package com.ibm.ws.security.server.lm;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.management.AdminConstants;
import com.ibm.websphere.security.UserRegistry;
import com.ibm.websphere.security.WebSphereRuntimePermission;
import com.ibm.websphere.security.auth.WSLoginFailedException;
import com.ibm.websphere.security.auth.WSPrincipal;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.common.util.CommonConstants;
import com.ibm.ws.security.core.ContextManager;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.security.core.SecurityConfig;
import com.ibm.ws.security.ltpa.LTPAServerObject;
import com.ibm.ws.security.server.LTPAConfigException;
import com.ibm.ws.security.token.WSCredentialTokenMapper;
import com.ibm.ws.security.token.WSCredentialTokenMapperInterface;
import com.ibm.ws.security.util.AccessController;
import com.ibm.ws.security.web.WebAttributes;
import com.ibm.ws.security.web.WebAuthenticator;
import com.ibm.ws.util.PlatformHelperFactory;
import com.ibm.wsspi.security.auth.callback.Constants;
import com.ibm.wsspi.security.token.AttributeNameConstants;
import com.ibm.wsspi.security.token.AuthenticationToken;
import com.ibm.wsspi.security.token.AuthorizationToken;
import com.ibm.wsspi.security.token.KerberosToken;
import com.ibm.wsspi.security.token.PropagationToken;
import com.ibm.wsspi.security.token.SingleSignonToken;
import com.ibm.wsspi.security.token.WSSecurityPropagationHelper;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Hashtable;
import java.util.Map;
import java.util.Properties;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:com.ibm.ws.admin.client_6.1.0.jar:com/ibm/ws/security/server/lm/wsMapDefaultInboundLoginModule.class */
public class wsMapDefaultInboundLoginModule implements LoginModule {
    private Subject subject;
    private CallbackHandler callbackHandler;
    private Map sharedState;
    private Map options;
    private WSPrincipal principal;
    private WSCredential credential;
    private ContextManager contextManager;
    private UserRegistry registry;
    private LTPAServerObject ltpaServer;
    private static final WebSphereRuntimePermission MAP_CREDENTIAL = new WebSphereRuntimePermission("mapCredential");
    private static final TraceComponent tc;
    static Class class$com$ibm$wsspi$security$auth$WSSubjectWrapper;
    static Class class$com$ibm$ws$security$server$lm$wsMapDefaultInboundLoginModule;
    private boolean succeeded = false;
    private boolean commitSucceeded = false;
    private boolean ssoEnabled = false;
    private AuthenticationToken authToken = null;
    private AuthorizationToken authzToken = null;
    private KerberosToken kerberosToken = null;
    private SingleSignonToken ssoToken = null;
    private ArrayList customPublicObjects = new ArrayList();
    private ArrayList customPrivateObjects = new ArrayList();
    private ArrayList customPrincipalObjects = new ArrayList();
    private PropagationToken propagationToken = null;
    private Hashtable credHashTable = null;
    private HttpServletRequest req = null;
    private HttpServletResponse res = null;
    protected boolean debug = false;
    protected boolean cookie = false;
    private WSCredentialTokenMapperInterface wsCredMapper = null;
    private boolean foundWSSubjectWrapper = false;

    public wsMapDefaultInboundLoginModule() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "wsMapDefaultInboundLoginModule()");
            Tr.exit(tc, "wsMapDefaultInboundLoginModule()");
        }
    }

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("initialize(subject = \"").append(subject.toString()).append("\", callbackHandler = \"").append(callbackHandler.toString()).append("\", sharedState = \"").append(map.toString()).append("\", options = \"").append(map2.toString()).append("\")").toString());
        }
        this.subject = subject;
        this.callbackHandler = callbackHandler;
        this.sharedState = map;
        this.options = map2;
        try {
            this.ltpaServer = LTPAServerObject.getLTPAServer();
        } catch (LTPAConfigException e) {
            FFDCFilter.processException((Throwable) e, "com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule.initialize", "199", (Object) this);
            if (this.debug || tc.isDebugEnabled()) {
                Tr.debug(tc, "ERROR: Failed to get the LTPA server object.");
            }
        }
        this.contextManager = ContextManagerFactory.getInstance();
        if (this.contextManager != null) {
            this.contextManager.clearRootException();
        }
        this.wsCredMapper = WSCredentialTokenMapper.getInstance();
        this.debug = "true".equalsIgnoreCase((String) this.options.get("debug"));
        if (this.debug || tc.isDebugEnabled()) {
            Tr.debug(tc, "WebInboundLoginModuleImpl initialized");
        }
        this.cookie = "true".equalsIgnoreCase((String) this.options.get("cookie"));
        if (this.debug || tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("WebInboundLoginModule cookie ON: ").append(this.cookie).toString());
        }
        Boolean bool = (Boolean) SecurityConfig.getConfig().getValue("security.ltpa.sso.enabled");
        if (bool != null) {
            this.ssoEnabled = bool.booleanValue();
        } else {
            this.ssoEnabled = false;
        }
        if (this.debug || tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("SSO is enabled for login: ").append(this.ssoEnabled).toString());
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("initialize(subject, callbackHandler, sharedState, options), generateCookie: ").append(this.cookie).toString());
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:839:0x0517, code lost:
    
        if (r11.length() == 0) goto L106;
     */
    /* JADX WARN: Removed duplicated region for block: B:498:0x0e53 A[Catch: WSLoginFailedException -> 0x16fe, Exception -> 0x173e, TryCatch #22 {WSLoginFailedException -> 0x16fe, Exception -> 0x173e, blocks: (B:498:0x0e53, B:500:0x0e5a, B:503:0x0e6f, B:505:0x0e7b, B:507:0x0e97, B:509:0x0eb8, B:511:0x0ee3, B:513:0x0ef4, B:515:0x0efb, B:517:0x0f0d, B:526:0x0f14, B:528:0x0f1b, B:530:0x0f22, B:531:0x0f38, B:533:0x0f3e, B:536:0x0f4a, B:537:0x0f54, B:539:0x0f55, B:541:0x0f5f, B:543:0x0f74, B:545:0x0f7d, B:546:0x0fa5, B:548:0x0fbb, B:550:0x0fdb, B:519:0x104f, B:521:0x1056, B:552:0x0ffa, B:553:0x1027, B:555:0x102a, B:556:0x104e, B:557:0x0f04, B:523:0x165f, B:559:0x0ec1, B:560:0x106a, B:562:0x1078, B:564:0x1099, B:566:0x10c4, B:568:0x10d5, B:570:0x10dc, B:572:0x1122, B:574:0x1129, B:576:0x113b, B:578:0x1142, B:580:0x1149, B:582:0x1150, B:584:0x1166, B:586:0x116c, B:589:0x1178, B:590:0x1182, B:592:0x1183, B:594:0x118d, B:596:0x11a2, B:598:0x11ab, B:599:0x11cc, B:601:0x11e2, B:603:0x1202, B:605:0x1221, B:606:0x124e, B:608:0x1251, B:609:0x1275, B:610:0x1276, B:612:0x127d, B:615:0x1132, B:616:0x10e5, B:618:0x10a2, B:619:0x128c, B:621:0x129a, B:623:0x12a1, B:625:0x12b4, B:630:0x12bd, B:633:0x12cb, B:635:0x12dd, B:637:0x12e6, B:638:0x12fe, B:640:0x130c, B:643:0x1338, B:644:0x1341, B:646:0x134b, B:648:0x1362, B:650:0x136d, B:651:0x137b, B:653:0x1383, B:664:0x13ad, B:666:0x13b4, B:668:0x13df, B:671:0x13bd, B:674:0x13f8, B:675:0x1428, B:662:0x13a2, B:676:0x142c, B:678:0x143a, B:680:0x1441, B:682:0x1453, B:684:0x1474, B:687:0x147d, B:689:0x144a, B:690:0x14a2, B:692:0x14b0, B:694:0x14be, B:696:0x14cc, B:698:0x14da, B:700:0x14e8, B:704:0x14f6, B:706:0x150e, B:708:0x1554, B:710:0x1562, B:712:0x15a8, B:714:0x15b6, B:716:0x15fc, B:718:0x1603, B:722:0x160c, B:723:0x15c4, B:725:0x15cb, B:727:0x15ef, B:728:0x15d4, B:729:0x1570, B:731:0x1577, B:733:0x159b, B:734:0x1580, B:735:0x151c, B:737:0x1523, B:739:0x1547, B:740:0x152c, B:743:0x162f, B:745:0x1641, B:748:0x164a, B:751:0x1665, B:755:0x1697, B:757:0x16a5, B:758:0x16c8, B:759:0x16e0, B:760:0x16b2, B:761:0x0e63, B:762:0x16e1, B:763:0x16fa), top: B:496:0x0e50 }] */
    /* JADX WARN: Removed duplicated region for block: B:762:0x16e1 A[Catch: WSLoginFailedException -> 0x16fe, Exception -> 0x173e, TryCatch #22 {WSLoginFailedException -> 0x16fe, Exception -> 0x173e, blocks: (B:498:0x0e53, B:500:0x0e5a, B:503:0x0e6f, B:505:0x0e7b, B:507:0x0e97, B:509:0x0eb8, B:511:0x0ee3, B:513:0x0ef4, B:515:0x0efb, B:517:0x0f0d, B:526:0x0f14, B:528:0x0f1b, B:530:0x0f22, B:531:0x0f38, B:533:0x0f3e, B:536:0x0f4a, B:537:0x0f54, B:539:0x0f55, B:541:0x0f5f, B:543:0x0f74, B:545:0x0f7d, B:546:0x0fa5, B:548:0x0fbb, B:550:0x0fdb, B:519:0x104f, B:521:0x1056, B:552:0x0ffa, B:553:0x1027, B:555:0x102a, B:556:0x104e, B:557:0x0f04, B:523:0x165f, B:559:0x0ec1, B:560:0x106a, B:562:0x1078, B:564:0x1099, B:566:0x10c4, B:568:0x10d5, B:570:0x10dc, B:572:0x1122, B:574:0x1129, B:576:0x113b, B:578:0x1142, B:580:0x1149, B:582:0x1150, B:584:0x1166, B:586:0x116c, B:589:0x1178, B:590:0x1182, B:592:0x1183, B:594:0x118d, B:596:0x11a2, B:598:0x11ab, B:599:0x11cc, B:601:0x11e2, B:603:0x1202, B:605:0x1221, B:606:0x124e, B:608:0x1251, B:609:0x1275, B:610:0x1276, B:612:0x127d, B:615:0x1132, B:616:0x10e5, B:618:0x10a2, B:619:0x128c, B:621:0x129a, B:623:0x12a1, B:625:0x12b4, B:630:0x12bd, B:633:0x12cb, B:635:0x12dd, B:637:0x12e6, B:638:0x12fe, B:640:0x130c, B:643:0x1338, B:644:0x1341, B:646:0x134b, B:648:0x1362, B:650:0x136d, B:651:0x137b, B:653:0x1383, B:664:0x13ad, B:666:0x13b4, B:668:0x13df, B:671:0x13bd, B:674:0x13f8, B:675:0x1428, B:662:0x13a2, B:676:0x142c, B:678:0x143a, B:680:0x1441, B:682:0x1453, B:684:0x1474, B:687:0x147d, B:689:0x144a, B:690:0x14a2, B:692:0x14b0, B:694:0x14be, B:696:0x14cc, B:698:0x14da, B:700:0x14e8, B:704:0x14f6, B:706:0x150e, B:708:0x1554, B:710:0x1562, B:712:0x15a8, B:714:0x15b6, B:716:0x15fc, B:718:0x1603, B:722:0x160c, B:723:0x15c4, B:725:0x15cb, B:727:0x15ef, B:728:0x15d4, B:729:0x1570, B:731:0x1577, B:733:0x159b, B:734:0x1580, B:735:0x151c, B:737:0x1523, B:739:0x1547, B:740:0x152c, B:743:0x162f, B:745:0x1641, B:748:0x164a, B:751:0x1665, B:755:0x1697, B:757:0x16a5, B:758:0x16c8, B:759:0x16e0, B:760:0x16b2, B:761:0x0e63, B:762:0x16e1, B:763:0x16fa), top: B:496:0x0e50 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public boolean login() throws javax.security.auth.login.LoginException {
        /*
            Method dump skipped, instructions count: 7090
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule.login():boolean");
    }

    public boolean commit() throws LoginException {
        boolean z;
        if (this.debug || tc.isEntryEnabled()) {
            Tr.entry(tc, "commit()");
        }
        Hashtable hashtable = (Hashtable) this.sharedState.get(AttributeNameConstants.WSCREDENTIAL_PROPERTIES_KEY);
        if (!isAnyPropagationEnabled() && hashtable == null) {
            if (this.debug || tc.isEntryEnabled()) {
                Tr.exit(tc, "commit() disabled");
            }
            if (!this.commitSucceeded) {
                Tr.debug(tc, new StringBuffer().append("Shared state contains: ").append(this.sharedState.keySet()).toString());
                setCookieIfEnabled();
            } else if (this.debug || tc.isDebugEnabled()) {
                Tr.debug(tc, "It has been committed prior this call, nothing is done.");
            }
            this.commitSucceeded = true;
            return this.commitSucceeded;
        }
        if (this.succeeded) {
            if (!this.commitSucceeded) {
                Tr.debug(tc, new StringBuffer().append("shared state contains: ").append(this.sharedState.keySet()).toString());
                try {
                    if (this.debug || tc.isDebugEnabled()) {
                        Tr.debug(tc, "Start committing the changes to the Subject ...");
                    }
                    try {
                        AccessController.doPrivileged(new PrivilegedExceptionAction(this) { // from class: com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule.8
                            private final wsMapDefaultInboundLoginModule this$0;

                            {
                                this.this$0 = this;
                            }

                            @Override // java.security.PrivilegedExceptionAction
                            public Object run() throws WSLoginFailedException {
                                String createSubjectUniqueID;
                                AuthorizationToken authorizationToken = (AuthorizationToken) this.this$0.sharedState.get(Constants.WSAUTHZTOKEN_KEY);
                                if (authorizationToken != null) {
                                    this.this$0.authzToken = authorizationToken;
                                }
                                if (this.this$0.authToken == null && (this.this$0.debug || wsMapDefaultInboundLoginModule.tc.isDebugEnabled())) {
                                    Tr.debug(wsMapDefaultInboundLoginModule.tc, "wsMapDefaultInboundLoginModule: authenticationToken is null in commit (phase 2) stage");
                                }
                                if (this.this$0.authzToken == null) {
                                    if (this.this$0.debug || wsMapDefaultInboundLoginModule.tc.isDebugEnabled()) {
                                        Tr.debug(wsMapDefaultInboundLoginModule.tc, "wsMapDefaultInboundLoginModule: authorizationToken is null in commit (phase 2) stage");
                                    }
                                    throw new WSLoginFailedException("wsMapDefaultInboundLoginModule: authorizationToken is null in commit (phase 2) stage");
                                }
                                KerberosToken kerberosToken = (KerberosToken) this.this$0.sharedState.get(Constants.WSKERBEROSTOKEN_KEY);
                                if (kerberosToken != null) {
                                    if (this.this$0.debug || wsMapDefaultInboundLoginModule.tc.isDebugEnabled()) {
                                        Tr.debug(wsMapDefaultInboundLoginModule.tc, "wsMapDefaultInboundLoginModule: found KerberosToken in sharedState");
                                    }
                                    this.this$0.kerberosToken = kerberosToken;
                                }
                                if (this.this$0.ssoEnabled) {
                                    SingleSignonToken singleSignonToken = (SingleSignonToken) this.this$0.sharedState.get(Constants.WSSSOTOKEN_KEY);
                                    if (singleSignonToken != null) {
                                        this.this$0.ssoToken = singleSignonToken;
                                    }
                                    if (this.this$0.ssoToken != null && !this.this$0.subject.getPrivateCredentials().contains(this.this$0.ssoToken)) {
                                        this.this$0.subject.getPrivateCredentials().add(this.this$0.ssoToken);
                                    }
                                }
                                if (this.this$0.authToken != null && !this.this$0.subject.getPrivateCredentials().contains(this.this$0.authToken)) {
                                    this.this$0.subject.getPrivateCredentials().add(this.this$0.authToken);
                                }
                                if (this.this$0.authzToken != null && !this.this$0.subject.getPrivateCredentials().contains(this.this$0.authzToken)) {
                                    this.this$0.subject.getPrivateCredentials().add(this.this$0.authzToken);
                                }
                                if (this.this$0.kerberosToken != null && !this.this$0.subject.getPrivateCredentials().contains(this.this$0.kerberosToken)) {
                                    if (this.this$0.debug || wsMapDefaultInboundLoginModule.tc.isDebugEnabled()) {
                                        Tr.debug(wsMapDefaultInboundLoginModule.tc, "wsMapDefaultInboundLoginModule: KerberosToken is added in commit (phase 2) stage");
                                    }
                                    this.this$0.subject.getPrivateCredentials().add(this.this$0.kerberosToken);
                                } else if ((this.this$0.debug || wsMapDefaultInboundLoginModule.tc.isDebugEnabled()) && this.this$0.kerberosToken == null) {
                                    Tr.debug(wsMapDefaultInboundLoginModule.tc, "wsMapDefaultInboundLoginModule: KerberosToken is null in commit (phase 2) stage");
                                }
                                if ((this.this$0.authzToken != null || this.this$0.kerberosToken != null) && this.this$0.authzToken.getAttributes(AttributeNameConstants.WSTOKEN_UNIQUEID) == null && (createSubjectUniqueID = this.this$0.wsCredMapper.createSubjectUniqueID(this.this$0.subject)) != null) {
                                    if (this.this$0.authzToken != null) {
                                        this.this$0.authzToken.addAttribute(AttributeNameConstants.WSTOKEN_UNIQUEID, createSubjectUniqueID);
                                    }
                                    if (this.this$0.ssoEnabled && this.this$0.ssoToken != null && this.this$0.ssoToken.getAttributes(AttributeNameConstants.WSTOKEN_UNIQUEID) == null) {
                                        this.this$0.ssoToken.addAttribute(AttributeNameConstants.WSTOKEN_UNIQUEID, createSubjectUniqueID);
                                    }
                                }
                                if (this.this$0.authToken != null) {
                                    this.this$0.authToken.setReadOnly();
                                }
                                if (this.this$0.authzToken != null) {
                                    this.this$0.authzToken.setReadOnly();
                                }
                                if (this.this$0.ssoEnabled && this.this$0.ssoToken != null) {
                                    this.this$0.ssoToken.setReadOnly();
                                }
                                if (this.this$0.kerberosToken == null) {
                                    return null;
                                }
                                this.this$0.kerberosToken.setReadOnly();
                                return null;
                            }
                        });
                        setCookieIfEnabled();
                        if (this.debug || tc.isDebugEnabled()) {
                            Tr.debug(tc, "Change committed!");
                        }
                        this.commitSucceeded = true;
                    } catch (PrivilegedActionException e) {
                        WSLoginFailedException wSLoginFailedException = e.getException() instanceof WSLoginFailedException ? (WSLoginFailedException) e.getException() : new WSLoginFailedException(e.getException().getMessage(), e.getException());
                        FFDCFilter.processException(wSLoginFailedException, "com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule.commit", "1657", this);
                        this.contextManager.setRootException(wSLoginFailedException);
                        throw wSLoginFailedException;
                    }
                } catch (Exception e2) {
                    FFDCFilter.processException(e2, "com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule.commit", "1667", this);
                    Tr.error(tc, "security.jaas.LoginModuleCommitError", new Object[]{getClass().getName(), e2.toString()});
                    cleanup();
                    this.commitSucceeded = false;
                }
            } else if (this.debug || tc.isDebugEnabled()) {
                Tr.debug(tc, "It has been committed prior this call, nothing is done.");
            }
            z = this.commitSucceeded;
        } else {
            if (this.debug || tc.isDebugEnabled()) {
                Tr.debug(tc, "Do not commit because of authentication failed.");
            }
            z = false;
        }
        cleanupSharedState();
        if (this.debug || tc.isEntryEnabled()) {
            Tr.exit(tc, "commit()");
        }
        return z;
    }

    public boolean abort() throws LoginException {
        if (this.debug || tc.isEntryEnabled()) {
            Tr.entry(tc, "abort()");
        }
        if (!isAnyPropagationEnabled()) {
            if (!this.debug && !tc.isEntryEnabled()) {
                return true;
            }
            Tr.exit(tc, "abort() disabled");
            return true;
        }
        if (this.debug || tc.isDebugEnabled()) {
            Tr.debug(tc, "Cleanup the Subject, removes WSPrincipal and WSCredential from the Subject, reset all internal variables.");
            Tr.debug(tc, "Start cleanup ...");
        }
        cleanup();
        if (this.debug || tc.isDebugEnabled()) {
            Tr.debug(tc, "Cleanup done.");
        }
        if (!this.debug && !tc.isEntryEnabled()) {
            return true;
        }
        Tr.exit(tc, "abort()");
        return true;
    }

    public boolean logout() throws LoginException {
        if (this.debug || tc.isEntryEnabled()) {
            Tr.entry(tc, "logout()");
        }
        if (!isAnyPropagationEnabled()) {
            if (!this.debug && !tc.isEntryEnabled()) {
                return true;
            }
            Tr.exit(tc, "logout() disabled");
            return true;
        }
        if (this.debug || tc.isDebugEnabled()) {
            Tr.debug(tc, "Cleanup the Subject, removes WSPrincipal and WSCredential from the Subject, reset all internal variables.");
            Tr.debug(tc, "Start cleanup ...");
        }
        cleanup();
        if (this.debug || tc.isDebugEnabled()) {
            Tr.debug(tc, "Cleanup done.");
        }
        if (!this.debug && !tc.isEntryEnabled()) {
            return true;
        }
        Tr.exit(tc, "logout()");
        return true;
    }

    private void cleanup() {
        if (this.debug || tc.isEntryEnabled()) {
            Tr.entry(tc, "cleanup()");
        }
        Hashtable hashtable = (Hashtable) this.sharedState.get(AttributeNameConstants.WSCREDENTIAL_PROPERTIES_KEY);
        if (!isAnyPropagationEnabled() && hashtable == null) {
            if (this.debug || tc.isEntryEnabled()) {
                Tr.exit(tc, "cleanup() disabled");
                return;
            }
            return;
        }
        this.succeeded = false;
        this.commitSucceeded = false;
        if (this.debug || tc.isDebugEnabled()) {
            Tr.debug(tc, "Start removing AuthorizationToken and AuthenticationToken from the Subject.");
            Tr.debug(tc, "Start removing ...");
        }
        Object[] array = this.customPublicObjects.toArray();
        Object[] array2 = this.customPrivateObjects.toArray();
        Object[] array3 = this.customPrincipalObjects.toArray();
        AccessController.doPrivileged(new PrivilegedAction(this, this.authToken, this.authzToken, array, array2, array3) { // from class: com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule.9
            private final AuthenticationToken val$authTokenPriv;
            private final AuthorizationToken val$authzTokenPriv;
            private final Object[] val$customPublicObjectsPriv;
            private final Object[] val$customPrivateObjectsPriv;
            private final Object[] val$customPrincipalObjectsPriv;
            private final wsMapDefaultInboundLoginModule this$0;

            {
                this.this$0 = this;
                this.val$authTokenPriv = r5;
                this.val$authzTokenPriv = r6;
                this.val$customPublicObjectsPriv = array;
                this.val$customPrivateObjectsPriv = array2;
                this.val$customPrincipalObjectsPriv = array3;
            }

            @Override // java.security.PrivilegedAction
            public Object run() {
                try {
                    if (this.val$authTokenPriv != null && this.this$0.subject.getPrivateCredentials().contains(this.val$authTokenPriv)) {
                        this.this$0.subject.getPrivateCredentials().remove(this.val$authTokenPriv);
                    }
                    if (this.val$authzTokenPriv != null && this.this$0.subject.getPrivateCredentials().contains(this.val$authzTokenPriv)) {
                        this.this$0.subject.getPrivateCredentials().remove(this.val$authzTokenPriv);
                    }
                    if (this.val$customPublicObjectsPriv != null) {
                        for (int i = 0; i < this.val$customPublicObjectsPriv.length; i++) {
                            if (this.this$0.subject.getPublicCredentials().contains(this.val$customPublicObjectsPriv[i])) {
                                this.this$0.subject.getPublicCredentials().remove(this.val$customPublicObjectsPriv[i]);
                            }
                        }
                    }
                    if (this.val$customPrivateObjectsPriv != null) {
                        for (int i2 = 0; i2 < this.val$customPrivateObjectsPriv.length; i2++) {
                            if (this.this$0.subject.getPrivateCredentials().contains(this.val$customPrivateObjectsPriv[i2])) {
                                this.this$0.subject.getPrivateCredentials().remove(this.val$customPrivateObjectsPriv[i2]);
                            }
                        }
                    }
                    if (this.val$customPrincipalObjectsPriv != null) {
                        for (int i3 = 0; i3 < this.val$customPrincipalObjectsPriv.length; i3++) {
                            if (this.this$0.subject.getPrincipals().contains(this.val$customPrincipalObjectsPriv[i3])) {
                                this.this$0.subject.getPrincipals().remove(this.val$customPrincipalObjectsPriv[i3]);
                            }
                        }
                    }
                    return null;
                } catch (Exception e) {
                    FFDCFilter.processException(e, "com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule.cleanup", "1861", this);
                    Tr.error(wsMapDefaultInboundLoginModule.tc, "security.jaas.removeCredException", new Object[]{getClass().getName(), e.toString()});
                    return null;
                }
            }
        });
        if (this.debug || tc.isDebugEnabled()) {
            Tr.debug(tc, "Removed.");
        }
        this.authToken = null;
        this.authzToken = null;
        cleanupSharedState();
        if (this.debug || tc.isEntryEnabled()) {
            Tr.exit(tc, "cleanup()");
        }
    }

    private void cleanupSharedState() {
        if (this.debug || tc.isEntryEnabled()) {
            Tr.entry(tc, "cleanupSharedState()");
        }
        Hashtable hashtable = (Hashtable) this.sharedState.get(AttributeNameConstants.WSCREDENTIAL_PROPERTIES_KEY);
        if (!isAnyPropagationEnabled() && hashtable == null) {
            if (this.debug || tc.isEntryEnabled()) {
                Tr.exit(tc, "cleanupSharedState() disabled");
                return;
            }
            return;
        }
        this.succeeded = false;
        this.commitSucceeded = false;
        if (this.debug || tc.isDebugEnabled()) {
            Tr.debug(tc, "Start removing AuthorizationToken, AuthenticationToken, and SingleSignonToken from the shared state.");
        }
        if (hashtable != null) {
            this.sharedState.remove(AttributeNameConstants.WSCREDENTIAL_PROPERTIES_KEY);
        }
        if (((AuthenticationToken) this.sharedState.get(Constants.WSAUTHTOKEN_KEY)) != null) {
            this.sharedState.remove(Constants.WSAUTHTOKEN_KEY);
        }
        if (((SingleSignonToken) this.sharedState.get(Constants.WSSSOTOKEN_KEY)) != null) {
            this.sharedState.remove(Constants.WSSSOTOKEN_KEY);
        }
        if (((AuthorizationToken) this.sharedState.get(Constants.WSAUTHZTOKEN_KEY)) != null) {
            this.sharedState.remove(Constants.WSAUTHZTOKEN_KEY);
        }
        if (this.debug || tc.isDebugEnabled()) {
            Tr.debug(tc, "Removed.");
        }
        this.authToken = null;
        this.authzToken = null;
        if (this.sharedState.size() > 0 && (this.debug || tc.isDebugEnabled())) {
            Tr.debug(tc, new StringBuffer().append("Shared State still contains the following: ").append(this.sharedState).toString());
        }
        if (this.debug || tc.isEntryEnabled()) {
            Tr.exit(tc, "cleanupSharedState()");
        }
    }

    private void setCookieIfEnabled() throws WSLoginFailedException {
        if (this.debug || tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("setCookieIfEnabled(), cookie enabled: ").append(this.cookie).append(" ssoEnabled: ").append(this.ssoEnabled).append(" , httpreq exist: ").append(this.req != null).append(" , httpres exist: ").append(this.res != null).toString());
        }
        Boolean bool = Boolean.FALSE;
        if (this.ssoEnabled && this.cookie && this.res != null && this.req != null) {
            if (this.debug || tc.isDebugEnabled()) {
                Tr.debug(tc, "Generate cookie ...");
            }
            try {
                bool = (Boolean) AccessController.doPrivileged(new PrivilegedExceptionAction(this) { // from class: com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule.10
                    private final wsMapDefaultInboundLoginModule this$0;

                    {
                        this.this$0 = this;
                    }

                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws WSLoginFailedException {
                        boolean z = false;
                        try {
                            ArrayList createCookiesStatic = WebAttributes.createCookiesStatic(this.this$0.req, this.this$0.subject);
                            this.this$0.clearCookie(this.this$0.req, this.this$0.res);
                            if (createCookiesStatic != null) {
                                WebAttributes.addCookiesToResponse(createCookiesStatic, this.this$0.res);
                                z = true;
                            }
                        } catch (Exception e) {
                            FFDCFilter.processException(e, new StringBuffer().append(getClass().getName()).append(".commit").toString(), "1960", this);
                            this.this$0.res.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
                            Tr.error(wsMapDefaultInboundLoginModule.tc, "security.jaas.LoginModuleCommitError", new Object[]{getClass().getName(), e});
                        }
                        return new Boolean(z);
                    }
                });
            } catch (PrivilegedActionException e) {
                FFDCFilter.processException(e.getException(), "com.ibm.ws.security.server.lm.wsSAPInboundLoginModule.commit", "1970", this);
                Tr.error(tc, "security.jaas.LoginModuleCommitError", new Object[]{getClass().getName(), e.getException()});
                this.contextManager.setRootException(e.getException());
                cleanup();
                if (!(e.getException() instanceof WSLoginFailedException)) {
                    throw new WSLoginFailedException(e.getException().getMessage(), e.getException());
                }
                throw ((WSLoginFailedException) e.getException());
            }
        }
        if (this.debug || tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("setCookieIfEnabled(), cookie(s) added: ").append(bool.booleanValue()).toString());
        }
    }

    public SingleSignonToken createSSOTokenAndSetAttributes(WSCredential wSCredential) {
        if (this.debug || tc.isEntryEnabled()) {
            Tr.entry(tc, "createSSOTokenAndSetAttributes()");
        }
        try {
            SingleSignonToken createSSOTokenFromWSCredential = this.wsCredMapper.createSSOTokenFromWSCredential(wSCredential);
            String str = (String) SecurityConfig.getConfig().getValue(SecurityConfig.PROCESS_TYPE);
            if (str != null && (str.equals(AdminConstants.MANAGED_PROCESS) || str.equals(AdminConstants.STANDALONE_PROCESS))) {
                String str2 = (String) SecurityConfig.getConfig().getValue("process.serverName");
                if (str2 != null) {
                    createSSOTokenFromWSCredential.addAttribute("process.serverName", str2);
                } else if (this.debug || tc.isDebugEnabled()) {
                    Tr.debug(tc, "Cannot add serverName to SSO token, config property is null.");
                }
                createSSOTokenFromWSCredential.addAttribute("security.authMechOID", (String) SecurityConfig.getConfig().getValue("security.activeAuthMechanism.OID"));
                Properties properties = (Properties) SecurityConfig.getConfig().getValue("process.jmxConnectorProps");
                if (properties != null) {
                    createSSOTokenFromWSCredential.addAttribute("java.naming.provider.url", (String) properties.get("java.naming.provider.url"));
                    createSSOTokenFromWSCredential.addAttribute("type", (String) properties.get("type"));
                    createSSOTokenFromWSCredential.addAttribute("host", (String) properties.get("host"));
                    createSSOTokenFromWSCredential.addAttribute("port", (String) properties.get("port"));
                } else if (this.debug || tc.isDebugEnabled()) {
                    Tr.debug(tc, "Cannot add connectorProps to SSO token, config property is null.");
                }
                if (this.contextManager.getPlatformHelper().isZOS()) {
                    String servantToken = PlatformHelperFactory.getPlatformHelper().getServantToken();
                    if (servantToken != null) {
                        createSSOTokenFromWSCredential.addAttribute(CommonConstants.ZOS_SERVANT_ID, servantToken);
                        if (this.debug || tc.isDebugEnabled()) {
                            Tr.debug(tc, new StringBuffer().append("servantIdentifier added to common constants: ").append(servantToken).toString());
                        }
                    } else if (this.debug || tc.isDebugEnabled()) {
                        Tr.debug(tc, "Cannot add servantIdentifier to common constants because it is null.");
                    }
                }
                if (wSCredential != null) {
                    try {
                        long expiration = wSCredential.getExpiration();
                        if (expiration > 0) {
                            if (this.debug || tc.isDebugEnabled()) {
                                Tr.debug(tc, new StringBuffer().append("Expiration set to: ").append(Long.toString(expiration)).toString());
                            }
                            createSSOTokenFromWSCredential.addAttribute(AttributeNameConstants.WSTOKEN_EXPIRATION, Long.toString(expiration));
                        }
                    } catch (Exception e) {
                        if (this.debug || tc.isDebugEnabled()) {
                            Tr.debug(tc, "Exception getting expiration.", new Object[]{e.toString()});
                        }
                    }
                }
                if (this.kerberosToken != null) {
                    if (this.debug || tc.isDebugEnabled()) {
                        Tr.debug(tc, "kerberosToken exists, mark SSO token");
                    }
                    createSSOTokenFromWSCredential.addAttribute(CommonConstants.SSO_SPNEGO, "true");
                }
            } else if (this.debug || tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Not adding connector properties to SSO token, process type: ").append(str).toString());
            }
            if (this.debug || tc.isEntryEnabled()) {
                Tr.exit(tc, "createSSOTokenAndSetAttributes()");
            }
            return createSSOTokenFromWSCredential;
        } catch (Exception e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule.createSSOTokenAndSetAttributes", "2076", this);
            Tr.debug(tc, "Exception occurred creating SingleSignonToken.", new Object[]{e2.toString()});
            if (!this.debug && !tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "createSSOTokenAndSetAttributes() -> null");
            return null;
        }
    }

    private boolean isAnyPropagationEnabled() {
        if (WSSecurityPropagationHelper.getInstance().isRMIInboundPropagationEnabled() || WSSecurityPropagationHelper.getInstance().isRMIOutboundPropagationEnabled() || WSSecurityPropagationHelper.getInstance().isWebInboundPropagationEnabled()) {
            if (!this.debug && !tc.isEntryEnabled()) {
                return true;
            }
            Tr.exit(tc, "At least one propagation flag is enabled.");
            return true;
        }
        if (!this.debug && !tc.isEntryEnabled()) {
            return false;
        }
        Tr.exit(tc, "Propagation is disabled.");
        return false;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void clearCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "clearCookie");
        }
        String cookieValue = WebAuthenticator.getCookieValue(httpServletRequest.getCookies(), com.ibm.ws.security.util.Constants.REFERER_URL_COOKIENAME);
        if (cookieValue != null && cookieValue.length() > 0) {
            Cookie cookie = new Cookie(com.ibm.ws.security.util.Constants.REFERER_URL_COOKIENAME, "");
            cookie.setPath("/");
            cookie.setMaxAge(0);
            httpServletResponse.addCookie(cookie);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("cleared REFERER_URL cookie. Original value was ").append(cookieValue).toString());
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "clearCookie");
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$com$ibm$ws$security$server$lm$wsMapDefaultInboundLoginModule == null) {
            cls = class$("com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule");
            class$com$ibm$ws$security$server$lm$wsMapDefaultInboundLoginModule = cls;
        } else {
            cls = class$com$ibm$ws$security$server$lm$wsMapDefaultInboundLoginModule;
        }
        tc = Tr.register(cls, (String) null, "com.ibm.ejs.resources.security");
    }
}
