package com.ibm.ws.security.auth;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.security.WSSecurityHelper;
import com.ibm.websphere.security.WebSphereRuntimePermission;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.common.util.CommonConstants;
import com.ibm.ws.security.config.AuthMechanismConfig;
import com.ibm.ws.security.config.SecurityConfig;
import com.ibm.ws.security.config.SecurityConfigManager;
import com.ibm.ws.security.config.SecurityObjectLocator;
import com.ibm.ws.security.core.ContextManager;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.security.token.WSCredentialTokenMapper;
import com.ibm.ws.security.util.ByteArray;
import com.ibm.ws.util.ThreadPool;
import com.ibm.wsspi.security.token.AttributeNameConstants;
import com.ibm.wsspi.security.token.AuthenticationToken;
import com.ibm.wsspi.security.token.PropagationToken;
import com.ibm.wsspi.security.token.SingleSignonToken;
import com.ibm.wsspi.wssecurity.platform.token.KRBAuthnToken;
import java.math.BigInteger;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import javax.security.auth.Subject;

/* loaded from: input_file:wasJars/securityimpl.jar:com/ibm/ws/security/auth/AuthCache.class */
public class AuthCache extends Cache implements SecurityCache {
    private long cushion;
    private String _domainId;
    public static final String AUTH_CACHE_ENABLED = "com.ibm.websphere.security.util.authCacheEnabled";
    public static final String AUTH_CACHE_SIZE = "com.ibm.websphere.security.util.authCacheSize";
    public static final String AUTH_CACHE_MAX_SIZE = "com.ibm.websphere.security.util.authCacheMaxSize";
    public static final String AUTH_CACHE_SUPPORT_CUSTOM_KEY = "com.ibm.websphere.security.util.authCacheCustomKeySupport";
    private static final TraceComponent tc = Tr.register(AuthCache.class, "Security", "com.ibm.ejs.resources.security");
    private static final WebSphereRuntimePermission MAP_CREDENTIAL = new WebSphereRuntimePermission("mapCredential");
    private static long defaultTimeout = 0;
    private static ConcurrentHashMap instanceCache = new ConcurrentHashMap();
    private static SecurityConfigManager scm = null;
    protected static boolean authCacheEnabled = true;
    protected static boolean allowLookupByBasicAuth = true;
    protected static boolean customCacheKeySupport = true;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:wasJars/securityimpl.jar:com/ibm/ws/security/auth/AuthCache$BasicAuthCacheData.class */
    public class BasicAuthCacheData {
        public String realm;
        public String userId;
        public byte[] password;

        BasicAuthCacheData() {
        }

        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (obj == null || !(obj instanceof BasicAuthCacheData)) {
                return false;
            }
            if (this.realm != null) {
                if (!this.realm.equals(((BasicAuthCacheData) obj).realm)) {
                    return false;
                }
            } else if (((BasicAuthCacheData) obj).realm != null) {
                return false;
            }
            if (this.userId != null) {
                if (!this.userId.equals(((BasicAuthCacheData) obj).userId)) {
                    return false;
                }
            } else if (((BasicAuthCacheData) obj).userId != null) {
                return false;
            }
            return Arrays.equals(this.password, ((BasicAuthCacheData) obj).password);
        }

        public int hashCode() {
            return (this.realm + ":" + this.userId).hashCode();
        }

        public String toString() {
            return this.realm + ":" + this.userId;
        }
    }

    public static synchronized AuthCache getInstance() {
        String str;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getInstance");
        }
        if (scm == null) {
            scm = SecurityObjectLocator.getSecurityConfigManager();
        }
        if (scm != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "getInstance SecurityConfigManager instance " + scm);
            }
            str = scm.getDomainId();
        } else {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "getInstance no SecurityConfigManager instance, using admin config");
            }
            str = SecurityObjectLocator.ADMIN;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "getInstance using domainId " + str);
        }
        AuthCache authCache = (AuthCache) instanceCache.get(str);
        if (authCache == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "getInstance did not find AuthCache in cache");
            }
            SecurityConfig securityConfig = SecurityObjectLocator.getSecurityConfig();
            int integer = securityConfig.getInteger(SecurityConfig.CACHE_TIMEOUT);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "security cache timeout is " + integer);
            }
            Cache.setDefaultTimeout(integer * 1000);
            String property = securityConfig.getProperty(AUTH_CACHE_SIZE);
            if (property == null || property.equals("") || new Integer(property).intValue() < 0) {
                property = "50";
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "authCacheSize = " + property);
            }
            String property2 = securityConfig.getProperty(AUTH_CACHE_MAX_SIZE);
            if (property2 == null || property2.equals("") || new Integer(property2).intValue() < 0) {
                property2 = "25000";
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "authCacheMaxSize = " + property2);
            }
            authCache = new AuthCache(new Integer(property).intValue(), new Integer(property2).intValue(), integer * 1000);
            if (authCache != null) {
                authCache.setDomainId(str);
                instanceCache.put(str, authCache);
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "getInstance found AuthCache in instanceCache " + authCache);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getInstance " + authCache);
        }
        return authCache;
    }

    public static void releaseInstance() {
        String str;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "releaseInstance");
        }
        if (scm == null) {
            scm = SecurityObjectLocator.getSecurityConfigManager();
        }
        if (scm != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "releaseInstance SecurityConfigManager instance " + scm);
            }
            str = scm.getDomainId();
        } else {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "releaseInstance no SecurityConfigManager instance, using admin config");
            }
            str = SecurityObjectLocator.ADMIN;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "releaseInstance using domainId " + str);
        }
        instanceCache.remove(str);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "releaseInstance");
        }
    }

    private AuthCache(int i, int i2, long j) {
        super(i, i2, j);
        this.cushion = -1L;
        this._domainId = null;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "<init>", new Object[]{new Integer(i), new Long(j)});
        }
        SecurityConfig securityConfig = SecurityObjectLocator.getSecurityConfig();
        String property = securityConfig.getProperty(AUTH_CACHE_ENABLED);
        if (property == null) {
            authCacheEnabled = true;
        } else if (property.equalsIgnoreCase("false") || property.equalsIgnoreCase("no")) {
            authCacheEnabled = false;
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Authentication cache is disabled.");
            }
        } else {
            authCacheEnabled = true;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "authCacheEnabled = " + authCacheEnabled);
        }
        if (property == null || !property.equalsIgnoreCase("BasicAuthDisabled")) {
            allowLookupByBasicAuth = true;
        } else {
            allowLookupByBasicAuth = false;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "allowLookupByBasicAuth = " + allowLookupByBasicAuth);
        }
        String property2 = securityConfig.getProperty("com.ibm.websphere.security.util.authCacheCustomKeySupport");
        if (property2 == null || !(property2.equalsIgnoreCase("false") || property2.equalsIgnoreCase("no"))) {
            customCacheKeySupport = true;
        } else {
            customCacheKeySupport = false;
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Custom Cache Key support is disabled.");
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "customCacheKeySupport = " + customCacheKeySupport);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "AuthCache", this);
        }
    }

    @Override // com.ibm.ws.security.auth.SecurityCache
    public void removeEntry(String str, String str2) throws CacheException {
        Object obj;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "removeEntry", new Object[]{str, str2});
        }
        if (str == null) {
            str = ContextManagerFactory.getInstance().getDefaultRealm();
        }
        if (str2 != null && (obj = get(str + ":" + str2)) != null && (obj instanceof CacheObject)) {
            removeEntry((CacheObject) obj);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "removeEntry");
        }
    }

    @Override // com.ibm.ws.security.auth.SecurityCache
    public void removeEntry(Object obj) throws CacheException {
        Object obj2;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "removeEntry", new Object[]{obj});
        }
        if (obj != null && (obj2 = get(obj)) != null && (obj2 instanceof CacheObject)) {
            removeEntry((CacheObject) obj2);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "removeEntry");
        }
    }

    public void removeEntry(CacheObject cacheObject) throws CacheException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "removeEntry", cacheObject);
        }
        if (cacheObject != null) {
            try {
                Object[] keyArray = cacheObject.getKeyArray();
                for (int i = 0; i < keyArray.length; i++) {
                    remove(keyArray[i]);
                    if (keyArray[i] instanceof ByteArray) {
                        WSCredentialTokenMapper.getInstance().invalidateDistributedObject((ByteArray) keyArray[i]);
                    }
                }
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.server.util.AuthCache.removeEntry", "345", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception removing credential from cache", e);
                }
                throw new CacheException(e.getMessage(), e);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "removeEntry");
        }
    }

    public void removeAllEntries() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "removeAllEntries");
        }
        clearAllEntries();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "removeAllEntries");
        }
    }

    @Override // com.ibm.ws.security.auth.SecurityCache
    public Subject getSubject(byte[] bArr) throws CacheException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSubject", bArr);
        }
        Subject subject = null;
        if (authCacheEnabled) {
            subject = getSubject(new ByteArray(bArr));
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getSubject", subject);
        }
        return subject;
    }

    @Override // com.ibm.ws.security.auth.SecurityCache
    public Subject getSubject(Object obj) throws CacheException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSubject", obj);
        }
        Subject subject = null;
        if (authCacheEnabled) {
            if (obj == null || !(obj instanceof String) || !((String) obj).equals("")) {
                try {
                    Object obj2 = get(obj);
                    if (obj2 != null && (obj2 instanceof CacheObject)) {
                        subject = ((CacheObject) obj2).getSubject();
                        Map propTokenMap = ((CacheObject) obj2).getPropTokenMap();
                        if (propTokenMap != null) {
                            setPropTokenMapOnThread(propTokenMap);
                        }
                    }
                } catch (Exception e) {
                    FFDCFilter.processException(e, "com.ibm.ws.security.server.util.AuthCache.getSubject", "430", this);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Exception trying to get object from cache", e);
                    }
                    throw new CacheException(e.getMessage(), e);
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Cache Key value is null string. Ignore it.");
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getSubject", subject);
        }
        return subject;
    }

    @Override // com.ibm.ws.security.auth.SecurityCache
    public Subject getSubject(String str, String str2, String str3) throws CacheException {
        Object obj;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSubject", new Object[]{str, str2, "xxxxx"});
        }
        if (str2 == null || str3 == null || !authCacheEnabled || !allowLookupByBasicAuth) {
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "getSubject", null);
            return null;
        }
        if (str == null) {
            str = ContextManagerFactory.getInstance().getDefaultRealm();
        }
        Subject subject = null;
        byte[] bArr = null;
        try {
            try {
                bArr = ServerCredSigner.getInstance().getOneWayHash(str3);
                if (tc.isDebugEnabled() && bArr != null) {
                    Tr.debug(tc, "One-way password hash using SHA is: " + new BigInteger(bArr));
                }
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.server.util.AuthCache.getSubject", "475", this);
                Tr.error(tc, "security.sas.encode.error", new Object[]{e});
            }
            byte[] bytes = bArr != null ? bArr : str3.getBytes();
            BasicAuthCacheData basicAuthCacheData = new BasicAuthCacheData();
            basicAuthCacheData.realm = str;
            basicAuthCacheData.userId = str2;
            basicAuthCacheData.password = bytes;
            Object obj2 = get(basicAuthCacheData);
            if (obj2 != null && (obj2 instanceof CacheObject)) {
                CacheObject cacheObject = (CacheObject) obj2;
                subject = cacheObject.getSubject();
                Map propTokenMap = cacheObject.getPropTokenMap();
                if (propTokenMap != null) {
                    setPropTokenMapOnThread(propTokenMap);
                }
            }
            if (subject == null && (obj = get(str + ":" + str2)) != null && (obj instanceof CacheObject)) {
                removeEntry(obj);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "cleared entries from AuthCache for user: " + str2);
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getSubject", subject);
            }
            return subject;
        } catch (Exception e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.server.util.AuthCache.getSubject", "505", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Authentication failed", e2);
            }
            throw new CacheException(e2.getMessage(), e2);
        }
    }

    @Override // com.ibm.ws.security.auth.SecurityCache
    public Subject getSubject(String str, String str2) throws CacheException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSubject", new Object[]{str, str2});
        }
        if (!authCacheEnabled || str2 == null) {
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "getSubject", null);
            return null;
        }
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Performing Java 2 Security Permission Check ...");
                Tr.debug(tc, "Expecting : " + MAP_CREDENTIAL.toString());
            }
            securityManager.checkPermission(MAP_CREDENTIAL);
        }
        Subject subject = null;
        if (str == null) {
            str = ContextManagerFactory.getInstance().getDefaultRealm();
        }
        try {
            Object obj = get(str + ":" + str2);
            if (obj != null && (obj instanceof CacheObject)) {
                CacheObject cacheObject = (CacheObject) obj;
                if (customCacheKeySupport && cacheObject.getRevocationKey()) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Found following revocation object, replaced by null.", cacheObject.getSubject());
                    }
                    if (!tc.isEntryEnabled()) {
                        return null;
                    }
                    Tr.exit(tc, "getSubject", null);
                    return null;
                }
                subject = cacheObject.getSubject();
                Map propTokenMap = cacheObject.getPropTokenMap();
                if (propTokenMap != null) {
                    setPropTokenMapOnThread(propTokenMap);
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getSubject", subject);
            }
            return subject;
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.server.util.AuthCache.getSubject", "589", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Authentication failed", e);
            }
            throw new CacheException(e.getMessage(), e);
        }
    }

    @Override // com.ibm.ws.security.auth.SecurityCache
    public void updateEntry(Subject subject, byte[] bArr) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "updateEntry", new Object[]{subject, bArr});
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "updateEntry");
        }
    }

    @Override // com.ibm.ws.security.auth.SecurityCache
    public void updateEntry(Object obj, Map map) {
        Map clonePropTokenMap;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "updateEntry", new Object[]{obj, map});
        }
        if (!authCacheEnabled || obj == null) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "updateEntry (no updates)");
                return;
            }
            return;
        }
        try {
            Object obj2 = get(obj);
            if (obj2 != null && (obj2 instanceof CacheObject)) {
                CacheObject cacheObject = (CacheObject) obj2;
                if (map != null && (clonePropTokenMap = clonePropTokenMap(map)) != null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "cache entry updated with prop token map.");
                    }
                    cacheObject.setPropTokenMap(clonePropTokenMap);
                }
            }
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.server.util.AuthCache.updateEntry", "650", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Updating the propagation tokens into the AuthCache failed.", new Object[]{e});
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "updateEntry");
        }
    }

    @Override // com.ibm.ws.security.auth.SecurityCache
    public void insert(Subject subject) {
        insert(subject, null, (Object[]) null);
    }

    @Override // com.ibm.ws.security.auth.SecurityCache
    public void insert(Subject subject, Object[] objArr) {
        insert(subject, null, objArr);
    }

    @Override // com.ibm.ws.security.auth.SecurityCache
    public void insert(Subject subject, String str) {
        insert(subject, str, null);
    }

    @Override // com.ibm.ws.security.auth.SecurityCache
    public void insert(Subject subject, String str, Object[] objArr) {
        insert(subject, null, str, objArr);
    }

    @Override // com.ibm.ws.security.auth.SecurityCache
    public void insert(Subject subject, String str, String str2, Object[] objArr) {
        Map clonePropTokenMap;
        if (tc.isEntryEnabled()) {
            TraceComponent traceComponent = tc;
            Object[] objArr2 = new Object[4];
            objArr2[0] = subject;
            objArr2[1] = str;
            objArr2[2] = str2 == null ? str2 : "xxxxx";
            objArr2[3] = objArr;
            Tr.entry(traceComponent, "insert", objArr2);
        }
        if (!authCacheEnabled) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "insert - No insert happened. AuthCache is disabled");
                return;
            }
            return;
        }
        if (subject == null) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "insert");
                return;
            }
            return;
        }
        WSCredential wSCredentialFromSubject = SubjectHelper.getWSCredentialFromSubject(subject);
        CacheObject cacheObject = new CacheObject();
        cacheObject.setSubject(subject);
        boolean z = false;
        if (wSCredentialFromSubject != null) {
            try {
                ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
                Object byteArray = new ByteArray(wSCredentialFromSubject.getCredentialToken());
                if (byteArray != null) {
                    cacheObject.setKey(byteArray);
                    insert(byteArray, cacheObject);
                }
                SingleSignonToken defaultSSOTokenFromSubject = SubjectHelper.getDefaultSSOTokenFromSubject(subject);
                if (defaultSSOTokenFromSubject != null) {
                    Object byteArray2 = new ByteArray(defaultSSOTokenFromSubject.getBytes());
                    cacheObject.setKey(byteArray2);
                    insert(byteArray2, cacheObject);
                }
                KRBAuthnToken kerberosAuthnTokenFromSubject = SubjectHelper.getKerberosAuthnTokenFromSubject(subject);
                if (kerberosAuthnTokenFromSubject != null) {
                    String uniqueID = ((AuthenticationToken) kerberosAuthnTokenFromSubject).getUniqueID();
                    if (tc.isEntryEnabled()) {
                        Tr.debug(tc, "KRBAuthnToken uniqued ID: " + uniqueID);
                    }
                    cacheObject.setKey(uniqueID);
                    insert(uniqueID, cacheObject);
                }
                Object cacheKeyFromHashtable = WSCredentialTokenMapper.getInstance().getCacheKeyFromHashtable(subject);
                if (cacheKeyFromHashtable != null && customCacheKeySupport) {
                    z = true;
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Found Custom Cache Key");
                    }
                    cacheObject.setKey(cacheKeyFromHashtable);
                    insert(cacheKeyFromHashtable, cacheObject);
                }
                byte[] bArr = (byte[]) contextManagerFactory.get(CommonConstants.CACHEKEYATTRIBUTE);
                if (bArr != null) {
                    Object byteArray3 = new ByteArray(bArr);
                    cacheObject.setKey(byteArray3);
                    insert(byteArray3, cacheObject);
                }
                Object obj = (ByteArray) contextManagerFactory.get(CommonConstants.CACHEKEY_ZDATA);
                if (obj != null) {
                    cacheObject.setKey(obj);
                    insert(obj, cacheObject);
                }
                Object obj2 = wSCredentialFromSubject.getRealmName() + ":" + wSCredentialFromSubject.getSecurityName();
                if (obj2 != null) {
                    cacheObject.setKey(obj2);
                    if (z) {
                        cacheObject.setRevocationKey(true);
                    }
                    insert(obj2, cacheObject);
                }
                if (str != null && !str.equals(wSCredentialFromSubject.getSecurityName())) {
                    Object obj3 = wSCredentialFromSubject.getRealmName() + ":" + str;
                    cacheObject.setKey(obj3);
                    if (z) {
                        cacheObject.setRevocationKey(true);
                    }
                    insert(obj3, cacheObject);
                }
                Object createSubjectUniqueID = WSCredentialTokenMapper.getInstance().createSubjectUniqueID(subject);
                if (createSubjectUniqueID != null) {
                    cacheObject.setKey(createSubjectUniqueID);
                    insert(createSubjectUniqueID, cacheObject);
                }
                String str3 = (String) wSCredentialFromSubject.get(CommonConstants.LOGIN_UID);
                if (str3 != null) {
                    Object obj4 = wSCredentialFromSubject.getRealmName() + ":" + str3;
                    cacheObject.setKey(obj4);
                    if (z) {
                        cacheObject.setRevocationKey(true);
                    }
                    insert(obj4, cacheObject);
                }
                Object obj5 = wSCredentialFromSubject.getRealmName() + ":" + wSCredentialFromSubject.getUniqueSecurityName();
                if (obj5 != null) {
                    cacheObject.setKey(obj5);
                    if (z) {
                        cacheObject.setRevocationKey(true);
                    }
                    insert(obj5, cacheObject);
                }
                if (objArr != null && objArr.length > 0) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Additional lookup keys size: " + objArr.length);
                    }
                    for (int i = 0; i < objArr.length; i++) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Additional lookup value: " + objArr[i]);
                        }
                        if (objArr[i] != null) {
                            if (objArr[i] instanceof byte[]) {
                                Object byteArray4 = new ByteArray((byte[]) objArr[i]);
                                cacheObject.setKey(byteArray4);
                                insert(byteArray4, cacheObject);
                            } else {
                                cacheObject.setKey(objArr[i]);
                                insert(objArr[i], cacheObject);
                            }
                        }
                    }
                }
                Map propagationTokens = contextManagerFactory.getPropagationTokens();
                if (propagationTokens != null && (clonePropTokenMap = clonePropTokenMap(propagationTokens)) != null) {
                    cacheObject.setPropTokenMap(clonePropTokenMap);
                }
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.server.util.AuthCache.insert", "930", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception inserting Subject into cache: ", new Object[]{e});
                }
            }
        }
        if (str2 != null && !z) {
            BasicAuthCacheData basicAuthCacheData = new BasicAuthCacheData();
            basicAuthCacheData.realm = wSCredentialFromSubject.getRealmName();
            if (basicAuthCacheData.realm == null) {
                basicAuthCacheData.realm = ContextManagerFactory.getInstance().getDefaultRealm();
            }
            basicAuthCacheData.userId = wSCredentialFromSubject.getSecurityName();
            byte[] bArr2 = null;
            try {
                bArr2 = ServerCredSigner.getInstance().getOneWayHash(str2);
                if (tc.isDebugEnabled() && bArr2 != null) {
                    Tr.debug(tc, "One-way password hash using SHA is: " + new BigInteger(bArr2));
                }
            } catch (Exception e2) {
                FFDCFilter.processException(e2, "com.ibm.ws.security.server.util.AuthCache.insert", "910", this);
                Tr.error(tc, "security.sas.encode.error", new Object[]{e2});
            }
            basicAuthCacheData.password = bArr2 != null ? bArr2 : str2.getBytes();
            cacheObject.setKey(basicAuthCacheData);
            insert(basicAuthCacheData, cacheObject);
            if (str != null && !str.equals(basicAuthCacheData.userId)) {
                basicAuthCacheData.userId = str;
                cacheObject.setKey(basicAuthCacheData);
                insert(basicAuthCacheData, cacheObject);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "insert");
        }
    }

    @Override // com.ibm.ws.security.auth.SecurityCache
    public long getCushion() {
        AuthMechanismConfig authMechanism;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getCushion");
        }
        if (this.cushion == -1) {
            Cache.getDefaultTimeout();
            long j = 0;
            SecurityConfig securityConfig = SecurityObjectLocator.getSecurityConfig();
            long longValue = ((Long.valueOf(securityConfig.getProperty(SecurityConfig.CACHE_CUSHION_MIN)).longValue() * 60) * 1000) - ThreadPool.DEFAULT_KEEPALIVETIME;
            long longValue2 = Long.valueOf(securityConfig.getProperty(SecurityConfig.CACHE_CUSHION_MAX)).longValue() * 60 * 1000;
            if (longValue2 <= 0) {
                longValue2 = 600000;
            }
            if (securityConfig.getActiveAuthMechanism().getBoolean(AuthMechanismConfig.FORWARDABLE_CRED) && (authMechanism = securityConfig.getAuthMechanism("LTPA")) != null) {
                j = authMechanism.getLong("timeout") * 60 * 1000;
            }
            if (j > 0) {
                long j2 = j / 5;
                if (j2 < longValue) {
                    this.cushion = longValue;
                } else if (j2 > longValue2) {
                    this.cushion = longValue2;
                } else {
                    this.cushion = j2;
                }
            } else {
                this.cushion = 0L;
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getCushion", new Long(this.cushion));
        }
        return this.cushion;
    }

    private void setPropTokenMapOnThread(Map map) {
        String[] attributes;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setPropTokenMapOnThread", map);
        }
        if (map != null && map.size() > 0) {
            try {
                for (String str : map.keySet()) {
                    PropagationToken propagationToken = (PropagationToken) map.get(str);
                    if (propagationToken != null) {
                        ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
                        if (!str.equals(AttributeNameConstants.WSPROPTOKEN_KEY_V1)) {
                            contextManagerFactory.setPropagationToken(str, (PropagationToken) propagationToken.clone());
                        } else if (contextManagerFactory.getPropagationToken(AttributeNameConstants.WSPROPTOKEN_KEY_V1) == null) {
                            contextManagerFactory.setPropagationToken(str, (PropagationToken) propagationToken.clone());
                        } else {
                            Enumeration attributeNames = propagationToken.getAttributeNames();
                            while (attributeNames.hasMoreElements()) {
                                String str2 = (String) attributeNames.nextElement();
                                if (str2 != null && !str2.equals(AttributeNameConstants.WSPROP_CALLERS) && !str2.equals(AttributeNameConstants.WSPROP_HOSTS) && WSSecurityHelper.getPropagationAttributes(str2) == null && (attributes = propagationToken.getAttributes(str2)) != null && attributes.length > 0) {
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "Adding attributes for " + str2 + " to existing prop token");
                                    }
                                    for (String str3 : attributes) {
                                        WSSecurityHelper.addPropagationAttribute(str2, str3);
                                    }
                                }
                            }
                        }
                    }
                }
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.auth.AuthCache.setPropTokenMapOnThread", "1061", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception setting propagation tokens on thread", e);
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setPropTokenMapOnThread");
        }
    }

    private Map clonePropTokenMap(Map map) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "clonePropTokenMap", map);
        }
        HashMap hashMap = null;
        if (map != null && map.size() > 0) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Cloning propagation tokens.");
            }
            hashMap = new HashMap();
            try {
                for (String str : map.keySet()) {
                    PropagationToken propagationToken = (PropagationToken) map.get(str);
                    if (propagationToken != null) {
                        hashMap.put(str, propagationToken.clone());
                    }
                }
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.auth.AuthCache.clonePropTokenMap", "1100", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception cloning propagation tokens.", new Object[]{e});
                }
                hashMap = null;
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "clonePropTokenMap", hashMap);
        }
        return hashMap;
    }

    public String getDomainId() {
        return this._domainId;
    }

    public void setDomainId(String str) {
        this._domainId = str;
    }

    public String toString() {
        return "AuthCache: " + hashCode() + " domainId: " + getDomainId();
    }
}
