package com.ibm.ejs.security;

import com.ibm.WebSphereSecurity.AuthenticationFailedException;
import com.ibm.WebSphereSecurity.AuthenticationNotSupportedException;
import com.ibm.WebSphereSecurity.BasicAuthData;
import com.ibm.WebSphereSecurity.Credential;
import com.ibm.WebSphereSecurity.InvalidTokenException;
import com.ibm.WebSphereSecurity.TokenExpiredException;
import com.ibm.WebSphereSecurity.UnsupportedRealmException;
import com.ibm.WebSphereSecurity.ValidationFailedException;
import com.ibm.WebSphereSecurity.ValidationNotSupportedException;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ejs.security.auth.CredentialMapFailedException;
import com.ibm.ejs.security.auth.CredentialMapNotSupportedException;
import com.ibm.ejs.security.ltpa.LTPAServer;
import com.ibm.ejs.security.ltpa.LTPAServerHome;
import com.ibm.ejs.security.ltpa.LTPAServerObject;
import com.ibm.ejs.security.registry.Registry;
import com.ibm.ejs.security.registry.RegistryBean;
import com.ibm.ejs.security.registry.RegistryHome;
import com.ibm.ejs.security.util.ByteArray;
import com.ibm.ejs.security.util.CacheException;
import com.ibm.ejs.security.util.Constants;
import com.ibm.ejs.security.util.LTPAAuthenticationCache;
import com.ibm.ejs.security.util.LTPATokenCache;
import com.ibm.ejs.security.util.StringUtil;
import com.ibm.ejs.sm.active.ActiveSecurityConfigConfig;
import com.ibm.ejs.sm.beans.RepositoryObjectImpl;
import com.ibm.ejs.sm.exception.ActiveObjectException;
import com.ibm.ejs.sm.server.ManagedServer;
import java.io.UnsupportedEncodingException;
import java.rmi.RemoteException;
import javax.ejb.CreateException;
import javax.ejb.RemoveException;
import javax.ejb.SessionBean;
import javax.ejb.SessionContext;
import javax.naming.Context;
import javax.rmi.PortableRemoteObject;

/* loaded from: input_file:lib/security.jarcom/ibm/ejs/security/SecurityServerBean.class */
public class SecurityServerBean implements SessionBean {
    private static final String nullString = new String();
    private static final String[] nullStringArray = new String[0];
    private static ActiveSecurityConfigConfig activeConfig;
    private SessionContext sessionCtx;
    protected static LTPAServer ltpaServerBean;
    protected static Registry registry;
    private static final TraceComponent tc;
    protected static LTPAAuthenticationCache ltpaAuthCache;
    public static final String LTPA_AUTH_CACHE_SIZE = "com.ibm.websphere.security.util.LTPAAuthCacheSize";
    protected static LTPATokenCache ltpaTokenCache;
    public static final String LTPA_TOKEN_CACHE_SIZE = "com.ibm.websphere.security.util.LTPATokenCacheSize";
    static Class class$com$ibm$ejs$security$SecurityServerBean;
    static Class class$com$ibm$ejs$security$registry$RegistryHome;
    static Class class$com$ibm$ejs$security$ltpa$LTPAServerHome;

    public static void configUpdated(ActiveSecurityConfigConfig activeSecurityConfigConfig) throws ActiveObjectException {
        Tr.entry(tc, "configUpdated");
        try {
            RegistryBean.configUpdated(activeSecurityConfigConfig);
            activeConfig = activeSecurityConfigConfig;
            Tr.exit(tc, "configUpdated");
        } catch (Exception e) {
            Tr.error(tc, Constants.nls.getString("security.active.update.error", "Error updating active configuration"), e);
            throw new ActiveObjectException(e.toString());
        }
    }

    public void ejbActivate() throws RemoteException {
    }

    public void ejbCreate() throws CreateException {
        Class cls;
        Tr.entry(tc, "ejbCreate");
        try {
            Context initialNamingContext = RepositoryObjectImpl.getInitialNamingContext();
            ManagedServer managedServer = ManagedServer.getInstance();
            if (registry == null) {
                Object lookup = initialNamingContext.lookup(managedServer.qualifyRepositoryHomeName("RegistryHome"));
                if (class$com$ibm$ejs$security$registry$RegistryHome == null) {
                    cls = class$("com.ibm.ejs.security.registry.RegistryHome");
                    class$com$ibm$ejs$security$registry$RegistryHome = cls;
                } else {
                    cls = class$com$ibm$ejs$security$registry$RegistryHome;
                }
                registry = ((RegistryHome) PortableRemoteObject.narrow(lookup, cls)).create();
            }
        } catch (Exception e) {
            e.printStackTrace();
            Tr.warning(tc, "ejbCreate", e);
            throw new CreateException();
        } finally {
            Tr.exit(tc, "ejbCreate");
        }
    }

    public void ejbPassivate() throws RemoteException {
    }

    public void ejbRemove() throws RemoteException {
        Tr.entry(tc, "ejbRemove");
        Tr.exit(tc, "ejbRemove");
    }

    public void setSessionContext(SessionContext sessionContext) throws RemoteException {
        this.sessionCtx = sessionContext;
    }

    public Credential authenticateBasicAuthData(String str, BasicAuthData basicAuthData) throws RemoteException, AuthenticationNotSupportedException, AuthenticationFailedException, UnsupportedRealmException {
        Tr.entry(tc, "authenticateBasicAuthData");
        ltpaAuthCache = getLTPAAuthenticationCache();
        Credential credential = null;
        try {
            credential = ltpaAuthCache.getCredential(basicAuthData.userId, basicAuthData.password);
            if (credential != null) {
                ByteArray byteArray = new ByteArray(credential.credentialToken);
                ltpaTokenCache = getLTPATokenCache();
                ltpaTokenCache.insert(byteArray, credential);
            }
        } catch (CacheException e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception from LTPAAuthenticationCache", e);
            }
        }
        if (credential == null) {
            throw new AuthenticationFailedException();
        }
        Tr.exit(tc, "authenticateBasicAuthData");
        return credential;
    }

    public Credential validate(String str, byte[] bArr) throws RemoteException, InvalidTokenException, TokenExpiredException, ValidationFailedException, ValidationNotSupportedException, UnsupportedRealmException {
        Tr.entry(tc, "validate");
        ltpaTokenCache = getLTPATokenCache();
        Credential credential = null;
        try {
            credential = ltpaTokenCache.getCredential(bArr);
        } catch (CacheException e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception from LTPATokenCache", e);
            }
        }
        if (credential == null) {
            Tr.debug(tc, "Credential returned from LTPATokenCache is NULL");
            throw new ValidationFailedException();
        }
        Tr.exit(tc, "validate");
        return credential;
    }

    public Credential mapCredential(String str, Credential credential) throws CredentialMapNotSupportedException, CredentialMapFailedException, RemoteException {
        Tr.entry(tc, "mapCredential");
        LTPAServerObject lTPAServer = getLTPAServer();
        if (lTPAServer == null) {
            Tr.error(tc, Constants.nls.getString("security.ltpaserver.notexist", "LTPAServer does not exist"));
            throw new CredentialMapNotSupportedException("LTPAServer non existent");
        }
        Credential mapCredential = lTPAServer.mapCredential(credential);
        Tr.exit(tc, "mapCredential");
        return mapCredential;
    }

    public Credential authenticateSSOToken(String str, byte[] bArr) throws RemoteException, AuthenticationNotSupportedException, AuthenticationFailedException, InvalidTokenException, UnsupportedRealmException {
        Tr.entry(tc, "authenticateSSOToken");
        LTPAServerObject lTPAServer = getLTPAServer();
        if (lTPAServer == null) {
            Tr.error(tc, Constants.nls.getString("security.ltpaserver.notexist", "LTPAServer does not exist"));
            throw new AuthenticationNotSupportedException();
        }
        Credential authenticateLoginToken = lTPAServer.authenticateLoginToken(bArr);
        Tr.exit(tc, "authenticateSSOToken");
        return authenticateLoginToken;
    }

    public byte[] issueSSOToken(BasicAuthData basicAuthData) throws RemoteException {
        Tr.entry(tc, "issueSSOToken");
        LTPAServerObject lTPAServer = getLTPAServer();
        if (lTPAServer == null) {
            Tr.error(tc, Constants.nls.getString("security.ltpaserver.notexist", "LTPAServer does not exist"));
            throw new RemoteException(Constants.nls.getString("security.ltpaserver.notexist", "LTPAServer does not exist"));
        }
        Tr.exit(tc, "issueSSOToken");
        return lTPAServer.issueLoginToken(basicAuthData);
    }

    public Registry getRegistry(String str) throws RemoteException, UnsupportedRealmException {
        Tr.entry(tc, "getRegistry");
        Tr.exit(tc, "getRegistry");
        return registry;
    }

    protected LTPAAuthenticationCache getLTPAAuthenticationCache() {
        Tr.entry(tc, "getLTPAAuthenticationCache");
        if (ltpaAuthCache == null) {
            initLTPAServerBean();
            long pluginCacheTimeout = activeConfig != null ? activeConfig.getPluginCacheTimeout() : 600L;
            String property = System.getProperty(LTPA_AUTH_CACHE_SIZE);
            if (property == null) {
                property = "200";
            }
            ltpaAuthCache = new LTPAAuthenticationCache(ltpaServerBean, new Integer(property).intValue(), pluginCacheTimeout * 1000);
        }
        Tr.exit(tc, "getLTPAAuthenticationCache");
        return ltpaAuthCache;
    }

    protected LTPATokenCache getLTPATokenCache() {
        Tr.entry(tc, "getLTPATokenCache");
        if (ltpaTokenCache == null) {
            initLTPAServerBean();
            long pluginCacheTimeout = activeConfig != null ? activeConfig.getPluginCacheTimeout() : 600L;
            String property = System.getProperty(LTPA_TOKEN_CACHE_SIZE);
            if (property == null || property == "" || new Integer(property).intValue() < 0) {
                property = "200";
            }
            ltpaTokenCache = new LTPATokenCache(ltpaServerBean, new Integer(property).intValue(), pluginCacheTimeout * 1000);
        }
        Tr.exit(tc, "getLTPATokenCache");
        return ltpaTokenCache;
    }

    protected LTPAServerObject getLTPAServer() {
        Tr.entry(tc, "getLTPAServer");
        initLTPAServerBean();
        Tr.exit(tc, "getLTPAServer");
        return new LTPAServerObject();
    }

    protected void initLTPAServerBean() {
        Class cls;
        if (!activeConfig.getAuthenticationMechanism().equals("LTPA")) {
            if (ltpaServerBean != null) {
                try {
                    ltpaServerBean.remove();
                } catch (RemoteException e) {
                } catch (RemoveException e2) {
                }
                ltpaServerBean = null;
                return;
            }
            return;
        }
        if (ltpaServerBean == null) {
            try {
                Object lookup = RepositoryObjectImpl.getInitialNamingContext().lookup(ManagedServer.getInstance().qualifyRepositoryHomeName("LTPAServerHome"));
                if (class$com$ibm$ejs$security$ltpa$LTPAServerHome == null) {
                    cls = class$("com.ibm.ejs.security.ltpa.LTPAServerHome");
                    class$com$ibm$ejs$security$ltpa$LTPAServerHome = cls;
                } else {
                    cls = class$com$ibm$ejs$security$ltpa$LTPAServerHome;
                }
                ltpaServerBean = ((LTPAServerHome) PortableRemoteObject.narrow(lookup, cls)).create(registry, getLTPAPassword(activeConfig));
            } catch (Exception e3) {
            }
        }
    }

    protected static byte[] getLTPAPassword(ActiveSecurityConfigConfig activeSecurityConfigConfig) throws UnsupportedEncodingException {
        return StringUtil.decrypt(activeSecurityConfigConfig.getAuthenticationMechanismProperties().getProperty("code")).getBytes("UTF8");
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$com$ibm$ejs$security$SecurityServerBean == null) {
            cls = class$("com.ibm.ejs.security.SecurityServerBean");
            class$com$ibm$ejs$security$SecurityServerBean = cls;
        } else {
            cls = class$com$ibm$ejs$security$SecurityServerBean;
        }
        tc = Tr.register(cls);
        ltpaAuthCache = null;
        ltpaTokenCache = null;
    }
}
