package com.ibm.ws.security.delegation;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.security.SAFRoleMapper;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.auth.PlatformCredential;
import com.ibm.ws.security.auth.SubjectHelper;
import com.ibm.ws.security.core.ContextManager;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.security.core.SAFRoleMapperFactory;
import com.ibm.ws.security.core.SecurityConfig;
import com.ibm.ws.security.util.AccessController;
import com.ibm.ws.security.zOS.PlatformCredentialManager;
import com.ibm.wsspi.security.token.AttributeNameConstants;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.Hashtable;
import java.util.Map;
import javax.security.auth.Subject;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:lib/securityimpl.jar:com/ibm/ws/security/delegation/SAFMethodDelegation.class */
class SAFMethodDelegation extends MethodDelegation {
    private static final TraceComponent tc;
    private static final ContextManager contextManager;
    private static final SAFRoleMapper _roleMapper;
    static Class class$com$ibm$ws$security$delegation$SAFMethodDelegation;

    @Override // com.ibm.ws.security.delegation.MethodDelegation
    protected Subject getRunAsSpecifiedUserSubject(String str, String str2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getRunAsSpecifiedUserSubject", new Object[]{str, str2});
        }
        PlatformCredential createRoleCredential = PlatformCredentialManager.instance().createRoleCredential(str2, str, _roleMapper.getProfileFromRole(str2, str));
        Subject subject = null;
        String str3 = null;
        if (createRoleCredential != null) {
            try {
                Subject subject2 = new Subject();
                Hashtable hashtable = new Hashtable();
                str3 = createRoleCredential.getUserId();
                hashtable.put(AttributeNameConstants.WSCREDENTIAL_CACHE_KEY, createRoleCredential.getCacheKeyString());
                subject2.getPublicCredentials().add(hashtable);
                subject = contextManager.login(contextManager.getDefaultRealm(), str3, (String) SecurityConfig.getConfig().getValue("com.ibm.ws.security.defaultLoginConfig"), (HttpServletRequest) null, (HttpServletResponse) null, (Map) null, subject2);
                AccessController.doPrivileged(new PrivilegedExceptionAction(this, SubjectHelper.getWSCredentialFromSubject(subject), createRoleCredential) { // from class: com.ibm.ws.security.delegation.SAFMethodDelegation.1
                    private final WSCredential val$invokedCred;
                    private final PlatformCredential val$pc;
                    private final SAFMethodDelegation this$0;

                    {
                        this.this$0 = this;
                        this.val$invokedCred = r5;
                        this.val$pc = createRoleCredential;
                    }

                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws Exception {
                        this.val$invokedCred.set(SecurityConfig.PLATFORM_CREDENTIAL, this.val$pc);
                        return null;
                    }
                });
            } catch (PrivilegedActionException e) {
                FFDCFilter.processException(e.getException(), "com.ibm.ws.security.delegation.SAFMethodDelegation.getRoleCredential", "131", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception setting PlatformCredential", e.getException());
                }
            } catch (Exception e2) {
                FFDCFilter.processException(e2, "com.ibm.ws.security.delegation.SAFMethodDelegation.getRoleCredential", "136", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception during SAF role to user mapping", e2);
                }
                Tr.audit(tc, "security.authn.failed.foruser", new Object[]{str3});
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getRunAsSpecifiedUserSubject", subject);
        }
        return subject;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$com$ibm$ws$security$delegation$SAFMethodDelegation == null) {
            cls = class$("com.ibm.ws.security.delegation.SAFMethodDelegation");
            class$com$ibm$ws$security$delegation$SAFMethodDelegation = cls;
        } else {
            cls = class$com$ibm$ws$security$delegation$SAFMethodDelegation;
        }
        tc = Tr.register(cls, "Security", "com.ibm.ejs.resources.security");
        contextManager = ContextManagerFactory.getInstance();
        _roleMapper = SAFRoleMapperFactory.getSAFRoleMapper();
    }
}
