package com.ibm.ejs.security.web;

import com.ibm.IExtendedSecurityPriv.PrincipalAuthenticator;
import com.ibm.ISecurityLocalObjectBaseL13Impl.CurrentImpl;
import com.ibm.ISecurityLocalObjectBasicAuthImpl.CredentialsImpl;
import com.ibm.WebSphereSecurity.AuthenticationFailedException;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ejs.security.SecurityCollaborator;
import com.ibm.ejs.security.SecurityContext;
import com.ibm.ejs.security.SecurityServer;
import com.ibm.ejs.security.util.CredentialCache;
import com.ibm.ejs.security.util.LTPAValidationCache;
import com.ibm.ejs.sm.active.ActiveSecurityConfigConfig;
import javax.servlet.http.Cookie;
import org.omg.CORBA.Any;
import org.omg.Security.Attribute;
import org.omg.Security.OpaqueHolder;
import org.omg.SecurityLevel2.Credentials;
import org.omg.SecurityLevel2.CredentialsHolder;

/* loaded from: input_file:com/ibm/ejs/security/web/WebAuthenticator.class */
public class WebAuthenticator {
    private static final TraceComponent tc;
    private static WebAuthenticator webAuthInstance;
    private CurrentImpl securityCurrent = null;
    private PrincipalAuthenticator principalAuthenticator = null;
    private boolean ltpaEnabled = false;
    private static final int DEFAULT_METHOD = 0;
    private static final int AUTHDATA_METHOD = 0;
    private static final int TOKEN_METHOD = 131072;
    public static final String CREDENTIAL_CACHE_SIZE = "com.ibm.websphere.security.util.CredentialCacheSize";
    public static final String LTPA_VALIDATION_CACHE_SIZE = "com.ibm.websphere.security.util.LTPAValidationCacheSize";
    private static final String nullString = "";
    private static final String[] nullStringArray;
    private static AuthenticationResult AUTHN_FAILED_RESULT;
    private static AuthenticationResult CRED_FAILED_RESULT;
    protected static CredentialCache credentialCache;
    protected static LTPAValidationCache validationCache;
    protected static TrustAssociationManager taManager;
    static Class class$com$ibm$ejs$security$web$WebAuthenticator;

    static {
        Class class$;
        if (class$com$ibm$ejs$security$web$WebAuthenticator != null) {
            class$ = class$com$ibm$ejs$security$web$WebAuthenticator;
        } else {
            class$ = class$("com.ibm.ejs.security.web.WebAuthenticator");
            class$com$ibm$ejs$security$web$WebAuthenticator = class$;
        }
        tc = Tr.register(class$);
        webAuthInstance = null;
        nullStringArray = new String[0];
        AUTHN_FAILED_RESULT = new AuthenticationResult(2, "Authentication Failed");
        CRED_FAILED_RESULT = new AuthenticationResult(2, "credential validation failure");
        credentialCache = null;
        validationCache = null;
        taManager = null;
    }

    private WebAuthenticator(ActiveSecurityConfigConfig activeSecurityConfigConfig) {
        initializeSas(activeSecurityConfigConfig);
        taManager = TrustAssociationManager.create();
    }

    /* JADX WARN: Removed duplicated region for block: B:47:0x03cc A[Catch: Exception -> 0x041e, TryCatch #1 {Exception -> 0x041e, blocks: (B:3:0x000a, B:5:0x002c, B:7:0x0033, B:9:0x0048, B:12:0x0060, B:14:0x0072, B:16:0x007b, B:17:0x0085, B:19:0x00a0, B:22:0x00ac, B:24:0x00bf, B:26:0x00c7, B:28:0x00da, B:30:0x00e5, B:33:0x0120, B:36:0x0138, B:38:0x014e, B:42:0x0159, B:44:0x0175, B:45:0x03bf, B:47:0x03cc, B:49:0x03f8, B:50:0x0415, B:56:0x01c4, B:57:0x01dd, B:58:0x01de, B:60:0x01e8, B:62:0x0224, B:66:0x0230, B:68:0x0242, B:70:0x0249, B:75:0x0261, B:78:0x02a9, B:82:0x02b9, B:83:0x02ba, B:85:0x02c4, B:87:0x02d6, B:89:0x0301, B:91:0x030a, B:92:0x0321, B:94:0x033b, B:96:0x0354, B:100:0x03a5, B:103:0x038c, B:104:0x0399, B:106:0x02e0), top: B:2:0x000a, inners: #2, #4, #5 }] */
    /* JADX WARN: Removed duplicated region for block: B:53:0x0412  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public com.ibm.ejs.security.web.AuthenticationResult authenticate(com.ibm.ejs.security.web.WebAttributes r12, javax.servlet.http.HttpServletRequest r13) {
        /*
            Method dump skipped, instructions count: 1092
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ejs.security.web.WebAuthenticator.authenticate(com.ibm.ejs.security.web.WebAttributes, javax.servlet.http.HttpServletRequest):com.ibm.ejs.security.web.AuthenticationResult");
    }

    public AuthenticationResult basicAuthenticate(String str, String str2, String str3) {
        AuthenticationResult authenticationResult;
        Credentials credential;
        Tr.entry(tc, "basicAuthenticate");
        try {
            credential = credentialCache.getCredential(str2, str3);
        } catch (Exception e) {
            Tr.exit(tc, "basicAuthenticate", e);
            authenticationResult = new AuthenticationResult(2, e.getMessage());
        }
        if (credential == null) {
            Tr.exit(tc, "basicAuthenticate: authentication failed");
            return AUTHN_FAILED_RESULT;
        }
        authenticationResult = new AuthenticationResult(1, credential);
        authenticationResult.realm = str;
        authenticationResult.userName = str2;
        authenticationResult.passWord = str3;
        Tr.exit(tc, "basicAuthenticate");
        return authenticationResult;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    public static WebAuthenticator create(ActiveSecurityConfigConfig activeSecurityConfigConfig) {
        if (webAuthInstance == null) {
            webAuthInstance = new WebAuthenticator(activeSecurityConfigConfig);
        }
        return webAuthInstance;
    }

    private Cookie createCookie(String str, String str2, WebAttributes webAttributes) {
        Cookie cookie = new Cookie(str, str2);
        webAttributes.copyInto(cookie);
        return cookie;
    }

    public Credentials getActualCredentials(Credentials credentials) throws AuthenticationFailedException {
        Tr.entry(tc, "getActualCredentials");
        if (credentials instanceof CredentialsImpl) {
            Tr.debug(tc, "getting SAS mapped credentials");
            try {
                credentials = ((CredentialsImpl) credentials).get_mapped_credentials((String) null, nullString, (Any) null);
            } catch (Exception e) {
                Tr.exit(tc, "getActualCredentials", e);
                throw new AuthenticationFailedException();
            }
        }
        Tr.exit(tc, "getActualCredentials");
        return credentials;
    }

    private String getCookieValue(Cookie[] cookieArr, String str) {
        Tr.entry(tc, "getCookieValue", str);
        String str2 = null;
        if (cookieArr != null) {
            int i = 0;
            while (true) {
                if (i >= cookieArr.length) {
                    break;
                }
                if (str.equals(cookieArr[i].getName())) {
                    str2 = cookieArr[i].getValue();
                    break;
                }
                i++;
            }
        }
        Tr.exit(tc, "getCookieValue", str2);
        return str2;
    }

    public static WebAuthenticator getInstance() {
        return webAuthInstance;
    }

    public Credentials getPreferredCredentials(Credentials credentials, Credentials credentials2) {
        return credentials != null ? credentials : credentials2;
    }

    private SecurityServer getSecurityServer() {
        return SecurityCollaborator.getSecurityServer();
    }

    private void initializeSas(ActiveSecurityConfigConfig activeSecurityConfigConfig) {
        int i;
        Tr.entry(tc, "initializeSas");
        try {
            if (this.securityCurrent == null) {
                this.securityCurrent = SecurityContext.getCurrent();
                if (this.securityCurrent == null) {
                    throw new IllegalStateException("can't get SAS current");
                }
            }
            if (this.principalAuthenticator == null) {
                Tr.debug(tc, "getting SAS current principal authenticator");
                if (activeSecurityConfigConfig.getAuthenticationMechanism().equals("LOCALOS")) {
                    i = 2;
                    this.ltpaEnabled = false;
                } else {
                    i = 1;
                    this.ltpaEnabled = true;
                }
                try {
                    this.principalAuthenticator = this.securityCurrent.principal_authenticator(i);
                    int pluginCacheTimeout = activeSecurityConfigConfig.getPluginCacheTimeout();
                    String property = System.getProperty(CREDENTIAL_CACHE_SIZE);
                    String property2 = System.getProperty(LTPA_VALIDATION_CACHE_SIZE);
                    if (property == null) {
                        property = "200";
                    }
                    if (property2 == null) {
                        property2 = "200";
                    }
                    credentialCache = new CredentialCache(this.principalAuthenticator, new Integer(property).intValue(), pluginCacheTimeout * 1000);
                    validationCache = new LTPAValidationCache(this.principalAuthenticator, new Integer(property2).intValue(), pluginCacheTimeout * 1000);
                } catch (ClassCastException unused) {
                    throw new IllegalStateException("wrong type for PrincipalAuthenticator");
                }
            }
            Tr.exit(tc, "initializeSas");
        } catch (Exception e) {
            Tr.exit(tc, "initializeSas", e);
            throw new IllegalStateException(e.getMessage());
        }
    }

    protected Credentials setSasBasicAuth(String str, String str2, String str3) throws Exception {
        byte[] bArr = null;
        if (str3 != null) {
            bArr = str3.getBytes();
        }
        CredentialsHolder credentialsHolder = new CredentialsHolder();
        if (this.principalAuthenticator.authenticate(0, str2, bArr, (Attribute[]) null, credentialsHolder, new OpaqueHolder(), new OpaqueHolder()).value() == 0) {
            return credentialsHolder.value;
        }
        Tr.debug(tc, "Authentication Failed");
        return null;
    }

    public AuthenticationResult validate(String str, byte[] bArr) {
        AuthenticationResult authenticationResult;
        Credentials credential;
        Tr.entry(tc, "validate");
        try {
            credential = validationCache.getCredential(bArr);
        } catch (Exception e) {
            Tr.exit(tc, "validate", e);
            authenticationResult = new AuthenticationResult(2, e.getMessage());
        }
        if (credential == null) {
            Tr.exit(tc, "validate: LTPA token validation failed");
            return AUTHN_FAILED_RESULT;
        }
        authenticationResult = new AuthenticationResult(1, credential);
        authenticationResult.realm = str;
        Tr.exit(tc, "validate");
        return authenticationResult;
    }
}
