMessages.WSS_0222_CANNOT_LOCATE_PRIVKEY(bArr), new Object[]{bArr});
            throw new XWSSecurityException("No Matching private key for " + Base64.encode(bArr) + " subject key identifier found");
        } catch (Exception e2) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0216_CALLBACKHANDLER_HANDLE_EXCEPTION("DecryptionKeyCallback.X509SubjectKeyIdentifierBasedRequest"), new Object[]{"DecryptionKeyCallback.X509SubjectKeyIdentifierBasedRequest"});
            log.log(Level.SEVERE, LogStringsMessages.WSS_0217_CALLBACKHANDLER_HANDLE_EXCEPTION_LOG(), (Throwable) e2);
            throw new XWSSecurityException(e2);
        }
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public PrivateKey getPrivateKey(Map map, BigInteger bigInteger, String str) throws XWSSecurityException {
        X500PrivateCredential pKCredentialsFromLCSubject = getPKCredentialsFromLCSubject();
        if (pKCredentialsFromLCSubject != null) {
            X509Certificate certificate = pKCredentialsFromLCSubject.getCertificate();
            BigInteger serialNumber = certificate.getSerialNumber();
            X500Principal issuerX500Principal = certificate.getIssuerX500Principal();
            X500Principal x500Principal = new X500Principal(str);
            if (serialNumber.equals(bigInteger) && issuerX500Principal.equals(x500Principal)) {
                return pKCredentialsFromLCSubject.getPrivateKey();
            }
        }
        DecryptionKeyCallback.X509IssuerSerialBasedRequest x509IssuerSerialBasedRequest = new DecryptionKeyCallback.X509IssuerSerialBasedRequest(str, bigInteger);
        DecryptionKeyCallback decryptionKeyCallback = new DecryptionKeyCallback(x509IssuerSerialBasedRequest);
        ProcessingContext.copy(decryptionKeyCallback.getRuntimeProperties(), map);
        try {
            this.callbackHandler.handle(new Callback[]{decryptionKeyCallback});
            PrivateKey privateKey = x509IssuerSerialBasedRequest.getPrivateKey();
            if (privateKey != null) {
                return privateKey;
            }
            log.log(Level.SEVERE, LogStringsMessages.WSS_0222_CANNOT_LOCATE_PRIVKEY(bigInteger + ":" + str), new Object[]{bigInteger + ":" + str});
            throw new XWSSecurityException("No Matching private key for serial number " + bigInteger + " and issuer name " + str + " found");
        } catch (Exception e) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0216_CALLBACKHANDLER_HANDLE_EXCEPTION("DecryptionKeyCallback.X509IssuerSerialBasedRequest"), new Object[]{"DecryptionKeyCallback.X509IssuerSerialBasedRequest"});
            log.log(Level.SEVERE, LogStringsMessages.WSS_0217_CALLBACKHANDLER_HANDLE_EXCEPTION_LOG(), (Throwable) e);
            throw new XWSSecurityException(e);
        }
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public PublicKey getPublicKey(Map map, byte[] bArr, String str) throws XWSSecurityException {
        return getCertificate(map, bArr, str).getPublicKey();
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public PublicKey getPublicKey(Map map, byte[] bArr) throws XWSSecurityException {
        return getCertificate(map, bArr).getPublicKey();
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public X509Certificate getCertificate(Map map, byte[] bArr, String str) throws XWSSecurityException {
        if ("Identifier".equals(str)) {
            return getCertificate(map, bArr);
        }
        X509Certificate publicCredentialsFromLCSubject = getPublicCredentialsFromLCSubject();
        if (publicCredentialsFromLCSubject != null) {
            try {
                if (matchesThumbPrint(Base64.decode(bArr), publicCredentialsFromLCSubject)) {
                    return publicCredentialsFromLCSubject;
                }
            } catch (Base64DecodingException e) {
                log.log(Level.SEVERE, LogStringsMessages.WSS_0816_BASE_64_DECODING_ERROR(), e);
                throw new XWSSecurityException(e);
            }
        }
        SignatureVerificationKeyCallback.ThumbprintBasedRequest thumbprintBasedRequest = new SignatureVerificationKeyCallback.ThumbprintBasedRequest(bArr);
        SignatureVerificationKeyCallback signatureVerificationKeyCallback = new SignatureVerificationKeyCallback(thumbprintBasedRequest);
        ProcessingContext.copy(signatureVerificationKeyCallback.getRuntimeProperties(), map);
        try {
            this.callbackHandler.handle(new Callback[]{signatureVerificationKeyCallback});
            X509Certificate x509Certificate = thumbprintBasedRequest.getX509Certificate();
            if (x509Certificate != null) {
                return x509Certificate;
            }
            log.log(Level.SEVERE, LogStringsMessages.WSS_0221_CANNOT_LOCATE_CERT(bArr), new Object[]{bArr});
            throw new XWSSecurityException("No Matching public key for " + Base64.encode(bArr) + " thumb print identifier found");
        } catch (Exception e2) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0216_CALLBACKHANDLER_HANDLE_EXCEPTION("SignatureVerificationKeyCallback.ThumbprintBasedRequest"), new Object[]{"SignatureVerificationKeyCallback.ThumbprintBasedRequest"});
            log.log(Level.SEVERE, LogStringsMessages.WSS_0217_CALLBACKHANDLER_HANDLE_EXCEPTION_LOG(), (Throwable) e2);
            throw new XWSSecurityException(e2);
        }
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public X509Certificate getCertificate(Map map, byte[] bArr) throws XWSSecurityException {
        X509Certificate publicCredentialsFromLCSubject = getPublicCredentialsFromLCSubject();
        if (publicCredentialsFromLCSubject != null) {
            try {
                if (matchesKeyIdentifier(Base64.decode(bArr), publicCredentialsFromLCSubject)) {
                    return publicCredentialsFromLCSubject;
                }
            } catch (Base64DecodingException e) {
                log.log(Level.SEVERE, LogStringsMessages.WSS_0816_BASE_64_DECODING_ERROR(), e);
                throw new XWSSecurityException(e);
            }
        }
        SignatureVerificationKeyCallback.X509SubjectKeyIdentifierBasedRequest x509SubjectKeyIdentifierBasedRequest = new SignatureVerificationKeyCallback.X509SubjectKeyIdentifierBasedRequest(bArr);
        SignatureVerificationKeyCallback signatureVerificationKeyCallback = new SignatureVerificationKeyCallback(x509SubjectKeyIdentifierBasedRequest);
        ProcessingContext.copy(signatureVerificationKeyCallback.getRuntimeProperties(), map);
        try {
            this.callbackHandler.handle(new Callback[]{signatureVerificationKeyCallback});
            X509Certificate x509Certificate = x509SubjectKeyIdentifierBasedRequest.getX509Certificate();
            if (x509Certificate != null) {
                return x509Certificate;
            }
            log.log(Level.SEVERE, LogStringsMessages.WSS_0221_CANNOT_LOCATE_CERT(bArr), new Object[]{bArr});
            throw new XWSSecurityException("No Matching public key for " + Base64.encode(bArr) + " subject key identifier found");
        } catch (Exception e2) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0216_CALLBACKHANDLER_HANDLE_EXCEPTION("SignatureVerificationKeyCallback.X509SubjectKeyIdentifierBasedRequest"), new Object[]{"SignatureVerificationKeyCallback.X509SubjectKeyIdentifierBasedRequest"});
            log.log(Level.SEVERE, LogStringsMessages.WSS_0217_CALLBACKHANDLER_HANDLE_EXCEPTION_LOG(), (Throwable) e2);
            throw new XWSSecurityException(e2);
        }
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public PublicKey getPublicKey(Map map, BigInteger bigInteger, String str) throws XWSSecurityException {
        return getCertificate(map, bigInteger, str).getPublicKey();
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public X509Certificate getCertificate(Map map, BigInteger bigInteger, String str) throws XWSSecurityException {
        X509Certificate publicCredentialsFromLCSubject = getPublicCredentialsFromLCSubject();
        if (publicCredentialsFromLCSubject != null) {
            BigInteger serialNumber = publicCredentialsFromLCSubject.getSerialNumber();
            X500Principal issuerX500Principal = publicCredentialsFromLCSubject.getIssuerX500Principal();
            X500Principal x500Principal = new X500Principal(str);
            if (serialNumber.equals(bigInteger) && issuerX500Principal.equals(x500Principal)) {
                return publicCredentialsFromLCSubject;
            }
        }
        SignatureVerificationKeyCallback.X509IssuerSerialBasedRequest x509IssuerSerialBasedRequest = new SignatureVerificationKeyCallback.X509IssuerSerialBasedRequest(str, bigInteger);
        SignatureVerificationKeyCallback signatureVerificationKeyCallback = new SignatureVerificationKeyCallback(x509IssuerSerialBasedRequest);
        ProcessingContext.copy(signatureVerificationKeyCallback.getRuntimeProperties(), map);
        try {
            this.callbackHandler.handle(new Callback[]{signatureVerificationKeyCallback});
            X509Certificate x509Certificate = x509IssuerSerialBasedRequest.getX509Certificate();
            if (x509Certificate != null) {
                return x509Certificate;
            }
            log.log(Level.SEVERE, LogStringsMessages.WSS_0221_CANNOT_LOCATE_CERT(bigInteger + ":" + str), new Object[]{bigInteger + ":" + str});
            throw new XWSSecurityException("No Matching public key for serial number " + bigInteger + " and issuer name " + str + " found");
        } catch (Exception e) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0216_CALLBACKHANDLER_HANDLE_EXCEPTION("SignatureVerificationKeyCallback.X509IssuerSerialBasedRequest"), new Object[]{"SignatureVerificationKeyCallback.X509IssuerSerialBasedRequest"});
            log.log(Level.SEVERE, LogStringsMessages.WSS_0217_CALLBACKHANDLER_HANDLE_EXCEPTION_LOG(), (Throwable) e);
            throw new XWSSecurityException(e);
        }
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public boolean validateCertificate(X509Certificate x509Certificate, Map map) {
        CertificateValidationCallback certificateValidationCallback = new CertificateValidationCallback(x509Certificate, map);
        try {
            this.callbackHandler.handle(new Callback[]{certificateValidationCallback});
            if (log.isLoggable(Level.FINE)) {
                log.log(Level.FINE, "Certificate Validation called on certificate {0}", x509Certificate.getSubjectDN());
            }
            return certificateValidationCallback.getResult();
        } catch (Exception e) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0223_FAILED_CERTIFICATE_VALIDATION());
            throw newSOAPFaultException(MessageConstants.WSSE_INVALID_SECURITY_TOKEN, "Certificate validation failed", e);
        }
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public void updateOtherPartySubject(Subject subject, String str, String str2) {
    }

    private X500PrivateCredential getPKCredentialsFromLCSubject() {
        Set privateCredentials;
        if (this.loginContextSubjectForKeystore == null || (privateCredentials = this.loginContextSubjectForKeystore.getPrivateCredentials(X500PrivateCredential.class)) == null) {
            return null;
        }
        Iterator it = privateCredentials.iterator();
        if (it.hasNext()) {
            return (X500PrivateCredential) it.next();
        }
        return null;
    }

    private X509Certificate getPublicCredentialsFromLCSubject() {
        X500PrivateCredential pKCredentialsFromLCSubject = getPKCredentialsFromLCSubject();
        if (pKCredentialsFromLCSubject != null) {
            return pKCredentialsFromLCSubject.getCertificate();
        }
        return null;
    }

    private Subject initJAASKeyStoreLoginModule() {
        LoginContext loginContext;
        if (this.JAASLoginModuleForKeystore == null) {
            return null;
        }
        try {
            if (this.keyStoreCBH != null) {
                this.keystoreCbHandlerClass = (CallbackHandler) loadClass(this.keyStoreCBH).newInstance();
                loginContext = new LoginContext(this.JAASLoginModuleForKeystore, this.keystoreCbHandlerClass);
            } else {
                loginContext = new LoginContext(this.JAASLoginModuleForKeystore);
            }
            loginContext.login();
            return loginContext.getSubject();
        } catch (XWSSecurityException e) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0817_KEYSTORE_LOGIN_MODULE_LOGIN_ERROR(), e);
            throw new XWSSecurityRuntimeException(e);
        } catch (IllegalAccessException e2) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0817_KEYSTORE_LOGIN_MODULE_LOGIN_ERROR(), (Throwable) e2);
            throw new XWSSecurityRuntimeException(e2);
        } catch (InstantiationException e3) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0817_KEYSTORE_LOGIN_MODULE_LOGIN_ERROR(), (Throwable) e3);
            throw new XWSSecurityRuntimeException(e3);
        } catch (LoginException e4) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0817_KEYSTORE_LOGIN_MODULE_LOGIN_ERROR(), (Throwable) e4);
            throw new XWSSecurityRuntimeException(e4);
        }
    }

    private boolean matchesKeyIdentifier(byte[] bArr, X509Certificate x509Certificate) throws XWSSecurityException {
        byte[] subjectKeyIdentifier = X509SubjectKeyIdentifier.getSubjectKeyIdentifier(x509Certificate);
        return subjectKeyIdentifier != null && Arrays.equals(bArr, subjectKeyIdentifier);
    }

    private boolean matchesThumbPrint(byte[] bArr, X509Certificate x509Certificate) throws XWSSecurityException {
        byte[] thumbprintIdentifier = XWSSUtil.getThumbprintIdentifier(x509Certificate);
        return thumbprintIdentifier != null && Arrays.equals(bArr, thumbprintIdentifier);
    }

    private void updateUsernameInSubject(final Subject subject, final String str, String str2) {
        AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl.1
            @Override // java.security.PrivilegedAction
            public Object run() {
                try {
                    subject.getPrincipals().add(new X500Principal("CN=" + str));
                } catch (Throwable th) {
                }
                subject.getPublicCredentials().add(str);
                return null;
            }
        });
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public void updateOtherPartySubject(final Subject subject, final X509Certificate x509Certificate) {
        AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl.2
            @Override // java.security.PrivilegedAction
            public Object run() {
                subject.getPrincipals().add(x509Certificate.getSubjectX500Principal());
                subject.getPublicCredentials().add(x509Certificate);
                return null;
            }
        });
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public void updateOtherPartySubject(final Subject subject, final Assertion assertion) {
        if ((this.callbackHandler instanceof DefaultCallbackHandler) && (((DefaultCallbackHandler) this.callbackHandler).getSAMLValidator() instanceof SAMLValidator)) {
            return;
        }
        AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl.3
            @Override // java.security.PrivilegedAction
            public Object run() {
                subject.getPublicCredentials().add(assertion);
                return null;
            }
        });
    }

    public void updateOtherPartySubject(Subject subject, Key key) {
    }

    public void updateOtherPartySubject(Subject subject, String str) {
    }

    public static Subject getSubject(final Map map) {
        Subject subject = (Subject) map.get(MessageConstants.AUTH_SUBJECT);
        return subject != null ? subject : (Subject) AccessController.doPrivileged(new PrivilegedAction<Subject>() { // from class: com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl.4
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Subject run() {
                Subject subject2 = new Subject();
                map.put(MessageConstants.AUTH_SUBJECT, subject2);
                return subject2;
            }
        });
    }

    public static Subject getSubject(final FilterProcessingContext filterProcessingContext) {
        Subject subject = (Subject) filterProcessingContext.getExtraneousProperty(MessageConstants.AUTH_SUBJECT);
        return subject != null ? subject : (Subject) AccessController.doPrivileged(new PrivilegedAction<Subject>() { // from class: com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl.5
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Subject run() {
                Subject subject2 = new Subject();
                FilterProcessingContext.this.setExtraneousProperty(MessageConstants.AUTH_SUBJECT, subject2);
                return subject2;
            }
        });
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public PrivateKey getPrivateKey(Map map, X509Certificate x509Certificate) throws XWSSecurityException {
        X500PrivateCredential pKCredentialsFromLCSubject = getPKCredentialsFromLCSubject();
        if (pKCredentialsFromLCSubject != null && pKCredentialsFromLCSubject.getCertificate().equals(x509Certificate)) {
            return pKCredentialsFromLCSubject.getPrivateKey();
        }
        DecryptionKeyCallback.X509CertificateBasedRequest x509CertificateBasedRequest = new DecryptionKeyCallback.X509CertificateBasedRequest(x509Certificate);
        DecryptionKeyCallback decryptionKeyCallback = new DecryptionKeyCallback(x509CertificateBasedRequest);
        ProcessingContext.copy(decryptionKeyCallback.getRuntimeProperties(), map);
        try {
            this.callbackHandler.handle(new Callback[]{decryptionKeyCallback});
            PrivateKey privateKey = x509CertificateBasedRequest.getPrivateKey();
            if (privateKey != null) {
                return privateKey;
            }
            log.log(Level.SEVERE, LogStringsMessages.WSS_0222_CANNOT_LOCATE_PRIVKEY("given certificate"), new Object[]{"given certificate"});
            throw new XWSSecurityException("Could not retrieve private Key matching the given certificate");
        } catch (Exception e) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0216_CALLBACKHANDLER_HANDLE_EXCEPTION("DecryptionKeyCallback.X509CertificateBasedRequest"), new Object[]{"DecryptionKeyCallback.X509CertificateBasedRequest"});
            log.log(Level.SEVERE, LogStringsMessages.WSS_0217_CALLBACKHANDLER_HANDLE_EXCEPTION_LOG(), (Throwable) e);
            throw new XWSSecurityException(e);
        }
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public PrivateKey getPrivateKey(Map map, PublicKey publicKey, boolean z) throws XWSSecurityException {
        X500PrivateCredential pKCredentialsFromLCSubject = getPKCredentialsFromLCSubject();
        if (pKCredentialsFromLCSubject != null && pKCredentialsFromLCSubject.getCertificate().getPublicKey().equals(publicKey)) {
            return pKCredentialsFromLCSubject.getPrivateKey();
        }
        if (z) {
            SignatureKeyCallback.PublicKeyBasedPrivKeyCertRequest publicKeyBasedPrivKeyCertRequest = new SignatureKeyCallback.PublicKeyBasedPrivKeyCertRequest(publicKey);
            SignatureKeyCallback signatureKeyCallback = new SignatureKeyCallback(publicKeyBasedPrivKeyCertRequest);
            ProcessingContext.copy(signatureKeyCallback.getRuntimeProperties(), map);
            try {
                this.callbackHandler.handle(new Callback[]{signatureKeyCallback});
                return publicKeyBasedPrivKeyCertRequest.getPrivateKey();
            } catch (Exception e) {
                log.log(Level.SEVERE, LogStringsMessages.WSS_0216_CALLBACKHANDLER_HANDLE_EXCEPTION("SignatureKeyCallback.PublicKeyBasedPrivKeyCertRequest"), new Object[]{"SignatureKeyCallback.PublicKeyBasedPrivKeyCertRequest"});
                log.log(Level.SEVERE, LogStringsMessages.WSS_0217_CALLBACKHANDLER_HANDLE_EXCEPTION_LOG(), (Throwable) e);
                throw new XWSSecurityException(e);
            }
        }
        DecryptionKeyCallback.PublicKeyBasedPrivKeyRequest publicKeyBasedPrivKeyRequest = new DecryptionKeyCallback.PublicKeyBasedPrivKeyRequest(publicKey);
        DecryptionKeyCallback decryptionKeyCallback = new DecryptionKeyCallback(publicKeyBasedPrivKeyRequest);
        ProcessingContext.copy(decryptionKeyCallback.getRuntimeProperties(), map);
        try {
            this.callbackHandler.handle(new Callback[]{decryptionKeyCallback});
            return publicKeyBasedPrivKeyRequest.getPrivateKey();
        } catch (Exception e2) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0216_CALLBACKHANDLER_HANDLE_EXCEPTION("DecryptionKeyCallback.PublicKeyBasedPrivKeyRequest"), new Object[]{"DecryptionKeyCallback.PublicKeyBasedPrivKeyRequest"});
            log.log(Level.SEVERE, LogStringsMessages.WSS_0217_CALLBACKHANDLER_HANDLE_EXCEPTION_LOG(), (Throwable) e2);
            throw new XWSSecurityException(e2);
        }
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public Subject getSubject() {
        log.log(Level.SEVERE, LogStringsMessages.WSS_0224_UNSUPPORTED_ASSOCIATED_SUBJECT());
        throw new UnsupportedOperationException("This environment does not have an associated Subject");
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public boolean authenticateUser(Map map, String str, String str2, String str3, String str4) throws XWSSecurityException {
        boolean authenticate;
        PasswordValidationCallback passwordValidationCallback = new PasswordValidationCallback(new PasswordValidationCallback.DigestPasswordRequest(str, str2, str3, str4));
        ProcessingContext.copy(passwordValidationCallback.getRuntimeProperties(), map);
        try {
            this.callbackHandler.handle(new Callback[]{passwordValidationCallback});
            RealmAuthenticationAdapter realmAuthenticationAdapter = passwordValidationCallback.getRealmAuthenticationAdapter();
            if (passwordValidationCallback.getValidator() != null) {
                authenticate = passwordValidationCallback.getResult();
                if (authenticate) {
                    updateUsernameInSubject(getSubject(map), str, null);
                }
            } else {
                if (realmAuthenticationAdapter == null) {
                    log.log(Level.SEVERE, LogStringsMessages.WSS_0295_PASSWORD_VAL_NOT_CONFIG_USERNAME_VAL());
                    throw new XWSSecurityException("Error: No PasswordValidator Configured for UsernameToken Validation");
                }
                authenticate = realmAuthenticationAdapter.authenticate(getSubject(map), str, str2, str3, str4, map);
            }
            if (log.isLoggable(Level.FINE)) {
                log.log(Level.FINE, "Username Authentication done for {0}", str);
            }
            return authenticate;
        } catch (Exception e) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0225_FAILED_PASSWORD_VALIDATION_CALLBACK(), (Throwable) e);
            throw new XWSSecurityException(e);
        }
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public boolean authenticateUser(Map map, String str, String str2) throws XWSSecurityException {
        boolean authenticate;
        PasswordValidationCallback passwordValidationCallback = new PasswordValidationCallback(new PasswordValidationCallback.PlainTextPasswordRequest(str, str2));
        ProcessingContext.copy(passwordValidationCallback.getRuntimeProperties(), map);
        try {
            this.callbackHandler.handle(new Callback[]{passwordValidationCallback});
            RealmAuthenticationAdapter realmAuthenticationAdapter = passwordValidationCallback.getRealmAuthenticationAdapter();
            if (passwordValidationCallback.getValidator() != null) {
                authenticate = passwordValidationCallback.getResult();
                if (authenticate) {
                    updateUsernameInSubject(getSubject(map), str, str2);
                }
            } else {
                if (realmAuthenticationAdapter == null) {
                    log.log(Level.SEVERE, LogStringsMessages.WSS_0295_PASSWORD_VAL_NOT_CONFIG_USERNAME_VAL());
                    throw new XWSSecurityException("Error: No PasswordValidator Configured for UsernameToken Validation");
                }
                authenticate = realmAuthenticationAdapter.authenticate(getSubject(map), str, str2, map);
            }
            return authenticate;
        } catch (Exception e) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0225_FAILED_PASSWORD_VALIDATION_CALLBACK(), (Throwable) e);
            throw new XWSSecurityException(e);
        }
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public String authenticateUser(Map map, String str) throws XWSSecurityException {
        PasswordValidationCallback.DerivedKeyPasswordRequest derivedKeyPasswordRequest = new PasswordValidationCallback.DerivedKeyPasswordRequest(str);
        PasswordValidationCallback passwordValidationCallback = new PasswordValidationCallback(derivedKeyPasswordRequest);
        ProcessingContext.copy(passwordValidationCallback.getRuntimeProperties(), map);
        try {
            this.callbackHandler.handle(new Callback[]{passwordValidationCallback});
            passwordValidationCallback.getRealmAuthenticationAdapter();
            if (passwordValidationCallback.getValidator() != null && passwordValidationCallback.getResult()) {
                updateUsernameInSubject(getSubject(map), str, null);
            }
            return derivedKeyPasswordRequest.getPassword();
        } catch (Exception e) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0225_FAILED_PASSWORD_VALIDATION_CALLBACK(), (Throwable) e);
            throw new XWSSecurityException(e);
        }
    }

    private void defaultValidateCreationTime(String str, long j, long j2) throws XWSSecurityException {
        Date parse;
        try {
            synchronized (this.calendarFormatter1) {
                parse = this.calendarFormatter1.parse(str);
            }
        } catch (ParseException e) {
            synchronized (this.calendarFormatter2) {
                try {
                    parse = this.calendarFormatter2.parse(str);
                } catch (ParseException e2) {
                    log.log(Level.SEVERE, LogStringsMessages.WSS_0226_FAILED_VALIDATING_DEFAULT_CREATION_TIME(), (Throwable) e2);
                    throw new XWSSecurityException(e2);
                }
            }
        }
        if (parse.before(getFreshnessAndSkewAdjustedDate(j, j2))) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0227_INVALID_OLDER_CREATION_TIME());
            throw SOAPUtil.newSOAPFaultException(MessageConstants.WSSE_INVALID_SECURITY_TOKEN, "The creation time is older than  currenttime - timestamp-freshness-limit - max-clock-skew", null, true);
        }
        if (getGMTDateWithSkewAdjusted(new GregorianCalendar(), j, true).before(parse)) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0228_INVALID_AHEAD_CREATION_TIME());
            throw SOAPUtil.newSOAPFaultException(MessageConstants.WSSE_INVALID_SECURITY_TOKEN, "The creation time is ahead of the current time.", null, true);
        }
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public void validateCreationTime(Map map, String str, long j, long j2) throws XWSSecurityException {
        TimestampValidationCallback.UTCTimestampRequest uTCTimestampRequest = new TimestampValidationCallback.UTCTimestampRequest(str, null, j, j2);
        uTCTimestampRequest.isUsernameToken(true);
        TimestampValidationCallback timestampValidationCallback = new TimestampValidationCallback(uTCTimestampRequest);
        if (!this.isDefaultHandler) {
            ProcessingContext.copy(timestampValidationCallback.getRuntimeProperties(), map);
        }
        boolean z = false;
        try {
            this.callbackHandler.handle(new Callback[]{timestampValidationCallback});
        } catch (UnsupportedCallbackException e) {
            z = true;
        } catch (Exception e2) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0226_FAILED_VALIDATING_DEFAULT_CREATION_TIME());
            throw new XWSSecurityException(e2);
        }
        if (z) {
            defaultValidateCreationTime(str, j, j2);
            return;
        }
        try {
            timestampValidationCallback.getResult();
        } catch (TimestampValidationCallback.TimestampValidationException e3) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0229_FAILED_VALIDATING_TIME_STAMP(), (Throwable) e3);
            throw SOAPUtil.newSOAPFaultException(MessageConstants.WSSE_INVALID_SECURITY_TOKEN, e3.getMessage(), e3, true);
        }
    }

    public boolean validateSamlIssuer(String str) {
        log.log(Level.SEVERE, LogStringsMessages.WSS_0230_UNSUPPORTED_VALIDATING_SAML_ISSUER());
        throw new UnsupportedOperationException("SAML Issuer Validation not yet supported");
    }

    public boolean validateSamlUser(String str, String str2, String str3) {
        log.log(Level.SEVERE, LogStringsMessages.WSS_0231_UNSUPPORTED_VALIDATING_SAML_USER());
        throw new UnsupportedOperationException("SAML User Validation not yet supported");
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public String getUsername(Map map) throws XWSSecurityException {
        UsernameCallback usernameCallback = new UsernameCallback();
        ProcessingContext.copy(usernameCallback.getRuntimeProperties(), map);
        try {
            this.callbackHandler.handle(new Callback[]{usernameCallback});
            return usernameCallback.getUsername();
        } catch (Exception e) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0216_CALLBACKHANDLER_HANDLE_EXCEPTION("UsernameCallback"), new Object[]{"UsernameCallback"});
            log.log(Level.SEVERE, LogStringsMessages.WSS_0217_CALLBACKHANDLER_HANDLE_EXCEPTION_LOG(), (Throwable) e);
            throw new XWSSecurityException(e);
        }
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public String getPassword(Map map) throws XWSSecurityException {
        PasswordCallback passwordCallback = new PasswordCallback();
        ProcessingContext.copy(passwordCallback.getRuntimeProperties(), map);
        try {
            this.callbackHandler.handle(new Callback[]{passwordCallback});
            return passwordCallback.getPassword();
        } catch (Exception e) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0225_FAILED_PASSWORD_VALIDATION_CALLBACK(), (Throwable) e);
            throw new XWSSecurityException(e.getMessage(), e);
        }
    }

    private void defaultValidateExpirationTime(String str, long j, long j2) {
        Date parse;
        if (str != null) {
            try {
                synchronized (this.calendarFormatter1) {
                    parse = this.calendarFormatter1.parse(str);
                }
            } catch (ParseException e) {
                synchronized (this.calendarFormatter2) {
                    try {
                        parse = this.calendarFormatter2.parse(str);
                    } catch (ParseException e2) {
                        log.log(Level.SEVERE, LogStringsMessages.WSS_0394_ERROR_PARSING_EXPIRATIONTIME());
                        throw SOAPUtil.newSOAPFaultException(MessageConstants.WSSE_INVALID_SECURITY_TOKEN, e2.getMessage(), e2, true);
                    }
                }
            }
            if (parse.before(getGMTDateWithSkewAdjusted(new GregorianCalendar(), j, false))) {
                log.log(Level.SEVERE, LogStringsMessages.WSS_0393_CURRENT_AHEAD_OF_EXPIRES());
                throw SOAPUtil.newSOAPFaultException(MessageConstants.WSU_MESSAGE_EXPIRED, "The current time is ahead of the expiration time in Timestamp", null, true);
            }
        }
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public void validateTimestamp(Map map, Timestamp timestamp, long j, long j2) throws XWSSecurityException {
        validateTimestamp(map, timestamp.getCreated(), timestamp.getExpires(), j, j2);
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public void validateTimestamp(Map map, String str, String str2, long j, long j2) throws XWSSecurityException {
        if (expiresBeforeCreated(str, str2)) {
            XWSSecurityException xWSSecurityException = new XWSSecurityException("Message expired!");
            log.log(Level.SEVERE, LogStringsMessages.WSS_0232_EXPIRED_MESSAGE());
            throw newSOAPFaultException(MessageConstants.WSU_MESSAGE_EXPIRED, "Message expired!", xWSSecurityException);
        }
        TimestampValidationCallback timestampValidationCallback = new TimestampValidationCallback(new TimestampValidationCallback.UTCTimestampRequest(str, str2, j, j2));
        if (!this.isDefaultHandler) {
            ProcessingContext.copy(timestampValidationCallback.getRuntimeProperties(), map);
        }
        boolean z = false;
        try {
            this.callbackHandler.handle(new Callback[]{timestampValidationCallback});
        } catch (UnsupportedCallbackException e) {
            z = true;
        } catch (Exception e2) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0229_FAILED_VALIDATING_TIME_STAMP(), (Throwable) e2);
            throw new XWSSecurityException(e2);
        }
        if (z) {
            defaultValidateCreationTime(str, j, j2);
            defaultValidateExpirationTime(str2, j, j2);
        } else {
            try {
                timestampValidationCallback.getResult();
            } catch (TimestampValidationCallback.TimestampValidationException e3) {
                log.log(Level.SEVERE, LogStringsMessages.WSS_0229_FAILED_VALIDATING_TIME_STAMP(), (Throwable) e3);
                throw SOAPUtil.newSOAPFaultException(MessageConstants.WSSE_INVALID_SECURITY_TOKEN, e3.getMessage(), e3, true);
            }
        }
    }

    public static WssSoapFaultException newSOAPFaultException(QName qName, String str, Throwable th) {
        WssSoapFaultException wssSoapFaultException = new WssSoapFaultException(qName, str, null, null);
        wssSoapFaultException.initCause(th);
        return wssSoapFaultException;
    }

    private static Date getGMTDateWithSkewAdjusted(Calendar calendar, long j, boolean z) {
        long timeInMillis = calendar.getTimeInMillis() - offset;
        calendar.setTimeInMillis(z ? timeInMillis + j : timeInMillis - j);
        return calendar.getTime();
    }

    private static Date getFreshnessAndSkewAdjustedDate(long j, long j2) {
        GregorianCalendar gregorianCalendar = new GregorianCalendar();
        gregorianCalendar.setTimeInMillis(((gregorianCalendar.getTimeInMillis() - offset) - j) - j2);
        return gregorianCalendar.getTime();
    }

    private boolean expiresBeforeCreated(String str, String str2) throws XWSSecurityException {
        Date parse;
        Date date = null;
        try {
            synchronized (this.calendarFormatter1) {
                parse = this.calendarFormatter1.parse(str);
                if (str2 != null) {
                    date = this.calendarFormatter1.parse(str2);
                }
            }
        } catch (ParseException e) {
            synchronized (this.calendarFormatter2) {
                try {
                    parse = this.calendarFormatter2.parse(str);
                    if (str2 != null) {
                        date = this.calendarFormatter2.parse(str2);
                    }
                } catch (ParseException e2) {
                    log.log(Level.SEVERE, LogStringsMessages.WSS_0233_INVALID_EXPIRE_BEFORE_CREATION(), (Throwable) e2);
                    throw new XWSSecurityException(e2.getMessage());
                }
            }
        }
        if (date == null || !date.equals(parse)) {
            return date != null && date.before(parse);
        }
        return true;
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public void validateSAMLAssertion(Map map, Element element) throws XWSSecurityException {
        AuthenticationTokenPolicy.SAMLAssertionBinding sAMLAssertionBinding = (AuthenticationTokenPolicy.SAMLAssertionBinding) new AuthenticationTokenPolicy().newSAMLAssertionFeatureBinding();
        sAMLAssertionBinding.setAssertion(element);
        DynamicPolicyCallback dynamicPolicyCallback = new DynamicPolicyCallback(sAMLAssertionBinding, null);
        ProcessingContext.copy(dynamicPolicyCallback.getRuntimeProperties(), map);
        try {
            this.callbackHandler.handle(new Callback[]{dynamicPolicyCallback});
        } catch (Exception e) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0234_FAILED_VALIDATE_SAML_ASSERTION(), (Throwable) e);
            throw SOAPUtil.newSOAPFaultException(MessageConstants.WSSE_FAILED_AUTHENTICATION, "Validation failed for SAML Assertion ", e, true);
        }
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public Element locateSAMLAssertion(Map map, Element element, String str, Document document) throws XWSSecurityException {
        AuthenticationTokenPolicy.SAMLAssertionBinding sAMLAssertionBinding = (AuthenticationTokenPolicy.SAMLAssertionBinding) new AuthenticationTokenPolicy().newSAMLAssertionFeatureBinding();
        sAMLAssertionBinding.setAuthorityBinding(element);
        sAMLAssertionBinding.setAssertionId(str);
        DynamicPolicyCallback dynamicPolicyCallback = new DynamicPolicyCallback(sAMLAssertionBinding, null);
        ProcessingContext.copy(dynamicPolicyCallback.getRuntimeProperties(), map);
        try {
            this.callbackHandler.handle(new Callback[]{dynamicPolicyCallback});
            Element assertion = sAMLAssertionBinding.getAssertion();
            if (assertion != null) {
                return assertion;
            }
            log.log(Level.SEVERE, LogStringsMessages.WSS_0236_NULL_SAML_ASSERTION());
            throw new XWSSecurityException("SAML Assertion not set into Policy by CallbackHandler");
        } catch (Exception e) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0235_FAILED_LOCATE_SAML_ASSERTION(), (Throwable) e);
            throw new XWSSecurityException(e);
        }
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public AuthenticationTokenPolicy.SAMLAssertionBinding populateSAMLPolicy(Map map, AuthenticationTokenPolicy.SAMLAssertionBinding sAMLAssertionBinding, DynamicApplicationContext dynamicApplicationContext) throws XWSSecurityException {
        DynamicPolicyCallback dynamicPolicyCallback = new DynamicPolicyCallback(sAMLAssertionBinding, dynamicApplicationContext);
        if (dynamicApplicationContext != null) {
            ProcessingContext.copy(dynamicPolicyCallback.getRuntimeProperties(), map);
        }
        try {
            this.callbackHandler.handle(new Callback[]{dynamicPolicyCallback});
            return (AuthenticationTokenPolicy.SAMLAssertionBinding) dynamicPolicyCallback.getSecurityPolicy();
        } catch (Exception e) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0237_FAILED_DYNAMIC_POLICY_CALLBACK(), (Throwable) e);
            throw new XWSSecurityException(e);
        }
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public CallbackHandler getCallbackHandler() {
        return this.callbackHandler;
    }

    private void validateSamlVersion(Assertion assertion) {
        BigInteger majorVersion = assertion.getMajorVersion();
        BigInteger minorVersion = assertion.getMinorVersion();
        if (majorVersion.intValue() != 1) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0404_SAML_INVALID_VERSION());
            throw SecurableSoapMessage.newSOAPFaultException(MessageConstants.WSSE_INVALID_SECURITY_TOKEN, "Major version is not 1 for SAML Assertion:" + assertion.getAssertionID(), new Exception("Major version is not 1 for SAML Assertion"));
        }
        if (minorVersion.intValue() == 0 || minorVersion.intValue() == 1) {
            return;
        }
        log.log(Level.SEVERE, LogStringsMessages.WSS_0404_SAML_INVALID_VERSION());
        throw SecurableSoapMessage.newSOAPFaultException(MessageConstants.WSSE_INVALID_SECURITY_TOKEN, "Minor version is not 0/1 for SAML Assertion:" + assertion.getAssertionID(), new Exception("Minor version is not 0/1 for SAML Assertion"));
    }

    private void validateIssuer(SecurableSoapMessage securableSoapMessage, Assertion assertion) {
    }

    private void validateSamlUser(SecurableSoapMessage securableSoapMessage, Assertion assertion) {
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public void validateSAMLAssertion(Map map, XMLStreamReader xMLStreamReader) throws XWSSecurityException {
        AuthenticationTokenPolicy.SAMLAssertionBinding sAMLAssertionBinding = (AuthenticationTokenPolicy.SAMLAssertionBinding) new AuthenticationTokenPolicy().newSAMLAssertionFeatureBinding();
        sAMLAssertionBinding.setAssertion(xMLStreamReader);
        DynamicPolicyCallback dynamicPolicyCallback = new DynamicPolicyCallback(sAMLAssertionBinding, null);
        ProcessingContext.copy(dynamicPolicyCallback.getRuntimeProperties(), map);
        if (map.get(MessageConstants.AUTH_SUBJECT) == null) {
            dynamicPolicyCallback.getRuntimeProperties().put(MessageConstants.AUTH_SUBJECT, getSubject(map));
        }
        try {
            this.callbackHandler.handle(new Callback[]{dynamicPolicyCallback});
        } catch (Exception e) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0234_FAILED_VALIDATE_SAML_ASSERTION(), (Throwable) e);
            throw SOAPUtil.newSOAPFaultException(MessageConstants.WSSE_FAILED_AUTHENTICATION, "Validation failed for SAML Assertion ", e, true);
        }
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public void updateOtherPartySubject(final Subject subject, final XMLStreamReader xMLStreamReader) {
        if ((this.callbackHandler instanceof DefaultCallbackHandler) && (((DefaultCallbackHandler) this.callbackHandler).getSAMLValidator() instanceof SAMLValidator)) {
            return;
        }
        AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl.6
            @Override // java.security.PrivilegedAction
            public Object run() {
                subject.getPublicCredentials().add(xMLStreamReader);
                return null;
            }
        });
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public boolean isSelfCertificate(X509Certificate x509Certificate) {
        return false;
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public void updateOtherPartySubject(Subject subject, Subject subject2) {
        SecurityUtil.copySubject(subject, subject2);
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public KerberosContext doKerberosLogin() throws XWSSecurityException {
        String property = this.configAssertions.getProperty(DefaultCallbackHandler.KRB5_LOGIN_MODULE);
        String property2 = this.configAssertions.getProperty(DefaultCallbackHandler.KRB5_SERVICE_PRINCIPAL);
        boolean booleanValue = Boolean.valueOf(this.configAssertions.getProperty(DefaultCallbackHandler.KRB5_CREDENTIAL_DELEGATION)).booleanValue();
        if (property == null || property.equals(MessageConstants.EMPTY_STRING)) {
            throw new XWSSecurityException("Login Module for Kerberos login is not set or could not be obtained");
        }
        if (property2 == null || property2.equals(MessageConstants.EMPTY_STRING)) {
            throw new XWSSecurityException("Kerberos Service Principal is not set or could not be obtained");
        }
        return new KerberosLogin().login(property, property2, booleanValue);
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public KerberosContext doKerberosLogin(byte[] bArr) throws XWSSecurityException {
        return new KerberosLogin().login(this.configAssertions.getProperty(DefaultCallbackHandler.KRB5_LOGIN_MODULE), bArr);
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public void updateOtherPartySubject(final Subject subject, final GSSName gSSName, final GSSCredential gSSCredential) {
        AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl.7
            @Override // java.security.PrivilegedAction
            public Object run() {
                subject.getPrincipals().add(new KerberosPrincipal(gSSName.toString()));
                subject.getPublicCredentials().add(gSSName);
                if (gSSCredential == null) {
                    return null;
                }
                subject.getPrivateCredentials().add(gSSCredential);
                return null;
            }
        });
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public boolean validateAndCacheNonce(Map map, String str, String str2, long j) throws XWSSecurityException {
        return (this.mnaProperty != null ? NonceManager.getInstance(this.maxNonceAge, (WSEndpoint) map.get(MessageConstants.WSENDPOINT)) : NonceManager.getInstance(j, (WSEndpoint) map.get(MessageConstants.WSENDPOINT))).validateNonce(str, str2);
    }

    private Class loadClass(String str) throws XWSSecurityException {
        if (str == null) {
            return null;
        }
        ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
        if (contextClassLoader != null) {
            try {
                return contextClassLoader.loadClass(str);
            } catch (ClassNotFoundException e) {
                if (log.isLoggable(Level.FINE)) {
                    log.log(Level.FINE, "LoadClass: could not load class " + str, (Throwable) e);
                }
            }
        }
        try {
            return getClass().getClassLoader().loadClass(str);
        } catch (ClassNotFoundException e2) {
            if (log.isLoggable(Level.FINE)) {
                log.log(Level.FINE, "LoadClass: could not load class " + str, (Throwable) e2);
            }
            log.log(Level.SEVERE, com.sun.xml.wss.logging.impl.misc.LogStringsMessages.WSS_1521_ERROR_GETTING_USER_CLASS());
            throw new XWSSecurityException("Could not find User Class " + str);
        }
    }

    static {
        GregorianCalendar gregorianCalendar = new GregorianCalendar();
        long j = gregorianCalendar.get(15);
        if (gregorianCalendar.getTimeZone().inDaylightTime(gregorianCalendar.getTime())) {
            j += gregorianCalendar.getTimeZone().getDSTSavings();
        }
        offset = j;
        log = Logger.getLogger("javax.enterprise.resource.xml.webservices.security", "com.sun.xml.wss.logging.LogStrings");
    }
}
