package com.sun.xml.wss.impl.misc;

import com.sun.org.apache.xml.internal.security.utils.RFC2253Parser;
import com.sun.xml.ws.security.trust.WSTrustConstants;
import com.sun.xml.wss.AliasSelector;
import com.sun.xml.wss.RealmAuthenticationAdapter;
import com.sun.xml.wss.XWSSConstants;
import com.sun.xml.wss.XWSSecurityException;
import com.sun.xml.wss.core.reference.X509SubjectKeyIdentifier;
import com.sun.xml.wss.impl.MessageConstants;
import com.sun.xml.wss.impl.XWSSecurityRuntimeException;
import com.sun.xml.wss.impl.callback.CertStoreCallback;
import com.sun.xml.wss.impl.callback.CertificateValidationCallback;
import com.sun.xml.wss.impl.callback.DecryptionKeyCallback;
import com.sun.xml.wss.impl.callback.DynamicPolicyCallback;
import com.sun.xml.wss.impl.callback.EncryptionKeyCallback;
import com.sun.xml.wss.impl.callback.KeyStoreCallback;
import com.sun.xml.wss.impl.callback.PasswordCallback;
import com.sun.xml.wss.impl.callback.PasswordValidationCallback;
import com.sun.xml.wss.impl.callback.PrivateKeyCallback;
import com.sun.xml.wss.impl.callback.SAMLAssertionValidator;
import com.sun.xml.wss.impl.callback.SAMLCallback;
import com.sun.xml.wss.impl.callback.SignatureKeyCallback;
import com.sun.xml.wss.impl.callback.SignatureVerificationKeyCallback;
import com.sun.xml.wss.impl.callback.TimestampValidationCallback;
import com.sun.xml.wss.impl.callback.UsernameCallback;
import com.sun.xml.wss.impl.policy.SecurityPolicy;
import com.sun.xml.wss.impl.policy.mls.AuthenticationTokenPolicy;
import com.sun.xml.wss.impl.policy.mls.PrivateKeyBinding;
import com.sun.xml.wss.logging.LogDomainConstants;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
import java.math.BigInteger;
import java.net.URL;
import java.security.AccessController;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PrivilegedAction;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertPathValidator;
import java.security.cert.CertSelector;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.GregorianCalendar;
import java.util.Iterator;
import java.util.Map;
import java.util.Properties;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.w3c.dom.Element;

/* loaded from: input_file:spg-ui-war-2.1.6.war:WEB-INF/lib/xws-security-3.0.jar:com/sun/xml/wss/impl/misc/DefaultCallbackHandler.class */
public class DefaultCallbackHandler implements CallbackHandler {
    public static final String KEYSTORE_URL = "keystore.url";
    public static final String KEYSTORE_TYPE = "keystore.type";
    public static final String KEYSTORE_PASSWORD = "keystore.password";
    public static final String KEY_PASSWORD = "key.password";
    public static final String MY_ALIAS = "my.alias";
    public static final String MY_USERNAME = "my.username";
    public static final String MY_PASSWORD = "my.password";
    public static final String TRUSTSTORE_URL = "truststore.url";
    public static final String TRUSTSTORE_TYPE = "truststore.type";
    public static final String TRUSTSTORE_PASSWORD = "truststore.password";
    public static final String PEER_ENTITY_ALIAS = "peerentity.alias";
    public static final String STS_ALIAS = "sts.alias";
    public static final String SERVICE_ALIAS = "service.alias";
    public static final String USERNAME_CBH = "username.callback.handler";
    public static final String PASSWORD_CBH = "password.callback.handler";
    public static final String SAML_CBH = "saml.callback.handler";
    public static final String KEYSTORE_CBH = "keystore.callback.handler";
    public static final String TRUSTSTORE_CBH = "truststore.callback.handler";
    public static final String USERNAME_VALIDATOR = "username.validator";
    public static final String SAML_VALIDATOR = "saml.validator";
    public static final String TIMESTAMP_VALIDATOR = "timestamp.validator";
    public static final String CERTIFICATE_VALIDATOR = "certificate.validator";
    public static final String MAX_CLOCK_SKEW_PROPERTY = "max.clock.skew";
    public static final String MAX_NONCE_AGE_PROPERTY = "max.nonce.age";
    public static final String TIMESTAMP_FRESHNESS_LIMIT_PROPERTY = "timestamp.freshness.limit";
    public static final String REVOCATION_ENABLED = "revocation.enabled";
    public static final String CERTSTORE_CBH = "certstore.cbh";
    public static final String CERTSTORE_CERTSELECTOR = "certstore.certselector";
    public static final String CERTSTORE_CRLSELECTOR = "certstore.crlselector";
    public static final String KEYSTORE_CERTSELECTOR = "keystore.certselector";
    public static final String TRUSTSTORE_CERTSELECTOR = "truststore.certselector";
    public static final String JMAC_CALLBACK_HANDLER = "jmac.callbackhandler";
    public static final String KRB5_LOGIN_MODULE = "krb5.login.module";
    public static final String KRB5_SERVICE_PRINCIPAL = "krb5.service.principal";
    public static final String KRB5_CREDENTIAL_DELEGATION = "krb5.credential.delegation";
    public static final String USE_XWSS_CALLBACKS = "user.xwss.callbacks";
    private String keyStoreURL;
    private String keyStorePassword;
    private String keyStoreType;
    private String myAlias;
    private String keyPwd;
    private char[] keyPassword;
    private String trustStoreURL;
    private String trustStorePassword;
    private String trustStoreType;
    private String peerEntityAlias;
    private String certStoreCBHClassName;
    private String certSelectorClassName;
    private String crlSelectorClassName;
    private String keystoreCertSelectorClassName;
    private String truststoreCertSelectorClassName;
    private String myUsername;
    private String myPassword;
    private KeyStore keyStore;
    private KeyStore trustStore;
    private Class usernameCbHandler;
    private Class passwordCbHandler;
    private Class samlCbHandler;
    private Class keystoreCbHandler;
    private Class truststoreCbHandler;
    private Class certstoreCbHandler;
    private Class certSelectorClass;
    private Class crlSelectorClass;
    private Class usernameValidator;
    private Class timestampValidator;
    private Class samlValidator;
    private Class certificateValidator;
    protected long maxClockSkewG;
    protected long timestampFreshnessLimitG;
    protected long maxNonceAge;
    protected String revocationEnabledAttr;
    protected boolean revocationEnabled;
    protected String mcs;
    protected String tfl;
    protected String mna;
    private static Logger log = Logger.getLogger(LogDomainConstants.IMPL_MISC_DOMAIN, LogDomainConstants.IMPL_MISC_DOMAIN_BUNDLE);
    private static final String fileSeparator = System.getProperty("file.separator");
    private static final UnsupportedCallbackException unsupported = new UnsupportedCallbackException(null, "Unsupported Callback Type Encountered");
    private static final java.net.URI ISSUE_REQUEST_URI = java.net.URI.create(WSTrustConstants.REQUEST_SECURITY_TOKEN_ISSUE_ACTION);
    private CallbackHandler usernameHandler;
    private CallbackHandler passwordHandler;
    private CallbackHandler samlHandler;
    private CallbackHandler certstoreHandler;
    private CallbackHandler keystoreHandler;
    private CallbackHandler truststoreHandler;
    private PasswordValidationCallback.PasswordValidator pwValidator;
    private TimestampValidationCallback.TimestampValidator tsValidator;
    private CertificateValidationCallback.CertificateValidator certValidator;
    private SAMLAssertionValidator sValidator;
    private CertificateValidationCallback.CertificateValidator defaultCertValidator;
    private TimestampValidationCallback.TimestampValidator defaultTSValidator;
    private RealmAuthenticationAdapter usernameAuthenticator;
    private RealmAuthenticationAdapter defRealmAuthenticator;
    private CertStore certStore;
    private Class keystoreCertSelectorClass;
    private Class truststoreCertSelectorClass;
    private String useXWSSCallbacksStr;
    private boolean useXWSSCallbacks;

    /* loaded from: input_file:spg-ui-war-2.1.6.war:WEB-INF/lib/xws-security-3.0.jar:com/sun/xml/wss/impl/misc/DefaultCallbackHandler$DefaultTimestampValidator.class */
    private class DefaultTimestampValidator implements TimestampValidationCallback.TimestampValidator {
        private DefaultTimestampValidator() {
        }

        @Override // com.sun.xml.wss.impl.callback.TimestampValidationCallback.TimestampValidator
        public void validate(TimestampValidationCallback.Request request) throws TimestampValidationCallback.TimestampValidationException {
            Date parse;
            TimestampValidationCallback.UTCTimestampRequest uTCTimestampRequest = (TimestampValidationCallback.UTCTimestampRequest) request;
            SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
            SimpleDateFormat simpleDateFormat2 = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'.'SSS'Z'");
            Date date = null;
            try {
                parse = simpleDateFormat.parse(uTCTimestampRequest.getCreated());
                if (uTCTimestampRequest.getExpired() != null) {
                    date = simpleDateFormat.parse(uTCTimestampRequest.getExpired());
                }
            } catch (ParseException e) {
                try {
                    parse = simpleDateFormat2.parse(uTCTimestampRequest.getCreated());
                    if (uTCTimestampRequest.getExpired() != null) {
                        date = simpleDateFormat2.parse(uTCTimestampRequest.getExpired());
                    }
                } catch (ParseException e2) {
                    DefaultCallbackHandler.log.log(Level.SEVERE, "WSS1513.exception.validate.timestamp");
                    throw new TimestampValidationCallback.TimestampValidationException(e2.getMessage());
                }
            }
            long maxClockSkew = uTCTimestampRequest.getMaxClockSkew();
            if (DefaultCallbackHandler.this.mcs != null && DefaultCallbackHandler.this.maxClockSkewG >= 0) {
                maxClockSkew = DefaultCallbackHandler.this.maxClockSkewG;
            }
            long timestampFreshnessLimit = uTCTimestampRequest.getTimestampFreshnessLimit();
            if (DefaultCallbackHandler.this.tfl != null && DefaultCallbackHandler.this.timestampFreshnessLimitG > 0) {
                timestampFreshnessLimit = DefaultCallbackHandler.this.timestampFreshnessLimitG;
            }
            DefaultCallbackHandler.this.validateCreationTime(parse, maxClockSkew, timestampFreshnessLimit);
            if (date != null) {
                DefaultCallbackHandler.this.validateExpirationTime(date, maxClockSkew, timestampFreshnessLimit);
            }
        }
    }

    /* loaded from: input_file:spg-ui-war-2.1.6.war:WEB-INF/lib/xws-security-3.0.jar:com/sun/xml/wss/impl/misc/DefaultCallbackHandler$X509CertificateValidatorImpl.class */
    private class X509CertificateValidatorImpl implements CertificateValidationCallback.CertificateValidator {
        private X509CertificateValidatorImpl() {
        }

        /* JADX WARN: Multi-variable type inference failed */
        /* JADX WARN: Type inference failed for: r0v36, types: [java.util.List] */
        @Override // com.sun.xml.wss.impl.callback.CertificateValidationCallback.CertificateValidator
        public boolean validate(X509Certificate x509Certificate) throws CertificateValidationCallback.CertificateValidationException {
            try {
                x509Certificate.checkValidity();
                if (x509Certificate.getIssuerX500Principal().equals(x509Certificate.getSubjectX500Principal())) {
                    return true;
                }
                X509CertSelector x509CertSelector = new X509CertSelector();
                x509CertSelector.setCertificate(x509Certificate);
                ArrayList arrayList = new ArrayList();
                boolean z = false;
                Object obj = null;
                int i = 0;
                boolean z2 = false;
                try {
                    PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(DefaultCallbackHandler.this.trustStore, x509CertSelector);
                    pKIXBuilderParameters.setRevocationEnabled(DefaultCallbackHandler.this.revocationEnabled);
                    if (DefaultCallbackHandler.this.certStore != null) {
                        pKIXBuilderParameters.addCertStore(DefaultCallbackHandler.this.certStore);
                    } else {
                        pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(Collections.singleton(x509Certificate))));
                    }
                    Certificate[] certificateArr = null;
                    String certificateAlias = DefaultCallbackHandler.this.trustStore.getCertificateAlias(x509Certificate);
                    if (certificateAlias != null) {
                        certificateArr = DefaultCallbackHandler.this.trustStore.getCertificateChain(certificateAlias);
                    }
                    if (certificateArr == null) {
                        arrayList.add(x509Certificate);
                        obj = x509Certificate.getIssuerX500Principal();
                        i = DefaultCallbackHandler.this.trustStore.size();
                    } else {
                        arrayList = Arrays.asList(certificateArr);
                    }
                    while (!z) {
                        int i2 = i;
                        i = i2 - 1;
                        if (i2 == 0 || certificateArr != null) {
                            break;
                        }
                        Enumeration<String> aliases = DefaultCallbackHandler.this.trustStore.aliases();
                        while (true) {
                            if (!aliases.hasMoreElements()) {
                                break;
                            }
                            Certificate certificate = DefaultCallbackHandler.this.trustStore.getCertificate(aliases.nextElement());
                            if (certificate != null && "X.509".equals(certificate.getType()) && !arrayList.contains(certificate)) {
                                X509Certificate x509Certificate2 = (X509Certificate) certificate;
                                if (obj.equals(x509Certificate2.getSubjectX500Principal())) {
                                    arrayList.add(certificate);
                                    if (x509Certificate2.getSubjectX500Principal().equals(x509Certificate2.getIssuerX500Principal())) {
                                        z = true;
                                        break;
                                    }
                                    obj = x509Certificate2.getIssuerDN();
                                    if (!z2) {
                                        z2 = true;
                                    }
                                } else {
                                    continue;
                                }
                            }
                        }
                        if (!z) {
                            if (!z2) {
                                break;
                            }
                            z2 = false;
                        }
                    }
                    try {
                        CertPathValidator.getInstance("PKIX").validate(CertificateFactory.getInstance("X.509").generateCertPath(arrayList), pKIXBuilderParameters);
                        return true;
                    } catch (Exception e) {
                        DefaultCallbackHandler.log.log(Level.SEVERE, "WSS1518.failedto.validate.certificate", (Throwable) e);
                        throw new CertificateValidationCallback.CertificateValidationException(e.getMessage(), e);
                    }
                } catch (Exception e2) {
                    DefaultCallbackHandler.log.log(Level.SEVERE, "WSS1518.failedto.validate.certificate", (Throwable) e2);
                    throw new CertificateValidationCallback.CertificateValidationException(e2.getMessage(), e2);
                }
            } catch (CertificateExpiredException e3) {
                DefaultCallbackHandler.log.log(Level.SEVERE, "WSS1517.X509.expired", (Throwable) e3);
                throw new CertificateValidationCallback.CertificateValidationException("X509Certificate Expired", e3);
            } catch (CertificateNotYetValidException e4) {
                DefaultCallbackHandler.log.log(Level.SEVERE, "WSS1527.X509.notValid", (Throwable) e4);
                throw new CertificateValidationCallback.CertificateValidationException("X509Certificate Not Yet Valid", e4);
            }
        }
    }

    public DefaultCallbackHandler(String str, Properties properties) throws XWSSecurityException {
        Properties properties2;
        this.keyPassword = null;
        this.revocationEnabled = false;
        this.mcs = null;
        this.tfl = null;
        this.mna = null;
        this.usernameAuthenticator = null;
        this.defRealmAuthenticator = null;
        this.certStore = null;
        if (properties == null || properties.isEmpty()) {
            properties2 = new Properties();
            InputStream resourceAsStream = Thread.currentThread().getContextClassLoader().getResourceAsStream(str + "-security-env.properties");
            if (resourceAsStream != null) {
                try {
                    properties2.load(resourceAsStream);
                } catch (IOException e) {
                    throw new XWSSecurityException(e);
                }
            }
        } else {
            properties2 = properties;
        }
        this.keyStoreURL = properties2.getProperty(KEYSTORE_URL);
        this.keyStoreURL = resolveHome(this.keyStoreURL);
        this.keyStoreType = properties2.getProperty(KEYSTORE_TYPE);
        this.keyStorePassword = properties2.getProperty(KEYSTORE_PASSWORD);
        this.keyPwd = properties2.getProperty(KEY_PASSWORD);
        this.myAlias = properties2.getProperty(MY_ALIAS);
        this.myUsername = properties2.getProperty(MY_USERNAME);
        this.myPassword = properties2.getProperty(MY_PASSWORD);
        this.trustStoreURL = properties2.getProperty(TRUSTSTORE_URL);
        this.trustStoreURL = resolveHome(this.trustStoreURL);
        this.keyStoreType = properties2.getProperty(KEYSTORE_TYPE);
        this.trustStoreType = properties2.getProperty(TRUSTSTORE_TYPE);
        this.trustStorePassword = properties2.getProperty(TRUSTSTORE_PASSWORD);
        this.peerEntityAlias = properties2.getProperty(PEER_ENTITY_ALIAS);
        this.certStoreCBHClassName = properties2.getProperty(CERTSTORE_CBH);
        this.certSelectorClassName = properties2.getProperty(CERTSTORE_CERTSELECTOR);
        this.crlSelectorClassName = properties2.getProperty(CERTSTORE_CRLSELECTOR);
        this.keystoreCertSelectorClassName = properties2.getProperty(KEYSTORE_CERTSELECTOR);
        this.truststoreCertSelectorClassName = properties2.getProperty(TRUSTSTORE_CERTSELECTOR);
        String property = properties2.getProperty(USERNAME_CBH);
        String property2 = properties2.getProperty(PASSWORD_CBH);
        String property3 = properties2.getProperty(SAML_CBH);
        String property4 = properties2.getProperty(KEYSTORE_CBH);
        String property5 = properties2.getProperty(TRUSTSTORE_CBH);
        String property6 = properties2.getProperty(USERNAME_VALIDATOR);
        String property7 = properties2.getProperty(SAML_VALIDATOR);
        String property8 = properties2.getProperty(TIMESTAMP_VALIDATOR);
        String property9 = properties2.getProperty(CERTIFICATE_VALIDATOR);
        this.usernameCbHandler = loadClass(property);
        this.passwordCbHandler = loadClass(property2);
        this.samlCbHandler = loadClass(property3);
        this.keystoreCbHandler = loadClass(property4);
        this.truststoreCbHandler = loadClass(property5);
        this.usernameValidator = loadClass(property6);
        this.samlValidator = loadClass(property7);
        this.timestampValidator = loadClass(property8);
        this.certificateValidator = loadClass(property9);
        this.keystoreCertSelectorClass = loadClass(this.keystoreCertSelectorClassName);
        this.truststoreCertSelectorClass = loadClass(this.truststoreCertSelectorClassName);
        this.certstoreCbHandler = loadClass(this.certStoreCBHClassName);
        this.certSelectorClass = loadClass(this.certSelectorClassName);
        this.crlSelectorClass = loadClass(this.crlSelectorClassName);
        this.mcs = properties2.getProperty(MAX_CLOCK_SKEW_PROPERTY);
        this.tfl = properties2.getProperty(TIMESTAMP_FRESHNESS_LIMIT_PROPERTY);
        this.mna = properties2.getProperty(MAX_NONCE_AGE_PROPERTY);
        this.revocationEnabledAttr = properties2.getProperty(REVOCATION_ENABLED);
        if (this.revocationEnabledAttr != null) {
            this.revocationEnabled = Boolean.parseBoolean(this.revocationEnabledAttr);
        }
        this.useXWSSCallbacksStr = properties2.getProperty(USE_XWSS_CALLBACKS);
        if (this.useXWSSCallbacksStr != null) {
            this.useXWSSCallbacks = Boolean.parseBoolean(this.useXWSSCallbacksStr);
        }
        this.maxClockSkewG = toLong(this.mcs);
        this.timestampFreshnessLimitG = toLong(this.tfl);
        this.maxNonceAge = toLong(this.mna);
        initTrustStore();
        initKeyStore();
        initNewInstances();
        this.defaultCertValidator = new X509CertificateValidatorImpl();
        this.defaultTSValidator = new DefaultTimestampValidator();
    }

    public DefaultCallbackHandler(String str, Properties properties, RealmAuthenticationAdapter realmAuthenticationAdapter) throws Exception {
        this(str, properties);
        this.usernameAuthenticator = realmAuthenticationAdapter;
        if (realmAuthenticationAdapter == null) {
            this.defRealmAuthenticator = RealmAuthenticationAdapter.newInstance(null);
        }
    }

    private void handleUsernameCallback(UsernameCallback usernameCallback) throws IOException, UnsupportedCallbackException {
        if (this.myUsername != null) {
            usernameCallback.setUsername(this.myUsername);
            return;
        }
        String str = (String) usernameCallback.getRuntimeProperties().get(XWSSConstants.USERNAME_PROPERTY);
        if (str == null) {
            str = (String) usernameCallback.getRuntimeProperties().get("javax.xml.ws.security.auth.username");
        }
        if (str != null) {
            usernameCallback.setUsername(str);
        } else {
            if (this.usernameHandler == null) {
                log.log(Level.SEVERE, "WSS1500.invalid.usernameHandler");
                throw new UnsupportedCallbackException(null, "Username Handler Not Configured");
            }
            Callback[] callbackArr = this.useXWSSCallbacks ? new Callback[]{usernameCallback} : new Callback[]{new NameCallback("Username=")};
            this.usernameHandler.handle(callbackArr);
            usernameCallback.setUsername(((NameCallback) callbackArr[0]).getName());
        }
    }

    private void handlePasswordCallback(PasswordCallback passwordCallback) throws IOException, UnsupportedCallbackException {
        if (this.myPassword != null) {
            passwordCallback.setPassword(this.myPassword);
            return;
        }
        String str = (String) passwordCallback.getRuntimeProperties().get("password");
        if (str == null) {
            str = (String) passwordCallback.getRuntimeProperties().get("javax.xml.ws.security.auth.password");
        }
        if (str != null) {
            passwordCallback.setPassword(str);
        } else {
            if (this.passwordHandler == null) {
                log.log(Level.SEVERE, "WSS1525.invalid.passwordHandler");
                throw new UnsupportedCallbackException(null, "Password Handler Not Configured");
            }
            Callback[] callbackArr = this.useXWSSCallbacks ? new Callback[]{passwordCallback} : new Callback[]{new javax.security.auth.callback.PasswordCallback("Password=", false)};
            this.passwordHandler.handle(callbackArr);
            passwordCallback.setPassword(new String(((javax.security.auth.callback.PasswordCallback) callbackArr[0]).getPassword()));
        }
    }

    private void handlePasswordValidation(PasswordValidationCallback passwordValidationCallback) throws IOException, UnsupportedCallbackException {
        if (!(passwordValidationCallback.getRequest() instanceof PasswordValidationCallback.PlainTextPasswordRequest)) {
            if (passwordValidationCallback.getRequest() instanceof PasswordValidationCallback.DigestPasswordRequest) {
                log.log(Level.SEVERE, "WSS1502.unsupported.digestAuth");
                throw new UnsupportedCallbackException(null, "Digest Authentication for Passwords Not Supported");
            }
            log.log(Level.SEVERE, "WSS1503.unsupported.requesttype");
            throw new UnsupportedCallbackException(null, "Unsupported Request Type for Password Validation");
        }
        if (this.pwValidator != null) {
            passwordValidationCallback.setValidator(this.pwValidator);
        } else if (this.usernameAuthenticator != null) {
            passwordValidationCallback.setRealmAuthentcationAdapter(this.usernameAuthenticator);
        } else {
            passwordValidationCallback.setRealmAuthentcationAdapter(this.defRealmAuthenticator);
        }
    }

    private void handleTimestampValidation(TimestampValidationCallback timestampValidationCallback) throws IOException, UnsupportedCallbackException {
        if (this.tsValidator != null) {
            timestampValidationCallback.setValidator(this.tsValidator);
        } else {
            timestampValidationCallback.setValidator(this.defaultTSValidator);
        }
    }

    @Override // javax.security.auth.callback.CallbackHandler
    public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
        for (int i = 0; i < callbackArr.length; i++) {
            if (callbackArr[i] instanceof UsernameCallback) {
                handleUsernameCallback((UsernameCallback) callbackArr[i]);
            } else if (callbackArr[i] instanceof PasswordCallback) {
                handlePasswordCallback((PasswordCallback) callbackArr[i]);
            } else if (callbackArr[i] instanceof PasswordValidationCallback) {
                handlePasswordValidation((PasswordValidationCallback) callbackArr[i]);
            } else if (callbackArr[i] instanceof TimestampValidationCallback) {
                handleTimestampValidation((TimestampValidationCallback) callbackArr[i]);
            } else if (callbackArr[i] instanceof SignatureVerificationKeyCallback) {
                SignatureVerificationKeyCallback signatureVerificationKeyCallback = (SignatureVerificationKeyCallback) callbackArr[i];
                if (signatureVerificationKeyCallback.getRequest() instanceof SignatureVerificationKeyCallback.X509SubjectKeyIdentifierBasedRequest) {
                    SignatureVerificationKeyCallback.X509SubjectKeyIdentifierBasedRequest x509SubjectKeyIdentifierBasedRequest = (SignatureVerificationKeyCallback.X509SubjectKeyIdentifierBasedRequest) signatureVerificationKeyCallback.getRequest();
                    x509SubjectKeyIdentifierBasedRequest.setX509Certificate(getCertificateFromTrustStore(x509SubjectKeyIdentifierBasedRequest.getSubjectKeyIdentifier(), signatureVerificationKeyCallback.getRuntimeProperties()));
                } else if (signatureVerificationKeyCallback.getRequest() instanceof SignatureVerificationKeyCallback.X509IssuerSerialBasedRequest) {
                    SignatureVerificationKeyCallback.X509IssuerSerialBasedRequest x509IssuerSerialBasedRequest = (SignatureVerificationKeyCallback.X509IssuerSerialBasedRequest) signatureVerificationKeyCallback.getRequest();
                    x509IssuerSerialBasedRequest.setX509Certificate(getCertificateFromTrustStore(x509IssuerSerialBasedRequest.getIssuerName(), x509IssuerSerialBasedRequest.getSerialNumber(), signatureVerificationKeyCallback.getRuntimeProperties()));
                } else if (signatureVerificationKeyCallback.getRequest() instanceof SignatureVerificationKeyCallback.ThumbprintBasedRequest) {
                    SignatureVerificationKeyCallback.ThumbprintBasedRequest thumbprintBasedRequest = (SignatureVerificationKeyCallback.ThumbprintBasedRequest) signatureVerificationKeyCallback.getRequest();
                    thumbprintBasedRequest.setX509Certificate(getCertificateFromTrustStoreForThumbprint(thumbprintBasedRequest.getThumbprintIdentifier(), signatureVerificationKeyCallback.getRuntimeProperties()));
                } else {
                    if (!(signatureVerificationKeyCallback.getRequest() instanceof SignatureVerificationKeyCallback.PublicKeyBasedRequest)) {
                        log.log(Level.SEVERE, "WSS1504.unsupported.callbackType");
                        throw unsupported;
                    }
                    SignatureVerificationKeyCallback.PublicKeyBasedRequest publicKeyBasedRequest = (SignatureVerificationKeyCallback.PublicKeyBasedRequest) signatureVerificationKeyCallback.getRequest();
                    publicKeyBasedRequest.setX509Certificate(getCertificateFromTrustStoreForSAML(publicKeyBasedRequest.getPublicKey(), signatureVerificationKeyCallback.getRuntimeProperties()));
                }
            } else if (callbackArr[i] instanceof SignatureKeyCallback) {
                SignatureKeyCallback signatureKeyCallback = (SignatureKeyCallback) callbackArr[i];
                if (signatureKeyCallback.getRequest() instanceof SignatureKeyCallback.DefaultPrivKeyCertRequest) {
                    getDefaultPrivKeyCert((SignatureKeyCallback.DefaultPrivKeyCertRequest) signatureKeyCallback.getRequest(), signatureKeyCallback.getRuntimeProperties());
                } else {
                    if (!(signatureKeyCallback.getRequest() instanceof SignatureKeyCallback.AliasPrivKeyCertRequest)) {
                        log.log(Level.SEVERE, "WSS1504.unsupported.callbackType");
                        throw unsupported;
                    }
                    SignatureKeyCallback.AliasPrivKeyCertRequest aliasPrivKeyCertRequest = (SignatureKeyCallback.AliasPrivKeyCertRequest) signatureKeyCallback.getRequest();
                    String alias = aliasPrivKeyCertRequest.getAlias();
                    try {
                        aliasPrivKeyCertRequest.setX509Certificate((X509Certificate) this.keyStore.getCertificate(alias));
                        aliasPrivKeyCertRequest.setPrivateKey(getPrivateKey(signatureKeyCallback.getRuntimeProperties(), alias));
                    } catch (Exception e) {
                        log.log(Level.SEVERE, "WSS1505.failedto.getkey", (Throwable) e);
                        throw new RuntimeException(e);
                    }
                }
            } else if (callbackArr[i] instanceof DecryptionKeyCallback) {
                DecryptionKeyCallback decryptionKeyCallback = (DecryptionKeyCallback) callbackArr[i];
                if (decryptionKeyCallback.getRequest() instanceof DecryptionKeyCallback.X509SubjectKeyIdentifierBasedRequest) {
                    DecryptionKeyCallback.X509SubjectKeyIdentifierBasedRequest x509SubjectKeyIdentifierBasedRequest2 = (DecryptionKeyCallback.X509SubjectKeyIdentifierBasedRequest) decryptionKeyCallback.getRequest();
                    x509SubjectKeyIdentifierBasedRequest2.setPrivateKey(getPrivateKey(x509SubjectKeyIdentifierBasedRequest2.getSubjectKeyIdentifier(), decryptionKeyCallback.getRuntimeProperties()));
                } else if (decryptionKeyCallback.getRequest() instanceof DecryptionKeyCallback.X509IssuerSerialBasedRequest) {
                    DecryptionKeyCallback.X509IssuerSerialBasedRequest x509IssuerSerialBasedRequest2 = (DecryptionKeyCallback.X509IssuerSerialBasedRequest) decryptionKeyCallback.getRequest();
                    x509IssuerSerialBasedRequest2.setPrivateKey(getPrivateKey(x509IssuerSerialBasedRequest2.getIssuerName(), x509IssuerSerialBasedRequest2.getSerialNumber(), decryptionKeyCallback.getRuntimeProperties()));
                } else if (decryptionKeyCallback.getRequest() instanceof DecryptionKeyCallback.X509CertificateBasedRequest) {
                    DecryptionKeyCallback.X509CertificateBasedRequest x509CertificateBasedRequest = (DecryptionKeyCallback.X509CertificateBasedRequest) decryptionKeyCallback.getRequest();
                    x509CertificateBasedRequest.setPrivateKey(getPrivateKey(x509CertificateBasedRequest.getX509Certificate(), decryptionKeyCallback.getRuntimeProperties()));
                } else if (decryptionKeyCallback.getRequest() instanceof DecryptionKeyCallback.ThumbprintBasedRequest) {
                    DecryptionKeyCallback.ThumbprintBasedRequest thumbprintBasedRequest2 = (DecryptionKeyCallback.ThumbprintBasedRequest) decryptionKeyCallback.getRequest();
                    thumbprintBasedRequest2.setPrivateKey(getPrivateKeyForThumbprint(thumbprintBasedRequest2.getThumbprintIdentifier(), decryptionKeyCallback.getRuntimeProperties()));
                } else {
                    if (!(decryptionKeyCallback.getRequest() instanceof DecryptionKeyCallback.PublicKeyBasedPrivKeyRequest)) {
                        log.log(Level.SEVERE, "WSS1504.unsupported.callbackType");
                        throw unsupported;
                    }
                    DecryptionKeyCallback.PublicKeyBasedPrivKeyRequest publicKeyBasedPrivKeyRequest = (DecryptionKeyCallback.PublicKeyBasedPrivKeyRequest) decryptionKeyCallback.getRequest();
                    publicKeyBasedPrivKeyRequest.setPrivateKey(getPrivateKeyFromKeyStore(publicKeyBasedPrivKeyRequest.getPublicKey(), decryptionKeyCallback.getRuntimeProperties()));
                }
            } else if (callbackArr[i] instanceof EncryptionKeyCallback) {
                EncryptionKeyCallback encryptionKeyCallback = (EncryptionKeyCallback) callbackArr[i];
                if (encryptionKeyCallback.getRequest() instanceof EncryptionKeyCallback.AliasX509CertificateRequest) {
                    EncryptionKeyCallback.AliasX509CertificateRequest aliasX509CertificateRequest = (EncryptionKeyCallback.AliasX509CertificateRequest) encryptionKeyCallback.getRequest();
                    String alias2 = aliasX509CertificateRequest.getAlias();
                    if ("".equals(alias2) || alias2 == null) {
                        getDefaultCertificateFromTrustStore(encryptionKeyCallback.getRuntimeProperties(), aliasX509CertificateRequest);
                    } else {
                        try {
                            aliasX509CertificateRequest.setX509Certificate((X509Certificate) this.trustStore.getCertificate(alias2));
                        } catch (Exception e2) {
                            log.log(Level.SEVERE, "WSS1526.failedto.getcertificate", (Throwable) e2);
                            throw new RuntimeException(e2);
                        }
                    }
                } else if (encryptionKeyCallback.getRequest() instanceof EncryptionKeyCallback.PublicKeyBasedRequest) {
                    EncryptionKeyCallback.PublicKeyBasedRequest publicKeyBasedRequest2 = (EncryptionKeyCallback.PublicKeyBasedRequest) encryptionKeyCallback.getRequest();
                    try {
                        publicKeyBasedRequest2.setX509Certificate(getCertificateFromTrustStoreForSAML(publicKeyBasedRequest2.getPublicKey(), encryptionKeyCallback.getRuntimeProperties()));
                    } catch (Exception e3) {
                        log.log(Level.SEVERE, "WSS1526.failedto.getcertificate", (Throwable) e3);
                        throw new RuntimeException(e3);
                    }
                } else if (encryptionKeyCallback.getRequest() instanceof EncryptionKeyCallback.AliasSymmetricKeyRequest) {
                    log.log(Level.SEVERE, "WSS1504.unsupported.callbackType");
                    throw unsupported;
                }
            } else if (callbackArr[i] instanceof CertificateValidationCallback) {
                CertificateValidationCallback certificateValidationCallback = (CertificateValidationCallback) callbackArr[i];
                if (this.certValidator != null) {
                    certificateValidationCallback.setValidator(this.certValidator);
                } else {
                    certificateValidationCallback.setValidator(this.defaultCertValidator);
                }
            } else {
                if (!(callbackArr[i] instanceof DynamicPolicyCallback)) {
                    log.log(Level.SEVERE, "WSS1504.unsupported.callbackType");
                    throw unsupported;
                }
                DynamicPolicyCallback dynamicPolicyCallback = (DynamicPolicyCallback) callbackArr[i];
                SecurityPolicy securityPolicy = dynamicPolicyCallback.getSecurityPolicy();
                if (securityPolicy instanceof AuthenticationTokenPolicy.SAMLAssertionBinding) {
                    AuthenticationTokenPolicy.SAMLAssertionBinding sAMLAssertionBinding = (AuthenticationTokenPolicy.SAMLAssertionBinding) ((AuthenticationTokenPolicy.SAMLAssertionBinding) securityPolicy).clone();
                    if (sAMLAssertionBinding.getAssertion() == null && sAMLAssertionBinding.getAuthorityBinding() == null && sAMLAssertionBinding.getAssertionReader() == null) {
                        populateAssertion(sAMLAssertionBinding, dynamicPolicyCallback);
                    } else if (sAMLAssertionBinding.getAssertion() == null && sAMLAssertionBinding.getAssertionReader() == null) {
                        if (sAMLAssertionBinding.getAuthorityBinding() == null || sAMLAssertionBinding.getAssertionId() == null) {
                            log.log(Level.SEVERE, "WSS1506.invalid.SAMLPolicy");
                            throw new UnsupportedCallbackException(null, "SAML Assertion not present in the Policy");
                        }
                        locateSAMLAssertion(sAMLAssertionBinding, dynamicPolicyCallback.getRuntimeProperties());
                    } else {
                        validateSAMLAssertion(sAMLAssertionBinding, (Subject) dynamicPolicyCallback.getRuntimeProperties().get(MessageConstants.AUTH_SUBJECT));
                    }
                } else {
                    continue;
                }
            }
        }
    }

    private boolean isMyCert(X509Certificate x509Certificate, Map map) {
        try {
            SignatureKeyCallback.DefaultPrivKeyCertRequest defaultPrivKeyCertRequest = new SignatureKeyCallback.DefaultPrivKeyCertRequest();
            getDefaultPrivKeyCert(defaultPrivKeyCertRequest, map);
            X509Certificate x509Certificate2 = defaultPrivKeyCertRequest.getX509Certificate();
            if (x509Certificate2 != null) {
                return x509Certificate2.equals(x509Certificate);
            }
            return false;
        } catch (IOException e) {
            return false;
        }
    }

    private void populateAssertion(AuthenticationTokenPolicy.SAMLAssertionBinding sAMLAssertionBinding, DynamicPolicyCallback dynamicPolicyCallback) throws IOException, UnsupportedCallbackException {
        if (sAMLAssertionBinding.getAssertionType() == "SV") {
            if (this.samlHandler == null) {
                log.log(Level.SEVERE, "WSS1507.no.SAMLCallbackHandler");
                throw new UnsupportedCallbackException(null, "A Required SAML Callback Handler was not specified in configuration : Cannot Populate SAML Assertion");
            }
            SAMLCallback sAMLCallback = new SAMLCallback();
            SecurityUtil.copy(sAMLCallback.getRuntimeProperties(), dynamicPolicyCallback.getRuntimeProperties());
            sAMLCallback.setConfirmationMethod(SAMLCallback.SV_ASSERTION_TYPE);
            sAMLCallback.setSAMLVersion(sAMLAssertionBinding.getSAMLVersion());
            this.samlHandler.handle(new Callback[]{sAMLCallback});
            sAMLAssertionBinding.setAssertion(sAMLCallback.getAssertionElement());
            sAMLAssertionBinding.setAuthorityBinding(sAMLCallback.getAuthorityBindingElement());
            dynamicPolicyCallback.setSecurityPolicy(sAMLAssertionBinding);
            return;
        }
        if (this.samlHandler == null) {
            log.log(Level.SEVERE, "WSS1507.no.SAMLCallbackHandler");
            throw new UnsupportedCallbackException(null, "A Required SAML Callback Handler was not specified in configuration : Cannot Populate SAML Assertion");
        }
        SAMLCallback sAMLCallback2 = new SAMLCallback();
        SecurityUtil.copy(sAMLCallback2.getRuntimeProperties(), dynamicPolicyCallback.getRuntimeProperties());
        sAMLCallback2.setConfirmationMethod(SAMLCallback.HOK_ASSERTION_TYPE);
        sAMLCallback2.setSAMLVersion(sAMLAssertionBinding.getSAMLVersion());
        this.samlHandler.handle(new Callback[]{sAMLCallback2});
        sAMLAssertionBinding.setAssertion(sAMLCallback2.getAssertionElement());
        sAMLAssertionBinding.setAuthorityBinding(sAMLCallback2.getAuthorityBindingElement());
        dynamicPolicyCallback.setSecurityPolicy(sAMLAssertionBinding);
        PrivateKeyBinding privateKeyBinding = (PrivateKeyBinding) sAMLAssertionBinding.newPrivateKeyBinding();
        SignatureKeyCallback.DefaultPrivKeyCertRequest defaultPrivKeyCertRequest = new SignatureKeyCallback.DefaultPrivKeyCertRequest();
        getDefaultPrivKeyCert(defaultPrivKeyCertRequest, dynamicPolicyCallback.getRuntimeProperties());
        privateKeyBinding.setPrivateKey(defaultPrivKeyCertRequest.getPrivateKey());
    }

    private void validateSAMLAssertion(AuthenticationTokenPolicy.SAMLAssertionBinding sAMLAssertionBinding, Subject subject) throws IOException, UnsupportedCallbackException {
        if (this.sValidator != null) {
            try {
                if (sAMLAssertionBinding.getAssertion() != null) {
                    this.sValidator.validate(sAMLAssertionBinding.getAssertion());
                } else if (sAMLAssertionBinding.getAssertionReader() != null) {
                    this.sValidator.validate(sAMLAssertionBinding.getAssertionReader());
                }
            } catch (SAMLAssertionValidator.SAMLValidationException e) {
                log.log(Level.SEVERE, "WSS1508.failed.validateSAMLAssertion", (Throwable) e);
                throw new RuntimeException(e);
            }
        }
    }

    private void locateSAMLAssertion(AuthenticationTokenPolicy.SAMLAssertionBinding sAMLAssertionBinding, Map map) throws IOException, UnsupportedCallbackException {
        Element authorityBinding = sAMLAssertionBinding.getAuthorityBinding();
        String assertionId = sAMLAssertionBinding.getAssertionId();
        if (sAMLAssertionBinding.getAssertionType() == "SV") {
            if (this.samlHandler == null) {
                log.log(Level.SEVERE, "WSS1507.no.SAMLCallbackHandler");
                throw new UnsupportedCallbackException(null, "A Required SAML Callback Handler was not specified in configuration : Cannot Populate SAML Assertion");
            }
            SAMLCallback sAMLCallback = new SAMLCallback();
            sAMLCallback.setConfirmationMethod(SAMLCallback.SV_ASSERTION_TYPE);
            sAMLCallback.setSAMLVersion(sAMLAssertionBinding.getSAMLVersion());
            sAMLCallback.setAssertionId(assertionId);
            sAMLCallback.setAuthorityBindingElement(authorityBinding);
            this.samlHandler.handle(new Callback[]{sAMLCallback});
            sAMLAssertionBinding.setAssertion(sAMLCallback.getAssertionElement());
            return;
        }
        if (this.samlHandler == null) {
            log.log(Level.SEVERE, "WSS1507.no.SAMLCallbackHandler");
            throw new UnsupportedCallbackException(null, "A Required SAML Callback Handler was not specified in configuration : Cannot Populate SAML Assertion");
        }
        SAMLCallback sAMLCallback2 = new SAMLCallback();
        sAMLCallback2.setConfirmationMethod(SAMLCallback.HOK_ASSERTION_TYPE);
        sAMLCallback2.setSAMLVersion(sAMLAssertionBinding.getSAMLVersion());
        sAMLCallback2.setAssertionId(assertionId);
        sAMLCallback2.setAuthorityBindingElement(authorityBinding);
        this.samlHandler.handle(new Callback[]{sAMLCallback2});
        sAMLAssertionBinding.setAssertion(sAMLCallback2.getAssertionElement());
        PrivateKeyBinding privateKeyBinding = (PrivateKeyBinding) sAMLAssertionBinding.newPrivateKeyBinding();
        SignatureKeyCallback.DefaultPrivKeyCertRequest defaultPrivKeyCertRequest = new SignatureKeyCallback.DefaultPrivKeyCertRequest();
        getDefaultPrivKeyCert(defaultPrivKeyCertRequest, map);
        privateKeyBinding.setPrivateKey(defaultPrivKeyCertRequest.getPrivateKey());
    }

    private void initTrustStore() throws XWSSecurityException {
        char[] charArray;
        try {
            if (this.trustStoreURL == null) {
                if (log.isLoggable(Level.FINE)) {
                    log.log(Level.FINE, "Got NULL for TrustStore URL");
                    return;
                }
                return;
            }
            if (this.trustStorePassword == null && log.isLoggable(Level.FINE)) {
                log.log(Level.FINE, "Got NULL for TrustStore Password");
            }
            Class loadClassSilent = loadClassSilent(this.trustStorePassword);
            if (loadClassSilent != null) {
                CallbackHandler callbackHandler = (CallbackHandler) loadClassSilent.newInstance();
                Callback[] callbackArr = {new javax.security.auth.callback.PasswordCallback("TrustStorePassword", false)};
                callbackHandler.handle(callbackArr);
                charArray = ((javax.security.auth.callback.PasswordCallback) callbackArr[0]).getPassword();
            } else {
                charArray = this.trustStorePassword.toCharArray();
            }
            this.trustStore = KeyStore.getInstance(this.trustStoreType);
            InputStream inputStream = null;
            URL loadFromClasspath = SecurityUtil.loadFromClasspath("META-INF/" + this.trustStoreURL);
            try {
                inputStream = loadFromClasspath != null ? loadFromClasspath.openStream() : new FileInputStream(this.trustStoreURL);
                this.trustStore.load(inputStream, charArray);
                if (inputStream != null) {
                    inputStream.close();
                }
            } catch (Throwable th) {
                if (inputStream != null) {
                    inputStream.close();
                }
                throw th;
            }
        } catch (Exception e) {
            log.log(Level.SEVERE, "WSS1509.failed.init.truststore", (Throwable) e);
            throw new RuntimeException(e);
        }
    }

    private void initKeyStore() throws XWSSecurityException {
        char[] charArray;
        try {
            if (this.keyStoreURL == null) {
                if (log.isLoggable(Level.FINE)) {
                    log.log(Level.FINE, "Got NULL for KeyStore URL");
                    return;
                }
                return;
            }
            if (this.keyStorePassword == null) {
                if (log.isLoggable(Level.FINE)) {
                    log.log(Level.FINE, "Got NULL for KeyStore PASSWORD");
                    return;
                }
                return;
            }
            Class loadClassSilent = loadClassSilent(this.keyStorePassword);
            if (loadClassSilent != null) {
                CallbackHandler callbackHandler = (CallbackHandler) loadClassSilent.newInstance();
                Callback[] callbackArr = {new javax.security.auth.callback.PasswordCallback("KeyStorePassword", false)};
                callbackHandler.handle(callbackArr);
                charArray = ((javax.security.auth.callback.PasswordCallback) callbackArr[0]).getPassword();
            } else {
                charArray = this.keyStorePassword.toCharArray();
            }
            if (this.keyPwd == null) {
                this.keyPassword = charArray;
            } else {
                initKeyPassword();
            }
            this.keyStore = KeyStore.getInstance(this.keyStoreType);
            InputStream inputStream = null;
            URL loadFromClasspath = SecurityUtil.loadFromClasspath("META-INF/" + this.keyStoreURL);
            try {
                inputStream = loadFromClasspath != null ? loadFromClasspath.openStream() : new FileInputStream(this.keyStoreURL);
                this.keyStore.load(inputStream, charArray);
                if (inputStream != null) {
                    inputStream.close();
                }
            } catch (Throwable th) {
                if (inputStream != null) {
                    inputStream.close();
                }
                throw th;
            }
        } catch (Exception e) {
            log.log(Level.SEVERE, "WSS1510.failed.init.keystore", (Throwable) e);
            throw new RuntimeException(e);
        }
    }

    private X509Certificate getCertificateFromTrustStore(byte[] bArr, Map map) throws IOException {
        X509Certificate x509Certificate;
        byte[] subjectKeyIdentifier;
        try {
            if (getTrustStore(map) == null && this.certStore == null) {
                return null;
            }
            if (this.trustStore != null) {
                Enumeration<String> aliases = this.trustStore.aliases();
                while (aliases.hasMoreElements()) {
                    Certificate certificate = this.trustStore.getCertificate(aliases.nextElement());
                    if (certificate != null && "X.509".equals(certificate.getType()) && (subjectKeyIdentifier = X509SubjectKeyIdentifier.getSubjectKeyIdentifier((x509Certificate = (X509Certificate) certificate))) != null && Arrays.equals(bArr, subjectKeyIdentifier)) {
                        return x509Certificate;
                    }
                }
            }
            if (this.certStore == null) {
                return null;
            }
            try {
                Collection<? extends Certificate> certificates = this.certStore.getCertificates(new KeyIdentifierCertSelector(bArr));
                if (certificates.size() > 0) {
                    return (X509Certificate) certificates.iterator().next();
                }
                return null;
            } catch (CertStoreException e) {
                log.log(Level.SEVERE, "WSS1530.exception.in.certstore.lookup", (Throwable) e);
                throw new RuntimeException(e);
            }
        } catch (Exception e2) {
            log.log(Level.SEVERE, "WSS1526.failedto.getcertificate", (Throwable) e2);
            throw new RuntimeException(e2);
        }
    }

    private X509Certificate getCertificateFromTrustStore(String str, BigInteger bigInteger, Map map) throws IOException {
        try {
            if (getTrustStore(map) == null && this.certStore == null) {
                return null;
            }
            if (this.trustStore != null) {
                Enumeration<String> aliases = this.trustStore.aliases();
                while (aliases.hasMoreElements()) {
                    Certificate certificate = this.trustStore.getCertificate(aliases.nextElement());
                    if (certificate != null && "X.509".equals(certificate.getType())) {
                        X509Certificate x509Certificate = (X509Certificate) certificate;
                        String normalize = RFC2253Parser.normalize(x509Certificate.getIssuerDN().getName());
                        BigInteger serialNumber = x509Certificate.getSerialNumber();
                        if (normalize.equals(str) && serialNumber.equals(bigInteger)) {
                            return x509Certificate;
                        }
                    }
                }
            }
            if (this.certStore == null) {
                return null;
            }
            try {
                Collection<? extends Certificate> certificates = this.certStore.getCertificates(new IssuerNameAndSerialCertSelector(bigInteger, str));
                if (certificates.size() > 0) {
                    return (X509Certificate) certificates.iterator().next();
                }
                return null;
            } catch (CertStoreException e) {
                log.log(Level.SEVERE, "WSS1530.exception.in.certstore.lookup", (Throwable) e);
                throw new RuntimeException(e);
            }
        } catch (Exception e2) {
            log.log(Level.SEVERE, "WSS1526.failedto.getcertificate", (Throwable) e2);
            throw new RuntimeException(e2);
        }
    }

    public PrivateKey getPrivateKey(byte[] bArr, Map map) throws IOException {
        Certificate certificate;
        byte[] subjectKeyIdentifier;
        try {
            if (getKeyStore(map) == null) {
                return null;
            }
            Enumeration<String> aliases = this.keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (this.keyStore.isKeyEntry(nextElement) && (certificate = this.keyStore.getCertificate(nextElement)) != null && "X.509".equals(certificate.getType()) && (subjectKeyIdentifier = X509SubjectKeyIdentifier.getSubjectKeyIdentifier((X509Certificate) certificate)) != null && Arrays.equals(bArr, subjectKeyIdentifier)) {
                    return getPrivateKey(map, nextElement);
                }
            }
            return null;
        } catch (Exception e) {
            log.log(Level.SEVERE, "WSS1505.failedto.getkey", (Throwable) e);
            throw new RuntimeException(e);
        }
    }

    public PrivateKey getPrivateKey(String str, BigInteger bigInteger, Map map) throws IOException {
        Certificate certificate;
        try {
            if (getKeyStore(map) == null) {
                return null;
            }
            Enumeration<String> aliases = this.keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (this.keyStore.isKeyEntry(nextElement) && (certificate = this.keyStore.getCertificate(nextElement)) != null && "X.509".equals(certificate.getType())) {
                    X509Certificate x509Certificate = (X509Certificate) certificate;
                    String normalize = RFC2253Parser.normalize(x509Certificate.getIssuerDN().getName());
                    BigInteger serialNumber = x509Certificate.getSerialNumber();
                    if (normalize.equals(str) && serialNumber.equals(bigInteger)) {
                        return getPrivateKey(map, nextElement);
                    }
                }
            }
            return null;
        } catch (Exception e) {
            log.log(Level.SEVERE, "WSS1505.failedto.getkey", (Throwable) e);
            throw new RuntimeException(e);
        }
    }

    public PrivateKey getPrivateKey(X509Certificate x509Certificate, Map map) throws IOException {
        try {
            if (getKeyStore(map) == null) {
                return null;
            }
            Enumeration<String> aliases = this.keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (this.keyStore.isKeyEntry(nextElement)) {
                    Certificate certificate = this.keyStore.getCertificate(nextElement);
                    if (certificate != null && certificate.equals(x509Certificate)) {
                        return getPrivateKey(map, nextElement);
                    }
                }
            }
            return null;
        } catch (Exception e) {
            log.log(Level.SEVERE, "WSS1505.failedto.getkey", (Throwable) e);
            throw new RuntimeException(e);
        }
    }

    private void getDefaultCertificateFromTrustStore(Map map, EncryptionKeyCallback.AliasX509CertificateRequest aliasX509CertificateRequest) throws IOException {
        CertSelector certSelector;
        String str = null;
        if (this.peerEntityAlias != null) {
            str = this.peerEntityAlias;
        } else {
            if (this.certStore != null) {
                CertSelector certSelector2 = null;
                if (this.certSelectorClass != null) {
                    Constructor constructor = null;
                    try {
                        constructor = this.certSelectorClass.getConstructor(Map.class);
                    } catch (NoSuchMethodException e) {
                    } catch (SecurityException e2) {
                    }
                    if (constructor != null) {
                        try {
                            certSelector2 = (CertSelector) constructor.newInstance(map);
                        } catch (IllegalAccessException e3) {
                            log.log(Level.SEVERE, "WSS1531.exception.instantiating.certselector", (Throwable) e3);
                            throw new RuntimeException(e3);
                        } catch (IllegalArgumentException e4) {
                            log.log(Level.SEVERE, "WSS1531.exception.instantiating.certselector", (Throwable) e4);
                            throw new RuntimeException(e4);
                        } catch (InstantiationException e5) {
                            log.log(Level.SEVERE, "WSS1531.exception.instantiating.certselector", (Throwable) e5);
                            throw new RuntimeException(e5);
                        } catch (InvocationTargetException e6) {
                            log.log(Level.SEVERE, "WSS1531.exception.instantiating.certselector", (Throwable) e6);
                            throw new RuntimeException(e6);
                        }
                    } else {
                        try {
                            certSelector2 = (CertSelector) this.certSelectorClass.newInstance();
                        } catch (IllegalAccessException e7) {
                            log.log(Level.SEVERE, "WSS1531.exception.instantiating.certselector", (Throwable) e7);
                            throw new RuntimeException(e7);
                        } catch (InstantiationException e8) {
                            log.log(Level.SEVERE, "WSS1531.exception.instantiating.certselector", (Throwable) e8);
                            throw new RuntimeException(e8);
                        }
                    }
                }
                if (certSelector2 != null) {
                    try {
                        Collection<? extends Certificate> certificates = this.certStore.getCertificates(certSelector2);
                        if (certificates.size() > 0) {
                            aliasX509CertificateRequest.setX509Certificate((X509Certificate) certificates.iterator().next());
                            return;
                        }
                    } catch (CertStoreException e9) {
                        log.log(Level.SEVERE, "WSS1526.failedto.getcertificate", (Throwable) e9);
                        throw new RuntimeException(e9);
                    }
                }
            }
            if (getTrustStore(map) != null) {
                if (this.truststoreCertSelectorClass != null) {
                    Constructor constructor2 = null;
                    try {
                        constructor2 = this.truststoreCertSelectorClass.getConstructor(Map.class);
                    } catch (NoSuchMethodException e10) {
                    } catch (SecurityException e11) {
                    }
                    if (constructor2 != null) {
                        try {
                            certSelector = (CertSelector) constructor2.newInstance(map);
                        } catch (IllegalAccessException e12) {
                            log.log(Level.SEVERE, "WSS1531.exception.instantiating.certselector", (Throwable) e12);
                            throw new RuntimeException(e12);
                        } catch (IllegalArgumentException e13) {
                            log.log(Level.SEVERE, "WSS1531.exception.instantiating.certselector", (Throwable) e13);
                            throw new RuntimeException(e13);
                        } catch (InstantiationException e14) {
                            log.log(Level.SEVERE, "WSS1531.exception.instantiating.certselector", (Throwable) e14);
                            throw new RuntimeException(e14);
                        } catch (InvocationTargetException e15) {
                            log.log(Level.SEVERE, "WSS1531.exception.instantiating.certselector", (Throwable) e15);
                            throw new RuntimeException(e15);
                        }
                    } else {
                        try {
                            certSelector = (CertSelector) this.truststoreCertSelectorClass.newInstance();
                        } catch (IllegalAccessException e16) {
                            log.log(Level.SEVERE, "WSS1531.exception.instantiating.certselector", (Throwable) e16);
                            throw new RuntimeException(e16);
                        } catch (InstantiationException e17) {
                            log.log(Level.SEVERE, "WSS1531.exception.instantiating.certselector", (Throwable) e17);
                            throw new RuntimeException(e17);
                        }
                    }
                    if (certSelector != null) {
                        try {
                            Enumeration<String> aliases = this.trustStore.aliases();
                            while (aliases.hasMoreElements()) {
                                try {
                                    Certificate certificate = this.trustStore.getCertificate(aliases.nextElement());
                                    if ((certificate instanceof X509Certificate) && certSelector.match(certificate)) {
                                        aliasX509CertificateRequest.setX509Certificate((X509Certificate) certificate);
                                        return;
                                    }
                                } catch (KeyStoreException e18) {
                                    log.log(Level.SEVERE, "WSS1526.failedto.getcertificate", (Throwable) e18);
                                    throw new RuntimeException(e18);
                                }
                            }
                        } catch (KeyStoreException e19) {
                            log.log(Level.SEVERE, "WSS1526.failedto.getcertificate", (Throwable) e19);
                            throw new RuntimeException(e19);
                        }
                    }
                } else {
                    X509Certificate dynamicCertificate = getDynamicCertificate(map);
                    if (dynamicCertificate != null) {
                        aliasX509CertificateRequest.setX509Certificate(dynamicCertificate);
                        return;
                    }
                    try {
                        Enumeration<String> aliases2 = this.trustStore.aliases();
                        while (aliases2.hasMoreElements()) {
                            str = aliases2.nextElement();
                            if (!"certificate-authority".equals(str) && !"root".equals(str)) {
                                break;
                            } else {
                                str = null;
                            }
                        }
                    } catch (KeyStoreException e20) {
                        log.log(Level.SEVERE, "WSS1526.failedto.getcertificate", (Throwable) e20);
                        throw new RuntimeException(e20);
                    }
                }
            }
        }
        if (getTrustStore(map) == null || str == null) {
            log.log(Level.SEVERE, "WSS1511.failed.locate.peerCertificate");
            throw new RuntimeException("An Error occurred while locating PEER Entity certificate in TrustStore");
        }
        try {
            aliasX509CertificateRequest.setX509Certificate((X509Certificate) this.trustStore.getCertificate(str));
        } catch (KeyStoreException e21) {
            log.log(Level.SEVERE, "WSS1526.failedto.getcertificate", (Throwable) e21);
            throw new RuntimeException(e21);
        }
    }

    private void getDefaultPrivKeyCert(SignatureKeyCallback.DefaultPrivKeyCertRequest defaultPrivKeyCertRequest, Map map) throws IOException {
        Certificate certificate;
        if (getKeyStore(map) == null) {
            return;
        }
        String str = null;
        try {
            if (this.myAlias != null) {
                str = this.myAlias;
            } else {
                if (this.keystoreCertSelectorClass != null) {
                    try {
                        str = ((AliasSelector) this.keystoreCertSelectorClass.newInstance()).select(map);
                    } catch (IllegalAccessException e) {
                        log.log(Level.SEVERE, "WSS1532.exception.instantiating.aliasselector", (Throwable) e);
                        throw new RuntimeException(e);
                    } catch (InstantiationException e2) {
                        log.log(Level.SEVERE, "WSS1532.exception.instantiating.aliasselector", (Throwable) e2);
                        throw new RuntimeException(e2);
                    }
                }
                if (str == null) {
                    Enumeration<String> aliases = this.keyStore.aliases();
                    while (true) {
                        if (!aliases.hasMoreElements()) {
                            break;
                        }
                        String nextElement = aliases.nextElement();
                        if (this.keyStore.isKeyEntry(nextElement) && (certificate = this.keyStore.getCertificate(nextElement)) != null && (certificate instanceof X509Certificate)) {
                            if (str != null) {
                                str = null;
                                break;
                            }
                            str = nextElement;
                        }
                    }
                }
            }
            if (str == null) {
                log.log(Level.SEVERE, "WSS1512.failed.locate.certificate.privatekey");
                throw new RuntimeException("An Error occurred while locating default certificate and privateKey in KeyStore");
            }
            defaultPrivKeyCertRequest.setX509Certificate((X509Certificate) this.keyStore.getCertificate(str));
            defaultPrivKeyCertRequest.setPrivateKey(getPrivateKey(map, str));
        } catch (Exception e3) {
            log.log(Level.SEVERE, "WSS1505.failedto.getkey", (Throwable) e3);
            throw new RuntimeException(e3);
        }
    }

    public void validateExpirationTime(Date date, long j, long j2) throws TimestampValidationCallback.TimestampValidationException {
        if (date.before(getGMTDateWithSkewAdjusted(new GregorianCalendar(), j, false))) {
            log.log(Level.SEVERE, "WSS1514.error.aheadCurrentTime");
            throw new TimestampValidationCallback.TimestampValidationException("The current time is ahead of the expiration time in Timestamp");
        }
    }

    public void validateCreationTime(Date date, long j, long j2) throws TimestampValidationCallback.TimestampValidationException {
        Date freshnessAndSkewAdjustedDate = getFreshnessAndSkewAdjustedDate(j, j2);
        if (date.before(freshnessAndSkewAdjustedDate)) {
            log.log(Level.SEVERE, "WSS1515.error.currentTime");
            log.log(Level.SEVERE, "Creation time:" + date);
            log.log(Level.SEVERE, "Current time:" + freshnessAndSkewAdjustedDate);
            throw new TimestampValidationCallback.TimestampValidationException("The creation time is older than  currenttime - timestamp-freshness-limit - max-clock-skew");
        }
        if (getGMTDateWithSkewAdjusted(new GregorianCalendar(), j, true).before(date)) {
            log.log(Level.SEVERE, "WSS1516.error.creationAheadCurrent.time");
            throw new TimestampValidationCallback.TimestampValidationException("The creation time is ahead of the current time.");
        }
    }

    private static Date getFreshnessAndSkewAdjustedDate(long j, long j2) {
        GregorianCalendar gregorianCalendar = new GregorianCalendar();
        long j3 = gregorianCalendar.get(15);
        if (gregorianCalendar.getTimeZone().inDaylightTime(gregorianCalendar.getTime())) {
            j3 += gregorianCalendar.getTimeZone().getDSTSavings();
        }
        gregorianCalendar.setTimeInMillis(((gregorianCalendar.getTimeInMillis() - j3) - j) - j2);
        return gregorianCalendar.getTime();
    }

    private static Date getGMTDateWithSkewAdjusted(Calendar calendar, long j, boolean z) {
        long j2 = calendar.get(15);
        if (calendar.getTimeZone().inDaylightTime(calendar.getTime())) {
            j2 += calendar.getTimeZone().getDSTSavings();
        }
        long timeInMillis = calendar.getTimeInMillis() - j2;
        calendar.setTimeInMillis(z ? timeInMillis + j : timeInMillis - j);
        return calendar.getTime();
    }

    private X509Certificate getCertificateFromTrustStoreForThumbprint(byte[] bArr, Map map) throws IOException {
        X509Certificate x509Certificate;
        byte[] thumbprintIdentifier;
        try {
            if (getTrustStore(map) == null && this.certStore == null) {
                return null;
            }
            if (this.trustStore != null) {
                Enumeration<String> aliases = this.trustStore.aliases();
                while (aliases.hasMoreElements()) {
                    Certificate certificate = this.trustStore.getCertificate(aliases.nextElement());
                    if (certificate != null && "X.509".equals(certificate.getType()) && (thumbprintIdentifier = getThumbprintIdentifier((x509Certificate = (X509Certificate) certificate))) != null && Arrays.equals(bArr, thumbprintIdentifier)) {
                        return x509Certificate;
                    }
                }
            }
            if (this.certStore == null) {
                return null;
            }
            try {
                Collection<? extends Certificate> certificates = this.certStore.getCertificates(new DigestCertSelector(bArr, MessageConstants.SHA1_DIGEST));
                if (certificates.size() > 0) {
                    return (X509Certificate) certificates.iterator().next();
                }
                return null;
            } catch (CertStoreException e) {
                log.log(Level.SEVERE, "WSS1530.exception.in.certstore.lookup", (Throwable) e);
                throw new RuntimeException(e);
            }
        } catch (Exception e2) {
            log.log(Level.SEVERE, "WSS1526.failedto.getcertificate", (Throwable) e2);
            throw new RuntimeException(e2);
        }
    }

    public static byte[] getThumbprintIdentifier(X509Certificate x509Certificate) throws XWSSecurityException {
        try {
            return MessageDigest.getInstance(MessageConstants.SHA_1).digest(x509Certificate.getEncoded());
        } catch (NoSuchAlgorithmException e) {
            log.log(Level.SEVERE, "WSS1519.no.digest.algorithm");
            throw new XWSSecurityException("Digest algorithm SHA-1 not found");
        } catch (CertificateEncodingException e2) {
            log.log(Level.SEVERE, "WSS1520.error.getting.rawContent");
            throw new XWSSecurityException("Error while getting certificate's raw content");
        }
    }

    public PrivateKey getPrivateKeyForThumbprint(byte[] bArr, Map map) throws IOException {
        Certificate certificate;
        byte[] thumbprintIdentifier;
        try {
            if (getKeyStore(map) == null) {
                return null;
            }
            Enumeration<String> aliases = this.keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (this.keyStore.isKeyEntry(nextElement) && (certificate = this.keyStore.getCertificate(nextElement)) != null && "X.509".equals(certificate.getType()) && (thumbprintIdentifier = getThumbprintIdentifier((X509Certificate) certificate)) != null && Arrays.equals(bArr, thumbprintIdentifier)) {
                    return getPrivateKey(map, nextElement);
                }
            }
            return null;
        } catch (Exception e) {
            log.log(Level.SEVERE, "WSS1505.failedto.getkey", (Throwable) e);
            throw new RuntimeException(e);
        }
    }

    private Class loadClassSilent(String str) {
        if (str == null) {
            return null;
        }
        ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
        if (contextClassLoader != null) {
            try {
                return contextClassLoader.loadClass(str);
            } catch (ClassNotFoundException e) {
                if (log.isLoggable(Level.FINE)) {
                    log.log(Level.FINE, "LoadClassSilent: could not load class " + str, (Throwable) e);
                }
            }
        }
        ClassLoader classLoader = getClass().getClassLoader();
        if (classLoader == null) {
            return null;
        }
        try {
            return classLoader.loadClass(str);
        } catch (ClassNotFoundException e2) {
            if (!log.isLoggable(Level.FINE)) {
                return null;
            }
            log.log(Level.FINE, "LoadClassSilent: could not load class " + str, (Throwable) e2);
            return null;
        }
    }

    private Class loadClass(String str) throws XWSSecurityException {
        if (str == null) {
            return null;
        }
        ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
        if (contextClassLoader != null) {
            try {
                return contextClassLoader.loadClass(str);
            } catch (ClassNotFoundException e) {
                if (log.isLoggable(Level.FINE)) {
                    log.log(Level.FINE, "LoadClass: could not load class " + str, (Throwable) e);
                }
            }
        }
        try {
            return getClass().getClassLoader().loadClass(str);
        } catch (ClassNotFoundException e2) {
            if (log.isLoggable(Level.FINE)) {
                log.log(Level.FINE, "LoadClass: could not load class " + str, (Throwable) e2);
            }
            log.log(Level.SEVERE, "WSS1521.error.getting.userClass");
            throw new XWSSecurityException("Could not find User Class " + str);
        }
    }

    private long toLong(String str) throws XWSSecurityException {
        if (str == null) {
            return 0L;
        }
        Long.valueOf(str);
        try {
            return Long.valueOf(str).longValue();
        } catch (Exception e) {
            log.log(Level.SEVERE, "WSS1522.error.getting.longValue");
            throw new XWSSecurityException(e);
        }
    }

    private void initNewInstances() throws XWSSecurityException {
        try {
            if (this.usernameCbHandler != null) {
                this.usernameHandler = (CallbackHandler) this.usernameCbHandler.newInstance();
            } else if (log.isLoggable(Level.FINE)) {
                log.log(Level.FINE, "Got NULL for Username Callback Handler");
            }
            if (this.passwordCbHandler != null) {
                this.passwordHandler = (CallbackHandler) this.passwordCbHandler.newInstance();
            } else if (log.isLoggable(Level.FINE)) {
                log.log(Level.FINE, "Got NULL for Password Callback Handler");
            }
            if (this.samlCbHandler != null) {
                this.samlHandler = (CallbackHandler) this.samlCbHandler.newInstance();
            }
            if (this.usernameValidator != null) {
                this.pwValidator = (PasswordValidationCallback.PasswordValidator) this.usernameValidator.newInstance();
            }
            if (this.timestampValidator != null) {
                this.tsValidator = (TimestampValidationCallback.TimestampValidator) this.timestampValidator.newInstance();
            }
            if (this.samlValidator != null) {
                this.sValidator = (SAMLAssertionValidator) this.samlValidator.newInstance();
            }
            if (this.certificateValidator != null) {
                this.certValidator = (CertificateValidationCallback.CertificateValidator) this.certificateValidator.newInstance();
            }
            if (this.certstoreCbHandler != null) {
                this.certstoreHandler = (CallbackHandler) this.certstoreCbHandler.newInstance();
            }
            if (this.keystoreCbHandler != null) {
                this.keystoreHandler = (CallbackHandler) this.keystoreCbHandler.newInstance();
            }
            if (this.truststoreCbHandler != null) {
                this.truststoreHandler = (CallbackHandler) this.truststoreCbHandler.newInstance();
            }
            if (this.certstoreHandler != null) {
                CertStoreCallback certStoreCallback = new CertStoreCallback();
                try {
                    this.certstoreHandler.handle(new Callback[]{certStoreCallback});
                    this.certStore = certStoreCallback.getCertStore();
                } catch (IOException e) {
                    log.log(Level.SEVERE, "WSS1529.exception.in.certstore.callback", (Throwable) e);
                    throw new XWSSecurityException(e);
                } catch (UnsupportedCallbackException e2) {
                    log.log(Level.SEVERE, "WSS1529.exception.in.certstore.callback", (Throwable) e2);
                    throw new XWSSecurityException(e2);
                }
            }
        } catch (Exception e3) {
            log.log(Level.SEVERE, "WSS1523.error.getting.newInstance.CallbackHandler", (Throwable) e3);
            throw new XWSSecurityException(e3);
        }
    }

    private X509Certificate getCertificateFromTrustStoreForSAML(PublicKey publicKey, Map map) throws IOException {
        try {
            if (getTrustStore(map) == null && this.certStore == null) {
                return null;
            }
            if (this.trustStore != null) {
                Enumeration<String> aliases = this.trustStore.aliases();
                while (aliases.hasMoreElements()) {
                    Certificate certificate = this.trustStore.getCertificate(aliases.nextElement());
                    if (certificate != null && "X.509".equals(certificate.getType())) {
                        X509Certificate x509Certificate = (X509Certificate) certificate;
                        if (x509Certificate.getPublicKey().equals(publicKey)) {
                            return x509Certificate;
                        }
                    }
                }
            }
            if (this.certStore == null) {
                return null;
            }
            try {
                Collection<? extends Certificate> certificates = this.certStore.getCertificates(new PublicKeyCertSelector(publicKey));
                if (certificates.size() > 0) {
                    return (X509Certificate) certificates.iterator().next();
                }
                return null;
            } catch (CertStoreException e) {
                log.log(Level.SEVERE, "WSS1530.exception.in.certstore.lookup", (Throwable) e);
                throw new RuntimeException(e);
            }
        } catch (Exception e2) {
            log.log(Level.SEVERE, "WSS1526.failedto.getcertificate", (Throwable) e2);
            throw new RuntimeException(e2);
        }
    }

    private PrivateKey getPrivateKeyFromKeyStore(PublicKey publicKey, Map map) throws IOException {
        try {
            Enumeration<String> aliases = this.keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (this.keyStore.isKeyEntry(nextElement) && publicKey.equals(this.keyStore.getCertificate(nextElement).getPublicKey())) {
                    return getPrivateKey(map, nextElement);
                }
            }
            return null;
        } catch (Exception e) {
            log.log(Level.SEVERE, "WSS1505.failedto.getkey", (Throwable) e);
            throw new RuntimeException(e);
        }
    }

    private String resolveHome(String str) {
        if (str == null) {
            return null;
        }
        if (!str.startsWith("$WSIT_HOME")) {
            return str;
        }
        String property = System.getProperty("WSIT_HOME");
        if (property != null) {
            return str.replace("$WSIT_HOME", property);
        }
        log.log(Level.SEVERE, "WSS1524.unableto.resolve.URI.WSIT_HOME.notset");
        throw new RuntimeException("The following config URL: " + str + " in the WSDL could not be resolved because System Property WSIT_HOME was not set");
    }

    private void initKeyPassword() {
        try {
            Class loadClassSilent = loadClassSilent(this.keyPwd);
            if (loadClassSilent != null) {
                CallbackHandler callbackHandler = (CallbackHandler) loadClassSilent.newInstance();
                Callback[] callbackArr = {new javax.security.auth.callback.PasswordCallback("KeyPassword", false)};
                callbackHandler.handle(callbackArr);
                this.keyPassword = ((javax.security.auth.callback.PasswordCallback) callbackArr[0]).getPassword();
            } else {
                this.keyPassword = this.keyPwd.toCharArray();
            }
        } catch (IOException e) {
            log.log(Level.SEVERE, "WSS1528.failed.initialize.key.password", (Throwable) e);
            throw new RuntimeException(e);
        } catch (IllegalAccessException e2) {
            log.log(Level.SEVERE, "WSS1528.failed.initialize.key.password", (Throwable) e2);
            throw new RuntimeException(e2);
        } catch (InstantiationException e3) {
            log.log(Level.SEVERE, "WSS1528.failed.initialize.key.password", (Throwable) e3);
            throw new RuntimeException(e3);
        } catch (UnsupportedCallbackException e4) {
            log.log(Level.SEVERE, "WSS1528.failed.initialize.key.password", (Throwable) e4);
            throw new RuntimeException(e4);
        }
    }

    private X509Certificate getDynamicCertificate(Map map) {
        X509Certificate x509Certificate = null;
        X509Certificate x509Certificate2 = null;
        Subject requesterSubject = getRequesterSubject(map);
        if (requesterSubject != null) {
            Iterator<Object> it = requesterSubject.getPublicCredentials().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Object next = it.next();
                if (next instanceof X509Certificate) {
                    X509Certificate x509Certificate3 = (X509Certificate) next;
                    if (!isMyCert(x509Certificate3, map)) {
                        x509Certificate = x509Certificate3;
                        break;
                    }
                    x509Certificate2 = x509Certificate3;
                }
            }
            if (x509Certificate != null) {
                return x509Certificate;
            }
            if (x509Certificate2 != null) {
                return x509Certificate2;
            }
        }
        if (!log.isLoggable(Level.FINE)) {
            return null;
        }
        log.log(Level.FINE, "Could not locate Incoming Client Certificate in Caller Subject");
        return null;
    }

    public Subject getRequesterSubject(final Map map) {
        Subject subject = (Subject) map.get(MessageConstants.AUTH_SUBJECT);
        return subject != null ? subject : (Subject) AccessController.doPrivileged(new PrivilegedAction() { // from class: com.sun.xml.wss.impl.misc.DefaultCallbackHandler.1
            @Override // java.security.PrivilegedAction
            public Object run() {
                Subject subject2 = new Subject();
                map.put(MessageConstants.AUTH_SUBJECT, subject2);
                return subject2;
            }
        });
    }

    private KeyStore getKeyStore(Map map) {
        if (this.keyStore != null) {
            return this.keyStore;
        }
        if (this.keystoreHandler != null) {
            return getKeyStoreUsingCallback(map);
        }
        log.log(Level.SEVERE, "Could not locate KeyStore, check keystore assertion in WSIT configuration");
        throw new XWSSecurityRuntimeException("Could not locate KeyStore, check keystore assertion in WSIT configuration");
    }

    private synchronized KeyStore getKeyStoreUsingCallback(Map map) {
        if (this.keyStore == null) {
            try {
                KeyStoreCallback keyStoreCallback = new KeyStoreCallback();
                SecurityUtil.copy(keyStoreCallback.getRuntimeProperties(), map);
                this.keystoreHandler.handle(new Callback[]{keyStoreCallback});
                this.keyStore = keyStoreCallback.getKeystore();
                if (this.keyStore == null) {
                    log.log(Level.SEVERE, "No KeyStore set in KeyStorCallback  by CallbackHandler");
                    throw new XWSSecurityRuntimeException("No KeyStore set in KeyStorCallback  by CallbackHandler");
                }
            } catch (IOException e) {
                log.log(Level.SEVERE, (String) null, (Throwable) e);
                throw new XWSSecurityRuntimeException(e);
            } catch (UnsupportedCallbackException e2) {
                log.log(Level.SEVERE, (String) null, (Throwable) e2);
                throw new XWSSecurityRuntimeException(e2);
            }
        }
        return this.keyStore;
    }

    private KeyStore getTrustStore(Map map) {
        if (this.trustStore != null) {
            return this.trustStore;
        }
        if (this.truststoreHandler != null) {
            return getTrustStoreUsingCallback(map);
        }
        log.log(Level.SEVERE, "Could not locate TrustStore, check truststore assertion in WSIT configuration");
        throw new XWSSecurityRuntimeException("Could not locate TrustStore, check truststore assertion in WSIT configuration");
    }

    private synchronized KeyStore getTrustStoreUsingCallback(Map map) {
        if (this.trustStore == null) {
            try {
                KeyStoreCallback keyStoreCallback = new KeyStoreCallback();
                SecurityUtil.copy(keyStoreCallback.getRuntimeProperties(), map);
                this.truststoreHandler.handle(new Callback[]{keyStoreCallback});
                this.trustStore = keyStoreCallback.getKeystore();
                if (this.trustStore == null) {
                    log.log(Level.SEVERE, "No TrustStore set in KeyStorCallback  by CallbackHandler");
                    throw new XWSSecurityRuntimeException("No TrustStore set in KeyStorCallback  by CallbackHandler");
                }
            } catch (IOException e) {
                log.log(Level.SEVERE, (String) null, (Throwable) e);
                throw new XWSSecurityRuntimeException(e);
            } catch (UnsupportedCallbackException e2) {
                log.log(Level.SEVERE, (String) null, (Throwable) e2);
                throw new XWSSecurityRuntimeException(e2);
            }
        }
        return this.trustStore;
    }

    private PrivateKey getPrivateKey(Map map, String str) {
        PrivateKey privateKey;
        if (this.keystoreHandler != null) {
            try {
                PrivateKeyCallback privateKeyCallback = new PrivateKeyCallback();
                privateKeyCallback.setKeystore(this.keyStore);
                privateKeyCallback.setAlias(str);
                SecurityUtil.copy(privateKeyCallback.getRuntimeProperties(), map);
                this.keystoreHandler.handle(new Callback[]{privateKeyCallback});
                privateKey = privateKeyCallback.getKey();
            } catch (IOException e) {
                log.log(Level.SEVERE, (String) null, (Throwable) e);
                throw new XWSSecurityRuntimeException(e);
            } catch (UnsupportedCallbackException e2) {
                log.log(Level.SEVERE, (String) null, (Throwable) e2);
                throw new XWSSecurityRuntimeException(e2);
            }
        } else {
            try {
                privateKey = (PrivateKey) this.keyStore.getKey(str, this.keyPassword);
            } catch (KeyStoreException e3) {
                log.log(Level.SEVERE, (String) null, (Throwable) e3);
                throw new XWSSecurityRuntimeException(e3);
            } catch (NoSuchAlgorithmException e4) {
                log.log(Level.SEVERE, (String) null, (Throwable) e4);
                throw new XWSSecurityRuntimeException(e4);
            } catch (UnrecoverableKeyException e5) {
                log.log(Level.SEVERE, (String) null, (Throwable) e5);
                throw new XWSSecurityRuntimeException(e5);
            }
        }
        if (privateKey != null) {
            return privateKey;
        }
        log.log(Level.SEVERE, "PrivateKey returned by PrivateKeyCallback was Null");
        throw new XWSSecurityRuntimeException("PrivateKey returned by PrivateKeyCallback was Null");
    }
}
