package com.ibm.ws.wssecurity.impl.auth.module;

import com.ibm.websphere.wssecurity.wssapi.token.SecurityToken;
import com.ibm.ws.wssecurity.impl.auth.callback.STSRulesCallback;
import com.ibm.ws.wssecurity.trust.server.sts.STSCallbackHandler;
import com.ibm.ws.wssecurity.trust.server.sts.Util.Constants;
import com.ibm.ws.wssecurity.util.Tr;
import com.ibm.ws.wssecurity.util.TraceComponent;
import com.ibm.ws.wssecurity.wssapi.token.impl.SCT;
import com.ibm.ws.wssecurity.wssapi.token.impl.SecurityTokenImpl;
import com.ibm.xmlns.prod.websphere._200608.securitytokenservice.targets.Identity;
import com.ibm.xmlns.prod.websphere._200608.securitytokenservice.targets.IdentityList;
import com.ibm.xmlns.prod.websphere._200608.securitytokenservice.targets.IdentityPart;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;

/* loaded from: input_file:lib/com.ibm.jaxws.thinclient_9.0.jar:com/ibm/ws/wssecurity/impl/auth/module/STSDefaultLoginModule.class */
public class STSDefaultLoginModule implements LoginModule {
    private CallbackHandler handler;
    private static final TraceComponent tc = Tr.register(STSDefaultLoginModule.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.wssmessages");

    public boolean abort() throws LoginException {
        return true;
    }

    public boolean commit() throws LoginException {
        return true;
    }

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "initialize: callbackHandler.getClass(): " + callbackHandler.getClass().getName());
        }
        this.handler = callbackHandler;
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "initialize: handler.getClass(): " + this.handler.getClass().getName());
        }
    }

    public boolean login() throws LoginException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "login");
        }
        if (this.handler == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Login module has not yet been initialized (CallbackHandler is null).");
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "login");
            }
            throw new LoginException();
        }
        Callback[] callbackArr = new Callback[1];
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "handler.getClass(): " + this.handler.getClass().getName());
            if (this.handler instanceof STSCallbackHandler) {
                Tr.debug(tc, "handler instanceof STSCallbackHandler is true");
            } else {
                Tr.debug(tc, "handler instanceof STSCallbackHandler is false");
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Adding STSRulesCallback callback to list of callbacks to handle.");
        }
        callbackArr[0] = new STSRulesCallback();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Invoking the CallbackHandler.");
        }
        try {
            this.handler.handle(callbackArr);
            STSRulesCallback sTSRulesCallback = (STSRulesCallback) callbackArr[0];
            if (sTSRulesCallback.isSuccessful()) {
                if (!tc.isDebugEnabled()) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "CallbackHandler returned with failure.");
                    }
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "login");
                    }
                    throw new LoginException();
                }
                Tr.debug(tc, "CallbackHandler returned successfully.");
            }
            IdentityList rules = sTSRulesCallback.getRules();
            if (rules != null) {
                SecurityToken token = sTSRulesCallback.getToken();
                if (token == null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Rules exist and token is null");
                    }
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "login");
                    }
                    throw new LoginException();
                }
                Class<?> cls = token.getClass();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "token is of type: " + cls.getName());
                }
                try {
                    if (SCT.class.isAssignableFrom(cls)) {
                        ArrayList appliesToList = ((SCT) token).getAppliesToList();
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "principalList: " + appliesToList);
                        }
                    }
                    if (!SecurityTokenImpl.class.isAssignableFrom(cls)) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "token not a SecurityTokenImpl, unable to getPrincipal");
                        }
                        throw new LoginException();
                    }
                    String principal = token.getPrincipal();
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "token.getPrincipal(): " + principal);
                    }
                    ArrayList arrayList = new ArrayList();
                    arrayList.add(principal);
                    if (tc.isDebugEnabled()) {
                        while (0 < arrayList.size()) {
                            Tr.debug(tc, "principal.get(0): " + arrayList.get(0));
                        }
                        Tr.debug(tc, "Searching through identity rules for match to principal.");
                        Tr.debug(tc, "This login module implementation requires matching principal values to pass. All IdentityParts of an Identity must be satisfied.");
                    }
                    Iterator<Identity> it = rules.getIdentity().iterator();
                    boolean z = false;
                    while (it.hasNext()) {
                        List<IdentityPart> identityPart = it.next().getIdentityPart();
                        if (identityPart.size() == 1) {
                            IdentityPart identityPart2 = identityPart.get(0);
                            String name = identityPart2.getName();
                            String value = identityPart2.getValue();
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Listing IdentityPart.");
                                Tr.debug(tc, "  Name: " + name + "  Value: " + value);
                            }
                            while (true) {
                                if (0 >= arrayList.size()) {
                                    break;
                                }
                                if (name.equals(Constants.PRINCIPAL) && value.equals(arrayList.get(0))) {
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "Found a match!");
                                    }
                                    z = true;
                                } else if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "Does not match.");
                                }
                            }
                        } else if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Found an Identity with more than one IdentityPart. This will not be satisfied. Moving on to the next Identity.");
                        }
                    }
                    if (!z) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Could not find a match. Login failed.");
                        }
                        if (tc.isEntryEnabled()) {
                            Tr.exit(tc, "login");
                        }
                        throw new LoginException();
                    }
                } catch (Exception e) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "exception caught while getting token principal: " + e.getMessage());
                    }
                    throw new LoginException();
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "No rules exist therefore bypassing security check");
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Login successful!");
            }
            if (!tc.isEntryEnabled()) {
                return true;
            }
            Tr.exit(tc, "login");
            return true;
        } catch (Exception e2) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "CallbackHandler failed with exception: " + e2.getLocalizedMessage());
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "login");
            }
            throw new LoginException();
        }
    }

    public boolean logout() throws LoginException {
        return true;
    }
}
