package com.ibm.ws.wssecurity.wssapi.token.impl;

import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.websphere.wssecurity.callbackhandler.PropertyCallback;
import com.ibm.websphere.wssecurity.wssapi.token.SecurityToken;
import com.ibm.ws.wssecurity.common.Constants;
import com.ibm.ws.wssecurity.platform.audit.WSSAuditEventGenerator;
import com.ibm.ws.wssecurity.platform.audit.WSSAuditEventGeneratorFactory;
import com.ibm.ws.wssecurity.platform.audit.WSSAuditService;
import com.ibm.ws.wssecurity.platform.auth.WSSContextManager;
import com.ibm.ws.wssecurity.platform.auth.WSSContextManagerFactory;
import com.ibm.ws.wssecurity.util.ConfigUtil;
import com.ibm.ws.wssecurity.util.DOMUtils;
import com.ibm.ws.wssecurity.util.IdUtils;
import com.ibm.ws.wssecurity.util.TokenUtils;
import com.ibm.ws.wssecurity.util.Tr;
import com.ibm.ws.wssecurity.util.TraceComponent;
import com.ibm.ws.wssecurity.wssapi.OMStructure;
import com.ibm.ws.wssecurity.xml.xss4j.dsig.util.Base64;
import com.ibm.wsspi.wssecurity.core.config.TokenConsumerConfig;
import com.ibm.wsspi.wssecurity.core.token.SecurityTokenManager;
import java.lang.reflect.Method;
import java.lang.reflect.UndeclaredThrowableException;
import java.util.Date;
import java.util.Iterator;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import javax.xml.namespace.QName;
import org.apache.axiom.om.OMElement;

/* loaded from: input_file:lib/com.ibm.wsfp.main.jar:com/ibm/ws/wssecurity/wssapi/token/impl/LTPAConsumeLoginModule.class */
public class LTPAConsumeLoginModule implements LoginModule {
    private static final String comp = "security.wssecurity";
    private CallbackHandler _handler;
    private Map _sharedState;
    private SecurityToken _token;
    private SecurityTokenManager _securityTokenManager;
    private Map<Object, Object> _context;
    private static final TraceComponent tc = Tr.register(LTPAConsumeLoginModule.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.wssmessages");
    private static final String clsName = X509ConsumeLoginModule.class.getName();

    /* loaded from: input_file:lib/com.ibm.wsfp.main.jar:com/ibm/ws/wssecurity/wssapi/token/impl/LTPAConsumeLoginModule$getLTPAMethod.class */
    private static class getLTPAMethod {
        private static final String LTPA_SERVER_OBJECT_CLASS = "com.ibm.ws.security.ltpa.LTPAServerObject";
        private static Class _ltpaServerObjectClass;
        private static Method _validateLTPATokenMethod;
        private static Method _getLTPAServerMethod;
        private static Object _ltpaServerObject;

        private getLTPAMethod() {
        }

        static {
            _ltpaServerObjectClass = null;
            _validateLTPATokenMethod = null;
            _getLTPAServerMethod = null;
            _ltpaServerObject = null;
            if (_ltpaServerObjectClass == null) {
                try {
                    ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
                    _ltpaServerObjectClass = contextClassLoader != null ? contextClassLoader.loadClass(LTPA_SERVER_OBJECT_CLASS) : Class.forName(LTPA_SERVER_OBJECT_CLASS);
                } catch (Exception e) {
                    throw new UndeclaredThrowableException(e);
                }
            }
            if (_getLTPAServerMethod == null && _ltpaServerObjectClass != null) {
                try {
                    _getLTPAServerMethod = _ltpaServerObjectClass.getMethod("getLTPAServer", new Class[0]);
                    if (_getLTPAServerMethod != null) {
                        _ltpaServerObject = _getLTPAServerMethod.invoke(null, new Object[0]);
                    }
                } catch (Exception e2) {
                    throw new UndeclaredThrowableException(e2);
                }
            }
            if (_validateLTPATokenMethod != null || _ltpaServerObjectClass == null) {
                return;
            }
            try {
                _validateLTPATokenMethod = _ltpaServerObjectClass.getMethod("validateToken", byte[].class);
            } catch (Exception e3) {
                throw new UndeclaredThrowableException(e3);
            }
        }
    }

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initialize(Subject subject, CallbackHandler handler, Map sharedState, Map options)");
        }
        this._handler = callbackHandler;
        this._sharedState = map;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "initialize(Subject, CallbackHandler, Map, Map)");
        }
    }

    public boolean login() throws LoginException {
        String str;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "login()");
        }
        PropertyCallback propertyCallback = new PropertyCallback(null);
        try {
            this._handler.handle(new Callback[]{propertyCallback});
            this._context = propertyCallback.getProperties();
            TokenConsumerConfig tokenConsumerConfig = (TokenConsumerConfig) this._context.get(TokenConsumerConfig.CONFIG_KEY);
            QName type = tokenConsumerConfig.getType();
            LTPATokenImpl lTPAv2TokenImpl = Constants.LTPAv2_TOKEN.equals(type) ? new LTPAv2TokenImpl() : new LTPATokenImpl();
            this._context.put(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_TOKEN_FOR_ERROR_HANDLING, lTPAv2TokenImpl);
            if (!Constants.LTPA_TOKEN.equals(type) && !Constants.LTPAv2_TOKEN.equals(type)) {
                throw new LoginException(ConfigUtil.getMessage("security.wssecurity.PrivateConsumerConfig.s30", new String[]{type.toString(), Constants.LTPA_TOKEN.toString()}));
            }
            OMElement oMElement = (OMElement) this._context.get("com.ibm.ws.wssecurity.constants.processingElement");
            lTPAv2TokenImpl.setXML(new OMStructure(oMElement));
            String str2 = null;
            QName idAttributeName = IdUtils.getInstance().getIdAttributeName(oMElement);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "The identifier attribute of the target element is [" + idAttributeName + "].");
            }
            if (idAttributeName != null) {
                str2 = oMElement.getAttributeValue(idAttributeName);
            }
            boolean isEnforceTokenVersion = tokenConsumerConfig.isEnforceTokenVersion();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "enforceTokenVersion: " + isEnforceTokenVersion);
            }
            int i = 0;
            Object obj = this._context.get(Constants.WSS_VERSION);
            if (obj != null && (obj instanceof Integer)) {
                i = ((Integer) obj).intValue();
            }
            QName qName = DOMUtils.getQName(oMElement, oMElement.getAttributeValue(Constants.VALUETYPE_Q), i);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "The ValueType attribute of the target element is [" + qName.toString() + "].");
            }
            if (!qName.equals(type)) {
                if (Constants.LTPAv2_TOKEN.equals(qName)) {
                    lTPAv2TokenImpl = new LTPAv2TokenImpl();
                } else {
                    if (!Constants.LTPA_TOKEN.equals(qName)) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "The ValueType attribute matches neither ltpa v1 or ltpa v2 token types.");
                        }
                        throw new LoginException(ConfigUtil.getMessage("security.wssecurity.LTPAConsumeLoginModule.invalidValueType", new String[]{type.toString(), qName.toString()}));
                    }
                    lTPAv2TokenImpl = new LTPATokenImpl();
                }
                this._context.put(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_TOKEN_FOR_ERROR_HANDLING, lTPAv2TokenImpl);
                if (isEnforceTokenVersion) {
                    throw new LoginException(ConfigUtil.getMessage("security.wssecurity.PrivateConsumerConfig.s30", new String[]{type.toString(), qName.toString()}));
                }
            }
            lTPAv2TokenImpl.setId(str2);
            byte[] decode = Base64.decode(DOMUtils.getStringValue(oMElement));
            if (tc.isDebugEnabled()) {
                LTPAGenerateLoginModule.printBinaryInfo(decode);
            }
            WSSContextManager wSSContextManagerFactory = WSSContextManagerFactory.getInstance();
            Subject login = wSSContextManagerFactory.login(wSSContextManagerFactory.getDefaultRealm(), decode);
            if (tc.isDebugEnabled()) {
                LTPAGenerateLoginModule.printSubject("Subject from inbound LTPA token data:", login);
            }
            WSCredential wSCredential = null;
            str = "";
            Date date = new Date(System.currentTimeMillis());
            Iterator it = login.getPublicCredentials(WSCredential.class).iterator();
            if (it.hasNext()) {
                wSCredential = (WSCredential) it.next();
            }
            try {
                str = wSCredential.getRealmSecurityName() != null ? wSCredential.getRealmSecurityName() : "";
                if (wSCredential.getExpiration() != 0) {
                    date = new Date(wSCredential.getExpiration());
                }
            } catch (Exception e) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Cannot get WSCredential infor from the subject");
                }
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "LTPA token Principal Name = " + str);
                Tr.debug(tc, "LTPA token Expiration date = " + date.toString());
            }
            lTPAv2TokenImpl.setBinary(decode);
            WSSAuditService auditService = WSSContextManagerFactory.getInstance().getAuditService();
            WSSAuditEventGenerator wSSAuditEventGeneratorFactory = WSSAuditEventGeneratorFactory.getInstance();
            if (auditService.isEventRequired(WSSAuditService.WSSAuditEventType.SECURITY_AUTHN, WSSAuditService.WSSAuditOutcome.SUCCESS, this._context) || auditService.isEventRequired(WSSAuditService.WSSAuditEventType.SECURITY_AUTHN, WSSAuditService.WSSAuditOutcome.DENIED, this._context)) {
                Map<String, Object> extendedAuditData = wSSAuditEventGeneratorFactory.setExtendedAuditData(this._context, WSSAuditEventGenerator.TOKEN_ID, str2);
                wSSAuditEventGeneratorFactory.addExtendedAuditData(extendedAuditData, "Username", str);
                wSSAuditEventGeneratorFactory.addExtendedAuditData(extendedAuditData, "Expiration", date.toString());
            }
            this._securityTokenManager = (SecurityTokenManager) this._context.get(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_SECURITY_TOKEN_MANAGER);
            this._token = lTPAv2TokenImpl;
            TokenUtils.putTokenToSharedState(this._sharedState, this._token, false);
            if (!tc.isEntryEnabled()) {
                return true;
            }
            Tr.exit(tc, "login()");
            return true;
        } catch (Exception e2) {
            Tr.processException(e2, clsName + ".login", "132", this);
            throw new LoginException(ConfigUtil.getMessage("security.wssecurity.BSTokenLoginModule.s01", new String[]{e2.toString()}));
        }
    }

    public boolean commit() throws LoginException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "commit()");
        }
        this._securityTokenManager.addToken(this._token);
        this._context.put(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_TOKEN_PROCESSED, this._token);
        if (!tc.isEntryEnabled()) {
            return true;
        }
        Tr.exit(tc, "commit()");
        return true;
    }

    public boolean abort() throws LoginException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "abort()");
        }
        if (!tc.isEntryEnabled()) {
            return false;
        }
        Tr.exit(tc, "abort()");
        return false;
    }

    public boolean logout() throws LoginException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "logout()");
        }
        if (!tc.isEntryEnabled()) {
            return false;
        }
        Tr.exit(tc, "logout()");
        return false;
    }
}
