package com.ibm.ws.security.auth;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.security.DistributedUserMappingFailedException;
import com.ibm.websphere.security.auth.WSLoginFailedException;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.management.discovery.Constants;
import com.ibm.ws.profile.WSProfileConstants;
import com.ibm.ws.runtime.service.ThreadPoolMgr;
import com.ibm.ws.security.auth.j2c.GenericCredentialImpl;
import com.ibm.ws.security.common.auth.WSPrincipalImpl;
import com.ibm.ws.security.common.util.CommonConstants;
import com.ibm.ws.security.config.SecurityConfig;
import com.ibm.ws.security.config.SecurityObjectLocator;
import com.ibm.ws.security.core.ContextManager;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.security.jaspi.commands.AdminConstants;
import com.ibm.ws.security.profiletask.MessageFormatHelper;
import com.ibm.ws.security.zOS.PlatformCredentialManager;
import com.ibm.ws.sm.workspace.impl.WorkSpaceConstant;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.Serializable;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.ResourceBundle;
import javax.security.auth.Subject;

/* loaded from: input_file:wasJars/securityimpl.jar:com/ibm/ws/security/auth/PlatformCredential.class */
public final class PlatformCredential implements Serializable {
    public static final int STATE_FREED = 1;
    private static final int VERSION_UNSET = 0;
    private static final int VERSION_1 = 1;
    private static final int VERSION_2 = 2;
    private static final int VERSION_3 = 3;
    private static final int VERSION_4 = 4;
    public static final int MAXIMUM_DIST_USER_LENGTH = 246;
    public static final int MAXIMUM_DIST_REALM_LENGTH = 255;
    private static final long serialVersionUID = -4979494157999039784L;
    private transient String unauthenticatedUserId;
    private transient Subject j2cSubject;
    private transient boolean authenticated;
    private int version;
    private String userId;
    private String mvsUserId;
    private String auditString;
    private CredentialType credType;
    private long serializationTime;
    private boolean isDefault;
    private X509Certificate[] certChain;
    private String roleProfile;
    private String distributedUser;
    private String distributedRealm;
    public static final CredentialType BASIC = new CredentialType("Basic");
    public static final CredentialType DEFAULT = new CredentialType(ThreadPoolMgr.DEFAULT_THREAD_POOL_NAME);
    public static final CredentialType CERTIFICATE = new CredentialType("Certificate");
    public static final CredentialType ASSERTED = new CredentialType("Asserted");
    public static final CredentialType ROLE = new CredentialType(Constants.Role);
    public static final CredentialType SERVER = new CredentialType("Server");
    public static final CredentialType MAPPED = new CredentialType("Mapped");
    private static final TraceComponent tc = Tr.register((Class<?>) PlatformCredential.class, "Security", AdminConstants.MSG_BUNDLE_NAME);
    private static ResourceBundle msgBundle = ResourceBundle.getBundle(AdminConstants.MSG_BUNDLE_NAME);

    /* loaded from: input_file:wasJars/securityimpl.jar:com/ibm/ws/security/auth/PlatformCredential$CredentialType.class */
    public static final class CredentialType implements Serializable {
        final String name;

        CredentialType(String str) {
            this.name = str;
        }

        public String toString() {
            return WorkSpaceConstant.FIELD_SEPERATOR + this.name + "]";
        }

        public int hashCode() {
            return this.name.hashCode();
        }

        public boolean equals(Object obj) {
            if (obj instanceof CredentialType) {
                return this.name.equals(((CredentialType) obj).name);
            }
            return false;
        }
    }

    public PlatformCredential() {
        this.authenticated = false;
        this.version = 4;
        this.userId = null;
        this.mvsUserId = null;
        this.auditString = null;
        this.credType = DEFAULT;
        this.isDefault = false;
        this.certChain = null;
        this.roleProfile = null;
        this.distributedUser = null;
        this.distributedRealm = null;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "<init>");
        }
        this.userId = getUnauthenticatedUserId();
        this.auditString = PlatformCredentialManager.DEFAULT_UNAUTHENTICATED_AUDIT_STRING;
        this.credType = DEFAULT;
        this.isDefault = true;
        this.j2cSubject = null;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "<init>", this);
        }
    }

    public PlatformCredential(CredentialType credentialType, String str, String str2) {
        this.authenticated = false;
        this.version = 4;
        this.userId = null;
        this.mvsUserId = null;
        this.auditString = null;
        this.credType = DEFAULT;
        this.isDefault = false;
        this.certChain = null;
        this.roleProfile = null;
        this.distributedUser = null;
        this.distributedRealm = null;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "<init>", new Object[]{credentialType, str, str2});
        }
        this.credType = credentialType;
        this.auditString = str2;
        if (credentialType == ROLE) {
            this.roleProfile = str;
        } else {
            this.userId = str != null ? str.toUpperCase().trim() : str;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "<init>", this);
        }
    }

    public PlatformCredential(X509Certificate[] x509CertificateArr, String str) {
        this.authenticated = false;
        this.version = 4;
        this.userId = null;
        this.mvsUserId = null;
        this.auditString = null;
        this.credType = DEFAULT;
        this.isDefault = false;
        this.certChain = null;
        this.roleProfile = null;
        this.distributedUser = null;
        this.distributedRealm = null;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "<init>", new Object[]{x509CertificateArr, str});
        }
        this.credType = CERTIFICATE;
        this.certChain = x509CertificateArr;
        this.auditString = str;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "<init>", this);
        }
    }

    public PlatformCredential(String str, String str2, String str3) throws DistributedUserMappingFailedException {
        this.authenticated = false;
        this.version = 4;
        this.userId = null;
        this.mvsUserId = null;
        this.auditString = null;
        this.credType = DEFAULT;
        this.isDefault = false;
        this.certChain = null;
        this.roleProfile = null;
        this.distributedUser = null;
        this.distributedRealm = null;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "<init>", new Object[]{str, str2});
        }
        setDistributedUser(str);
        setDistributedRealm(str2);
        this.credType = MAPPED;
        this.auditString = str3;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "<init>", this);
        }
    }

    public String getUserId() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getUserId");
        }
        String str = this.userId;
        if (str == null) {
            str = getMvsUserId();
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getUserId", str);
        }
        return str;
    }

    public String getMvsUserId() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getMvsUserId");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getMvsUserId", this.mvsUserId);
        }
        return this.mvsUserId;
    }

    public void setMvsUserId(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setMvsUserId", str);
        }
        this.mvsUserId = str != null ? str.toUpperCase().trim() : str;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setMvsUserId");
        }
    }

    String getUnauthenticatedUserId(SecurityConfig securityConfig) {
        if (this.unauthenticatedUserId == null) {
            this.unauthenticatedUserId = securityConfig.getString("com.ibm.security.SAF.unauthenticated");
            if (this.unauthenticatedUserId != null) {
                this.unauthenticatedUserId = this.unauthenticatedUserId.toUpperCase().trim();
            }
        }
        return this.unauthenticatedUserId;
    }

    public String getUnauthenticatedUserId() {
        return getUnauthenticatedUserId(SecurityObjectLocator.getSecurityConfig());
    }

    public CredentialType getCredentialType() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getCredentialType");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getCredentialType", this.credType);
        }
        return this.credType;
    }

    public String getAuditString() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getAuditString");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getAuditString", this.auditString);
        }
        return this.auditString;
    }

    public X509Certificate[] getCertificateChain() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getCertificateChain");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getCertificateChain", this.certChain);
        }
        return this.certChain;
    }

    public String getRoleProfile() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getRoleProfileName");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getRoleProfileName", this.roleProfile);
        }
        return this.roleProfile;
    }

    public boolean isAuthenticated() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isAuthenticated");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isAuthenticated", new Boolean(this.authenticated));
        }
        return this.authenticated;
    }

    public String getDistributedUser() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getdistributedUser");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getdistributedUser", this.distributedUser);
        }
        return this.distributedUser;
    }

    private void setDistributedUser(String str) throws DistributedUserMappingFailedException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setDistributedUser", str);
        }
        if (str == null || str.trim().equalsIgnoreCase("")) {
            Tr.error(tc, "security.zos.saf.idprop.distributedUser.null");
            throw new DistributedUserMappingFailedException(MessageFormatHelper.getFormattedMessage(msgBundle, "security.zos.saf.idprop.distributedUser.null", null));
        }
        if (str.length() > 246) {
            Tr.error(tc, "security.zos.saf.idprop.distributedUser.tooLong", new Object[]{str, Integer.valueOf(MAXIMUM_DIST_USER_LENGTH)});
            throw new DistributedUserMappingFailedException(MessageFormatHelper.getFormattedMessage(msgBundle, "security.zos.saf.idprop.distributedUser.tooLong", new Object[]{str, Integer.valueOf(MAXIMUM_DIST_USER_LENGTH)}));
        }
        this.distributedUser = str;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setDistributedUser");
        }
    }

    public String getDistributedRealm() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getdistributedRealm");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getdistributedRealm", this.distributedRealm);
        }
        return this.distributedRealm;
    }

    private void setDistributedRealm(String str) throws DistributedUserMappingFailedException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setDistributedRealm", str);
        }
        if (str == null || str.trim().equalsIgnoreCase("")) {
            Tr.error(tc, "security.zos.saf.idprop.distributedRealm.null");
            throw new DistributedUserMappingFailedException(MessageFormatHelper.getFormattedMessage(msgBundle, "security.zos.saf.idprop.distributedRealm.null", null));
        }
        if (str.length() > 255) {
            Tr.error(tc, "security.zos.saf.idprop.distributedRealm.tooLong", new Object[]{str, 255});
            throw new DistributedUserMappingFailedException(MessageFormatHelper.getFormattedMessage(msgBundle, "security.zos.saf.idprop.distributedRealm.tooLong", new Object[]{str, 255}));
        }
        this.distributedRealm = str;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setDistributedRealm");
        }
    }

    private void setAuthenticated(boolean z) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setAuthenticated", new Boolean(z));
        }
        this.authenticated = z;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setAuthenticated");
        }
    }

    public boolean isDefault() {
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, WSProfileConstants.S_IS_DEFAULT_PROFILE_ARG);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, WSProfileConstants.S_IS_DEFAULT_PROFILE_ARG, new Boolean(this.isDefault));
        }
        return this.isDefault;
    }

    public Subject getPlatformCredSubject() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getPlatformCredSubject");
        }
        Subject createSubjectFromPlatformCred = createSubjectFromPlatformCred();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getPlatformCredSubject", createSubjectFromPlatformCred);
        }
        return createSubjectFromPlatformCred;
    }

    public Subject getJ2CSubject() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getJ2CSubject");
        }
        Subject createJ2CSubject = this.j2cSubject != null ? this.j2cSubject : createJ2CSubject();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getJ2CSubject", createJ2CSubject);
        }
        return createJ2CSubject;
    }

    private Subject createJ2CSubject() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createJ2CSubject");
        }
        byte[] createUtoken = PlatformCredentialManager.instance().createUtoken(this);
        if (createUtoken == null) {
            throw new IllegalStateException("Could not create credential utoken");
        }
        GenericCredentialImpl genericCredentialImpl = new GenericCredentialImpl(getUserId(), createUtoken, GenericCredentialImpl.secMechUToken);
        Subject subject = new Subject();
        subject.getPrivateCredentials().add(genericCredentialImpl);
        subject.getPrivateCredentials().add(this);
        subject.getPrincipals().add(new WSPrincipalImpl(getMvsUserId()));
        subject.setReadOnly();
        this.j2cSubject = subject;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createJ2CSubject", subject);
        }
        return subject;
    }

    private Subject createSubjectFromPlatformCred() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createSubjectFromPlatformCred");
        }
        Subject subject = null;
        ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
        try {
            subject = contextManagerFactory.login(contextManagerFactory.getProperty(CommonConstants.ACTIVE_USER_REGISTRY_REALM), getUserId());
        } catch (WSLoginFailedException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.auth.PlatformCredential.createSubjectFromPlatformCred", "642", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Login failed", e);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createSubjectFromPlatformCred", subject);
        }
        return subject;
    }

    private void writeObject(ObjectOutputStream objectOutputStream) throws IOException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "writeObject", objectOutputStream);
        }
        long currentTimeMillis = System.currentTimeMillis();
        CredentialType credentialType = this.credType;
        if (credentialType == BASIC && this.authenticated) {
            credentialType = ASSERTED;
        }
        ObjectOutputStream.PutField putFields = objectOutputStream.putFields();
        putFields.put("version", this.version);
        putFields.put("userId", this.userId);
        putFields.put("auditString", this.auditString);
        putFields.put("serializationTime", currentTimeMillis);
        putFields.put(WSProfileConstants.S_IS_DEFAULT_PROFILE_ARG, this.isDefault);
        putFields.put("mvsUserId", this.mvsUserId);
        putFields.put("credType", credentialType);
        putFields.put("certChain", this.certChain);
        putFields.put("roleProfile", this.roleProfile);
        putFields.put("distributedUser", this.distributedUser);
        putFields.put("distributedRealm", this.distributedRealm);
        objectOutputStream.writeFields();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "writeObject");
        }
    }

    private void readObject(ObjectInputStream objectInputStream) throws IOException, ClassNotFoundException {
        if (tc.isDebugEnabled()) {
            Tr.entry(tc, "readObject", objectInputStream);
        }
        ObjectInputStream.GetField getField = null;
        try {
            getField = objectInputStream.readFields();
            this.version = getField.get("version", 1);
        } catch (IOException e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Could not determine version", e);
            }
            this.version = 0;
            this.userId = getUnauthenticatedUserId();
            this.isDefault = true;
        }
        switch (this.version) {
            case 0:
            case 1:
                break;
            case 4:
            default:
                this.distributedUser = (String) getField.get("distributedUser", (Object) null);
                this.distributedRealm = (String) getField.get("distributedRealm", (Object) null);
            case 3:
                this.mvsUserId = (String) getField.get("mvsUserId", (Object) null);
                this.credType = (CredentialType) getField.get("credType", DEFAULT);
                this.certChain = (X509Certificate[]) getField.get("certChain", (Object) null);
                this.roleProfile = (String) getField.get("roleProfile", (Object) null);
                this.credType = getNormalizedCredentialType(this.credType);
            case 2:
                this.userId = (String) getField.get("userId", getUnauthenticatedUserId());
                this.auditString = (String) getField.get("auditString", (Object) null);
                this.isDefault = getField.get(WSProfileConstants.S_IS_DEFAULT_PROFILE_ARG, true);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Last serialized date", new Date(getField.get("serializationTime", 0L)));
                    break;
                }
                break;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "readObject");
        }
    }

    public String getCacheKeyString() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getCacheKeyString");
        }
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(this.credType).append(": ");
        stringBuffer.append("auditString=").append(this.auditString);
        if (this.credType == ROLE) {
            stringBuffer.append(",roleProfile=").append(this.roleProfile);
            stringBuffer.append(",mvsUserId=").append(this.mvsUserId);
        } else {
            stringBuffer.append(",userId=").append(this.userId);
            stringBuffer.append(",isDefault=").append(this.isDefault);
        }
        if (this.certChain != null && this.certChain[0] != null) {
            stringBuffer.append(",certSerialNumber=").append(this.certChain[0].getSerialNumber());
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getCacheKeyString", stringBuffer);
        }
        return stringBuffer.toString();
    }

    public String toString() {
        return super.toString() + ",userId=" + this.userId + ",mvsUserId=" + this.mvsUserId + ",isDefault=" + this.isDefault + ",authenticated=" + this.authenticated + ",credType=" + this.credType + ",auditString=" + this.auditString;
    }

    public int hashCode() {
        return (this.credType + this.userId + this.isDefault + this.auditString).hashCode();
    }

    public boolean equals(Object obj) {
        PlatformCredential platformCredential = null;
        if (this == obj) {
            return true;
        }
        if (obj instanceof PlatformCredential) {
            platformCredential = (PlatformCredential) obj;
        }
        if (platformCredential == null) {
            return false;
        }
        return this.version == platformCredential.version && this.isDefault == platformCredential.isDefault && this.credType == platformCredential.credType && (this.credType != BASIC || this.authenticated == platformCredential.authenticated) && ((this.auditString == null && platformCredential.auditString == null) || (this.auditString != null && this.auditString.equals(platformCredential.auditString))) && (this.credType == ROLE || ((this.userId == null && platformCredential.userId == null) || (this.userId != null && this.userId.equals(platformCredential.userId)))) && (this.credType == ROLE || ((this.mvsUserId == null && platformCredential.mvsUserId == null) || (this.mvsUserId != null && this.mvsUserId.equals(platformCredential.mvsUserId)))) && ((this.roleProfile == null && platformCredential.roleProfile == null) || (this.roleProfile != null && this.roleProfile.equals(platformCredential.roleProfile)));
    }

    private CredentialType getNormalizedCredentialType(CredentialType credentialType) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "normalizeCredentialType", credentialType);
        }
        CredentialType credentialType2 = DEFAULT;
        if (BASIC.equals(credentialType)) {
            credentialType2 = BASIC;
        } else if (CERTIFICATE.equals(credentialType)) {
            credentialType2 = CERTIFICATE;
        } else if (ASSERTED.equals(credentialType)) {
            credentialType2 = ASSERTED;
        } else if (ROLE.equals(credentialType)) {
            credentialType2 = ROLE;
        } else if (SERVER.equals(credentialType)) {
            credentialType2 = SERVER;
        } else if (MAPPED.equals(credentialType)) {
            credentialType2 = MAPPED;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "normalizeCredentialType", credentialType2);
        }
        return credentialType2;
    }
}
