package com.ibm.ws.security.core;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.security.auth.AuthenticationFailedException;
import com.ibm.websphere.security.auth.CredentialDestroyedException;
import com.ibm.websphere.security.auth.WSLoginFailedException;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.auth.SubjectHelper;
import com.ibm.ws.security.ltpa.LTPAServerObject;
import com.ibm.ws.security.server.LTPAConfigException;
import com.ibm.ws.security.util.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import javax.security.auth.login.CredentialExpiredException;
import javax.security.auth.x500.X500Principal;

/* loaded from: input_file:com.ibm.ws.admin.client_6.1.0.jar:com/ibm/ws/security/core/LTPALoginHelper.class */
public final class LTPALoginHelper {
    private static final TraceComponent tc;
    private static final LTPALoginHelper _instance;
    private ContextManager _contextManager;
    LTPAServerObject ltpaServer;
    static Class class$com$ibm$ws$security$core$LTPALoginHelper;

    public static LTPALoginHelper instance() {
        return _instance;
    }

    private LTPALoginHelper() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "<init>");
        }
        this._contextManager = ContextManagerFactory.getInstance();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "<init>", this);
        }
    }

    private LTPAServerObject getLTPAServer() {
        try {
            if (this.ltpaServer == null) {
                this.ltpaServer = LTPAServerObject.getLTPAServer();
            }
        } catch (LTPAConfigException e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "LTPA configuration error", e);
            }
        }
        return this.ltpaServer;
    }

    byte[] login(String str, String str2, String str3) {
        if (tc.isEntryEnabled()) {
            TraceComponent traceComponent = tc;
            Object[] objArr = new Object[3];
            objArr[0] = str;
            objArr[1] = str2;
            objArr[2] = str3 != null ? "****" : "null";
            Tr.entry(traceComponent, "login", objArr);
        }
        byte[] bArr = null;
        try {
            WSCredential authenticate = this._contextManager.authenticate(str, str2, str3);
            authenticate.getExpiration();
            bArr = authenticate.getCredentialToken();
        } catch (AuthenticationFailedException e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Authentication failed", e);
            }
        } catch (CredentialDestroyedException e2) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Credential destroyed", e2);
            }
        } catch (Throwable th) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Unexpected exception", th);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "login", bArr);
        }
        return bArr;
    }

    boolean isTokenValid(byte[] bArr) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isTokenValid", bArr);
        }
        boolean z = false;
        try {
            getLTPAServer().validate(bArr);
            z = true;
        } catch (WSLoginFailedException e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "invalid credential", bArr);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isTokenValid", new Boolean(z));
        }
        return z;
    }

    public long getRemainingTime(byte[] bArr) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getRemainingTime", bArr);
        }
        long j = 0;
        try {
            long expiration = getLTPAServer().getExpiration(bArr);
            if (expiration > 0) {
                j = expiration - System.currentTimeMillis();
            }
        } catch (Exception e) {
            Tr.debug(tc, "Token invalid", new Object[]{bArr, e});
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getRemainingTime", new Long(j));
        }
        return j;
    }

    public byte[] encodeDistinguishedName(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "encodeDistinguishedName", str);
        }
        byte[] bArr = null;
        try {
            bArr = (byte[]) AccessController.doPrivileged(new PrivilegedExceptionAction(this, str) { // from class: com.ibm.ws.security.core.LTPALoginHelper.1
                private final String val$distinguishedName;
                private final LTPALoginHelper this$0;

                {
                    this.this$0 = this;
                    this.val$distinguishedName = str;
                }

                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws Exception {
                    return new X500Principal(this.val$distinguishedName).getEncoded();
                }
            });
        } catch (PrivilegedActionException e) {
            if (tc.isEventEnabled()) {
                Tr.event(tc, "Unable to encode DN", new Object[]{str, e.getCause()});
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "encodeDistinguishedName", bArr);
        }
        return bArr;
    }

    public String decodeDistinguishedName(byte[] bArr) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "decodeDistinguishedName", bArr);
        }
        String str = null;
        try {
            str = (String) AccessController.doPrivileged(new PrivilegedExceptionAction(this, bArr) { // from class: com.ibm.ws.security.core.LTPALoginHelper.2
                private final byte[] val$encodedName;
                private final LTPALoginHelper this$0;

                {
                    this.this$0 = this;
                    this.val$encodedName = bArr;
                }

                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws Exception {
                    return new X500Principal(this.val$encodedName).getName();
                }
            });
        } catch (PrivilegedActionException e) {
            if (tc.isEventEnabled()) {
                Tr.event(tc, "Unable to decode DN", new Object[]{bArr, e.getCause()});
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "decodeDistinguishedName", str);
        }
        return str;
    }

    public byte[] getServerLTPAToken() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getServerLTPAToken");
        }
        byte[] bArr = null;
        try {
            WSCredential wSCredentialFromSubject = SubjectHelper.getWSCredentialFromSubject(this._contextManager.getServerSubject());
            try {
                bArr = wSCredentialFromSubject.getCredentialToken();
            } catch (CredentialDestroyedException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.core.LTPALoginHelper", "325", this);
                Tr.error(tc, "security.cred.CredentialDestroyedException");
            } catch (CredentialExpiredException e2) {
                Tr.debug(tc, "Server credential has expired and probably shouldn't have", e2);
                Tr.error(tc, "security.cred.CredentialExpiredException");
            }
            if (bArr == null) {
                bArr = LTPAServerObject.getLTPAServer().createLTPAToken(wSCredentialFromSubject).getCredentialToken();
            }
        } catch (Exception e3) {
            FFDCFilter.processException(e3, "com.ibm.ws.security.core.LTPALoginHelper", "345", this);
            bArr = null;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getServerLTPAToken", bArr);
        }
        return bArr;
    }

    public String getUserFromLTPAToken(byte[] bArr) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getUserFromLTPAToken", bArr);
        }
        String str = "";
        try {
            str = LTPAServerObject.getLTPAServer().validateGetUser(bArr);
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.LTPALoginHelper", "374", this);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getUserFromLTPAToken", str);
        }
        return str;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$com$ibm$ws$security$core$LTPALoginHelper == null) {
            cls = class$("com.ibm.ws.security.core.LTPALoginHelper");
            class$com$ibm$ws$security$core$LTPALoginHelper = cls;
        } else {
            cls = class$com$ibm$ws$security$core$LTPALoginHelper;
        }
        tc = Tr.register(cls, "Security", "com.ibm.ejs.resources.security");
        _instance = new LTPALoginHelper();
    }
}
