package com.ibm.ws.management.util;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.management.authorizer.AdminAuthorizer;
import com.ibm.websphere.management.authorizer.AdminAuthorizerFactory;
import com.ibm.websphere.management.authorizer.service.AdminAuthzServiceEvent;
import com.ibm.websphere.management.authorizer.service.AdminAuthzServiceListener;
import com.ibm.websphere.security.WebSphereRuntimePermission;
import com.ibm.websphere.security.auth.WSLoginFailedException;
import com.ibm.websphere.security.auth.WSSecurityContext;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.auth.SubjectHelper;
import com.ibm.ws.security.core.ContextManager;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.security.role.RoleBasedAppException;
import com.ibm.ws.security.role.RoleBasedConfigurator;
import com.ibm.ws.security.role.RoleBasedConfiguratorNullImpl;
import com.ibm.ws.security.service.SecurityService;
import com.ibm.ws.security.service.SecurityServiceEvent;
import com.ibm.ws.security.service.SecurityServiceListener;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.StringTokenizer;
import javax.security.auth.Subject;

/* loaded from: input_file:com.ibm.ws.admin.client_6.1.0.jar:com/ibm/ws/management/util/SecurityHelper.class */
public final class SecurityHelper implements SecurityServiceListener, AdminAuthzServiceListener, SecurityServiceMonitor {
    private static final TraceComponent tc;
    public static final String isInternal = "isInternal";
    public static final String loginMethod = "LoginMethod";
    public static final String tokenBasedAuth = "TokenBased";
    public static final String basicAuth = "BasicAuth";
    public static final String tokeElement = "token";
    public static final String trustStoreProp = "javax.net.ssl.trustStore";
    public static final String keyStoreProp = "javax.net.ssl.keyStore";
    public static final String trustStorePasswordProp = "javax.net.ssl.trustStorePassword";
    public static final String keyStorePasswordProp = "javax.net.ssl.keyStorePassword";
    public static final String trustStoreTypeProp = "javax.net.ssl.trustStoreType";
    public static final String keyStoreTypeProp = "javax.net.ssl.keyStoreType";
    public static final String sslHandlerProp = "java.protocol.handler.pkgs";
    public static final String defaultSslHandler = "com.ibm.net.ssl.internal.www.protocol";
    public static final String FIPSProvider = "ssl.SocketFactory.provider";
    public static final String contextProvider = "com.ibm.ssl.contextProvider";
    private static String realm;
    private static final WebSphereRuntimePermission perm;
    private static ContextManager contextMgr;
    private static SecurityHelper myself;
    private static String URL_HANDLER_PROP;
    private static final String PKGNAME_DELIMITER = "|";
    static Class class$com$ibm$ws$management$util$SecurityHelper;
    private boolean securityEnabled = false;
    private boolean securityServiceEnabled = false;
    private boolean securityServiceStopped = false;
    private RoleBasedConfigurator configurator = new RoleBasedConfiguratorNullImpl();
    private SecurityService securityService = null;
    private WSSecurityContext securityContext = null;
    private String clientSSLAlias = null;
    private AdminAuthorizer authorizer = null;

    private SecurityHelper() {
    }

    public static SecurityHelper getHelper() {
        return myself;
    }

    public String getClientSSLAlias() {
        return this.clientSSLAlias;
    }

    public void setClientSSLAlias(String str) {
        this.clientSSLAlias = str;
    }

    @Override // com.ibm.websphere.management.authorizer.service.AdminAuthzServiceListener
    public void stateChanged(AdminAuthzServiceEvent adminAuthzServiceEvent) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "stateChanged", adminAuthzServiceEvent);
        }
        if (adminAuthzServiceEvent.getState() == 1) {
            try {
                this.authorizer = AdminAuthorizerFactory.getAdminAuthorizer();
            } catch (Exception e) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "AdminAuthorizer not initialized");
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "stateChanged");
        }
    }

    /* JADX WARN: Finally extract failed */
    @Override // com.ibm.ws.security.service.SecurityServiceListener
    public void stateChanged(SecurityServiceEvent securityServiceEvent) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "stateChanged");
        }
        int state = securityServiceEvent.getState();
        if (state == 1) {
            try {
                realm = this.securityService.getRealm();
                try {
                    this.securityContext = this.securityService.getWSSecurityContext();
                    contextMgr = ContextManagerFactory.getInstance();
                } catch (Exception e) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Error getting contextManager from security component.");
                    }
                }
                try {
                    try {
                        this.configurator = this.securityService.getConfigurator();
                        this.securityService = null;
                    } catch (RoleBasedAppException e2) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "RoleBasedConfigurator not initialized");
                        }
                        this.securityService = null;
                    }
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Marking the Security Service as having been started.");
                    }
                    this.securityServiceEnabled = true;
                    this.securityServiceStopped = false;
                } catch (Throwable th) {
                    this.securityService = null;
                    throw th;
                }
            } catch (Throwable th2) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Marking the Security Service as having been started.");
                }
                this.securityServiceEnabled = true;
                this.securityServiceStopped = false;
                throw th2;
            }
        } else if (state == 2) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Marking the Security Service as having been stopped.");
            }
            this.securityServiceStopped = true;
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("Security service state change to: ").append(state).toString());
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "stateChanged");
        }
    }

    public WSSecurityContext getWSSecurityContext() {
        return this.securityContext;
    }

    public void setSecurityService(SecurityService securityService) {
        this.securityService = securityService;
        this.securityEnabled = this.securityService.isSecurityEnabled();
    }

    public boolean isSecurityEnabled() {
        return this.securityEnabled;
    }

    public AdminAuthorizer getAdminAuthorizer() {
        return this.authorizer;
    }

    @Override // com.ibm.ws.management.util.SecurityServiceMonitor
    public boolean isSecurityServiceStarted() {
        return this.securityServiceEnabled;
    }

    @Override // com.ibm.ws.management.util.SecurityServiceMonitor
    public boolean isSecurityServiceStopped() {
        return this.securityServiceStopped;
    }

    public RoleBasedConfigurator getConfigurator() {
        return this.configurator;
    }

    public String getRealm() {
        return realm;
    }

    public static Subject authenticate(String str, String str2) throws WSLoginFailedException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "authenticate");
        }
        try {
            Subject login = getContextManager().login(getContextManager().getDefaultRealm(), str, str2);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "authenticate");
            }
            return login;
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "fail to authenticate", e);
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "authenticate - failed");
            }
            if (e instanceof WSLoginFailedException) {
                throw ((WSLoginFailedException) e);
            }
            throw new WSLoginFailedException(e.getMessage(), e);
        }
    }

    public static Subject validate(byte[] bArr) throws WSLoginFailedException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "validate");
        }
        try {
            Subject login = getContextManager().login(getContextManager().getDefaultRealm(), bArr);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "validate");
            }
            return login;
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "fail to validate", e);
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "validate - failed");
            }
            if (e instanceof WSLoginFailedException) {
                throw ((WSLoginFailedException) e);
            }
            throw new WSLoginFailedException(e.getMessage(), e);
        }
    }

    public static Subject createBasicAuthSubject(String str, String str2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createBasicAuthSubject");
        }
        Subject subject = null;
        try {
            subject = SubjectHelper.createBasicAuthSubject(getContextManager().getDefaultRealm(), str, str2);
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "fail to create basic auth subject", e);
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "authenticate - failed");
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createBasicAuthSubject");
        }
        return subject;
    }

    public static void removeSubjectFromThreadTable(Subject subject) {
        try {
            getContextManager().initializeCallerContext((Subject) null);
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Failed to initialize caller context.", e);
            }
        }
    }

    public static Subject pushInvocationSubject(Subject subject) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "pushInvocationSubject");
        }
        Subject subject2 = null;
        try {
            subject2 = getContextManager().pushInvocationSubject(subject);
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.management.connector.util.SecurityHelper.pushInvocationSubject", "226");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "pushInvocationSubject");
        }
        return subject2;
    }

    public static void popInvocationSubject(Subject subject) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "popInvocationSubject");
        }
        try {
            getContextManager().popInvocationSubject(subject);
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.management.connector.util.SecurityHelper.popInvocationSubject", "239");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "popInvocationSubject");
        }
    }

    public static Subject getOwnedSubject() {
        return getServerSubject();
    }

    public static Subject retrieveSubject() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "retrieveSubject");
        }
        Subject invocationSubject = getInvocationSubject();
        WSCredential wSCredential = null;
        if (invocationSubject != null) {
            wSCredential = SubjectHelper.getWSCredentialFromSubject(invocationSubject);
        }
        if (invocationSubject == null || (wSCredential != null && wSCredential.isUnauthenticated())) {
            invocationSubject = getReceivedSubject();
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "retrieveSubject");
        }
        return invocationSubject;
    }

    public static Subject getInvocationSubject() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getInvocationSubject");
        }
        Subject subject = null;
        boolean z = false;
        try {
            subject = getContextManager().getInvocationSubject();
            if (SubjectHelper.getWSCredentialFromSubject(subject) != null) {
                z = getContextManager().getWSCredTokenMapper().checkValidityOfAllTokensAndRefresh(subject);
                if (!z && tc.isDebugEnabled()) {
                    Tr.debug(tc, "Non-server invocation subject could not be refreshed.");
                }
            }
            if (!z && subject != null && getContextManager().isServerSubject(subject)) {
                try {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Server subject is expired, logging in to get a new one.");
                    }
                    subject = getContextManager().getServerSubject();
                } catch (Exception e) {
                    FFDCFilter.processException(e, "com.ibm.ws.management.connector.util.SecurityHelper.getInvocationSubject", "450");
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "unable to obtain invocation subject or subject expired", e);
                    }
                    subject = null;
                }
            } else if (z || subject == null) {
                if (subject == null && tc.isDebugEnabled()) {
                    Tr.debug(tc, "Invocation subject is null.");
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Non-server invocation subject is invalid or expired.");
            }
        } catch (Exception e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.management.connector.util.SecurityHelper.getInvocationSubject", "394");
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Unable to obtain invocation subject from ContextManager.", e2);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getInvocationSubject");
        }
        return subject;
    }

    public static void resetContext() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "resetContext");
        }
        try {
            getContextManager().initializeCallerContext((Subject) null);
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "fail to initialize caller context.", e);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "resetContext");
        }
    }

    public static void setInvocationSubject(Subject subject) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setInvocationSubject");
        }
        try {
            getContextManager().setInvocationSubject(subject);
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "fail to set invocation subject.", e);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setInvocationSubject");
        }
    }

    public static void setReceivedSubject(Subject subject) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setReceivedSubject");
        }
        try {
            getContextManager().setCallerSubject(subject);
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Failed to set caller subject.", e);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setReceivedSubject");
        }
    }

    public static Subject getReceivedSubject() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getReceivedSubject");
        }
        Subject subject = null;
        WSCredential wSCredential = null;
        boolean z = false;
        try {
            subject = getContextManager().getCallerSubject();
            if (subject != null) {
                wSCredential = SubjectHelper.getWSCredentialFromSubject(subject);
            }
            if (wSCredential != null) {
                z = wSCredential.isCurrent();
            }
            if (!z && subject != null && getContextManager().isServerSubject(subject)) {
                try {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Server subject is expired, logging in to get a new one.");
                    }
                    subject = getContextManager().getServerSubject();
                } catch (Exception e) {
                    FFDCFilter.processException(e, "com.ibm.ws.management.connector.util.SecurityHelper.getReceivedSubject", "557");
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "unable to obtain received subject or subject is expired", e);
                    }
                    subject = null;
                }
            } else if (!z && subject != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Non-server received subject is invalid or expired.");
                }
                subject = null;
            } else if (subject == null && tc.isDebugEnabled()) {
                Tr.debug(tc, "Received subject is null.");
            }
        } catch (Exception e2) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Unable to obtain received subject from ContextManager.", e2);
            }
            FFDCFilter.processException(e2, "com.ibm.ws.management.connector.util.SecurityHelper.getReceivedSubject", "504");
            z = false;
        }
        if (z && subject != null) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getReceivedSubject");
            }
            return subject;
        }
        if (!tc.isEntryEnabled()) {
            return null;
        }
        Tr.exit(tc, "getReceivedSubject");
        return null;
    }

    public static Subject getActualSubject(Subject subject) {
        Subject subject2;
        WSCredential wSCredentialFromSubject = SubjectHelper.getWSCredentialFromSubject(subject);
        if (!wSCredentialFromSubject.isBasicAuth()) {
            return subject;
        }
        try {
            subject2 = getContextManager().login(wSCredentialFromSubject);
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "LoginFailed exception getting server cred.", new Object[]{e});
            }
            FFDCFilter.processException(e, "com.ibm.ws.management.connector.util.SecurityHelper.getActualSubject", "566");
            subject2 = null;
        }
        return subject2;
    }

    public static Subject getServerSubject() {
        Subject subject;
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Performing Java 2 Security Permission Check ...Expecting : ").append(perm.toString()).toString());
            }
            securityManager.checkPermission(perm);
        }
        try {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Getting server subject.");
            }
            subject = getContextManager().getServerSubject();
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "unable to obtain own subject or subject is expired", e);
            }
            FFDCFilter.processException(e, "com.ibm.ws.management.connector.util.SecurityHelper.getServerCredential", "1001");
            subject = null;
        }
        return subject;
    }

    public static String getUserName() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getUserName");
        }
        String str = null;
        try {
            WSCredential wSCredentialFromSubject = SubjectHelper.getWSCredentialFromSubject(retrieveSubject());
            if (wSCredentialFromSubject != null) {
                str = wSCredentialFromSubject.getRealmSecurityName();
            }
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception attempting to getUserName from credential.", new Object[]{e});
            }
            FFDCFilter.processException(e, "com.ibm.ws.management.connector.util.SecurityHelper.getUserName", "637");
        }
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getUserName");
        }
        return str;
    }

    public static String getAuditUserName() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getAuditUserName");
        }
        String str = null;
        try {
            str = getContextManager().getUserBeforeRunAs();
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception attempting to getAuditUserName from Context Manager.", new Object[]{e});
            }
            FFDCFilter.processException(e, "com.ibm.ws.management.connector.util.SecurityHelper.getAuditUserName", "648");
        }
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getAuditUserName");
        }
        return str;
    }

    public static ContextManager getContextManager() {
        if (contextMgr == null) {
            contextMgr = ContextManagerFactory.getInstance();
        }
        return contextMgr;
    }

    public static synchronized void registerPackage(String str) {
        ArrayList arrayList = new ArrayList();
        String property = System.getProperty(URL_HANDLER_PROP);
        if (property != null) {
            StringTokenizer stringTokenizer = new StringTokenizer(property, "|");
            while (stringTokenizer.hasMoreTokens()) {
                arrayList.add(stringTokenizer.nextToken());
            }
        }
        if (arrayList.contains(str)) {
            return;
        }
        arrayList.add(str);
        StringBuffer stringBuffer = new StringBuffer();
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            stringBuffer.append((String) it.next());
            if (it.hasNext()) {
                stringBuffer.append('|');
            }
        }
        System.setProperty(URL_HANDLER_PROP, stringBuffer.toString());
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$com$ibm$ws$management$util$SecurityHelper == null) {
            cls = class$("com.ibm.ws.management.util.SecurityHelper");
            class$com$ibm$ws$management$util$SecurityHelper = cls;
        } else {
            cls = class$com$ibm$ws$management$util$SecurityHelper;
        }
        tc = Tr.register(cls);
        realm = null;
        perm = new WebSphereRuntimePermission("SecOwnCredentials");
        contextMgr = null;
        myself = new SecurityHelper();
        URL_HANDLER_PROP = sslHandlerProp;
    }
}
