package com.ibm.ws.security.auth.j2c;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.management.AdminClient;
import com.ibm.websphere.security.WSSecurityException;
import com.ibm.websphere.security.WebSphereRuntimePermission;
import com.ibm.websphere.security.auth.IdentityPrincipal;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.common.auth.WSPrincipalImpl;
import com.ibm.ws.security.config.SecurityConfig;
import com.ibm.ws.security.config.SecurityObjectLocator;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.security.util.AuthData;
import com.ibm.ws.security.util.PasswordUtil;
import com.ibm.wsspi.security.auth.callback.WSMappingPropertiesCallback;
import java.io.IOException;
import java.security.Principal;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import javax.resource.spi.ManagedConnectionFactory;
import javax.resource.spi.security.PasswordCredential;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;

/* loaded from: input_file:wasJars/securityimpl.jar:com/ibm/ws/security/auth/j2c/WSPrincipalMappingLoginModule.class */
public class WSPrincipalMappingLoginModule implements LoginModule {
    private Subject wspm_subject;
    private CallbackHandler wspm_callbackHandler;
    private Map wspm_sharedState;
    private Map wspm_options;
    private Map wspm_properties;
    private static boolean isFineGrained;
    private static final TraceComponent tc = Tr.register(WSPrincipalMappingLoginModule.class, (String) null, "com.ibm.ejs.resources.security");
    private static final WebSphereRuntimePermission perm = new WebSphereRuntimePermission("getPasswordCredential");
    private WSPrincipalImpl wspm_principal = null;
    private boolean wspm_useTrustedConnection = false;
    private IdentityPrincipal wspm_identityPrincipal = null;
    private PasswordCredential wspm_passwordCredential = null;
    private boolean wspm_debug = false;
    private boolean wspm_succeeded = false;
    private boolean wspm_commitSucceeded = false;

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initialize()");
        }
        this.wspm_subject = subject;
        this.wspm_callbackHandler = callbackHandler;
        this.wspm_sharedState = map;
        this.wspm_options = map2;
        this.wspm_debug = "true".equalsIgnoreCase((String) this.wspm_options.get("debug"));
        this.wspm_useTrustedConnection = "true".equalsIgnoreCase((String) this.wspm_options.get("useTrustedConnection"));
        if (tc.isEntryEnabled()) {
            if (this.wspm_useTrustedConnection) {
                Tr.exit(tc, "initialize( TrustedConnectionMapping )");
            } else {
                Tr.exit(tc, "initialize( DefaultPrincipalMapping )");
            }
        }
    }

    public static Properties getAuthData(String str) throws SecurityException {
        AuthData authDataInt = WSDefaultPrincipalMapping.getAuthDataInt(str);
        if (authDataInt == null) {
            return null;
        }
        Properties properties = new Properties();
        properties.put(AdminClient.USERNAME, authDataInt.uid);
        properties.put("password", authDataInt.psw);
        return properties;
    }

    public boolean login() throws LoginException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "login()");
        }
        if (this.wspm_commitSucceeded) {
            logout();
        }
        this.wspm_succeeded = false;
        Callback[] callbackArr = {new com.ibm.wsspi.security.auth.callback.WSManagedConnectionFactoryCallback("Target ManagedConnectionFactory: "), new WSMappingPropertiesCallback("Mapping Properties (HashMap): ")};
        try {
            this.wspm_callbackHandler.handle(callbackArr);
            String str = null;
            this.wspm_properties = ((WSMappingPropertiesCallback) callbackArr[1]).getProperties();
            if (this.wspm_properties == null) {
                Tr.warning(tc, "security.j2c.missingParameter", new Object[]{"properties HashMap"});
            } else {
                str = (String) this.wspm_properties.get("com.ibm.mapping.authDataAlias");
                if (str == null) {
                    Tr.warning(tc, "security.j2c.missingParameter", new Object[]{"alias"});
                } else {
                    str = str.trim();
                }
            }
            if (str != null) {
                SecurityManager securityManager = System.getSecurityManager();
                if (securityManager != null) {
                    if (isFineGrained) {
                        WebSphereRuntimePermission webSphereRuntimePermission = new WebSphereRuntimePermission("getPasswordCredential." + str);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Performing Java 2 Security Permission Check (Fine Grained) ...");
                            Tr.debug(tc, "Expecting : " + webSphereRuntimePermission.toString());
                        }
                        securityManager.checkPermission(webSphereRuntimePermission);
                    } else {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Performing Java 2 Security Permission Check ...");
                            Tr.debug(tc, "Expecting : " + perm.toString());
                        }
                        securityManager.checkPermission(perm);
                    }
                }
                Properties authData = getAuthData(str);
                if (authData != null) {
                    String property = authData.getProperty(AdminClient.USERNAME);
                    String property2 = authData.getProperty("password");
                    String passwordDecode = PasswordUtil.passwordDecode(property2);
                    String str2 = passwordDecode == null ? property2 : passwordDecode;
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, (passwordDecode == null ? "Original" : "Decoded") + " version of the password is used");
                    }
                    ManagedConnectionFactory managedConnectionFacotry = ((com.ibm.wsspi.security.auth.callback.WSManagedConnectionFactoryCallback) callbackArr[0]).getManagedConnectionFacotry();
                    this.wspm_passwordCredential = new PasswordCredential(property, str2.toCharArray());
                    this.wspm_passwordCredential.setManagedConnectionFactory(managedConnectionFacotry);
                    WSCredential invocationCredential = ContextManagerFactory.getInstance().getInvocationCredential();
                    String str3 = null;
                    if (invocationCredential != null && !invocationCredential.isUnauthenticated()) {
                        str3 = invocationCredential.getSecurityName();
                    }
                    this.wspm_principal = new WSPrincipalImpl(str3);
                    if (this.wspm_useTrustedConnection) {
                        this.wspm_identityPrincipal = WSDefaultPrincipalMapping.getIdentityPrincipal(this.wspm_properties);
                        this.wspm_identityPrincipal.setManagedConnectionFactory(managedConnectionFacotry);
                    }
                    this.wspm_succeeded = true;
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "login()");
            }
            return this.wspm_succeeded;
        } catch (WSSecurityException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.auth.j2c.WSPrincipalMappingLoginModule.login", "164", this);
            throw new LoginException("Error: " + e.toString());
        } catch (IOException e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.auth.j2c.WSPrincipalMappingLoginModule.login", "135", this);
            Tr.warning(tc, "security.j2c.unexpectedIOException", new Object[]{e2});
            throw new LoginException("Error: " + e2.toString());
        } catch (ClassNotFoundException e3) {
            FFDCFilter.processException(e3, "com.ibm.ws.security.auth.j2c.WSPrincipalMappingLoginModule.login", "273", this);
            throw new LoginException("Error: " + e3.toString());
        } catch (UnsupportedCallbackException e4) {
            FFDCFilter.processException(e4, "com.ibm.ws.security.auth.j2c.WSPrincipalMappingLoginModule.login", "128", this);
            throw new LoginException("Error: " + e4.getCallback().toString() + " not available to garner authentication information from the user");
        }
    }

    public boolean commit() throws LoginException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "commit()");
        }
        if (!this.wspm_succeeded) {
            return this.wspm_succeeded;
        }
        if (this.wspm_principal != null) {
            Set<Principal> principals = this.wspm_subject.getPrincipals();
            if (!principals.contains(this.wspm_principal)) {
                principals.add(this.wspm_principal);
            }
            if (this.wspm_identityPrincipal != null && !principals.contains(this.wspm_identityPrincipal)) {
                principals.add(this.wspm_identityPrincipal);
            }
            if (!this.wspm_subject.getPrivateCredentials().contains(this.wspm_passwordCredential)) {
                this.wspm_subject.getPrivateCredentials().add(this.wspm_passwordCredential);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "commit()");
        }
        this.wspm_commitSucceeded = true;
        return this.wspm_commitSucceeded;
    }

    public boolean abort() throws LoginException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "abort()");
        }
        if (!this.wspm_succeeded) {
            return false;
        }
        if (this.wspm_commitSucceeded) {
            logout();
        } else {
            this.wspm_succeeded = false;
            this.wspm_principal = null;
            this.wspm_passwordCredential = null;
            this.wspm_identityPrincipal = null;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "abort()");
        }
        return this.wspm_succeeded;
    }

    public boolean logout() throws LoginException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "logout()");
        }
        this.wspm_subject.getPrincipals().remove(this.wspm_principal);
        this.wspm_subject.getPrivateCredentials().remove(this.wspm_passwordCredential);
        this.wspm_principal = null;
        this.wspm_passwordCredential = null;
        this.wspm_identityPrincipal = null;
        this.wspm_succeeded = false;
        this.wspm_commitSucceeded = false;
        if (!tc.isEntryEnabled()) {
            return true;
        }
        Tr.exit(tc, "logout()");
        return true;
    }

    static {
        isFineGrained = false;
        Boolean bool = Boolean.TRUE;
        try {
            bool = Boolean.valueOf(SecurityObjectLocator.getSecurityConfig().getBoolean(SecurityConfig.ENFORCE_FINE_GRAINED_JCA_SECURITY));
        } catch (Throwable th) {
        }
        if (bool != null) {
            isFineGrained = bool.booleanValue();
        }
        if (tc.isDebugEnabled()) {
            if (isFineGrained) {
                Tr.debug(tc, "Enforce Fine Grained Java 2 Security Permission Check");
            } else {
                Tr.debug(tc, "Enforce Java 2 Security Permission Check");
            }
        }
    }
}
