package com.ibm.ws.security.auth.j2c;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.csi.EJBComponentMetaData;
import com.ibm.websphere.security.WSSecurityException;
import com.ibm.websphere.security.auth.CredentialDestroyedException;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.security.auth.PlatformCredential;
import com.ibm.ws.security.auth.SubjectHelper;
import com.ibm.ws.security.auth.zOSContextManagerImpl;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.security.core.ContextManagerPlatformInterface;
import com.ibm.ws.security.core.SecurityConfig;
import com.ibm.ws.security.zOS.PlatformCredentialManager;
import com.ibm.ws.threadContext.ComponentMetaDataAccessorImpl;
import com.ibm.ws.webcontainer.metadata.WebComponentMetaData;
import com.ibm.ws.webcontainer.metadata.WebModuleMetaDataImpl;
import com.ibm.xslt4j.bcel.Constants;
import java.rmi.RemoteException;
import java.util.Iterator;
import javax.security.auth.Subject;
import javax.security.auth.login.CredentialExpiredException;

/* loaded from: input_file:lib/securityimpl.jar:com/ibm/ws/security/auth/j2c/WSLocalzOSExtensionImpl.class */
public final class WSLocalzOSExtensionImpl implements WSLoginLocalOSExtension {
    private static final TraceComponent tc;
    private ContextManagerPlatformInterface _contextManager;
    private boolean _isSyncEnabled;
    private boolean _isAppSyncEnabled;
    private boolean _serverSecurityEnabled;
    private ComponentMetaDataAccessorImpl _cmda = null;
    static Class class$com$ibm$ws$security$auth$j2c$WSLocalzOSExtensionImpl;
    static Class class$com$ibm$ws$security$auth$PlatformCredential;
    static Class class$com$ibm$websphere$security$cred$WSCredential;

    public WSLocalzOSExtensionImpl() {
        this._contextManager = null;
        this._isSyncEnabled = false;
        this._isAppSyncEnabled = false;
        this._serverSecurityEnabled = false;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, Constants.CONSTRUCTOR_NAME);
        }
        this._contextManager = (ContextManagerPlatformInterface) ContextManagerFactory.getInstance();
        this._isSyncEnabled = ((zOSContextManagerImpl) this._contextManager).isSynctoThreadEnabled();
        this._isAppSyncEnabled = ((zOSContextManagerImpl) this._contextManager).isApplicationSyncToOSThreadEnabled();
        this._serverSecurityEnabled = this._contextManager.isServerSecurityEnabled();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, Constants.CONSTRUCTOR_NAME, this);
        }
    }

    @Override // com.ibm.ws.security.auth.j2c.WSLoginLocalOSExtension
    public Subject getLocalOSInvocationSubject() throws IllegalStateException {
        Subject extractJ2CSubject;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getLocalOSInvocationSubject");
        }
        Subject subject = null;
        if (this._serverSecurityEnabled) {
            try {
                subject = this._contextManager.getInvocationSubject();
                if (subject == null) {
                    subject = this._contextManager.getCallerSubject();
                }
            } catch (WSSecurityException e) {
                if (tc.isEventEnabled()) {
                    Tr.event(tc, "Exception acquring invocation subject", e);
                }
                IllegalStateException illegalStateException = new IllegalStateException(e.getMessage());
                illegalStateException.initCause(e);
                throw illegalStateException;
            }
        }
        if (subject == null) {
            extractJ2CSubject = getLocalOSOwnSubject();
        } else {
            try {
                extractJ2CSubject = extractJ2CSubject(subject);
            } catch (Exception e2) {
                IllegalStateException illegalStateException2 = new IllegalStateException("Failure using input subject");
                illegalStateException2.initCause(e2);
                Tr.event(tc, "Failure using input subject", illegalStateException2);
                throw illegalStateException2;
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getLocalOSInvocationSubject", extractJ2CSubject);
        }
        return extractJ2CSubject;
    }

    private Subject extractJ2CSubject(Subject subject) throws CredentialDestroyedException, CredentialExpiredException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "extractJ2CSubject", subject);
        }
        Subject subject2 = null;
        if (subject != null) {
            WSCredential wSCredentialFromSubject = SubjectHelper.getWSCredentialFromSubject(subject);
            if (wSCredentialFromSubject == null) {
                throw new IllegalArgumentException("Subject did not contain a WSCredential");
            }
            PlatformCredential platformCredential = (PlatformCredential) wSCredentialFromSubject.get(SecurityConfig.PLATFORM_CREDENTIAL);
            if (platformCredential == null) {
                platformCredential = PlatformCredentialManager.instance().createDefaultCredential();
            }
            try {
                subject2 = platformCredential.getJ2CSubject();
            } catch (RemoteException e) {
                throw new CredentialDestroyedException();
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "extractJ2CSubject", subject2);
        }
        return subject2;
    }

    @Override // com.ibm.ws.security.auth.j2c.WSLoginLocalOSExtension
    public synchronized Subject getLocalOSOwnSubject() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getLocalOSOwnSubject");
        }
        Subject localOSServerSubject = this._contextManager.getLocalOSServerSubject();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getLocalOSOwnSubject", localOSServerSubject);
        }
        return localOSServerSubject;
    }

    @Override // com.ibm.ws.security.auth.j2c.WSLoginLocalOSExtension
    public Object setLocalOSThreadID(Subject subject) throws IllegalStateException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setLocalOSThreadID", subject);
        }
        Object localOSThreadID = setLocalOSThreadID(subject, this._isSyncEnabled || this._isAppSyncEnabled);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setLocalOSThreadID", localOSThreadID);
        }
        return localOSThreadID;
    }

    @Override // com.ibm.ws.security.auth.j2c.WSLoginLocalOSExtension
    public Object setAppLocalOSThreadID(Subject subject) throws IllegalStateException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setAppLocalOSThreadID", subject);
        }
        Object localOSThreadID = setLocalOSThreadID(subject, this._isAppSyncEnabled);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setAppLocalOSThreadID", localOSThreadID);
        }
        return localOSThreadID;
    }

    private Object setLocalOSThreadID(Subject subject, boolean z) throws IllegalStateException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setlocalOSThreadID", new Object[]{subject, new Boolean(z)});
        }
        if (subject == null) {
            throw new IllegalArgumentException("Subject is null");
        }
        PlatformCredential platformCredential = (PlatformCredential) ((zOSContextManagerImpl) this._contextManager).getThreadCredential();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "currentCred", platformCredential);
        }
        if (platformCredential == null) {
            throw new IllegalStateException("Current thread PlatformCredential is null");
        }
        if (z) {
            PlatformCredential platformCredentialFromSubject = getPlatformCredentialFromSubject(subject);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "targetCred", platformCredentialFromSubject);
            }
            if (platformCredentialFromSubject != null && !platformCredentialFromSubject.equals(platformCredential)) {
                try {
                    PlatformCredentialManager.instance().setOSThreadSecurityEnvironment(platformCredentialFromSubject);
                    ((zOSContextManagerImpl) this._contextManager).setThreadCredential(platformCredentialFromSubject);
                } catch (Exception e) {
                    Tr.event(tc, "Unexpected exception from setOSThreadSecurityEnvironment", e);
                    throw new IllegalStateException("Unexpected exception from setOSThreadSecurityEnvironment");
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setLocalOSThreadID", platformCredential);
        }
        return platformCredential;
    }

    @Override // com.ibm.ws.security.auth.j2c.WSLoginLocalOSExtension
    public void restoreLocalOSThreadID(Object obj) throws IllegalStateException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "restoreLocalOSThreadID", obj);
        }
        restoreLocalOSThreadID(obj, this._isSyncEnabled);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "restoreLocalOSThreadID");
        }
    }

    @Override // com.ibm.ws.security.auth.j2c.WSLoginLocalOSExtension
    public void restoreAppLocalOSThreadID(Object obj) throws IllegalStateException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "restoreAppLocalOSThreadID", obj);
        }
        restoreLocalOSThreadID(obj, this._isAppSyncEnabled);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "restoreAppLocalOSThreadID");
        }
    }

    @Override // com.ibm.ws.security.auth.j2c.WSLoginLocalOSExtension
    public void restoreLocalOSThreadID(Object obj, boolean z) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "restoreLocalOSThreadID", new Object[]{obj, new Boolean(z)});
        }
        if (z) {
            if (obj == null) {
                throw new NullPointerException("null credential is not valid");
            }
            if (!(obj instanceof PlatformCredential)) {
                throw new IllegalArgumentException("Credential is not a PlatformCredential");
            }
            PlatformCredential platformCredential = (PlatformCredential) obj;
            PlatformCredential platformCredential2 = (PlatformCredential) ((zOSContextManagerImpl) this._contextManager).getThreadCredential();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "currentCred", platformCredential2);
            }
            if (platformCredential2 == null) {
                throw new IllegalStateException("Current thread PlatformCredential is null");
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "targetCred", platformCredential);
            }
            if (!platformCredential.equals(platformCredential2)) {
                try {
                    PlatformCredentialManager.instance().setOSThreadSecurityEnvironment(platformCredential);
                    ((zOSContextManagerImpl) this._contextManager).setThreadCredential(platformCredential);
                } catch (Exception e) {
                    Tr.event(tc, "Unexpected exception from setOSThreadSecurityEnvironment", e);
                    throw new IllegalStateException("Unexpected exception from setOSThreadSecurityEnvironment");
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "restoreLocalOSThreadID");
        }
    }

    private PlatformCredential getPlatformCredentialFromSubject(Subject subject) {
        Class cls;
        Class cls2;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getPlatformCredentialFromSubject", subject);
        }
        PlatformCredential platformCredential = null;
        if (class$com$ibm$ws$security$auth$PlatformCredential == null) {
            cls = class$("com.ibm.ws.security.auth.PlatformCredential");
            class$com$ibm$ws$security$auth$PlatformCredential = cls;
        } else {
            cls = class$com$ibm$ws$security$auth$PlatformCredential;
        }
        Iterator it = subject.getPrivateCredentials(cls).iterator();
        if (it.hasNext()) {
            platformCredential = (PlatformCredential) it.next();
        }
        if (platformCredential == null) {
            WSCredential wSCredential = null;
            if (class$com$ibm$websphere$security$cred$WSCredential == null) {
                cls2 = class$("com.ibm.websphere.security.cred.WSCredential");
                class$com$ibm$websphere$security$cred$WSCredential = cls2;
            } else {
                cls2 = class$com$ibm$websphere$security$cred$WSCredential;
            }
            Iterator it2 = subject.getPublicCredentials(cls2).iterator();
            if (it2.hasNext()) {
                wSCredential = (WSCredential) it2.next();
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, com.ibm.wsspi.security.auth.callback.Constants.WSCREDENTIAL_KEY, wSCredential);
            }
            if (wSCredential != null) {
                try {
                    platformCredential = (PlatformCredential) wSCredential.get(SecurityConfig.PLATFORM_CREDENTIAL);
                } catch (Exception e) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Unexpected exception acquiring platform cred", e);
                    }
                }
            }
        }
        if (platformCredential == null) {
            platformCredential = PlatformCredentialManager.instance().createDefaultCredential();
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getPlatformCredentialFromSubject", platformCredential);
        }
        return platformCredential;
    }

    @Override // com.ibm.ws.security.auth.j2c.WSLoginLocalOSExtension
    public boolean isSyncToThreadEnabled() {
        return this._isSyncEnabled;
    }

    @Override // com.ibm.ws.security.auth.j2c.WSLoginLocalOSExtension
    public boolean isApplicationSyncToOSThreadEnabled() {
        return this._isAppSyncEnabled;
    }

    @Override // com.ibm.ws.security.auth.j2c.WSLoginLocalOSExtension
    public boolean isThreadLocalApplicationSyncEnabled() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isThreadLocalApplicationSyncEnabled");
        }
        boolean isThreadLocalApplicationSyncEnabled = this._contextManager.isThreadLocalApplicationSyncEnabled();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isThreadLocalApplicationSyncEnabled", new Boolean(isThreadLocalApplicationSyncEnabled));
        }
        return isThreadLocalApplicationSyncEnabled;
    }

    @Override // com.ibm.ws.security.auth.j2c.WSLoginLocalOSExtension
    public void setThreadLocalApplicationSyncEnabled(boolean z) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setThreadLocalApplicationSyncEnabled", new Boolean(z));
        }
        this._contextManager.setThreadLocalApplicationSyncEnabled(z);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setThreadLocalApplicationSyncEnabled");
        }
    }

    @Override // com.ibm.ws.security.auth.j2c.WSLoginLocalOSExtension
    public boolean getAppSyncEnabledFromComponentMetaData() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getAppSyncEnabledFromComponentMetaData");
        }
        boolean z = false;
        if (this._isAppSyncEnabled) {
            EJBComponentMetaData componentMetaData = getMetaDataAccessor().getComponentMetaData();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "current meta data", componentMetaData);
            }
            if (componentMetaData != null) {
                if (componentMetaData instanceof EJBComponentMetaData) {
                    z = componentMetaData.isApplicationSyncToOSThreadEnabled();
                } else if (componentMetaData instanceof WebComponentMetaData) {
                    z = ((WebModuleMetaDataImpl) ((WebComponentMetaData) componentMetaData).getModuleMetaData()).getWebAppConfig().isSyncToThreadEnabled();
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getAppSyncEnabledFromComponentMetaData", new Boolean(z));
        }
        return z;
    }

    private ComponentMetaDataAccessorImpl getMetaDataAccessor() {
        if (this._cmda == null) {
            this._cmda = ComponentMetaDataAccessorImpl.getComponentMetaDataAccessor();
        }
        return this._cmda;
    }

    public String toString() {
        return new StringBuffer().append(super.toString()).append(";_syncEnabled=").append(this._isSyncEnabled).append(",_appSyncEnabled=").append(this._isAppSyncEnabled).toString();
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$com$ibm$ws$security$auth$j2c$WSLocalzOSExtensionImpl == null) {
            cls = class$("com.ibm.ws.security.auth.j2c.WSLocalzOSExtensionImpl");
            class$com$ibm$ws$security$auth$j2c$WSLocalzOSExtensionImpl = cls;
        } else {
            cls = class$com$ibm$ws$security$auth$j2c$WSLocalzOSExtensionImpl;
        }
        tc = Tr.register(cls, "Security", (String) null);
    }
}
