package com.ibm.ws.security.client.internal.authentication;

import com.ibm.ejs.ras.TraceNLS;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.TraceOptions;
import com.ibm.websphere.security.auth.WSLoginFailedException;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.authentication.AuthenticationData;
import com.ibm.ws.security.authentication.principals.WSPrincipal;
import com.ibm.ws.security.credentials.CredentialsService;
import com.ibm.ws.security.jaas.common.callback.CallbackHandlerAuthenticationData;
import com.ibm.wsspi.kernel.service.utils.AtomicServiceReference;
import java.io.IOException;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.CredentialException;
import org.osgi.framework.ServiceReference;
import org.osgi.service.component.ComponentContext;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.ConfigurationPolicy;
import org.osgi.service.component.annotations.Deactivate;
import org.osgi.service.component.annotations.Reference;

@InjectedFFDC
@TraceObjectField(fieldName = "$$$tc$$$", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
@Component(service = {ClientAuthenticationService.class}, name = "com.ibm.ws.security.client.authentication", immediate = true, configurationPolicy = ConfigurationPolicy.IGNORE, property = {"service.vendor=IBM"})
@TraceOptions
/* loaded from: input_file:com/ibm/ws/security/client/internal/authentication/ClientAuthenticationService.class */
public class ClientAuthenticationService {
    static final String KEY_CREDENTIALS_SERVICE = "credentialsService";
    private final AtomicServiceReference<CredentialsService> credentialsServiceRef = new AtomicServiceReference<>(KEY_CREDENTIALS_SERVICE);
    static final long serialVersionUID = 35954014810072179L;
    private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(ClientAuthenticationService.class, TraceConstants.TRACE_GROUP, TraceConstants.MESSAGE_BUNDLE);

    @Reference(service = CredentialsService.class, name = KEY_CREDENTIALS_SERVICE)
    protected void setCredentialsService(ServiceReference<CredentialsService> serviceReference) {
        this.credentialsServiceRef.setReference(serviceReference);
    }

    protected void unsetCredentialsService(ServiceReference<CredentialsService> serviceReference) {
        this.credentialsServiceRef.unsetReference(serviceReference);
    }

    @Activate
    protected void activate(ComponentContext componentContext) {
        this.credentialsServiceRef.activate(componentContext);
    }

    @Deactivate
    protected void deactivate(ComponentContext componentContext) {
        this.credentialsServiceRef.deactivate(componentContext);
    }

    public Subject authenticate(CallbackHandler callbackHandler, Subject subject) throws WSLoginFailedException, CredentialException {
        if (callbackHandler == null) {
            throw new WSLoginFailedException(TraceNLS.getFormattedMessage(getClass(), TraceConstants.MESSAGE_BUNDLE, "JAAS_LOGIN_NO_CALLBACK_HANDLER", new Object[0], "CWWKS1170E: The login on the client application failed because the CallbackHandler implementation is null. Ensure a valid CallbackHandler implementation is specified either in the LoginContext constructor or in the client application's deployment descriptor."));
        }
        try {
            return createBasicAuthSubject(new CallbackHandlerAuthenticationData(callbackHandler).createAuthenticationData(), subject);
        } catch (IOException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.client.internal.authentication.ClientAuthenticationService", "97", this, new Object[]{callbackHandler, subject});
            throw new WSLoginFailedException(TraceNLS.getFormattedMessage(getClass(), TraceConstants.MESSAGE_BUNDLE, "JAAS_LOGIN_UNEXPECTED_EXCEPTION", new Object[]{e.getLocalizedMessage()}, "CWWKS1172E: The login on the client application failed because of an unexpected exception. Review the logs to understand the cause of the exception. The exception is: " + e.getLocalizedMessage()));
        } catch (UnsupportedCallbackException e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.client.internal.authentication.ClientAuthenticationService", "105", this, new Object[]{callbackHandler, subject});
            throw new WSLoginFailedException(TraceNLS.getFormattedMessage(getClass(), TraceConstants.MESSAGE_BUNDLE, "JAAS_LOGIN_UNEXPECTED_EXCEPTION", new Object[]{e2.getLocalizedMessage()}, "CWWKS1172E: The login on the client application failed because of an unexpected exception. Review the logs to understand the cause of the exception. The exception is: " + e2.getLocalizedMessage()));
        }
    }

    protected Subject createBasicAuthSubject(AuthenticationData authenticationData, Subject subject) throws WSLoginFailedException, CredentialException {
        Subject subject2 = subject != null ? subject : new Subject();
        String str = (String) authenticationData.get("REALM");
        String str2 = (String) authenticationData.get("USERNAME");
        String password = getPassword((char[]) authenticationData.get("PASSWORD"));
        if (str2 == null || str2.isEmpty() || password == null || password.isEmpty()) {
            throw new WSLoginFailedException(TraceNLS.getFormattedMessage(getClass(), TraceConstants.MESSAGE_BUNDLE, "JAAS_LOGIN_MISSING_CREDENTIALS", new Object[0], "CWWKS1171E: The login on the client application failed because the user name or password is null. Ensure the CallbackHandler implementation is gathering the necessary credentials."));
        }
        ((CredentialsService) this.credentialsServiceRef.getServiceWithException()).setBasicAuthCredential(subject2, str, str2, password);
        subject2.getPrincipals().add(new WSPrincipal(str2, (String) null, "basic"));
        return subject2;
    }

    @Sensitive
    private String getPassword(@Sensitive char[] cArr) {
        String str = null;
        if (cArr != null) {
            str = String.valueOf(cArr);
        }
        return str;
    }
}
