package com.ibm.ws.wssecurity.core;

import com.ibm.security.krb5.wss.util.ElementLocalNames;
import com.ibm.security.krb5.wss.util.LocalConstants;
import com.ibm.security.trust10.types.IRSTTemplate;
import com.ibm.websphere.wssecurity.wssapi.token.DerivedKeyToken;
import com.ibm.websphere.wssecurity.wssapi.token.SecurityToken;
import com.ibm.websphere.wssecurity.wssapi.token.X509Token;
import com.ibm.ws.wssecurity.common.Constants;
import com.ibm.ws.wssecurity.common.Constants0;
import com.ibm.ws.wssecurity.common.LocalNameConstants;
import com.ibm.ws.wssecurity.common.Result;
import com.ibm.ws.wssecurity.common.ResultPool;
import com.ibm.ws.wssecurity.config.CallerConfig;
import com.ibm.ws.wssecurity.config.EncryptionConsumerConfig;
import com.ibm.ws.wssecurity.config.ReferencePartConfig;
import com.ibm.ws.wssecurity.config.SignatureConsumerConfig;
import com.ibm.ws.wssecurity.config.TimestampConsumerConfig;
import com.ibm.ws.wssecurity.config.WSSConsumerConfig;
import com.ibm.ws.wssecurity.confimpl.PrivateConsumerConfig;
import com.ibm.ws.wssecurity.core.token.TokenConsumerComponent;
import com.ibm.ws.wssecurity.dsig.SignatureConsumer;
import com.ibm.ws.wssecurity.dsig.VerificationResult;
import com.ibm.ws.wssecurity.dsig.VerifiedPartChecker;
import com.ibm.ws.wssecurity.enc.DecryptedPartChecker;
import com.ibm.ws.wssecurity.enc.DecryptionResult;
import com.ibm.ws.wssecurity.enc.EncryptionConsumer;
import com.ibm.ws.wssecurity.keyinfo.KeyInfoConsumer;
import com.ibm.ws.wssecurity.keyinfo.KeyInfoResult;
import com.ibm.ws.wssecurity.platform.audit.WSSAuditEventGeneratorFactory;
import com.ibm.ws.wssecurity.platform.audit.WSSAuditService;
import com.ibm.ws.wssecurity.platform.auth.WSSContextManagerFactory;
import com.ibm.ws.wssecurity.time.TimestampChecker;
import com.ibm.ws.wssecurity.time.TimestampConsumer;
import com.ibm.ws.wssecurity.token.AuthResult;
import com.ibm.ws.wssecurity.token.CacheableTokenCacheFactory;
import com.ibm.ws.wssecurity.token.CertCacheManager;
import com.ibm.ws.wssecurity.token.LoginProcessor;
import com.ibm.ws.wssecurity.token.NonceManager;
import com.ibm.ws.wssecurity.util.Axis2Util;
import com.ibm.ws.wssecurity.util.ConfidentialDialectElementSelector;
import com.ibm.ws.wssecurity.util.ConfigUtil;
import com.ibm.ws.wssecurity.util.DOMUtils;
import com.ibm.ws.wssecurity.util.GetJAASConfigInfo;
import com.ibm.ws.wssecurity.util.IdUtils;
import com.ibm.ws.wssecurity.util.IntegralDialectElementSelector;
import com.ibm.ws.wssecurity.util.NamespaceUtil;
import com.ibm.ws.wssecurity.util.NonceUtil;
import com.ibm.ws.wssecurity.util.QNameHeaderSelector;
import com.ibm.ws.wssecurity.util.TimestampDialectElementSelector;
import com.ibm.ws.wssecurity.util.Tr;
import com.ibm.ws.wssecurity.util.TraceComponent;
import com.ibm.ws.wssecurity.util.WSPFunctionElementSelector;
import com.ibm.ws.wssecurity.util.XPathElementSelector;
import com.ibm.ws.wssecurity.wssapi.token.impl.SecurityTokenManagerImpl;
import com.ibm.ws.wssecurity.wssapi.token.impl.SecurityTokenWrapper;
import com.ibm.ws.wssecurity.xml.xss4j.domutil.DOMUtil;
import com.ibm.wsspi.wssecurity.core.SoapSecurityException;
import com.ibm.wsspi.wssecurity.core.config.TokenConsumerConfig;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.security.auth.Subject;
import javax.xml.namespace.QName;
import org.apache.axiom.om.OMDocument;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMNode;
import org.apache.axiom.soap.SOAPEnvelope;
import org.apache.axiom.soap.SOAPHeaderBlock;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.context.OperationContext;

/* loaded from: input_file:lib/com.ibm.wsfp.main.jar:com/ibm/ws/wssecurity/core/WSSConsumer.class */
public class WSSConsumer implements WSSConsumerComponent {
    private static final String comp = "security.wssecurity";
    private Map<String, Object> _handlerOption = new HashMap();
    private Map<Object, Object> _properties = new HashMap();
    private boolean _initialized = false;
    private static final TraceComponent tc = Tr.register(WSSConsumer.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.wssmessages");
    private static final String clsName = WSSConsumer.class.getName();
    private static final QName URI_Q = new QName("", "URI");
    private static final QName VALUETYPE_Q = new QName("", "ValueType");

    public void setHandlerOption(String str, Object obj) {
        this._handlerOption.put(str, obj);
    }

    public Object getHandlerOption(String str) {
        return this._handlerOption.get(str);
    }

    @Override // com.ibm.ws.wssecurity.core.WSSComponent, com.ibm.ws.wssecurity.core.Initializable
    public void init(Map<Object, Object> map) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "init(Map map)");
        }
        if (!this._initialized) {
            setInitialProperties();
            this._initialized = true;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "init(Map map)");
        }
    }

    @Override // com.ibm.ws.wssecurity.core.WSSConsumerComponent
    public void invoke(OMNode oMNode, Map<Object, Object> map) throws SoapSecurityException {
        String rMAction;
        String namespaceURI;
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("invoke(");
            stringBuffer.append("OMNode target[").append(DOMUtils.getDisplayName(oMNode)).append("], ");
            stringBuffer.append("Map context)");
            Tr.entry(tc, stringBuffer.toString());
        }
        HashMap hashMap = new HashMap();
        Object hashMap2 = new HashMap();
        Object hashMap3 = new HashMap();
        Object hashMap4 = new HashMap();
        HashMap hashMap5 = new HashMap();
        map.put(Constants.TOKENS_CACHE, hashMap);
        map.put(Constants.SECURITY_HEADERS_CACHE, hashMap2);
        map.put(Constants.TOKENS_CACHE_TYPES, hashMap3);
        map.put(Constants.V1TOKENS_HASH, hashMap4);
        map.put(Constants.TIMESTAMP_VERIFICATION_HASH, hashMap5);
        MessageContext messageContext = (MessageContext) map.get(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_MESSAGE_CONTEXT);
        if (messageContext == null) {
            throw SoapSecurityException.format("security.wssecurity.WSSGenerator.s01");
        }
        ResultPool.initialize(map);
        adjustContext(messageContext, map);
        SecurityTokenManagerImpl securityTokenManagerImpl = new SecurityTokenManagerImpl(map);
        ResultMessagePool.initialize(map);
        WSSConsumerConfig wSSConsumerConfig = (WSSConsumerConfig) map.get("com.ibm.wsspi.wssecurity.config.wssConsumer.configKey");
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "WSSConsumerConfig [" + wSSConsumerConfig + "].");
        }
        TimestampConsumerConfig timestampConsumer = wSSConsumerConfig.getTimestampConsumer();
        String str = (String) messageContext.getProperty(Constants.ENFORCE_STRICT_LAYOUT);
        if (str != null) {
            ((HashMap) wSSConsumerConfig.getProperties()).put(Constants.ENFORCE_STRICT_LAYOUT, str);
        }
        HashMap hashMap6 = new HashMap(this._properties);
        map.put(NonceManager.class, wSSConsumerConfig.getNonceManager());
        map.put(CertCacheManager.class, wSSConsumerConfig.getCertManager());
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Finished initializing the subject.");
        }
        boolean isRequest = wSSConsumerConfig.isRequest();
        boolean isSignatureConfirmationRequired = wSSConsumerConfig.isSignatureConfirmationRequired();
        boolean z = wSSConsumerConfig.isTokenRequired() || wSSConsumerConfig.isVerificationRequired() || wSSConsumerConfig.isDecryptionRequired() || wSSConsumerConfig.isLoginRequired() || wSSConsumerConfig.isTimestampRequired();
        SOAPEnvelope envelope = messageContext.getEnvelope();
        OMDocument ownerDocument = DOMUtil.getOwnerDocument(envelope);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "The original message to be processed by WSSConsumer: " + DOMUtils.toString(ownerDocument.getOMDocumentElement()));
        }
        if (!z) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "invoke(Element target, Map context)");
                return;
            }
            return;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Starts WS-Security operation.");
        }
        OMElement oMDocumentElement = ownerDocument.getOMDocumentElement();
        OMElement header = WSSGenerator.getHeader(ownerDocument, false);
        if (header != null) {
            int isSoap = NamespaceUtil.isSoap(header.getNamespace() == null ? null : header.getNamespace().getNamespaceURI());
            map.put(Constants.SOAP_VERSION, new Integer(isSoap));
            if (tc.isDebugEnabled()) {
                if (isSoap == 0) {
                    namespaceURI = "The spec of SOAP is SOAP1.1.";
                } else if (isSoap == 1) {
                    namespaceURI = "The spec of SOAP is SOAP1.2.";
                } else {
                    namespaceURI = new StringBuilder().append("Unknown spec of SOAP: ").append(header.getNamespace()).toString() == null ? null : header.getNamespace().getNamespaceURI();
                }
                Tr.debug(tc, namespaceURI);
            }
            ArrayList<OMElement> securityHeaders = getSecurityHeaders(header, isSoap, wSSConsumerConfig.isUltimateReceiver(), wSSConsumerConfig.getMyActor());
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, securityHeaders.size() + " security headers found");
            }
            if (securityHeaders.size() == 0) {
                Tr.warning(tc, "security.wssecurity.WSSConsumer.s38", wSSConsumerConfig.getMyActor());
            }
            boolean z2 = false;
            String str2 = (String) messageContext.getProperty(Constants.CHECK_ID_UNIQUENESS);
            if (str2 != null && str2.equals("true")) {
                z2 = true;
            }
            if (z2) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Performing the Id uniqueness check.");
                }
                IdUtils.getInstance().checkIdUniqueness(ownerDocument);
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Skipping the Id uniqueness check.");
            }
            int i = -1;
            if (z && securityHeaders.size() == 0 && countSecurityHeaders(header) > 0) {
                if (WSSContextManagerFactory.getInstance().getAuditService().isEventRequired(WSSAuditService.WSSAuditEventType.SECURITY_RESOURCE_ACCESS, WSSAuditService.WSSAuditOutcome.DENIED)) {
                    WSSAuditEventGeneratorFactory.getInstance().setAuditEventContext(map, WSSAuditService.WSSAuditOutcome.DENIED, WSSAuditService.WSSAuditReason.SEC_HEADER_MISSING, null);
                    WSSAuditEventGeneratorFactory.getInstance().sendEvent(WSSAuditService.WSSAuditEventType.SECURITY_RESOURCE_ACCESS, messageContext, map);
                }
                if (wSSConsumerConfig.getMyActor() == null || wSSConsumerConfig.getMyActor().trim().length() == 0) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "The Application Server expected a Security header with the " + Constants.NS_WSSE + " namespace, but it was not found.");
                    }
                    throw SoapSecurityException.format("security.wssecurity.WSSConsumer.s39");
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "The Application Server expected a Security header with the " + Constants.NS_WSSE + " namespace and the " + wSSConsumerConfig.getMyActor() + " actor, but it was not found.");
                }
                throw SoapSecurityException.format("security.wssecurity.WSSConsumer.s40", wSSConsumerConfig.getMyActor());
            }
            if (wSSConsumerConfig.isTimestampRequired()) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Processing the timestamp.");
                }
                ArrayList<OMElement> timestampHeader = getTimestampHeader(header, -1, false);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, timestampHeader.size() + " timestamp headers found.");
                }
                if (timestampHeader.size() > 0) {
                    OMElement oMElement = timestampHeader.get(0);
                    i = NamespaceUtil.isWsu(oMElement.getNamespace() == null ? null : oMElement.getNamespace().getNamespaceURI());
                    map.put(Constants.WSS_VERSION, new Integer(i));
                    messageContext.setProperty(Constants.WSS_VERSION, new Integer(i));
                    for (int i2 = 0; i2 < timestampHeader.size(); i2++) {
                        callTimestampConsumer(timestampConsumer, hashMap6, timestampHeader.get(i2), map);
                    }
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Checking the required timestamp.");
                    }
                    checkRequiredTimestamp(ownerDocument, wSSConsumerConfig.getTimestampConsumer(), hashMap6, map);
                }
            }
            GetJAASConfigInfo.getJAASConfigInformation("consume", map);
            int i3 = 0;
            while (i3 < securityHeaders.size()) {
                OMElement oMElement2 = securityHeaders.get(i3);
                boolean z3 = true;
                String attributeValue = oMElement2.getAttributeValue(new QName(header.getNamespace().getNamespaceURI(), "mustUnderstand"));
                if (attributeValue != null && !"".equals(attributeValue)) {
                    z3 = ConfigUtil.isTrue(attributeValue);
                }
                Axis2Util.setMustUnderstand(messageContext, z3);
                String str3 = null;
                if (isSoap == 1) {
                    str3 = oMElement2.getAttributeValue(Constants.SOAP12_ROLE_Q);
                } else if (isSoap == 0) {
                    str3 = oMElement2.getAttributeValue(Constants.SOAP11_ACTOR_Q);
                }
                int i4 = 0;
                int i5 = 0;
                if (isSignatureConfirmationRequired && (rMAction = WSSGenerator.getRMAction(header, messageContext, str3, isSoap)) != null) {
                    if (isRequest) {
                        if (rMAction.equals(Constants.NS_RMACTION[1]) || rMAction.equals(Constants.NS_RMACTION[4])) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Not doing SignatureConfirmation processing since this is a CreateSequenceResponse from client");
                            }
                            isSignatureConfirmationRequired = false;
                        }
                    } else if (rMAction.equals(Constants.NS_RMACTION[0]) || rMAction.equals(Constants.NS_RMACTION[2]) || rMAction.equals(Constants.NS_RMACTION[3]) || rMAction.equals(Constants.NS_RMACTION[5])) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Not doing SignatureConfirmation processing since this is a CreateSequence or SequenceAcknowledgement from provider");
                        }
                        isSignatureConfirmationRequired = false;
                    }
                }
                if (isSignatureConfirmationRequired) {
                    if (!isRequest) {
                        OperationContext operationContext = messageContext.getOperationContext();
                        if (operationContext == null) {
                            operationContext = (OperationContext) messageContext.getProperty("unverifiedOperationContext");
                        }
                        if (operationContext != null) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Valid Operation context to look for Signature_Confirmation cache");
                            }
                            Iterator it = operationContext.getMessageContexts().entrySet().iterator();
                            Object obj = null;
                            while (it.hasNext()) {
                                Map.Entry entry = (Map.Entry) it.next();
                                MessageContext messageContext2 = (MessageContext) entry.getValue();
                                HashMap hashMap7 = (HashMap) messageContext2.getProperty(Constants.WSS_PROPERTYMAP);
                                if (hashMap7 != null) {
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "Found the WSS_PROPERTYMAP property map in the msg ctx with key: " + entry.getKey());
                                    }
                                    obj = hashMap7.get(Constants.SIGNATURE_CONFIRMATION_CACHE);
                                    if (obj != null) {
                                        if (tc.isDebugEnabled()) {
                                            Tr.debug(tc, "Found SIGNATURE_CONFIRMATION_CACHE in WSS_PROPERTYMAP property map.");
                                        }
                                        List list = null;
                                        if (obj instanceof List) {
                                            list = (List) obj;
                                        } else {
                                            if (tc.isDebugEnabled()) {
                                                Tr.debug(tc, "Found SIGNATURE_CONFIRMATION_CACHE, but it is not a List: " + obj);
                                            }
                                            if (tc.isDebugEnabled()) {
                                                Tr.debug(tc, "Classname of SIGNATURE_CONFIRMATION_CACHE: " + obj.getClass().getName());
                                            }
                                        }
                                        if (list != null) {
                                            if (r46 == null) {
                                                r46 = new ArrayList();
                                            }
                                            r46.addAll(list);
                                        }
                                        hashMap7.remove(Constants.SIGNATURE_CONFIRMATION_CACHE);
                                        messageContext2.setProperty(Constants.WSS_PROPERTYMAP, hashMap7);
                                    } else if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "Did NOT find SIGNATURE_CONFIRMATION_CACHE in WSS_PROPERTYMAP property map.");
                                    }
                                }
                            }
                            if (obj == null) {
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "Did not find WSS_PROPERTYMAP in prev outbound message contexts from the operation context. Try to find WSS_RAMP_PROPERTYMAP and Signature_Confirmation cache");
                                }
                                while (it.hasNext()) {
                                    Map.Entry entry2 = (Map.Entry) it.next();
                                    MessageContext messageContext3 = (MessageContext) entry2.getValue();
                                    HashMap hashMap8 = (HashMap) messageContext3.getProperty(Constants.WSS_RAMP_PROPERTYMAP);
                                    if (hashMap8 != null) {
                                        if (tc.isDebugEnabled()) {
                                            Tr.debug(tc, "Found the WSS_RAMP_PROPERTYMAP property map in the msg ctx with key: " + entry2.getKey());
                                        }
                                        Object obj2 = hashMap8.get(Constants.SIGNATURE_CONFIRMATION_CACHE);
                                        if (obj2 != null) {
                                            if (tc.isDebugEnabled()) {
                                                Tr.debug(tc, "Found SIGNATURE_CONFIRMATION_CACHE in WSS_RAMP_PROPERTYMAP property map.");
                                            }
                                            List list2 = null;
                                            if (obj2 instanceof List) {
                                                list2 = (List) obj2;
                                            } else {
                                                if (tc.isDebugEnabled()) {
                                                    Tr.debug(tc, "Found SIGNATURE_CONFIRMATION_CACHE, but it is not a List: " + obj2);
                                                }
                                                if (tc.isDebugEnabled()) {
                                                    Tr.debug(tc, "Classname of SIGNATURE_CONFIRMATION_CACHE: " + obj2.getClass().getName());
                                                }
                                            }
                                            if (list2 != null) {
                                                if (r46 == null) {
                                                    r46 = new ArrayList();
                                                }
                                                r46.addAll(list2);
                                            }
                                            hashMap8.remove(Constants.SIGNATURE_CONFIRMATION_CACHE);
                                            messageContext3.setProperty(Constants.WSS_RAMP_PROPERTYMAP, hashMap8);
                                        } else if (tc.isDebugEnabled()) {
                                            Tr.debug(tc, "Did NOT find SIGNATURE_CONFIRMATION_CACHE in WSS_RAMP_PROPERTYMAP property map.");
                                        }
                                    }
                                }
                            }
                        } else {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Null Operation context, looking in the current message context for WSS_PROPERTYMAP and Signature_Confirmation cache");
                            }
                            Object obj3 = null;
                            HashMap hashMap9 = (HashMap) messageContext.getProperty(Constants.WSS_PROPERTYMAP);
                            if (hashMap9 != null) {
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "Found the WSS_PROPERTYMAP property map on current MessageContext");
                                }
                                obj3 = hashMap9.get(Constants.SIGNATURE_CONFIRMATION_CACHE);
                                if (obj3 != null) {
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "Found SIGNATURE_CONFIRMATION_CACHE in WSS_PROPERTYMAP property map on current MessageContext.");
                                    }
                                    List list3 = null;
                                    if (obj3 instanceof List) {
                                        list3 = (List) obj3;
                                    } else {
                                        if (tc.isDebugEnabled()) {
                                            Tr.debug(tc, "Found SIGNATURE_CONFIRMATION_CACHE, but it is not a List: " + obj3);
                                        }
                                        if (tc.isDebugEnabled()) {
                                            Tr.debug(tc, "Classname of SIGNATURE_CONFIRMATION_CACHE: " + obj3.getClass().getName());
                                        }
                                    }
                                    if (list3 != null) {
                                        r46 = 0 == 0 ? new ArrayList() : null;
                                        r46.addAll(list3);
                                    }
                                    hashMap9.remove(Constants.SIGNATURE_CONFIRMATION_CACHE);
                                    messageContext.setProperty(Constants.WSS_PROPERTYMAP, hashMap9);
                                } else if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "Did NOT find SIGNATURE_CONFIRMATION_CACHE in WSS_PROPERTYMAP property map on current MessageContext.");
                                }
                            }
                            if (obj3 == null) {
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "Did not find WSS_PROPERTYMAP in the current message context, Try to find WSS_RAMP_PROPERTYMAP to look for SIGNATURE_CONFIRMATION_CACHE");
                                }
                                HashMap hashMap10 = (HashMap) messageContext.getProperty(Constants.WSS_RAMP_PROPERTYMAP);
                                if (hashMap10 != null) {
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "Found the WSS_RAMP_PROPERTYMAP property map on current MessageContext");
                                    }
                                    Object obj4 = hashMap10.get(Constants.SIGNATURE_CONFIRMATION_CACHE);
                                    if (obj4 != null) {
                                        if (tc.isDebugEnabled()) {
                                            Tr.debug(tc, "Found SIGNATURE_CONFIRMATION_CACHE in WSS_RAMP_PROPERTYMAP property map on current MessageContext.");
                                        }
                                        List list4 = null;
                                        if (obj4 instanceof List) {
                                            list4 = (List) obj4;
                                        } else {
                                            if (tc.isDebugEnabled()) {
                                                Tr.debug(tc, "Found SIGNATURE_CONFIRMATION_CACHE, but it is not a List: " + obj4);
                                            }
                                            if (tc.isDebugEnabled()) {
                                                Tr.debug(tc, "Classname of SIGNATURE_CONFIRMATION_CACHE: " + obj4.getClass().getName());
                                            }
                                        }
                                        if (list4 != null) {
                                            if (r46 == null) {
                                                r46 = new ArrayList();
                                            }
                                            r46.addAll(list4);
                                        }
                                        hashMap10.remove(Constants.SIGNATURE_CONFIRMATION_CACHE);
                                        messageContext.setProperty(Constants.WSS_RAMP_PROPERTYMAP, hashMap10);
                                    } else if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "Did NOT find SIGNATURE_CONFIRMATION_CACHE in WSS_RAMP_PROPERTYMAP property map on current MessageContext.");
                                    }
                                }
                            }
                        }
                        if (r46 != null) {
                            i5 = r46.size();
                            if (tc.isDebugEnabled()) {
                                i3 = 0;
                                while (i3 < i5) {
                                    Tr.debug(tc, "SignatureConfirmation value from the cache = " + ((String) r46.get(i3)));
                                    i3++;
                                }
                            }
                        }
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "SignatureConfirmation is enabled on replies. The number of signature values in the cache is " + i5);
                        }
                    } else if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "SignatureConfirmation is enabled on requests.");
                    }
                }
                try {
                    int isWsse = NamespaceUtil.isWsse(oMElement2.getNamespace() == null ? null : oMElement2.getNamespace().getNamespaceURI());
                    if (i < 0) {
                        i = isWsse;
                        map.put(Constants.WSS_VERSION, new Integer(i));
                        messageContext.setProperty(Constants.WSS_VERSION, new Integer(i));
                    } else if (isWsse != i) {
                        throw SoapSecurityException.format("security.wssecurity.WSSConsumer.s06");
                    }
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, i == 0 ? "The spec of WS-Security is 2004/01 ver." : new StringBuilder().append("Unknown spec of WS-Security: ").append(oMElement2.getNamespace()).toString() == null ? null : oMElement2.getNamespace().getNamespaceURI());
                    }
                    if (isSignatureConfirmationRequired && isRequest) {
                        map.put(Constants.SIGNATURE_CONFIRMATION_CACHE, new ArrayList());
                    }
                    for (OMElement firstElement = DOMUtils.getFirstElement((OMNode) oMElement2); firstElement != null; firstElement = DOMUtils.getNextElement(firstElement)) {
                        String localName = firstElement.getLocalName();
                        String namespaceURI2 = firstElement.getNamespace() == null ? null : firstElement.getNamespace().getNamespaceURI();
                        int isWsu = NamespaceUtil.isWsu(namespaceURI2);
                        if (isWsu < 0) {
                            int isWsse2 = NamespaceUtil.isWsse(namespaceURI2);
                            if (isWsse2 >= 0) {
                                if (isWsse2 != i) {
                                    throw SoapSecurityException.format("security.wssecurity.WSSConsumer.s05", namespaceURI2);
                                }
                                if (localName.equals("UsernameToken")) {
                                    callTokenConsumer(wSSConsumerConfig.getCallers(), wSSConsumerConfig.getTokenConsumers(), oMDocumentElement, oMElement2, firstElement, securityTokenManagerImpl, map, true, false, i, false);
                                } else {
                                    if (!localName.equals("BinarySecurityToken")) {
                                        throw SoapSecurityException.format("security.wssecurity.WSSConsumer.s04", DOMUtils.getQualifiedName(firstElement), DOMUtils.getQualifiedName(oMElement2));
                                    }
                                    callTokenConsumer(wSSConsumerConfig.getCallers(), wSSConsumerConfig.getTokenConsumers(), oMDocumentElement, oMElement2, firstElement, securityTokenManagerImpl, map, false, true, i, false);
                                }
                            } else if (Constants.NS_DSIG.equals(namespaceURI2)) {
                                if (!localName.equals("Signature")) {
                                    throw SoapSecurityException.format("security.wssecurity.WSSConsumer.s04", DOMUtils.getQualifiedName(firstElement), DOMUtils.getQualifiedName(oMElement2));
                                }
                                boolean z4 = false;
                                for (OMElement nextElement = DOMUtils.getNextElement(firstElement); nextElement != null; nextElement = DOMUtils.getNextElement(nextElement)) {
                                    String namespaceURI3 = nextElement.getNamespace() == null ? null : nextElement.getNamespace().getNamespaceURI();
                                    String localName2 = nextElement.getLocalName();
                                    if (Constants.NS_ENC.equals(namespaceURI3) && (IRSTTemplate.ENCRYPTED_KEY.equals(localName2) || "ReferenceList".equals(localName2))) {
                                        z4 = true;
                                    }
                                }
                                callSignatureConsumer(wSSConsumerConfig.getSignatureConsumers(), hashMap6, firstElement, z4, map);
                            } else if (Constants.NS_WSSE11.equals(namespaceURI2)) {
                                if (!localName.equals(LocalNameConstants.LocalNamesWSSE11.LN_SIGNATURE_CONFIRMATION)) {
                                    throw SoapSecurityException.format("security.wssecurity.WSSConsumer.s04", DOMUtils.getQualifiedName(firstElement), DOMUtils.getQualifiedName(oMElement2));
                                }
                                if (isSignatureConfirmationRequired) {
                                    i4++;
                                    if (isRequest) {
                                        if (tc.isDebugEnabled()) {
                                            Tr.debug(tc, "SignatureConfirmation element found on the request message. SignatureConfirmation element should only be found on the response message.");
                                        }
                                        throw SoapSecurityException.format("security.wssecurity.WSSConsumer.s04", DOMUtils.getQualifiedName(firstElement), DOMUtils.getQualifiedName(oMElement2));
                                    }
                                    String attributeValue2 = firstElement.getAttributeValue(new QName("", ElementLocalNames.SAMLP_STATUS_VALUE));
                                    if (attributeValue2 != null) {
                                        if (r46 == null || !r46.contains(attributeValue2)) {
                                            if (tc.isDebugEnabled()) {
                                                Tr.debug(tc, "SignatureConfirmation value attribute does not match one in cache. The value is: " + attributeValue2);
                                            }
                                            throw SoapSecurityException.format("security.wssecurity.WSSConsumer.s42");
                                        }
                                    } else if (i5 != 0) {
                                        if (tc.isDebugEnabled()) {
                                            Tr.debug(tc, "SignatureConfirmation did not have value attribute. The value attribute is required.");
                                        }
                                        throw SoapSecurityException.format("security.wssecurity.WSSConsumer.s41");
                                    }
                                } else {
                                    Tr.warning(tc, "security.wssecurity.WSSConsumer.s46");
                                }
                            } else if (!Constants.NS_ENC.equals(namespaceURI2)) {
                                callTokenConsumer(wSSConsumerConfig.getCallers(), wSSConsumerConfig.getTokenConsumers(), oMDocumentElement, oMElement2, firstElement, securityTokenManagerImpl, map, false, false, i, false);
                            } else {
                                if (!localName.equals(IRSTTemplate.ENCRYPTED_KEY) && !localName.equals("ReferenceList")) {
                                    throw SoapSecurityException.format("security.wssecurity.WSSConsumer.s04", DOMUtils.getQualifiedName(firstElement), DOMUtils.getQualifiedName(oMElement2));
                                }
                                callEncryptionConsumer(wSSConsumerConfig.getEncryptionConsumers(), hashMap6, firstElement, map);
                            }
                        } else {
                            if (isWsu != i) {
                                throw SoapSecurityException.format("security.wssecurity.WSSConsumer.s05", namespaceURI2);
                            }
                            if (!localName.equals(ElementLocalNames.WSU_TIMESTAMP)) {
                                throw SoapSecurityException.format("security.wssecurity.WSSConsumer.s04", DOMUtils.getQualifiedName(firstElement), DOMUtils.getQualifiedName(oMElement2));
                            }
                            hashMap5.put(firstElement.getAttributeValue(Constants.WSU_ID), firstElement);
                        }
                    }
                    if (!hashMap.isEmpty()) {
                        for (Object obj5 : hashMap.keySet().toArray()) {
                            callStoredTokenConsumer(map, securityTokenManagerImpl, (String) obj5, true);
                        }
                        if (!hashMap.isEmpty()) {
                            throw SoapSecurityException.format("security.wssecurity.WSSConsumer.s02");
                        }
                    }
                    if (isSignatureConfirmationRequired) {
                        if (isRequest) {
                            List list5 = (List) map.get(Constants.SIGNATURE_CONFIRMATION_CACHE);
                            if (list5 != null && list5.size() > 0) {
                                HashMap hashMap11 = (HashMap) messageContext.getProperty(Constants.WSS_PROPERTYMAP);
                                HashMap hashMap12 = hashMap11;
                                if (hashMap11 == null) {
                                    hashMap12 = new HashMap();
                                }
                                HashMap hashMap13 = (HashMap) messageContext.getProperty(Constants.WSS_RAMP_PROPERTYMAP);
                                HashMap hashMap14 = hashMap13;
                                if (hashMap13 == null) {
                                    hashMap14 = new HashMap();
                                }
                                hashMap12.put(Constants.SIGNATURE_CONFIRMATION_CACHE, list5);
                                messageContext.setProperty(Constants.WSS_PROPERTYMAP, hashMap12);
                                hashMap14.put(Constants.SIGNATURE_CONFIRMATION_CACHE, list5);
                                messageContext.setProperty(Constants.WSS_RAMP_PROPERTYMAP, hashMap14);
                                map.remove(Constants.SIGNATURE_CONFIRMATION_CACHE);
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "Stored SIGNATURE_CONFIRMATION_CACHE on msg ctx in WSS_PROPERTYMAP and WSS_RAMP_PROPERTYMAP property");
                                }
                            }
                        } else if (i5 != i4) {
                            if (i5 != 0 || i4 != 1) {
                                int i6 = i5;
                                if (i5 == 0) {
                                    i6 = 1;
                                }
                                throw SoapSecurityException.format("security.wssecurity.WSSConsumer.s43", "" + i6, "" + i4);
                            }
                        } else if (i5 == 0 && i4 != 1) {
                            throw SoapSecurityException.format("security.wssecurity.WSSConsumer.s44");
                        }
                    }
                    ArrayList headersForNamespace = com.ibm.ws.wssecurity.util.DOMUtil.getHeadersForNamespace(header, Constants.NS_WSSE11, "EncryptedHeader", str3, isSoap);
                    int i7 = 0;
                    while (i3 < headersForNamespace.size()) {
                        boolean z5 = false;
                        String attributeValue3 = ((OMElement) headersForNamespace.get(i7)).getAttributeValue(new QName("", "mustUnderstand"));
                        if (attributeValue3 != null && !"".equals(attributeValue3)) {
                            z5 = ConfigUtil.isTrue(attributeValue3);
                        }
                        if (z3 && z5) {
                            throw SoapSecurityException.format(new QName(Constants.NS_SOAP, "MustUnderstand.securityException"), "security.wssecurity.WSSConsumer.s45");
                        }
                        i7++;
                    }
                    i3++;
                } catch (SoapSecurityException e) {
                    Tr.processException(e, clsName + ".invoke", "516", this);
                    Tr.error(tc, "security.wssecurity.WSSConsumer.s23", e);
                    if (!z3) {
                        Tr.debug(tc, "An exception has occurred when mustUnderstand=0.");
                        Tr.debug(tc, "The mustUnderstand=0 attribute may be honored when there is no inbound WSSecurity configuration for the elements being processed.");
                    }
                    throw e;
                }
            }
        } else {
            Tr.debug(tc, "SOAP Header is null. Bypassed consuming of security header.");
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "All security handlers is processed.");
        }
        cleanSubject(securityTokenManagerImpl, map);
        if (wSSConsumerConfig.isVerificationRequired()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Checking the required integrity.");
            }
            checkRequiredIntegrity(ownerDocument, hashMap6, map);
        }
        if (wSSConsumerConfig.isDecryptionRequired()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Checking the required confidentiality.");
            }
            checkRequiredConfidentiality(ownerDocument, hashMap6, map);
        }
        if (wSSConsumerConfig.isTokenRequired()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Checking the required security token.");
            }
            checkRequiredSecurityToken(wSSConsumerConfig.getRequiredSecurityTokens(), wSSConsumerConfig.getCallers(), securityTokenManagerImpl, map);
        }
        if (wSSConsumerConfig.isLoginRequired()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Checking the caller.");
            }
            checkCaller(hashMap6, map);
        }
        if (header == null) {
            throw SoapSecurityException.format("security.wssecurity.DOMUtil.sconf11", "SOAP Header");
        }
        mapSignedPartsToMessageContext(messageContext, map);
        mapEncryptedPartsToMessageContext(messageContext, map);
        copyContextSubjectToMessageContext(messageContext, map);
        mapTokenToMessageContext(messageContext, securityTokenManagerImpl, map);
        SOAPHeaderBlock wsseHeaderByName = NamespaceUtil.getWsseHeaderByName(envelope, wSSConsumerConfig.getMyActor(), "Security");
        if (wsseHeaderByName != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Security header is processed.");
            }
            wsseHeaderByName.setProcessed();
        }
        SOAPHeaderBlock wsuHeaderByName = NamespaceUtil.getWsuHeaderByName(envelope, wSSConsumerConfig.getMyActor(), ElementLocalNames.WSU_TIMESTAMP);
        if (wsuHeaderByName != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Timestamp header is processed.");
            }
            wsuHeaderByName.setProcessed();
        }
        securityTokenManagerImpl.finalizeSubject();
        ResultPool.finalize(map);
        ResultMessagePool.finalize(map);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "invoke(OMNode, Map)");
        }
    }

    public void onFault(MessageContext messageContext) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "onFault(MessageContext context)");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "onFault(MessageContext)");
        }
    }

    private void setInitialProperties() throws SoapSecurityException {
        this._properties.put(ConfidentialDialectElementSelector.class, new ConfidentialDialectElementSelector());
        this._properties.put(IntegralDialectElementSelector.class, new IntegralDialectElementSelector());
        this._properties.put(TimestampDialectElementSelector.class, new TimestampDialectElementSelector());
        this._properties.put(QNameHeaderSelector.class, new QNameHeaderSelector());
        this._properties.put(WSPFunctionElementSelector.class, new WSPFunctionElementSelector());
        this._properties.put(XPathElementSelector.class, new XPathElementSelector());
        this._properties.put(ElementSelector.IDRESOLVER, IdUtils.getInstance());
        this._properties.put(NonceUtil.class, new NonceUtil());
        WSSFactory wSSFactory = WSSFactory.getInstance(LocalConstants.NSPREFIX_SCHEMA_SOAP);
        HashMap hashMap = new HashMap();
        hashMap.put(WSSFactory.TYPE, WSSFactory.TIMESTAMP);
        this._properties.put(TimestampConsumer.class, wSSFactory.createConsumer(hashMap, this._properties));
        hashMap.put(WSSFactory.TYPE, WSSFactory.SIGNATURE);
        this._properties.put(SignatureConsumer.class, wSSFactory.createConsumer(hashMap, this._properties));
        hashMap.put(WSSFactory.TYPE, WSSFactory.ENCRYPTION);
        this._properties.put(EncryptionConsumer.class, wSSFactory.createConsumer(hashMap, this._properties));
        hashMap.put(WSSFactory.TYPE, WSSFactory.KEYINFO);
        this._properties.put(KeyInfoConsumer.class, wSSFactory.createConsumer(hashMap, this._properties));
        VerifiedPartChecker verifiedPartChecker = new VerifiedPartChecker();
        verifiedPartChecker.init(this._properties);
        this._properties.put(VerifiedPartChecker.class, verifiedPartChecker);
        DecryptedPartChecker decryptedPartChecker = new DecryptedPartChecker();
        decryptedPartChecker.init(this._properties);
        this._properties.put(DecryptedPartChecker.class, decryptedPartChecker);
        TimestampChecker timestampChecker = new TimestampChecker();
        timestampChecker.init(this._properties);
        this._properties.put(TimestampChecker.class, timestampChecker);
        LoginProcessor loginProcessor = new LoginProcessor();
        loginProcessor.init(this._properties);
        this._properties.put(LoginProcessor.class, loginProcessor);
    }

    private static boolean adjustContext(MessageContext messageContext, Map<Object, Object> map) throws SoapSecurityException {
        return false;
    }

    public static ArrayList<OMElement> getSecurityHeaders(OMElement oMElement, int i, boolean z, String str) throws SoapSecurityException {
        String attributeValue;
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("getSecurityHeaders(");
            stringBuffer.append("OMElement header[").append(DOMUtils.getDisplayName((OMNode) oMElement)).append("], ");
            stringBuffer.append("int soapVersion[").append(i).append("], ");
            stringBuffer.append("boolean untimateReceiver[").append(z).append("], ");
            stringBuffer.append("String actor[").append(str).append("])");
            Tr.entry(tc, stringBuffer.toString());
        }
        ArrayList<OMElement> arrayList = new ArrayList<>();
        OMElement firstElement = DOMUtils.getFirstElement((OMNode) oMElement);
        while (true) {
            OMElement oMElement2 = firstElement;
            if (oMElement2 == null) {
                if (arrayList.size() > 1) {
                    throw SoapSecurityException.format("security.wssecurity.WSEC6832E");
                }
                if (tc.isEntryEnabled()) {
                    StringBuffer stringBuffer2 = new StringBuffer("getSecurityHeaders(");
                    stringBuffer2.append("OMElement, int, boolean, String)");
                    stringBuffer2.append(" returns NodeList [").append(arrayList).append("]");
                    Tr.exit(tc, stringBuffer2.toString());
                }
                return arrayList;
            }
            String namespaceURI = oMElement2.getNamespace() == null ? null : oMElement2.getNamespace().getNamespaceURI();
            String localName = oMElement2.getLocalName();
            if (NamespaceUtil.isWsse(namespaceURI) >= 0 && "Security".equals(localName)) {
                if (i == 1) {
                    attributeValue = oMElement2.getAttributeValue(Constants.SOAP12_ROLE_Q);
                } else {
                    if (i != 0) {
                        throw SoapSecurityException.format("security.wssecurity.WSSGenerator.s11", Integer.toString(i));
                    }
                    attributeValue = oMElement2.getAttributeValue(Constants.SOAP11_ACTOR_Q);
                }
                if (attributeValue == null || attributeValue.trim().length() == 0) {
                    if (str != null && str.trim().length() != 0) {
                    }
                    arrayList.add(oMElement2);
                } else if (i != 1) {
                    if (!Constants.SOAP11_ACTOR_NEXT.equals(attributeValue) && !attributeValue.equals(str)) {
                    }
                    arrayList.add(oMElement2);
                } else if (!Constants.SOAP12_ROLE_NONE.equals(attributeValue)) {
                    if (Constants.SOAP12_ROLE_RECEIVER.equals(attributeValue)) {
                        if (!attributeValue.equals(str)) {
                        }
                        arrayList.add(oMElement2);
                    } else {
                        if (!Constants.SOAP12_ROLE_NEXT.equals(attributeValue) && !attributeValue.equals(str)) {
                        }
                        arrayList.add(oMElement2);
                    }
                }
            }
            firstElement = DOMUtils.getNextElement(oMElement2);
        }
    }

    private static int countSecurityHeaders(OMElement oMElement) {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("countSecurityHeaders(");
            stringBuffer.append("OMElement header[").append(DOMUtils.getDisplayName((OMNode) oMElement)).append("])");
            Tr.entry(tc, stringBuffer.toString());
        }
        int i = 0;
        OMElement firstElement = DOMUtils.getFirstElement((OMNode) oMElement);
        while (true) {
            OMElement oMElement2 = firstElement;
            if (oMElement2 == null) {
                break;
            }
            if ("Security".equals(oMElement2.getLocalName())) {
                i++;
            }
            firstElement = DOMUtils.getNextElement(oMElement2);
        }
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer2 = new StringBuffer("countSecurityHeaders(Element)");
            stringBuffer2.append(" returns int [").append(i).append("]");
            Tr.exit(tc, stringBuffer2.toString());
        }
        return i;
    }

    public static QName getId(OMNode oMNode) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("getId(");
            stringBuffer.append("OMNode node[").append(DOMUtils.getDisplayName(oMNode)).append("])");
            Tr.entry(tc, stringBuffer.toString());
        }
        QName qName = null;
        if (oMNode.getType() == 1) {
            qName = IdUtils.getInstance().getIdAttributeName((OMElement) oMNode);
        }
        if (qName == null && oMNode.getType() == 1) {
            OMNode firstOMChild = ((OMElement) oMNode).getFirstOMChild();
            while (true) {
                OMNode oMNode2 = firstOMChild;
                if (oMNode2 == null) {
                    break;
                }
                if (oMNode2.getType() == 1 || oMNode2.getType() == 9) {
                    qName = getId(oMNode2);
                    if (qName != null) {
                        break;
                    }
                }
                firstOMChild = oMNode2.getNextOMSibling();
            }
        }
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer2 = new StringBuffer("getId(OMNode)");
            stringBuffer2.append(" returns QName [").append(qName).append("]");
            Tr.exit(tc, stringBuffer2.toString());
        }
        return qName;
    }

    private static ArrayList<OMElement> getTimestampHeader(OMElement oMElement, int i, boolean z) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("getTimestampHeader(");
            stringBuffer.append("OMElement root[").append(DOMUtils.getDisplayName((OMNode) oMElement)).append("], ");
            stringBuffer.append("int wssVersion[").append(i).append("], ");
            stringBuffer.append("boolean trace[").append(z).append("])");
            Tr.entry(tc, stringBuffer.toString());
        }
        String str = z ? "TimestampTrace" : ElementLocalNames.WSU_TIMESTAMP;
        ArrayList<OMElement> arrayList = new ArrayList<>();
        ArrayList<OMNode> wsuElementsByTagName = i < 0 ? NamespaceUtil.getWsuElementsByTagName(oMElement, str) : DOMUtils.getOneOrMoreElements(oMElement, Constants.NAMESPACES[1][i], str);
        for (int i2 = 0; i2 < wsuElementsByTagName.size(); i2++) {
            OMElement oMElement2 = (OMElement) wsuElementsByTagName.get(i2);
            if (oMElement2.getAttributeValue(Constants.WAS_EXTENTION_Q) == null) {
                arrayList.add(oMElement2);
            }
        }
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer2 = new StringBuffer("getTimestampHeader(");
            stringBuffer2.append("OMElement, int, boolean)");
            stringBuffer2.append(" returns NodeList [").append(wsuElementsByTagName).append("]");
            Tr.exit(tc, stringBuffer2.toString());
        }
        return arrayList;
    }

    private static void callTimestampConsumer(TimestampConsumerConfig timestampConsumerConfig, Map<Object, Object> map, OMElement oMElement, Map<Object, Object> map2) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("callTimestampConsumer(");
            stringBuffer.append("TimestampConsumerConfig config, Map selectors, ");
            stringBuffer.append("OMElement target[").append(DOMUtils.getDisplayName((OMNode) oMElement)).append("], ");
            stringBuffer.append("Map context)");
            Tr.entry(tc, stringBuffer.toString());
        }
        TimestampConsumer timestampConsumer = (TimestampConsumer) map.get(TimestampConsumer.class);
        map2.put(TimestampConsumerConfig.CONFIG_KEY, timestampConsumerConfig);
        timestampConsumer.invoke(oMElement, map2);
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer2 = new StringBuffer("callTimestampConsumer(");
            stringBuffer2.append("TimestampConsumerConfig, Map, OMElement, Map)");
            Tr.exit(tc, stringBuffer2.toString());
        }
    }

    public static void callStoredTokenConsumer(TokenConsumerConfig tokenConsumerConfig, Map<Object, Object> map, String str) throws SoapSecurityException {
        SecurityTokenManagerImpl securityTokenManagerImpl = (SecurityTokenManagerImpl) map.get(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_SECURITY_TOKEN_MANAGER);
        WSSConsumerConfig wSSConsumerConfig = (WSSConsumerConfig) map.get("com.ibm.wsspi.wssecurity.config.wssConsumer.configKey");
        List<CallerConfig> callers = wSSConsumerConfig.getCallers();
        HashMap hashMap = (HashMap) map.get(Constants.TOKENS_CACHE);
        HashMap hashMap2 = (HashMap) map.get(Constants.SECURITY_HEADERS_CACHE);
        HashMap hashMap3 = (HashMap) map.get(Constants.TOKENS_CACHE_TYPES);
        HashMap hashMap4 = (HashMap) map.get(Constants.V1TOKENS_HASH);
        OMElement oMElement = (OMElement) hashMap.get(str);
        Integer num = (Integer) hashMap3.get(str);
        try {
            callTokenConsumer(tokenConsumerConfig, oMElement, map);
            final SecurityTokenWrapper unprocessedTokenWrapper = securityTokenManagerImpl.getUnprocessedTokenWrapper();
            if (unprocessedTokenWrapper != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Unprocessed token [" + unprocessedTokenWrapper + "] found.");
                }
                AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: com.ibm.ws.wssecurity.core.WSSConsumer.1
                    @Override // java.security.PrivilegedAction
                    public Object run() {
                        SecurityTokenWrapper.this.setProcessed(true);
                        return null;
                    }
                });
                if (callers != null) {
                    checkCaller(callers, tokenConsumerConfig, unprocessedTokenWrapper, securityTokenManagerImpl, map);
                }
            } else {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "All tokens are processed.");
                }
                if (callers != null) {
                    checkCaller(callers, tokenConsumerConfig, securityTokenManagerImpl, map);
                }
            }
            Boolean bool = (Boolean) hashMap4.get(str);
            if (bool == null) {
                bool = false;
            }
            if (num == Constants.BINARY_TOKEN_TYPE && bool.booleanValue()) {
                boolean z = true;
                String str2 = (String) wSSConsumerConfig.getProperties().get(Constants.CONSUME_X509ERRATA_10);
                if (str2 != null && str2.equals("false")) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Found X509 Errata token in the message, but token consumer has com.ibm.ws.wssecurity.consumeX509Errata10Token property set to false in bindings. Consumption will not take place and message will likely not be processed.");
                    }
                    z = false;
                }
                if (z) {
                    MessageContext messageContext = (MessageContext) map.get(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_MESSAGE_CONTEXT);
                    HashMap hashMap5 = (HashMap) messageContext.getProperty(Constants.WSS_PROPERTYMAP);
                    HashMap hashMap6 = hashMap5;
                    if (hashMap5 == null) {
                        hashMap6 = new HashMap();
                    }
                    HashMap hashMap7 = (HashMap) messageContext.getProperty(Constants.WSS_RAMP_PROPERTYMAP);
                    HashMap hashMap8 = hashMap7;
                    if (hashMap7 == null) {
                        hashMap8 = new HashMap();
                    }
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Copying useErrata boolean to message context");
                    }
                    hashMap6.put(Constants.GENERATE_X509ERRATA_10.toString(), bool);
                    messageContext.setProperty(Constants.WSS_PROPERTYMAP, hashMap6);
                    hashMap8.put(Constants.GENERATE_X509ERRATA_10.toString(), bool);
                    messageContext.setProperty(Constants.WSS_RAMP_PROPERTYMAP, hashMap8);
                }
            }
            hashMap.remove(str);
            hashMap2.remove(str);
            hashMap3.remove(str);
            hashMap4.remove(str);
        } catch (Exception e) {
            SoapSecurityException format = e instanceof SoapSecurityException ? (SoapSecurityException) e : SoapSecurityException.format("security.wssecurity.WSSConsumer.s34", new String[]{e.getMessage()}, e);
            Object remove = map.remove(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_TOKEN_FOR_ERROR_HANDLING);
            if (remove != null && (remove instanceof SecurityToken)) {
                SecurityToken securityToken = (SecurityToken) remove;
                if (tokenConsumerConfig.isUsedForDecryption() || tokenConsumerConfig.isUsedForVerification()) {
                    SecurityTokenWrapper securityTokenWrapper = new SecurityTokenWrapper(securityToken);
                    securityTokenWrapper.setUsedTokenConsumer(tokenConsumerConfig.hashCode(), tokenConsumerConfig.getClass().getName().hashCode());
                    securityTokenWrapper.setKeyInfoType(null);
                    securityTokenWrapper.setError(format);
                    securityTokenWrapper.setProcessed(true);
                    securityTokenManagerImpl.addTokenWrapper(securityTokenWrapper);
                } else {
                    securityTokenManagerImpl.removeToken(securityToken);
                }
            }
            throw SoapSecurityException.format("security.wssecurity.WSSConsumer.s13", format);
        }
    }

    public static void callStoredTokenConsumer(Map<Object, Object> map, SecurityTokenManagerImpl securityTokenManagerImpl, String str, boolean z) throws SoapSecurityException {
        SOAPEnvelope envelope;
        OMDocument ownerDocument;
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("callStoredTokenConsumer(");
            stringBuffer.append("Map context, SecurityTokenManagerImpl securityTokenManager, ");
            stringBuffer.append("String id[").append(str).append("], ");
            stringBuffer.append("boolean tryAllCandidates[").append(z).append("])");
            Tr.entry(tc, stringBuffer.toString());
        }
        OMElement oMElement = null;
        int i = 0;
        WSSConsumerConfig wSSConsumerConfig = (WSSConsumerConfig) map.get("com.ibm.wsspi.wssecurity.config.wssConsumer.configKey");
        MessageContext messageContext = (MessageContext) map.get(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_MESSAGE_CONTEXT);
        if (messageContext != null && (envelope = messageContext.getEnvelope()) != null && (ownerDocument = DOMUtil.getOwnerDocument(envelope)) != null) {
            oMElement = ownerDocument.getOMDocumentElement();
        }
        Integer num = (Integer) messageContext.getProperty(Constants.WSS_VERSION);
        if (num != null) {
            i = num.intValue();
        }
        HashMap hashMap = (HashMap) map.get(Constants.TOKENS_CACHE);
        HashMap hashMap2 = (HashMap) map.get(Constants.SECURITY_HEADERS_CACHE);
        HashMap hashMap3 = (HashMap) map.get(Constants.TOKENS_CACHE_TYPES);
        HashMap hashMap4 = (HashMap) map.get(Constants.V1TOKENS_HASH);
        OMElement oMElement2 = (OMElement) hashMap.get(str);
        OMElement oMElement3 = (OMElement) hashMap2.get(str);
        Integer num2 = (Integer) hashMap3.get(str);
        if (num2 == Constants.BINARY_TOKEN_TYPE) {
            callTokenConsumer(wSSConsumerConfig.getCallers(), wSSConsumerConfig.getTokenConsumers(), oMElement, oMElement3, oMElement2, securityTokenManagerImpl, map, false, true, i, z);
            Boolean bool = (Boolean) hashMap4.get(str);
            if (bool == null) {
                bool = false;
            }
            if (bool.booleanValue()) {
                boolean z2 = true;
                String str2 = (String) wSSConsumerConfig.getProperties().get(Constants.CONSUME_X509ERRATA_10);
                if (str2 != null && str2.equals("false")) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Found X509 Errata token in the message, but token consumer has com.ibm.ws.wssecurity.consumeX509Errata10Token property set to false in bindings. Consumption will not take place and message will likely not be processed.");
                    }
                    z2 = false;
                }
                if (z2) {
                    MessageContext messageContext2 = (MessageContext) map.get(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_MESSAGE_CONTEXT);
                    HashMap hashMap5 = (HashMap) messageContext2.getProperty(Constants.WSS_PROPERTYMAP);
                    HashMap hashMap6 = hashMap5;
                    if (hashMap5 == null) {
                        hashMap6 = new HashMap();
                    }
                    HashMap hashMap7 = (HashMap) messageContext2.getProperty(Constants.WSS_RAMP_PROPERTYMAP);
                    HashMap hashMap8 = hashMap7;
                    if (hashMap7 == null) {
                        hashMap8 = new HashMap();
                    }
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Copying useErrata boolean to message context");
                    }
                    hashMap6.put(Constants.CONSUME_X509ERRATA_10.toString(), bool);
                    messageContext2.setProperty(Constants.WSS_PROPERTYMAP, hashMap6);
                    hashMap8.put(Constants.CONSUME_X509ERRATA_10.toString(), bool);
                    messageContext2.setProperty(Constants.WSS_RAMP_PROPERTYMAP, hashMap8);
                }
            }
        } else if (num2 == Constants.USERNAME_TOKEN_TYPE) {
            callTokenConsumer(wSSConsumerConfig.getCallers(), wSSConsumerConfig.getTokenConsumers(), oMElement, oMElement3, oMElement2, securityTokenManagerImpl, map, true, false, i, z);
        } else {
            callTokenConsumer(wSSConsumerConfig.getCallers(), wSSConsumerConfig.getTokenConsumers(), oMElement, oMElement3, oMElement2, securityTokenManagerImpl, map, false, false, i, z);
        }
        hashMap.remove(str);
        hashMap2.remove(str);
        hashMap3.remove(str);
    }

    public static void callTokenConsumer(Collection<CallerConfig> collection, Collection<TokenConsumerConfig> collection2, OMElement oMElement, OMElement oMElement2, OMElement oMElement3, SecurityTokenManagerImpl securityTokenManagerImpl, Map<Object, Object> map, boolean z, boolean z2, int i, boolean z3) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("callTokenConsumer(");
            stringBuffer.append("Collection cconfigs, Collection tconfigs, ");
            stringBuffer.append("OMElement envelope[").append(DOMUtils.getDisplayName((OMNode) oMElement)).append("], ");
            stringBuffer.append("OMElement security[").append(DOMUtils.getDisplayName((OMNode) oMElement2)).append("], ");
            stringBuffer.append("OMElement target[").append(DOMUtils.getDisplayName((OMNode) oMElement3)).append("], ");
            stringBuffer.append("SecurityTokenManagerImpl securityTokenManager, Map context, ");
            stringBuffer.append("boolean isUT[").append(z).append("], ");
            stringBuffer.append("boolean isBST[").append(z2).append("], ");
            stringBuffer.append("int wssVersion[").append(i).append("], ");
            stringBuffer.append("boolean tryAllCandidates[").append(z3).append("])");
            Tr.entry(tc, stringBuffer.toString());
        }
        HashMap hashMap = (HashMap) map.get(Constants.TOKENS_CACHE);
        HashMap hashMap2 = (HashMap) map.get(Constants.SECURITY_HEADERS_CACHE);
        HashMap hashMap3 = (HashMap) map.get(Constants.TOKENS_CACHE_TYPES);
        HashMap hashMap4 = (HashMap) map.get(Constants.V1TOKENS_HASH);
        Boolean bool = false;
        boolean z4 = false;
        boolean z5 = false;
        boolean z6 = false;
        if ("SecurityContextToken".equals(oMElement3.getLocalName())) {
            z4 = true;
        } else if ("DerivedKeyToken".equals(oMElement3.getLocalName())) {
            z5 = true;
        }
        String attributeValue = oMElement3.getAttributeValue(VALUETYPE_Q);
        QName qName = attributeValue != null ? DOMUtils.getQName(oMElement3, attributeValue, i) : null;
        if (qName != null && NamespaceUtil.equals(qName, Constants.X509V3)) {
            bool = true;
        }
        if (z4) {
            if (Constants.NS_WSC_SC.equals(oMElement3.getNamespace().getNamespaceURI())) {
                z6 = true;
                qName = Constants.SCT;
            } else if (Constants.NS_WSC_SC_13.equals(oMElement3.getNamespace().getNamespaceURI())) {
                qName = Constants.SCT_13;
            }
        }
        String str = Constants.NAMESPACES[0][i];
        String trim = ConfigUtil.trim(IdUtils.getInstance().getId(oMElement3));
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Target's value type is [" + qName + "].");
            Tr.debug(tc, "UsernameToken flag is [" + z + "].");
            Tr.debug(tc, "BinarySecurityToken flag is [" + z2 + "].");
            Tr.debug(tc, "SecurityContextToken flag is [" + z4 + "].");
            Tr.debug(tc, "DerivedKeyToken flag is [" + z5 + "].");
            Tr.debug(tc, "The identifier is [" + trim + "].");
        }
        TokenConsumerConfig tokenConsumerConfig = null;
        boolean z7 = false;
        HashSet<TokenConsumerConfig> hashSet = new HashSet();
        boolean z8 = true;
        boolean z9 = true;
        if (oMElement != null && oMElement2 != null && (z2 || z || z5)) {
            z8 = false;
            z9 = false;
            int usedFor = getUsedFor(oMElement, oMElement2, str, trim);
            if (usedFor == 1) {
                z9 = true;
            } else if (usedFor == 2) {
                z8 = true;
            }
            if (tc.isDebugEnabled()) {
                if (z9) {
                    Tr.debug(tc, "The token is used for signature verification.");
                } else if (z8) {
                    Tr.debug(tc, "The token is used for decryption.");
                } else {
                    Tr.debug(tc, "The token is maybe stand-alone.");
                }
            }
            Iterator<TokenConsumerConfig> it = collection2.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                TokenConsumerConfig next = it.next();
                if (tc.isDebugEnabled()) {
                    if (next.isUsedForVerification()) {
                        Tr.debug(tc, "The configuration of token consumers is used for signature verification.");
                    } else if (next.isUsedForDecryption()) {
                        Tr.debug(tc, "The configuration of token consumers is used for decryption.");
                    } else {
                        Tr.debug(tc, "The configuration of token consumers is maybe used for stand-alone tokens.");
                    }
                }
                if ((z9 && next.isUsedForVerification()) || ((z8 && next.isUsedForDecryption()) || (!z9 && !next.isUsedForVerification() && !z8 && !next.isUsedForDecryption()))) {
                    QName type = next.getType();
                    if (z) {
                        if (Constants.UNTOKEN.equals(type) || Constants.UNTOKEN_11.equals(type)) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Added a config for [" + type + "].");
                            }
                            hashSet.add(next);
                        }
                    } else if (z2) {
                        if (NamespaceUtil.equals(qName, type)) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Added a config for [" + type + "].");
                            }
                            hashSet.add(next);
                        } else if ((Constants.LTPA_TOKEN.equals(type) || Constants.LTPAv2_TOKEN.equals(type)) && (Constants.LTPA_TOKEN.equals(qName) || Constants.LTPAv2_TOKEN.equals(qName))) {
                            if (next.isEnforceTokenVersion()) {
                                z7 = true;
                                tokenConsumerConfig = next;
                            } else {
                                tokenConsumerConfig = next;
                            }
                        } else if (bool.booleanValue()) {
                            boolean z10 = true;
                            String str2 = (String) next.getProperties().get(Constants.CONSUME_X509ERRATA_10);
                            if (str2 != null && str2.equals("false")) {
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "Found X509 Errata token in the message, but token consumer has com.ibm.ws.wssecurity.consumeX509Errata10Token property set to false in bindings. Consumption will not take place and message will likely not be processed.");
                                }
                                z10 = false;
                            }
                            if (NamespaceUtil.equals(type, Constants.X509V3_OLD) && NamespaceUtil.equals(qName, Constants.X509V3) && z10) {
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "Added a config for [" + type + "], which will consume Errata token[" + qName + "]");
                                }
                                hashSet.add(next);
                            }
                        }
                    } else if (z4) {
                        if (NamespaceUtil.equals(qName, type)) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Adding a config for [" + type + "].");
                            }
                            hashSet.add(next);
                        }
                    } else if (z5) {
                        QName parentTokenValueType = getParentTokenValueType(oMElement3, i);
                        if (parentTokenValueType != null) {
                            if (NamespaceUtil.equals(parentTokenValueType, type)) {
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "Adding a token config for [" + type + "].");
                                }
                                hashSet.add(next);
                            } else if (NamespaceUtil.equals(type, Constants.SCT_13) && Constants.SCT.equals(parentTokenValueType)) {
                                if (next.isEnforceTokenVersion()) {
                                    z7 = true;
                                    tokenConsumerConfig = next;
                                } else {
                                    tokenConsumerConfig = next;
                                }
                            }
                        }
                    } else if (type.equals(new QName(oMElement3.getNamespace() == null ? null : oMElement3.getNamespace().getNamespaceURI(), oMElement3.getLocalName()))) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Added a config for [" + type + "].");
                        }
                        hashSet.add(next);
                    }
                }
            }
        }
        if (hashSet.isEmpty() && tokenConsumerConfig != null) {
            if (z7) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "The valueType on the message [" + qName + "] does not match the valueType in the config [" + tokenConsumerConfig.getType() + "]. The config specified enforceTokenVersion. Cannot process message.");
                }
                throw SoapSecurityException.format("security.wssecurity.WSSConsumer.s47", new String[]{qName.toString(), tokenConsumerConfig.getType().toString()});
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Added a config for [" + tokenConsumerConfig.getType() + "].");
            }
            hashSet.add(tokenConsumerConfig);
            z7 = false;
            tokenConsumerConfig = null;
        }
        if (hashSet.isEmpty()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Since it can't select configuration of token cosumers based on the message, it uses all candidates.");
            }
            Iterator<TokenConsumerConfig> it2 = collection2.iterator();
            while (true) {
                if (!it2.hasNext()) {
                    break;
                }
                TokenConsumerConfig next2 = it2.next();
                QName type2 = next2.getType();
                if (z) {
                    if (Constants.UNTOKEN.equals(type2) || Constants.UNTOKEN_11.equals(type2)) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Added a config for [" + type2 + "].");
                        }
                        hashSet.add(next2);
                    }
                } else if (z2) {
                    if (NamespaceUtil.equals(qName, type2)) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Added a config for [" + type2 + "].");
                        }
                        hashSet.add(next2);
                    } else if ((Constants.LTPA_TOKEN.equals(type2) || Constants.LTPAv2_TOKEN.equals(type2)) && (Constants.LTPA_TOKEN.equals(qName) || Constants.LTPAv2_TOKEN.equals(qName))) {
                        if (next2.isEnforceTokenVersion()) {
                            z7 = true;
                            tokenConsumerConfig = next2;
                        } else {
                            tokenConsumerConfig = next2;
                        }
                    } else if (bool.booleanValue()) {
                        boolean z11 = true;
                        String str3 = (String) next2.getProperties().get(Constants.CONSUME_X509ERRATA_10);
                        if (str3 != null && str3.equals("false")) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Found X509 Errata token in the message, but token consumer has com.ibm.ws.wssecurity.consumeX509Errata10Token property set to false in bindings. Consumption will not take place and message will likely not be processed.");
                            }
                            z11 = false;
                        }
                        if (NamespaceUtil.equals(type2, Constants.X509V3_OLD) && NamespaceUtil.equals(qName, Constants.X509V3) && z11) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Added a config for [" + type2 + "], which will consume Errata token[" + qName + "]");
                            }
                            hashSet.add(next2);
                        }
                    }
                } else if (z4) {
                    if (NamespaceUtil.equals(qName, type2)) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Adding a config for [" + type2 + "].");
                        }
                        hashSet.add(next2);
                    } else if (NamespaceUtil.equals(type2, Constants.SCT_13) && z6) {
                        if (next2.isEnforceTokenVersion()) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Found SCT draft version in the message, but token consumersets enforceTokenVersion attribute in bindings. Cannot process message");
                            }
                            z7 = true;
                            tokenConsumerConfig = next2;
                        } else {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Added a config for [" + type2 + "], which will consume SCT draft version token[" + qName + "]");
                            }
                            hashSet.add(next2);
                        }
                    }
                } else if (z5) {
                    QName parentTokenValueType2 = getParentTokenValueType(oMElement3, i);
                    if (parentTokenValueType2 != null) {
                        if (NamespaceUtil.equals(parentTokenValueType2, type2)) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Adding a token config for [" + type2 + "].");
                            }
                            hashSet.add(next2);
                        } else if (NamespaceUtil.equals(type2, Constants.SCT_13) && Constants.SCT.equals(parentTokenValueType2)) {
                            if (next2.isEnforceTokenVersion()) {
                                z7 = true;
                                tokenConsumerConfig = next2;
                            } else {
                                tokenConsumerConfig = next2;
                            }
                        }
                    }
                } else if (type2.equals(new QName(oMElement3.getNamespace() == null ? null : oMElement3.getNamespace().getNamespaceURI(), oMElement3.getLocalName()))) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Added a config for [" + type2 + "].");
                    }
                    hashSet.add(next2);
                }
            }
        }
        if (hashSet.isEmpty() && tokenConsumerConfig != null) {
            if (z7) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "The valueType on the message [" + qName + "] does not match the valueType in the config [" + tokenConsumerConfig.getType() + "]. The config specified enforceTokenVersion. Cannot process message.");
                }
                throw SoapSecurityException.format("security.wssecurity.WSSConsumer.s47", new String[]{qName.toString(), tokenConsumerConfig.getType().toString()});
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Added a config for [" + tokenConsumerConfig.getType() + "].");
            }
            hashSet.add(tokenConsumerConfig);
        }
        if (!hashSet.isEmpty()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, hashSet.size() + " TokenConsumerConfig candidates found.");
            }
            map.remove(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEYINFO_TYPE);
            boolean z12 = false;
            Exception[] excArr = new Exception[hashSet.size()];
            int i2 = 0;
            SoapSecurityException soapSecurityException = null;
            if (hashSet.size() > 1 && !z3) {
                hashMap.put(trim, oMElement3);
                hashMap2.put(trim, oMElement2);
                if (z) {
                    hashMap3.put(trim, Constants.USERNAME_TOKEN_TYPE);
                } else if (z2) {
                    hashMap3.put(trim, Constants.BINARY_TOKEN_TYPE);
                    hashMap4.put(trim, bool);
                } else {
                    hashMap3.put(trim, Constants.UNDETERMINED_TOKEN_TYPE);
                }
                z12 = true;
            }
            if (hashSet.size() == 1 || z3) {
                for (TokenConsumerConfig tokenConsumerConfig2 : hashSet) {
                    try {
                        callTokenConsumer(tokenConsumerConfig2, oMElement3, map);
                        final SecurityTokenWrapper unprocessedTokenWrapper = securityTokenManagerImpl.getUnprocessedTokenWrapper();
                        if (unprocessedTokenWrapper != null) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Unprocessed token [" + unprocessedTokenWrapper + "] found.");
                            }
                            AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: com.ibm.ws.wssecurity.core.WSSConsumer.2
                                @Override // java.security.PrivilegedAction
                                public Object run() {
                                    SecurityTokenWrapper.this.setProcessed(true);
                                    return null;
                                }
                            });
                            if (collection != null) {
                                checkCaller(collection, tokenConsumerConfig2, unprocessedTokenWrapper, securityTokenManagerImpl, map);
                            }
                        } else {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "All tokens are processed.");
                            }
                            if (collection != null) {
                                checkCaller(collection, tokenConsumerConfig2, securityTokenManagerImpl, map);
                            }
                        }
                        z12 = true;
                        if (z2 && bool.booleanValue()) {
                            String str4 = (String) tokenConsumerConfig2.getProperties().get(Constants.CONSUME_X509ERRATA_10);
                            boolean z13 = true;
                            if (str4 != null && str4.equals("false")) {
                                z13 = false;
                            }
                            if (z13) {
                                MessageContext messageContext = (MessageContext) map.get(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_MESSAGE_CONTEXT);
                                HashMap hashMap5 = (HashMap) messageContext.getProperty(Constants.WSS_PROPERTYMAP);
                                HashMap hashMap6 = hashMap5;
                                if (hashMap5 == null) {
                                    hashMap6 = new HashMap();
                                }
                                HashMap hashMap7 = (HashMap) messageContext.getProperty(Constants.WSS_RAMP_PROPERTYMAP);
                                HashMap hashMap8 = hashMap7;
                                if (hashMap7 == null) {
                                    hashMap8 = new HashMap();
                                }
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "Copying useErrata boolean to message context");
                                }
                                hashMap6.put(Constants.CONSUME_X509ERRATA_10.toString(), bool);
                                messageContext.setProperty(Constants.WSS_PROPERTYMAP, hashMap6);
                                hashMap8.put(Constants.CONSUME_X509ERRATA_10.toString(), bool);
                                messageContext.setProperty(Constants.WSS_RAMP_PROPERTYMAP, hashMap8);
                            }
                        }
                        if (!z8 && !z9) {
                            break;
                        }
                    } catch (Exception e) {
                        int i3 = i2;
                        i2++;
                        excArr[i3] = e;
                        soapSecurityException = e instanceof SoapSecurityException ? (SoapSecurityException) e : SoapSecurityException.format("security.wssecurity.WSSConsumer.s34", new String[]{e.getMessage()}, e);
                        Object remove = map.remove(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_TOKEN_FOR_ERROR_HANDLING);
                        if (remove != null && (remove instanceof SecurityToken)) {
                            SecurityToken securityToken = (SecurityToken) remove;
                            if (z8 || z9) {
                                SecurityTokenWrapper securityTokenWrapper = new SecurityTokenWrapper(securityToken);
                                securityTokenWrapper.setUsedTokenConsumer(tokenConsumerConfig2.hashCode(), tokenConsumerConfig2.getClass().getName().hashCode());
                                securityTokenWrapper.setKeyInfoType(null);
                                securityTokenWrapper.setError(soapSecurityException);
                                securityTokenWrapper.setProcessed(true);
                                securityTokenManagerImpl.addTokenWrapper(securityTokenWrapper);
                            } else {
                                securityTokenManagerImpl.removeToken(securityToken);
                            }
                        }
                    }
                }
            }
            if (!z12) {
                if (hashSet.size() == 1) {
                    throw soapSecurityException;
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, i2 + " exceptions were catched.");
                    for (int i4 = 0; i4 < i2; i4++) {
                        Tr.debug(tc, "No." + i4 + "'s exception: " + excArr[i4]);
                    }
                }
                throw SoapSecurityException.format("security.wssecurity.WSSConsumer.s13", excArr[i2 - 1]);
            }
        } else {
            if (Axis2Util.getMustUnderstand(map)) {
                throw SoapSecurityException.format("security.wssecurity.WSSConsumer.s03", DOMUtils.getQualifiedName(oMElement3));
            }
            Tr.debug(tc, ConfigUtil.getMessage("security.wssecurity.WSSConsumer.s03", new String[]{DOMUtils.getQualifiedName(oMElement3)}));
            Tr.debug(tc, "mustUnderstand=0.  Ignoring unexpected element.");
        }
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer2 = new StringBuffer("callTokenConsumer(");
            stringBuffer2.append("Set, Set, OMElement, OMElement, OMElement, SecurityTokenManagerImpl, ");
            stringBuffer2.append("Map, boolean, boolean, int, boolean)");
            Tr.exit(tc, stringBuffer2.toString());
        }
    }

    private static void callTokenConsumer(TokenConsumerConfig tokenConsumerConfig, OMElement oMElement, Map<Object, Object> map) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("callTokenConsumer(");
            stringBuffer.append("TokenConsumerConfig config, ");
            stringBuffer.append("OMElement target[").append(DOMUtils.getDisplayName((OMNode) oMElement)).append("], ");
            stringBuffer.append("Map context)");
            Tr.entry(tc, stringBuffer.toString());
        }
        TokenConsumerComponent tokenConsumerConfImpl = ((PrivateConsumerConfig.TokenConsumerConfImpl) tokenConsumerConfig).getInstance();
        if (tokenConsumerConfImpl != null) {
            map.put(TokenConsumerConfig.CONFIG_KEY, tokenConsumerConfig);
            tokenConsumerConfImpl.invoke(oMElement, map);
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Unable to get the TokenConsumer object: [" + tokenConsumerConfig + "].");
        }
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer2 = new StringBuffer("callTokenConsumer(");
            stringBuffer2.append("TokenConsumerConfig, OMElement, Map)");
            Tr.exit(tc, stringBuffer2.toString());
        }
    }

    private static QName getParentTokenValueType(OMElement oMElement, int i) {
        String text;
        QName qName = null;
        if (oMElement != null && oMElement.getLocalName().equals("DerivedKeyToken")) {
            OMElement childElement = DOMUtils.getChildElement(oMElement, Constants.NS_WSSE, "SecurityTokenReference");
            OMElement childElement2 = DOMUtils.getChildElement(childElement, Constants.NS_WSSE, "Reference");
            if (childElement2 != null) {
                qName = DOMUtils.getQName(oMElement, childElement2.getAttributeValue(Constants.VALUETYPE_Q), i);
            } else {
                OMElement childElement3 = DOMUtils.getChildElement(childElement, Constants.NS_WSSE, "KeyIdentifier");
                String attributeValue = childElement3.getAttributeValue(Constants.VALUETYPE_Q);
                if (attributeValue != null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Found parent token's ValueType for " + attributeValue);
                    }
                    if (attributeValue.equals(Constants.KRB5_APREQ_SHA1.getLocalPart()) && (text = childElement3.getText()) != null && CacheableTokenCacheFactory.getInstance().getToken(text) != null) {
                        QName valueType = ((SecurityToken) CacheableTokenCacheFactory.getInstance().getToken(text)).getValueType();
                        if (valueType != null) {
                            qName = valueType;
                        }
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Found token type: " + qName);
                        }
                    }
                }
            }
        }
        return qName;
    }

    /* JADX WARN: Removed duplicated region for block: B:35:0x01b9  */
    /* JADX WARN: Removed duplicated region for block: B:52:0x024d  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static void callSignatureConsumer(java.util.Collection<com.ibm.ws.wssecurity.config.SignatureConsumerConfig> r6, java.util.Map<java.lang.Object, java.lang.Object> r7, org.apache.axiom.om.OMElement r8, boolean r9, java.util.Map<java.lang.Object, java.lang.Object> r10) throws com.ibm.wsspi.wssecurity.core.SoapSecurityException {
        /*
            Method dump skipped, instructions count: 640
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ws.wssecurity.core.WSSConsumer.callSignatureConsumer(java.util.Collection, java.util.Map, org.apache.axiom.om.OMElement, boolean, java.util.Map):void");
    }

    private static void callSignatureConsumer(SignatureConsumerConfig signatureConsumerConfig, Map<Object, Object> map, OMElement oMElement, boolean z, Map<Object, Object> map2) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("callSignatureConsumer(");
            stringBuffer.append("SignatureConsumerConfig config, Map properties, ");
            stringBuffer.append("OMElement target[").append(DOMUtils.getDisplayName((OMNode) oMElement)).append("], ");
            stringBuffer.append("boolean copiedDOMTree[").append(z).append("], ");
            stringBuffer.append("Map context)");
            Tr.entry(tc, stringBuffer.toString());
        }
        SignatureConsumer signatureConsumer = (SignatureConsumer) map.get(SignatureConsumer.class);
        map2.put(SignatureConsumerConfig.CONFIG_KEY, signatureConsumerConfig);
        if (z) {
            map2.put(Constants.COPY_DOMTREE, "true");
        } else {
            map2.remove(Constants.COPY_DOMTREE);
        }
        signatureConsumer.invoke(oMElement, map2);
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer2 = new StringBuffer("callSignatureConsumer(");
            stringBuffer2.append("SignatureConsumerConfig, Map, OMElement, boolean, Map)");
            Tr.exit(tc, stringBuffer2.toString());
        }
    }

    private static void callEncryptionConsumer(Collection<EncryptionConsumerConfig> collection, Map<Object, Object> map, OMElement oMElement, Map<Object, Object> map2) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("callEncryptionConsumer(");
            stringBuffer.append("Collection econfig, Map selectors, ");
            stringBuffer.append("OMElement target[").append(DOMUtils.getDisplayName((OMNode) oMElement)).append("], ");
            stringBuffer.append("Map context)");
            Tr.entry(tc, stringBuffer.toString());
        }
        boolean z = false;
        Exception[] excArr = new Exception[collection.size()];
        int i = 0;
        if (collection.size() > 0) {
            lockResults(map2, false, true);
            Iterator<EncryptionConsumerConfig> it = collection.iterator();
            int i2 = 0;
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                i2++;
                try {
                    try {
                        callEncryptionConsumer(it.next(), map, oMElement, map2);
                        z = true;
                        removeKeyInfoResults(map2);
                        if (1 == 0) {
                            restoreResults(map2, false);
                        }
                    } catch (Exception e) {
                        int i3 = i;
                        i++;
                        excArr[i3] = e;
                        if (WSSContextManagerFactory.getInstance().getAuditService().isEventRequired(WSSAuditService.WSSAuditEventType.SECURITY_ENCRYPTION, WSSAuditService.WSSAuditOutcome.ERROR)) {
                            MessageContext messageContext = (MessageContext) map2.get(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_MESSAGE_CONTEXT);
                            Map<String, Object> auditEventContext = WSSAuditEventGeneratorFactory.getInstance().setAuditEventContext(map2, WSSAuditService.WSSAuditOutcome.ERROR, WSSAuditService.WSSAuditReason.DECRYPTION_ERROR, e.getMessage());
                            Result[] resultArr = ResultPool.get(map2, KeyInfoResult.class);
                            KeyInfoResult keyInfoResult = null;
                            if (resultArr == null || resultArr.length <= 0) {
                                KeyInfoResult[] keyInfoResultArr = new KeyInfoResult[i2];
                                for (int i4 = 0; i4 < i2; i4++) {
                                    keyInfoResultArr[i4] = new KeyInfoResult(null);
                                    ResultPool.add(map2, keyInfoResultArr[i4]);
                                }
                            } else if (i2 == resultArr.length) {
                                keyInfoResult = (KeyInfoResult) resultArr[resultArr.length - 1];
                            } else {
                                KeyInfoResult[] keyInfoResultArr2 = new KeyInfoResult[resultArr.length];
                                int i5 = 0;
                                while (i5 < resultArr.length) {
                                    keyInfoResultArr2[i5] = (KeyInfoResult) resultArr[i5];
                                    i5++;
                                }
                                for (int i6 = i5; i6 < i2; i6++) {
                                    keyInfoResultArr2[i6] = new KeyInfoResult(null);
                                }
                            }
                            WSSAuditEventGeneratorFactory.getInstance().addEncryptionEventData(auditEventContext, keyInfoResult);
                            WSSAuditEventGeneratorFactory.getInstance().sendEvent(WSSAuditService.WSSAuditEventType.SECURITY_ENCRYPTION, messageContext, map2);
                        }
                        removeKeyInfoResults(map2);
                        if (!z) {
                            restoreResults(map2, false);
                        }
                    }
                } catch (Throwable th) {
                    removeKeyInfoResults(map2);
                    if (!z) {
                        restoreResults(map2, false);
                    }
                    throw th;
                }
            }
            if (!z) {
                if (collection.size() == 1) {
                    if (!(excArr[0] instanceof SoapSecurityException)) {
                        throw SoapSecurityException.format("security.wssecurity.WSSConsumer.s16", excArr[0]);
                    }
                    throw ((SoapSecurityException) excArr[0]);
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, i + " exceptions were catched.");
                    for (int i7 = 0; i7 < i; i7++) {
                        Tr.debug(tc, "No." + i7 + "'s exception: " + excArr[i7]);
                    }
                }
                throw SoapSecurityException.format("security.wssecurity.WSSConsumer.s12", excArr[i - 1]);
            }
            lockResults(map2, false, false);
        } else if (Axis2Util.getMustUnderstand(map2)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Encryption information was found in the security header, but there is no inbound encryption configuration.");
            }
            throw SoapSecurityException.format("security.wssecurity.WSSConsumer.s16", ConfigUtil.getMessage("security.wssecurity.WSSConsumer.s49"));
        }
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer2 = new StringBuffer("callEncryptionConsumer(");
            stringBuffer2.append("Set, Map, OMElement, Map)");
            Tr.exit(tc, stringBuffer2.toString());
        }
    }

    private static void callEncryptionConsumer(EncryptionConsumerConfig encryptionConsumerConfig, Map<Object, Object> map, OMElement oMElement, Map<Object, Object> map2) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("callEncryptionConsumer(");
            stringBuffer.append("EncryptionConsumerConfig config, Map selectors, ");
            stringBuffer.append("OMElement target[").append(DOMUtils.getDisplayName((OMNode) oMElement)).append("], ");
            stringBuffer.append("Map context)");
            Tr.entry(tc, stringBuffer.toString());
        }
        EncryptionConsumer encryptionConsumer = (EncryptionConsumer) map.get(EncryptionConsumer.class);
        map2.put(EncryptionConsumerConfig.CONFIG_KEY, encryptionConsumerConfig);
        encryptionConsumer.invoke(oMElement, map2);
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer2 = new StringBuffer("callEncryptionConsumer(");
            stringBuffer2.append("EncryptionConsumerConfig, Map, OMElement, Map)");
            Tr.exit(tc, stringBuffer2.toString());
        }
    }

    private static void checkRequiredIntegrity(OMDocument oMDocument, Map<Object, Object> map, Map<Object, Object> map2) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("checkRequiredIntegrity(");
            stringBuffer.append("OMDocument doc[").append(DOMUtils.getDisplayName(oMDocument)).append("], ");
            stringBuffer.append("Map selectors, Map context)");
            Tr.entry(tc, stringBuffer.toString());
        }
        try {
            ((WSSConsumerComponent) map.get(VerifiedPartChecker.class)).invoke(oMDocument.getOMDocumentElement(), map2);
            if (WSSContextManagerFactory.getInstance().getAuditService().isEventRequired(WSSAuditService.WSSAuditEventType.SECURITY_SIGNING, WSSAuditService.WSSAuditOutcome.SUCCESS)) {
                MessageContext messageContext = (MessageContext) map2.get(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_MESSAGE_CONTEXT);
                WSSAuditEventGeneratorFactory.getInstance().setAuditEventContext(map2, WSSAuditService.WSSAuditOutcome.SUCCESS, WSSAuditService.WSSAuditReason.INTEGRITY, null);
                WSSAuditEventGeneratorFactory.getInstance().sendEvent(WSSAuditService.WSSAuditEventType.SECURITY_SIGNING, messageContext, map2);
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "checkRequiredIntegrity(OMDocument, Map, Map)");
            }
        } catch (SoapSecurityException e) {
            if (WSSContextManagerFactory.getInstance().getAuditService().isEventRequired(WSSAuditService.WSSAuditEventType.SECURITY_SIGNING, WSSAuditService.WSSAuditOutcome.DENIED)) {
                MessageContext messageContext2 = (MessageContext) map2.get(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_MESSAGE_CONTEXT);
                WSSAuditEventGeneratorFactory.getInstance().setAuditEventContext(map2, WSSAuditService.WSSAuditOutcome.DENIED, WSSAuditService.WSSAuditReason.INTEGRITY_BAD, e.getMessage());
                WSSAuditEventGeneratorFactory.getInstance().sendEvent(WSSAuditService.WSSAuditEventType.SECURITY_SIGNING, messageContext2, map2);
            }
            throw e;
        }
    }

    private static void checkRequiredConfidentiality(OMDocument oMDocument, Map<Object, Object> map, Map<Object, Object> map2) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("checkRequiredConfidentiality(");
            stringBuffer.append("OMDocument doc[").append(DOMUtils.getDisplayName(oMDocument)).append("], ");
            stringBuffer.append("Map selectors, Map context)");
            Tr.entry(tc, stringBuffer.toString());
        }
        try {
            ((WSSConsumerComponent) map.get(DecryptedPartChecker.class)).invoke(oMDocument.getOMDocumentElement(), map2);
            if (WSSContextManagerFactory.getInstance().getAuditService().isEventRequired(WSSAuditService.WSSAuditEventType.SECURITY_ENCRYPTION, WSSAuditService.WSSAuditOutcome.SUCCESS)) {
                MessageContext messageContext = (MessageContext) map2.get(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_MESSAGE_CONTEXT);
                WSSAuditEventGeneratorFactory.getInstance().setAuditEventContext(map2, WSSAuditService.WSSAuditOutcome.SUCCESS, WSSAuditService.WSSAuditReason.CONFIDENTIALITY, null);
                WSSAuditEventGeneratorFactory.getInstance().sendEvent(WSSAuditService.WSSAuditEventType.SECURITY_ENCRYPTION, messageContext, map2);
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "checkRequiredConfidentiality(OMDocument, Map, Map)");
            }
        } catch (SoapSecurityException e) {
            if (WSSContextManagerFactory.getInstance().getAuditService().isEventRequired(WSSAuditService.WSSAuditEventType.SECURITY_ENCRYPTION, WSSAuditService.WSSAuditOutcome.DENIED)) {
                MessageContext messageContext2 = (MessageContext) map2.get(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_MESSAGE_CONTEXT);
                WSSAuditEventGeneratorFactory.getInstance().setAuditEventContext(map2, WSSAuditService.WSSAuditOutcome.DENIED, WSSAuditService.WSSAuditReason.CONFIDENTIALITY_BAD, e.getMessage());
                WSSAuditEventGeneratorFactory.getInstance().sendEvent(WSSAuditService.WSSAuditEventType.SECURITY_ENCRYPTION, messageContext2, map2);
            }
            throw e;
        }
    }

    private static void checkRequiredSecurityToken(Collection<TokenConsumerConfig> collection, Collection<CallerConfig> collection2, SecurityTokenManagerImpl securityTokenManagerImpl, Map<Object, Object> map) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("checkRequiredSecurityToken(");
            stringBuffer.append("Collection tokens, Collection callers, ");
            stringBuffer.append("SecurityTokenManagerImpl securityTokenManager)");
            Tr.entry(tc, stringBuffer.toString());
        }
        Collection<SecurityToken> tokens = securityTokenManagerImpl.getTokens();
        if (tc.isDebugEnabled()) {
            if (tokens == null) {
                Tr.debug(tc, "The subject has no Token object.");
            } else {
                Tr.debug(tc, tokens.size() + " tokens found in the subject.");
            }
        }
        boolean z = false;
        SecurityToken securityToken = null;
        QName qName = null;
        for (TokenConsumerConfig tokenConsumerConfig : collection) {
            boolean z2 = false;
            QName type = tokenConsumerConfig.getType();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Checking the value type [" + type + "]...");
            }
            if (tokens != null) {
                Iterator<SecurityToken> it = tokens.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    SecurityToken next = it.next();
                    qName = next.getValueType();
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Comparing with the value type of the Token [" + qName + "]...");
                    }
                    if (type.equals(qName)) {
                        z2 = true;
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "A corresponding token found.");
                        }
                    } else if (Constants.LTPA_TOKEN.equals(type) || Constants.LTPAv2_TOKEN.equals(type)) {
                        if (Constants.LTPA_TOKEN.equals(qName) || Constants.LTPAv2_TOKEN.equals(qName)) {
                            if (tokenConsumerConfig.isEnforceTokenVersion()) {
                                z = true;
                                securityToken = next;
                            } else {
                                securityToken = next;
                            }
                        }
                    }
                }
            }
            if (!z2) {
                if (securityToken != null && !z) {
                    z2 = true;
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "A corresponding token found with value type [" + securityToken.getValueType().toString() + "].");
                    }
                }
                if (!z2 && collection2.size() > 0) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "The value type of the token consumer configuration: " + type);
                        Tr.debug(tc, "The value type of the token: " + qName);
                    }
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, collection2.size() + " CallerConfigs found, so start to process it...");
                    }
                    for (CallerConfig callerConfig : collection2) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Processing a CallerConfig [" + callerConfig + "]...");
                        }
                        QName callerIdentity = callerConfig.getCallerIdentity();
                        QName trustedIdentity = callerConfig.getTrustedIdentity();
                        ReferencePartConfig requiredSigningPartReference = callerConfig.getRequiredSigningPartReference();
                        boolean z3 = callerIdentity != null && callerIdentity.equals(type) && (requiredSigningPartReference == null || trustedIdentity != null);
                        boolean z4 = trustedIdentity != null && trustedIdentity.equals(type) && requiredSigningPartReference == null;
                        if (z3 || z4) {
                            z2 = true;
                        }
                    }
                }
            }
            if (!z2) {
                throw SoapSecurityException.format(Constants.FAILED_CHECK, "security.wssecurity.WSSConsumer.s14", tokenConsumerConfig.getType().toString());
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "checkRequiredSecurityToken(Set, Set, SecurityTokenManagerImpl)");
        }
    }

    private static void checkRequiredTimestamp(OMDocument oMDocument, TimestampConsumerConfig timestampConsumerConfig, Map<Object, Object> map, Map<Object, Object> map2) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("checkRequiredTimestamp(");
            stringBuffer.append("OMDocument doc[").append(DOMUtils.getDisplayName(oMDocument)).append("], ");
            stringBuffer.append("TimestampConsumerConfig config, Map selectors, Map context)");
            Tr.entry(tc, stringBuffer.toString());
        }
        try {
            WSSConsumerComponent wSSConsumerComponent = (WSSConsumerComponent) map.get(TimestampChecker.class);
            map2.put(TimestampConsumerConfig.CONFIG_KEY, timestampConsumerConfig);
            wSSConsumerComponent.invoke(oMDocument.getOMDocumentElement(), map2);
            if (WSSContextManagerFactory.getInstance().getAuditService().isEventRequired(WSSAuditService.WSSAuditEventType.SECURITY_RESOURCE_ACCESS, WSSAuditService.WSSAuditOutcome.SUCCESS)) {
                WSSAuditEventGeneratorFactory.getInstance().setAuditEventContext(map2, WSSAuditService.WSSAuditOutcome.SUCCESS, WSSAuditService.WSSAuditReason.TIMESTAMP, null);
                WSSAuditEventGeneratorFactory.getInstance().sendEvent(WSSAuditService.WSSAuditEventType.SECURITY_RESOURCE_ACCESS, (MessageContext) map2.get(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_MESSAGE_CONTEXT), map2);
            }
            if (tc.isEntryEnabled()) {
                StringBuffer stringBuffer2 = new StringBuffer("callEncryptionConsumer(");
                stringBuffer2.append("OMDocument, TimestampConsumerConfig, Map, Map)");
                Tr.exit(tc, stringBuffer2.toString());
            }
        } catch (SoapSecurityException e) {
            if (WSSContextManagerFactory.getInstance().getAuditService().isEventRequired(WSSAuditService.WSSAuditEventType.SECURITY_RESOURCE_ACCESS, WSSAuditService.WSSAuditOutcome.DENIED)) {
                MessageContext messageContext = (MessageContext) map2.get(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_MESSAGE_CONTEXT);
                WSSAuditEventGeneratorFactory.getInstance().setAuditEventContext(map2, WSSAuditService.WSSAuditOutcome.DENIED, WSSAuditService.WSSAuditReason.TIMESTAMP_BAD, e.getMessage());
                WSSAuditEventGeneratorFactory.getInstance().sendEvent(WSSAuditService.WSSAuditEventType.SECURITY_RESOURCE_ACCESS, messageContext, map2);
            }
            throw e;
        }
    }

    private static void checkCaller(Collection<CallerConfig> collection, TokenConsumerConfig tokenConsumerConfig, SecurityTokenManagerImpl securityTokenManagerImpl, Map<Object, Object> map) {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("checkCaller(");
            stringBuffer.append("Collection cconfigs, TokenConsumerConfig tconfig, ");
            stringBuffer.append("SecurityTokenManagerImpl securityTokenManager, Map context)");
            Tr.entry(tc, stringBuffer.toString());
        }
        if (tokenConsumerConfig != null && collection != null) {
            Collection<SecurityToken> tokens = securityTokenManagerImpl.getTokens();
            if (tokens.size() > 0) {
                QName type = tokenConsumerConfig.getType();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, tokens.size() + " tokens found.");
                    Tr.debug(tc, collection.size() + " CallerConfigs found, so start to process it...");
                    Tr.debug(tc, "The value type of the token consumer configuration: " + type);
                }
                for (CallerConfig callerConfig : collection) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Processing a CallerConfig [" + callerConfig + "]...");
                    }
                    QName callerIdentity = callerConfig.getCallerIdentity();
                    QName trustedIdentity = callerConfig.getTrustedIdentity();
                    ReferencePartConfig requiredSigningPartReference = callerConfig.getRequiredSigningPartReference();
                    boolean z = callerIdentity != null && callerIdentity.equals(type) && (requiredSigningPartReference == null || trustedIdentity != null);
                    boolean z2 = trustedIdentity != null && trustedIdentity.equals(type) && requiredSigningPartReference == null;
                    if (z || z2) {
                        boolean z3 = false;
                        boolean z4 = false;
                        for (SecurityToken securityToken : tokens) {
                            QName valueType = securityToken.getValueType();
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "The value type of the token: " + valueType);
                            }
                            if (z) {
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "Checking the caller identity [" + callerIdentity + "]...");
                                }
                                if (callerIdentity.equals(valueType)) {
                                    z3 = true;
                                } else if ((Constants.LTPA_TOKEN.equals(callerIdentity) || Constants.LTPAv2_TOKEN.equals(callerIdentity)) && (Constants.LTPA_TOKEN.equals(valueType) || Constants.LTPAv2_TOKEN.equals(valueType))) {
                                    if (tokenConsumerConfig.isEnforceTokenVersion()) {
                                        map.put(Constants.LTPA_ENFORCE_TOKEN_VERSION, "true");
                                    } else {
                                        z3 = true;
                                    }
                                }
                            }
                            if (z2) {
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "Checking the trusted identity [" + trustedIdentity + "]...");
                                }
                                if (trustedIdentity.equals(valueType)) {
                                    z4 = true;
                                } else if ((Constants.LTPA_TOKEN.equals(trustedIdentity) || Constants.LTPAv2_TOKEN.equals(trustedIdentity)) && (Constants.LTPA_TOKEN.equals(valueType) || Constants.LTPAv2_TOKEN.equals(valueType))) {
                                    if (tokenConsumerConfig.isEnforceTokenVersion()) {
                                        map.put(Constants.LTPA_ENFORCE_TOKEN_VERSION, "true");
                                    } else {
                                        z4 = true;
                                    }
                                }
                            }
                            if (z3 || z4) {
                                AuthResult authResult = new AuthResult(securityTokenManagerImpl.getTokenWrapper(securityToken), callerConfig, z3, z4);
                                ResultPool.add(map, authResult);
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "Added AuthResult[" + authResult + "] into the ResultPool.");
                                }
                            }
                        }
                    }
                }
            }
        }
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer2 = new StringBuffer("checkCaller(");
            stringBuffer2.append("Set, TokenConsumerConfig, SecurityTokenManagerImpl, Map)");
            Tr.exit(tc, stringBuffer2.toString());
        }
    }

    private static void checkCaller(Collection<CallerConfig> collection, TokenConsumerConfig tokenConsumerConfig, SecurityTokenWrapper securityTokenWrapper, SecurityTokenManagerImpl securityTokenManagerImpl, Map<Object, Object> map) {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("checkCaller(");
            stringBuffer.append("Collection cconfigs, TokenConsumerConfig tconfig, ");
            stringBuffer.append("SecurityTokenWrapper tokenWrapper[").append(securityTokenWrapper).append("], ");
            stringBuffer.append("SecurityTokenManagerImpl securityTokenManager, Map context)");
            Tr.entry(tc, stringBuffer.toString());
        }
        if (tokenConsumerConfig != null && collection != null) {
            QName type = tokenConsumerConfig.getType();
            QName valueType = securityTokenWrapper.getValueType();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "The value type of the token consumer configuration: " + type);
                Tr.debug(tc, "The value type of the token: " + valueType);
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, collection.size() + " CallerConfigs found, so start to process it...");
            }
            for (CallerConfig callerConfig : collection) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Processing a CallerConfig [" + callerConfig + "]...");
                }
                QName callerIdentity = callerConfig.getCallerIdentity();
                QName trustedIdentity = callerConfig.getTrustedIdentity();
                ReferencePartConfig requiredSigningPartReference = callerConfig.getRequiredSigningPartReference();
                boolean z = callerIdentity != null && callerIdentity.equals(type) && (requiredSigningPartReference == null || trustedIdentity != null);
                boolean z2 = trustedIdentity != null && trustedIdentity.equals(type) && requiredSigningPartReference == null;
                if (z || z2) {
                    boolean z3 = false;
                    boolean z4 = false;
                    if (z) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Checking the caller identity [" + callerIdentity + "]...");
                        }
                        if (callerIdentity.equals(valueType)) {
                            z3 = true;
                        } else if ((Constants.LTPA_TOKEN.equals(callerIdentity) || Constants.LTPAv2_TOKEN.equals(callerIdentity)) && (Constants.LTPA_TOKEN.equals(valueType) || Constants.LTPAv2_TOKEN.equals(valueType))) {
                            if (tokenConsumerConfig.isEnforceTokenVersion()) {
                                map.put(Constants.LTPA_ENFORCE_TOKEN_VERSION, "true");
                            } else {
                                z3 = true;
                            }
                        }
                    }
                    if (z2) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Checking the trusted identity [" + trustedIdentity + "]...");
                        }
                        if (trustedIdentity.equals(valueType)) {
                            z4 = true;
                        } else if ((Constants.LTPA_TOKEN.equals(trustedIdentity) || Constants.LTPAv2_TOKEN.equals(trustedIdentity)) && (Constants.LTPA_TOKEN.equals(valueType) || Constants.LTPAv2_TOKEN.equals(valueType))) {
                            if (tokenConsumerConfig.isEnforceTokenVersion()) {
                                map.put(Constants.LTPA_ENFORCE_TOKEN_VERSION, "true");
                            } else {
                                z4 = true;
                            }
                        }
                    }
                    if (z3 || z4) {
                        AuthResult authResult = new AuthResult(securityTokenWrapper, callerConfig, z3, z4);
                        ResultPool.add(map, authResult);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Added AuthResult[" + authResult + "] into the ResultPool.");
                        }
                    }
                }
            }
        }
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer2 = new StringBuffer("checkCaller(");
            stringBuffer2.append("Set, TokenConsumerConfig, SecurityTokenWrapper, ");
            stringBuffer2.append("SecurityTokenManagerImpl, Map)");
            Tr.exit(tc, stringBuffer2.toString());
        }
    }

    private static void checkCaller(Map<Object, Object> map, Map<Object, Object> map2) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkCaller(Map selectors, Map context)");
        }
        ((WSSConsumerComponent) map.get(LoginProcessor.class)).invoke(null, map2);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "checkCaller(Map, Map)");
        }
    }

    private static void cleanSubject(SecurityTokenManagerImpl securityTokenManagerImpl, Map<Object, Object> map) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "cleanSubject(Map context)");
        }
        Collection<SecurityTokenWrapper> tokenWrappers = securityTokenManagerImpl.getTokenWrappers();
        if (tokenWrappers != null && tokenWrappers.size() > 0) {
            HashMap hashMap = new HashMap();
            Result[] resultArr = ResultPool.get(map, VerificationResult.class);
            if (resultArr != null) {
                for (Result result : resultArr) {
                    SecurityTokenWrapper tokenWrapper = ((VerificationResult) result).getTokenWrapper();
                    if (tokenWrapper != null) {
                        String id = tokenWrapper.getId();
                        if (!hashMap.containsKey(id)) {
                            hashMap.put(id, tokenWrapper);
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "The token whose unique id is [" + id + "]: <<<" + tokenWrapper + ">>>.");
                            }
                        } else if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "WARNING: The token that has the same unique id [" + id + "] exists.");
                            Tr.debug(tc, "The already stored token is [" + hashMap.get(id) + "] and this is keeped.");
                            Tr.debug(tc, "A newly found token is [" + tokenWrapper + "] and this is ignored.");
                        }
                    }
                }
            }
            Result[] resultArr2 = ResultPool.get(map, DecryptionResult.class);
            if (resultArr2 != null) {
                for (Result result2 : resultArr2) {
                    SecurityTokenWrapper tokenWrapper2 = ((DecryptionResult) result2).getTokenWrapper();
                    if (tokenWrapper2 != null) {
                        String id2 = tokenWrapper2.getId();
                        if (!hashMap.containsKey(id2)) {
                            hashMap.put(id2, tokenWrapper2);
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "The token whose unique id is [" + id2 + "]: <<<" + tokenWrapper2 + ">>>.");
                            }
                        } else if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "WARNING: The token that has the same unique id [" + id2 + "] exists.");
                            Tr.debug(tc, "The already stored token is [" + hashMap.get(id2) + "] and this is keeped.");
                            Tr.debug(tc, "A newly found token is [" + tokenWrapper2 + "] and this is ignored.");
                        }
                    }
                }
            }
            for (SecurityTokenWrapper securityTokenWrapper : tokenWrappers) {
                if (securityTokenWrapper.getError() == null) {
                    String id3 = securityTokenWrapper.getId();
                    if (!hashMap.containsKey(id3)) {
                        hashMap.put(id3, securityTokenWrapper);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "The token whose unique id is [" + id3 + "]: <<<" + securityTokenWrapper + ">>>.");
                        }
                    }
                }
            }
            securityTokenManagerImpl.removeAllTokens();
            if (hashMap.size() > 0) {
                securityTokenManagerImpl.addTokenWrappers(hashMap.values());
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "cleanSubject(Map context)");
        }
    }

    private static void mapTokenToMessageContext(MessageContext messageContext, SecurityTokenManagerImpl securityTokenManagerImpl, Map<Object, Object> map) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("mapTokenToMessageContext(");
            stringBuffer.append("MessageContext messageContext, ");
            stringBuffer.append("SecurityTokenManagerImpl securityTokenManager, Map context)");
            Tr.entry(tc, stringBuffer.toString());
        }
        int i = 0;
        Collection<SecurityToken> tokens = securityTokenManagerImpl.getTokens();
        if (tokens != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, tokens.size() + " tokens found.");
            }
            if (tokens.size() > 0) {
                Hashtable hashtable = new Hashtable();
                for (SecurityToken securityToken : tokens) {
                    String id = securityToken.getId();
                    if (id == null) {
                        i++;
                        id = IdUtils.getInstance().makeUniqueId("Token_") + "_" + i;
                    }
                    hashtable.put(id, securityToken);
                }
                messageContext.setProperty(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_TOKEN_PROPERGATION, hashtable);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "A table of tokens is copied to the property in the MessageContext.");
                }
            }
        }
        if (Axis2Util.isServiceProvider(messageContext)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "This is server process. So the runtime is storing a signer certificate...");
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Checking verification results...");
            }
            Result[] resultArr = ResultPool.get(map, VerificationResult.class);
            if (resultArr != null && resultArr.length != 0) {
                X509Token x509Token = null;
                if (resultArr.length != 1) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "More than one verification tokens found.");
                    }
                    int i2 = 0;
                    while (true) {
                        if (i2 >= resultArr.length) {
                            break;
                        }
                        SecurityTokenWrapper tokenWrapper = ((VerificationResult) resultArr[i2]).getTokenWrapper();
                        SecurityToken securityToken2 = tokenWrapper.getSecurityToken();
                        if ((securityToken2 instanceof X509Token) && tokenWrapper.isUsedToLogin()) {
                            x509Token = (X509Token) securityToken2;
                            break;
                        }
                        i2++;
                    }
                } else {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Only one verification token found.");
                    }
                    SecurityToken securityToken3 = ((VerificationResult) resultArr[0]).getTokenWrapper().getSecurityToken();
                    if (securityToken3 instanceof X509Token) {
                        x509Token = (X509Token) securityToken3;
                    }
                }
                if (x509Token != null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "The X509 token that includes a signer certificate [" + x509Token + "].");
                    }
                    X509Certificate certificate = x509Token.getCertificate();
                    if (certificate == null) {
                        Tr.warning(tc, "security.wssecurity.WSSConsumer.s33");
                    } else {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Signer certificate is stored in the message context [" + certificate + "].");
                        }
                        messageContext.setProperty(Constants0.REQUEST_CERT, certificate);
                    }
                } else if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Unable to specify the one of X509 certificates in the request message.");
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "No signer X509 certificate was found in the request message.");
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "mapTokenToMessageContext(MessageContext, Map)");
        }
    }

    private static void copyContextSubjectToMessageContext(MessageContext messageContext, Map<Object, Object> map) {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("copyContextSubjectToMessageContext(");
            stringBuffer.append("MessageContext messageContext, Map context)");
            Tr.entry(tc, stringBuffer.toString());
        }
        messageContext.setProperty(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_TOKEN_WSSSUBJECT, (Subject) map.get(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_SUBJECT));
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "copyContextSubjectToMessageContext(MessageContext, Map)");
        }
    }

    private static void lockResults(Map<Object, Object> map, boolean z, boolean z2) {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("lockResults(");
            stringBuffer.append("Map context, ");
            stringBuffer.append("boolean signature[").append(z).append("], ");
            stringBuffer.append("boolean locked[").append(z2).append("])");
            Tr.entry(tc, stringBuffer.toString());
        }
        if (z) {
            Result[] resultArr = ResultPool.get(map, VerificationResult.class);
            if (resultArr != null && resultArr.length > 0) {
                for (Result result : resultArr) {
                    ((VerificationResult) result).setLocked(z2);
                }
            }
        } else {
            Result[] resultArr2 = ResultPool.get(map, DecryptionResult.class);
            if (resultArr2 != null && resultArr2.length > 0) {
                for (Result result2 : resultArr2) {
                    ((DecryptionResult) result2).setLocked(z2);
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "lockResults(Map, boolean, boolean)");
        }
    }

    private static void removeKeyInfoResults(Map<Object, Object> map) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "removeKeyInfoResults(Map context)");
        }
        Result[] resultArr = ResultPool.get(map, KeyInfoResult.class);
        if (resultArr != null && resultArr.length > 0) {
            ResultPool.remove(map, resultArr);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "removeKeyInfoResults(Map context)");
        }
    }

    private static void restoreResults(Map<Object, Object> map, boolean z) {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("restoreResults(");
            stringBuffer.append("Map context, ");
            stringBuffer.append("boolean signature[").append(z).append("])");
            Tr.entry(tc, stringBuffer.toString());
        }
        if (z) {
            Result[] resultArr = ResultPool.get(map, VerificationResult.class);
            if (resultArr != null && resultArr.length > 0) {
                VerificationResult verificationResult = (VerificationResult) resultArr[resultArr.length - 1];
                if (!verificationResult.getLocked()) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Restoring a verification result [" + verificationResult + "]...");
                    }
                    List<VerificationResult.VerifiedPart> verifiedParts = verificationResult.getVerifiedParts();
                    if (verifiedParts != null) {
                        int size = verifiedParts.size();
                        for (int i = 0; i < size; i++) {
                            VerificationResult.VerifiedPart verifiedPart = verifiedParts.get(i);
                            if (verifiedPart.getNonce() != null || verifiedPart.getTimestamp() != null) {
                                if (verifiedPart.getNonceFirst()) {
                                    verifiedPart.getParent().addChild(verifiedPart.getNonce());
                                    if (tc.isDebugEnabled()) {
                                        if (verifiedPart.getParent() instanceof OMElement) {
                                            Tr.debug(tc, "Nonce is restored into the node[" + DOMUtils.getDisplayName((OMNode) verifiedPart.getParent()) + "].");
                                        } else {
                                            Tr.debug(tc, "Nonce is restored into the node[" + verifiedPart.getParent() + "].");
                                        }
                                    }
                                    if (verifiedPart.getNonce() != null) {
                                        verifiedPart.getParent().addChild(verifiedPart.getTimestamp());
                                        if (tc.isDebugEnabled()) {
                                            if (verifiedPart.getParent() instanceof OMElement) {
                                                Tr.debug(tc, "Timestmap is restored into the node[" + DOMUtils.getDisplayName((OMNode) verifiedPart.getParent()) + "].");
                                            } else {
                                                Tr.debug(tc, "Timestmap is restored into the node[" + verifiedPart.getParent() + "].");
                                            }
                                        }
                                    }
                                } else {
                                    verifiedPart.getParent().addChild(verifiedPart.getTimestamp());
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "Timestamp is restored into the node[" + DOMUtils.getDisplayName(verifiedPart.getParent()) + "].");
                                    }
                                    if (verifiedPart.getNonce() != null) {
                                        verifiedPart.getParent().addChild(verifiedPart.getNonce());
                                        if (tc.isDebugEnabled()) {
                                            Tr.debug(tc, "Nonce is restored into the node[" + DOMUtils.getDisplayName(verifiedPart.getParent()) + "].");
                                        }
                                    }
                                }
                            }
                        }
                    }
                    ResultPool.remove(map, verificationResult);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Removed the verification result.");
                    }
                }
            }
        } else {
            Result[] resultArr2 = ResultPool.get(map, DecryptionResult.class);
            if (resultArr2 != null && resultArr2.length > 0) {
                DecryptionResult decryptionResult = (DecryptionResult) resultArr2[resultArr2.length - 1];
                if (!decryptionResult.getLocked()) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Restoring a decryption result [" + decryptionResult + "]...");
                    }
                    List<DecryptionResult.DecryptedPart> decryptedParts = decryptionResult.getDecryptedParts();
                    if (decryptedParts != null) {
                        int size2 = decryptedParts.size();
                        for (int i2 = 0; i2 < size2; i2++) {
                            DecryptionResult.DecryptedPart decryptedPart = decryptedParts.get(i2);
                            if (decryptedPart.getNonce() != null || decryptedPart.getTimestamp() != null) {
                                if (decryptedPart.getNonceFirst()) {
                                    decryptedPart.getParent().addChild(decryptedPart.getNonce());
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "Nonce is restored into the node[" + DOMUtils.getDisplayName(decryptedPart.getParent()) + "].");
                                    }
                                    if (decryptedPart.getNonce() != null) {
                                        decryptedPart.getParent().addChild(decryptedPart.getTimestamp());
                                        if (tc.isDebugEnabled()) {
                                            Tr.debug(tc, "Timestmap is restored into the node[" + DOMUtils.getDisplayName(decryptedPart.getParent()) + "].");
                                        }
                                    }
                                } else {
                                    decryptedPart.getParent().addChild(decryptedPart.getTimestamp());
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "Timestamp is restored into the node[" + DOMUtils.getDisplayName(decryptedPart.getParent()) + "].");
                                    }
                                    if (decryptedPart.getNonce() != null) {
                                        decryptedPart.getParent().addChild(decryptedPart.getNonce());
                                        if (tc.isDebugEnabled()) {
                                            Tr.debug(tc, "Nonce is restored into the node[" + DOMUtils.getDisplayName(decryptedPart.getParent()) + "].");
                                        }
                                    }
                                }
                            }
                        }
                    }
                    ResultPool.remove(map, decryptionResult);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Removed the decryption result.");
                    }
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "restoreResults(Map, boolean)");
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:50:0x021c, code lost:
    
        r8 = 2;
     */
    /* JADX WARN: Code restructure failed: missing block: B:51:0x0227, code lost:
    
        if (com.ibm.ws.wssecurity.core.WSSConsumer.tc.isDebugEnabled() == false) goto L57;
     */
    /* JADX WARN: Code restructure failed: missing block: B:52:0x022a, code lost:
    
        com.ibm.ws.wssecurity.util.Tr.debug(com.ibm.ws.wssecurity.core.WSSConsumer.tc, "The token is used for decryption.");
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static int getUsedFor(org.apache.axiom.om.OMElement r4, org.apache.axiom.om.OMElement r5, java.lang.String r6, java.lang.String r7) {
        /*
            Method dump skipped, instructions count: 638
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ws.wssecurity.core.WSSConsumer.getUsedFor(org.apache.axiom.om.OMElement, org.apache.axiom.om.OMElement, java.lang.String, java.lang.String):int");
    }

    public void mapSignedPartsToMessageContext(MessageContext messageContext, Map<Object, Object> map) {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("mapSignedPartsToMessageContext(");
            stringBuffer.append("MessageContext messageContext, Map context)");
            Tr.entry(tc, stringBuffer.toString());
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Checking verification results...");
        }
        Result[] resultArr = ResultPool.get(map, VerificationResult.class);
        ArrayList arrayList = new ArrayList();
        DerivedKeyToken derivedKeyToken = null;
        if (resultArr != null && resultArr.length != 0) {
            if (resultArr.length == 1 && tc.isDebugEnabled()) {
                Tr.debug(tc, "Only one VerificationResult object found.");
            }
            for (Result result : resultArr) {
                VerificationResult verificationResult = (VerificationResult) result;
                SecurityTokenWrapper tokenWrapper = verificationResult.getTokenWrapper();
                if (tokenWrapper != null) {
                    SecurityToken securityToken = tokenWrapper.getSecurityToken();
                    if (securityToken instanceof DerivedKeyToken) {
                        derivedKeyToken = (DerivedKeyToken) securityToken;
                        for (VerificationResult.VerifiedPart verifiedPart : verificationResult.getVerifiedParts()) {
                            if (verifiedPart.getObject() != null) {
                                arrayList.add(verifiedPart.getObject());
                            }
                        }
                    }
                }
            }
            if (!arrayList.isEmpty()) {
                HashMap hashMap = new HashMap();
                hashMap.put(derivedKeyToken.getSecurityContextTokenTokenUUID(), arrayList);
                messageContext.setProperty("SIGNED_ELEMENTS_MAP", hashMap);
                messageContext.setProperty("SCT_USEDFOR_MS", derivedKeyToken.getSecurityContextTokenTokenUUID());
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "No verification results were found.");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "mapSignedPartsToMessageContext(MessageContext, Map)");
        }
    }

    public void mapEncryptedPartsToMessageContext(MessageContext messageContext, Map<Object, Object> map) {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("mapEncryptedPartsToMessageContext(");
            stringBuffer.append("MessageContext messageContext, Map context)");
            Tr.entry(tc, stringBuffer.toString());
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Checking decryption results...");
        }
        Result[] resultArr = ResultPool.get(map, DecryptionResult.class);
        ArrayList arrayList = new ArrayList();
        DerivedKeyToken derivedKeyToken = null;
        if (resultArr != null && resultArr.length != 0) {
            if (resultArr.length == 1 && tc.isDebugEnabled()) {
                Tr.debug(tc, "Only one DecryptionResult object found.");
            }
            for (Result result : resultArr) {
                DecryptionResult decryptionResult = (DecryptionResult) result;
                SecurityTokenWrapper tokenWrapper = decryptionResult.getTokenWrapper();
                if (tokenWrapper != null) {
                    SecurityToken securityToken = tokenWrapper.getSecurityToken();
                    if (securityToken instanceof DerivedKeyToken) {
                        derivedKeyToken = (DerivedKeyToken) securityToken;
                        for (DecryptionResult.DecryptedPart decryptedPart : decryptionResult.getDecryptedParts()) {
                            if (decryptedPart.getObject() != null) {
                                arrayList.add(decryptedPart.getObject());
                            }
                        }
                    }
                }
            }
            if (!arrayList.isEmpty()) {
                HashMap hashMap = new HashMap();
                hashMap.put(derivedKeyToken.getSecurityContextTokenTokenUUID(), arrayList);
                messageContext.setProperty("DECRYPTED_ELEMENTS_MAP", hashMap);
                messageContext.setProperty("SCT_USEDFOR_MS", derivedKeyToken.getSecurityContextTokenTokenUUID());
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "No decryption results were found.");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "mapEncryptedPartsToMessageContext(MessageContext, Map)");
        }
    }
}
