package web.common;

import com.ibm.websphere.security.auth.callback.WSCallbackHandlerImpl;
import com.ibm.wsspi.security.auth.callback.WSCallbackHandlerFactory;
import java.io.IOException;
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:web/common/JAASServlet.class */
public class JAASServlet extends BaseServlet {
    private static final long serialVersionUID = 1;
    private boolean isFactoryTest;

    public JAASServlet() {
        super("JAASServlet");
        this.isFactoryTest = false;
    }

    @Override // web.common.BaseServlet
    protected void performTask(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, StringBuffer stringBuffer) throws ServletException, IOException {
        writeLine(stringBuffer, "Start initial values");
        printProgrammaticApiValues(httpServletRequest, stringBuffer);
        writeLine(stringBuffer, "End initial values");
        String parameter = httpServletRequest.getParameter("user");
        String parameter2 = httpServletRequest.getParameter("password");
        String parameter3 = httpServletRequest.getParameter("testMethod");
        String parameter4 = httpServletRequest.getParameter("realm");
        if (parameter == null || parameter2 == null || parameter3 == null) {
            writeLine(stringBuffer, "Usage: ?testMethod=<method>&user=<user>&password=<password>&realm=<realm>");
        }
        writeLine(stringBuffer, "Passed in from URL: testMethod:[" + parameter3 + "] user:[" + parameter + "] password:[" + parameter2 + "] realm:[" + parameter4 + "]");
        if (parameter3 != null) {
            String[] split = parameter3.split(",");
            for (int i = 0; i < split.length; i++) {
                writeLine(stringBuffer, "STARTTEST" + (i + 1));
                writeLine(stringBuffer, "method: " + split[i]);
                try {
                    callMethod(httpServletRequest, httpServletResponse, stringBuffer, split[i], parameter4);
                } catch (ServletException e) {
                    writeLine(stringBuffer, "ServletException: " + e.getMessage());
                }
                writeLine(stringBuffer, "ENDTEST" + (i + 1));
            }
        }
    }

    private void callMethod(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, StringBuffer stringBuffer, String str, String str2) throws ServletException, IOException {
        String parameter = httpServletRequest.getParameter("user");
        String parameter2 = httpServletRequest.getParameter("password");
        String parameter3 = httpServletRequest.getParameter("assertId");
        if (str.contains("WSLogin") || str.contains("system.WEB_INBOUND") || str.contains("CustomIdentityAssertion")) {
            this.isFactoryTest = false;
        } else if (str.contains("callback")) {
            this.isFactoryTest = true;
        }
        invokeJAASLoginMethod(httpServletRequest, httpServletResponse, parameter, parameter2, parameter3, str, str2, stringBuffer);
    }

    private void invokeJAASLoginMethod(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2, String str3, String str4, String str5, StringBuffer stringBuffer) throws ServletException, IOException {
        String str6;
        CallbackHandler callbackHandler = null;
        Subject subject = null;
        if (this.isFactoryTest) {
            str6 = "WSLogin";
            WSCallbackHandlerFactory wSCallbackHandlerFactory = WSCallbackHandlerFactory.getInstance();
            if (str4.contains("idpw")) {
                callbackHandler = wSCallbackHandlerFactory.getCallbackHandler(str, str2);
            } else if (str4.contains("realm")) {
                callbackHandler = wSCallbackHandlerFactory.getCallbackHandler(str, str5, str2);
            }
        } else if (str4.contains("WSLogin")) {
            str6 = "WSLogin";
            if (str4.equals("WSLogin")) {
                callbackHandler = new WSCallbackHandlerImpl(str, str2);
            } else if (str4.contains("realm")) {
                callbackHandler = new WSCallbackHandlerImpl(str, str5, str2);
            }
        } else if (str4.contains("CustomIdentityAssertion")) {
            str6 = "CustomIdentityAssertion";
            final Subject subject2 = new Subject();
            final Hashtable hashtable = new Hashtable();
            hashtable.put("com.ibm.wsspi.security.cred.userId", str3);
            try {
                AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: web.common.JAASServlet.1
                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws Exception {
                        subject2.getPublicCredentials().add(hashtable);
                        return null;
                    }
                });
                subject = subject2;
                callbackHandler = new WSCallbackHandlerImpl(str, str2);
            } catch (PrivilegedActionException e) {
                throw new ServletException(e.getMessage());
            }
        } else {
            str6 = "system.WEB_INBOUND";
            callbackHandler = new WSCallbackHandlerImpl(str, str2);
        }
        try {
            LoginContext loginContext = subject != null ? new LoginContext(str6, subject, callbackHandler) : new LoginContext(str6, callbackHandler);
            doLogin(str6, loginContext, callbackHandler, stringBuffer);
            doLogout(httpServletRequest, httpServletResponse, str6, loginContext, callbackHandler, stringBuffer);
        } catch (Exception e2) {
            e2.printStackTrace();
            throw new ServletException(e2.getMessage());
        }
    }

    private void doLogin(String str, LoginContext loginContext, CallbackHandler callbackHandler, StringBuffer stringBuffer) throws ServletException, IOException {
        try {
            try {
                try {
                    try {
                        writeLine(stringBuffer, "STARTCTXLOGIN ");
                        loginContext.login();
                        Subject subject = loginContext.getSubject();
                        writeLine(stringBuffer, "callerSubject: " + subject);
                        writeLine(stringBuffer, "cacheKey: " + getCacheKeyFromSubject(subject));
                        writeLine(stringBuffer, "ENDCTXLOGIN");
                    } catch (LoginException e) {
                        writeLine(stringBuffer, "Failed to login. LoginException message: " + e.getMessage());
                        writeLine(stringBuffer, "ENDCTXLOGIN");
                    }
                } catch (Exception e2) {
                    writeLine(stringBuffer, "Unexpected exception, " + e2.getMessage());
                    writeLine(stringBuffer, "ENDCTXLOGIN");
                }
            } catch (Error e3) {
                writeLine(stringBuffer, "Unexpected error, " + e3.getMessage());
                writeLine(stringBuffer, "ENDCTXLOGIN");
            } catch (SecurityException e4) {
                writeLine(stringBuffer, "Failed to login. SecurityException message: " + e4.getMessage());
                throw e4;
            }
        } catch (Throwable th) {
            writeLine(stringBuffer, "ENDCTXLOGIN");
            throw th;
        }
    }

    private void doLogout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, LoginContext loginContext, CallbackHandler callbackHandler, StringBuffer stringBuffer) throws ServletException, IOException {
        try {
            try {
                writeLine(stringBuffer, "STARTCTXLOGOUT ");
                loginContext.logout();
                writeLine(stringBuffer, "callerSubject: " + loginContext.getSubject());
                writeLine(stringBuffer, "ENDCTXLOGOUT");
            } catch (LoginException e) {
                writeLine(stringBuffer, "Failed to logout. LoginException message: " + e.getMessage());
                writeLine(stringBuffer, "ENDCTXLOGOUT");
            } catch (Exception e2) {
                writeLine(stringBuffer, "Unexpected exception, " + e2.getMessage());
                writeLine(stringBuffer, "ENDCTXLOGOUT");
            }
        } catch (Throwable th) {
            writeLine(stringBuffer, "ENDCTXLOGOUT");
            throw th;
        }
    }

    private static String getCacheKeyFromSubject(Subject subject) {
        String str = null;
        Hashtable<String, String> publicAttributes = getPublicAttributes(subject.getPublicCredentials());
        if (publicAttributes != null) {
            str = publicAttributes.get("com.ibm.wsspi.security.cred.cacheKey");
        }
        return str;
    }

    private static Hashtable<String, String> getPublicAttributes(Set<Object> set) {
        Hashtable<String, String> hashtable = null;
        Iterator<Object> it = set.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Object next = it.next();
            if (next instanceof Hashtable) {
                hashtable = (Hashtable) next;
                break;
            }
        }
        return hashtable;
    }
}
