package com.ibm.ws.security.auth;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.security.WSSecurityException;
import com.ibm.websphere.security.auth.WSPrincipal;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.common.auth.WSPrincipalImpl;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.security.util.AccessController;
import com.ibm.wsspi.security.token.AttributeNameConstants;
import com.ibm.wsspi.security.token.AuthenticationToken;
import com.ibm.wsspi.security.token.AuthorizationToken;
import com.ibm.wsspi.security.token.SingleSignonToken;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.util.Iterator;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.login.CredentialExpiredException;

/* loaded from: input_file:lib/sas.jar:com/ibm/ws/security/auth/SubjectHelper.class */
public class SubjectHelper {
    private static Subject unauthenticatedSubject = null;
    private static final TraceComponent tc;
    static Class class$com$ibm$wsspi$security$token$SingleSignonToken;
    static Class class$com$ibm$wsspi$security$token$AuthorizationToken;
    static Class class$com$ibm$wsspi$security$token$AuthenticationToken;
    static Class class$com$ibm$websphere$security$auth$WSPrincipal;
    static Class class$com$ibm$ws$security$auth$SubjectHelper;

    public static Subject createSubjectFromWSCredential(WSCredential wSCredential) {
        if (wSCredential == null) {
            return null;
        }
        try {
            WSPrincipal createPrincipal = createPrincipal(wSCredential);
            Subject subject = new Subject();
            AccessController.doPrivileged(new PrivilegedAction(subject, createPrincipal, wSCredential) { // from class: com.ibm.ws.security.auth.SubjectHelper.1
                private final Subject val$subject;
                private final WSPrincipal val$principal;
                private final WSCredential val$cred;

                {
                    this.val$subject = subject;
                    this.val$principal = createPrincipal;
                    this.val$cred = wSCredential;
                }

                @Override // java.security.PrivilegedAction
                public Object run() {
                    if (!this.val$subject.getPrincipals().contains(this.val$principal)) {
                        this.val$subject.getPrincipals().add(this.val$principal);
                    }
                    if (this.val$subject.getPublicCredentials().contains(this.val$cred)) {
                        return null;
                    }
                    this.val$subject.getPublicCredentials().add(this.val$cred);
                    return null;
                }
            });
            return subject;
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.core.ContextManagerImpl.createSubjectFromWSCredential", "110");
            if (!tc.isDebugEnabled()) {
                return null;
            }
            Tr.debug(tc, "Exception creating Subject from WSCredential.", new Object[]{e});
            return null;
        }
    }

    public static WSCredential getWSCredentialFromSubject(Subject subject) {
        if (subject == null) {
            return null;
        }
        try {
            return (WSCredential) AccessController.doPrivileged(new PrivilegedAction(subject) { // from class: com.ibm.ws.security.auth.SubjectHelper.2
                private final Subject val$subject;

                {
                    this.val$subject = subject;
                }

                @Override // java.security.PrivilegedAction
                public Object run() {
                    Set publicCredentials = this.val$subject.getPublicCredentials();
                    if (publicCredentials != null && publicCredentials.size() > 0) {
                        for (Object obj : publicCredentials) {
                            if (obj != null && (obj instanceof WSCredential)) {
                                return (WSCredential) obj;
                            }
                        }
                    }
                    if (!SubjectHelper.tc.isDebugEnabled()) {
                        return null;
                    }
                    Tr.debug(SubjectHelper.tc, "WSCredential not present in Subject.");
                    return null;
                }
            });
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.core.ContextManagerImpl.getWSCredentialFromSubject", "162");
            if (!tc.isDebugEnabled()) {
                return null;
            }
            Tr.debug(tc, "Exception getting WSCredential from Subject.", new Object[]{e});
            return null;
        }
    }

    public static SingleSignonToken getDefaultSSOTokenFromSubject(Subject subject) {
        if (subject == null) {
            return null;
        }
        try {
            return (SingleSignonToken) AccessController.doPrivileged(new PrivilegedAction(subject) { // from class: com.ibm.ws.security.auth.SubjectHelper.3
                private final Subject val$subject;

                {
                    this.val$subject = subject;
                }

                @Override // java.security.PrivilegedAction
                public Object run() {
                    Class cls;
                    Subject subject2 = this.val$subject;
                    if (SubjectHelper.class$com$ibm$wsspi$security$token$SingleSignonToken == null) {
                        cls = SubjectHelper.class$("com.ibm.wsspi.security.token.SingleSignonToken");
                        SubjectHelper.class$com$ibm$wsspi$security$token$SingleSignonToken = cls;
                    } else {
                        cls = SubjectHelper.class$com$ibm$wsspi$security$token$SingleSignonToken;
                    }
                    for (SingleSignonToken singleSignonToken : subject2.getPrivateCredentials(cls)) {
                        if (SubjectHelper.tc.isDebugEnabled()) {
                            Tr.debug(SubjectHelper.tc, new StringBuffer().append("Processing SSO token with name: ").append(singleSignonToken.getName()).toString());
                        }
                        if (singleSignonToken.getName().equals("LtpaToken")) {
                            if (SubjectHelper.tc.isDebugEnabled()) {
                                Tr.debug(SubjectHelper.tc, "Found default SSO token.");
                            }
                            return singleSignonToken;
                        }
                    }
                    if (!SubjectHelper.tc.isDebugEnabled()) {
                        return null;
                    }
                    Tr.debug(SubjectHelper.tc, "Could not find default SSO token.");
                    return null;
                }
            });
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.core.ContextManagerImpl.getDefaultSSOTokenFromSubject", "211");
            if (!tc.isDebugEnabled()) {
                return null;
            }
            Tr.debug(tc, "Exception getting SingleSignonToken from Subject.", new Object[]{e});
            return null;
        }
    }

    public static AuthorizationToken getDefaultAuthzTokenFromSubject(Subject subject) {
        Class cls;
        if (subject == null) {
            return null;
        }
        try {
            if (class$com$ibm$wsspi$security$token$AuthorizationToken == null) {
                cls = class$("com.ibm.wsspi.security.token.AuthorizationToken");
                class$com$ibm$wsspi$security$token$AuthorizationToken = cls;
            } else {
                cls = class$com$ibm$wsspi$security$token$AuthorizationToken;
            }
            for (AuthorizationToken authorizationToken : subject.getPrivateCredentials(cls)) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("Processing AUTHZ token with name: ").append(authorizationToken.getName()).toString());
                }
                if (authorizationToken.getName().equals(AttributeNameConstants.WSAUTHZTOKEN_NAME)) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Found default AuthorizationToken.");
                    }
                    return authorizationToken;
                }
            }
            if (!tc.isDebugEnabled()) {
                return null;
            }
            Tr.debug(tc, "Could not find default Authorization token.");
            return null;
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.core.ContextManagerImpl.getDefaultAuthzTokenFromSubject", "252");
            if (!tc.isDebugEnabled()) {
                return null;
            }
            Tr.debug(tc, "Exception getting AuthorizationToken from Subject.", new Object[]{e});
            return null;
        }
    }

    public static AuthenticationToken getDefaultAuthTokenFromSubject(Subject subject) {
        Class cls;
        if (subject == null) {
            return null;
        }
        try {
            if (class$com$ibm$wsspi$security$token$AuthenticationToken == null) {
                cls = class$("com.ibm.wsspi.security.token.AuthenticationToken");
                class$com$ibm$wsspi$security$token$AuthenticationToken = cls;
            } else {
                cls = class$com$ibm$wsspi$security$token$AuthenticationToken;
            }
            for (AuthenticationToken authenticationToken : subject.getPrivateCredentials(cls)) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("Processing AUTH token with name: ").append(authenticationToken.getName()).toString());
                }
                if (authenticationToken.getName().equals(AttributeNameConstants.WSAUTHTOKEN_NAME)) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Found default AuthenticationToken.");
                    }
                    return authenticationToken;
                }
            }
            if (!tc.isDebugEnabled()) {
                return null;
            }
            Tr.debug(tc, "Could not find default AuthenticationToken.");
            return null;
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.core.ContextManagerImpl.getDefaultAuthzTokenFromSubject", "293");
            if (!tc.isDebugEnabled()) {
                return null;
            }
            Tr.debug(tc, "Exception getting AuthenticationToken from Subject.", new Object[]{e});
            return null;
        }
    }

    public static boolean isWSCredentialValid(Subject subject) {
        return isWSCredentialValid(subject, false);
    }

    public static boolean isWSCredentialValid(Subject subject, boolean z) {
        if (subject == null) {
            return false;
        }
        try {
            WSCredential wSCredential = (WSCredential) AccessController.doPrivileged(new PrivilegedAction(subject) { // from class: com.ibm.ws.security.auth.SubjectHelper.4
                private final Subject val$subject;

                {
                    this.val$subject = subject;
                }

                @Override // java.security.PrivilegedAction
                public Object run() {
                    for (Object obj : this.val$subject.getPublicCredentials()) {
                        if (obj instanceof WSCredential) {
                            return (WSCredential) obj;
                        }
                    }
                    return null;
                }
            });
            if (!z) {
                boolean isCurrent = wSCredential.isCurrent();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("Is credential valid? ").append(isCurrent).toString());
                }
                return isCurrent;
            }
            long expiration = wSCredential.getExpiration();
            long reqTimeout = ContextManagerFactory.getInstance().getReqTimeout();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Cushion in use is ").append(reqTimeout).append(" millis.").toString());
            }
            if (expiration == -1 || expiration == 0) {
                return true;
            }
            long currentTimeMillis = expiration - (System.currentTimeMillis() + reqTimeout);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Time remaining is: ").append(currentTimeMillis).append(" millis.").toString());
            }
            return currentTimeMillis > 0 || ServerCredSigner.getInstance().isServerCred(wSCredential);
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.core.ContextManagerImpl.getWSCredentialFromSubject", "383");
            if (!tc.isDebugEnabled()) {
                return false;
            }
            Tr.debug(tc, "Exception getting WSCredential from Subject.", new Object[]{e});
            return false;
        }
    }

    public static WSPrincipal getPrincipalFromSubject(Subject subject) {
        if (subject == null) {
            return null;
        }
        try {
            return (WSPrincipal) AccessController.doPrivileged(new PrivilegedAction(subject) { // from class: com.ibm.ws.security.auth.SubjectHelper.5
                private final Subject val$subject;

                {
                    this.val$subject = subject;
                }

                @Override // java.security.PrivilegedAction
                public Object run() {
                    Class cls;
                    Subject subject2 = this.val$subject;
                    if (SubjectHelper.class$com$ibm$websphere$security$auth$WSPrincipal == null) {
                        cls = SubjectHelper.class$(AttributeNameConstants.DEFAULT_CALLER_PRINCIPAL_CLASS);
                        SubjectHelper.class$com$ibm$websphere$security$auth$WSPrincipal = cls;
                    } else {
                        cls = SubjectHelper.class$com$ibm$websphere$security$auth$WSPrincipal;
                    }
                    return subject2.getPrincipals(cls).iterator().next();
                }
            });
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.core.ContextManagerImpl.getPrincipalFromSubject", "417");
            if (!tc.isDebugEnabled()) {
                return null;
            }
            Tr.debug(tc, "Exception getting WSPrincipal from Subject.", new Object[]{e});
            return null;
        }
    }

    public static WSPrincipal createPrincipal(WSCredential wSCredential) throws WSSecurityException {
        WSPrincipalImpl wSPrincipalImpl = null;
        if (wSCredential != null) {
            try {
                String realmSecurityName = wSCredential.getRealmSecurityName();
                if (realmSecurityName == null || realmSecurityName.length() == 0) {
                    StringBuffer stringBuffer = new StringBuffer(ContextManagerFactory.getInstance().getDefaultRealm());
                    stringBuffer.append("/").append(wSCredential.getSecurityName());
                    realmSecurityName = stringBuffer.toString();
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("Principal name: ").append(realmSecurityName).toString());
                }
                wSPrincipalImpl = new WSPrincipalImpl(realmSecurityName);
            } catch (CredentialExpiredException e) {
                throw new WSSecurityException(e.getMessage(), e);
            }
        }
        return wSPrincipalImpl;
    }

    public static Subject createBasicAuthSubject(String str, String str2, String str3) {
        return createSubjectFromWSCredential((str == null || str.length() == 0) ? new WSCredentialImpl(ContextManagerFactory.getInstance().getDefaultRealm(), str2, str3) : new WSCredentialImpl(str, str2, str3));
    }

    public static Subject createUnauthenticatedSubject() {
        if (unauthenticatedSubject == null) {
            unauthenticatedSubject = createSubjectFromWSCredential(new WSCredentialImpl("", ContextManagerFactory.getInstance().getUnauthenticatedString(), ""));
        }
        return unauthenticatedSubject;
    }

    public static Subject createNewSubjectFromExisting(Subject subject) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createNewSubjectFromExisting");
        }
        if (subject == null) {
            return null;
        }
        Subject subject2 = new Subject();
        try {
            Set publicCredentials = subject.getPublicCredentials();
            Set privateCredentials = subject.getPrivateCredentials();
            Set principals = subject.getPrincipals();
            if (publicCredentials.size() > 0) {
                Iterator it = publicCredentials.iterator();
                while (it.hasNext()) {
                    subject2.getPublicCredentials().add(it.next());
                }
            }
            if (privateCredentials.size() > 0) {
                Iterator it2 = privateCredentials.iterator();
                while (it2.hasNext()) {
                    subject2.getPrivateCredentials().add(it2.next());
                }
            }
            if (principals.size() > 0) {
                Iterator it3 = principals.iterator();
                while (it3.hasNext()) {
                    subject2.getPrincipals().add((Principal) it3.next());
                }
            }
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.token.WSSecurityPropagationHelper.createNewSubjectFromExisting", "547");
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Error copying existing Subject.", new Object[]{e});
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createNewSubjectFromExisting");
        }
        return subject2;
    }

    /* JADX WARN: Removed duplicated region for block: B:125:0x024a A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:184:0x0522  */
    /* JADX WARN: Removed duplicated region for block: B:187:0x0543  */
    /* JADX WARN: Removed duplicated region for block: B:189:? A[RETURN, SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:71:0x04f2 A[Catch: Exception -> 0x0518, TryCatch #5 {Exception -> 0x0518, blocks: (B:13:0x0028, B:17:0x0035, B:19:0x0062, B:162:0x007c, B:163:0x00bd, B:165:0x00c6, B:25:0x00d7, B:26:0x0119, B:28:0x0142, B:30:0x0148, B:32:0x015b, B:33:0x0175, B:35:0x017e, B:36:0x0198, B:40:0x01a6, B:43:0x01b0, B:47:0x01cb, B:49:0x01e0, B:50:0x0241, B:126:0x024a, B:127:0x028c, B:128:0x02a0, B:132:0x02ad, B:134:0x02b5, B:137:0x02c6, B:54:0x02d4, B:57:0x031e, B:59:0x0324, B:61:0x0337, B:62:0x0351, B:64:0x035a, B:65:0x0373, B:105:0x037c, B:67:0x040b, B:87:0x0414, B:88:0x0456, B:89:0x046a, B:93:0x0477, B:95:0x047f, B:98:0x0490, B:77:0x04a0, B:78:0x04de, B:80:0x04e7, B:71:0x04f2, B:73:0x04fb, B:83:0x04b5, B:85:0x04ca, B:101:0x042d, B:103:0x0442, B:109:0x0396, B:111:0x03ab, B:113:0x03c5, B:117:0x03df, B:119:0x03f4, B:122:0x02ed, B:124:0x0302, B:140:0x0263, B:142:0x0278, B:144:0x01fa, B:148:0x0215, B:150:0x022a, B:153:0x00f0, B:155:0x0105, B:156:0x0505, B:158:0x050e, B:170:0x0094, B:172:0x00a9, B:173:0x003e, B:175:0x0047, B:176:0x004f, B:178:0x0058), top: B:12:0x0028, inners: #0, #1, #2, #3, #4, #6, #7, #8, #9, #10 }] */
    /* JADX WARN: Removed duplicated region for block: B:76:0x04a0 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:86:0x0414 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static com.ibm.wsspi.security.token.PropagationToken updatePropagationTokenWithSubjectChange(javax.security.auth.Subject r7) {
        /*
            Method dump skipped, instructions count: 1357
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ws.security.auth.SubjectHelper.updatePropagationTokenWithSubjectChange(javax.security.auth.Subject):com.ibm.wsspi.security.token.PropagationToken");
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$com$ibm$ws$security$auth$SubjectHelper == null) {
            cls = class$("com.ibm.ws.security.auth.SubjectHelper");
            class$com$ibm$ws$security$auth$SubjectHelper = cls;
        } else {
            cls = class$com$ibm$ws$security$auth$SubjectHelper;
        }
        tc = Tr.register(cls, (String) null, "com.ibm.ejs.resources.security");
    }
}
