package com.ibm.ws.security.web;

import com.ibm.ISecurityLocalObjectBaseL13Impl.DomainInfo;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.security.ProviderFailureException;
import com.ibm.websphere.security.WebTrustAssociationFailedException;
import com.ibm.websphere.security.WebTrustAssociationUserException;
import com.ibm.websphere.security.auth.WSLoginFailedException;
import com.ibm.websphere.security.auth.WSSecurityContext;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.audit.AuditServiceImpl;
import com.ibm.ws.security.audit.utils.AuditUtils;
import com.ibm.ws.security.audit.utils.DataHelper;
import com.ibm.ws.security.auth.SubjectHelper;
import com.ibm.ws.security.auth.rsatoken.RSAPropagationManager;
import com.ibm.ws.security.common.util.CommonConstants;
import com.ibm.ws.security.config.AuthMechanismConfig;
import com.ibm.ws.security.config.SecurityConfig;
import com.ibm.ws.security.config.SecurityObjectLocator;
import com.ibm.ws.security.core.ContextManager;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.security.core.WSAccessManager;
import com.ibm.ws.security.jaspi.commands.AdminConstants;
import com.ibm.ws.security.spnego.TrustAssociationInterceptorImpl;
import com.ibm.ws.security.stat.impl.SecurityAuthenticationModuleImpl;
import com.ibm.ws.security.util.Base64Coder;
import com.ibm.ws.security.util.StringUtil;
import com.ibm.ws.util.Base64;
import com.ibm.ws.webcontainer.session.IHttpSession;
import com.ibm.ws.webcontainer.srt.SRTServletRequest;
import com.ibm.wsspi.pmi.factory.StatsFactory;
import com.ibm.wsspi.security.audit.AuditOutcome;
import com.ibm.wsspi.security.audit.AuditService;
import com.ibm.wsspi.security.audit.ContextHandler;
import com.ibm.wsspi.security.auth.callback.Constants;
import com.ibm.wsspi.security.tai.TAIResult;
import com.ibm.wsspi.security.token.AttributeNameConstants;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.Principal;
import java.security.cert.CertPath;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import javax.security.auth.Subject;
import javax.servlet.ServletRequest;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.eclipse.jst.j2ee.internal.web.operations.IWebToolingConstants;

/* loaded from: input_file:wasJars/com.ibm.ws.admin.client_9.0.jar:com/ibm/ws/security/web/WebAuthenticator.class */
public class WebAuthenticator {
    private JaspiCollaborator jaspiCollaborator;
    private ReferrerURLCookieHandler referrerURLHandler;
    public static final String FormUserName = "__WAS_FORM_USERNAME";
    public static final String FormPassword = "__WAS_FORM_PASSWORD";
    public static final String INITIAL_URL = "INITIAL_URL";
    public static final String PARAM_NAMES = "PARAM_NAMES";
    public static final String PARAM_VALUES = "PARAM_VALUES";
    private static final String POSTPARAM_COOKIE = "WASPostParam";
    private static final String POSTPARAM_URL = "U";
    private static final String POSTPARAM_PARAM = "P";
    private static final int LENGTH_INT = 4;
    private static final int OFFSET_REQURL = 0;
    private static final int OFFSET_DATA = 1;
    private static final String providerName = "WebSphere";
    private ConcurrentHashMap auditOutcome;
    private TrustAssociationInterceptorImpl spnegoWeb;
    private SecurityAuthenticationModuleImpl authModule;
    private String krb5CookieName;
    private WSSecurityContext securityContext;
    private SecurityConfig security;
    private static final TraceComponent tc = Tr.register((Class<?>) WebAuthenticator.class, (String) null, AdminConstants.MSG_BUNDLE_NAME);
    private static WebAuthenticator webAuthInstance = null;
    private static AuthenticationResult AUTHN_FAILED_RESULT = new AuthenticationResult(2, "Authentication Failed");
    private static String authMech = null;
    private static String AUTHORIZATION_ENCODING = "Authorization-Encoding";
    private static String BasicAuthEncoding = System.getProperty("com.ibm.websphere.security.BasicAuthEncoding");
    private static HashMap cookieStringCache = new HashMap(20);
    private static int MAX_COOKIE_STRING_ENTRIES = 100;
    private static AuditService auditService = null;
    private static String default_realm = null;
    private static String activeUserRegistry = null;
    public static boolean foundCookie = false;

    public static WebAuthenticator create(String str) {
        if (webAuthInstance == null) {
            webAuthInstance = new WebAuthenticator();
            authMech = str;
        }
        ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
        if (auditService == null) {
            auditService = contextManagerFactory.getAuditService();
        }
        default_realm = contextManagerFactory.getDefaultRealm();
        return webAuthInstance;
    }

    public static WebAuthenticator getInstance() {
        return webAuthInstance;
    }

    private WebAuthenticator() {
        this.jaspiCollaborator = null;
        this.referrerURLHandler = null;
        this.auditOutcome = null;
        this.spnegoWeb = null;
        this.krb5CookieName = "KRB5Token";
        this.securityContext = null;
        if (StatsFactory.isPMIEnabled()) {
            this.authModule = SecurityAuthenticationModuleImpl.getInstance("Security Authentication");
        }
        this.security = SecurityObjectLocator.getSecurityConfig();
        activeUserRegistry = this.security.getActiveUserRegistry().getType();
        this.jaspiCollaborator = WebCollaborator.getJaspiCollaborator();
        this.referrerURLHandler = new ReferrerURLCookieHandler();
    }

    protected WebAuthenticator(Object obj) {
        this.jaspiCollaborator = null;
        this.referrerURLHandler = null;
        this.auditOutcome = null;
        this.spnegoWeb = null;
        this.krb5CookieName = "KRB5Token";
        this.securityContext = null;
    }

    protected WebAuthenticator(SecurityConfig securityConfig) {
        this.jaspiCollaborator = null;
        this.referrerURLHandler = null;
        this.auditOutcome = null;
        this.spnegoWeb = null;
        this.krb5CookieName = "KRB5Token";
        this.securityContext = null;
        this.security = securityConfig;
    }

    AuthenticationResult handleTrustAssociation(WebAttributes webAttributes, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HashMap hashMap, boolean z) throws Exception {
        long j = 0;
        ContextHandler contextHandler = null;
        try {
            if (StatsFactory.isPMIEnabled()) {
                j = System.currentTimeMillis();
                this.authModule.onTAICount();
            }
            if (tc.isEntryEnabled()) {
                Tr.entry(tc, "handleTrustAssociation");
            }
            String str = (String) hashMap.get(CommonConstants.REALM_NAME);
            if (((String) hashMap.get("security.domain.type")) == null && tc.isDebugEnabled()) {
                Tr.debug(tc, "warning: handleTrustAssociation has null domain type");
            }
            TAIWrapper interceptor = TrustAssociationManager.getInstance().getInterceptor(httpServletRequest, z);
            String str2 = null;
            String[] strArr = null;
            if (auditService != null) {
                str2 = auditService.getLastTrailId();
                strArr = auditService.getEventTrailIds();
            }
            if (interceptor == null) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "TAI isn't available for this request.");
                }
                AuthenticationResult authenticationResult = new AuthenticationResult(6, "TAI isn't available for this request.");
                if (StatsFactory.isPMIEnabled()) {
                    this.authModule.onTAITime(System.currentTimeMillis() - j);
                }
                return authenticationResult;
            }
            if (tc.isEntryEnabled()) {
                Tr.debug(tc, "TAI [" + interceptor.getName() + "] is available for this request.");
            }
            try {
                TAIResult negotiateAndValidateEstablishedTrust = interceptor.negotiateAndValidateEstablishedTrust(httpServletRequest, httpServletResponse);
                int status = negotiateAndValidateEstablishedTrust.getStatus();
                if (status != 200) {
                    if (auditService != null) {
                        contextHandler = ((AuditServiceImpl) auditService).getContextHandler();
                        if (contextHandler == null) {
                            Tr.error(tc, "security.audit.service.context.error");
                            auditService.processAuditFailure("security.audit.service.context.error", null);
                        }
                    }
                    if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", AuditOutcome.S_REDIRECT)) {
                        contextHandler.buildContextObject("SESSION_CONTEXT", AuditUtils.buildSessionData(httpServletRequest));
                        contextHandler.buildContextObject("ACCESS_CONTEXT", buildAccessDataFromHttpRequest(httpServletRequest, "webAuth", null, null, "authnRedirect", "web", new Long(0L), null, null, null, null));
                        contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str2, strArr, new Date(), new Long(0L).longValue()));
                        contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                        contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), str));
                        contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(activeUserRegistry)));
                        contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
                        contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData(interceptor.getName(), "providerSuccess"));
                        this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.UNSUCCESSFUL, new Integer(-1), new Integer(-1), AuditOutcome.S_REDIRECT, 23L);
                        try {
                            auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
                        } catch (ProviderFailureException e) {
                            Tr.error(tc, "security.audit.service.sendevent.error", new Object[]{e});
                            auditService.processAuditFailure("security.audit.service.sendevent.error", e);
                        }
                    }
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "Exiting with TAI_CHALLENGE");
                    }
                    AuthenticationResult authenticationResult2 = new AuthenticationResult(5, "Challenge from TrustAssociation Interception: " + interceptor.getName(), status);
                    if (StatsFactory.isPMIEnabled()) {
                        this.authModule.onTAITime(System.currentTimeMillis() - j);
                    }
                    return authenticationResult2;
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "TAI [" + interceptor.getName() + "] has been validated successfully.");
                }
                Subject subject = negotiateAndValidateEstablishedTrust.getSubject();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Subject retrieved is [" + subject + "]");
                }
                String authenticatedPrincipal = negotiateAndValidateEstablishedTrust.getAuthenticatedPrincipal();
                if (tc.isEntryEnabled()) {
                    Tr.debug(tc, "Username retrieved from TAI is [" + authenticatedPrincipal + "]");
                }
                if (authenticatedPrincipal == null) {
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "handleTrustAssociation: (null user)");
                    }
                    if (StatsFactory.isPMIEnabled()) {
                        this.authModule.onTAITime(System.currentTimeMillis() - j);
                    }
                    return null;
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Map credentials for " + authenticatedPrincipal + ".");
                }
                Subject subject2 = null;
                if (subject != null) {
                    try {
                        WSCredential wSCredentialFromSubject = SubjectHelper.getWSCredentialFromSubject(subject);
                        if (wSCredentialFromSubject != null && wSCredentialFromSubject.isCurrent()) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Subject is already authenticated from TAI.");
                            }
                            subject2 = subject;
                        } else if (wSCredentialFromSubject != null && !wSCredentialFromSubject.isCurrent()) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Subject from TAI is expired for user: " + authenticatedPrincipal);
                            }
                            if (auditService != null) {
                                contextHandler = ((AuditServiceImpl) auditService).getContextHandler();
                                if (contextHandler == null) {
                                    Tr.error(tc, "security.audit.service.context.error");
                                    auditService.processAuditFailure("security.audit.service.context.error", null);
                                }
                            }
                            if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", "DENIED")) {
                                contextHandler.buildContextObject("SESSION_CONTEXT", AuditUtils.buildSessionData(httpServletRequest));
                                contextHandler.buildContextObject("ACCESS_CONTEXT", buildAccessDataFromHttpRequest(httpServletRequest, "webAuth", null, null, "denied", "web", new Long(0L), null, null, null, null));
                                contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str2, strArr, new Date(), new Long(0L).longValue()));
                                contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                                contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), str));
                                contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(activeUserRegistry)));
                                contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
                                contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData(interceptor.getName(), "providerSuccess"));
                                this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.UNSUCCESSFUL, new Integer(-1), new Integer(-1), "DENIED", 25L);
                                try {
                                    auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
                                } catch (ProviderFailureException e2) {
                                    Tr.error(tc, "security.audit.service.sendevent.error", new Object[]{e2});
                                    auditService.processAuditFailure("security.audit.service.sendevent.error", e2);
                                }
                            }
                            if (tc.isEntryEnabled()) {
                                Tr.exit(tc, "handleTrustAssociation: Subject in TAIResult is expired.");
                            }
                            AuthenticationResult authenticationResult3 = AUTHN_FAILED_RESULT;
                            if (StatsFactory.isPMIEnabled()) {
                                this.authModule.onTAITime(System.currentTimeMillis() - j);
                            }
                            return authenticationResult3;
                        }
                    } catch (Exception e3) {
                        FFDCFilter.processException(e3, "com.ibm.ws.security.web.WebAuthenticator.handleTrustAssociation", "905", this);
                        if (tc.isEntryEnabled()) {
                            Tr.debug(tc, "Error in mapping credential for Trust Association:" + authenticatedPrincipal);
                        }
                        if (auditService != null) {
                            contextHandler = ((AuditServiceImpl) auditService).getContextHandler();
                            if (contextHandler == null) {
                                Tr.error(tc, "security.audit.service.context.error");
                                auditService.processAuditFailure("security.audit.service.context.error", null);
                            }
                        }
                        if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", "DENIED")) {
                            contextHandler.buildContextObject("SESSION_CONTEXT", AuditUtils.buildSessionData(httpServletRequest));
                            contextHandler.buildContextObject("ACCESS_CONTEXT", buildAccessDataFromHttpRequest(httpServletRequest, "webAuth", authenticatedPrincipal, authenticatedPrincipal, "denied", "web", new Long(0L), null, null, null, null));
                            contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str2, strArr, new Date(), new Long(0L).longValue()));
                            contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                            contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), str));
                            contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(activeUserRegistry)));
                            contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
                            contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData(interceptor.getName(), "providerSuccess"));
                            this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.UNSUCCESSFUL, new Integer(-1), new Integer(-1), "DENIED", 25L);
                            try {
                                auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
                            } catch (ProviderFailureException e4) {
                                Tr.error(tc, "security.audit.service.sendevent.error", new Object[]{e4});
                                auditService.processAuditFailure("security.audit.service.sendevent.error", e4);
                            }
                        }
                        if (tc.isEntryEnabled()) {
                            Tr.exit(tc, "Exiting with user_mapping_failed.");
                        }
                        AuthenticationResult authenticationResult4 = new AuthenticationResult(7, "User mapping failed");
                        if (StatsFactory.isPMIEnabled()) {
                            this.authModule.onTAITime(System.currentTimeMillis() - j);
                        }
                        return authenticationResult4;
                    }
                }
                if (subject2 == null) {
                    subject2 = ContextManagerFactory.getInstance().login(str, authenticatedPrincipal, authMech, httpServletRequest, httpServletResponse, hashMap, subject);
                }
                if (auditService != null) {
                    contextHandler = ((AuditServiceImpl) auditService).getContextHandler();
                    if (contextHandler == null) {
                        Tr.error(tc, "security.audit.service.context.error");
                        auditService.processAuditFailure("security.audit.service.context.error", null);
                    }
                }
                if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", "SUCCESS")) {
                    String str3 = null;
                    if (subject2 != null) {
                        str3 = ((Principal) subject2.getPrincipals().toArray()[0]).getName();
                    }
                    contextHandler.buildContextObject("SESSION_CONTEXT", AuditUtils.buildSessionData(httpServletRequest));
                    contextHandler.buildContextObject("ACCESS_CONTEXT", buildAccessDataFromHttpRequest(httpServletRequest, "webAuth", str3, str3, "authnSuccess", "web", new Long(0L), null, null, null, null));
                    contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str2, strArr, new Date(), new Long(0L).longValue()));
                    contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                    contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), str));
                    contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(activeUserRegistry)));
                    contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
                    contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData(interceptor.getName(), "providerSuccess"));
                    this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.SUCCESSFUL, new Integer(0), new Integer(0), "SUCCESS", 5L);
                    try {
                        auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
                    } catch (ProviderFailureException e5) {
                        Tr.error(tc, "security.audit.service.sendevent.error", new Object[]{e5});
                        auditService.processAuditFailure("security.audit.service.sendevent.error", e5);
                    }
                }
                WebCollaborator.setPrivateAttributes(httpServletRequest, "AUTH_TYPE", webAttributes.getChallengeType());
                if (tc.isEntryEnabled()) {
                    Tr.debug(tc, "Mapped credential for TrustAssociation was validated successfully.");
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "handleTrustAssociation: OK");
                }
                AuthenticationResult authenticationResult5 = new AuthenticationResult(1, subject2);
                if (StatsFactory.isPMIEnabled()) {
                    this.authModule.onTAITime(System.currentTimeMillis() - j);
                }
                return authenticationResult5;
            } catch (WebTrustAssociationFailedException e6) {
                FFDCFilter.processException(e6, "com.ibm.ws.security.web.WebAuthenticator.handleTrustAssociation", "514", this);
                Tr.error(tc, "security.web.ta.validationfailed", new Object[]{e6});
                if (auditService != null) {
                    contextHandler = ((AuditServiceImpl) auditService).getContextHandler();
                    if (contextHandler == null) {
                        Tr.error(tc, "security.audit.service.context.error");
                        auditService.processAuditFailure("security.audit.service.context.error", null);
                    }
                }
                if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", "DENIED")) {
                    contextHandler.buildContextObject("SESSION_CONTEXT", AuditUtils.buildSessionData(httpServletRequest));
                    contextHandler.buildContextObject("ACCESS_CONTEXT", buildAccessDataFromHttpRequest(httpServletRequest, "webAuth", null, null, "authnRedirect", "web", new Long(0L), null, null, null, null));
                    contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str2, strArr, new Date(), new Long(0L).longValue()));
                    contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                    contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), str));
                    contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(activeUserRegistry)));
                    contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
                    contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData(interceptor.getName(), "providerSuccess"));
                    this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.UNSUCCESSFUL, new Integer(-1), new Integer(-1), "DENIED", 24L);
                    try {
                        auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
                    } catch (ProviderFailureException e7) {
                        Tr.error(tc, "security.audit.service.sendevent.error", new Object[]{e7});
                        auditService.processAuditFailure("security.audit.service.sendevent.error", e7);
                    }
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "exiting with Exception: " + e6.getMessage());
                }
                AuthenticationResult authenticationResult6 = new AuthenticationResult(2, e6.getMessage());
                if (StatsFactory.isPMIEnabled()) {
                    this.authModule.onTAITime(System.currentTimeMillis() - j);
                }
                return authenticationResult6;
            } catch (WebTrustAssociationUserException e8) {
                FFDCFilter.processException(e8, "com.ibm.ws.security.web.WebAuthenticator.handleTrustAssociation", "582", this);
                Tr.error(tc, "security.web.ta.userex");
                if (auditService != null) {
                    contextHandler = ((AuditServiceImpl) auditService).getContextHandler();
                    if (contextHandler == null) {
                        Tr.error(tc, "security.audit.service.context.error");
                        auditService.processAuditFailure("security.audit.service.context.error", null);
                    }
                }
                if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", "FAILURE")) {
                    contextHandler.buildContextObject("SESSION_CONTEXT", AuditUtils.buildSessionData(httpServletRequest));
                    contextHandler.buildContextObject("ACCESS_CONTEXT", buildAccessDataFromHttpRequest(httpServletRequest, "webAuth", null, null, "authnFailure", "web", new Long(0L), null, null, null, null));
                    contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str2, strArr, new Date(), new Long(0L).longValue()));
                    contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                    contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), str));
                    contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(activeUserRegistry)));
                    contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
                    contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData(interceptor.getName(), "failure"));
                    this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.UNSUCCESSFUL, new Integer(-1), new Integer(-1), "FAILURE", 26L);
                    try {
                        auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
                    } catch (ProviderFailureException e9) {
                        Tr.error(tc, "security.audit.service.sendevent.error", new Object[]{e9});
                        auditService.processAuditFailure("security.audit.service.sendevent.error", e9);
                    }
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "exiting with Exception: " + e8.getMessage());
                }
                AuthenticationResult authenticationResult7 = new AuthenticationResult(2, e8.getMessage());
                if (StatsFactory.isPMIEnabled()) {
                    this.authModule.onTAITime(System.currentTimeMillis() - j);
                }
                return authenticationResult7;
            } catch (Exception e10) {
                FFDCFilter.processException(e10, "com.ibm.ws.security.web.WebAuthenticator.handleTrustAssociation", "648", this);
                Tr.error(tc, "security.web.ta.genexc", new Object[]{e10});
                if (auditService != null) {
                    contextHandler = ((AuditServiceImpl) auditService).getContextHandler();
                    if (contextHandler == null) {
                        Tr.error(tc, "security.audit.service.context.error");
                        auditService.processAuditFailure("security.audit.service.context.error", null);
                    }
                }
                if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", "FAILURE")) {
                    contextHandler.buildContextObject("SESSION_CONTEXT", AuditUtils.buildSessionData(httpServletRequest));
                    contextHandler.buildContextObject("ACCESS_CONTEXT", buildAccessDataFromHttpRequest(httpServletRequest, "webAuth", null, null, "authnFailure", "web", new Long(0L), null, null, null, null));
                    contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str2, strArr, new Date(), new Long(0L).longValue()));
                    contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                    contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), str));
                    contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(activeUserRegistry)));
                    contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
                    contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData(interceptor.getName(), "providerSuccess"));
                    this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.UNSUCCESSFUL, new Integer(-1), new Integer(-1), "FAILURE", 26L);
                    try {
                        auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
                    } catch (ProviderFailureException e11) {
                        Tr.error(tc, "security.audit.service.sendevent.error", new Object[]{e11});
                        auditService.processAuditFailure("security.audit.service.sendevent.error", e11);
                    }
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "exiting with Exception: " + e10.getMessage());
                }
                AuthenticationResult authenticationResult8 = new AuthenticationResult(2, e10.getMessage());
                if (StatsFactory.isPMIEnabled()) {
                    this.authModule.onTAITime(System.currentTimeMillis() - j);
                }
                return authenticationResult8;
            }
        } catch (Throwable th) {
            if (StatsFactory.isPMIEnabled()) {
                this.authModule.onTAITime(System.currentTimeMillis() - j);
            }
            throw th;
        }
    }

    AuthenticationResult handleSSO(WebAttributes webAttributes, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String preferredLTPACookieName = webAttributes.getPreferredLTPACookieName();
        String lTPACookieName = webAttributes.getLTPACookieName();
        Cookie[] cookies = httpServletRequest.getCookies();
        AuthenticationResult authenticationResult = null;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "handleSSO");
        }
        boolean booleanValue = Boolean.valueOf(SecurityObjectLocator.getSecurityConfig().getPropertyBool(SecurityConfig.WEB_LOGOUT_ON_HTTP_SESSION_EXPIRE)).booleanValue();
        String challengeType = webAttributes.getChallengeType();
        if (booleanValue && httpServletRequest.getRequestedSessionId() != null && !httpServletRequest.isRequestedSessionIdValid() && challengeType.equalsIgnoreCase("FORM")) {
            WebAttributes.createLogoutCookiesStatic(httpServletRequest, httpServletResponse);
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "handleSSO:HTTPSession expired, logging out.");
            return null;
        }
        if (cookies == null) {
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "handleSSO: no cookies present in the request.");
            return null;
        }
        boolean z = false;
        boolean z2 = false;
        boolean z3 = false;
        boolean z4 = false;
        boolean z5 = false;
        boolean z6 = false;
        for (int i = 0; i < cookies.length; i++) {
            if ("RSAToken".equalsIgnoreCase(cookies[i].getName())) {
                z = true;
            }
            if (this.krb5CookieName.equalsIgnoreCase(cookies[i].getName())) {
                z2 = true;
            }
            if (preferredLTPACookieName.equalsIgnoreCase(cookies[i].getName())) {
                z3 = true;
            }
            if (lTPACookieName.equalsIgnoreCase(cookies[i].getName())) {
                z4 = true;
            }
            if ("LtpaToken".equals(cookies[i].getName())) {
                z5 = true;
            }
            if ("LtpaToken2".equals(cookies[i].getName())) {
                z6 = true;
            }
        }
        if (z) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Attempting rsa cookie validation for: RSAToken");
            }
            authenticationResult = validateCookie(cookies, "RSAToken", webAttributes, httpServletRequest, httpServletResponse);
        } else if (z2) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Attempting krb5 cookie validation for: " + this.krb5CookieName);
            }
            authenticationResult = validateCookie(cookies, this.krb5CookieName, webAttributes, httpServletRequest, httpServletResponse);
        } else if (z3) {
            foundCookie = true;
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Attempting primary cookie validation for: " + preferredLTPACookieName);
            }
            authenticationResult = validateCookie(cookies, preferredLTPACookieName, webAttributes, httpServletRequest, httpServletResponse);
        } else if (z4) {
            foundCookie = true;
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Attempting secondary cookie validation for: " + lTPACookieName);
            }
            authenticationResult = validateCookie(cookies, lTPACookieName, webAttributes, httpServletRequest, httpServletResponse);
        } else if (z5) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Attempting default cookie validation for: LtpaToken");
            }
            authenticationResult = validateCookie(cookies, "LtpaToken", webAttributes, httpServletRequest, httpServletResponse);
        } else if (z6) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Attempting default2 cookie validation for: LtpaToken2");
            }
            authenticationResult = validateCookie(cookies, "LtpaToken2", webAttributes, httpServletRequest, httpServletResponse);
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Could not find LTPA cookie(s) in request.");
        }
        if (authenticationResult != null) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "handleSSO: found cookie");
            }
            return authenticationResult;
        }
        if (!tc.isEntryEnabled()) {
            return null;
        }
        Tr.exit(tc, "handleSSO: (null)");
        return null;
    }

    AuthenticationResult handleSSOCookie(WebAttributes webAttributes, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "handleSSOCookie " + str);
        }
        AuthenticationResult authenticationResult = null;
        boolean booleanValue = Boolean.valueOf(SecurityObjectLocator.getSecurityConfig().getPropertyBool(SecurityConfig.WEB_LOGOUT_ON_HTTP_SESSION_EXPIRE)).booleanValue();
        String challengeType = webAttributes.getChallengeType();
        if (booleanValue && httpServletRequest.getRequestedSessionId() != null && !httpServletRequest.isRequestedSessionIdValid() && challengeType.equalsIgnoreCase("FORM")) {
            WebAttributes.createLogoutCookiesStatic(httpServletRequest, httpServletResponse);
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "handleSSOCookie HTTPSession expired, logging out.");
            return null;
        }
        boolean z = false;
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies != null) {
            int i = 0;
            while (true) {
                if (i >= cookies.length) {
                    break;
                }
                if (str.equalsIgnoreCase(cookies[i].getName())) {
                    z = true;
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "handleSSOCookie found cookie " + str);
                    }
                    authenticationResult = validateCookie(cookies, str, webAttributes, httpServletRequest, httpServletResponse);
                } else {
                    i++;
                }
            }
        }
        if (!z && tc.isDebugEnabled()) {
            Tr.debug(tc, "handleSSOCookie could not find cookie " + str);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "handleSSOCookie", authenticationResult);
        }
        return authenticationResult;
    }

    private AuthenticationResult validateCookie(Cookie[] cookieArr, String str, WebAttributes webAttributes, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "validateCookie", new Object[]{cookieArr, str});
        }
        ContextHandler contextHandler = null;
        AuthenticationResult authenticationResult = null;
        String[] cookieValues = CookieHelper.getCookieValues(cookieArr, str);
        String str2 = null;
        String[] strArr = null;
        if (auditService != null) {
            str2 = auditService.getLastTrailId();
            strArr = auditService.getEventTrailIds();
        }
        if (cookieValues == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "validateCookie no cookie values found");
            }
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "validateCookie null");
            return null;
        }
        String str3 = null;
        for (int i = 0; i < cookieValues.length; i++) {
            str3 = cookieValues[i];
            if (str3.length() > 0) {
                try {
                    byte[] bArr = (byte[]) cookieStringCache.get(str3);
                    if (bArr == null) {
                        bArr = StringUtil.getBytes(Base64Coder.base64Decode(str3));
                        synchronized (cookieStringCache) {
                            if (cookieStringCache.size() > MAX_COOKIE_STRING_ENTRIES) {
                                cookieStringCache.clear();
                            }
                            if (bArr != null) {
                                cookieStringCache.put(str3, bArr);
                            }
                        }
                    }
                    if (str.equals("RSAToken")) {
                        authenticationResult = new AuthenticationResult(1, RSAPropagationManager.getInstance().validateRSAPropagationToken(bArr));
                    } else if (str.equals(this.krb5CookieName)) {
                        if (tc.isEntryEnabled()) {
                            Tr.debug(tc, "validate KRB5Token");
                        }
                        authenticationResult = validate(default_realm, bArr, webAttributes, httpServletRequest, httpServletResponse, this.krb5CookieName);
                    } else {
                        authenticationResult = validate(default_realm, bArr, webAttributes, httpServletRequest, httpServletResponse);
                    }
                    if (authenticationResult.getStatus() == 1) {
                        break;
                    }
                } catch (Exception e) {
                    if (tc.isEntryEnabled()) {
                        Tr.debug(tc, "Exception validating SSO token: ", new Object[]{e});
                    }
                    FFDCFilter.processException(e, "com.ibm.ws.security.web.WebAuthenticator.handleSSO", "1268", this);
                    authenticationResult = AUTHN_FAILED_RESULT;
                    if (auditService != null) {
                        contextHandler = ((AuditServiceImpl) auditService).getContextHandler();
                        if (contextHandler == null) {
                            Tr.error(tc, "security.audit.service.context.error");
                            auditService.processAuditFailure("security.audit.service.context.error", null);
                        }
                    }
                    if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", "DENIED")) {
                        contextHandler.buildContextObject("SESSION_CONTEXT", AuditUtils.buildSessionData(httpServletRequest));
                        contextHandler.buildContextObject("ACCESS_CONTEXT", buildAccessDataFromHttpRequest(httpServletRequest, "webAuth", null, null, "denied", "web", new Long(0L), null, null, null, null));
                        contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str2, strArr, new Date(), new Long(0L).longValue()));
                        contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                        contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), default_realm));
                        contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(activeUserRegistry)));
                        contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
                        contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData("WebSphere", "providerSuccess"));
                        this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.UNSUCCESSFUL, new Integer(-1), new Integer(-1), "DENIED", 27L);
                        try {
                            auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
                        } catch (ProviderFailureException e2) {
                            Tr.error(tc, "security.audit.service.sendevent.error", new Object[]{e2});
                            auditService.processAuditFailure("security.audit.service.sendevent.error", e2);
                        }
                    }
                }
            }
        }
        if (authenticationResult == null || authenticationResult.getStatus() != 1) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "validateCookie result not SUCCESS", authenticationResult != null ? Integer.valueOf(authenticationResult.getStatus()) : null);
            }
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "validateCookie null");
            return null;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "validateCookie the LTPA token was valid.");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "validateCookie successful ltpa token validation of " + str3, authenticationResult);
        }
        WebCollaborator.setPrivateAttributes(httpServletRequest, "AUTH_TYPE", webAttributes.getChallengeType());
        return authenticationResult;
    }

    AuthenticationResult handleCustomLogin(WebAttributes webAttributes, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z) {
        return handleCustomLogin(webAttributes, httpServletRequest, httpServletResponse, z, SecurityObjectLocator.getSecurityConfig());
    }

    AuthenticationResult handleCustomLogin(WebAttributes webAttributes, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z, SecurityConfig securityConfig) {
        ContextHandler contextHandler = null;
        String str = default_realm;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "handleCustomLogin");
        }
        if (tc.isEntryEnabled()) {
            Tr.debug(tc, "Form based login is configured for the resource");
        }
        String loginURL = getLoginURL(httpServletRequest, webAttributes);
        String type = securityConfig.getActiveAuthMechanism().getType();
        String str2 = null;
        String[] strArr = null;
        if (auditService != null) {
            str2 = auditService.getLastTrailId();
            strArr = auditService.getEventTrailIds();
        }
        IHttpSession iHttpSession = null;
        FormLoginInfo formLoginInfo = null;
        if (type.equals(AuthMechanismConfig.TYPE_SWAM)) {
            iHttpSession = httpServletRequest.getSession(true);
            formLoginInfo = (FormLoginInfo) iHttpSession.getSecurityInfo();
            if (formLoginInfo != null) {
                if (tc.isEntryEnabled()) {
                    Tr.debug(tc, "Form based login: Using HTTP Sessions");
                }
                String username = formLoginInfo.getUsername();
                String password = formLoginInfo.getPassword();
                if (username != null && password != null) {
                    if (tc.isEntryEnabled()) {
                        Tr.debug(tc, "Form based login: Userid/password present in the session");
                    }
                    AuthenticationResult basicAuthenticate = basicAuthenticate(str, username, password, webAttributes, httpServletRequest, httpServletResponse);
                    int status = basicAuthenticate.getStatus();
                    if (status == 2) {
                        basicAuthenticate = new AuthenticationResult(4, getReLoginURL(httpServletRequest, webAttributes));
                        if (auditService != null) {
                            contextHandler = ((AuditServiceImpl) auditService).getContextHandler();
                            if (contextHandler == null) {
                                Tr.error(tc, "security.audit.service.context.error");
                                auditService.processAuditFailure("security.audit.service.context.error", null);
                            }
                        }
                        if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", AuditOutcome.S_REDIRECT)) {
                            contextHandler.buildContextObject("SESSION_CONTEXT", AuditUtils.buildSessionData(httpServletRequest));
                            contextHandler.buildContextObject("ACCESS_CONTEXT", buildAccessDataFromHttpRequest(httpServletRequest, "webAuth", username, username, "authnRedirect", "web", new Long(0L), null, null, null, null));
                            contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str2, strArr, new Date(), new Long(0L).longValue()));
                            contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                            contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), str));
                            contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(activeUserRegistry)));
                            contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
                            contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData("WebSphere", "providerSuccess"));
                            this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.UNSUCCESSFUL, new Integer(-1), new Integer(-1), AuditOutcome.S_REDIRECT, 28L);
                            try {
                                auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
                            } catch (ProviderFailureException e) {
                                Tr.error(tc, "security.audit.service.sendevent.error", new Object[]{e});
                                auditService.processAuditFailure("security.audit.service.sendevent.error", e);
                            }
                        }
                    } else {
                        iHttpSession.removeAttribute("WASReqURL");
                    }
                    WebCollaborator.setPrivateAttributes(httpServletRequest, "AUTH_TYPE", "FORM");
                    if (status != 2) {
                        restorePostParams(webAttributes, httpServletRequest, httpServletResponse);
                    }
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "handleCustomLogin");
                    }
                    return basicAuthenticate;
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.debug(tc, "Form based login: No HTTP Session");
            }
        } else {
            AuthenticationResult handleSSO = handleSSO(webAttributes, httpServletRequest, httpServletResponse);
            if (handleSSO != null) {
                if (handleSSO.getStatus() != 2) {
                    restorePostParams(webAttributes, httpServletRequest, httpServletResponse);
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "handleCustomLogin");
                }
                return handleSSO;
            }
            if (tc.isEntryEnabled()) {
                Tr.debug(tc, "Form based login: No or Bad ltpa cookie ");
            }
        }
        if (z) {
            return handleRedirect(webAttributes, httpServletRequest, httpServletResponse, null, str, loginURL, securityConfig, type, str2, strArr, iHttpSession, formLoginInfo);
        }
        if (!tc.isEntryEnabled()) {
            return null;
        }
        Tr.exit(tc, "handleCustomLogin", "enableRedirect is false. Returing with NULL");
        return null;
    }

    AuthenticationResult handleRedirect(WebAttributes webAttributes, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, ContextHandler contextHandler, String str, String str2, SecurityConfig securityConfig, String str3, String str4, String[] strArr, HttpSession httpSession, FormLoginInfo formLoginInfo) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "handleRedirect", new Object[]{webAttributes, httpServletRequest, httpServletResponse, contextHandler, str, str2, securityConfig, str3, str4, strArr, httpSession, formLoginInfo});
        }
        StringBuffer requestURL = httpServletRequest.getRequestURL();
        if (httpServletRequest.getQueryString() != null) {
            requestURL.append(IWebToolingConstants.HTTP_PARAMETER_SEPARATOR);
            requestURL.append(httpServletRequest.getQueryString());
        }
        String stringBuffer = requestURL.toString();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "handleRedirect form based login: Stored original request : " + stringBuffer);
        }
        AuthenticationResult authenticationResult = new AuthenticationResult(4, str2);
        savePostParams(webAttributes, httpServletRequest, authenticationResult);
        if (auditService != null) {
            contextHandler = ((AuditServiceImpl) auditService).getContextHandler();
            if (contextHandler == null) {
                Tr.error(tc, "security.audit.service.context.error");
                auditService.processAuditFailure("security.audit.service.context.error", null);
            }
        }
        if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", AuditOutcome.S_REDIRECT)) {
            contextHandler.buildContextObject("SESSION_CONTEXT", AuditUtils.buildSessionData(httpServletRequest));
            contextHandler.buildContextObject("ACCESS_CONTEXT", buildAccessDataFromHttpRequest(httpServletRequest, "webAuth", null, null, "authnRedirect", "web", new Long(0L), null, null, null, null));
            contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str4, strArr, new Date(), new Long(0L).longValue()));
            contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
            contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), str));
            contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(activeUserRegistry)));
            contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
            contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData("WebSphere", "providerSuccess"));
            this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.SUCCESSFUL, new Integer(0), new Integer(0), AuditOutcome.S_REDIRECT, 29L);
            try {
                auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
            } catch (ProviderFailureException e) {
                Tr.error(tc, "security.audit.service.sendevent.error", new Object[]{e});
                auditService.processAuditFailure("security.audit.service.sendevent.error", e);
            }
        }
        if (str3.equals(AuthMechanismConfig.TYPE_SWAM)) {
            if (formLoginInfo == null) {
                formLoginInfo = new FormLoginInfo();
            }
            formLoginInfo.setRefererURL(stringBuffer);
            ((IHttpSession) httpSession).putSecurityInfo(formLoginInfo);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "handleRedirect form based login: Referer URL set  in session " + stringBuffer);
            }
        } else {
            this.referrerURLHandler.setReferrerURLCookie(httpServletRequest, authenticationResult, stringBuffer, securityConfig);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "handleRedirect", "Redirecting to a login form" + str2);
        }
        return authenticationResult;
    }

    private void savePostParams(WebAttributes webAttributes, HttpServletRequest httpServletRequest, AuthenticationResult authenticationResult) {
        String requestURI = httpServletRequest.getRequestURI();
        String method = httpServletRequest.getMethod();
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "savePostParams");
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, " method : " + method + " URL:" + requestURI);
        }
        if (!(httpServletRequest instanceof SRTServletRequest)) {
            Tr.exit(tc, "savePostParams-No SRTServletRequest");
            return;
        }
        SRTServletRequest sRTServletRequest = (SRTServletRequest) httpServletRequest;
        try {
            if (method.equalsIgnoreCase("post")) {
                SecurityObjectLocator.getSecurityConfig();
                int postParamSaveMethod = getPostParamSaveMethod();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "prop:" + postParamSaveMethod);
                }
                if (postParamSaveMethod == 0) {
                    String serializePostParam = serializePostParam(sRTServletRequest, requestURI);
                    if (serializePostParam != null) {
                        Cookie cookie = new Cookie(POSTPARAM_COOKIE, serializePostParam);
                        cookie.setMaxAge(-1);
                        cookie.setPath(requestURI);
                        cookie.setSecure(webAttributes.isSecureSSO());
                        authenticationResult.setCookie(cookie);
                    }
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "encoded POST parameters: " + serializePostParam);
                    }
                } else if (postParamSaveMethod == 1) {
                    HashMap inputStreamData = sRTServletRequest.getInputStreamData();
                    HttpSession session = httpServletRequest.getSession(true);
                    if (session != null && httpServletRequest.getParameterNames() != null) {
                        session.setAttribute(INITIAL_URL, requestURI);
                        session.setAttribute(PARAM_NAMES, null);
                        session.setAttribute(PARAM_VALUES, inputStreamData);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "URL saved : " + requestURI.toString());
                        }
                    }
                }
            }
        } catch (IOException e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "IO Exception storing POST parameters onto a cookie: ", new Object[]{e});
            }
            FFDCFilter.processException(e, "com.ibm.ws.security.web.WebAuthenticator.savePostParams", "1770", this);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "savePostParams");
        }
    }

    void restorePostParams(WebAttributes webAttributes, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        HttpSession session;
        String requestURI = httpServletRequest.getRequestURI();
        String method = httpServletRequest.getMethod();
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "restorePostParams");
        }
        if (!(httpServletRequest instanceof SRTServletRequest)) {
            Tr.exit(tc, "restorePostParams-No SRTServletRequest");
            return;
        }
        SRTServletRequest sRTServletRequest = (SRTServletRequest) httpServletRequest;
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, " method : " + method + " URL:" + requestURI);
        }
        if (method.equalsIgnoreCase("get")) {
            SecurityObjectLocator.getSecurityConfig();
            int postParamSaveMethod = getPostParamSaveMethod();
            if (postParamSaveMethod == 0) {
                byte[] cookieValueAsBytes = sRTServletRequest.getCookieValueAsBytes(POSTPARAM_COOKIE);
                if (cookieValueAsBytes != null && cookieValueAsBytes.length > 2) {
                    try {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Found the cookie, restoring POST parameters: " + new String(cookieValueAsBytes));
                        }
                        sRTServletRequest.setInputStreamData(deserializePostParam(sRTServletRequest, cookieValueAsBytes, requestURI));
                        sRTServletRequest.setMethod("POST");
                        Tr.debug(tc, "restored POST paramameters");
                    } catch (Exception e) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Exception restoring POST parameters from the cookie: ", new Object[]{e});
                        }
                        FFDCFilter.processException(e, "com.ibm.ws.security.web.WebAuthenticator.restorePostParams", "1826", this);
                    }
                    Cookie cookie = new Cookie(POSTPARAM_COOKIE, "");
                    cookie.setPath(requestURI);
                    cookie.setMaxAge(0);
                    cookie.setSecure(webAttributes.isSecureSSO());
                    ArrayList arrayList = new ArrayList();
                    arrayList.add(cookie);
                    WebAttributes.addCookiesToResponse(arrayList, httpServletResponse);
                }
            } else if (postParamSaveMethod == 1 && (session = httpServletRequest.getSession(false)) != null) {
                String str = (String) session.getAttribute(INITIAL_URL);
                if (str != null && str.equals(requestURI)) {
                    try {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Found the session, restoring POST parameters.");
                        }
                        sRTServletRequest.setMethod("POST");
                        Map map = (Map) session.getAttribute(PARAM_VALUES);
                        if (map != null) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Restoring POST paramameters for URL : " + requestURI);
                            }
                            sRTServletRequest.setInputStreamData((HashMap) map);
                        } else if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "No parameters to restore for URL : " + requestURI);
                        }
                    } catch (IOException e2) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "IOException restoring POST parameters onto a cookie: ", new Object[]{e2});
                        }
                        FFDCFilter.processException(e2, "com.ibm.ws.security.web.WebAuthenticator.savePostParams", "1862", this);
                    }
                } else if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Parameters NOT restored. Original URL : " + str + " req. URL : " + requestURI);
                }
                session.setAttribute(INITIAL_URL, null);
                session.setAttribute(PARAM_NAMES, null);
                session.setAttribute(PARAM_VALUES, null);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "restorePostParams");
        }
    }

    private AuthenticationResult handleCertificates(WebAttributes webAttributes, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "handleCertificates");
        }
        if (tc.isEntryEnabled()) {
            Tr.debug(tc, "Challenge type used is CERT.");
        }
        ContextHandler contextHandler = null;
        String str = "CLIENT_CERT";
        AuthenticationResult authenticationResult = null;
        String str2 = default_realm;
        SecurityConfig securityConfig = SecurityObjectLocator.getSecurityConfig();
        securityConfig.getActiveAuthMechanism().getType();
        Boolean valueOf = Boolean.valueOf(securityConfig.getActiveAuthMechanism().getBoolean(AuthMechanismConfig.FORWARDABLE_CRED));
        String str3 = null;
        String[] strArr = null;
        if (auditService != null) {
            str3 = auditService.getLastTrailId();
            strArr = auditService.getEventTrailIds();
        }
        try {
            X509Certificate[] x509CertificateArr = (X509Certificate[]) httpServletRequest.getAttribute("javax.net.ssl.peer_certificates");
            if (x509CertificateArr == null) {
                if (!webAttributes.isDefaultToBasic()) {
                    if (tc.isEntryEnabled()) {
                        Tr.debug(tc, "No certificate provided and default to basic is false.");
                    }
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "handleCertificates");
                    }
                    return new AuthenticationResult(2, "No Client Certificate Available", (Cookie) null);
                }
                if (tc.isEntryEnabled()) {
                    Tr.debug(tc, "No certificate was provided but defaulting to BASIC.");
                }
                str = "BASIC";
            }
            if (!str.equalsIgnoreCase("BASIC")) {
                x509CertificateArr[0].getEncoded();
                if (tc.isEntryEnabled()) {
                    Tr.debug(tc, "Map credential for this certificate.");
                }
                String webAppName = webAttributes.getWebAppName();
                String string = SecurityObjectLocator.getSecurityConfig().getActiveUserRegistry().getString("realm");
                try {
                    HashMap hashMap = new HashMap(4);
                    hashMap.put(Constants.WEB_APP_NAME, webAppName);
                    hashMap.put(Constants.REDIRECT_URL, null);
                    setDomainContext(webAttributes, hashMap);
                    String str4 = "system.WEB_INBOUND";
                    if (valueOf != null && !valueOf.booleanValue()) {
                        str4 = "system.SWAM";
                    }
                    Subject login = ContextManagerFactory.getInstance().login(string, x509CertificateArr, str4, httpServletRequest, httpServletResponse, hashMap);
                    if (login != null) {
                        authenticationResult = new AuthenticationResult(1, login);
                        if (auditService != null) {
                            contextHandler = ((AuditServiceImpl) auditService).getContextHandler();
                            if (contextHandler == null) {
                                Tr.error(tc, "security.audit.service.context.error");
                                auditService.processAuditFailure("security.audit.service.context.error", null);
                            }
                        }
                        if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", "SUCCESS")) {
                            String name = login != null ? ((Principal) login.getPrincipals().toArray()[0]).getName() : null;
                            contextHandler.buildContextObject("SESSION_CONTEXT", AuditUtils.buildSessionData(httpServletRequest));
                            contextHandler.buildContextObject("ACCESS_CONTEXT", buildAccessDataFromHttpRequest(httpServletRequest, "webAuth", name, x509CertificateArr[0].getIssuerDN().getName(), "authnSuccess", "web", new Long(0L), null, null, null, null));
                            contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str3, strArr, new Date(), new Long(0L).longValue()));
                            contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                            contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), string));
                            contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(activeUserRegistry)));
                            contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
                            contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData("WebSphere", "providerSuccess"));
                            this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.SUCCESSFUL, new Integer(0), new Integer(0), "SUCCESS", 5L);
                            try {
                                auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
                            } catch (ProviderFailureException e) {
                                Tr.error(tc, "security.audit.service.sendevent.error", new Object[]{e});
                                auditService.processAuditFailure("security.audit.service.sendevent.error", e);
                            }
                        }
                    } else {
                        authenticationResult = AUTHN_FAILED_RESULT;
                        if (auditService != null) {
                            contextHandler = ((AuditServiceImpl) auditService).getContextHandler();
                            if (contextHandler == null) {
                                Tr.error(tc, "security.audit.service.context.error");
                                auditService.processAuditFailure("security.audit.service.context.error", null);
                            }
                        }
                        if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", "DENIED")) {
                            contextHandler.buildContextObject("SESSION_CONTEXT", AuditUtils.buildSessionData(httpServletRequest));
                            contextHandler.buildContextObject("ACCESS_CONTEXT", buildAccessDataFromHttpRequest(httpServletRequest, "webAuth", null, x509CertificateArr[0].getIssuerDN().getName(), "denied", "web", new Long(0L), null, null, null, null));
                            contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str3, strArr, new Date(), new Long(0L).longValue()));
                            contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                            contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), string));
                            contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(activeUserRegistry)));
                            contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
                            contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData("WebSphere", "providerSuccess"));
                            this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.UNSUCCESSFUL, new Integer(-1), new Integer(-1), "DENIED", 15L);
                            try {
                                auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
                            } catch (ProviderFailureException e2) {
                                Tr.error(tc, "security.audit.service.sendevent.error", new Object[]{e2});
                                auditService.processAuditFailure("security.audit.service.sendevent.error", e2);
                            }
                        }
                    }
                    authenticationResult.clearCookieList();
                    if (tc.isEntryEnabled()) {
                        Tr.debug(tc, "Storing certificates in the credential");
                    }
                    ArrayList arrayList = new ArrayList(x509CertificateArr.length);
                    for (X509Certificate x509Certificate : x509CertificateArr) {
                        arrayList.add(x509Certificate);
                    }
                    CertPath generateCertPath = CertificateFactory.getInstance("X.509").generateCertPath(arrayList);
                    WSCredential wSCredential = (WSCredential) authenticationResult.getSubject().getPublicCredentials(WSCredential.class).iterator().next();
                    if (wSCredential != null) {
                        wSCredential.set("wssecurity.setAttributForIdentityAssertion", generateCertPath);
                    }
                } catch (Exception e3) {
                    FFDCFilter.processException(e3, "com.ibm.ws.security.web.WebAuthenticator.handleCertificates", "2031", this);
                    if (tc.isEntryEnabled()) {
                        Tr.debug(tc, "Credential Mapping for Certificate failed.");
                    }
                    authenticationResult = AUTHN_FAILED_RESULT;
                    if (auditService != null) {
                        contextHandler = ((AuditServiceImpl) auditService).getContextHandler();
                        if (contextHandler == null) {
                            Tr.error(tc, "security.audit.service.context.error");
                            auditService.processAuditFailure("security.audit.service.context.error", null);
                        }
                    }
                    if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", "DENIED")) {
                        contextHandler.buildContextObject("SESSION_CONTEXT", AuditUtils.buildSessionData(httpServletRequest));
                        contextHandler.buildContextObject("ACCESS_CONTEXT", buildAccessDataFromHttpRequest(httpServletRequest, "webAuth", null, null, "denied", "web", new Long(0L), null, null, null, null));
                        contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str3, strArr, new Date(), new Long(0L).longValue()));
                        contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                        contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), string));
                        contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(activeUserRegistry)));
                        contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
                        contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData("WebSphere", "providerSuccess"));
                        this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.UNSUCCESSFUL, new Integer(-1), new Integer(-1), "DENIED", 15L);
                        try {
                            auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
                        } catch (ProviderFailureException e4) {
                            Tr.error(tc, "security.audit.service.sendevent.error", new Object[]{e4});
                            auditService.processAuditFailure("security.audit.service.sendevent.error", e4);
                        }
                    }
                    throw e3;
                }
            }
        } catch (Exception e5) {
            FFDCFilter.processException(e5, "com.ibm.ws.security.web.WebAuthenticator.handleCertificates", "2129", this);
            if (!webAttributes.isDefaultToBasic()) {
                if (auditService != null) {
                    contextHandler = ((AuditServiceImpl) auditService).getContextHandler();
                    if (contextHandler == null) {
                        Tr.error(tc, "security.audit.service.context.error");
                        auditService.processAuditFailure("security.audit.service.context.error", null);
                    }
                }
                if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", "DENIED")) {
                    contextHandler.buildContextObject("SESSION_CONTEXT", AuditUtils.buildSessionData(httpServletRequest));
                    contextHandler.buildContextObject("ACCESS_CONTEXT", buildAccessDataFromHttpRequest(httpServletRequest, "webAuth", null, null, "denied", "web", new Long(0L), null, null, null, null));
                    contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str3, strArr, new Date(), new Long(0L).longValue()));
                    contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                    contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), str2));
                    contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(activeUserRegistry)));
                    contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
                    contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData("WebSphere", "providerSuccess"));
                    this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.UNSUCCESSFUL, new Integer(-1), new Integer(-1), "DENIED", 15L);
                    try {
                        auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
                    } catch (ProviderFailureException e6) {
                        Tr.error(tc, "security.audit.service.sendevent.error", new Object[]{e6});
                        auditService.processAuditFailure("security.audit.service.sendevent.error", e6);
                    }
                }
                throw e5;
            }
            if (tc.isEntryEnabled()) {
                Tr.debug(tc, "Exception occurred while processing certificate: " + e5.getMessage());
                Tr.debug(tc, "Defaulting to Basic");
            }
            if (auditService != null) {
                contextHandler = ((AuditServiceImpl) auditService).getContextHandler();
                if (contextHandler == null) {
                    Tr.error(tc, "security.audit.service.context.error");
                    auditService.processAuditFailure("security.audit.service.context.error", null);
                }
            }
            if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", "DENIED")) {
                contextHandler.buildContextObject("SESSION_CONTEXT", AuditUtils.buildSessionData(httpServletRequest));
                contextHandler.buildContextObject("ACCESS_CONTEXT", buildAccessDataFromHttpRequest(httpServletRequest, "webAuth", null, null, "denied", "web", new Long(0L), null, null, null, null));
                contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str3, strArr, new Date(), new Long(0L).longValue()));
                contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), str2));
                contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(activeUserRegistry)));
                contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
                contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData("WebSphere", "providerSuccess"));
                this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.UNSUCCESSFUL, new Integer(-1), new Integer(-1), "DENIED", 15L);
                try {
                    auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
                } catch (ProviderFailureException e7) {
                    Tr.error(tc, "security.audit.service.sendevent.error", new Object[]{e7});
                    auditService.processAuditFailure("security.audit.service.sendevent.error", e7);
                }
            }
        }
        WebCollaborator.setPrivateAttributes(httpServletRequest, "AUTH_TYPE", "CLIENT_CERT");
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "handleCertificates");
        }
        return authenticationResult;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static final String getHeader(HttpServletRequest httpServletRequest, String str) {
        HttpServletRequest httpServletRequest2 = httpServletRequest;
        if (httpServletRequest2 instanceof HttpServletRequestWrapper) {
            ServletRequest request = ((HttpServletRequestWrapper) httpServletRequest2).getRequest();
            while (true) {
                httpServletRequest2 = (HttpServletRequest) request;
                if (httpServletRequest2 == null || !(httpServletRequest2 instanceof HttpServletRequestWrapper)) {
                    break;
                }
                request = ((HttpServletRequestWrapper) httpServletRequest2).getRequest();
            }
        }
        return (httpServletRequest2 == null || !(httpServletRequest2 instanceof SRTServletRequest)) ? httpServletRequest.getHeader(str) : ((SRTServletRequest) httpServletRequest2).getHeaderDirect(str);
    }

    WebAuthenticatorAuthenticationResult handleSPNEGOWeb(WebAttributes webAttributes, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z, SecurityConfig securityConfig, HashMap hashMap, WebAuthenticatorAuthenticationResult webAuthenticatorAuthenticationResult) throws Exception {
        AuthMechanismConfig authMechanism = securityConfig.getAuthMechanism(AuthMechanismConfig.TYPE_SPNEGO);
        if (authMechanism == null || !authMechanism.getBoolean(AuthMechanismConfig.SPNEGO_ENABLED)) {
            return null;
        }
        if (!z) {
            if (!tc.isDebugEnabled()) {
                return null;
            }
            Tr.debug(tc, "handleSpnegoWebAuthentication was skipped.");
            return null;
        }
        webAuthenticatorAuthenticationResult.result = handleSpnegoWebAuthentication(webAttributes, httpServletRequest, httpServletResponse, hashMap, securityConfig);
        if (webAuthenticatorAuthenticationResult.result != null && webAuthenticatorAuthenticationResult.result.getStatus() == 6) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "SPNEGO Web authentication result = CONTINUE");
            }
            webAuthenticatorAuthenticationResult.continueLogin = true;
            webAuthenticatorAuthenticationResult.result = null;
        } else if (webAuthenticatorAuthenticationResult.result == null || webAuthenticatorAuthenticationResult.result.getStatus() != 1) {
            boolean z2 = httpServletRequest.getHeader("Authorization") == null;
            boolean z3 = authMechanism.getBoolean(AuthMechanismConfig.SPNEGO_ALLOW_APP_AUTH_METHOD_FALLBACK);
            if (z2) {
                if (webAuthenticatorAuthenticationResult.result.getStatus() != 2) {
                    if (tc.isDebugEnabled()) {
                        Tr.exit(tc, "No Authorization header found, sending 401 challenge to the client");
                    }
                    webAuthenticatorAuthenticationResult.continueLogin = true;
                    webAuthenticatorAuthenticationResult.callReturn = true;
                } else if (z3) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "First request failed, allow application authentication method fallback");
                    }
                    webAuthenticatorAuthenticationResult.result = null;
                } else {
                    if (tc.isDebugEnabled()) {
                        Tr.exit(tc, "First request failed, but not allow application authentication method fallback");
                    }
                    webAuthenticatorAuthenticationResult.callReturn = true;
                }
            } else if (z3) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Second request failed, allow application authentication method fallback");
                }
                webAuthenticatorAuthenticationResult.result = null;
            } else {
                if (tc.isDebugEnabled()) {
                    Tr.exit(tc, "Second request failed, but not allow application authentication method fallback");
                }
                webAuthenticatorAuthenticationResult.callReturn = true;
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "SPNEGO Web authentication result = SUCCESS");
        }
        return webAuthenticatorAuthenticationResult;
    }

    AuthenticationResult handleSpnegoWebAuthentication(WebAttributes webAttributes, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HashMap hashMap, SecurityConfig securityConfig) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "handleSpnegoWebAuthentication");
        }
        ContextHandler contextHandler = null;
        String str = default_realm;
        Subject subject = null;
        String str2 = null;
        String[] strArr = null;
        if (auditService != null) {
            str2 = auditService.getLastTrailId();
            strArr = auditService.getEventTrailIds();
        }
        AuthMechanismConfig authMechanism = securityConfig.getAuthMechanism(AuthMechanismConfig.TYPE_SPNEGO);
        this.spnegoWeb = TrustAssociationInterceptorImpl.getInstance(securityConfig);
        this.spnegoWeb.initialize(authMechanism.getSpnegoFilterProps());
        if (!this.spnegoWeb.isTargetInterceptor(httpServletRequest)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "SPNEGO Web authentication isn't available for this request.");
            }
            return new AuthenticationResult(6, "SPNEGO Web authentication isn't available for this request.");
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "SPNEGO Web authentication - target is intercepted");
        }
        try {
            TAIResult negotiateValidateandEstablishTrust = this.spnegoWeb.negotiateValidateandEstablishTrust(httpServletRequest, httpServletResponse);
            int status = negotiateValidateandEstablishTrust.getStatus();
            if (status != 200) {
                if (auditService != null) {
                    contextHandler = ((AuditServiceImpl) auditService).getContextHandler();
                    if (contextHandler == null) {
                        Tr.error(tc, "security.audit.service.context.error");
                        auditService.processAuditFailure("security.audit.service.context.error", null);
                    }
                }
                if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", AuditOutcome.S_REDIRECT)) {
                    contextHandler.buildContextObject("SESSION_CONTEXT", AuditUtils.buildSessionData(httpServletRequest));
                    contextHandler.buildContextObject("ACCESS_CONTEXT", buildAccessDataFromHttpRequest(httpServletRequest, "webAuth", null, null, "authnRedirect", "web", new Long(0L), null, null, null, null));
                    contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str2, strArr, new Date(), new Long(0L).longValue()));
                    contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                    contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), str));
                    contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(activeUserRegistry)));
                    contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
                    contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData("SPNEGO Web authentication", "providerSuccess"));
                    this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.UNSUCCESSFUL, new Integer(-1), new Integer(-1), AuditOutcome.S_REDIRECT, 23L);
                    try {
                        auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
                    } catch (ProviderFailureException e) {
                        Tr.error(tc, "security.audit.service.sendevent.error", new Object[]{e});
                        auditService.processAuditFailure("security.audit.service.sendevent.error", e);
                    }
                }
                return new AuthenticationResult(5, "Challenge from TrustAssociation Interception: name ?", status);
            }
            Subject subject2 = negotiateValidateandEstablishTrust.getSubject();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Subject retrieved is [" + subject2 + "]");
            }
            String authenticatedPrincipal = negotiateValidateandEstablishTrust.getAuthenticatedPrincipal();
            if (tc.isEntryEnabled()) {
                Tr.debug(tc, "Username retrieved from the spnego token is [" + authenticatedPrincipal + "]");
            }
            if (0 == 0) {
                ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
                try {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "attempting login with " + authenticatedPrincipal);
                    }
                    subject = contextManagerFactory.login(str, authenticatedPrincipal, authMech, httpServletRequest, httpServletResponse, hashMap, subject2);
                } catch (WSLoginFailedException e2) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "login caught exception " + e2.toString());
                    }
                    return new AuthenticationResult(2, e2.getMessage());
                }
            }
            AuthenticationResult authenticationResult = new AuthenticationResult(1, subject);
            if (auditService != null) {
                contextHandler = ((AuditServiceImpl) auditService).getContextHandler();
                if (contextHandler == null) {
                    Tr.error(tc, "security.audit.service.context.error");
                    auditService.processAuditFailure("security.audit.service.context.error", null);
                }
            }
            if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", "SUCCESS")) {
                String str3 = null;
                if (subject != null) {
                    str3 = ((Principal) subject.getPrincipals().toArray()[0]).getName();
                }
                contextHandler.buildContextObject("SESSION_CONTEXT", AuditUtils.buildSessionData(httpServletRequest));
                contextHandler.buildContextObject("ACCESS_CONTEXT", buildAccessDataFromHttpRequest(httpServletRequest, "webAuth", str3, str3, "authnSuccess", "web", new Long(0L), null, null, null, null));
                contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str2, strArr, new Date(), new Long(0L).longValue()));
                contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), str));
                contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(activeUserRegistry)));
                contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
                contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData("SPNEGO Web authentication", "providerSuccess"));
                this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.SUCCESSFUL, new Integer(0), new Integer(0), "SUCCESS", 5L);
                try {
                    auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
                } catch (ProviderFailureException e3) {
                    Tr.error(tc, "security.audit.service.sendevent.error", new Object[]{e3});
                    auditService.processAuditFailure("security.audit.service.sendevent.error", e3);
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "handleSpnegoWebAuthentication");
            }
            return authenticationResult;
        } catch (WebTrustAssociationFailedException e4) {
            FFDCFilter.processException(e4, "com.ibm.ws.security.web.WebAuthenticator.handleTrustAssociation", "2502", this);
            Tr.error(tc, "security.web.ta.validationfailed", new Object[]{e4});
            if (auditService != null) {
                contextHandler = ((AuditServiceImpl) auditService).getContextHandler();
                if (contextHandler == null) {
                    Tr.error(tc, "security.audit.service.context.error");
                    auditService.processAuditFailure("security.audit.service.context.error", null);
                }
            }
            if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", "DENIED")) {
                contextHandler.buildContextObject("SESSION_CONTEXT", AuditUtils.buildSessionData(httpServletRequest));
                contextHandler.buildContextObject("ACCESS_CONTEXT", buildAccessDataFromHttpRequest(httpServletRequest, "webAuth", null, null, "authnRedirect", "web", new Long(0L), null, null, null, null));
                contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str2, strArr, new Date(), new Long(0L).longValue()));
                contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), str));
                contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(activeUserRegistry)));
                contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
                contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData("SPNEGO Web authentication", "providerSuccess"));
                this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.UNSUCCESSFUL, new Integer(-1), new Integer(-1), "DENIED", 24L);
                try {
                    auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
                } catch (ProviderFailureException e5) {
                    Tr.error(tc, "security.audit.service.sendevent.error", new Object[]{e5});
                    auditService.processAuditFailure("security.audit.service.sendevent.error", e5);
                }
            }
            return new AuthenticationResult(2, e4.getMessage());
        } catch (Exception e6) {
            FFDCFilter.processException(e6, "com.ibm.ws.security.web.WebAuthenticator.handleTrustAssociation", "2569", this);
            Tr.error(tc, "security.web.ta.genexc", new Object[]{e6});
            if (auditService != null) {
                contextHandler = ((AuditServiceImpl) auditService).getContextHandler();
                if (contextHandler == null) {
                    Tr.error(tc, "security.audit.service.context.error");
                    auditService.processAuditFailure("security.audit.service.context.error", null);
                }
            }
            if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", "FAILURE")) {
                contextHandler.buildContextObject("SESSION_CONTEXT", AuditUtils.buildSessionData(httpServletRequest));
                contextHandler.buildContextObject("ACCESS_CONTEXT", buildAccessDataFromHttpRequest(httpServletRequest, "webAuth", null, null, "authnFailure", "web", new Long(0L), null, null, null, null));
                contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str2, strArr, new Date(), new Long(0L).longValue()));
                contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), str));
                contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(activeUserRegistry)));
                contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
                contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData("SPNEGO Web authentication", "failure"));
                this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.UNSUCCESSFUL, new Integer(-1), new Integer(-1), "FAILURE", 26L);
                try {
                    auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
                } catch (ProviderFailureException e7) {
                    Tr.error(tc, "security.audit.service.sendevent.error", new Object[]{e7});
                    auditService.processAuditFailure("security.audit.service.sendevent.error", e7);
                }
            }
            return new AuthenticationResult(2, e6.getMessage());
        }
    }

    private AuthenticationResult handleBasicAuth(WebAttributes webAttributes, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2, boolean z) throws Exception {
        if (tc.isEntryEnabled()) {
            TraceComponent traceComponent = tc;
            Object[] objArr = new Object[5];
            objArr[0] = webAttributes;
            objArr[1] = httpServletRequest;
            objArr[2] = httpServletResponse;
            objArr[3] = str;
            objArr[4] = str2 != null ? "<not null>" : "<null>";
            Tr.entry(traceComponent, "handleBasicAuth ", objArr);
        }
        ContextHandler contextHandler = null;
        String str3 = default_realm;
        String str4 = null;
        String[] strArr = null;
        if (auditService != null) {
            str4 = auditService.getLastTrailId();
            strArr = auditService.getEventTrailIds();
        }
        if (!z) {
            if (tc.isEntryEnabled()) {
                Tr.debug(tc, "handleBasicAuth with Authorization header");
            }
            String header = httpServletRequest.getHeader("Authorization");
            if (header == null || !header.startsWith("Basic ")) {
                if (tc.isEntryEnabled()) {
                    Tr.debug(tc, "basic 401");
                }
                AuthenticationResult authenticationResult = new AuthenticationResult(3, webAttributes.getRealm(), (Cookie) null);
                if (auditService != null) {
                    contextHandler = ((AuditServiceImpl) auditService).getContextHandler();
                    if (contextHandler == null) {
                        Tr.error(tc, "security.audit.service.context.error");
                        auditService.processAuditFailure("security.audit.service.context.error", null);
                    }
                }
                if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", AuditOutcome.S_REDIRECT)) {
                    contextHandler.buildContextObject("SESSION_CONTEXT", AuditUtils.buildSessionData(httpServletRequest));
                    contextHandler.buildContextObject("ACCESS_CONTEXT", buildAccessDataFromHttpRequest(httpServletRequest, "webAuth", null, null, "authnRedirect", "web", new Long(0L), null, null, null, null));
                    contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str4, strArr, new Date(), new Long(0L).longValue()));
                    contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                    contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), str3));
                    contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(activeUserRegistry)));
                    contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
                    contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData("WebSphere", "providerSuccess"));
                    this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.UNSUCCESSFUL, new Integer(-1), new Integer(-1), AuditOutcome.S_REDIRECT, 28L);
                    try {
                        auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
                    } catch (ProviderFailureException e) {
                        Tr.error(tc, "security.audit.service.sendevent.error", new Object[]{e});
                        auditService.processAuditFailure("security.audit.service.sendevent.error", e);
                    }
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "handleBasicAuth");
                }
                return authenticationResult;
            }
            if (tc.isEntryEnabled()) {
                Tr.debug(tc, "Authorization: " + header);
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "BasicAuthEncoding: " + BasicAuthEncoding);
            }
            String header2 = httpServletRequest.getHeader(AUTHORIZATION_ENCODING);
            if (header2 == null) {
                header2 = BasicAuthEncoding;
            }
            byte[] decode = Base64.decode(header.substring(6));
            boolean z2 = false;
            if (header2 != null && header2.length() > 0) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Authorization will be decoded using : " + header2);
                }
                try {
                    header = new String(decode, header2);
                    z2 = true;
                } catch (Exception e2) {
                    z2 = false;
                    FFDCFilter.processException(e2, "com.ibm.ws.security.web.WebAuthenticator.handleBasicAuth", "2849", this);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Exception " + e2.getMessage() + " using character encoder " + header2 + " switching to system default decoder");
                    }
                }
            }
            if (!z2) {
                try {
                    header = new String(decode);
                } catch (Exception e3) {
                    FFDCFilter.processException(e3, "com.ibm.ws.security.web.WebAuthenticator.handleBasicAuth", "2859", this);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Error in using character encoder");
                    }
                }
            }
            int indexOf = header.indexOf(58);
            if (indexOf < 0) {
                AuthenticationResult authenticationResult2 = new AuthenticationResult(3, webAttributes.getRealm(), (Cookie) null);
                if (auditService != null) {
                    contextHandler = ((AuditServiceImpl) auditService).getContextHandler();
                    if (contextHandler == null) {
                        Tr.error(tc, "security.audit.service.context.error");
                        auditService.processAuditFailure("security.audit.service.context.error", null);
                    }
                }
                if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", AuditOutcome.S_REDIRECT)) {
                    contextHandler.buildContextObject("SESSION_CONTEXT", AuditUtils.buildSessionData(httpServletRequest));
                    contextHandler.buildContextObject("ACCESS_CONTEXT", buildAccessDataFromHttpRequest(httpServletRequest, "webAuth", null, null, "webAuth", "web", new Long(0L), null, null, null, null));
                    contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str4, strArr, new Date(), new Long(0L).longValue()));
                    contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                    contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), str3));
                    contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(activeUserRegistry)));
                    contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
                    contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData("WebSphere", "providerSuccess"));
                    this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.UNSUCCESSFUL, new Integer(-1), new Integer(-1), AuditOutcome.S_REDIRECT, 28L);
                    try {
                        auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
                    } catch (ProviderFailureException e4) {
                        Tr.error(tc, "security.audit.service.sendevent.error", new Object[]{e4});
                        auditService.processAuditFailure("security.audit.service.sendevent.error", e4);
                    }
                }
                if (tc.isEntryEnabled()) {
                    Tr.debug(tc, "Failed to find username/password info -- Sending 401.");
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "handleBasicAuth");
                }
                return authenticationResult2;
            }
            str = header.substring(0, indexOf);
            str2 = header.substring(indexOf + 1);
        } else if (tc.isEntryEnabled()) {
            Tr.debug(tc, "handleBasicAuth with username and password");
        }
        AuthenticationResult basicAuthenticate = basicAuthenticate(str3, str, str2, webAttributes, httpServletRequest, httpServletResponse);
        int status = basicAuthenticate.getStatus();
        if ((status == 3 || status == 2) && status == 2) {
            if (tc.isEntryEnabled()) {
                Tr.debug(tc, "Authentication failed after calling basicAuthenticate");
            }
            basicAuthenticate = new AuthenticationResult(3, webAttributes.getRealm(), (Cookie) null);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "handleBasicAuth");
        }
        return basicAuthenticate;
    }

    public AuthenticationResult authenticate(WebAttributes webAttributes, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "authenticate", new Object[]{webAttributes, httpServletRequest, httpServletResponse, Boolean.valueOf(z)});
        }
        return authenticate(webAttributes, httpServletRequest, httpServletResponse, z, true);
    }

    public AuthenticationResult authenticate(WebAttributes webAttributes, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z, boolean z2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "authenticate", new Object[]{webAttributes, httpServletRequest, httpServletResponse, Boolean.valueOf(z), Boolean.valueOf(z2)});
        }
        return authenticate(new WebRequestImpl(webAttributes, httpServletRequest, httpServletResponse, z, z2));
    }

    public AuthenticationResult authenticate(WebRequest webRequest) {
        AuthenticationResult authenticationResult;
        List<Cookie> createCookies;
        AuthenticationResult handleCertificates;
        List<Cookie> createCookies2;
        AuthenticationResult handleCustomLogin;
        long j = 0;
        WebAttributes webAttributes = webRequest.getWebAccessContext().getWebAttributes();
        HttpServletRequest httpServletRequest = webRequest.getHttpServletRequest();
        HttpServletResponse httpServletResponse = webRequest.getHttpServletResponse();
        boolean isLoginMethod = webRequest.isLoginMethod();
        boolean doTAI = webRequest.doTAI();
        boolean isRedirectEnabled = webRequest.isRedirectEnabled();
        String user = webRequest.getUser();
        String password = webRequest.getPassword();
        TrustAssociationManager trustAssociationManager = TrustAssociationManager.getInstance();
        try {
            String str = null;
            String[] strArr = null;
            if (auditService != null) {
                str = auditService.getLastTrailId();
                strArr = auditService.getEventTrailIds();
            }
            if (StatsFactory.isPMIEnabled()) {
                j = System.currentTimeMillis();
                this.authModule.onWebAuthCount();
            }
            if (tc.isEntryEnabled()) {
                Tr.entry(tc, "authenticate", webRequest);
            }
            boolean z = false;
            try {
                SecurityConfig securityConfig = SecurityObjectLocator.getSecurityConfig();
                Boolean valueOf = Boolean.valueOf(securityConfig.getActiveAuthMechanism().getBoolean(AuthMechanismConfig.FORWARDABLE_CRED));
                boolean z2 = valueOf.booleanValue() && webAttributes.isSSOEnabled() && (!webAttributes.isSecureSSO() || (webAttributes.isSecureSSO() && httpServletRequest.getScheme().equalsIgnoreCase("https")));
                String challengeType = webAttributes.getChallengeType();
                authenticationResult = null;
                HashMap hashMap = new HashMap(4);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "challengeType = " + challengeType + " Authorization header = " + httpServletRequest.getHeader("Authorization"));
                }
                setDomainContext(webAttributes, hashMap);
                if (trustAssociationManager.isTrustAssociationEnabled()) {
                    String str2 = null;
                    if (challengeType.equalsIgnoreCase("FORM")) {
                        String contextPath = httpServletRequest.getContextPath();
                        if (contextPath.equals("/")) {
                            contextPath = "";
                        }
                        str2 = webAttributes.getReloginURL();
                        if (str2 != null) {
                            if (!str2.startsWith("/")) {
                                str2 = "/" + str2;
                            }
                            str2 = contextPath + str2;
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Default redirect URL: " + str2);
                            }
                        } else if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "webAttr did not have redirect URL");
                        }
                    }
                    hashMap.put(Constants.WEB_APP_NAME, webAttributes.getWebAppName());
                    if (doTAI) {
                        authenticationResult = handleTrustAssociation(webAttributes, httpServletRequest, httpServletResponse, hashMap, true);
                        if (authenticationResult != null && authenticationResult.getStatus() == 6) {
                            z = true;
                            authenticationResult = null;
                        } else if (authenticationResult != null && authenticationResult.getStatus() == 7) {
                            securityConfig = SecurityObjectLocator.getSecurityConfig();
                            z = securityConfig.getPropertyBool(SecurityConfig.GO_TO_LOGIN_PAGE_WHEN_TAI_USER_NOT_FOUND, false);
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "first user mapping failed, continue login set to " + z);
                            }
                            authenticationResult = null;
                        } else if (authenticationResult != null && authenticationResult.getStatus() != 1) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "result status is " + authenticationResult.getStatus());
                            }
                            securityConfig = SecurityObjectLocator.getSecurityConfig();
                            if (securityConfig.getPropertyBool(SecurityConfig.CONTINUE_AFTER_TAI_ERROR, false)) {
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "Continue after TAI error (1)");
                                }
                                z = true;
                                authenticationResult = null;
                            }
                        }
                        hashMap.put(Constants.REDIRECT_URL, str2);
                    } else {
                        Tr.debug(tc, "handleTrustAssociation was skipped (1)");
                    }
                }
                if (authenticationResult == null) {
                    if (valueOf.booleanValue() && webAttributes.isSSOEnabled() && !isLoginMethod) {
                        authenticationResult = handleSSO(webAttributes, httpServletRequest, httpServletResponse);
                        if (authenticationResult != null) {
                            if (authenticationResult.getStatus() != 2) {
                                restorePostParams(webAttributes, httpServletRequest, httpServletResponse);
                            }
                            if (tc.isEntryEnabled()) {
                                Tr.exit(tc, "authenticate 1", authenticationResult);
                            }
                            if (StatsFactory.isPMIEnabled()) {
                                this.authModule.onWebAuthTime(System.currentTimeMillis() - j);
                            }
                            return authenticationResult;
                        }
                    }
                    if (trustAssociationManager.isTrustAssociationEnabled()) {
                        if (doTAI) {
                            authenticationResult = handleTrustAssociation(webAttributes, httpServletRequest, httpServletResponse, hashMap, false);
                            if (authenticationResult != null && authenticationResult.getStatus() == 6) {
                                z = true;
                                authenticationResult = null;
                            } else if (authenticationResult != null && authenticationResult.getStatus() == 7) {
                                securityConfig = SecurityObjectLocator.getSecurityConfig();
                                z = securityConfig.getPropertyBool(SecurityConfig.GO_TO_LOGIN_PAGE_WHEN_TAI_USER_NOT_FOUND, false);
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "second user mapping failed, continue login set to " + z);
                                }
                                authenticationResult = null;
                            } else if (authenticationResult != null && authenticationResult.getStatus() != 1) {
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "result status is " + authenticationResult.getStatus());
                                }
                                securityConfig = SecurityObjectLocator.getSecurityConfig();
                                if (securityConfig.getPropertyBool(SecurityConfig.CONTINUE_AFTER_TAI_ERROR, false)) {
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "Continue after TAI error (2)");
                                    }
                                    z = true;
                                    authenticationResult = null;
                                }
                            }
                        } else {
                            Tr.debug(tc, "handleTrustAssociation was skipped (2)");
                        }
                    }
                }
                if (authenticationResult == null) {
                    WebAuthenticatorAuthenticationResult webAuthenticatorAuthenticationResult = new WebAuthenticatorAuthenticationResult();
                    webAuthenticatorAuthenticationResult.result = authenticationResult;
                    webAuthenticatorAuthenticationResult.continueLogin = z;
                    WebAuthenticatorAuthenticationResult handleSPNEGOWeb = handleSPNEGOWeb(webAttributes, httpServletRequest, httpServletResponse, doTAI, securityConfig, hashMap, webAuthenticatorAuthenticationResult);
                    if (handleSPNEGOWeb != null) {
                        z = handleSPNEGOWeb.continueLogin;
                        authenticationResult = handleSPNEGOWeb.result;
                        if (handleSPNEGOWeb.callReturn) {
                            if (tc.isEntryEnabled()) {
                                Tr.exit(tc, "authenticate 2", authenticationResult);
                            }
                            if (StatsFactory.isPMIEnabled()) {
                                this.authModule.onWebAuthTime(System.currentTimeMillis() - j);
                            }
                            return authenticationResult;
                        }
                    }
                }
                if (authenticationResult == null) {
                    if (challengeType.equalsIgnoreCase("FORM") && !isLoginMethod) {
                        if (!trustAssociationManager.isTrustAssociationEnabled() || z) {
                            handleCustomLogin = handleCustomLogin(webAttributes, httpServletRequest, httpServletResponse, isRedirectEnabled);
                        } else {
                            String str3 = (String) hashMap.get(Constants.REDIRECT_URL);
                            if (str3 != null) {
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "Redirect to the error page: " + str3);
                                }
                                handleCustomLogin = new AuthenticationResult(4, str3);
                            } else {
                                handleCustomLogin = handleCustomLogin(webAttributes, httpServletRequest, httpServletResponse, isRedirectEnabled);
                            }
                        }
                        if (tc.isEntryEnabled()) {
                            Tr.exit(tc, "authenticate 3", handleCustomLogin);
                        }
                        AuthenticationResult authenticationResult2 = handleCustomLogin;
                        if (StatsFactory.isPMIEnabled()) {
                            this.authModule.onWebAuthTime(System.currentTimeMillis() - j);
                        }
                        return authenticationResult2;
                    }
                    if (challengeType.equalsIgnoreCase("CLIENT_CERT") && !isLoginMethod && (handleCertificates = handleCertificates(webAttributes, httpServletRequest, httpServletResponse)) != null) {
                        if (!handleCertificates.equals(2) && z2 && (createCookies2 = WebAttributes.createCookies(httpServletRequest, handleCertificates.getSubject())) != null) {
                            handleCertificates.setCookieList(createCookies2);
                        }
                        if (tc.isEntryEnabled()) {
                            Tr.exit(tc, "authenticate 4", handleCertificates);
                        }
                        if (StatsFactory.isPMIEnabled()) {
                            this.authModule.onWebAuthTime(System.currentTimeMillis() - j);
                        }
                        return handleCertificates;
                    }
                    authenticationResult = handleBasicAuth(webAttributes, httpServletRequest, httpServletResponse, user, password, isLoginMethod);
                }
                if (authenticationResult.getStatus() == 1) {
                    Subject subject = authenticationResult.getSubject();
                    AuthenticationResult shouldRedirectToReferrerURL = this.referrerURLHandler.shouldRedirectToReferrerURL(httpServletRequest, httpServletResponse);
                    if (shouldRedirectToReferrerURL != null) {
                        authenticationResult = shouldRedirectToReferrerURL;
                    }
                    WebCollaborator.setPrivateAttributes(httpServletRequest, "AUTH_TYPE", "BASIC");
                    if (tc.isEntryEnabled()) {
                        Tr.debug(tc, "Successful authentication");
                    }
                    boolean isTaiAuthenticated = isTaiAuthenticated(httpServletRequest, subject);
                    if (z2 && !isTaiAuthenticated && (createCookies = WebAttributes.createCookies(httpServletRequest, subject)) != null) {
                        authenticationResult.setCookieList(createCookies);
                    }
                }
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.web.WebAuthenticator.authenticate", "3319", this);
                if (tc.isEntryEnabled()) {
                    Tr.debug(tc, "Exception occurred: " + e.getMessage());
                    Tr.debug(tc, "Authentication failed.");
                }
                authenticationResult = new AuthenticationResult(2, e.getMessage());
                auditException(null, httpServletRequest, str, strArr);
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "authenticate", authenticationResult);
            }
            AuthenticationResult authenticationResult3 = authenticationResult;
            if (StatsFactory.isPMIEnabled()) {
                this.authModule.onWebAuthTime(System.currentTimeMillis() - j);
            }
            return authenticationResult3;
        } catch (Throwable th) {
            if (StatsFactory.isPMIEnabled()) {
                this.authModule.onWebAuthTime(System.currentTimeMillis() - j);
            }
            throw th;
        }
    }

    public AuthenticationResult authenticate(WebAttributes webAttributes, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "authenticate", new Object[]{webAttributes, httpServletRequest, httpServletResponse});
        }
        return authenticate(webAttributes, httpServletRequest, httpServletResponse, true);
    }

    public AuthenticationResult authenticateJaspi(WebRequest webRequest) {
        AuthenticationResult authenticationResult;
        ArrayList createCookies;
        ArrayList createCookiesStatic;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "authenticateJaspi", webRequest);
        }
        long j = 0;
        WebAttributes webAttributes = null;
        boolean z = false;
        if (webRequest.getWebAccessContext() != null) {
            webAttributes = webRequest.getWebAccessContext().getWebAttributes();
        } else {
            HashMap hashMap = (HashMap) webRequest.getProperties();
            if (hashMap != null) {
                webAttributes = (WebAttributes) hashMap.get(WebRequest.WEB_ATTRIBUTES);
                z = webAttributes != null;
            }
        }
        HttpServletRequest httpServletRequest = webRequest.getHttpServletRequest();
        HttpServletResponse httpServletResponse = webRequest.getHttpServletResponse();
        boolean isLoginMethod = webRequest.isLoginMethod();
        webRequest.doTAI();
        webRequest.isRedirectEnabled();
        webRequest.getUser();
        webRequest.getPassword();
        try {
            String str = null;
            String[] strArr = null;
            if (auditService != null) {
                str = auditService.getLastTrailId();
                strArr = auditService.getEventTrailIds();
            }
            if (StatsFactory.isPMIEnabled()) {
                j = System.currentTimeMillis();
                this.authModule.onWebAuthCount();
            }
            AuthenticationResult authenticationResult2 = null;
            try {
                Boolean valueOf = Boolean.valueOf(SecurityObjectLocator.getSecurityConfig().getActiveAuthMechanism().getBoolean(AuthMechanismConfig.FORWARDABLE_CRED));
                boolean z2 = valueOf.booleanValue() && webAttributes.isSSOEnabled() && (!webAttributes.isSecureSSO() || (webAttributes.isSecureSSO() && httpServletRequest.getScheme().equalsIgnoreCase("https")));
                String challengeType = webAttributes.getChallengeType();
                HashMap hashMap2 = new HashMap(4);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "authenticateJaspi challengeType = " + challengeType + " Authorization header = " + httpServletRequest.getHeader("Authorization"));
                }
                setDomainContext(webAttributes, hashMap2);
                if (valueOf.booleanValue() && webAttributes.isSSOEnabled() && !isLoginMethod) {
                    if (!z) {
                        authenticationResult2 = handleSSO(webAttributes, httpServletRequest, httpServletResponse);
                    }
                    WebAttributes.createLogoutCookiesStatic(httpServletRequest, httpServletResponse, true, false);
                    if (authenticationResult2 != null) {
                        if (authenticationResult2.getStatus() != 2) {
                            restorePostParams(webAttributes, httpServletRequest, httpServletResponse);
                        }
                        if (tc.isEntryEnabled()) {
                            Tr.exit(tc, "authenticateJaspi 0", authenticationResult2);
                        }
                        AuthenticationResult authenticationResult3 = authenticationResult2;
                        if (StatsFactory.isPMIEnabled()) {
                            this.authModule.onWebAuthTime(System.currentTimeMillis() - j);
                        }
                        return authenticationResult3;
                    }
                    AuthenticationResult handleSSOCookie = handleSSOCookie(webAttributes, httpServletRequest, httpServletResponse, AttributeNameConstants.JASPI_SESSION_COOKIE);
                    if (handleSSOCookie != null && handleSSOCookie.getStatus() == 1) {
                        HashMap hashMap3 = (HashMap) webRequest.getProperties();
                        if (hashMap3 == null) {
                            hashMap3 = new HashMap();
                        }
                        hashMap3.put(AttributeNameConstants.JASPI_SESSION_SUBJECT_KEY, handleSSOCookie.getSubject());
                        webRequest.setProperties(hashMap3);
                    }
                }
                authenticationResult = this.jaspiCollaborator.authenticate(challengeType, webRequest, this.jaspiCollaborator.getAuthConfigProvider(webRequest.getAppContext()));
                if (authenticationResult.getStatus() == 1) {
                    Subject subject = authenticationResult.getSubject();
                    AuthenticationResult shouldRedirectToReferrerURL = this.referrerURLHandler.shouldRedirectToReferrerURL(httpServletRequest, httpServletResponse);
                    if (shouldRedirectToReferrerURL != null) {
                        authenticationResult = shouldRedirectToReferrerURL;
                    }
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "authenticateJaspi Successful authentication");
                    }
                    boolean z3 = false;
                    Map properties = webRequest.getProperties();
                    if (properties != null) {
                        z3 = Boolean.valueOf((String) properties.get(AttributeNameConstants.JASPI_SESSION_REGISTRATION_KEY)).booleanValue();
                    }
                    if (z3 && (createCookiesStatic = WebAttributes.createCookiesStatic(httpServletRequest, subject, "LtpaToken2", AttributeNameConstants.JASPI_SESSION_COOKIE)) != null) {
                        authenticationResult.setCookieList(createCookiesStatic);
                    }
                    if (z && z2 && (createCookies = WebAttributes.createCookies(httpServletRequest, subject)) != null) {
                        authenticationResult.setCookieList(createCookies);
                    }
                }
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.web.WebAuthenticator.authenticate", "3504", this);
                if (tc.isEntryEnabled()) {
                    Tr.debug(tc, "authenticateJaspi Exception occurred: " + e.getMessage());
                    Tr.debug(tc, "authenticateJaspi Authentication failed.");
                }
                authenticationResult = new AuthenticationResult(2, e.getMessage());
                auditException(null, httpServletRequest, str, strArr);
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "authenticateJaspi", authenticationResult);
            }
            AuthenticationResult authenticationResult4 = authenticationResult;
            if (StatsFactory.isPMIEnabled()) {
                this.authModule.onWebAuthTime(System.currentTimeMillis() - j);
            }
            return authenticationResult4;
        } catch (Throwable th) {
            if (StatsFactory.isPMIEnabled()) {
                this.authModule.onWebAuthTime(System.currentTimeMillis() - j);
            }
            throw th;
        }
    }

    private void auditException(ContextHandler contextHandler, HttpServletRequest httpServletRequest, String str, String[] strArr) {
        if (auditService != null) {
            contextHandler = ((AuditServiceImpl) auditService).getContextHandler();
            if (contextHandler == null) {
                Tr.error(tc, "security.audit.service.context.error");
                auditService.processAuditFailure("security.audit.service.context.error", null);
            }
        }
        if (auditService == null || !auditService.isEventRequired("SECURITY_AUTHN", "DENIED")) {
            return;
        }
        contextHandler.buildContextObject("SESSION_CONTEXT", AuditUtils.buildSessionData(httpServletRequest));
        contextHandler.buildContextObject("ACCESS_CONTEXT", buildAccessDataFromHttpRequest(httpServletRequest, "webAuth", null, null, "denied", "web", new Long(0L), null, null, null, null));
        contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str, strArr, new Date(), new Long(0L).longValue()));
        contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
        contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), auditService.getRealm()));
        contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(activeUserRegistry)));
        contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
        contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData("WebSphere", "providerSuccess"));
        this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.UNSUCCESSFUL, new Integer(-1), new Integer(-1), "DENIED", 15L);
        try {
            auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
        } catch (ProviderFailureException e) {
            Tr.error(tc, "security.audit.service.sendevent.error", new Object[]{e});
            auditService.processAuditFailure("security.audit.service.sendevent.error", e);
        }
    }

    public AuthenticationResult validate(String str, byte[] bArr, WebAttributes webAttributes, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return validate(str, bArr, webAttributes, httpServletRequest, httpServletResponse, null);
    }

    /* JADX WARN: Removed duplicated region for block: B:63:0x0601  */
    /* JADX WARN: Removed duplicated region for block: B:72:0x0446  */
    /* JADX WARN: Removed duplicated region for block: B:75:0x0466  */
    /* JADX WARN: Removed duplicated region for block: B:92:0x05d9  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public com.ibm.ws.security.web.AuthenticationResult validate(java.lang.String r14, byte[] r15, com.ibm.ws.security.web.WebAttributes r16, javax.servlet.http.HttpServletRequest r17, javax.servlet.http.HttpServletResponse r18, java.lang.String r19) {
        /*
            Method dump skipped, instructions count: 1549
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ws.security.web.WebAuthenticator.validate(java.lang.String, byte[], com.ibm.ws.security.web.WebAttributes, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.String):com.ibm.ws.security.web.AuthenticationResult");
    }

    public AuthenticationResult basicAuthenticate(String str, String str2, String str3) {
        return basicAuthenticate(str, str2, str3, null, null, null);
    }

    public AuthenticationResult basicAuthenticate(String str, String str2, String str3, WebAttributes webAttributes, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        AuthenticationResult authenticationResult;
        Subject login;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "basicAuthenticate");
        }
        ContextHandler contextHandler = null;
        String str4 = null;
        String[] strArr = null;
        if (auditService != null) {
            str4 = auditService.getLastTrailId();
            strArr = auditService.getEventTrailIds();
        }
        try {
            ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
            if (webAttributes != null) {
                HashMap hashMap = new HashMap(4);
                hashMap.put(Constants.WEB_APP_NAME, webAttributes.getWebAppName());
                hashMap.put(Constants.REDIRECT_URL, null);
                String str5 = "system.WEB_INBOUND";
                Boolean valueOf = Boolean.valueOf(SecurityObjectLocator.getSecurityConfig().getActiveAuthMechanism().getBoolean(AuthMechanismConfig.FORWARDABLE_CRED));
                if (valueOf != null && !valueOf.booleanValue()) {
                    str5 = "system.SWAM";
                }
                str = SecurityObjectLocator.getSecurityConfig().getActiveUserRegistry().getString("realm");
                login = contextManagerFactory.login(str, str2, str3, str5, httpServletRequest, httpServletResponse, hashMap);
            } else {
                login = contextManagerFactory.login(DomainInfo.getAppRealm(), str2, str3, authMech, (HttpServletRequest) null, (HttpServletResponse) null, (Map) null);
            }
        } catch (WSLoginFailedException e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "WSLoginFailedException caught during basicAuthenticate", e);
            }
            authenticationResult = new AuthenticationResult(2, e.getMessage());
        } catch (Exception e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.web.WebAuthenticator.basicAuthenticate", "4142", this);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "basicAuthenticate", e2);
            }
            authenticationResult = new AuthenticationResult(2, e2.getMessage());
            if (auditService != null) {
                contextHandler = ((AuditServiceImpl) auditService).getContextHandler();
                if (contextHandler == null) {
                    Tr.error(tc, "security.audit.service.context.error");
                    auditService.processAuditFailure("security.audit.service.context.error", null);
                }
            }
            if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", "DENIED")) {
                contextHandler.buildContextObject("SESSION_CONTEXT", AuditUtils.buildSessionData(httpServletRequest));
                contextHandler.buildContextObject("ACCESS_CONTEXT", buildAccessDataFromHttpRequest(httpServletRequest, "webAuth", null, str2, "denied", "web", new Long(0L), null, null, null, null));
                contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str4, strArr, new Date(), new Long(0L).longValue()));
                contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), str));
                contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(activeUserRegistry)));
                contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
                contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData("WebSphere", "providerSuccess"));
                this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.UNSUCCESSFUL, new Integer(-1), new Integer(-1), "DENIED", 15L);
                try {
                    auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
                } catch (ProviderFailureException e3) {
                    Tr.error(tc, "security.audit.service.sendevent.error", new Object[]{e3});
                    auditService.processAuditFailure("security.audit.service.sendevent.error", e3);
                }
            }
        }
        if (login == null) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "basicAuthenticate: authentication failed");
            }
            if (auditService != null) {
                contextHandler = ((AuditServiceImpl) auditService).getContextHandler();
                if (contextHandler == null) {
                    Tr.error(tc, "security.audit.service.context.error");
                    auditService.processAuditFailure("security.audit.service.context.error", null);
                }
            }
            if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", "DENIED")) {
                contextHandler.buildContextObject("SESSION_CONTEXT", AuditUtils.buildSessionData(httpServletRequest));
                contextHandler.buildContextObject("ACCESS_CONTEXT", buildAccessDataFromHttpRequest(httpServletRequest, "webAuth", null, str2, "denied", "web", new Long(0L), null, null, null, null));
                contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str4, strArr, new Date(), new Long(0L).longValue()));
                contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), str));
                contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(activeUserRegistry)));
                contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
                contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData("WebSphere", "providerSuccess"));
                this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.UNSUCCESSFUL, new Integer(-1), new Integer(-1), "DENIED", 28L);
                try {
                    auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
                } catch (ProviderFailureException e4) {
                    Tr.error(tc, "security.audit.service.sendevent.error", new Object[]{e4});
                    auditService.processAuditFailure("security.audit.service.sendevent.error", e4);
                }
            }
            return AUTHN_FAILED_RESULT;
        }
        authenticationResult = new AuthenticationResult(1, login);
        if (auditService != null) {
            contextHandler = ((AuditServiceImpl) auditService).getContextHandler();
            if (contextHandler == null) {
                Tr.error(tc, "security.audit.service.context.error");
                auditService.processAuditFailure("security.audit.service.context.error", null);
            }
        }
        if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", "SUCCESS")) {
            String str6 = null;
            if (login != null) {
                str6 = ((Principal) login.getPrincipals().toArray()[0]).getName();
            }
            contextHandler.buildContextObject("SESSION_CONTEXT", new AuditUtils().isSessionSecurityEnabled() ? DataHelper.buildSessionData(null, httpServletRequest.getRemoteAddr(), httpServletRequest.getRemoteHost(), new Integer(httpServletRequest.getRemotePort()).toString()) : DataHelper.buildSessionData(httpServletRequest.getSession().getId(), httpServletRequest.getRemoteAddr(), httpServletRequest.getRemoteHost(), new Integer(httpServletRequest.getRemotePort()).toString()));
            contextHandler.buildContextObject("ACCESS_CONTEXT", buildAccessDataFromHttpRequest(httpServletRequest, "webAuth", str6, str2, "authnSuccess", "web", new Long(0L), null, null, null, null));
            contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str4, strArr, new Date(), new Long(0L).longValue()));
            contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
            contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), str));
            contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(activeUserRegistry)));
            contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
            contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData("WebSphere", "providerSuccess"));
            this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.SUCCESSFUL, new Integer(0), new Integer(0), "SUCCESS", 5L);
            try {
                auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
            } catch (ProviderFailureException e5) {
                Tr.error(tc, "security.audit.service.sendevent.error", new Object[]{e5});
                auditService.processAuditFailure("security.audit.service.sendevent.error", e5);
            }
        }
        authenticationResult.realm = str;
        authenticationResult.username = str2;
        authenticationResult.password = str3;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "basicAuthenticate");
        }
        return authenticationResult;
    }

    protected WSCredential setSasBasicAuth(String str, String str2, String str3) throws Exception {
        throw new RuntimeException("Not Implemented");
    }

    public Subject getPreferredSubject(Subject subject, Subject subject2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getPreferredSubject");
        }
        return subject != null ? subject : subject2;
    }

    private boolean isAdminApp(WebAttributes webAttributes) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isAdminApp");
        }
        boolean checkIfAdminApp = webAttributes != null ? WSAccessManager.checkIfAdminApp(webAttributes.getWebAppName()) : false;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isAdminApp", Boolean.valueOf(checkIfAdminApp));
        }
        return checkIfAdminApp;
    }

    private void setDomainContext(WebAttributes webAttributes, Map map) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setDomainContext");
        }
        boolean checkIfAdminApp = WSAccessManager.checkIfAdminApp(webAttributes.getWebAppName());
        map.put(CommonConstants.REALM_NAME, SecurityObjectLocator.getSecurityConfig().getActiveUserRegistry().getString("realm"));
        if (checkIfAdminApp) {
            map.put("security.domain.type", "administration");
        } else {
            map.put("security.domain.type", "application");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setDomainContext", map);
        }
    }

    String normalizeURL(String str, String str2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "normalizeURL", new Object[]{str, str2});
        }
        if (str2.equals("/")) {
            str2 = "";
        }
        if (!str.startsWith("/")) {
            str = "/" + str;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "normalizeURL", str2 + str);
        }
        return str2 + str;
    }

    String getFormURL(boolean z, HttpServletRequest httpServletRequest, WebAttributes webAttributes) {
        String reloginURL = z ? webAttributes.getReloginURL() : webAttributes.getLoginURL();
        StringBuilder sb = new StringBuilder(httpServletRequest.getRequestURL());
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getFormURL", new Object[]{"formURL=" + reloginURL, "requestURL=" + ((Object) sb)});
        }
        sb.replace(sb.indexOf("/", sb.indexOf("//") + 2), sb.length(), normalizeURL(reloginURL, httpServletRequest.getContextPath()));
        String sb2 = sb.toString();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getFormURL", sb2);
        }
        return sb2;
    }

    String getReLoginURL(HttpServletRequest httpServletRequest, WebAttributes webAttributes) {
        return getFormURL(true, httpServletRequest, webAttributes);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getLoginURL(HttpServletRequest httpServletRequest, WebAttributes webAttributes) {
        return getFormURL(false, httpServletRequest, webAttributes);
    }

    protected int getPostParamSaveMethod() {
        int i = 0;
        SecurityConfig securityConfig = SecurityObjectLocator.getSecurityConfig();
        String str = null;
        if (securityConfig != null) {
            str = securityConfig.getProperty(SecurityConfig.PROP_POSTPARAM_SAVE_METHOD);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "postParamSaveMethod string: " + str);
        }
        if (str != null) {
            if (str.equalsIgnoreCase("Cookie")) {
                i = 0;
            } else if (str.equalsIgnoreCase("Session")) {
                i = 1;
            } else if (str.equalsIgnoreCase(CommonConstants.PROP_SAVE_DISABLE)) {
                i = 2;
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "postParamSaveMethod value: " + i);
        }
        return i;
    }

    /* JADX WARN: Code restructure failed: missing block: B:28:0x00a8, code lost:
    
        r7 = true;
     */
    /* JADX WARN: Code restructure failed: missing block: B:29:0x00b0, code lost:
    
        if (com.ibm.ws.security.web.WebAuthenticator.tc.isDebugEnabled() == false) goto L31;
     */
    /* JADX WARN: Code restructure failed: missing block: B:30:0x00b3, code lost:
    
        com.ibm.ejs.ras.Tr.debug(com.ibm.ws.security.web.WebAuthenticator.tc, "Found matching predefined Subject tag.");
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    protected boolean checkSubject(javax.servlet.http.HttpServletRequest r5, javax.security.auth.Subject r6) {
        /*
            Method dump skipped, instructions count: 275
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ws.security.web.WebAuthenticator.checkSubject(javax.servlet.http.HttpServletRequest, javax.security.auth.Subject):boolean");
    }

    public HashMap buildAccessDataFromHttpRequest(HttpServletRequest httpServletRequest, String str, String str2, String str3, String str4, String str5, Long l, String[] strArr, String[] strArr2, String[] strArr3, String[] strArr4) {
        String str6 = null;
        String str7 = null;
        if (httpServletRequest != null) {
            str6 = this.referrerURLHandler.getServletURI(httpServletRequest);
            str7 = httpServletRequest.getMethod();
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "buildAccessDataFromHttpRequest:  HttpServletRequest is null.");
        }
        return DataHelper.buildAccessData(str6, str, str2, str3, str4, str7, str5, l, strArr, strArr2, strArr3, strArr4);
    }

    protected boolean isOAuthTaiAuthenticated(HttpServletRequest httpServletRequest, Subject subject) {
        return isTaiAuthenticated(httpServletRequest, subject);
    }

    protected boolean isTaiAuthenticated(HttpServletRequest httpServletRequest, Subject subject) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isTaiAuthenticated", new Object[]{httpServletRequest, subject});
        }
        boolean z = false;
        if (subject != null) {
            try {
                Iterator it = subject.getPrivateCredentials(Hashtable.class).iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    Hashtable hashtable = (Hashtable) it.next();
                    String str = (String) hashtable.get("OAuthProvider");
                    String str2 = (String) hashtable.get("setLtpaCookie");
                    if (str != null && !str.trim().isEmpty()) {
                        z = true;
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "isTaiAuthenticated oauthProvider:" + str);
                        }
                    } else if (str2 != null && !str2.trim().isEmpty()) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "isTaiAuthenticatedsetLtpaCookie value:" + str2);
                        }
                        if (str2.equals("false")) {
                            z = true;
                        }
                    }
                }
            } catch (Exception e) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "isTaiAuthenticated Exception getting OAuthProvider property from credentials: " + e.getMessage());
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isTaiAuthenticated " + z);
        }
        return z;
    }

    private String serializePostParam(SRTServletRequest sRTServletRequest, String str) throws IOException, UnsupportedEncodingException, IllegalStateException {
        String str2 = null;
        HashMap inputStreamData = sRTServletRequest.getInputStreamData();
        if (inputStreamData != null) {
            long sizeInputStreamData = sRTServletRequest.sizeInputStreamData(inputStreamData);
            byte[] bytes = str.getBytes("UTF-8");
            long length = sizeInputStreamData + bytes.length + 4;
            long longValue = Long.valueOf(this.security.getProperty(SecurityConfig.PROP_POSTPARAM_COOKIE_SIZE)).longValue();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "length:" + length + "  maximum length:" + longValue);
            }
            if (length < longValue) {
                byte[][] serializeInputStreamData = sRTServletRequest.serializeInputStreamData(inputStreamData);
                StringBuffer stringBuffer = new StringBuffer();
                stringBuffer.append(StringUtil.toString(Base64Coder.base64Encode(bytes)));
                for (byte[] bArr : serializeInputStreamData) {
                    stringBuffer.append(".").append(StringUtil.toString(Base64Coder.base64Encode(bArr)));
                }
                str2 = stringBuffer.toString();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "encoded length:" + str2.length());
                }
            } else {
                Tr.warning(tc, "Post parameters are too large to store into a cookie.");
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "encoded POST parameters: " + str2);
            }
        } else {
            Tr.warning(tc, "Post parameter is null.");
        }
        return str2;
    }

    /* JADX WARN: Type inference failed for: r0v14, types: [byte[], byte[][]] */
    private HashMap deserializePostParam(SRTServletRequest sRTServletRequest, byte[] bArr, String str) throws IOException, UnsupportedEncodingException, IllegalStateException {
        List<byte[]> splitBytes = splitBytes(bArr, (byte) 46);
        int size = splitBytes.size();
        if (size <= 1) {
            throw new IllegalStateException("The data of the post param cookie is too short. The data might be truncated.");
        }
        String str2 = new String(Base64Coder.base64Decode(splitBytes.get(0)), "UTF-8");
        if (str2 == null || !str2.equals(str)) {
            throw new IllegalStateException("The url in the post param cookie does not match the requested url");
        }
        ?? r0 = new byte[size - 1];
        for (int i = 0; i < size - 1; i++) {
            r0[i] = Base64Coder.base64Decode(splitBytes.get(1 + i));
        }
        return sRTServletRequest.deserializeInputStreamData((byte[][]) r0);
    }

    private List<byte[]> splitBytes(byte[] bArr, byte b) {
        ArrayList arrayList = new ArrayList();
        int i = 0;
        int i2 = 0;
        while (i2 < bArr.length) {
            while (i2 < bArr.length && bArr[i2] != b) {
                i2++;
            }
            arrayList.add(Arrays.copyOfRange(bArr, i, i2));
            i = i2 + 1;
            i2++;
        }
        return arrayList;
    }
}
