package com.ibm.ws.security.credentials.wscred;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.authentication.utility.SubjectHelper;
import com.ibm.ws.security.credentials.CredentialProvider;
import com.ibm.wsspi.kernel.service.utils.SerializableProtectedString;
import java.util.Hashtable;
import javax.security.auth.Subject;
import javax.security.auth.login.CredentialException;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.ConfigurationPolicy;
import org.osgi.service.component.annotations.Deactivate;

@InjectedFFDC
@TraceObjectField(fieldName = "$$$tc$$$", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
@Component(service = {CredentialProvider.class}, configurationPolicy = ConfigurationPolicy.IGNORE, property = {"service.vendor=IBM", "type=BasicAuthCredential"})
/* loaded from: input_file:wlp/lib/com.ibm.ws.security.credentials_1.0.13.jar:com/ibm/ws/security/credentials/wscred/BasicAuthCredentialProvider.class */
public class BasicAuthCredentialProvider implements CredentialProvider {
    protected static final String KEY_BASIC_AUTH_REALM = "com.ibm.ws.security.cred.realm";
    protected static final String KEY_BASIC_AUTH_USER = "com.ibm.ws.security.cred.user";
    protected static final String KEY_BASIC_AUTH_PASSWORD = "com.ibm.ws.security.cred.password";
    static final long serialVersionUID = -2963529245432279019L;
    private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(BasicAuthCredentialProvider.class);

    @Activate
    protected void activate() {
    }

    @Deactivate
    protected void deactivate() {
    }

    @Override // com.ibm.ws.security.credentials.CredentialProvider
    public void setCredential(Subject subject) throws CredentialException {
        Hashtable<String, ?> basicAuthHashtableFromSubject = getBasicAuthHashtableFromSubject(subject);
        if (basicAuthHashtableFromSubject != null) {
            try {
                if (!basicAuthHashtableFromSubject.isEmpty() && basicAuthHashtableFromSubject.size() == 3) {
                    setBasicAuthCredential(subject, getRealm(basicAuthHashtableFromSubject), getSecurityName(basicAuthHashtableFromSubject), getPassword(basicAuthHashtableFromSubject));
                }
            } finally {
                removeBasicAuthHashtable(subject, basicAuthHashtableFromSubject);
            }
        }
    }

    @Sensitive
    private Hashtable<String, ?> getBasicAuthHashtableFromSubject(@Sensitive Subject subject) {
        return new SubjectHelper().getSensitiveHashtableFromSubject(subject, new String[]{KEY_BASIC_AUTH_REALM, KEY_BASIC_AUTH_USER, KEY_BASIC_AUTH_PASSWORD});
    }

    private String getRealm(@Sensitive Hashtable<String, ?> hashtable) {
        return (String) hashtable.get(KEY_BASIC_AUTH_REALM);
    }

    private String getSecurityName(@Sensitive Hashtable<String, ?> hashtable) {
        return (String) hashtable.get(KEY_BASIC_AUTH_USER);
    }

    @Sensitive
    private SerializableProtectedString getPassword(@Sensitive Hashtable<String, ?> hashtable) {
        return (SerializableProtectedString) hashtable.get(KEY_BASIC_AUTH_PASSWORD);
    }

    private void setBasicAuthCredential(@Sensitive Subject subject, String str, String str2, SerializableProtectedString serializableProtectedString) throws CredentialException {
        subject.getPublicCredentials().add(new WSCredentialImpl(str, str2, new String(serializableProtectedString.getChars())));
    }

    private void removeBasicAuthHashtable(@Sensitive Subject subject, @Sensitive Hashtable<String, ?> hashtable) {
        if (hashtable != null) {
            subject.getPrivateCredentials().remove(hashtable);
        }
    }

    @Override // com.ibm.ws.security.credentials.CredentialProvider
    public boolean isSubjectValid(Subject subject) {
        return true;
    }
}
