package org.apache.cxf.ws.security.policy.interceptors;

import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.endpoint.Endpoint;
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.Message;
import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.phase.Phase;
import org.apache.cxf.service.model.EndpointInfo;
import org.apache.cxf.ws.addressing.AddressingProperties;
import org.apache.cxf.ws.addressing.JAXWSAConstants;
import org.apache.cxf.ws.policy.AbstractPolicyInterceptorProvider;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.cxf.ws.security.policy.SP11Constants;
import org.apache.cxf.ws.security.policy.SP12Constants;
import org.apache.cxf.ws.security.policy.model.IssuedToken;
import org.apache.cxf.ws.security.policy.model.Trust10;
import org.apache.cxf.ws.security.policy.model.Trust13;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.cxf.ws.security.tokenstore.TokenStore;
import org.apache.cxf.ws.security.tokenstore.TokenStoreFactory;
import org.apache.cxf.ws.security.trust.STSClient;
import org.apache.cxf.ws.security.trust.STSUtils;
import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor;
import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor;
import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor;
import org.apache.cxf.ws.security.wss4j.WSS4JUtils;
import org.apache.cxf.ws.security.wss4j.policyvalidators.IssuedTokenPolicyValidator;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.handler.WSHandlerConstants;
import org.apache.ws.security.handler.WSHandlerResult;
import org.apache.ws.security.message.token.BinarySecurity;
import org.apache.ws.security.saml.SAMLKeyInfo;
import org.apache.ws.security.saml.ext.AssertionWrapper;
import org.w3c.dom.Element;

/* loaded from: input_file:WEB-INF/lib/cxf-rt-ws-security-2.7.19-MULE-004.jar:org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.class */
public class IssuedTokenInterceptorProvider extends AbstractPolicyInterceptorProvider {
    private static final long serialVersionUID = -6936475570762840527L;
    private static final Logger LOG = LogUtils.getL7dLogger(IssuedTokenInterceptorProvider.class);
    private static final String ASSOCIATED_TOKEN = IssuedTokenInterceptorProvider.class.getName() + "-Associated_Token";

    /* loaded from: input_file:WEB-INF/lib/cxf-rt-ws-security-2.7.19-MULE-004.jar:org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider$IssuedTokenInInterceptor.class */
    static class IssuedTokenInInterceptor extends AbstractPhaseInterceptor<Message> {
        public IssuedTokenInInterceptor() {
            super(Phase.PRE_PROTOCOL);
            addAfter(WSS4JInInterceptor.class.getName());
            addAfter(PolicyBasedWSS4JInInterceptor.class.getName());
        }

        @Override // org.apache.cxf.interceptor.Interceptor
        public void handleMessage(Message message) throws Fault {
            Collection<AssertionInfo> collection;
            AssertionInfoMap assertionInfoMap = (AssertionInfoMap) message.get(AssertionInfoMap.class);
            if (assertionInfoMap == null || (collection = assertionInfoMap.get(SP12Constants.ISSUED_TOKEN)) == null) {
                return;
            }
            if (isRequestor(message)) {
                Iterator<AssertionInfo> it = collection.iterator();
                while (it.hasNext()) {
                    it.next().setAsserted(true);
                }
            } else {
                message.getExchange().remove(SecurityConstants.TOKEN);
                List cast = CastUtils.cast((List<?>) message.get(WSHandlerConstants.RECV_RESULTS));
                if (cast == null || cast.size() <= 0) {
                    return;
                }
                parseHandlerResults((WSHandlerResult) cast.get(0), message, collection);
            }
        }

        private void parseHandlerResults(WSHandlerResult wSHandlerResult, Message message, Collection<AssertionInfo> collection) {
            IssuedTokenPolicyValidator issuedTokenPolicyValidator = new IssuedTokenPolicyValidator(WSS4JUtils.fetchAllActionResults(wSHandlerResult.getResults(), 2), message);
            for (AssertionWrapper assertionWrapper : findSamlTokenResults(wSHandlerResult.getResults())) {
                if (issuedTokenPolicyValidator.validatePolicy(collection, assertionWrapper)) {
                    message.getExchange().put(SecurityConstants.TOKEN, createSecurityToken(assertionWrapper));
                    return;
                }
            }
            for (BinarySecurity binarySecurity : findBinarySecurityTokenResults(wSHandlerResult.getResults())) {
                if (issuedTokenPolicyValidator.validatePolicy(collection, binarySecurity)) {
                    message.getExchange().put(SecurityConstants.TOKEN, createSecurityToken(binarySecurity));
                    return;
                }
            }
        }

        private List<AssertionWrapper> findSamlTokenResults(List<WSSecurityEngineResult> list) {
            ArrayList arrayList = new ArrayList();
            for (WSSecurityEngineResult wSSecurityEngineResult : list) {
                Integer num = (Integer) wSSecurityEngineResult.get("action");
                if (num.intValue() == 16 || num.intValue() == 8) {
                    arrayList.add((AssertionWrapper) wSSecurityEngineResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION));
                }
            }
            return arrayList;
        }

        private List<BinarySecurity> findBinarySecurityTokenResults(List<WSSecurityEngineResult> list) {
            ArrayList arrayList = new ArrayList();
            for (WSSecurityEngineResult wSSecurityEngineResult : list) {
                if (((Integer) wSSecurityEngineResult.get("action")).intValue() == 4096 && Boolean.TRUE.equals(wSSecurityEngineResult.get(WSSecurityEngineResult.TAG_VALIDATED_TOKEN))) {
                    arrayList.add((BinarySecurity) wSSecurityEngineResult.get(WSSecurityEngineResult.TAG_BINARY_SECURITY_TOKEN));
                }
            }
            return arrayList;
        }

        private SecurityToken createSecurityToken(AssertionWrapper assertionWrapper) {
            SecurityToken securityToken = new SecurityToken(assertionWrapper.getId());
            SAMLKeyInfo subjectKeyInfo = assertionWrapper.getSubjectKeyInfo();
            if (subjectKeyInfo != null) {
                securityToken.setSecret(subjectKeyInfo.getSecret());
                X509Certificate[] certs = subjectKeyInfo.getCerts();
                if (certs != null && certs.length > 0) {
                    securityToken.setX509Certificate(certs[0], null);
                }
            }
            if (assertionWrapper.getSaml1() != null) {
                securityToken.setTokenType(WSConstants.WSS_SAML_TOKEN_TYPE);
            } else if (assertionWrapper.getSaml2() != null) {
                securityToken.setTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE);
            }
            securityToken.setToken(assertionWrapper.getElement());
            return securityToken;
        }

        private SecurityToken createSecurityToken(BinarySecurity binarySecurity) {
            SecurityToken securityToken = new SecurityToken(binarySecurity.getID());
            securityToken.setToken(binarySecurity.getElement());
            securityToken.setSecret(binarySecurity.getToken());
            securityToken.setTokenType(binarySecurity.getValueType());
            return securityToken;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/cxf-rt-ws-security-2.7.19-MULE-004.jar:org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor.class */
    static class IssuedTokenOutInterceptor extends AbstractPhaseInterceptor<Message> {
        public IssuedTokenOutInterceptor() {
            super(Phase.PREPARE_SEND);
        }

        private static void mapSecurityProps(Message message, Map<String, Object> map) {
            for (String str : SecurityConstants.ALL_PROPERTIES) {
                Object contextualProperty = message.getContextualProperty(str + ".it");
                if (contextualProperty == null) {
                    contextualProperty = message.getContextualProperty(str);
                }
                if (!map.containsKey(str) && contextualProperty != null) {
                    map.put(str, contextualProperty);
                }
            }
        }

        @Override // org.apache.cxf.interceptor.Interceptor
        public void handleMessage(Message message) throws Fault {
            Collection<AssertionInfo> collection;
            AssertionInfoMap assertionInfoMap = (AssertionInfoMap) message.get(AssertionInfoMap.class);
            if (assertionInfoMap == null || (collection = assertionInfoMap.get(SP12Constants.ISSUED_TOKEN)) == null || collection.isEmpty()) {
                return;
            }
            if (!isRequestor(message)) {
                Iterator<AssertionInfo> it = collection.iterator();
                while (it.hasNext()) {
                    it.next().setAsserted(true);
                }
                return;
            }
            IssuedToken issuedToken = (IssuedToken) collection.iterator().next().getAssertion();
            SecurityToken retrieveCachedToken = retrieveCachedToken(message);
            SecurityToken issueToken = retrieveCachedToken == null ? issueToken(message, assertionInfoMap, issuedToken) : renewToken(message, assertionInfoMap, issuedToken, retrieveCachedToken);
            if (issueToken != null) {
                Iterator<AssertionInfo> it2 = collection.iterator();
                while (it2.hasNext()) {
                    it2.next().setAsserted(true);
                }
                if (MessageUtils.getContextualBoolean(message, SecurityConstants.CACHE_ISSUED_TOKEN_IN_ENDPOINT, true) && !isOneTimeUse(issueToken)) {
                    ((Endpoint) message.getExchange().get(Endpoint.class)).put(SecurityConstants.TOKEN, issueToken);
                    message.getExchange().put(SecurityConstants.TOKEN, issueToken);
                    message.getExchange().put(SecurityConstants.TOKEN_ID, issueToken.getId());
                    ((Endpoint) message.getExchange().get(Endpoint.class)).put(SecurityConstants.TOKEN_ID, issueToken.getId());
                } else {
                    message.put(SecurityConstants.TOKEN, issueToken);
                    message.put(SecurityConstants.TOKEN_ID, issueToken.getId());
                }
                IssuedTokenInterceptorProvider.getTokenStore(message).add(issueToken);
            }
        }

        private Trust10 getTrust10(AssertionInfoMap assertionInfoMap) {
            Collection<AssertionInfo> collection = assertionInfoMap.get(SP11Constants.TRUST_10);
            if (collection == null || collection.isEmpty()) {
                return null;
            }
            return (Trust10) collection.iterator().next().getAssertion();
        }

        private Trust13 getTrust13(AssertionInfoMap assertionInfoMap) {
            Collection<AssertionInfo> collection = assertionInfoMap.get(SP12Constants.TRUST_13);
            if (collection == null || collection.isEmpty()) {
                return null;
            }
            return (Trust13) collection.iterator().next().getAssertion();
        }

        private boolean isOneTimeUse(SecurityToken securityToken) {
            Element token = securityToken.getToken();
            if (token == null || !"Assertion".equals(token.getLocalName()) || !"urn:oasis:names:tc:SAML:2.0:assertion".equals(token.getNamespaceURI())) {
                return false;
            }
            try {
                AssertionWrapper assertionWrapper = new AssertionWrapper(token);
                if (assertionWrapper.getSaml2().getConditions() != null) {
                    return assertionWrapper.getSaml2().getConditions().getOneTimeUse() != null;
                }
                return false;
            } catch (WSSecurityException e) {
                throw new Fault(e);
            }
        }

        private SecurityToken retrieveCachedToken(Message message) {
            SecurityToken securityToken;
            String str;
            String str2;
            if (MessageUtils.getContextualBoolean(message, SecurityConstants.CACHE_ISSUED_TOKEN_IN_ENDPOINT, true)) {
                securityToken = (SecurityToken) message.getContextualProperty(SecurityConstants.TOKEN);
                if (securityToken == null && (str2 = (String) message.getContextualProperty(SecurityConstants.TOKEN_ID)) != null) {
                    securityToken = IssuedTokenInterceptorProvider.getTokenStore(message).getToken(str2);
                }
            } else {
                securityToken = (SecurityToken) message.get(SecurityConstants.TOKEN);
                if (securityToken == null && (str = (String) message.get(SecurityConstants.TOKEN_ID)) != null) {
                    securityToken = IssuedTokenInterceptorProvider.getTokenStore(message).getToken(str);
                }
            }
            return securityToken;
        }

        private SecurityToken handleDelegation(Message message, Element element, Element element2, String str, boolean z) throws Exception {
            SecurityToken token;
            Properties properties;
            SecurityToken token2;
            SecurityToken token3;
            Properties properties2;
            SecurityToken token4;
            TokenStore tokenStore = IssuedTokenInterceptorProvider.getTokenStore(message);
            String str2 = str;
            if (!z || str2 == null || "".equals(str2)) {
                str2 = IssuedTokenInterceptorProvider.ASSOCIATED_TOKEN;
            }
            if (element != null && (token3 = tokenStore.getToken(getIdFromToken(element))) != null && (properties2 = token3.getProperties()) != null && properties2.containsKey(str2) && (token4 = tokenStore.getToken(properties2.getProperty(str2))) != null) {
                return token4;
            }
            if (element2 == null || (token = tokenStore.getToken(getIdFromToken(element2))) == null || (properties = token.getProperties()) == null || !properties.containsKey(str2) || (token2 = tokenStore.getToken(properties.getProperty(str2))) == null) {
                return null;
            }
            return token2;
        }

        private String getIdFromToken(Element element) {
            return element != null ? element.hasAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Id") ? element.getAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Id") : element.hasAttributeNS(null, "ID") ? element.getAttributeNS(null, "ID") : element.hasAttributeNS(null, "AssertionID") ? element.getAttributeNS(null, "AssertionID") : "" : "";
        }

        private void storeDelegationTokens(Message message, SecurityToken securityToken, Element element, Element element2, String str, boolean z) throws Exception {
            if (securityToken == null) {
                return;
            }
            TokenStore tokenStore = IssuedTokenInterceptorProvider.getTokenStore(message);
            String str2 = str;
            if (!z || str2 == null || "".equals(str2)) {
                str2 = IssuedTokenInterceptorProvider.ASSOCIATED_TOKEN;
            }
            if (element != null) {
                String idFromToken = getIdFromToken(element);
                SecurityToken token = tokenStore.getToken(idFromToken);
                if (token == null) {
                    token = new SecurityToken(idFromToken);
                    token.setToken(element);
                }
                Properties properties = token.getProperties();
                if (properties == null) {
                    properties = new Properties();
                    token.setProperties(properties);
                }
                properties.put(str2, securityToken.getId());
                tokenStore.add(token);
            }
            if (element2 != null) {
                String idFromToken2 = getIdFromToken(element2);
                SecurityToken token2 = tokenStore.getToken(idFromToken2);
                if (token2 == null) {
                    token2 = new SecurityToken(idFromToken2);
                    token2.setToken(element2);
                }
                Properties properties2 = token2.getProperties();
                if (properties2 == null) {
                    properties2 = new Properties();
                    token2.setProperties(properties2);
                }
                properties2.put(str2, securityToken.getId());
                tokenStore.add(token2);
            }
        }

        private SecurityToken getTokenFromSTS(Message message, STSClient sTSClient, AssertionInfoMap assertionInfoMap, AddressingProperties addressingProperties, IssuedToken issuedToken, String str) throws Exception {
            sTSClient.setTrust(getTrust10(assertionInfoMap));
            sTSClient.setTrust(getTrust13(assertionInfoMap));
            sTSClient.setTemplate(issuedToken.getRstTemplate());
            Element policy = issuedToken.getPolicy();
            if (policy != null && policy.getNamespaceURI() != null) {
                sTSClient.setWspNamespace(policy.getNamespaceURI());
            }
            if (addressingProperties != null && addressingProperties.getNamespaceURI() != null) {
                sTSClient.setAddressingNamespace(addressingProperties.getNamespaceURI());
            }
            if (issuedToken.getClaims() != null) {
                sTSClient.setClaims(issuedToken.getClaims());
            }
            return sTSClient.requestSecurityToken(str);
        }

        private SecurityToken renewToken(Message message, AssertionInfoMap assertionInfoMap, IssuedToken issuedToken, SecurityToken securityToken) {
            SecurityToken renewSecurityToken;
            String str = (String) message.getContextualProperty(SecurityConstants.STS_TOKEN_IMMINENT_EXPIRY_VALUE);
            long j = 0;
            if (str != null) {
                j = Long.parseLong(str);
            }
            if (!securityToken.isExpired() && !securityToken.isAboutToExpire(j)) {
                return securityToken;
            }
            ((Endpoint) message.getExchange().get(Endpoint.class)).remove(SecurityConstants.TOKEN);
            ((Endpoint) message.getExchange().get(Endpoint.class)).remove(SecurityConstants.TOKEN_ID);
            message.getExchange().remove(SecurityConstants.TOKEN_ID);
            message.getExchange().remove(SecurityConstants.TOKEN);
            NegotiationUtils.getTokenStore(message).remove(securityToken.getId());
            STSClient client = STSUtils.getClient(message, "sts", issuedToken);
            if (!client.isAllowRenewing()) {
                return issueToken(message, assertionInfoMap, issuedToken);
            }
            AddressingProperties addressingProperties = (AddressingProperties) message.get("javax.xml.ws.addressing.context.outbound");
            if (addressingProperties == null) {
                addressingProperties = (AddressingProperties) message.get(JAXWSAConstants.CLIENT_ADDRESSING_PROPERTIES);
            }
            synchronized (client) {
                try {
                    try {
                        mapSecurityProps(message, client.getRequestContext());
                        client.setMessage(message);
                        if (addressingProperties != null) {
                            client.setAddressingNamespace(addressingProperties.getNamespaceURI());
                        }
                        client.setTrust(getTrust10(assertionInfoMap));
                        client.setTrust(getTrust13(assertionInfoMap));
                        client.setTemplate(issuedToken.getRstTemplate());
                        renewSecurityToken = client.renewSecurityToken(securityToken);
                        client.setTrust((Trust10) null);
                        client.setTrust((Trust13) null);
                        client.setTemplate(null);
                        client.setAddressingNamespace(null);
                    } catch (Throwable th) {
                        client.setTrust((Trust10) null);
                        client.setTrust((Trust13) null);
                        client.setTemplate(null);
                        client.setAddressingNamespace(null);
                        throw th;
                    }
                } catch (RuntimeException e) {
                    IssuedTokenInterceptorProvider.LOG.log(Level.WARNING, "Error renewing a token", (Throwable) e);
                    if (!MessageUtils.getContextualBoolean(message, SecurityConstants.STS_ISSUE_AFTER_FAILED_RENEW, true)) {
                        throw e;
                    }
                    SecurityToken issueToken = issueToken(message, assertionInfoMap, issuedToken);
                    client.setTrust((Trust10) null);
                    client.setTrust((Trust13) null);
                    client.setTemplate(null);
                    client.setAddressingNamespace(null);
                    return issueToken;
                } catch (Exception e2) {
                    IssuedTokenInterceptorProvider.LOG.log(Level.WARNING, "Error renewing a token", (Throwable) e2);
                    if (!MessageUtils.getContextualBoolean(message, SecurityConstants.STS_ISSUE_AFTER_FAILED_RENEW, true)) {
                        throw new Fault(e2);
                    }
                    SecurityToken issueToken2 = issueToken(message, assertionInfoMap, issuedToken);
                    client.setTrust((Trust10) null);
                    client.setTrust((Trust13) null);
                    client.setTemplate(null);
                    client.setAddressingNamespace(null);
                    return issueToken2;
                }
            }
            return renewSecurityToken;
        }

        private SecurityToken issueToken(Message message, AssertionInfoMap assertionInfoMap, IssuedToken issuedToken) {
            SecurityToken securityToken;
            STSClient client = STSUtils.getClient(message, "sts", issuedToken);
            AddressingProperties addressingProperties = (AddressingProperties) message.get("javax.xml.ws.addressing.context.outbound");
            if (addressingProperties == null) {
                addressingProperties = (AddressingProperties) message.get(JAXWSAConstants.CLIENT_ADDRESSING_PROPERTIES);
            }
            synchronized (client) {
                try {
                    try {
                        Object contextualProperty = message.getContextualProperty(SecurityConstants.STS_TOKEN_ACT_AS);
                        if (contextualProperty != null) {
                            client.setActAs(contextualProperty);
                        }
                        Object contextualProperty2 = message.getContextualProperty(SecurityConstants.STS_TOKEN_ON_BEHALF_OF);
                        if (contextualProperty2 != null) {
                            client.setOnBehalfOf(contextualProperty2);
                        }
                        mapSecurityProps(message, client.getRequestContext());
                        Object contextualProperty3 = message.getContextualProperty(SecurityConstants.STS_APPLIES_TO);
                        String obj = contextualProperty3 == null ? null : contextualProperty3.toString();
                        String obj2 = obj == null ? message.getContextualProperty(Message.ENDPOINT_ADDRESS).toString() : obj;
                        boolean isEnableAppliesTo = client.isEnableAppliesTo();
                        client.setMessage(message);
                        Element onBehalfOfToken = client.getOnBehalfOfToken();
                        Element actAsToken = client.getActAsToken();
                        SecurityToken handleDelegation = handleDelegation(message, onBehalfOfToken, actAsToken, obj2, isEnableAppliesTo);
                        if (handleDelegation == null) {
                            handleDelegation = getTokenFromSTS(message, client, assertionInfoMap, addressingProperties, issuedToken, obj2);
                        }
                        storeDelegationTokens(message, handleDelegation, onBehalfOfToken, actAsToken, obj2, isEnableAppliesTo);
                        securityToken = handleDelegation;
                        client.setTrust((Trust10) null);
                        client.setTrust((Trust13) null);
                        client.setTemplate(null);
                        client.setAddressingNamespace(null);
                    } catch (RuntimeException e) {
                        throw e;
                    } catch (Exception e2) {
                        throw new Fault(e2);
                    }
                } catch (Throwable th) {
                    client.setTrust((Trust10) null);
                    client.setTrust((Trust13) null);
                    client.setTemplate(null);
                    client.setAddressingNamespace(null);
                    throw th;
                }
            }
            return securityToken;
        }
    }

    public IssuedTokenInterceptorProvider() {
        super(Arrays.asList(SP11Constants.ISSUED_TOKEN, SP12Constants.ISSUED_TOKEN));
        getOutInterceptors().add(PolicyBasedWSS4JOutInterceptor.INSTANCE);
        getOutFaultInterceptors().add(PolicyBasedWSS4JOutInterceptor.INSTANCE);
        getInInterceptors().add(PolicyBasedWSS4JInInterceptor.INSTANCE);
        getInFaultInterceptors().add(PolicyBasedWSS4JInInterceptor.INSTANCE);
        getOutInterceptors().add(new IssuedTokenOutInterceptor());
        getOutFaultInterceptors().add(new IssuedTokenOutInterceptor());
        getInInterceptors().add(new IssuedTokenInInterceptor());
        getInFaultInterceptors().add(new IssuedTokenInInterceptor());
    }

    static final TokenStore createTokenStore(Message message) {
        TokenStore tokenStore;
        EndpointInfo endpointInfo = ((Endpoint) message.getExchange().get(Endpoint.class)).getEndpointInfo();
        synchronized (endpointInfo) {
            TokenStore tokenStore2 = (TokenStore) message.getContextualProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE);
            if (tokenStore2 == null) {
                tokenStore2 = (TokenStore) endpointInfo.getProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE);
            }
            if (tokenStore2 == null) {
                TokenStoreFactory newInstance = TokenStoreFactory.newInstance();
                String str = SecurityConstants.TOKEN_STORE_CACHE_INSTANCE;
                if (endpointInfo.getName() != null) {
                    str = str + "-" + endpointInfo.getName().toString().hashCode();
                }
                tokenStore2 = newInstance.newTokenStore(str, message);
                endpointInfo.setProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE, tokenStore2);
            }
            tokenStore = tokenStore2;
        }
        return tokenStore;
    }

    static final TokenStore getTokenStore(Message message) {
        TokenStore tokenStore = (TokenStore) message.getContextualProperty(TokenStore.class.getName());
        if (tokenStore == null) {
            tokenStore = createTokenStore(message);
        }
        return tokenStore;
    }
}
