package com.ibm.ws.security.auth;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.security.WSSecurityException;
import com.ibm.websphere.security.auth.WSPrincipal;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.common.auth.WSPrincipalImpl;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.security.util.AccessController;
import java.security.PrivilegedAction;
import javax.security.auth.Subject;
import javax.security.auth.login.CredentialExpiredException;

/* loaded from: input_file:lib/sas.jar:com/ibm/ws/security/auth/SubjectHelper.class */
public class SubjectHelper {
    private static Subject unauthenticatedSubject = null;
    private static final TraceComponent tc;
    static Class class$com$ibm$websphere$security$cred$WSCredential;
    static Class class$com$ibm$websphere$security$auth$WSPrincipal;
    static Class class$com$ibm$ws$security$auth$SubjectHelper;

    public static Subject createSubjectFromWSCredential(WSCredential wSCredential) {
        if (wSCredential == null) {
            return null;
        }
        try {
            WSPrincipal createPrincipal = createPrincipal(wSCredential);
            Subject subject = new Subject();
            AccessController.doPrivileged(new PrivilegedAction(subject, createPrincipal, wSCredential) { // from class: com.ibm.ws.security.auth.SubjectHelper.1
                private final Subject val$subject;
                private final WSPrincipal val$principal;
                private final WSCredential val$cred;

                {
                    this.val$subject = subject;
                    this.val$principal = createPrincipal;
                    this.val$cred = wSCredential;
                }

                @Override // java.security.PrivilegedAction
                public Object run() {
                    if (!this.val$subject.getPrincipals().contains(this.val$principal)) {
                        this.val$subject.getPrincipals().add(this.val$principal);
                    }
                    if (this.val$subject.getPublicCredentials().contains(this.val$cred)) {
                        return null;
                    }
                    this.val$subject.getPublicCredentials().add(this.val$cred);
                    return null;
                }
            });
            return subject;
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.core.ContextManagerImpl.createSubjectFromWSCredential", "103");
            if (!tc.isDebugEnabled()) {
                return null;
            }
            Tr.debug(tc, "Exception creating Subject from WSCredential.", new Object[]{e});
            return null;
        }
    }

    public static WSCredential getWSCredentialFromSubject(Subject subject) {
        if (subject == null) {
            return null;
        }
        try {
            return (WSCredential) AccessController.doPrivileged(new PrivilegedAction(subject) { // from class: com.ibm.ws.security.auth.SubjectHelper.2
                private final Subject val$subject;

                {
                    this.val$subject = subject;
                }

                @Override // java.security.PrivilegedAction
                public Object run() {
                    Class cls;
                    Subject subject2 = this.val$subject;
                    if (SubjectHelper.class$com$ibm$websphere$security$cred$WSCredential == null) {
                        cls = SubjectHelper.class$("com.ibm.websphere.security.cred.WSCredential");
                        SubjectHelper.class$com$ibm$websphere$security$cred$WSCredential = cls;
                    } else {
                        cls = SubjectHelper.class$com$ibm$websphere$security$cred$WSCredential;
                    }
                    return subject2.getPublicCredentials(cls).iterator().next();
                }
            });
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.core.ContextManagerImpl.getWSCredentialFromSubject", "139");
            if (!tc.isDebugEnabled()) {
                return null;
            }
            Tr.debug(tc, "Exception getting WSCredential from Subject.", new Object[]{e});
            return null;
        }
    }

    public static boolean isWSCredentialValid(Subject subject) {
        return isWSCredentialValid(subject, false);
    }

    public static boolean isWSCredentialValid(Subject subject, boolean z) {
        if (subject == null) {
            return false;
        }
        try {
            WSCredential wSCredential = (WSCredential) AccessController.doPrivileged(new PrivilegedAction(subject) { // from class: com.ibm.ws.security.auth.SubjectHelper.3
                private final Subject val$subject;

                {
                    this.val$subject = subject;
                }

                @Override // java.security.PrivilegedAction
                public Object run() {
                    for (Object obj : this.val$subject.getPublicCredentials()) {
                        if (obj instanceof WSCredential) {
                            return (WSCredential) obj;
                        }
                    }
                    return null;
                }
            });
            if (!z) {
                boolean isCurrent = wSCredential.isCurrent();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("Is credential valid? ").append(isCurrent).toString());
                }
                return isCurrent;
            }
            long expiration = wSCredential.getExpiration();
            long reqTimeout = ContextManagerFactory.getInstance().getReqTimeout();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Cushion in use is ").append(reqTimeout).append(" millis.").toString());
            }
            if (expiration == -1 || expiration == 0) {
                return true;
            }
            long currentTimeMillis = expiration - (System.currentTimeMillis() + reqTimeout);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Time remaining is: ").append(currentTimeMillis).append(" millis.").toString());
            }
            return currentTimeMillis > 0 || ServerCredSigner.getInstance().isServerCred(wSCredential);
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.core.ContextManagerImpl.getWSCredentialFromSubject", "229");
            if (!tc.isDebugEnabled()) {
                return false;
            }
            Tr.debug(tc, "Exception getting WSCredential from Subject.", new Object[]{e});
            return false;
        }
    }

    public static WSPrincipal getPrincipalFromSubject(Subject subject) {
        if (subject == null) {
            return null;
        }
        try {
            return (WSPrincipal) AccessController.doPrivileged(new PrivilegedAction(subject) { // from class: com.ibm.ws.security.auth.SubjectHelper.4
                private final Subject val$subject;

                {
                    this.val$subject = subject;
                }

                @Override // java.security.PrivilegedAction
                public Object run() {
                    Class cls;
                    Subject subject2 = this.val$subject;
                    if (SubjectHelper.class$com$ibm$websphere$security$auth$WSPrincipal == null) {
                        cls = SubjectHelper.class$("com.ibm.websphere.security.auth.WSPrincipal");
                        SubjectHelper.class$com$ibm$websphere$security$auth$WSPrincipal = cls;
                    } else {
                        cls = SubjectHelper.class$com$ibm$websphere$security$auth$WSPrincipal;
                    }
                    return subject2.getPrincipals(cls).iterator().next();
                }
            });
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.core.ContextManagerImpl.getPrincipalFromSubject", "263");
            if (!tc.isDebugEnabled()) {
                return null;
            }
            Tr.debug(tc, "Exception getting WSPrincipal from Subject.", new Object[]{e});
            return null;
        }
    }

    public static WSPrincipal createPrincipal(WSCredential wSCredential) throws WSSecurityException {
        WSPrincipalImpl wSPrincipalImpl = null;
        if (wSCredential != null) {
            try {
                String realmSecurityName = wSCredential.getRealmSecurityName();
                if (realmSecurityName == null || realmSecurityName.length() == 0) {
                    StringBuffer stringBuffer = new StringBuffer(ContextManagerFactory.getInstance().getDefaultRealm());
                    stringBuffer.append("/").append(wSCredential.getSecurityName());
                    realmSecurityName = stringBuffer.toString();
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("Principal name: ").append(realmSecurityName).toString());
                }
                wSPrincipalImpl = new WSPrincipalImpl(realmSecurityName);
            } catch (CredentialExpiredException e) {
                throw new WSSecurityException(e.getMessage(), e);
            }
        }
        return wSPrincipalImpl;
    }

    public static Subject createBasicAuthSubject(String str, String str2, String str3) {
        return createSubjectFromWSCredential((str == null || str.length() == 0) ? new WSCredentialImpl(ContextManagerFactory.getInstance().getDefaultRealm(), str2, str3) : new WSCredentialImpl(str, str2, str3));
    }

    public static Subject createUnauthenticatedSubject() {
        if (unauthenticatedSubject == null) {
            unauthenticatedSubject = createSubjectFromWSCredential(new WSCredentialImpl("", ContextManagerFactory.getInstance().getUnauthenticatedString(), ""));
        }
        return unauthenticatedSubject;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$com$ibm$ws$security$auth$SubjectHelper == null) {
            cls = class$("com.ibm.ws.security.auth.SubjectHelper");
            class$com$ibm$ws$security$auth$SubjectHelper = cls;
        } else {
            cls = class$com$ibm$ws$security$auth$SubjectHelper;
        }
        tc = Tr.register(cls, (String) null, "com.ibm.ejs.resources.security");
    }
}
