package com.ibm.ISecurityLocalObjectTokenBaseImpl;

import com.ibm.CSIv2Security.LTPAMechOID;
import com.ibm.ISecurityL13SupportImpl.SecurityMessages;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.GSSEncodeDecodeException;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.GSSFactory;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.OID;
import com.ibm.ISecurityLocalObjectGSSUPImpl.WSSecurityContextImpl;
import com.ibm.ISecurityUtilityImpl.CSIUtil;
import com.ibm.ISecurityUtilityImpl.RealmSecurityName;
import com.ibm.ISecurityUtilityImpl.StateofCurrObj;
import com.ibm.ISecurityUtilityImpl.WSSecurityContextFactory;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ffdc.Manager;
import com.ibm.websphere.security.auth.WSLoginFailedException;
import com.ibm.websphere.security.auth.WSSecurityContext;
import com.ibm.websphere.security.auth.WSSecurityContextException;
import com.ibm.websphere.security.auth.WSSecurityContextResult;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.security.auth.SubjectHelper;
import com.ibm.ws.security.common.util.AuditConstants;
import com.ibm.ws.security.config.CSIv2Config;
import com.ibm.ws.security.config.SecurityObjectLocator;
import com.ibm.ws.security.context.ContextImpl;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.wsspi.security.context.ContextManager;
import java.util.Map;
import javax.security.auth.Subject;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.omg.CORBA.BAD_OPERATION;
import org.omg.GSSUP.GSSUPMechOID;
import org.omg.Security.OpaqueHolder;
import org.omg.SecurityLevel2.CredentialsHolder;

/* loaded from: input_file:wasJars/com.ibm.ws.admin.client_9.0.jar:com/ibm/ISecurityLocalObjectTokenBaseImpl/WSSecurityContextLTPAImpl.class */
public final class WSSecurityContextLTPAImpl implements WSSecurityContext {
    private static final TraceComponent tc = Tr.register((Class<?>) WSSecurityContextLTPAImpl.class, "SASRas", "com.ibm.ISecurityL13SupportImpl.sec");

    @Override // com.ibm.websphere.security.auth.WSSecurityContext
    public byte[] initSecContext(WSCredential wSCredential, String str, String str2) throws WSSecurityContextException {
        Subject createSubjectFromWSCredential = SubjectHelper.createSubjectFromWSCredential(wSCredential);
        String str3 = null;
        try {
            str3 = wSCredential.getOID();
        } catch (Exception e) {
        }
        return initSecContext(createSubjectFromWSCredential, str, str2, str3);
    }

    @Override // com.ibm.websphere.security.auth.WSSecurityContext
    public byte[] initSecContext(Subject subject, String str, String str2) throws WSSecurityContextException {
        String str3 = null;
        WSCredential wSCredentialFromSubject = SubjectHelper.getWSCredentialFromSubject(subject);
        if (wSCredentialFromSubject != null) {
            try {
                str3 = wSCredentialFromSubject.getOID();
            } catch (Exception e) {
            }
        }
        return initSecContext(subject, str, str2, str3);
    }

    @Override // com.ibm.websphere.security.auth.WSSecurityContext
    public byte[] initSecContext(Subject subject, String str, String str2, String str3) throws WSSecurityContextException {
        byte[] create_gss_initial_context_token;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initSecContext", new Object[]{subject, str, str2, str3, this});
        }
        CSIUtil cSIUtil = new CSIUtil();
        OpaqueHolder opaqueHolder = new OpaqueHolder();
        WSCredential wSCredentialFromSubject = SubjectHelper.getWSCredentialFromSubject(subject);
        if (wSCredentialFromSubject == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, SecurityMessages.getMsgOrUseDefault("JSAS0020W", "JSAS0020W: Unable to get credentials."));
            }
            throw new WSSecurityContextException(7, 0, "initSecContext: " + SecurityMessages.getMsgOrUseDefault("JSAS0020W", "JSAS0020W: Unable to get credentials."));
        }
        try {
            opaqueHolder.value = wSCredentialFromSubject.getCredentialToken();
            if (str3.compareTo(GSSUPMechOID.value) == 0) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Encountered GSSUP credential. Calling GSSUP.initSecContext()");
                }
                create_gss_initial_context_token = new WSSecurityContextImpl().initSecContext(subject, str, str2, str3);
            } else {
                create_gss_initial_context_token = cSIUtil.create_gss_initial_context_token(str3, opaqueHolder);
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Forming client_authentication_token in initSecContext using: username = " + wSCredentialFromSubject.getSecurityName() + ", server = " + str + ", realm = " + str2 + ", authMechOid = " + str3);
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "initSecContext", create_gss_initial_context_token);
            }
            return create_gss_initial_context_token;
        } catch (WSSecurityContextException e) {
            Manager.Ffdc.log(e, this, "com.ibm.ISecurityLocalObjectTokenBaseImpl.WSSecurityContextLTPAImpl.initSecContext", "185", this);
            Tr.audit(tc, "Error creating client_auth_token in initSecContext, reason: " + e.toString());
            throw e;
        } catch (Exception e2) {
            Manager.Ffdc.log(e2, this, "com.ibm.ISecurityLocalObjectTokenBaseImpl.WSSecurityContextLTPAImpl.initSecContext", "193", this);
            Tr.audit(tc, "Exception getting attributes from WSCredential, error string from exception: " + e2.getMessage());
            throw new WSSecurityContextException(13, 0, "initSecContext: Exception getting attributes from WSCredential, error string from exception: " + e2.getMessage(), e2);
        }
    }

    @Override // com.ibm.websphere.security.auth.WSSecurityContext
    public WSSecurityContextResult acceptSecContext(byte[] bArr) throws WSSecurityContextException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "acceptSecContext", new Object[]{bArr, this});
        }
        WSSecurityContextResult acceptSecContext = acceptSecContext(bArr, null, null);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "acceptSecContext(gssInitToken)");
        }
        return acceptSecContext;
    }

    @Override // com.ibm.websphere.security.auth.WSSecurityContext
    public WSSecurityContextResult acceptSecContext(byte[] bArr, Map map) throws WSSecurityContextException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "acceptSecContext", new Object[]{bArr, map, this});
        }
        WSSecurityContextResult acceptSecContext = acceptSecContext(bArr, map, null);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "acceptSecContext(gssInitToken)");
        }
        return acceptSecContext;
    }

    /* JADX WARN: Finally extract failed */
    @Override // com.ibm.websphere.security.auth.WSSecurityContext
    public WSSecurityContextResult acceptSecContext(byte[] bArr, Map map, String str) throws WSSecurityContextException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "acceptSecContext", new Object[]{bArr, map, str, this});
        }
        CSIUtil cSIUtil = new CSIUtil();
        new CredentialsHolder();
        new OpaqueHolder();
        new OpaqueHolder();
        OpaqueHolder opaqueHolder = new OpaqueHolder();
        new byte[1][0] = 100;
        try {
            String mechOIDFromGSSToken = GSSFactory.getMechOIDFromGSSToken(bArr);
            if (tc.isEntryEnabled()) {
                Tr.entry(tc, "gssInitToken OID: " + mechOIDFromGSSToken);
            }
            if (bArr == null || bArr.length == 0) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "acceptSecContext(null token or oid)");
                }
                return new WSSecurityContextResult(null, ContextManagerFactory.getInstance().createUnauthenticatedSubject());
            }
            if (mechOIDFromGSSToken == null) {
                return new WSSecurityContextImpl().acceptSecContext(bArr, map, null);
            }
            if (!OID.compareOIDs(mechOIDFromGSSToken, LTPAMechOID.value)) {
                return WSSecurityContextFactory.getInstance().createContext(mechOIDFromGSSToken).acceptSecContext(bArr, map, str);
            }
            cSIUtil.parse_gss_initial_context_token(bArr, opaqueHolder);
            if (opaqueHolder.value == null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Failed to parse the gss initial context token.");
                }
                throw new WSSecurityContextException(18, 0, "Failed to parse the gss initial context token.");
            }
            boolean z = false;
            if (map != null) {
                try {
                    if (map.containsKey(ContextManager.DESERIALIZE_ASYNCH_LOGIN_RENEW)) {
                        if (map.get(ContextManager.DESERIALIZE_ASYNCH_LOGIN_RENEW) instanceof Boolean) {
                            z = ((Boolean) map.get(ContextManager.DESERIALIZE_ASYNCH_LOGIN_RENEW)).booleanValue();
                        } else {
                            String str2 = (String) map.get(ContextManager.DESERIALIZE_ASYNCH_LOGIN_RENEW);
                            z = str2 != null && (str2.equalsIgnoreCase("true") || str2.equalsIgnoreCase("yes"));
                        }
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, AuditConstants.LOGIN, "Is this an asynch login? " + z);
                        }
                    }
                } catch (WSLoginFailedException e) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "WSLoginFailedException occurred in acceptSecContext: " + e.getMessage(), new Object[]{e});
                    }
                    Manager.Ffdc.log(e, this, "com.ibm.ISecurityLocalObjectGSSUPImpl.WSSecurityContextImpl.acceptSecContext", "356", this);
                    throw new WSSecurityContextException(0, 0, e.getMessage(), e);
                } catch (Exception e2) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Exception occurred in acceptSecContext: " + e2.getMessage(), new Object[]{e2});
                    }
                    Manager.Ffdc.log(e2, this, "com.ibm.ISecurityLocalObjectGSSUPImpl.WSSecurityContextImpl.acceptSecContext", "364", this);
                    throw new WSSecurityContextException(0, 0, e2.getMessage(), e2);
                }
            }
            CSIv2Config cSIv2Config = SecurityObjectLocator.getCSIv2Config();
            com.ibm.ws.security.core.ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
            StateofCurrObj stateofCurrObj = contextManagerFactory.getThreadLocal().get_state_of_curr_obj();
            try {
                Subject serverSubject = stateofCurrObj.getIdentityTokenServerId() ? contextManagerFactory.getServerSubject() : z ? contextManagerFactory.login(RealmSecurityName.getRealm(cSIv2Config.getString("com.ibm.CORBA.principalName")), opaqueHolder.value, ContextImpl.DESERIALIZE_ASYNCH_CONTEXT, (HttpServletRequest) null, (HttpServletResponse) null, map, (Subject) null, mechOIDFromGSSToken) : contextManagerFactory.login(RealmSecurityName.getRealm(cSIv2Config.getString("com.ibm.CORBA.principalName")), opaqueHolder.value, cSIv2Config.getString("com.ibm.CSI.rmiInboundLoginConfig"), (HttpServletRequest) null, (HttpServletResponse) null, map, (Subject) null, mechOIDFromGSSToken);
                stateofCurrObj.setIdentityTokenServerId(false);
                if (serverSubject != null) {
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "acceptSecContext");
                    }
                    return new WSSecurityContextResult(null, serverSubject);
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Validation failed in acceptSecContext, reason: Major[4], Minor[0], Message[Subject is null, Token is probably expired.]");
                }
                throw new WSSecurityContextException(4, 0, "Validation failed in acceptSecContext, reason: Major[4], Minor[0], Message[Subject is null, Token is probably expired.]");
            } catch (Throwable th) {
                stateofCurrObj.setIdentityTokenServerId(false);
                throw th;
            }
        } catch (GSSEncodeDecodeException e3) {
            Manager.Ffdc.log(e3, this, "com.ibm.ISecurityLocalObjectTokenBaseImpl.WSSecurityContextLTPAImpl.acceptSecContext", "319", this);
            Tr.debug(tc, "Error parsing client_auth_token in acceptSecContext, reason: " + e3.toString(), new Object[]{e3});
            throw new WSSecurityContextException(18, 0, "Error parsing client_auth_token in acceptSecContext, reason: " + e3.toString());
        } catch (WSSecurityContextException e4) {
            Manager.Ffdc.log(e4, this, "com.ibm.ISecurityLocalObjectTokenBaseImpl.WSSecurityContextLTPAImpl.acceptSecContext", "313", this);
            Tr.debug(tc, "Error parsing client_auth_token in acceptSecContext, reason: " + e4.toString(), new Object[]{e4});
            throw e4;
        } catch (Exception e5) {
            Manager.Ffdc.log(e5, this, "com.ibm.ISecurityLocalObjectTokenBaseImpl.WSSecurityContextLTPAImpl.acceptSecContext", "335", this);
            Tr.debug(tc, "Java exception occurred.", new Object[]{e5});
            throw new WSSecurityContextException(13, 0, "Java exception occurred.");
        } catch (BAD_OPERATION e6) {
            Manager.Ffdc.log(e6, this, "com.ibm.ISecurityLocalObjectTokenBaseImpl.WSSecurityContextLTPAImpl.acceptSecContext", "327", this);
            Tr.debug(tc, "Corba BAD_OPERATION exception occurred, reason: " + e6.getMessage(), new Object[]{e6});
            throw new WSSecurityContextException(14, 0, "Corba BAD_OPERATION exception occurred, reason: " + e6.getMessage());
        }
    }

    @Override // com.ibm.websphere.security.auth.WSSecurityContext
    public void completeSecContext(byte[] bArr) {
    }

    @Override // com.ibm.websphere.security.auth.WSSecurityContext
    public void dispose() {
    }
}
