package com.ibm.ws.wssecurity.platform.websphere.util;

import com.ibm.websphere.security.WSSecurityException;
import com.ibm.websphere.security.auth.WSLoginFailedException;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.auth.SubjectHelper;
import com.ibm.ws.security.core.ContextManager;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.wssecurity.common.Constants;
import com.ibm.ws.wssecurity.platform.util.WSSSubjectHelper;
import com.ibm.ws.wssecurity.platform.websphere.wssapi.token.impl.TokenPropagationCallbackHandler;
import com.ibm.ws.wssecurity.util.Tr;
import com.ibm.ws.wssecurity.util.TraceComponent;
import com.ibm.wsspi.security.token.AuthenticationToken;
import com.ibm.wsspi.security.token.WSOpaqueTokenHelper;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.Externalizable;
import java.io.IOException;
import java.io.InvalidClassException;
import java.io.ObjectInput;
import java.io.ObjectInputStream;
import java.io.ObjectOutput;
import java.io.ObjectOutputStream;
import java.security.AccessController;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.apache.axis2.util.ObjectStateUtils;

/* loaded from: input_file:lib/com.ibm.jaxws.thinclient_9.0.jar:com/ibm/ws/wssecurity/platform/websphere/util/WSSSubjectHelperImpl.class */
public class WSSSubjectHelperImpl implements WSSSubjectHelper, Externalizable {
    private static final long serialVersionUID = -7832034184844111080L;
    private static final int VERSION = 1;
    private static final TraceComponent tc = Tr.register(WSSSubjectHelperImpl.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.wssmessages");
    private static final ContextManager mgr = ContextManagerFactory.getInstance();
    private static final WSOpaqueTokenHelper wsOpaHelper = WSOpaqueTokenHelper.getInstance();
    private static final WSSOpaqueTokenHelper wssOpaHelper = WSSOpaqueTokenHelper.getInstance();
    private static final boolean isServerSecurityEnabled = isServerSecurityEnabled();
    public static final String DESERIALIZE_ASYNCH_CONTEXT = "system.DESERIALIZE_ASYNCH_CONTEXT";
    private byte[] opaqueToken;
    private byte[] loginToken;
    private int version = 1;
    private Subject subject = null;

    public void setSubject(Subject subject) {
        this.subject = subject;
    }

    public Subject getSubject() {
        return this.subject;
    }

    @Override // com.ibm.ws.wssecurity.platform.util.WSSSubjectHelper
    public byte[] serializeSubject(Subject subject) {
        this.subject = subject;
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            ObjectOutputStream objectOutputStream = new ObjectOutputStream(byteArrayOutputStream);
            writeExternal(objectOutputStream);
            objectOutputStream.close();
            byteArrayOutputStream.close();
            return byteArrayOutputStream.toByteArray();
        } catch (Exception e) {
            if (!tc.isDebugEnabled()) {
                return null;
            }
            Tr.debug(tc, "Fail to serialize Token. ", e.getStackTrace());
            return null;
        }
    }

    @Override // com.ibm.ws.wssecurity.platform.util.WSSSubjectHelper
    public Subject deserializeSubject(byte[] bArr) {
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
            ObjectInputStream objectInputStream = new ObjectInputStream(byteArrayInputStream);
            readExternal(objectInputStream);
            objectInputStream.close();
            byteArrayInputStream.close();
            this.subject = (Subject) AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.ws.wssecurity.platform.websphere.util.WSSSubjectHelperImpl.1
                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws LoginException {
                    return WSSSubjectHelperImpl.this.doLogin();
                }
            });
            return this.subject;
        } catch (Exception e) {
            if (!tc.isDebugEnabled()) {
                return null;
            }
            Tr.debug(tc, "Fail to de-serialize Token. ", e.getStackTrace());
            return null;
        }
    }

    public Subject doLogin() throws LoginException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "doLogin", new Object[]{"Login token=" + this.loginToken, "Subject token=" + this.opaqueToken});
        }
        try {
            LoginContext loginContext = new LoginContext(Constants.DEFAULT_INBOUND_DESERIALIZE_JAAS_CONFIG, new TokenPropagationCallbackHandler(null, isServerSecurityEnabled ? wsOpaHelper.createTokenHolderListFromOpaqueToken(this.opaqueToken) : wssOpaHelper.createTokenHolderListFromOpaqueToken(this.opaqueToken), this.loginToken));
            loginContext.login();
            Subject subject = loginContext.getSubject();
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "doLogin");
            }
            return subject;
        } catch (Exception e) {
            FFDCFilter.processException(e, "doLogin", "493", this);
            LoginException loginException = new LoginException("Failed to deserialize Context.");
            loginException.initCause(e);
            throw loginException;
        }
    }

    private byte[] createSubjectToken(Subject subject) throws WSLoginFailedException, WSSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createSubjectToken", "Subject is null? " + (subject == null));
        }
        byte[] bArr = null;
        if (subject != null) {
            bArr = isServerSecurityEnabled ? wsOpaHelper.createOpaqueTokenFromSubject(subject) : wssOpaHelper.createOpaqueTokenFromSubject(subject);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createSubjectToken", "Token created is null? " + (bArr == null));
        }
        return bArr;
    }

    private ArrayList createAndCacheTokenHolderList(byte[] bArr) throws WSSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createAndCacheTokenHolderList", bArr);
        }
        ArrayList createTokenHolderListFromOpaqueToken = wsOpaHelper.createTokenHolderListFromOpaqueToken(bArr);
        mgr.put(wsOpaHelper.getOpaqueTokenLookup(), createTokenHolderListFromOpaqueToken);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createAndCacheTokenHolderList", "tokenList=" + createTokenHolderListFromOpaqueToken);
        }
        return createTokenHolderListFromOpaqueToken;
    }

    private void removeTokenHolderListFromCache() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "removeTokenHolderListFromCache");
        }
        mgr.put(wsOpaHelper.getOpaqueTokenLookup(), null);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "removeTokenHolderListFromCache");
        }
    }

    @Override // java.io.Externalizable
    public void writeExternal(ObjectOutput objectOutput) throws IOException {
        WSCredential wSCredentialFromSubject;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "writeObject", objectOutput);
        }
        try {
            this.loginToken = null;
            this.opaqueToken = null;
            if (this.subject != null) {
                this.opaqueToken = createSubjectToken(this.subject);
                if (isServerSecurityEnabled && (wSCredentialFromSubject = SubjectHelper.getWSCredentialFromSubject(this.subject)) != null) {
                    AuthenticationToken createAuthTokenFromWSCredential = mgr.getWSCredTokenMapper().createAuthTokenFromWSCredential(wSCredentialFromSubject);
                    this.loginToken = createAuthTokenFromWSCredential != null ? createAuthTokenFromWSCredential.getBytes() : null;
                }
            }
        } catch (WSSecurityException e) {
            FFDCFilter.processException(e, "writeObject", "597", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "writeObject", e);
            }
        } catch (WSLoginFailedException e2) {
            FFDCFilter.processException(e2, "writeObject", "592", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "writeObject", e2);
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "writeObject", "Serializing Context version: " + this.version + ", serialVersionUID=" + serialVersionUID);
        }
        objectOutput.writeInt(this.version);
        ObjectStateUtils.writeObject(objectOutput, this.opaqueToken, "opaqueToken");
        ObjectStateUtils.writeObject(objectOutput, this.loginToken, "loginToken");
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "writeObject");
        }
    }

    @Override // java.io.Externalizable
    public void readExternal(ObjectInput objectInput) throws IOException, ClassNotFoundException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "readObject", objectInput);
        }
        this.version = objectInput.readInt();
        switch (this.version) {
            case 1:
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "readObject", "Deserializing Context version: " + this.version + ", serialVersionUID=" + serialVersionUID);
                }
                Object readObject = ObjectStateUtils.readObject(objectInput, "opaqueToken");
                if (readObject != null) {
                    this.opaqueToken = (byte[]) readObject;
                }
                Object readObject2 = ObjectStateUtils.readObject(objectInput, "loginToken");
                if (readObject2 != null) {
                    this.loginToken = (byte[]) readObject2;
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "readObject");
                    return;
                }
                return;
            default:
                throw new InvalidClassException("Unsupported Context version: " + this.version);
        }
    }

    private static final boolean isServerSecurityEnabled() {
        try {
            return mgr.isServerSecurityEnabled();
        } catch (Exception e) {
            if (!tc.isDebugEnabled()) {
                return false;
            }
            Tr.debug(tc, "isServerSecurityEnabled ", e.getMessage());
            return false;
        }
    }
}
