package com.ibm.ISecurityLocalObjectTokenBaseImpl;

import com.ibm.CORBA.iiop.ORB;
import com.ibm.ISecurityL13SupportImpl.SecurityLogger;
import com.ibm.ISecurityL13SupportImpl.SecurityMessages;
import com.ibm.ISecurityLocalObjectBaseL13Impl.VaultImpl;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.GSSEncodeDecodeException;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.GSSFactory;
import com.ibm.ISecurityLocalObjectGSSUPImpl.WSSecurityContextImpl;
import com.ibm.ISecurityUtilityImpl.CSIUtil;
import com.ibm.ISecurityUtilityImpl.MechanismFactory;
import com.ibm.ISecurityUtilityImpl.RealmSecurityName;
import com.ibm.ISecurityUtilityImpl.SecurityConfiguration;
import com.ibm.ISecurityUtilityImpl.SecurityMinorCodes;
import com.ibm.ObjectQuery.crud.catalogbuilder.AbstractCatalogEntryWriter;
import com.ibm.websphere.security.auth.WSLoginFailedException;
import com.ibm.websphere.security.auth.WSSecurityContext;
import com.ibm.websphere.security.auth.WSSecurityContextException;
import com.ibm.websphere.security.auth.WSSecurityContextResult;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.auth.SubjectHelper;
import com.ibm.ws.security.core.ContextManagerFactory;
import javax.security.auth.Subject;
import org.omg.CORBA.BAD_OPERATION;
import org.omg.CORBA.CompletionStatus;
import org.omg.CORBA.INTERNAL;
import org.omg.GSSUP.GSSUPMechOID;
import org.omg.Security.OpaqueHolder;
import org.omg.SecurityLevel2.CredentialsHolder;

/* loaded from: input_file:efixes/PQ95485/components/prereq.wsadie.plugins/update.jar:/eclipse/plugins/com.ibm.websphere.v51_5.1.0.4/lib/sas.jar:com/ibm/ISecurityLocalObjectTokenBaseImpl/WSSecurityContextLTPAImpl.class */
public final class WSSecurityContextLTPAImpl implements WSSecurityContext {
    private GSSFactory _gFactory;
    private ORB _orb;
    private VaultImpl vault;
    private SecurityConfiguration secConfig;
    private MechanismFactory mechFactory;

    public WSSecurityContextLTPAImpl() {
        this._gFactory = null;
        this._orb = null;
        this.vault = null;
        this.secConfig = null;
        this.mechFactory = null;
        this._gFactory = new GSSFactory(GSSUPMechOID.value);
        this.vault = VaultImpl.getInstance();
        if (this.vault == null) {
            throw new INTERNAL("Vault is NULL.", SecurityMinorCodes.NULL_POINTER_EXCEPTION, CompletionStatus.COMPLETED_NO);
        }
        this._orb = this.vault.getORB();
        VaultImpl vaultImpl = this.vault;
        this.secConfig = VaultImpl.getSecurityConfiguration();
        this.mechFactory = this.vault.getMechanismFactory();
    }

    @Override // com.ibm.websphere.security.auth.WSSecurityContext
    public byte[] initSecContext(WSCredential wSCredential, String str, String str2) throws WSSecurityContextException {
        return initSecContext(SubjectHelper.createSubjectFromWSCredential(wSCredential), str, str2);
    }

    @Override // com.ibm.websphere.security.auth.WSSecurityContext
    public byte[] initSecContext(Subject subject, String str, String str2) throws WSSecurityContextException {
        byte[] create_gss_initial_context_token;
        CSIUtil cSIUtil = new CSIUtil();
        OpaqueHolder opaqueHolder = new OpaqueHolder();
        WSCredential wSCredentialFromSubject = SubjectHelper.getWSCredentialFromSubject(subject);
        if (wSCredentialFromSubject == null) {
            String msgOrUseDefault = SecurityMessages.getMsgOrUseDefault("JSAS0020W", "JSAS0020W: Unable to get credentials.");
            if (SecurityLogger.traceEnabled) {
                SecurityLogger.traceMessage("WSSecurityContextImpl.initSecContext", msgOrUseDefault);
            }
            throw new WSSecurityContextException(7, 0, new StringBuffer().append("WSSecurityContextImpl.initSecContext").append(": ").append(msgOrUseDefault).toString());
        }
        try {
            opaqueHolder.value = wSCredentialFromSubject.getCredentialToken();
            if (wSCredentialFromSubject.getOID().compareTo(GSSUPMechOID.value) == 0) {
                if (SecurityLogger.traceEnabled) {
                    SecurityLogger.traceMessage("WSSecurityContextImpl.initSecContext", "Encountered GSSUP credential. Calling GSSUP.initSecContext()");
                }
                create_gss_initial_context_token = new WSSecurityContextImpl().initSecContext(subject, str, str2);
            } else {
                create_gss_initial_context_token = cSIUtil.create_gss_initial_context_token(wSCredentialFromSubject.getOID(), opaqueHolder);
            }
            if (SecurityLogger.traceEnabled) {
                SecurityLogger.traceMessage("WSSecurityContextImpl.initSecContext", new StringBuffer().append("Forming client_authentication_token in initSecContext using: username = ").append(wSCredentialFromSubject.getSecurityName()).append(", server = ").append(str).append(", realm = ").append(str2).toString());
            }
            return create_gss_initial_context_token;
        } catch (WSSecurityContextException e) {
            FFDCFilter.processException(e, "com.ibm.ISecurityLocalObjectTokenBaseImpl.WSSecurityContextLTPAImpl.initSecContext", "138", this);
            SecurityLogger.logActivity("WSSecurityContextImpl.initSecContext", 0, new StringBuffer().append("Error creating client_auth_token in initSecContext, reason: ").append(e.toString()).toString());
            throw e;
        } catch (Exception e2) {
            FFDCFilter.processException(e2, "com.ibm.ISecurityLocalObjectTokenBaseImpl.WSSecurityContextLTPAImpl.initSecContext", "147", this);
            SecurityLogger.logActivity("WSSecurityContextImpl.initSecContext", 0, "Exception getting attributes from WSCredential.");
            return null;
        }
    }

    @Override // com.ibm.websphere.security.auth.WSSecurityContext
    public WSSecurityContextResult acceptSecContext(byte[] bArr) throws WSSecurityContextException {
        CSIUtil cSIUtil = new CSIUtil();
        new CredentialsHolder();
        new OpaqueHolder();
        new OpaqueHolder();
        OpaqueHolder opaqueHolder = new OpaqueHolder();
        new byte[1][0] = 100;
        try {
            if (GSSFactory.getMechOIDFromGSSToken(bArr) == null) {
                return new WSSecurityContextImpl().acceptSecContext(bArr);
            }
            cSIUtil.parse_gss_initial_context_token(bArr, opaqueHolder);
            if (opaqueHolder.value == null) {
                if (SecurityLogger.traceEnabled) {
                    SecurityLogger.traceMessage("WSSecurityContextImpl.acceptSecContext", "Failed to parse the gss initial context token.");
                }
                throw new WSSecurityContextException(18, 0, "Failed to parse the gss initial context token.");
            }
            try {
                Subject login = ContextManagerFactory.getInstance().login(RealmSecurityName.getRealm(this.secConfig.getprincipalName()), opaqueHolder.value);
                if (login != null) {
                    return new WSSecurityContextResult(null, login);
                }
                String stringBuffer = new StringBuffer().append("Validation failed in acceptSecContext, reason: Major[").append(4).append("], Minor[").append(0).append("], Message[").append("Subject is null, Token is probably expired.").append(AbstractCatalogEntryWriter.CLOSEBRACKETTE).toString();
                if (SecurityLogger.traceEnabled) {
                    SecurityLogger.traceMessage("WSSecurityContextImpl.acceptSecContext", stringBuffer);
                }
                throw new WSSecurityContextException(4, 0, stringBuffer);
            } catch (WSLoginFailedException e) {
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("WSSecurityContextImpl.acceptSecContext", new StringBuffer().append("WSLoginFailedException occurred in acceptSecContext: ").append(e.getMessage()).toString());
                    SecurityLogger.logException("WSSecurityContextImpl.acceptSecContext", e, 0, 0);
                }
                FFDCFilter.processException(e, "com.ibm.ISecurityLocalObjectGSSUPImpl.WSSecurityContextImpl.acceptSecContext", "306", this);
                throw new WSSecurityContextException(0, 0, e.getMessage(), e);
            } catch (Exception e2) {
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("WSSecurityContextImpl.acceptSecContext", new StringBuffer().append("Exception occurred in acceptSecContext: ").append(e2.getMessage()).toString());
                    SecurityLogger.logException("WSSecurityContextImpl.acceptSecContext", e2, 0, 0);
                }
                FFDCFilter.processException(e2, "com.ibm.ISecurityLocalObjectGSSUPImpl.WSSecurityContextImpl.acceptSecContext", "318", this);
                throw new WSSecurityContextException(0, 0, e2.getMessage(), e2);
            }
        } catch (BAD_OPERATION e3) {
            FFDCFilter.processException((Throwable) e3, "com.ibm.ISecurityLocalObjectTokenBaseImpl.WSSecurityContextLTPAImpl.acceptSecContext", "228", (Object) this);
            String stringBuffer2 = new StringBuffer().append("Corba BAD_OPERATION exception occurred, reason: ").append(e3.getMessage()).toString();
            SecurityLogger.debugMessage("WSSecurityContextImpl.acceptSecContext", stringBuffer2);
            SecurityLogger.logException("WSSecurityContextImpl.acceptSecContext", e3, 0, 0);
            throw new WSSecurityContextException(14, 0, stringBuffer2);
        } catch (GSSEncodeDecodeException e4) {
            FFDCFilter.processException(e4, "com.ibm.ISecurityLocalObjectTokenBaseImpl.WSSecurityContextLTPAImpl.acceptSecContext", "214", this);
            String stringBuffer3 = new StringBuffer().append("Error parsing client_auth_token in acceptSecContext, reason: ").append(e4.toString()).toString();
            SecurityLogger.debugMessage("WSSecurityContextImpl.acceptSecContext", stringBuffer3);
            throw new WSSecurityContextException(18, 0, stringBuffer3);
        } catch (WSSecurityContextException e5) {
            FFDCFilter.processException(e5, "com.ibm.ISecurityLocalObjectTokenBaseImpl.WSSecurityContextLTPAImpl.acceptSecContext", "181", this);
            SecurityLogger.debugMessage("WSSecurityContextImpl.acceptSecContext", new StringBuffer().append("Error parsing client_auth_token in acceptSecContext, reason: ").append(e5.toString()).toString());
            throw e5;
        } catch (Exception e6) {
            FFDCFilter.processException(e6, "com.ibm.ISecurityLocalObjectTokenBaseImpl.WSSecurityContextLTPAImpl.acceptSecContext", "238", this);
            SecurityLogger.logException("WSSecurityContextImpl.acceptSecContext", e6, 0, 0);
            throw new WSSecurityContextException(13, 0, "Java exception occurred.");
        }
    }

    @Override // com.ibm.websphere.security.auth.WSSecurityContext
    public void completeSecContext(byte[] bArr) {
    }

    @Override // com.ibm.websphere.security.auth.WSSecurityContext
    public void dispose() {
    }
}
