package com.ibm.ws.webcontainer.security.internal;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.security.WSSecurityException;
import com.ibm.websphere.security.auth.WSSubject;
import com.ibm.ws.common.internal.encoder.Base64Coder;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.webcontainer.security.WebAppSecurityConfig;
import com.ibm.wsspi.security.token.SingleSignonToken;
import java.util.Iterator;
import javax.security.auth.Subject;
import javax.servlet.http.Cookie;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:wlp/lib/com.ibm.ws.webcontainer.security_1.0.11.jar:com/ibm/ws/webcontainer/security/internal/WebSecurityHelperImpl.class */
public class WebSecurityHelperImpl {
    private static final TraceComponent tc = Tr.register(WebSecurityHelperImpl.class);
    private static WebAppSecurityConfig webAppSecConfig = null;
    static final long serialVersionUID = -4670644362810208426L;

    public static void setWebAppSecurityConfig(WebAppSecurityConfig webAppSecurityConfig) {
        webAppSecConfig = webAppSecurityConfig;
    }

    private static Cookie constructLTPACookieObj(SingleSignonToken singleSignonToken) {
        return new Cookie(webAppSecConfig.getSSOCookieName(), Base64Coder.base64EncodeToString(singleSignonToken.getBytes()));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Cookie getLTPACookie(Subject subject) throws Exception {
        Cookie cookie = null;
        SingleSignonToken singleSignonToken = null;
        Iterator it = subject.getPrivateCredentials(SingleSignonToken.class).iterator();
        if (it.hasNext()) {
            singleSignonToken = (SingleSignonToken) it.next();
            if (it.hasNext()) {
                throw new WSSecurityException("More than one ssotoken found in subject");
            }
        }
        if (singleSignonToken != null) {
            cookie = constructLTPACookieObj(singleSignonToken);
        } else if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "No ssotoken found for this subject", new Object[0]);
        }
        return cookie;
    }

    public static Cookie getSSOCookieFromSSOToken() throws Exception {
        Cookie cookie = null;
        if (webAppSecConfig == null) {
            return null;
        }
        try {
            Subject runAsSubject = WSSubject.getRunAsSubject();
            if (runAsSubject == null) {
                runAsSubject = WSSubject.getCallerSubject();
            }
            if (runAsSubject != null) {
                cookie = getLTPACookie(runAsSubject);
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "No subjects on the thread", new Object[0]);
            }
            return cookie;
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.webcontainer.security.internal.WebSecurityHelperImpl", "106", null, new Object[0]);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "getSSOCookieFromSSOToken caught exception: " + e.getMessage(), new Object[0]);
            }
            throw e;
        }
    }

    public static WebAppSecurityConfig getWebAppSecurityConfig() {
        return webAppSecConfig;
    }
}
