package com.ibm.ws.security.auth;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ws.runtime.service.ThreadPoolMgr;
import com.ibm.ws.security.auth.j2c.GenericCredentialImpl;
import com.ibm.ws.security.common.auth.WSPrincipalImpl;
import com.ibm.ws.security.common.util.CommonConstants;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.security.web.WebReply;
import com.ibm.ws.security.zOS.PlatformCredentialManager;
import com.ibm.ws.sm.workspace.impl.WorkSpaceConstant;
import com.ibm.ws.util.PlatformHelperFactory;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.Serializable;
import java.security.cert.X509Certificate;
import java.util.Date;
import javax.security.auth.Subject;

/* loaded from: input_file:com.ibm.ws.admin.client_6.1.0.jar:com/ibm/ws/security/auth/PlatformCredential.class */
public final class PlatformCredential implements Serializable {
    public static final CredentialType BASIC = new CredentialType(WebReply.BASIC);
    public static final CredentialType DEFAULT = new CredentialType(ThreadPoolMgr.DEFAULT_THREAD_POOL_NAME);
    public static final CredentialType CERTIFICATE = new CredentialType("Certificate");
    public static final CredentialType ASSERTED = new CredentialType("Asserted");
    public static final CredentialType ROLE = new CredentialType("Role");
    public static final CredentialType SERVER = new CredentialType("Server");
    public static final int STATE_FREED = 1;
    private static final int VERSION_UNSET = 0;
    private static final int VERSION_1 = 1;
    private static final int VERSION_2 = 2;
    private static final int VERSION_3 = 3;
    private static final int MAXIMUM_NAME_LENGTH = 8;
    private static final long serialVersionUID = -4979494157999039784L;
    private static final TraceComponent tc;
    private static final boolean isServant;
    private transient String unauthenticatedUserId;
    private transient Subject j2cSubject;
    private transient boolean authenticated;
    private int version;
    private String userId;
    private String mvsUserId;
    private String auditString;
    private long serializationTime;
    private CredentialType credType;
    private boolean isDefault;
    private X509Certificate[] certChain;
    private String roleProfile;
    static Class class$com$ibm$ws$security$auth$PlatformCredential;

    /* loaded from: input_file:com.ibm.ws.admin.client_6.1.0.jar:com/ibm/ws/security/auth/PlatformCredential$CredentialType.class */
    public static final class CredentialType implements Serializable {
        final String name;

        CredentialType(String str) {
            this.name = str;
        }

        public String toString() {
            return new StringBuffer().append(WorkSpaceConstant.FIELD_SEPERATOR).append(this.name).append("]").toString();
        }

        public int hashCode() {
            return this.name.hashCode();
        }

        public boolean equals(Object obj) {
            if (obj instanceof CredentialType) {
                return this.name.equals(((CredentialType) obj).name);
            }
            return false;
        }
    }

    public PlatformCredential() {
        this.authenticated = false;
        this.version = 3;
        this.userId = null;
        this.mvsUserId = null;
        this.auditString = null;
        this.credType = DEFAULT;
        this.isDefault = false;
        this.certChain = null;
        this.roleProfile = null;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "<init>");
        }
        this.userId = getUnauthenticatedUserId();
        this.auditString = PlatformCredentialManager.DEFAULT_UNAUTHENTICATED_AUDIT_STRING;
        this.credType = DEFAULT;
        this.isDefault = true;
        this.j2cSubject = null;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "<init>", this);
        }
    }

    public PlatformCredential(CredentialType credentialType, String str, String str2) {
        this.authenticated = false;
        this.version = 3;
        this.userId = null;
        this.mvsUserId = null;
        this.auditString = null;
        this.credType = DEFAULT;
        this.isDefault = false;
        this.certChain = null;
        this.roleProfile = null;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "<init>", new Object[]{credentialType, str, str2});
        }
        this.credType = credentialType;
        this.auditString = str2;
        if (credentialType == ROLE) {
            this.roleProfile = str;
        } else {
            this.userId = str != null ? str.toUpperCase().trim() : str;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "<init>", this);
        }
    }

    public PlatformCredential(X509Certificate[] x509CertificateArr, String str) {
        this.authenticated = false;
        this.version = 3;
        this.userId = null;
        this.mvsUserId = null;
        this.auditString = null;
        this.credType = DEFAULT;
        this.isDefault = false;
        this.certChain = null;
        this.roleProfile = null;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "<init>", new Object[]{x509CertificateArr, str});
        }
        this.credType = CERTIFICATE;
        this.certChain = x509CertificateArr;
        this.auditString = str;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "<init>", this);
        }
    }

    public String getUserId() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getUserId");
        }
        String str = this.userId;
        if (str == null) {
            str = getMvsUserId();
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getUserId", str);
        }
        return str;
    }

    public String getMvsUserId() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getMvsUserId");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getMvsUserId", this.mvsUserId);
        }
        return this.mvsUserId;
    }

    public void setMvsUserId(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setMvsUserId", str);
        }
        this.mvsUserId = str != null ? str.toUpperCase().trim() : str;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setMvsUserId");
        }
    }

    public String getUnauthenticatedUserId() {
        if (this.unauthenticatedUserId == null) {
            this.unauthenticatedUserId = ContextManagerFactory.getInstance().getProperty(CommonConstants.SAF_UNAUTHENTICATED_PROPERTY);
            this.unauthenticatedUserId = this.unauthenticatedUserId.toUpperCase().trim();
        }
        return this.unauthenticatedUserId;
    }

    public CredentialType getCredentialType() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getCredentialType");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getCredentialType", this.credType);
        }
        return this.credType;
    }

    public String getAuditString() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getAuditString");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getAuditString", this.auditString);
        }
        return this.auditString;
    }

    public X509Certificate[] getCertificateChain() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getCertificateChain");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getCertificateChain", this.certChain);
        }
        return this.certChain;
    }

    public String getRoleProfile() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getRoleProfileName");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getRoleProfileName", this.roleProfile);
        }
        return this.roleProfile;
    }

    public boolean isAuthenticated() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isAuthenticated");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isAuthenticated", new Boolean(this.authenticated));
        }
        return this.authenticated;
    }

    private void setAuthenticated(boolean z) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setAuthenticated", new Boolean(z));
        }
        this.authenticated = z;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setAuthenticated");
        }
    }

    public boolean isDefault() {
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isDefault");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isDefault", new Boolean(this.isDefault));
        }
        return this.isDefault;
    }

    public Subject getJ2CSubject() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getJ2CSubject");
        }
        Subject createJ2CSubject = this.j2cSubject != null ? this.j2cSubject : createJ2CSubject();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getJ2CSubject", createJ2CSubject);
        }
        return createJ2CSubject;
    }

    private Subject createJ2CSubject() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createJ2CSubject");
        }
        byte[] createUtoken = PlatformCredentialManager.instance().createUtoken(this);
        if (createUtoken == null) {
            throw new IllegalStateException("Could not create credential utoken");
        }
        GenericCredentialImpl genericCredentialImpl = new GenericCredentialImpl(getUserId(), createUtoken, GenericCredentialImpl.secMechUToken);
        Subject subject = new Subject();
        subject.getPrivateCredentials().add(genericCredentialImpl);
        subject.getPrivateCredentials().add(this);
        subject.getPrincipals().add(new WSPrincipalImpl(getMvsUserId()));
        subject.setReadOnly();
        this.j2cSubject = subject;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createJ2CSubject", subject);
        }
        return subject;
    }

    private void writeObject(ObjectOutputStream objectOutputStream) throws IOException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "writeObject", objectOutputStream);
        }
        long currentTimeMillis = System.currentTimeMillis();
        CredentialType credentialType = this.credType;
        if (credentialType == BASIC && this.authenticated) {
            credentialType = ASSERTED;
        }
        ObjectOutputStream.PutField putFields = objectOutputStream.putFields();
        putFields.put("version", this.version);
        putFields.put("userId", this.userId);
        putFields.put("auditString", this.auditString);
        putFields.put("serializationTime", currentTimeMillis);
        putFields.put("isDefault", this.isDefault);
        putFields.put("mvsUserId", this.mvsUserId);
        putFields.put("credType", credentialType);
        putFields.put("certChain", this.certChain);
        putFields.put("roleProfile", this.roleProfile);
        objectOutputStream.writeFields();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "writeObject");
        }
    }

    private void readObject(ObjectInputStream objectInputStream) throws IOException, ClassNotFoundException {
        if (tc.isDebugEnabled()) {
            Tr.entry(tc, "readObject", objectInputStream);
        }
        ObjectInputStream.GetField getField = null;
        try {
            getField = objectInputStream.readFields();
            this.version = getField.get("version", 1);
        } catch (IOException e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Could not determine version", e);
            }
            this.version = 0;
            this.userId = getUnauthenticatedUserId();
            this.isDefault = true;
        }
        switch (this.version) {
            case 0:
            case 1:
                break;
            case 3:
            default:
                this.mvsUserId = (String) getField.get("mvsUserId", (Object) null);
                this.credType = (CredentialType) getField.get("credType", DEFAULT);
                this.certChain = (X509Certificate[]) getField.get("certChain", (Object) null);
                this.roleProfile = (String) getField.get("roleProfile", (Object) null);
                this.credType = getNormalizedCredentialType(this.credType);
            case 2:
                this.userId = (String) getField.get("userId", getUnauthenticatedUserId());
                this.auditString = (String) getField.get("auditString", (Object) null);
                this.isDefault = getField.get("isDefault", true);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Last serialized date", new Date(getField.get("serializationTime", 0L)));
                    break;
                }
                break;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "readObject");
        }
    }

    public String getCacheKeyString() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getCacheKeyString");
        }
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(this.credType).append(": ");
        stringBuffer.append("auditString=").append(this.auditString);
        if (this.credType == ROLE) {
            stringBuffer.append(",roleProfile=").append(this.roleProfile);
            stringBuffer.append(",mvsUserId=").append(this.mvsUserId);
        } else {
            stringBuffer.append(",userId=").append(this.userId);
            stringBuffer.append(",isDefault=").append(this.isDefault);
        }
        if (this.certChain != null && this.certChain[0] != null) {
            stringBuffer.append(",certSerialNumber=").append(this.certChain[0].getSerialNumber());
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getCacheKeyString", stringBuffer);
        }
        return stringBuffer.toString();
    }

    public String toString() {
        return new StringBuffer().append(super.toString()).append(",userId=").append(this.userId).append(",mvsUserId=").append(this.mvsUserId).append(",isDefault=").append(this.isDefault).append(",authenticated=").append(this.authenticated).append(",credType=").append(this.credType).append(",auditString=").append(this.auditString).toString();
    }

    public int hashCode() {
        return new StringBuffer().append(this.credType).append(this.userId).append(this.isDefault).append(this.auditString).toString().hashCode();
    }

    public boolean equals(Object obj) {
        PlatformCredential platformCredential = null;
        if (this == obj) {
            return true;
        }
        if (obj instanceof PlatformCredential) {
            platformCredential = (PlatformCredential) obj;
        }
        if (platformCredential == null) {
            return false;
        }
        return this.version == platformCredential.version && this.isDefault == platformCredential.isDefault && this.credType == platformCredential.credType && (this.credType != BASIC || this.authenticated == platformCredential.authenticated) && ((this.auditString == null && platformCredential.auditString == null) || (this.auditString != null && this.auditString.equals(platformCredential.auditString))) && (this.credType == ROLE || ((this.userId == null && platformCredential.userId == null) || (this.userId != null && this.userId.equals(platformCredential.userId)))) && (this.credType == ROLE || ((this.mvsUserId == null && platformCredential.mvsUserId == null) || (this.mvsUserId != null && this.mvsUserId.equals(platformCredential.mvsUserId)))) && ((this.roleProfile == null && platformCredential.roleProfile == null) || (this.roleProfile != null && this.roleProfile.equals(platformCredential.roleProfile)));
    }

    private CredentialType getNormalizedCredentialType(CredentialType credentialType) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "normalizeCredentialType", credentialType);
        }
        CredentialType credentialType2 = DEFAULT;
        if (BASIC.equals(credentialType)) {
            credentialType2 = BASIC;
        } else if (CERTIFICATE.equals(credentialType)) {
            credentialType2 = CERTIFICATE;
        } else if (ASSERTED.equals(credentialType)) {
            credentialType2 = ASSERTED;
        } else if (ROLE.equals(credentialType)) {
            credentialType2 = ROLE;
        } else if (SERVER.equals(credentialType)) {
            credentialType2 = SERVER;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "normalizeCredentialType", credentialType2);
        }
        return credentialType2;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$com$ibm$ws$security$auth$PlatformCredential == null) {
            cls = class$("com.ibm.ws.security.auth.PlatformCredential");
            class$com$ibm$ws$security$auth$PlatformCredential = cls;
        } else {
            cls = class$com$ibm$ws$security$auth$PlatformCredential;
        }
        tc = Tr.register(cls, "Security", "com.ibm.ejs.resources.security");
        isServant = PlatformHelperFactory.getPlatformHelper().isServantJvm();
    }
}
