package com.ibm.ws.security.token;

import com.ibm.CSIv2Security.NotForwardableMechOID;
import com.ibm.ISecurityUtilityImpl.RealmSecurityName;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.cache.DistributedMap;
import com.ibm.websphere.management.AdminClient;
import com.ibm.websphere.management.AdminClientFactory;
import com.ibm.websphere.security.WebSphereRuntimePermission;
import com.ibm.websphere.security.auth.WSLoginFailedException;
import com.ibm.websphere.security.auth.WSPrincipal;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.auth.AuthCache;
import com.ibm.ws.security.auth.DistributedMapFactory;
import com.ibm.ws.security.auth.ServerCredSigner;
import com.ibm.ws.security.auth.SubjectHelper;
import com.ibm.ws.security.auth.WSCredentialImpl;
import com.ibm.ws.security.core.ContextManager;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.security.core.SecurityConfig;
import com.ibm.ws.security.core.SecurityContext;
import com.ibm.ws.security.ltpa.LTPAServerObject;
import com.ibm.ws.security.registry.RegistryUtil;
import com.ibm.ws.security.util.AccessController;
import com.ibm.ws.security.util.ByteArray;
import com.ibm.ws.security.zOS.PlatformCredentialManager;
import com.ibm.ws.ssl.JSSEProviderFactory;
import com.ibm.wsspi.security.ltpa.Token;
import com.ibm.wsspi.security.token.AttributeNameConstants;
import com.ibm.wsspi.security.token.AuthenticationToken;
import com.ibm.wsspi.security.token.AuthorizationToken;
import com.ibm.wsspi.security.token.PropagationToken;
import com.ibm.wsspi.security.token.SingleSignonToken;
import com.ibm.wsspi.security.token.TokenHolder;
import com.ibm.wsspi.security.token.WSSecurityPropagationHelper;
import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.StringTokenizer;
import java.util.TreeSet;
import javax.management.ObjectName;
import javax.security.auth.Subject;
import org.eclipse.jst.jsp.core.internal.java.JSPTranslator;
import org.ietf.jgss.GSSCredential;
import org.omg.CSI.KRB5MechOID;

/* loaded from: input_file:com.ibm.ws.admin.client_6.1.0.jar:com/ibm/ws/security/token/WSCredentialTokenMapper.class */
public class WSCredentialTokenMapper implements WSCredentialTokenMapperInterface {
    private LTPAServerObject ltpaServer;
    private ContextManager contextManager;
    private WSPrincipal wsPrincipal = null;
    private DistributedMap dm = null;
    private DistributedMap dmns = null;
    private String activeAuthMech;
    private MessageDigest md;
    private static final String MESSAGE_DIGEST_ALGORITHM = "SHA";
    private String JCEProvider;
    private static final TraceComponent tc;
    private static final WebSphereRuntimePermission MAP_CREDENTIAL;
    private static final WebSphereRuntimePermission GET_OPAQUE_TOKEN_FROM_MBEAN;
    static Class class$com$ibm$wsspi$security$token$Token;
    static Class class$com$ibm$wsspi$security$token$AuthorizationToken;
    static Class class$java$util$Hashtable;
    static Class class$com$ibm$ws$security$token$AbstractTokenImpl;
    static Class class$org$ietf$jgss$GSSCredential;
    static Class class$com$ibm$ws$security$token$WSCredentialTokenMapper;
    private static WSCredentialTokenMapperInterface wsCredTokenMapper = null;
    public static ContextManager ctxMgr = ContextManagerFactory.getInstance();
    private static boolean propEnabled = true;
    private static boolean propEnabledChecked = false;

    /* loaded from: input_file:com.ibm.ws.admin.client_6.1.0.jar:com/ibm/ws/security/token/WSCredentialTokenMapper$GetOpaqueTokenFromMBeanAction.class */
    class GetOpaqueTokenFromMBeanAction implements PrivilegedExceptionAction {
        private ByteArray ssoToken;
        private String serverName;
        private Properties connectorProps;
        private final WSCredentialTokenMapper this$0;

        public GetOpaqueTokenFromMBeanAction(WSCredentialTokenMapper wSCredentialTokenMapper, ByteArray byteArray, String str, Properties properties) {
            this.this$0 = wSCredentialTokenMapper;
            this.ssoToken = null;
            this.serverName = null;
            this.connectorProps = null;
            this.ssoToken = byteArray;
            this.serverName = str;
            this.connectorProps = properties;
        }

        @Override // java.security.PrivilegedExceptionAction
        public Object run() throws Exception {
            String str = null;
            String str2 = null;
            String str3 = null;
            Properties properties = (Properties) SecurityConfig.getConfig().getValue("process.jmxConnectorProps");
            Enumeration<?> propertyNames = properties.propertyNames();
            while (propertyNames.hasMoreElements()) {
                String str4 = (String) propertyNames.nextElement();
                String str5 = (String) properties.get(str4);
                if (str4 != null && str5 != null && str5.length() > 0 && !str4.equals("type") && !str4.equals("host") && !str4.equals("port")) {
                    this.connectorProps.setProperty(str4, str5);
                }
            }
            AdminClient createAdminClient = AdminClientFactory.createAdminClient(this.connectorProps);
            StringTokenizer stringTokenizer = new StringTokenizer(this.serverName, ":");
            if (stringTokenizer != null) {
                str = stringTokenizer.nextToken();
                str2 = stringTokenizer.nextToken();
                str3 = stringTokenizer.nextToken();
            }
            ObjectName objectName = new ObjectName(new StringBuffer().append("WebSphere:type=SecurityAdmin,cell=").append(str).append(",node=").append(str2).append(",process=").append(str3).append(",*").toString());
            Set queryNames = createAdminClient.queryNames(objectName, null);
            if (queryNames.isEmpty()) {
                if (!WSCredentialTokenMapper.tc.isEntryEnabled()) {
                    return null;
                }
                Tr.exit(WSCredentialTokenMapper.tc, new StringBuffer().append("getOpaqueTokenFromMBean: SecurityAdmin MBean was not found using queryString ").append(objectName).toString());
                return null;
            }
            TokenHolder tokenHolder = (TokenHolder) createAdminClient.invoke((ObjectName) queryNames.iterator().next(), "getOpaqueToken", new Object[]{this.ssoToken}, new String[]{"com.ibm.ws.security.util.ByteArray"});
            if (tokenHolder != null) {
                if (WSCredentialTokenMapper.tc.isDebugEnabled()) {
                    Tr.debug(WSCredentialTokenMapper.tc, "Returning opaque token from MBean.");
                }
                if (WSCredentialTokenMapper.tc.isEntryEnabled()) {
                    Tr.exit(WSCredentialTokenMapper.tc, "getOpaqueTokenFromMBean");
                }
                return tokenHolder.getBytes();
            }
            if (WSCredentialTokenMapper.tc.isDebugEnabled()) {
                Tr.debug(WSCredentialTokenMapper.tc, "Returning null opaque token.");
            }
            if (!WSCredentialTokenMapper.tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(WSCredentialTokenMapper.tc, "getOpaqueTokenFromMBean");
            return null;
        }
    }

    public static WSCredentialTokenMapperInterface getInstance() {
        if (wsCredTokenMapper == null) {
            wsCredTokenMapper = new WSCredentialTokenMapper();
        }
        return wsCredTokenMapper;
    }

    public WSCredentialTokenMapper() {
        this.ltpaServer = null;
        this.contextManager = null;
        this.activeAuthMech = null;
        this.md = null;
        this.JCEProvider = "IBMJCE";
        this.JCEProvider = getJCEProvider();
        try {
            this.md = MessageDigest.getInstance(MESSAGE_DIGEST_ALGORITHM, this.JCEProvider);
            try {
                this.activeAuthMech = (String) SecurityConfig.getConfig().getValue("security.activeAuthMechanism");
                if (!this.activeAuthMech.equals(SecurityConfig.AUTH_MECHANISM_SWAM)) {
                    this.ltpaServer = (LTPAServerObject) AccessController.doPrivileged(new PrivilegedExceptionAction(this) { // from class: com.ibm.ws.security.token.WSCredentialTokenMapper.1
                        private final WSCredentialTokenMapper this$0;

                        {
                            this.this$0 = this;
                        }

                        @Override // java.security.PrivilegedExceptionAction
                        public Object run() throws Exception {
                            return LTPAServerObject.getLTPAServer();
                        }
                    });
                }
                this.contextManager = ContextManagerFactory.getInstance();
            } catch (PrivilegedActionException e) {
                FFDCFilter.processException(e.getException(), "com.ibm.ws.security.token.WSCredentialTokenMapper.init", "147", this);
                throw e.getException();
            }
        } catch (Exception e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.token.WSCredentialTokenMapper.constructor", "155", this);
            Tr.debug(tc, "Exception validating LTPA token.", new Object[]{e2});
            if (this.contextManager != null) {
                this.contextManager.setRootException(e2);
            }
        }
    }

    private DistributedMap getDM() {
        if (this.dm == null) {
            this.dm = DistributedMapFactory.getMap("WSSecureMap");
        }
        return this.dm;
    }

    private DistributedMap getDMNotShared() {
        if (this.dmns == null) {
            this.dmns = DistributedMapFactory.getMap("WSSecureMapNotShared");
        }
        return this.dmns;
    }

    @Override // com.ibm.ws.security.token.WSCredentialTokenMapperInterface
    public WSCredential createWSCredentialFromProperties(Hashtable hashtable) throws WSLoginFailedException {
        WSCredential wSCredential;
        Boolean bool;
        Object obj;
        Object obj2;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createWSCredentialFromProperties");
        }
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Performing Java 2 Security Permission Check ...");
                Tr.debug(tc, new StringBuffer().append("Expecting : ").append(MAP_CREDENTIAL.toString()).toString());
            }
            securityManager.checkPermission(MAP_CREDENTIAL);
        }
        try {
            String str = null;
            String str2 = null;
            String str3 = null;
            String str4 = null;
            ArrayList arrayList = null;
            Hashtable hashtable2 = null;
            boolean z = false;
            boolean z2 = false;
            boolean z3 = false;
            boolean z4 = false;
            boolean z5 = false;
            Enumeration keys = hashtable.keys();
            while (keys != null && keys.hasMoreElements()) {
                String str5 = (String) keys.nextElement();
                if (str5 != null && (obj2 = hashtable.get(str5)) != null) {
                    if (!z && str5.equals(AttributeNameConstants.WSCREDENTIAL_UNIQUEID)) {
                        str = (String) obj2;
                        if (!str.startsWith("user") && !this.contextManager.isInternalServerId(str)) {
                            str = new StringBuffer().append("user:").append(str).toString();
                        }
                        z = true;
                    } else if (!z2 && str5.equals(AttributeNameConstants.WSCREDENTIAL_REALM)) {
                        str2 = (String) obj2;
                        if (!str2.equalsIgnoreCase(ContextManagerFactory.getInstance().getDefaultRealm())) {
                            Tr.warning(tc, "security.sap.warning.realm.does.not.match.current.realm", (Object) new Object[]{str2, ContextManagerFactory.getInstance().getDefaultRealm()});
                        }
                        z2 = true;
                    } else if (!z3 && str5.equals(AttributeNameConstants.WSCREDENTIAL_SECURITYNAME)) {
                        str3 = (String) obj2;
                        z3 = true;
                    } else if (!z4 && str5.equals(AttributeNameConstants.WSCREDENTIAL_LONGSECURITYNAME)) {
                        str4 = (String) obj2;
                        z4 = true;
                    } else if (!z5 && str5.equals(AttributeNameConstants.WSCREDENTIAL_GROUPS)) {
                        arrayList = new ArrayList();
                        arrayList.addAll((ArrayList) obj2);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Prepending \"group:\" to group list entries.");
                        }
                        for (int i = 0; i < arrayList.size(); i++) {
                            String str6 = (String) arrayList.get(i);
                            if (!str6.startsWith("group")) {
                                arrayList.set(i, new StringBuffer().append("group:").append(this.contextManager.getDefaultRealm()).append("/").append(str6).toString());
                            }
                        }
                        z5 = true;
                    } else if (!str5.equals(AttributeNameConstants.WSCREDENTIAL_CACHE_KEY)) {
                        if (hashtable2 == null) {
                            hashtable2 = new Hashtable();
                        }
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, new StringBuffer().append("Setting key in hashtable: ").append(str5).toString());
                        }
                        hashtable2.put(str5, obj2);
                    } else if (obj2 == null || !(obj2 instanceof String) || !((String) obj2).equals("")) {
                        if (hashtable2 == null) {
                            hashtable2 = new Hashtable();
                        }
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, new StringBuffer().append("Setting Cache Key in hashtable: ").append(obj2).toString());
                        }
                        hashtable2.put(str5, obj2);
                    } else if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Cache Key value is null string. Ignore it.");
                    }
                }
            }
            if (str4 == null || str4.length() == 0) {
                String str7 = str;
                if (str.startsWith("user:")) {
                    str7 = str.substring("user:".length());
                } else if (str.startsWith("server:")) {
                    str7 = str.substring("server:".length());
                }
                str4 = RealmSecurityName.getSecurityName(str7);
            }
            if (str2 == null || str2.length() == 0) {
                str2 = ContextManagerFactory.getInstance().getDefaultRealm();
            }
            if (str4 == null || str4.length() == 0) {
                Tr.error(tc, "security.sap.error.longsecurityname.not.found.in.hashtable");
                throw new WSLoginFailedException("Did not find value for com.ibm.wsspi.security.cred.longSecurityName property.");
            }
            if (!z) {
                Tr.error(tc, "security.sap.error.uniqueid.not.found.in.hashtable");
                throw new WSLoginFailedException("Did not find value for com.ibm.wsspi.security.cred.uniqueId property.");
            }
            if (!z3) {
                Tr.error(tc, "security.sap.error.securityname.not.found.in.hashtable");
                throw new WSLoginFailedException("Did not find value for com.ibm.wsspi.security.cred.securityName property.");
            }
            try {
                WSCredential wSCredential2 = (WSCredential) AccessController.doPrivileged(new PrivilegedExceptionAction(this, str2, str3, str4, str, arrayList) { // from class: com.ibm.ws.security.token.WSCredentialTokenMapper.2
                    private final String val$realmPriv;
                    private final String val$securityNamePriv;
                    private final String val$longSecurityNamePriv;
                    private final String val$accessIdPriv;
                    private final ArrayList val$groupListPriv;
                    private final WSCredentialTokenMapper this$0;

                    {
                        this.this$0 = this;
                        this.val$realmPriv = str2;
                        this.val$securityNamePriv = str3;
                        this.val$longSecurityNamePriv = str4;
                        this.val$accessIdPriv = str;
                        this.val$groupListPriv = arrayList;
                    }

                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws Exception {
                        return new WSCredentialImpl(this.val$realmPriv, this.val$securityNamePriv, this.val$longSecurityNamePriv, "", this.val$accessIdPriv, null, this.val$groupListPriv);
                    }
                });
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Creating auth mech cred.");
                }
                if (this.activeAuthMech.equals("LTPA")) {
                    try {
                        wSCredential = (WSCredential) AccessController.doPrivileged(new PrivilegedExceptionAction(this, this.ltpaServer, wSCredential2) { // from class: com.ibm.ws.security.token.WSCredentialTokenMapper.3
                            private final LTPAServerObject val$ltpaServerPriv;
                            private final WSCredential val$regCredPriv;
                            private final WSCredentialTokenMapper this$0;

                            {
                                this.this$0 = this;
                                this.val$ltpaServerPriv = r5;
                                this.val$regCredPriv = wSCredential2;
                            }

                            @Override // java.security.PrivilegedExceptionAction
                            public Object run() throws Exception {
                                return this.val$ltpaServerPriv.createLTPAToken(this.val$regCredPriv);
                            }
                        });
                    } catch (PrivilegedActionException e) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Exception occurred creating new WS cred.", new Object[]{e.getException()});
                        }
                        FFDCFilter.processException(e, "com.ibm.ws.security.token.WSCredentialTokenMapper.createWSCredentialFromProperties", "425", this);
                        this.contextManager.setRootException(e.getException());
                        throw e.getException();
                    }
                } else if (this.activeAuthMech.equals(SecurityConfig.AUTH_MECHANISM_SWAM)) {
                    try {
                        wSCredential = (WSCredential) AccessController.doPrivileged(new PrivilegedExceptionAction(this, wSCredential2) { // from class: com.ibm.ws.security.token.WSCredentialTokenMapper.4
                            private final WSCredential val$regCredPriv;
                            private final WSCredentialTokenMapper this$0;

                            {
                                this.this$0 = this;
                                this.val$regCredPriv = wSCredential2;
                            }

                            @Override // java.security.PrivilegedExceptionAction
                            public Object run() throws Exception {
                                return new WSCredentialImpl(this.val$regCredPriv, NotForwardableMechOID.value, RegistryUtil.nullByteArray, false, -1L);
                            }
                        });
                    } catch (PrivilegedActionException e2) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Exception occurred creating new WS cred.", new Object[]{e2.getException()});
                        }
                        FFDCFilter.processException(e2, "com.ibm.ws.security.token.WSCredentialTokenMapper.createWSCredentialFromProperties", "451", this);
                        this.contextManager.setRootException(e2.getException());
                        throw e2.getException();
                    }
                } else {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, new StringBuffer().append("Authentication mechanism not SWAM or LTPA.  Returning reg cred for auth mech: ").append(this.activeAuthMech).toString());
                    }
                    wSCredential = wSCredential2;
                }
                if (wSCredential != null && hashtable2 != null) {
                    Enumeration keys2 = hashtable2.keys();
                    while (keys2 != null && keys2.hasMoreElements()) {
                        String str8 = (String) keys2.nextElement();
                        if (str8 != null && (obj = hashtable2.get(str8)) != null) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, new StringBuffer().append("Setting key/value in hashtable of WSCred: ").append(str8).append(", ").append(obj).toString());
                            }
                            if (str8.equals(AttributeNameConstants.WSCREDENTIAL_CACHE_KEY) && tc.isDebugEnabled()) {
                                Tr.debug(tc, new StringBuffer().append("Cache Key Object: ").append(obj.getClass().getName()).toString());
                            }
                            wSCredential.set(str8, obj);
                        }
                    }
                }
                if (ctxMgr.getPlatformHelper().isZOS() && wSCredential != null && wSCredential.get("com.ibm.ws.security.zos.PlatformCredential") == null && (bool = (Boolean) SecurityConfig.getConfig().getValue("security.use.localos.userregistry")) != null && bool.booleanValue()) {
                    wSCredential.set("com.ibm.ws.security.zos.PlatformCredential", ctxMgr.isInternalServerCredential(wSCredential) ? PlatformCredentialManager.instance().createServerCredential() : PlatformCredentialManager.instance().createCredential(str3));
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "createWSCredentialFromProperties");
                }
                return wSCredential;
            } catch (PrivilegedActionException e3) {
                FFDCFilter.processException(e3.getException(), "com.ibm.ws.security.token.WSCredentialTokenMapper.createWSCredentialFromProperties", "399", this);
                throw e3.getException();
            }
        } catch (WSLoginFailedException e4) {
            Tr.error(tc, "security.sap.error.credential.not.mapped", new Object[]{e4});
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "createWSCredentialFromProperties");
            }
            FFDCFilter.processException(e4, "com.ibm.ws.security.token.WSCredentialTokenMapper.createWSCredentialFromProperties", "522", this);
            throw e4;
        } catch (Exception e5) {
            Tr.error(tc, "security.sap.error.credential.not.mapped", new Object[]{e5});
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "createWSCredentialFromProperties");
            }
            FFDCFilter.processException(e5, "com.ibm.ws.security.token.WSCredentialTokenMapper.createWSCredentialFromProperties", "529", this);
            throw new WSLoginFailedException(e5.getMessage(), e5);
        }
    }

    @Override // com.ibm.ws.security.token.WSCredentialTokenMapperInterface
    public WSCredential createWSCredentialFromTokens(byte[] bArr, AuthorizationToken authorizationToken) throws WSLoginFailedException {
        String[] attributes;
        String[] attributes2;
        String[] attributes3;
        String[] attributes4;
        String[] attributes5;
        String[] attributes6;
        String[] attributes7;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createWSCredentialFromTokens");
        }
        if (bArr == null || authorizationToken == null) {
            throw new WSLoginFailedException("Passed in null parameters.");
        }
        String str = null;
        long j = 0;
        String str2 = null;
        String str3 = null;
        String str4 = null;
        String str5 = null;
        ArrayList arrayList = null;
        String str6 = null;
        boolean z = true;
        try {
            Enumeration attributeNames = authorizationToken.getAttributeNames();
            while (attributeNames.hasMoreElements()) {
                String str7 = (String) attributeNames.nextElement();
                if ((str == null || str.length() == 0) && str7.equals(AttributeNameConstants.WSCREDENTIAL_UNIQUEID) && (attributes = authorizationToken.getAttributes(str7)) != null && attributes.length > 0) {
                    str = attributes[0];
                }
                j = authorizationToken.getExpiration();
                if ((str2 == null || str2.length() == 0) && str7.equals(AttributeNameConstants.WSCREDENTIAL_REALM) && (attributes2 = authorizationToken.getAttributes(str7)) != null && attributes2.length > 0) {
                    str2 = attributes2[0];
                }
                if ((str3 == null || str3.length() == 0) && str7.equals(AttributeNameConstants.WSCREDENTIAL_SECURITYNAME) && (attributes3 = authorizationToken.getAttributes(str7)) != null && attributes3.length > 0) {
                    str3 = attributes3[0];
                }
                if ((str4 == null || str4.length() == 0) && str7.equals(AttributeNameConstants.WSCREDENTIAL_LONGSECURITYNAME) && (attributes4 = authorizationToken.getAttributes(str7)) != null && attributes4.length > 0) {
                    str4 = attributes4[0];
                }
                if ((str5 == null || str5.length() == 0) && str7.equals(AttributeNameConstants.WSCREDENTIAL_PRIMARYGROUPID) && (attributes5 = authorizationToken.getAttributes(str7)) != null && attributes5.length > 0) {
                    str5 = attributes5[0];
                }
                if (arrayList == null && str7.equals(AttributeNameConstants.WSCREDENTIAL_GROUPS) && (attributes7 = authorizationToken.getAttributes(str7)) != null && attributes7.length > 0) {
                    arrayList = new ArrayList(attributes7.length);
                    for (int i = 0; i < attributes7.length; i++) {
                        if (attributes7[i] != null) {
                            arrayList.add(attributes7[i]);
                        }
                    }
                }
                if ((str6 == null || str6.length() == 0) && str7.equals(AttributeNameConstants.WSCREDENTIAL_OID) && (attributes6 = authorizationToken.getAttributes(str7)) != null && attributes6.length > 0) {
                    str6 = attributes6[0];
                }
                if (str7.equals(AttributeNameConstants.WSCREDENTIAL_FORWARDABLE)) {
                    String[] attributes8 = authorizationToken.getAttributes(str7);
                    if (attributes8 != null && attributes8.length > 0) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, new StringBuffer().append("Forwardable string = ").append(attributes8[0]).toString());
                        }
                        z = Boolean.valueOf(attributes8[0]).booleanValue();
                    } else if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Forwardable attribute null: com.ibm.wsspi.security.cred.forwardable");
                    }
                }
            }
            if (str == null || str.length() == 0) {
                throw new WSLoginFailedException("Missing the ACCESSID attribute: com.ibm.wsspi.security.cred.uniqueId");
            }
            if (j == 0) {
                throw new WSLoginFailedException("Missing the EXPIRATION attribute: com.ibm.wsspi.security.cred.expiration");
            }
            if (str2 == null || str2.length() == 0) {
                throw new WSLoginFailedException("Missing the REALM attribute: com.ibm.wsspi.security.cred.realm");
            }
            if (str3 == null || str3.length() == 0) {
                throw new WSLoginFailedException("Missing the SECURITYNAME attribute: com.ibm.wsspi.security.cred.securityName");
            }
            if (str4 == null || str4.length() == 0) {
                throw new WSLoginFailedException("Missing the LONGSECURITYNAME attribute: com.ibm.wsspi.security.cred.longSecurityName");
            }
            if (arrayList == null && tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("There are no groups defined for user: ").append(str3).toString());
            }
            if ((str5 == null || str5.length() == 0) && tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("There is no primary group defined for user: ").append(str3).toString());
            }
            if (str6 == null || str6.length() == 0) {
                throw new WSLoginFailedException("Missing the OID attribute: com.ibm.wsspi.security.cred.oid");
            }
            String str8 = str;
            String str9 = (String) SecurityConfig.getConfig().getValue(SecurityConfig.SUPPORT_LTPA);
            if (KRB5MechOID.value.endsWith(str6) && str9 != null && str9.equalsIgnoreCase("true")) {
                String str10 = (String) SecurityConfig.getConfig().getValue("com.ibm.wsspi.security.token.authenticationTokenFactory");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("Creating ltpa auth token using factory ").append(str10).append(" for caller: ").append(str3).toString());
                }
                try {
                    bArr = ((Token) AccessController.doPrivileged(new PrivilegedExceptionAction(this, this.ltpaServer, str8, str10) { // from class: com.ibm.ws.security.token.WSCredentialTokenMapper.5
                        private final LTPAServerObject val$ltpaServerPriv;
                        private final String val$accessIdPriv;
                        private final String val$factory;
                        private final WSCredentialTokenMapper this$0;

                        {
                            this.this$0 = this;
                            this.val$ltpaServerPriv = r5;
                            this.val$accessIdPriv = str8;
                            this.val$factory = str10;
                        }

                        @Override // java.security.PrivilegedExceptionAction
                        public Object run() throws Exception {
                            return this.val$ltpaServerPriv.createLTPAToken(this.val$accessIdPriv, this.val$factory);
                        }
                    })).getBytes();
                } catch (PrivilegedActionException e) {
                    FFDCFilter.processException(e.getException(), "com.ibm.ws.security.token.WSCredentialTokenMapper.createAuthzTokenFromWSCredential", "714", this);
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "createSSOTokenFromWSCredential", new Object[]{e.getException()});
                    }
                    throw e.getException();
                }
            }
            try {
                try {
                    WSCredential wSCredential = (WSCredential) AccessController.doPrivileged(new PrivilegedExceptionAction(this, (WSCredential) AccessController.doPrivileged(new PrivilegedExceptionAction(this, str2, str3, str4, str5, str8, arrayList) { // from class: com.ibm.ws.security.token.WSCredentialTokenMapper.6
                        private final String val$realmPriv;
                        private final String val$securityNamePriv;
                        private final String val$longSecurityNamePriv;
                        private final String val$primaryGroupIdPriv;
                        private final String val$accessIdPriv;
                        private final ArrayList val$groupsPriv;
                        private final WSCredentialTokenMapper this$0;

                        {
                            this.this$0 = this;
                            this.val$realmPriv = str2;
                            this.val$securityNamePriv = str3;
                            this.val$longSecurityNamePriv = str4;
                            this.val$primaryGroupIdPriv = str5;
                            this.val$accessIdPriv = str8;
                            this.val$groupsPriv = arrayList;
                        }

                        @Override // java.security.PrivilegedExceptionAction
                        public Object run() throws Exception {
                            return new WSCredentialImpl(this.val$realmPriv, this.val$securityNamePriv, this.val$longSecurityNamePriv, this.val$primaryGroupIdPriv != null ? this.val$primaryGroupIdPriv : RegistryUtil.nullString, this.val$accessIdPriv, null, this.val$groupsPriv);
                        }
                    }), str6, bArr, z, j) { // from class: com.ibm.ws.security.token.WSCredentialTokenMapper.7
                        private final WSCredential val$credPriv;
                        private final String val$oidPriv;
                        private final byte[] val$credTokenPriv;
                        private final boolean val$forwardablePriv;
                        private final long val$expirationPriv;
                        private final WSCredentialTokenMapper this$0;

                        {
                            this.this$0 = this;
                            this.val$credPriv = r6;
                            this.val$oidPriv = str6;
                            this.val$credTokenPriv = bArr;
                            this.val$forwardablePriv = z;
                            this.val$expirationPriv = j;
                        }

                        @Override // java.security.PrivilegedExceptionAction
                        public Object run() throws Exception {
                            return new WSCredentialImpl(this.val$credPriv, this.val$oidPriv, this.val$credTokenPriv, this.val$forwardablePriv, this.val$expirationPriv);
                        }
                    });
                    if (wSCredential == null) {
                        throw new WSLoginFailedException("WSCredential is null.");
                    }
                    StringBuffer stringBuffer = new StringBuffer(256);
                    stringBuffer.append("WSCredential created with the following values: \n");
                    stringBuffer.append("\trealm = ");
                    stringBuffer.append(str2);
                    stringBuffer.append("\n\tsecurityName = ");
                    stringBuffer.append(str3);
                    stringBuffer.append("\n\tlongSecurityName = ");
                    stringBuffer.append(str4);
                    stringBuffer.append("\n\taccessId = ");
                    stringBuffer.append(str);
                    stringBuffer.append("\n\tGroup count = ");
                    stringBuffer.append(arrayList != null ? String.valueOf(arrayList.size()) : "0");
                    stringBuffer.append("\n\toid = ");
                    stringBuffer.append(str6);
                    stringBuffer.append("\n\texpiration = ");
                    stringBuffer.append(j);
                    stringBuffer.append("\n\tforwardable = ");
                    stringBuffer.append(z);
                    stringBuffer.append(JSPTranslator.ENDL);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, stringBuffer.toString());
                    }
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "createWSCredentialFromTokens");
                    }
                    return wSCredential;
                } catch (PrivilegedActionException e2) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Exception occurred creating new WS cred.", new Object[]{e2.getException()});
                    }
                    FFDCFilter.processException(e2, "com.ibm.ws.security.token.WSCredentialTokenMapper.createWSCredentialFromTokens", "776", this);
                    throw e2.getException();
                }
            } catch (PrivilegedActionException e3) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception occurred creating new WS cred.", new Object[]{e3.getException()});
                }
                FFDCFilter.processException(e3, "com.ibm.ws.security.token.WSCredentialTokenMapper.createWSCredentialFromTokens", "754", this);
                throw e3.getException();
            }
        } catch (WSLoginFailedException e4) {
            Tr.error(tc, "security.sap.error.credential.not.mapped", new Object[]{e4.toString()});
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "WSLoginFailedException occurred creating new WS cred from SAP tokens.", new Object[]{e4});
            }
            FFDCFilter.processException(e4, "com.ibm.ws.security.token.WSCredentialTokenMapper.createWSCredentialFromTokens", "790", this);
            throw e4;
        } catch (Exception e5) {
            Tr.error(tc, "security.sap.error.credential.not.mapped", new Object[]{e5.toString()});
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception occurred creating new WS cred from SAP tokens.", new Object[]{e5});
            }
            FFDCFilter.processException(e5, "com.ibm.ws.security.token.WSCredentialTokenMapper.createWSCredentialFromTokens", "797", this);
            throw new WSLoginFailedException(e5.getMessage(), e5);
        }
    }

    @Override // com.ibm.ws.security.token.WSCredentialTokenMapperInterface
    public AuthenticationToken createAuthTokenFromWSCredential(WSCredential wSCredential) throws WSLoginFailedException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createAuthTokenFromWSCredential");
        }
        String str = (String) SecurityConfig.getConfig().getValue(SecurityConfig.SUPPORT_LTPA);
        if (str == null || !str.equalsIgnoreCase("true")) {
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "createAuthTokenFromWSCredential (null), ltpa not supported.");
            return null;
        }
        try {
            byte[] credentialToken = wSCredential.getCredentialToken();
            if (credentialToken == null) {
                if (!tc.isEntryEnabled()) {
                    return null;
                }
                Tr.exit(tc, "createAuthTokenFromWSCredential (null), no ltpa token in WSCredential.");
                return null;
            }
            AuthenticationTokenImpl authenticationTokenImpl = new AuthenticationTokenImpl();
            authenticationTokenImpl.initializeToken((Subject) null, "oid:1.3.18.0.2.30.2", credentialToken);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "createAuthTokenFromWSCredential");
            }
            return authenticationTokenImpl;
        } catch (WSLoginFailedException e) {
            Tr.error(tc, "security.sap.error.authentication.token.not.mapped", new Object[]{e});
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "createAuthTokenFromWSCredential");
            }
            FFDCFilter.processException(e, "com.ibm.ws.security.token.WSCredentialTokenMapper.createAuthTokenFromWSCredential", "872", this);
            throw e;
        } catch (Exception e2) {
            Tr.error(tc, "security.sap.error.authentication.token.not.mapped", new Object[]{e2});
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "createAuthTokenFromWSCredential");
            }
            FFDCFilter.processException(e2, "com.ibm.ws.security.token.WSCredentialTokenMapper.createAuthTokenFromWSCredential", "879", this);
            throw new WSLoginFailedException(e2.getMessage(), e2);
        }
    }

    @Override // com.ibm.ws.security.token.WSCredentialTokenMapperInterface
    public SingleSignonToken createSSOTokenFromWSCredential(WSCredential wSCredential) throws WSLoginFailedException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createSSOTokenFromWSCredential");
        }
        try {
            String str = (String) SecurityConfig.getConfig().getValue("com.ibm.wsspi.security.token.singleSignonTokenFactory");
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Creating sso token using factory ").append(str).append(" for caller: ").append(wSCredential.getSecurityName()).toString());
            }
            try {
                Token token = (Token) AccessController.doPrivileged(new PrivilegedExceptionAction(this, this.ltpaServer, wSCredential, str) { // from class: com.ibm.ws.security.token.WSCredentialTokenMapper.8
                    private final LTPAServerObject val$ltpaServerPriv;
                    private final WSCredential val$wsCred;
                    private final String val$factory;
                    private final WSCredentialTokenMapper this$0;

                    {
                        this.this$0 = this;
                        this.val$ltpaServerPriv = r5;
                        this.val$wsCred = wSCredential;
                        this.val$factory = str;
                    }

                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws Exception {
                        return this.val$ltpaServerPriv.createLTPAToken(this.val$wsCred.getAccessId(), this.val$factory);
                    }
                });
                SingleSignonTokenImpl singleSignonTokenImpl = new SingleSignonTokenImpl();
                singleSignonTokenImpl.initializeToken(token);
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "createSSOTokenFromWSCredential");
                }
                return singleSignonTokenImpl;
            } catch (PrivilegedActionException e) {
                FFDCFilter.processException(e.getException(), "com.ibm.ws.security.token.WSCredentialTokenMapper.createAuthzTokenFromWSCredential", "922", this);
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "createSSOTokenFromWSCredential", new Object[]{e.getException()});
                }
                throw e.getException();
            }
        } catch (WSLoginFailedException e2) {
            Tr.error(tc, "security.sap.error.single.signon.token.not.mapped", new Object[]{e2});
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "createSSOTokenFromWSCredential");
            }
            FFDCFilter.processException(e2, "com.ibm.ws.security.token.WSCredentialTokenMapper.createSSOTokenFromWSCredential", "936", this);
            throw e2;
        } catch (Exception e3) {
            Tr.error(tc, "security.sap.error.single.signon.token.not.mapped", new Object[]{e3});
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "createSSOTokenFromWSCredential");
            }
            FFDCFilter.processException(e3, "com.ibm.ws.security.token.WSCredentialTokenMapper.createSSOTokenFromWSCredential", "943", this);
            throw new WSLoginFailedException(e3.getMessage(), e3);
        }
    }

    @Override // com.ibm.ws.security.token.WSCredentialTokenMapperInterface
    public AuthorizationToken createAuthzTokenFromWSCredential(WSCredential wSCredential) throws WSLoginFailedException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createAuthzTokenFromWSCredential");
        }
        try {
            String str = (String) SecurityConfig.getConfig().getValue("com.ibm.wsspi.security.token.authorizationTokenFactory");
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Creating authorization token using factory ").append(str).append(" for caller: ").append(wSCredential.getSecurityName()).toString());
            }
            try {
                Token token = (Token) AccessController.doPrivileged(new PrivilegedExceptionAction(this, this.ltpaServer, wSCredential, str) { // from class: com.ibm.ws.security.token.WSCredentialTokenMapper.9
                    private final LTPAServerObject val$ltpaServerPriv;
                    private final WSCredential val$wsCred;
                    private final String val$factory;
                    private final WSCredentialTokenMapper this$0;

                    {
                        this.this$0 = this;
                        this.val$ltpaServerPriv = r5;
                        this.val$wsCred = wSCredential;
                        this.val$factory = str;
                    }

                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws Exception {
                        return this.val$ltpaServerPriv.createLTPAToken(this.val$wsCred.getAccessId(), this.val$factory);
                    }
                });
                token.addAttribute(AttributeNameConstants.WSCREDENTIAL_UNIQUEID, wSCredential.getAccessId());
                token.addAttribute(AttributeNameConstants.WSCREDENTIAL_REALM, wSCredential.getRealmName());
                token.addAttribute(AttributeNameConstants.WSCREDENTIAL_SECURITYNAME, wSCredential.getSecurityName());
                token.addAttribute(AttributeNameConstants.WSCREDENTIAL_LONGSECURITYNAME, wSCredential.getUniqueSecurityName());
                token.addAttribute(AttributeNameConstants.WSCREDENTIAL_PRIMARYGROUPID, wSCredential.getPrimaryGroupId());
                Object obj = wSCredential.get(AttributeNameConstants.WSCREDENTIAL_CACHE_KEY);
                if (obj != null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, new StringBuffer().append("Setting cache key in Authz token: ").append(obj.toString()).toString());
                    }
                    token.addAttribute(AttributeNameConstants.WSCREDENTIAL_CACHE_KEY, obj.toString());
                }
                ArrayList groupIds = wSCredential.getGroupIds();
                if (groupIds != null) {
                    new StringBuffer();
                    for (int i = 0; i < groupIds.size(); i++) {
                        token.addAttribute(AttributeNameConstants.WSCREDENTIAL_GROUPS, (String) groupIds.get(i));
                    }
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, new StringBuffer().append("Setting group list: ").append(groupIds).toString());
                    }
                }
                if (wSCredential.getOID() != null) {
                    token.addAttribute(AttributeNameConstants.WSCREDENTIAL_EXPIRATION, String.valueOf(wSCredential.getExpiration()));
                    token.addAttribute(AttributeNameConstants.WSCREDENTIAL_OID, wSCredential.getOID());
                    boolean isForwardable = wSCredential.isForwardable();
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, new StringBuffer().append("Forwardable string set as: ").append(isForwardable).toString());
                    }
                    token.addAttribute(AttributeNameConstants.WSCREDENTIAL_FORWARDABLE, String.valueOf(isForwardable));
                } else if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "OID is null, deferring adding mechanism attributes to Kerberos commit().");
                }
                AuthorizationTokenImpl authorizationTokenImpl = new AuthorizationTokenImpl();
                authorizationTokenImpl.initializeToken(token);
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "createAuthzTokenFromWSCredential");
                }
                return authorizationTokenImpl;
            } catch (PrivilegedActionException e) {
                FFDCFilter.processException(e.getException(), "com.ibm.ws.security.token.WSCredentialTokenMapper.createAuthzTokenFromWSCredential", "985", this);
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "createAuthzTokenFromWSCredential", new Object[]{e.getException()});
                }
                throw e.getException();
            }
        } catch (WSLoginFailedException e2) {
            Tr.error(tc, "security.sap.error.authorization.token.not.mapped", new Object[]{e2});
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "createAuthzTokenFromWSCredential");
            }
            FFDCFilter.processException(e2, "com.ibm.ws.security.token.WSCredentialTokenMapper.createAuthzTokenFromWSCredential", "1051", this);
            throw e2;
        } catch (Exception e3) {
            Tr.error(tc, "security.sap.error.authorization.token.not.mapped", new Object[]{e3});
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "createAuthzTokenFromWSCredential");
            }
            FFDCFilter.processException(e3, "com.ibm.ws.security.token.WSCredentialTokenMapper.createAuthzTokenFromWSCredential", "1058", this);
            throw new WSLoginFailedException(e3.getMessage(), e3);
        }
    }

    @Override // com.ibm.ws.security.token.WSCredentialTokenMapperInterface
    public PropagationToken createPropagationTokenFromWSCredential(WSCredential wSCredential) throws WSLoginFailedException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createPropagationTokenFromWSCredential");
        }
        try {
            String property = this.contextManager.getProperty("com.ibm.CSI.CellNodeServer");
            String stringBuffer = new StringBuffer().append(property).append(":").append(wSCredential.getRealmSecurityName()).toString();
            String str = (String) SecurityConfig.getConfig().getValue("com.ibm.wsspi.security.token.propagationTokenFactory");
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Creating propagation token using factory ").append(str).append(" for caller: ").append(stringBuffer).append(", host: ").append(property).toString());
            }
            try {
                Token token = (Token) AccessController.doPrivileged(new PrivilegedExceptionAction(this, this.ltpaServer, wSCredential, str) { // from class: com.ibm.ws.security.token.WSCredentialTokenMapper.10
                    private final LTPAServerObject val$ltpaServerPriv;
                    private final WSCredential val$wsCred;
                    private final String val$factory;
                    private final WSCredentialTokenMapper this$0;

                    {
                        this.this$0 = this;
                        this.val$ltpaServerPriv = r5;
                        this.val$wsCred = wSCredential;
                        this.val$factory = str;
                    }

                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws Exception {
                        return this.val$ltpaServerPriv.createLTPAToken(this.val$wsCred.getAccessId(), this.val$factory);
                    }
                });
                token.addAttribute(AttributeNameConstants.WSPROP_CALLERS, stringBuffer);
                token.addAttribute(AttributeNameConstants.WSPROP_HOSTS, property);
                PropagationTokenImpl propagationTokenImpl = new PropagationTokenImpl();
                propagationTokenImpl.initializeToken(token);
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "createPropagationTokenFromWSCredential");
                }
                return propagationTokenImpl;
            } catch (PrivilegedActionException e) {
                FFDCFilter.processException(e.getException(), "com.ibm.ws.security.token.WSCredentialTokenMapper.createPropagationTokenFromWSCredential", "1103", this);
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "createPropagationTokenFromWSCredential", new Object[]{e.getException()});
                }
                throw e.getException();
            }
        } catch (WSLoginFailedException e2) {
            Tr.error(tc, "security.sap.error.propagation.token.not.mapped", new Object[]{e2});
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "createPropagationTokenFromWSCredential");
            }
            FFDCFilter.processException(e2, "com.ibm.ws.security.token.WSCredentialTokenMapper.createPropagationTokenFromWSCredential", "1123", this);
            throw e2;
        } catch (Exception e3) {
            Tr.error(tc, "security.sap.error.propagation.token.not.mapped", new Object[]{e3});
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "createPropagationTokenFromWSCredential");
            }
            FFDCFilter.processException(e3, "com.ibm.ws.security.token.WSCredentialTokenMapper.createPropagationTokenFromWSCredential", "1130", this);
            throw new WSLoginFailedException(e3.getMessage(), e3);
        }
    }

    @Override // com.ibm.ws.security.token.WSCredentialTokenMapperInterface
    public ArrayList getForwardablePropagationTokensFromContext() throws WSLoginFailedException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getForwardablePropagationTokensFromContext");
        }
        try {
            ArrayList arrayList = new ArrayList();
            Map propagationTokens = this.contextManager.getPropagationTokens();
            if (propagationTokens == null) {
                if (!tc.isDebugEnabled()) {
                    return null;
                }
                Tr.debug(tc, "No propagation token present on the thread.");
                return null;
            }
            for (PropagationToken propagationToken : propagationTokens.values()) {
                if (propagationToken != null && propagationToken.isForwardable()) {
                    if ((propagationToken.getExpiration() - System.currentTimeMillis()) - 300000 < 0) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, new StringBuffer().append("Propagation token with name ").append(propagationToken.getName()).append(" is expired.  Refreshing propagation token.").toString());
                        }
                        propagationToken = (PropagationToken) propagationToken.clone();
                    }
                    if (propagationToken != null) {
                        byte[] bArr = (byte[]) java.security.AccessController.doPrivileged(new PrivilegedAction(this, propagationToken) { // from class: com.ibm.ws.security.token.WSCredentialTokenMapper.11
                            private final PropagationToken val$fToken;
                            private final WSCredentialTokenMapper this$0;

                            {
                                this.this$0 = this;
                                this.val$fToken = propagationToken;
                            }

                            @Override // java.security.PrivilegedAction
                            public Object run() {
                                return this.val$fToken.getBytes();
                            }
                        });
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, new StringBuffer().append("Adding propagation token, name: ").append(propagationToken.getName()).toString());
                        }
                        arrayList.add(new TokenHolder(bArr, propagationToken.getName(), propagationToken.getVersion()));
                    }
                }
            }
            if (arrayList == null && tc.isDebugEnabled()) {
                Tr.debug(tc, "Propagation token list is null.");
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getForwardablePropagationTokensFromContext");
            }
            return arrayList;
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.token.WSCredentialTokenMapper.getForwardablePropagationTokensFromContext", "1215", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception getting forwardable propagation tokens.", new Object[]{e});
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getForwardablePropagationTokensFromContext");
            }
            throw new WSLoginFailedException(e.getMessage(), e);
        }
    }

    @Override // com.ibm.ws.security.token.WSCredentialTokenMapperInterface
    public PropagationToken createPropagationTokenBeforeAuthenticatedCallerSet() throws WSLoginFailedException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createPropagationTokenBeforeAuthenticatedCallerSet");
        }
        try {
            String property = this.contextManager.getProperty("com.ibm.CSI.CellNodeServer");
            String str = (String) SecurityConfig.getConfig().getValue("com.ibm.wsspi.security.token.propagationTokenFactory");
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Creating propagation token using factory ").append(str).append(" for host: ").append(property).toString());
            }
            try {
                Token token = (Token) AccessController.doPrivileged(new PrivilegedExceptionAction(this, this.ltpaServer, str) { // from class: com.ibm.ws.security.token.WSCredentialTokenMapper.12
                    private final LTPAServerObject val$ltpaServerPriv;
                    private final String val$factory;
                    private final WSCredentialTokenMapper this$0;

                    {
                        this.this$0 = this;
                        this.val$ltpaServerPriv = r5;
                        this.val$factory = str;
                    }

                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws Exception {
                        return this.val$ltpaServerPriv.createLTPAToken(new StringBuffer().append("user:").append(ContextManagerFactory.getInstance().getUnauthenticatedString()).toString(), this.val$factory);
                    }
                });
                if (token == null) {
                    if (!tc.isEntryEnabled()) {
                        return null;
                    }
                    Tr.exit(tc, "createPropagationTokenBeforeAuthenticatedCallerSet returns null.");
                    return null;
                }
                token.addAttribute(AttributeNameConstants.WSPROP_HOSTS, property);
                PropagationTokenImpl propagationTokenImpl = new PropagationTokenImpl();
                propagationTokenImpl.initializeToken(token);
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "createPropagationTokenBeforeAuthenticatedCallerSet");
                }
                return propagationTokenImpl;
            } catch (PrivilegedActionException e) {
                FFDCFilter.processException(e.getException(), "com.ibm.ws.security.token.WSCredentialTokenMapper.createPropagationTokenBeforeAuthenticatedCallerSet", "1248", this);
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "createPropagationTokenFromWSCredential", new Object[]{e.getException()});
                }
                throw e.getException();
            }
        } catch (WSLoginFailedException e2) {
            Tr.error(tc, "security.sap.error.propagation.token.not.mapped", new Object[]{e2});
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "createPropagationTokenBeforeAuthenticatedCallerSet");
            }
            FFDCFilter.processException(e2, "com.ibm.ws.security.token.WSCredentialTokenMapper.createPropagationTokenBeforeAuthenticatedCallerSet", "1274", this);
            throw e2;
        } catch (Exception e3) {
            Tr.error(tc, "security.sap.error.propagation.token.not.mapped", new Object[]{e3});
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "createPropagationTokenBeforeAuthenticatedCallerSet");
            }
            FFDCFilter.processException(e3, "com.ibm.ws.security.token.WSCredentialTokenMapper.createPropagationTokenBeforeAuthenticatedCallerSet", "1281", this);
            throw new WSLoginFailedException(e3.getMessage(), e3);
        }
    }

    @Override // com.ibm.ws.security.token.WSCredentialTokenMapperInterface
    public Token validateLTPAToken(byte[] bArr) throws WSLoginFailedException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "validateLTPAToken");
        }
        try {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "validateLTPAToken");
            }
            return this.ltpaServer.validateToken(bArr);
        } catch (WSLoginFailedException e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception occurred validating LTPA token.", new Object[]{e});
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "validateLTPAToken");
            }
            FFDCFilter.processException(e, "com.ibm.ws.security.token.WSCredentialTokenMapper.createPropagationTokenBeforeAuthenticatedCallerSet", "1300", this);
            throw e;
        } catch (Exception e2) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception occurred validating LTPA token.", new Object[]{e2});
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "validateLTPAToken");
            }
            FFDCFilter.processException(e2, "com.ibm.ws.security.token.WSCredentialTokenMapper.createPropagationTokenBeforeAuthenticatedCallerSet", "1307", this);
            throw new WSLoginFailedException(e2.getMessage(), e2);
        }
    }

    @Override // com.ibm.ws.security.token.WSCredentialTokenMapperInterface
    public byte[] getOpaqueTokenFromMBean(ByteArray byteArray, String str, Properties properties) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getOpaqueTokenFromMBean", new Object[]{str});
        }
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Performing Java 2 Security Permission Check ...");
                Tr.debug(tc, new StringBuffer().append("Expecting : ").append(GET_OPAQUE_TOKEN_FROM_MBEAN.toString()).toString());
            }
            securityManager.checkPermission(GET_OPAQUE_TOKEN_FROM_MBEAN);
        }
        byte[] bArr = null;
        try {
            bArr = (byte[]) ContextManagerFactory.getInstance().runAsSystem(new GetOpaqueTokenFromMBeanAction(this, byteArray, str, properties));
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception occurred getting opaque token.", new Object[]{e});
            }
            FFDCFilter.processException(e, "com.ibm.ws.security.token.WSCredentialTokenMapper.getOpaqueTokenFromMBean", "1341", this);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("getOpaqueTokenFromMBean -> ").append(bArr != null).toString());
        }
        return bArr;
    }

    /* JADX WARN: Removed duplicated region for block: B:82:0x02f4  */
    /* JADX WARN: Removed duplicated region for block: B:84:? A[RETURN, SYNTHETIC] */
    @Override // com.ibm.ws.security.token.WSCredentialTokenMapperInterface
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public byte[] getInitialContextTokenFromMBean(com.ibm.ws.security.util.ByteArray r10, java.lang.String r11, java.util.Properties r12) {
        /*
            Method dump skipped, instructions count: 767
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ws.security.token.WSCredentialTokenMapper.getInitialContextTokenFromMBean(com.ibm.ws.security.util.ByteArray, java.lang.String, java.util.Properties):byte[]");
    }

    @Override // com.ibm.ws.security.token.WSCredentialTokenMapperInterface
    public Object getDistributedObject(Object obj) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("getDistributedObject: ").append(obj).toString());
        }
        try {
            DistributedMap dm = getDM();
            if (dm != null) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "getDistributedObject");
                }
                return dm.get(obj);
            }
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "getDistributedObject returns null.");
            return null;
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception occurred getting distributed object.", new Object[]{e});
            }
            FFDCFilter.processException(e, "com.ibm.ws.security.token.WSCredentialTokenMapper.getDistributedObject", "1569", this);
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "getDistributedObject (null)");
            return null;
        }
    }

    @Override // com.ibm.ws.security.token.WSCredentialTokenMapperInterface
    public Object getDistributedObjectNotShared(Object obj) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("getDistributedObjectNotShared: ").append(obj).toString());
        }
        try {
            DistributedMap dMNotShared = getDMNotShared();
            if (dMNotShared != null) {
                Object obj2 = dMNotShared.get(obj);
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, new StringBuffer().append("getDistributedObjectNotShared ").append(obj2 != null ? "(not null)" : "(null)").toString());
                }
                return obj2;
            }
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "getDistributedObjectNotShared returns null.");
            return null;
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception occurred getting distributed object not shared.", new Object[]{e});
            }
            FFDCFilter.processException(e, "com.ibm.ws.security.token.WSCredentialTokenMapper.getDistributedObjectNotShared", "1600", this);
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "getDistributedObjectNotShared (null)");
            return null;
        }
    }

    @Override // com.ibm.ws.security.token.WSCredentialTokenMapperInterface
    public Object putDistributedObjectNotShared(Object obj, Object obj2, int i) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("putDistributedObjectNotShared: ").append(obj).toString());
        }
        try {
            DistributedMap dMNotShared = getDMNotShared();
            if (dMNotShared != null) {
                Object put = dMNotShared.put(obj, obj2, 1, i, 1, (Object[]) null);
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, new StringBuffer().append("putDistributedObjectNotShared ").append(put != null ? "(not null)" : "(null)").toString());
                }
                return put;
            }
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "putDistributedObjectNotShared returns null.");
            return null;
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception occurred putting distributed object not shared.", new Object[]{e});
            }
            FFDCFilter.processException(e, "com.ibm.ws.security.token.WSCredentialTokenMapper.putDistributedObjectNotShared", "1631", this);
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "putDistributedObjectNotShared (null)");
            return null;
        }
    }

    @Override // com.ibm.ws.security.token.WSCredentialTokenMapperInterface
    public Object putDistributedObject(Object obj, Object obj2, int i) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("putDistributedObject: ").append(obj).toString());
        }
        try {
            DistributedMap dm = getDM();
            if (dm != null) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "putDistributedObject");
                }
                return dm.put(obj, obj2, 1, i, 2, (Object[]) null);
            }
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "putDistributedObject returns null.");
            return null;
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception occurred putting distributed object.", new Object[]{e});
            }
            FFDCFilter.processException(e, "com.ibm.ws.security.token.WSCredentialTokenMapper.putDistributedObject", "1679", this);
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "putDistributedObject (null)");
            return null;
        }
    }

    @Override // com.ibm.ws.security.token.WSCredentialTokenMapperInterface
    public Object putDistributedObject(Object obj, Object obj2, int i, int i2, int i3, Object[] objArr) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "putDistributedObject: ", new Object[]{obj, new Integer(i), new Integer(i2), new Integer(i3), objArr});
        }
        try {
            DistributedMap dm = getDM();
            if (dm != null) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "putDistributedObject");
                }
                return dm.put(obj, obj2, i, i2, i3, objArr);
            }
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "putDistributedObject returns null.");
            return null;
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception occurred putting distributed object.", new Object[]{e});
            }
            FFDCFilter.processException(e, "com.ibm.ws.security.token.WSCredentialTokenMapper.putDistributedObject", "1735", this);
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "putDistributedObject (null)");
            return null;
        }
    }

    @Override // com.ibm.ws.security.token.WSCredentialTokenMapperInterface
    public void invalidateDistributedObject(Object obj) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "invalidateDistributedObject: ", new Object[]{obj});
        }
        try {
            DistributedMap dm = getDM();
            if (dm != null) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "invalidateDistributedObject");
                }
                dm.invalidate(obj);
            } else if (tc.isEntryEnabled()) {
                Tr.exit(tc, "invalidateDistributedObject returns null.");
            }
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception occurred invalidating distributed object.", new Object[]{e});
            }
            FFDCFilter.processException(e, "com.ibm.ws.security.token.WSCredentialTokenMapper.invalidateDistributedObject", "1766", this);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "invalidateDistributedObject");
            }
        }
    }

    @Override // com.ibm.ws.security.token.WSCredentialTokenMapperInterface
    public String createSubjectUniqueID(Subject subject) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createSubjectUniqueID");
        }
        if (subject == null) {
            if (!tc.isDebugEnabled()) {
                return null;
            }
            Tr.debug(tc, "Subject is null.");
            return null;
        }
        String str = null;
        try {
            str = (String) AccessController.doPrivileged(new PrivilegedExceptionAction(this, subject) { // from class: com.ibm.ws.security.token.WSCredentialTokenMapper.13
                private final Subject val$subject;
                private final WSCredentialTokenMapper this$0;

                {
                    this.this$0 = this;
                    this.val$subject = subject;
                }

                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws Exception {
                    Class cls;
                    Class cls2;
                    TreeSet treeSet = new TreeSet();
                    if (WSCredentialTokenMapper.tc.isEntryEnabled()) {
                        Tr.debug(WSCredentialTokenMapper.tc, "Getting cacheKeyFromHashtable");
                    }
                    Object cacheKeyFromHashtable = this.this$0.getCacheKeyFromHashtable(this.val$subject);
                    if (cacheKeyFromHashtable != null) {
                        if (WSCredentialTokenMapper.tc.isEntryEnabled()) {
                            Tr.entry(WSCredentialTokenMapper.tc, "Found cacheKeyFromHashtable");
                        }
                        if (cacheKeyFromHashtable instanceof String) {
                            treeSet.add((String) cacheKeyFromHashtable);
                        } else {
                            treeSet.add(cacheKeyFromHashtable.toString());
                        }
                    } else if (WSCredentialTokenMapper.tc.isEntryEnabled()) {
                        Tr.entry(WSCredentialTokenMapper.tc, "Did not find cacheKeyFromHashtable");
                    }
                    synchronized (this.val$subject) {
                        Subject subject2 = this.val$subject;
                        if (WSCredentialTokenMapper.class$com$ibm$wsspi$security$token$Token == null) {
                            cls = WSCredentialTokenMapper.class$("com.ibm.wsspi.security.token.Token");
                            WSCredentialTokenMapper.class$com$ibm$wsspi$security$token$Token = cls;
                        } else {
                            cls = WSCredentialTokenMapper.class$com$ibm$wsspi$security$token$Token;
                        }
                        Set privateCredentials = subject2.getPrivateCredentials(cls);
                        if (privateCredentials != null && privateCredentials.size() > 0) {
                            if (WSCredentialTokenMapper.tc.isEntryEnabled()) {
                                Tr.debug(WSCredentialTokenMapper.tc, "Got some private credentials to iterate through.");
                            }
                            for (Object obj : privateCredentials) {
                                if (obj != null && (obj instanceof com.ibm.wsspi.security.token.Token)) {
                                    if (WSCredentialTokenMapper.tc.isEntryEnabled()) {
                                        Tr.debug(WSCredentialTokenMapper.tc, "Getting uniqueID from token.");
                                    }
                                    String uniqueID = ((com.ibm.wsspi.security.token.Token) obj).getUniqueID();
                                    String principal = ((com.ibm.wsspi.security.token.Token) obj).getPrincipal();
                                    if (WSCredentialTokenMapper.tc.isDebugEnabled()) {
                                        Tr.debug(WSCredentialTokenMapper.tc, "Token found, ID/Principal: ", new Object[]{uniqueID, principal});
                                    }
                                    if (uniqueID != null && uniqueID.length() > 0) {
                                        if (principal != null && principal.length() > 0 && treeSet.size() == 0) {
                                            treeSet.add(principal);
                                            if (WSCredentialTokenMapper.tc.isDebugEnabled()) {
                                                Tr.debug(WSCredentialTokenMapper.tc, new StringBuffer().append("Unique string updated with principal: ").append(principal).toString());
                                            }
                                        }
                                        treeSet.add(uniqueID);
                                        if (WSCredentialTokenMapper.tc.isDebugEnabled()) {
                                            Tr.debug(WSCredentialTokenMapper.tc, new StringBuffer().append("Unique string updated with custom uniqueID: ").append(uniqueID).toString());
                                        }
                                    }
                                }
                            }
                        }
                        Subject subject3 = this.val$subject;
                        if (WSCredentialTokenMapper.class$com$ibm$wsspi$security$token$Token == null) {
                            cls2 = WSCredentialTokenMapper.class$("com.ibm.wsspi.security.token.Token");
                            WSCredentialTokenMapper.class$com$ibm$wsspi$security$token$Token = cls2;
                        } else {
                            cls2 = WSCredentialTokenMapper.class$com$ibm$wsspi$security$token$Token;
                        }
                        Set publicCredentials = subject3.getPublicCredentials(cls2);
                        if (publicCredentials != null && publicCredentials.size() > 0) {
                            if (WSCredentialTokenMapper.tc.isEntryEnabled()) {
                                Tr.debug(WSCredentialTokenMapper.tc, "Got some public credentials to iterate through.");
                            }
                            for (Object obj2 : publicCredentials) {
                                if (WSCredentialTokenMapper.tc.isDebugEnabled()) {
                                    Tr.debug(WSCredentialTokenMapper.tc, "token found, looking for uniqueID.", new Object[]{obj2});
                                }
                                if (obj2 != null && (obj2 instanceof com.ibm.wsspi.security.token.Token)) {
                                    String uniqueID2 = ((com.ibm.wsspi.security.token.Token) obj2).getUniqueID();
                                    String principal2 = ((com.ibm.wsspi.security.token.Token) obj2).getPrincipal();
                                    if (WSCredentialTokenMapper.tc.isDebugEnabled()) {
                                        Tr.debug(WSCredentialTokenMapper.tc, "ID/Principal: ", new Object[]{uniqueID2, principal2});
                                    }
                                    if (uniqueID2 != null && uniqueID2.length() > 0) {
                                        if (principal2 != null && principal2.length() > 0 && treeSet.size() == 0) {
                                            treeSet.add(principal2);
                                            if (WSCredentialTokenMapper.tc.isDebugEnabled()) {
                                                Tr.debug(WSCredentialTokenMapper.tc, new StringBuffer().append("Unique string updated with principal: ").append(principal2).toString());
                                            }
                                        }
                                        treeSet.add(uniqueID2);
                                        if (WSCredentialTokenMapper.tc.isDebugEnabled()) {
                                            Tr.debug(WSCredentialTokenMapper.tc, new StringBuffer().append("Unique string updated with custom uniqueID: ").append(uniqueID2).toString());
                                        }
                                    }
                                }
                            }
                        }
                        if (treeSet == null || treeSet.size() <= 0) {
                            if (!WSCredentialTokenMapper.tc.isDebugEnabled()) {
                                return null;
                            }
                            Tr.exit(WSCredentialTokenMapper.tc, "createSubjectUniqueID returns null for uniqueID.");
                            return null;
                        }
                        String[] strArr = (String[]) treeSet.toArray(new String[treeSet.size()]);
                        StringBuffer stringBuffer = new StringBuffer(treeSet.size());
                        for (String str2 : strArr) {
                            stringBuffer.append(str2);
                        }
                        if (WSCredentialTokenMapper.tc.isEntryEnabled()) {
                            Tr.debug(WSCredentialTokenMapper.tc, "Getting one-way hash.");
                        }
                        byte[] oneWayHash = ServerCredSigner.getInstance().getOneWayHash(stringBuffer.toString());
                        if (oneWayHash == null) {
                            if (WSCredentialTokenMapper.tc.isDebugEnabled()) {
                                Tr.exit(WSCredentialTokenMapper.tc, new StringBuffer().append("createSubjectUniqueID returns uniqueID (").append(stringBuffer.toString()).append(") as one-way hash: null.").toString());
                            }
                            return null;
                        }
                        if (WSCredentialTokenMapper.tc.isEntryEnabled()) {
                            Tr.debug(WSCredentialTokenMapper.tc, "Converting hash to string.");
                        }
                        String bigInteger = new BigInteger(oneWayHash).toString();
                        if (WSCredentialTokenMapper.tc.isDebugEnabled()) {
                            Tr.exit(WSCredentialTokenMapper.tc, new StringBuffer().append("createSubjectUniqueID returns uniqueID (").append(stringBuffer.toString()).append(") as one-way hash: ").append(bigInteger).toString());
                        }
                        return bigInteger;
                    }
                }
            });
        } catch (PrivilegedActionException e) {
            FFDCFilter.processException(e.getException(), "com.ibm.ws.security.token.WSCredentialTokenMapper.createSubjectUniqueID", "1937", this);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "createSubjectUniqueID throwing exception.", new Object[]{e.getException()});
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createSubjectUniqueID");
        }
        return str;
    }

    @Override // com.ibm.ws.security.token.WSCredentialTokenMapperInterface
    public String createUniqueIDFromAllTokens(Subject subject) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createUniqueIDFromAllTokens");
        }
        try {
            return (String) AccessController.doPrivileged(new PrivilegedExceptionAction(this, subject) { // from class: com.ibm.ws.security.token.WSCredentialTokenMapper.14
                private final Subject val$subject;
                private final WSCredentialTokenMapper this$0;

                {
                    this.this$0 = this;
                    this.val$subject = subject;
                }

                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws Exception {
                    String createSubjectUniqueID = this.this$0.createSubjectUniqueID(this.val$subject);
                    if (createSubjectUniqueID == null) {
                        try {
                            createSubjectUniqueID = SubjectHelper.getWSCredentialFromSubject(this.val$subject).getRealmUniqueSecurityName();
                        } catch (Exception e) {
                            FFDCFilter.processException(e, "com.ibm.ws.security.token.WSCredentialTokenMapper.createUniqueIDFromAllTokens", "1969", this);
                            if (!WSCredentialTokenMapper.tc.isEntryEnabled()) {
                                return null;
                            }
                            Tr.exit(WSCredentialTokenMapper.tc, "createUniqueIDFromAllTokens catching exception accessing WSCredential and returning null.", new Object[]{e});
                            return null;
                        }
                    }
                    Map propagationTokens = this.this$0.contextManager.getPropagationTokens();
                    if (propagationTokens == null) {
                        if (WSCredentialTokenMapper.tc.isEntryEnabled()) {
                            Tr.exit(WSCredentialTokenMapper.tc, new StringBuffer().append("createUniqueIDFromAllTokens: no PropTokens set on thread: ").append(createSubjectUniqueID).toString());
                        }
                        return createSubjectUniqueID;
                    }
                    String str = null;
                    for (PropagationToken propagationToken : propagationTokens.values()) {
                        if (propagationToken != null && propagationToken.getUniqueID() != null) {
                            str = str != null ? new StringBuffer().append(str).append(":").append(propagationToken.getUniqueID()).toString() : propagationToken.getUniqueID();
                        }
                    }
                    if (str != null) {
                        createSubjectUniqueID = new StringBuffer().append(createSubjectUniqueID).append(":").append(str).toString();
                    }
                    if (WSCredentialTokenMapper.tc.isEntryEnabled()) {
                        Tr.exit(WSCredentialTokenMapper.tc, new StringBuffer().append("createUniqueIDFromAllTokens: ").append(createSubjectUniqueID).toString());
                    }
                    return createSubjectUniqueID;
                }
            });
        } catch (PrivilegedActionException e) {
            FFDCFilter.processException(e.getException(), "com.ibm.ws.security.token.WSCredentialTokenMapper.createUniqueIDFromAllTokens", "2021", this);
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "createUniqueIDFromAllTokens throwing exception.", new Object[]{e.getException()});
            return null;
        }
    }

    @Override // com.ibm.ws.security.token.WSCredentialTokenMapperInterface
    public String getUniqueIDFromAuthzToken(Subject subject) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getUniqueIDFromAuthzToken");
        }
        String str = null;
        if (subject == null) {
            if (!tc.isDebugEnabled()) {
                return null;
            }
            Tr.debug(tc, "Subject is null.");
            return null;
        }
        try {
            str = (String) AccessController.doPrivileged(new PrivilegedExceptionAction(this, subject) { // from class: com.ibm.ws.security.token.WSCredentialTokenMapper.15
                private final Subject val$subject;
                private final WSCredentialTokenMapper this$0;

                {
                    this.this$0 = this;
                    this.val$subject = subject;
                }

                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws Exception {
                    Class cls;
                    String[] attributes;
                    synchronized (this.val$subject) {
                        Subject subject2 = this.val$subject;
                        if (WSCredentialTokenMapper.class$com$ibm$wsspi$security$token$AuthorizationToken == null) {
                            cls = WSCredentialTokenMapper.class$("com.ibm.wsspi.security.token.AuthorizationToken");
                            WSCredentialTokenMapper.class$com$ibm$wsspi$security$token$AuthorizationToken = cls;
                        } else {
                            cls = WSCredentialTokenMapper.class$com$ibm$wsspi$security$token$AuthorizationToken;
                        }
                        Set<AuthorizationToken> privateCredentials = subject2.getPrivateCredentials(cls);
                        if (privateCredentials != null && privateCredentials.size() > 0) {
                            for (AuthorizationToken authorizationToken : privateCredentials) {
                                if (authorizationToken != null && authorizationToken.getName().equals(AttributeNameConstants.WSAUTHZTOKEN_NAME) && (attributes = authorizationToken.getAttributes(AttributeNameConstants.WSTOKEN_UNIQUEID)) != null && attributes[0] != null) {
                                    if (WSCredentialTokenMapper.tc.isDebugEnabled()) {
                                        Tr.debug(WSCredentialTokenMapper.tc, new StringBuffer().append("getUniqueIDFromAuthzToken returning uniqueID: ").append(attributes[0]).toString());
                                    }
                                    return attributes[0];
                                }
                            }
                        }
                        return null;
                    }
                }
            });
        } catch (PrivilegedActionException e) {
            FFDCFilter.processException(e.getException(), "com.ibm.ws.security.token.WSCredentialTokenMapper.createSubjectUniqueID", "2077", this);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getUniqueIDFromAuthzToken throwing exception.", new Object[]{e.getException()});
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getUniqueIDFromAuthzToken");
        }
        return str;
    }

    @Override // com.ibm.ws.security.token.WSCredentialTokenMapperInterface
    public Object getCacheKeyFromHashtable(Subject subject) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getCacheKeyFromHashtable");
        }
        if (subject == null) {
            if (!tc.isDebugEnabled()) {
                return null;
            }
            Tr.debug(tc, "Subject is null.");
            return null;
        }
        Object obj = null;
        try {
            obj = AccessController.doPrivileged(new PrivilegedExceptionAction(this, subject) { // from class: com.ibm.ws.security.token.WSCredentialTokenMapper.16
                private final Subject val$subject;
                private final WSCredentialTokenMapper this$0;

                {
                    this.this$0 = this;
                    this.val$subject = subject;
                }

                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws Exception {
                    Class cls;
                    Class cls2;
                    HashSet<Hashtable> hashSet = new HashSet();
                    synchronized (this.val$subject) {
                        Subject subject2 = this.val$subject;
                        if (WSCredentialTokenMapper.class$java$util$Hashtable == null) {
                            cls = WSCredentialTokenMapper.class$("java.util.Hashtable");
                            WSCredentialTokenMapper.class$java$util$Hashtable = cls;
                        } else {
                            cls = WSCredentialTokenMapper.class$java$util$Hashtable;
                        }
                        Set privateCredentials = subject2.getPrivateCredentials(cls);
                        Subject subject3 = this.val$subject;
                        if (WSCredentialTokenMapper.class$java$util$Hashtable == null) {
                            cls2 = WSCredentialTokenMapper.class$("java.util.Hashtable");
                            WSCredentialTokenMapper.class$java$util$Hashtable = cls2;
                        } else {
                            cls2 = WSCredentialTokenMapper.class$java$util$Hashtable;
                        }
                        Set publicCredentials = subject3.getPublicCredentials(cls2);
                        if (publicCredentials.size() > 0) {
                            hashSet.addAll(publicCredentials);
                        }
                        if (privateCredentials.size() > 0) {
                            hashSet.addAll(privateCredentials);
                        }
                        if (hashSet != null && hashSet.size() > 0) {
                            for (Hashtable hashtable : hashSet) {
                                if (hashtable != null) {
                                    Object obj2 = hashtable.get(AttributeNameConstants.WSCREDENTIAL_CACHE_KEY);
                                    if (obj2 != null && (obj2 instanceof String) && ((String) obj2).equals("")) {
                                        if (WSCredentialTokenMapper.tc.isDebugEnabled()) {
                                            Tr.debug(WSCredentialTokenMapper.tc, "Cache Key value is null string. Reset to null.");
                                        }
                                        obj2 = null;
                                    }
                                    if (WSCredentialTokenMapper.tc.isDebugEnabled()) {
                                        Tr.debug(WSCredentialTokenMapper.tc, new StringBuffer().append("Returning cache key for lookup: ").append(obj2).toString());
                                    }
                                    return obj2;
                                }
                            }
                        }
                        return null;
                    }
                }
            });
        } catch (PrivilegedActionException e) {
            FFDCFilter.processException(e.getException(), "com.ibm.ws.security.token.WSCredentialTokenMapper.getCacheKeyFromHashtable", "2152", this);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getCacheKeyFromHashtable throwing exception.", new Object[]{e.getException()});
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getCacheKeyFromHashtable");
        }
        return obj;
    }

    @Override // com.ibm.ws.security.token.WSCredentialTokenMapperInterface
    public boolean subjectContainsLoginHashtable(Subject subject) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "subjectContainsLoginHashtable");
        }
        Boolean valueOf = Boolean.valueOf("false");
        if (subject == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Subject is null.");
            }
            return valueOf.booleanValue();
        }
        try {
            valueOf = (Boolean) AccessController.doPrivileged(new PrivilegedExceptionAction(this, subject) { // from class: com.ibm.ws.security.token.WSCredentialTokenMapper.17
                private final Subject val$subject;
                private final WSCredentialTokenMapper this$0;

                {
                    this.this$0 = this;
                    this.val$subject = subject;
                }

                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws Exception {
                    Class cls;
                    Class cls2;
                    HashSet<Hashtable> hashSet = new HashSet();
                    synchronized (this.val$subject) {
                        Subject subject2 = this.val$subject;
                        if (WSCredentialTokenMapper.class$java$util$Hashtable == null) {
                            cls = WSCredentialTokenMapper.class$("java.util.Hashtable");
                            WSCredentialTokenMapper.class$java$util$Hashtable = cls;
                        } else {
                            cls = WSCredentialTokenMapper.class$java$util$Hashtable;
                        }
                        Set privateCredentials = subject2.getPrivateCredentials(cls);
                        Subject subject3 = this.val$subject;
                        if (WSCredentialTokenMapper.class$java$util$Hashtable == null) {
                            cls2 = WSCredentialTokenMapper.class$("java.util.Hashtable");
                            WSCredentialTokenMapper.class$java$util$Hashtable = cls2;
                        } else {
                            cls2 = WSCredentialTokenMapper.class$java$util$Hashtable;
                        }
                        Set publicCredentials = subject3.getPublicCredentials(cls2);
                        if (publicCredentials.size() > 0) {
                            hashSet.addAll(publicCredentials);
                        }
                        if (privateCredentials.size() > 0) {
                            hashSet.addAll(privateCredentials);
                        }
                        if (hashSet != null && hashSet.size() > 0) {
                            for (Hashtable hashtable : hashSet) {
                                if (hashtable != null && hashtable.get(AttributeNameConstants.WSCREDENTIAL_SECURITYNAME) != null && hashtable.get(AttributeNameConstants.WSCREDENTIAL_UNIQUEID) != null) {
                                    if (WSCredentialTokenMapper.tc.isDebugEnabled()) {
                                        Tr.debug(WSCredentialTokenMapper.tc, "Subject contains valid login Hashtable.");
                                    }
                                    return Boolean.valueOf("true");
                                }
                            }
                        }
                        if (WSCredentialTokenMapper.tc.isDebugEnabled()) {
                            Tr.debug(WSCredentialTokenMapper.tc, "Subject does not contain valid login Hashtable.");
                        }
                        return Boolean.valueOf("false");
                    }
                }
            });
        } catch (PrivilegedActionException e) {
            FFDCFilter.processException(e.getException(), "com.ibm.ws.security.token.WSCredentialTokenMapper.subjectContainsLoginHashtable", "2225", this);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "subjectContainsLoginHashtable throwing exception.", new Object[]{e.getException()});
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("subjectContainsLoginHashtable -> ").append(valueOf.booleanValue()).toString());
        }
        return valueOf.booleanValue();
    }

    protected synchronized byte[] getOneWayHash(String str) {
        if (!SecurityContext.isSecurityEnabled() || !SecurityContext.isServerProcess()) {
            return null;
        }
        this.md.reset();
        this.md.update(str.getBytes());
        return this.md.digest();
    }

    /* JADX WARN: Removed duplicated region for block: B:60:0x01d3  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public boolean checkCushionValidityOfAllTokens(javax.security.auth.Subject r11, long r12, boolean r14) {
        /*
            Method dump skipped, instructions count: 503
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ws.security.token.WSCredentialTokenMapper.checkCushionValidityOfAllTokens(javax.security.auth.Subject, long, boolean):boolean");
    }

    @Override // com.ibm.ws.security.token.WSCredentialTokenMapperInterface
    public boolean checkCushionValidityOfAllTokens(Subject subject, long j) {
        return checkCushionValidityOfAllTokens(subject, j, false);
    }

    @Override // com.ibm.ws.security.token.WSCredentialTokenMapperInterface
    public boolean checkValidityOfAllTokens(Subject subject) {
        return checkCushionValidityOfAllTokens(subject, AuthCache.getInstance().getCushion(), false);
    }

    @Override // com.ibm.ws.security.token.WSCredentialTokenMapperInterface
    public boolean checkValidityOfAllTokensAndRefresh(Subject subject) {
        return checkCushionValidityOfAllTokens(subject, AuthCache.getInstance().getCushion(), true);
    }

    @Override // com.ibm.ws.security.token.WSCredentialTokenMapperInterface
    public boolean checkGSSCredExpired(Subject subject) {
        Class cls;
        GSSCredential gSSCredential;
        Boolean bool = Boolean.FALSE;
        long cushion = AuthCache.getInstance().getCushion();
        try {
            if (class$org$ietf$jgss$GSSCredential == null) {
                cls = class$("org.ietf.jgss.GSSCredential");
                class$org$ietf$jgss$GSSCredential = cls;
            } else {
                cls = class$org$ietf$jgss$GSSCredential;
            }
            Set privateCredentials = subject.getPrivateCredentials(cls);
            if (privateCredentials != null && privateCredentials.size() > 0 && (gSSCredential = (GSSCredential) privateCredentials.iterator().next()) != null) {
                long remainingLifetime = gSSCredential.getRemainingLifetime() * 1000;
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("Time remaining is ").append(remainingLifetime / 1000).append(" seconds, for token: ").append(gSSCredential).toString());
                }
                if (remainingLifetime - cushion < 0) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "GSSCredential is expired.");
                    }
                    bool = Boolean.TRUE;
                }
            }
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.token.WSCredentialTokenMapper.checkGSSCredExpired", "2433", this);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "checkGSSCredExpired throwing exception, returning true.", new Object[]{e});
            }
            bool = Boolean.TRUE;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("checkGSSCredExpired -> ").append(bool).toString());
        }
        return bool.booleanValue();
    }

    public String getJCEProvider() {
        List fipsJCEProviders;
        if (JSSEProviderFactory.isFipsEnabled() && (fipsJCEProviders = JSSEProviderFactory.fipsJCEProviders()) != null && fipsJCEProviders.size() > 0) {
            this.JCEProvider = (String) fipsJCEProviders.get(0);
        }
        return this.JCEProvider;
    }

    public static boolean isAnyPropagationEnabled() {
        if (propEnabledChecked) {
            return propEnabled;
        }
        propEnabledChecked = true;
        if (WSSecurityPropagationHelper.getInstance().isRMIInboundPropagationEnabled() || WSSecurityPropagationHelper.getInstance().isRMIOutboundPropagationEnabled() || WSSecurityPropagationHelper.getInstance().isWebInboundPropagationEnabled()) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "At least one propagation flag is enabled.");
            }
            propEnabled = true;
            return true;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "Propagation is disabled.");
        }
        propEnabled = false;
        return false;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$com$ibm$ws$security$token$WSCredentialTokenMapper == null) {
            cls = class$("com.ibm.ws.security.token.WSCredentialTokenMapper");
            class$com$ibm$ws$security$token$WSCredentialTokenMapper = cls;
        } else {
            cls = class$com$ibm$ws$security$token$WSCredentialTokenMapper;
        }
        tc = Tr.register(cls, (String) null, "com.ibm.ejs.resources.security");
        MAP_CREDENTIAL = new WebSphereRuntimePermission("mapCredential");
        GET_OPAQUE_TOKEN_FROM_MBEAN = new WebSphereRuntimePermission("wssecurity.getOpaqueTokenFromMBean");
    }
}
