package com.ibm.ws.security.util;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.auth.j2c.WSLoginLocalOSExtension;
import com.ibm.ws.security.auth.j2c.WSLoginLocalOSExtensionFactory;
import com.ibm.ws.security.core.ContextManager;
import com.ibm.ws.security.core.ContextManagerFactory;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import javax.security.auth.Subject;

/* loaded from: input_file:lib/wssec.jar:com/ibm/ws/security/util/ServerIdentityHelper.class */
public class ServerIdentityHelper {
    private WSLoginLocalOSExtension securityLoginExtension;
    private ContextManager ctx;
    private boolean m_AppSyncToOSThreadEnabled;
    private boolean m_GlobalSecurityEnabled;
    private static ServerIdentityHelper helper = null;
    private static TraceComponent tc;
    static Class class$com$ibm$ws$security$util$ServerIdentityHelper;

    /* renamed from: com.ibm.ws.security.util.ServerIdentityHelper$1SecurityData, reason: invalid class name */
    /* loaded from: input_file:lib/wssec.jar:com/ibm/ws/security/util/ServerIdentityHelper$1SecurityData.class */
    class C1SecurityData {
        boolean appSyncToOSThreadEnabled;
        boolean globalSecurityEnabled;
        ContextManager ctxMgr;
        WSLoginLocalOSExtension secLoginExtension;
        private final ServerIdentityHelper this$0;

        C1SecurityData(ServerIdentityHelper serverIdentityHelper) {
            this.this$0 = serverIdentityHelper;
        }

        public ContextManager getContextManager() {
            return this.ctxMgr;
        }

        public boolean isGlobalSecurityEnabled() {
            return this.globalSecurityEnabled;
        }

        public WSLoginLocalOSExtension getSecurityLoginExtension() {
            return this.secLoginExtension;
        }

        public boolean isAppSyncToOSThreadEnabled() {
            return this.appSyncToOSThreadEnabled;
        }

        public void setContextManager(ContextManager contextManager) {
            this.ctxMgr = contextManager;
        }

        public void setGlobalSecurityEnabled(boolean z) {
            this.globalSecurityEnabled = z;
        }

        public void setSecurityLoginExtension(WSLoginLocalOSExtension wSLoginLocalOSExtension) {
            this.secLoginExtension = wSLoginLocalOSExtension;
        }

        public void setAppSyncToOSThreadEnabled(boolean z) {
            this.appSyncToOSThreadEnabled = z;
        }
    }

    private ServerIdentityHelper() {
        this.m_AppSyncToOSThreadEnabled = false;
        this.m_GlobalSecurityEnabled = false;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "ServerIdentityHelper<init>:");
        }
        try {
            C1SecurityData c1SecurityData = (C1SecurityData) AccessController.doPrivileged(new PrivilegedExceptionAction(this) { // from class: com.ibm.ws.security.util.ServerIdentityHelper.1
                private final ServerIdentityHelper this$0;

                {
                    this.this$0 = this;
                }

                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws Exception {
                    C1SecurityData c1SecurityData2 = new C1SecurityData(this.this$0);
                    ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
                    WSLoginLocalOSExtension wSLoginLocalOSExtensionFactory = WSLoginLocalOSExtensionFactory.getInstance();
                    c1SecurityData2.setContextManager(contextManagerFactory);
                    c1SecurityData2.setSecurityLoginExtension(wSLoginLocalOSExtensionFactory);
                    c1SecurityData2.setGlobalSecurityEnabled(contextManagerFactory.isServerSecurityEnabled());
                    c1SecurityData2.setAppSyncToOSThreadEnabled(wSLoginLocalOSExtensionFactory.isApplicationSyncToOSThreadEnabled());
                    return c1SecurityData2;
                }
            });
            this.m_AppSyncToOSThreadEnabled = c1SecurityData.isAppSyncToOSThreadEnabled();
            this.m_GlobalSecurityEnabled = c1SecurityData.isGlobalSecurityEnabled();
            this.securityLoginExtension = c1SecurityData.getSecurityLoginExtension();
            this.ctx = c1SecurityData.getContextManager();
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "ServerIdentityHelper<init>");
            }
        } catch (PrivilegedActionException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.util.ServerIdentityHelper.constructor", "106", this);
            Tr.error(tc, "FAILED_DOPRIVILEGED", e);
            throw new SecurityException("ServerIdentityHelper.constructor failed attempting to get the WSLoginLocalOSExtension from security.");
        }
    }

    public static ServerIdentityHelper getServerIdentityHelper() {
        if (helper == null) {
            helper = new ServerIdentityHelper();
        }
        return helper;
    }

    public synchronized Object push() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "ServerIdentityHelper.push");
        }
        if (!this.m_GlobalSecurityEnabled) {
            Tr.debug(tc, "push() did not push server identity security is not enabled for this server ");
            return null;
        }
        if (!this.m_AppSyncToOSThreadEnabled || !this.securityLoginExtension.isThreadLocalApplicationSyncEnabled()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "push() did not push server identity because syncToThread is not active or currently using the application running currently on thread");
            }
            return null;
        }
        try {
            Object doPrivileged = AccessController.doPrivileged(new PrivilegedExceptionAction(this) { // from class: com.ibm.ws.security.util.ServerIdentityHelper.2
                private final ServerIdentityHelper this$0;

                {
                    this.this$0 = this;
                }

                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws Exception {
                    Subject localOSOwnSubject = this.this$0.securityLoginExtension.getLocalOSOwnSubject();
                    Object appLocalOSThreadID = this.this$0.securityLoginExtension.setAppLocalOSThreadID(localOSOwnSubject);
                    if (ServerIdentityHelper.tc.isDebugEnabled()) {
                        Tr.debug(ServerIdentityHelper.tc, "push() pushed Server Identity to the OS Thread:  ", new Object[]{localOSOwnSubject});
                    }
                    return appLocalOSThreadID;
                }
            });
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "ServerIdentityHelper.push");
            }
            return doPrivileged;
        } catch (IllegalStateException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.util.ServerIdentityHelper.push", "161", this);
            Tr.error(tc, "ILLEGAL_STATE_EXCEPTION_J2CA0079", new Object[]{"ServerIdentityHelper.push()", e});
            throw e;
        } catch (PrivilegedActionException e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.util.ServerIdentityHelper.push", "153", this);
            Tr.error(tc, "FAILED_DOPRIVILEGED_J2CA0060", e2);
            throw new SecurityException("ServerIdentityHelper.push() failed attempting to push the server identity to the OS Thread");
        }
    }

    public synchronized void pop(Object obj) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "ServerIdentityHelper.pop");
        }
        if (obj != null) {
            try {
                AccessController.doPrivileged(new PrivilegedExceptionAction(this, obj) { // from class: com.ibm.ws.security.util.ServerIdentityHelper.3
                    private final Object val$credToken;
                    private final ServerIdentityHelper this$0;

                    {
                        this.this$0 = this;
                        this.val$credToken = obj;
                    }

                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws Exception {
                        this.this$0.securityLoginExtension.restoreAppLocalOSThreadID(this.val$credToken);
                        return null;
                    }
                });
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "pop() restored OS thread identity");
                }
            } catch (IllegalStateException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.util.ServerIdentityHelper.pop", "214", this);
                Tr.error(tc, "ILLEGAL_STATE_EXCEPTION_J2CA0079", new Object[]{"ServerIdentityHelper.pop()", e});
                throw e;
            } catch (PrivilegedActionException e2) {
                FFDCFilter.processException(e2, "com.ibm.ws.security.util.ServerIdentityHelper.pop", "206", this);
                Tr.error(tc, "FAILED_DOPRIVILEGED_J2CA0060", e2);
                throw new SecurityException("ServerIdentityHelper.pop() failed attempting to restore user identity to the OS Thread");
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "pop() did not restore OS thread identity because input credential token is null");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "ServerIdentityHelper.pop");
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$com$ibm$ws$security$util$ServerIdentityHelper == null) {
            cls = class$("com.ibm.ws.security.util.ServerIdentityHelper");
            class$com$ibm$ws$security$util$ServerIdentityHelper = cls;
        } else {
            cls = class$com$ibm$ws$security$util$ServerIdentityHelper;
        }
        tc = Tr.register(cls, "WAS.security", "com.ibm.ws.security.util");
    }
}
