package com.ibm.ISecurityLocalObjectGSSUPImpl;

import com.ibm.CORBA.iiop.ORB;
import com.ibm.ISecurityL13SupportImpl.SecurityLogger;
import com.ibm.ISecurityLocalObjectBaseL13Impl.VaultImpl;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.GSSEncodeDecodeException;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.GSSFactory;
import com.ibm.ISecurityUtilityImpl.CSIUtil;
import com.ibm.ISecurityUtilityImpl.RealmSecurityName;
import com.ibm.ISecurityUtilityImpl.SecurityConfiguration;
import com.ibm.ISecurityUtilityImpl.SecurityMinorCodes;
import com.ibm.ISecurityUtilityImpl.StringBytesConversion;
import com.ibm.websphere.security.auth.WSLoginFailedException;
import com.ibm.websphere.security.auth.WSSecurityContext;
import com.ibm.websphere.security.auth.WSSecurityContextException;
import com.ibm.websphere.security.auth.WSSecurityContextResult;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.runtime.service.EndPointMgr;
import com.ibm.ws.security.auth.SubjectHelper;
import com.ibm.ws.security.core.ContextManagerFactory;
import java.util.Map;
import javax.security.auth.Subject;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.omg.CORBA.Any;
import org.omg.CORBA.BAD_OPERATION;
import org.omg.CORBA.CompletionStatus;
import org.omg.CORBA.INTERNAL;
import org.omg.GSSUP.GSSUPMechOID;
import org.omg.GSSUP.InitialContextToken;
import org.omg.GSSUP.InitialContextTokenHelper;
import org.omg.IOP.CodecPackage.FormatMismatch;
import org.omg.IOP.CodecPackage.TypeMismatch;
import org.omg.Security.OpaqueHolder;
import org.omg.SecurityLevel2.CredentialsHolder;

/* loaded from: input_file:lib/sas.jar:com/ibm/ISecurityLocalObjectGSSUPImpl/WSSecurityContextImpl.class */
public final class WSSecurityContextImpl implements WSSecurityContext {
    private GSSFactory _gFactory;
    private ORB _orb;
    private VaultImpl vault;
    private SecurityConfiguration secConfig;

    public WSSecurityContextImpl() {
        this._gFactory = null;
        this._orb = null;
        this.vault = null;
        this.secConfig = null;
        this._gFactory = new GSSFactory(GSSUPMechOID.value);
        this.vault = VaultImpl.getInstance();
        if (this.vault == null) {
            throw new INTERNAL("Vault is NULL.", SecurityMinorCodes.NULL_POINTER_EXCEPTION, CompletionStatus.COMPLETED_NO);
        }
        this._orb = this.vault.getORB();
        VaultImpl vaultImpl = this.vault;
        this.secConfig = VaultImpl.getSecurityConfiguration();
    }

    @Override // com.ibm.websphere.security.auth.WSSecurityContext
    public byte[] initSecContext(WSCredential wSCredential, String str, String str2) throws WSSecurityContextException {
        return initSecContext(SubjectHelper.createSubjectFromWSCredential(wSCredential), str, str2);
    }

    @Override // com.ibm.websphere.security.auth.WSSecurityContext
    public byte[] initSecContext(Subject subject, String str, String str2) throws WSSecurityContextException {
        try {
            CSIUtil cSIUtil = new CSIUtil();
            String realm = RealmSecurityName.getRealm(str2);
            if (realm == null || realm.equals("")) {
                realm = str2;
            }
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("WSSecurityContextImpl.initSecContext", new StringBuffer().append("Realm = ").append(realm).append(", serverName = ").append(str).toString());
            }
            InitialContextToken initialContextToken = new InitialContextToken();
            WSCredential wSCredentialFromSubject = SubjectHelper.getWSCredentialFromSubject(subject);
            String securityName = RealmSecurityName.getSecurityName(wSCredentialFromSubject.getRealmSecurityName());
            try {
                initialContextToken.target_name = this._gFactory.encodeExportedTargetName(realm);
                String stringBuffer = ((realm != null && !realm.equals("")) || securityName == null || securityName.equals("")) ? ((securityName != null && !securityName.equals("")) || realm == null || realm.equals("")) ? (securityName == null || securityName.equals("") || realm == null || realm.equals("")) ? "" : new StringBuffer().append(securityName).append(EndPointMgr.DEFAULT).append(realm).toString() : new StringBuffer().append(EndPointMgr.DEFAULT).append(realm).toString() : securityName;
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("WSSecurityContextImpl.initSecContext", new StringBuffer().append("Scoped username in GSSUP token: ").append(stringBuffer).toString());
                }
                initialContextToken.username = stringBuffer.getBytes("UTF8");
                String convertedString = StringBytesConversion.getConvertedString(wSCredentialFromSubject.getCredentialToken());
                if (convertedString == null) {
                    convertedString = "";
                }
                initialContextToken.password = convertedString.getBytes("UTF8");
                Any create_any = this._orb.create_any();
                if (create_any == null) {
                    SecurityLogger.debugMessage("WSSecurityContextImpl.initSecContext", "Any is NULL.");
                    throw new WSSecurityContextException(14, 0, "Any is NULL.");
                }
                InitialContextTokenHelper.insert(create_any, initialContextToken);
                try {
                    return cSIUtil.getCodec().encode_value(create_any);
                } catch (Exception e) {
                    FFDCFilter.processException(e, "com.ibm.ISecurityLocalObjectGSSUPImpl.WSSecurityContextImpl.initSecContext", "161", this);
                    String stringBuffer2 = new StringBuffer().append("Exception getting codec factory and encoding Any.  Original exception: ").append(e).toString();
                    SecurityLogger.debugMessage("WSSecurityContextImpl.initSecContext", stringBuffer2);
                    throw new WSSecurityContextException(18, 0, stringBuffer2);
                }
            } catch (Exception e2) {
                FFDCFilter.processException(e2, "com.ibm.ISecurityLocalObjectGSSUPImpl.WSSecurityContextImpl.initSecContext", "102", this);
                String stringBuffer3 = new StringBuffer().append("Unable to get target_name from passed-in target name.  Original exception = ").append(e2).toString();
                SecurityLogger.debugMessage("WSSecurityContextImpl.initSecContext", stringBuffer3);
                throw new WSSecurityContextException(18, 0, stringBuffer3);
            }
        } catch (Exception e3) {
            FFDCFilter.processException(e3, "com.ibm.ISecurityLocalObjectGSSUPImpl.WSSecurityContextImpl.initSecContext", "176", this);
            String stringBuffer4 = new StringBuffer().append("Java exception in initSecContext:  Original exception = ").append(e3).toString();
            SecurityLogger.debugMessage("WSSecurityContextImpl.initSecContext", stringBuffer4);
            throw new WSSecurityContextException(13, 0, stringBuffer4);
        }
    }

    @Override // com.ibm.websphere.security.auth.WSSecurityContext
    public WSSecurityContextResult acceptSecContext(byte[] bArr) throws WSSecurityContextException {
        new CredentialsHolder();
        new OpaqueHolder();
        new OpaqueHolder();
        try {
            InitialContextToken extract = InitialContextTokenHelper.extract(new CSIUtil().getCodec().decode_value(bArr, InitialContextTokenHelper.type()));
            String decodeExportedTargetName = this._gFactory.decodeExportedTargetName(extract.target_name);
            String str = new String(extract.username, "UTF8");
            String str2 = new String(extract.password, "UTF8");
            String str3 = "";
            String str4 = "";
            if (str != null && !str.equals("")) {
                int lastIndexOf = str.lastIndexOf(EndPointMgr.DEFAULT);
                if (lastIndexOf < 0) {
                    str3 = str;
                    str4 = RealmSecurityName.getRealm(decodeExportedTargetName);
                    if (str4 == null || str4.equals("")) {
                        str4 = decodeExportedTargetName;
                    }
                } else {
                    str3 = str.substring(0, lastIndexOf);
                    str4 = str.substring(lastIndexOf + 1);
                }
            }
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("WSSecurityContextImpl.acceptSecContext", new StringBuffer().append("Security name for WS credential: ").append(str3).append(EndPointMgr.DEFAULT).append(decodeExportedTargetName).append(", password: ").append(SecurityConfiguration.mask(str2)).toString());
            }
            if (str3 == null || str3.length() < 1) {
                SecurityLogger.debugMessage("WSSecurityContextImpl.acceptSecContext", "Userid is null.");
                throw new WSSecurityContextException(15, 0, "Userid is null.");
            }
            if (str3.equals("UNAUTHENTICATED")) {
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("WSSecurityContextImpl.acceptSecContext", "Received unauthenticated GSSUP token.");
                }
                return new WSSecurityContextResult(null, null);
            }
            try {
                Subject login = ContextManagerFactory.getInstance().login(str4, str3, str2, this.secConfig.getRMIInboundLoginConfig(), (HttpServletRequest) null, (HttpServletResponse) null, (Map) null);
                if (login == null) {
                    throw new WSSecurityContextException(0, 0, "Authentication Failed.");
                }
                if (this.secConfig.delegateBasicAuth() && this.secConfig.getauthenticationTarget() == 2) {
                    if (SecurityLogger.debugTraceEnabled) {
                        SecurityLogger.debugMessage("WSSecurityContextImpl.acceptSecContext", "Caching basicauth subject");
                    }
                    this.vault.addBasicAuthSubject(new StringBuffer().append(str4).append("/").append(str3).toString(), SubjectHelper.createBasicAuthSubject(str4, str3, str2));
                }
                return new WSSecurityContextResult(null, login);
            } catch (WSLoginFailedException e) {
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("WSSecurityContextImpl.acceptSecContext", new StringBuffer().append("WSLoginFailedException occurred in acceptSecContext: ").append(e.getMessage()).toString());
                    SecurityLogger.logException("WSSecurityContextImpl.acceptSecContext", e, 0, 0);
                }
                FFDCFilter.processException(e, "com.ibm.ISecurityLocalObjectGSSUPImpl.WSSecurityContextImpl.acceptSecContext", "341", this);
                throw new WSSecurityContextException(0, 0, e.getMessage(), e);
            } catch (Exception e2) {
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("WSSecurityContextImpl.acceptSecContext", new StringBuffer().append("Exception occurred in acceptSecContext: ").append(e2.getMessage()).toString());
                    SecurityLogger.logException("WSSecurityContextImpl.acceptSecContext", e2, 0, 0);
                }
                FFDCFilter.processException(e2, "com.ibm.ISecurityLocalObjectGSSUPImpl.WSSecurityContextImpl.acceptSecContext", "353", this);
                throw new WSSecurityContextException(0, 0, e2.getMessage(), e2);
            }
        } catch (BAD_OPERATION e3) {
            FFDCFilter.processException((Throwable) e3, "com.ibm.ISecurityLocalObjectGSSUPImpl.WSSecurityContextImpl.acceptSecContext", "406", (Object) this);
            String stringBuffer = new StringBuffer().append("Corba BAD_OPERATION exception occurred, reason: ").append(e3.getMessage()).toString();
            SecurityLogger.debugMessage("WSSecurityContextImpl.acceptSecContext", stringBuffer);
            SecurityLogger.logException("WSSecurityContextImpl.acceptSecContext", e3, 0, 0);
            throw new WSSecurityContextException(9, 0, stringBuffer);
        } catch (GSSEncodeDecodeException e4) {
            FFDCFilter.processException(e4, "com.ibm.ISecurityLocalObjectGSSUPImpl.WSSecurityContextImpl.acceptSecContext", "395", this);
            String stringBuffer2 = new StringBuffer().append("GSSEncodeDecodeException occurred, reason: ").append(e4.getMessage()).toString();
            SecurityLogger.debugMessage("WSSecurityContextImpl.acceptSecContext", stringBuffer2);
            SecurityLogger.logException("WSSecurityContextImpl.acceptSecContext", e4, 0, 0);
            throw new WSSecurityContextException(18, 0, stringBuffer2);
        } catch (WSSecurityContextException e5) {
            FFDCFilter.processException(e5, "com.ibm.ISecurityLocalObjectGSSUPImpl.WSSecurityContextImpl.acceptSecContext", "387", this);
            SecurityLogger.debugMessage("WSSecurityContextImpl.acceptSecContext", new StringBuffer().append("Caught WSSecurityContextException, reason: ").append(e5.getMessage()).toString());
            SecurityLogger.logException("WSSecurityContextImpl.acceptSecContext", e5, 0, 0);
            throw e5;
        } catch (FormatMismatch e6) {
            FFDCFilter.processException((Throwable) e6, "com.ibm.ISecurityLocalObjectGSSUPImpl.WSSecurityContextImpl.acceptSecContext", "428", (Object) this);
            SecurityLogger.debugMessage("WSSecurityContextImpl.acceptSecContext", "Codec Factory FormatMismatch exception occurred.");
            SecurityLogger.logException("WSSecurityContextImpl.acceptSecContext", e6, 0, 0);
            throw new WSSecurityContextException(18, 0, "Codec Factory FormatMismatch exception occurred.");
        } catch (Exception e7) {
            FFDCFilter.processException(e7, "com.ibm.ISecurityLocalObjectGSSUPImpl.WSSecurityContextImpl.acceptSecContext", "439", this);
            SecurityLogger.logException("WSSecurityContextImpl.acceptSecContext", e7, 0, 0);
            throw new WSSecurityContextException(13, 0, "Java exception occurred.");
        } catch (TypeMismatch e8) {
            FFDCFilter.processException((Throwable) e8, "com.ibm.ISecurityLocalObjectGSSUPImpl.WSSecurityContextImpl.acceptSecContext", "417", (Object) this);
            SecurityLogger.debugMessage("WSSecurityContextImpl.acceptSecContext", "Codec Factory Type Mismatch exception occurred.");
            SecurityLogger.logException("WSSecurityContextImpl.acceptSecContext", e8, 0, 0);
            throw new WSSecurityContextException(18, 0, "Codec Factory Type Mismatch exception occurred.");
        }
    }

    @Override // com.ibm.websphere.security.auth.WSSecurityContext
    public void completeSecContext(byte[] bArr) {
    }

    @Override // com.ibm.websphere.security.auth.WSSecurityContext
    public void dispose() {
    }
}
