package com.ibm.ws.security.authentication.helper;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.TraceOptions;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.authentication.AuthenticationException;
import com.ibm.ws.security.authentication.AuthenticationService;
import java.util.Hashtable;
import javax.security.auth.Subject;

@InjectedFFDC
@TraceObjectField(fieldName = "$$$tc$$$", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
@TraceOptions
/* loaded from: input_file:com/ibm/ws/security/authentication/helper/AuthenticateUserHelper.class */
public class AuthenticateUserHelper {
    static final long serialVersionUID = 823342336024802080L;
    private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(AuthenticateUserHelper.class, (String) null, (String) null);

    public Subject authenticateUser(AuthenticationService authenticationService, String str, String str2) throws AuthenticationException {
        return authenticateUser(authenticationService, str, str2, null);
    }

    public Subject authenticateUser(AuthenticationService authenticationService, String str, String str2, String str3) throws AuthenticationException {
        validateInput(authenticationService, str);
        if (str2 == null || str2.trim().isEmpty()) {
            str2 = "system.DEFAULT";
        }
        return authenticationService.authenticate(str2, createPartialSubject(str, authenticationService, str3));
    }

    protected Subject createPartialSubject(String str, AuthenticationService authenticationService, String str2) {
        Subject subject = new Subject();
        Hashtable hashtable = new Hashtable();
        hashtable.put("com.ibm.wsspi.security.cred.userId", str);
        if (!authenticationService.isAllowHashTableLoginWithIdOnly().booleanValue()) {
            hashtable.put("com.ibm.ws.authentication.internal.assertion", Boolean.TRUE);
        }
        if (str2 != null) {
            hashtable.put("com.ibm.wsspi.security.cred.cacheKey", str2);
        }
        subject.getPublicCredentials().add(hashtable);
        return subject;
    }

    private void validateInput(AuthenticationService authenticationService, String str) throws AuthenticationException {
        if (authenticationService == null) {
            throw new AuthenticationException("authenticationService cannot be null.");
        }
        if (str == null) {
            throw new AuthenticationException("username cannot be null.");
        }
    }
}
