package com.ibm.wsspi.wssecurity.token;

import com.ibm.ws.security.util.AccessController;
import com.ibm.ws.webservices.wssecurity.token.TokenManager;
import com.ibm.ws.webservices.wssecurity.util.ConfigConstants;
import com.ibm.ws.webservices.wssecurity.util.DOMUtil;
import com.ibm.ws.webservices.wssecurity.util.IdUtil;
import com.ibm.wsspi.webservices.rpc.handler.soap.SOAPMessageContext;
import com.ibm.wsspi.wssecurity.Constants;
import com.ibm.wsspi.wssecurity.SoapSecurityException;
import com.ibm.wsspi.wssecurity.auth.token.UsernameToken;
import com.ibm.wsspi.wssecurity.config.TokenConsumerConfig;
import com.ibm.xml.soapsec.token.NonceManager;
import com.ibm.xml.soapsec.util.Tr;
import com.ibm.xml.soapsec.util.TraceComponent;
import java.security.PrivilegedAction;
import java.util.Map;
import org.w3c.dom.Element;
import org.w3c.dom.Node;

/* loaded from: input_file:com.ibm.ws.admin.client_6.1.0.jar:com/ibm/wsspi/wssecurity/token/IDAssertionUsernameTokenConsumer.class */
public class IDAssertionUsernameTokenConsumer implements TokenConsumerComponent {
    private static final TraceComponent tc;
    private static final String comp = "security.wssecurity";
    private static final String clsName;
    private boolean _initialized = false;
    static Class class$com$ibm$wsspi$wssecurity$token$IDAssertionUsernameTokenConsumer;
    static Class class$com$ibm$xml$soapsec$token$NonceManager;

    @Override // com.ibm.ws.webservices.wssecurity.WSSComponent, com.ibm.wsspi.wssecurity.Initializable
    public void init(Map map) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "init(Map map)");
        }
        if (!this._initialized) {
            this._initialized = true;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "init(Map map)");
        }
    }

    @Override // com.ibm.ws.webservices.wssecurity.WSSConsumerComponent
    public void invoke(Node node, Map map) throws SoapSecurityException {
        Class cls;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("invoke(Node target[").append(DOMUtil.getDisplayName(node)).append("], ").append("Map context)").toString());
        }
        TokenConsumerConfig tokenConsumerConfig = (TokenConsumerConfig) map.remove(TokenConsumerConfig.CONFIG_KEY);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("TokenConsumerConfig [").append(tokenConsumerConfig).append("].").toString());
        }
        SOAPMessageContext sOAPMessageContext = (SOAPMessageContext) map.get(Constants.WSSECURITY_MESSAGE_CONTEXT);
        int i = 0;
        Object obj = map.get(com.ibm.ws.webservices.wssecurity.Constants.WSS_VERSION);
        if (obj != null && (obj instanceof Integer)) {
            i = ((Integer) obj).intValue();
        }
        String str = com.ibm.ws.webservices.wssecurity.Constants.NAMESPACES[0][i];
        String str2 = com.ibm.ws.webservices.wssecurity.Constants.NAMESPACES[1][i];
        if (class$com$ibm$xml$soapsec$token$NonceManager == null) {
            cls = class$("com.ibm.xml.soapsec.token.NonceManager");
            class$com$ibm$xml$soapsec$token$NonceManager = cls;
        } else {
            cls = class$com$ibm$xml$soapsec$token$NonceManager;
        }
        NonceManager nonceManager = (NonceManager) map.remove(cls);
        if (node.getNodeType() == 1) {
            Element element = (Element) node;
            String str3 = null;
            String idAttributeName = IdUtil.getInstance().getIdAttributeName(element);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("The identifier attribute of the target element is [").append(idAttributeName).append("].").toString());
            }
            if (idAttributeName != null) {
                str3 = element.getAttribute(idAttributeName);
            }
            UsernameToken usernameToken = new UsernameToken(str3, null, null, element);
            AccessController.doPrivileged(new PrivilegedAction(this, usernameToken, tokenConsumerConfig) { // from class: com.ibm.wsspi.wssecurity.token.IDAssertionUsernameTokenConsumer.1
                private final UsernameToken val$tokenPrivSetUsedTokenConsumer;
                private final TokenConsumerConfig val$configPriv;
                private final IDAssertionUsernameTokenConsumer this$0;

                {
                    this.this$0 = this;
                    this.val$tokenPrivSetUsedTokenConsumer = usernameToken;
                    this.val$configPriv = tokenConsumerConfig;
                }

                @Override // java.security.PrivilegedAction
                public Object run() {
                    this.val$tokenPrivSetUsedTokenConsumer.setUsedTokenConsumer(this.val$configPriv);
                    return null;
                }
            });
            setTokenToSubject(map, usernameToken);
            Element oneElement = DOMUtil.getOneElement(element, str, "Username");
            String str4 = null;
            if (oneElement != null) {
                str4 = DOMUtil.getStringValue(oneElement);
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Username [").append(str4).append("].").toString());
                Tr.debug(tc, new StringBuffer().append("isCallerRequired [").append(tokenConsumerConfig.isCallerRequired()).append("].").toString());
            }
            if (!tokenConsumerConfig.isCallerRequired()) {
                throw SoapSecurityException.format("security.wssecurity.IDAssertionUsernameTokenConsumer.s01", "isCalerRequired()=false");
            }
            if (DOMUtil.getZeroOrOneElement(element, str, "Password") != null) {
                throw SoapSecurityException.format("security.wssecurity.IDAssertionUsernameTokenConsumer.s02", "<wsse:Password> != null.");
            }
            usernameToken.setDate(UsernameTokenConsumer.checkNonce(element, tokenConsumerConfig, str, str2, nonceManager));
            UsernameToken invokeLoginModule = UsernameTokenConsumer.invokeLoginModule(tokenConsumerConfig, str4, null, sOAPMessageContext, map);
            if (invokeLoginModule != null) {
                str4 = invokeLoginModule.getUsername();
            }
            AccessController.doPrivileged(new PrivilegedAction(this, usernameToken, str4) { // from class: com.ibm.wsspi.wssecurity.token.IDAssertionUsernameTokenConsumer.2
                private final UsernameToken val$tokenPriv;
                private final String val$usernamePriv;
                private final IDAssertionUsernameTokenConsumer this$0;

                {
                    this.this$0 = this;
                    this.val$tokenPriv = usernameToken;
                    this.val$usernamePriv = str4;
                }

                @Override // java.security.PrivilegedAction
                public Object run() {
                    this.val$tokenPriv.setUsername(this.val$usernamePriv);
                    return null;
                }
            });
            if (tokenConsumerConfig.getTrustedIDEvaluator() != null) {
                boolean evaluate = tokenConsumerConfig.getTrustedIDEvaluator().evaluate(str4);
                if (!evaluate) {
                    Tr.warning(tc, "security.wssecurity.UsernameTokenConsumer.s02", new Object[]{str4});
                }
                AccessController.doPrivileged(new PrivilegedAction(this, usernameToken, evaluate) { // from class: com.ibm.wsspi.wssecurity.token.IDAssertionUsernameTokenConsumer.3
                    private final UsernameToken val$tokenPrivSetTrusted;
                    private final boolean val$trusted;
                    private final IDAssertionUsernameTokenConsumer this$0;

                    {
                        this.this$0 = this;
                        this.val$tokenPrivSetTrusted = usernameToken;
                        this.val$trusted = evaluate;
                    }

                    @Override // java.security.PrivilegedAction
                    public Object run() {
                        this.val$tokenPrivSetTrusted.setTrusted(this.val$trusted);
                        return null;
                    }
                });
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Acquired token is [").append(usernameToken).append("].").toString());
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("WARNING: Unsupported node type: ").append(node.getNodeName()).toString());
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "invoke(Element target, Map context)");
        }
    }

    private static void setTokenToSubject(Map map, UsernameToken usernameToken) {
        TokenManager.setToken(map, usernameToken);
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        Class cls2;
        if (class$com$ibm$wsspi$wssecurity$token$IDAssertionUsernameTokenConsumer == null) {
            cls = class$("com.ibm.wsspi.wssecurity.token.IDAssertionUsernameTokenConsumer");
            class$com$ibm$wsspi$wssecurity$token$IDAssertionUsernameTokenConsumer = cls;
        } else {
            cls = class$com$ibm$wsspi$wssecurity$token$IDAssertionUsernameTokenConsumer;
        }
        tc = Tr.register(cls, ConfigConstants.TR_GROUP, ConfigConstants.TR_NLSPROPS);
        if (class$com$ibm$wsspi$wssecurity$token$IDAssertionUsernameTokenConsumer == null) {
            cls2 = class$("com.ibm.wsspi.wssecurity.token.IDAssertionUsernameTokenConsumer");
            class$com$ibm$wsspi$wssecurity$token$IDAssertionUsernameTokenConsumer = cls2;
        } else {
            cls2 = class$com$ibm$wsspi$wssecurity$token$IDAssertionUsernameTokenConsumer;
        }
        clsName = cls2.getName();
    }
}
