package com.ibm.ISecurityLocalObjectLTPAImpl;

import com.ibm.ISecurityL13SupportImpl.SecurityLogger;
import com.ibm.ISecurityLocalObjectBaseL13Impl.VaultImpl;
import com.ibm.ISecurityLocalObjectLTPAImpl.CredentialsPackage.CredentialsNotSet;
import com.ibm.ISecurityUtilityImpl.AuthenticationTarget;
import com.ibm.ISecurityUtilityImpl.RealmSecurityName;
import com.ibm.ISecurityUtilityImpl.SecurityConfiguration;
import com.ibm.ISecurityUtilityImpl.StringBytesConversion;
import com.ibm.websphere.security.auth.WSLoginFailedException;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.auth.SubjectHelper;
import com.ibm.ws.security.core.ContextManagerFactory;
import org.omg.Security.Attribute;
import org.omg.Security.AttributeListHolder;
import org.omg.Security.AuthenticationStatus;
import org.omg.Security.DuplicateAttributeType;
import org.omg.Security.InvalidAttributeType;
import org.omg.Security.InvalidAuthnMethod;
import org.omg.Security.OpaqueHolder;
import org.omg.SecurityLevel2.CredentialsHolder;
import org.omg.SecurityLevel2.InvalidCredential;
import org.omg.SecurityLevel2.LoginFailed;

/* loaded from: input_file:lib/sas.jar:com/ibm/ISecurityLocalObjectLTPAImpl/PrincipalAuthenticatorImpl.class */
public class PrincipalAuthenticatorImpl extends com.ibm.ISecurityLocalObjectBaseL13Impl.PrincipalAuthenticatorImpl {
    protected PrincipalAuthenticatorImpl() {
    }

    public PrincipalAuthenticatorImpl(VaultImpl vaultImpl) {
        super(vaultImpl);
        this._authenticationTarget = 1;
        this._authenticationTargetString = AuthenticationTarget.LTPAString;
        synchronized (com.ibm.ISecurityLocalObjectBaseL13Impl.PrincipalAuthenticatorImpl._securityEnabled) {
            if (!com.ibm.ISecurityLocalObjectBaseL13Impl.PrincipalAuthenticatorImpl._atSecurityEnabled && isSecurityEnabled()) {
                com.ibm.ISecurityLocalObjectBaseL13Impl.PrincipalAuthenticatorImpl._atSecurityEnabled = true;
                enableSecurity(this._authenticationTarget);
            }
        }
    }

    @Override // com.ibm.ISecurityLocalObjectBaseL13Impl.PrincipalAuthenticatorImpl, com.ibm.IExtendedSecurityPrivImpl.PrincipalAuthenticatorImpl, org.omg.SecurityLevel2.PrincipalAuthenticatorOperations
    public AuthenticationStatus authenticate(int i, String str, byte[] bArr, Attribute[] attributeArr, CredentialsHolder credentialsHolder, OpaqueHolder opaqueHolder, OpaqueHolder opaqueHolder2) throws LoginFailed, InvalidAuthnMethod, InvalidAttributeType, DuplicateAttributeType {
        if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.authenticate", new StringBuffer().append("Beginning to authenticate principal: ").append(str).append(".").toString());
        }
        String str2 = null;
        long j = 0;
        byte[] bArr2 = {100};
        byte[] bArr3 = null;
        WSCredential wSCredential = null;
        credentialsHolder.value = null;
        opaqueHolder.value = null;
        opaqueHolder2.value = bArr2;
        String hostName = getHostName();
        String realmSecurityName = RealmSecurityName.getRealmSecurityName(str);
        String securityName = RealmSecurityName.getSecurityName(str);
        String realm = RealmSecurityName.getRealm(str);
        if (realm.length() == 0) {
            VaultImpl vaultImpl = this._vault;
            realm = RealmSecurityName.getRealm(VaultImpl.getSecurityConfiguration().getprincipalName());
            if (realm.length() == 0) {
                realm = hostName;
            }
            realmSecurityName = RealmSecurityName.getRealmSecurityName(realm, securityName);
        }
        if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.authenticate", new StringBuffer().append("Realm == \"").append(realm).append("\", realmSecurityName == \"").append(realmSecurityName).append("\".").toString());
        }
        if (!com.ibm.ISecurityLocalObjectBaseL13Impl.PrincipalAuthenticatorImpl._securityEnabled[0]) {
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.authenticate", "Security is disabled ... dummy LTPA creds will be created.");
            }
            credentialsHolder.value = createDummyCreds(realmSecurityName, null);
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.authenticate", "Exiting authenticate with Success.");
            }
            return AuthenticationStatus.SecAuthSuccess;
        }
        if ((i & 131072) == 131072) {
            if (bArr == null || bArr.length == 0) {
                SecurityLogger.logError("security.JSAS0191E", new Object[]{"PrincipalAuthenticatorImpl.authenticate"});
                bArr2[0] = 6;
                opaqueHolder2.value = bArr2;
                return AuthenticationStatus.SecAuthFailure;
            }
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.authenticate", new StringBuffer().append("Authenticating BasicAuth token with LTPA, realm/security_name == ").append(realm.length() == 0 ? "NULL" : realm).append("/").append(securityName.length() == 0 ? "NULL" : securityName).append(", auth token == ").append(SecurityConfiguration.mask(StringBytesConversion.getConvertedString(bArr))).toString());
            }
        } else {
            if (securityName.length() == 0) {
                SecurityLogger.logError("security.JSAS0190E", new Object[]{"PrincipalAuthenticatorImpl.authenticate"});
                bArr2[0] = 1;
                opaqueHolder2.value = bArr2;
                return AuthenticationStatus.SecAuthFailure;
            }
            str2 = (bArr == null || bArr.length == 0) ? "" : StringBytesConversion.getConvertedString(bArr);
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.authenticate", new StringBuffer().append("Authenticating principal with LTPA, realm/security_name == ").append(realm.length() == 0 ? "NULL" : realm).append("/").append(securityName).append(", password == ").append(str2.length() == 0 ? "NULL" : SecurityConfiguration.mask(str2)).toString());
            }
        }
        try {
            wSCredential = SubjectHelper.getWSCredentialFromSubject(ContextManagerFactory.getInstance().login(realm, securityName, str2));
        } catch (WSLoginFailedException e) {
            FFDCFilter.processException(e, "com.ibm.ISecurityLocalObjectLocalOSImpl.PrincipalAuthenticatorImpl.authenticate", "386", this);
            SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.authenticate", new StringBuffer().append("Exception during login: ").append(e.getMessage()).toString());
            SecurityLogger.traceException("PrincipalAuthenticatorImpl.authenticate", (Exception) e, 0, 0);
            opaqueHolder.value = StringBytesConversion.getConvertedBytes(e.getMessage());
            bArr2[0] = 0;
            opaqueHolder2.value = bArr2;
        }
        if (opaqueHolder2.value[0] != 100) {
            return AuthenticationStatus.SecAuthFailure;
        }
        AttributeListHolder buildCredAttributes = buildCredAttributes(wSCredential, realmSecurityName, hostName);
        CredentialsImpl credentialsImpl = null;
        try {
            credentialsImpl = new CredentialsImpl(this._vault, wSCredential.isForwardable());
        } catch (Exception e2) {
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.authenticate", "Exception extracting attributes from WSCredential.");
                SecurityLogger.logException("PrincipalAuthenticatorImpl.authenticate", e2, 0, 0);
            }
            FFDCFilter.processException(e2, "com.ibm.ISecurityLocalObjectLTPAImpl.PrincipalAuthenticatorImpl.authenticate", "438", this);
        }
        try {
            credentialsImpl.set_attributes(buildCredAttributes.value);
            try {
                j = wSCredential.getExpiration();
                bArr3 = wSCredential.getCredentialToken();
            } catch (Exception e3) {
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.authenticate", "Exception extracting attributes from WSCredential.");
                    SecurityLogger.logException("PrincipalAuthenticatorImpl.authenticate", e3, 0, 0);
                }
                FFDCFilter.processException(e3, "com.ibm.ISecurityLocalObjectLTPAImpl.PrincipalAuthenticatorImpl.authenticate", "480", this);
            }
            try {
                credentialsImpl.set_credential_token(realmSecurityName, bArr3, j);
                if ((i & 65536) == 65536) {
                    try {
                        this._vault.add_default_credentials(credentialsImpl);
                    } catch (InvalidCredential e4) {
                        FFDCFilter.processException((Throwable) e4, "com.ibm.ISecurityLocalObjectLTPAImpl.PrincipalAuthenticatorImpl.authenticate", "496", (Object) this);
                        if (SecurityLogger.debugTraceEnabled) {
                            SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.authenticate", "Error adding credentials to default credentials list.");
                        }
                        if (SecurityLogger.traceEnabled) {
                            SecurityLogger.traceException("PrincipalAuthenticatorImpl.authenticate", (Exception) e4, 0, 0);
                        }
                        bArr2[0] = 7;
                        opaqueHolder2.value = bArr2;
                        return AuthenticationStatus.SecAuthFailure;
                    }
                }
                try {
                    this._vault.addEstablishedCredentials(credentialsImpl);
                    if (realmSecurityName.length() > 0) {
                        credentialsImpl.setUniqueID(realmSecurityName);
                    } else if (bArr3 != null && bArr3.length > 0) {
                        credentialsImpl.setUniqueID(StringBytesConversion.getConvertedString(bArr3));
                    }
                    if (SecurityLogger.debugTraceEnabled) {
                        SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.authenticate", "Exiting authenticate with Success.");
                    }
                    credentialsHolder.value = credentialsImpl;
                    return AuthenticationStatus.SecAuthSuccess;
                } catch (InvalidCredential e5) {
                    FFDCFilter.processException((Throwable) e5, "com.ibm.ISecurityLocalObjectLTPAImpl.PrincipalAuthenticatorImpl.authenticate", "520", (Object) this);
                    if (SecurityLogger.debugTraceEnabled) {
                        SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.authenticate", "Error adding credentials to established credentials list.");
                    }
                    if (SecurityLogger.traceEnabled) {
                        SecurityLogger.traceException("PrincipalAuthenticatorImpl.authenticate", (Exception) e5, 0, 0);
                    }
                    bArr2[0] = 7;
                    opaqueHolder2.value = bArr2;
                    return AuthenticationStatus.SecAuthFailure;
                }
            } catch (CredentialsNotSet e6) {
                FFDCFilter.processException((Throwable) e6, "com.ibm.ISecurityLocalObjectLTPAImpl.PrincipalAuthenticatorImpl.authenticate", "489", (Object) this);
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.authenticate", "Error setting credential token in CredentialImpl.");
                }
                if (SecurityLogger.traceEnabled) {
                    SecurityLogger.traceException("PrincipalAuthenticatorImpl.authenticate", (Exception) e6, 0, 0);
                }
                bArr2[0] = 7;
                opaqueHolder2.value = bArr2;
                return AuthenticationStatus.SecAuthFailure;
            }
        } catch (DuplicateAttributeType e7) {
            FFDCFilter.processException((Throwable) e7, "com.ibm.ISecurityLocalObjectLTPAImpl.PrincipalAuthenticatorImpl.authenticate", "448", (Object) this);
            SecurityLogger.logError("security.JSAS0355E", new Object[]{"PrincipalAuthenticatorImpl.authenticate", e7});
            bArr2[0] = 17;
            opaqueHolder2.value = bArr2;
            return AuthenticationStatus.SecAuthFailure;
        } catch (InvalidAttributeType e8) {
            FFDCFilter.processException((Throwable) e8, "com.ibm.ISecurityLocalObjectLTPAImpl.PrincipalAuthenticatorImpl.authenticate", "439", (Object) this);
            SecurityLogger.logError("security.JSAS0310E", new Object[]{"PrincipalAuthenticatorImpl.authenticate", e8});
            bArr2[0] = 16;
            opaqueHolder2.value = bArr2;
            return AuthenticationStatus.SecAuthFailure;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.ibm.ISecurityLocalObjectBaseL13Impl.PrincipalAuthenticatorImpl
    public com.ibm.ISecurityLocalObjectBaseL13Impl.CredentialsImpl createDummyCreds(String str, byte[] bArr) {
        CredentialsImpl credentialsImpl = new CredentialsImpl(this._vault);
        createDummyCreds(str, bArr, credentialsImpl);
        return credentialsImpl;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.ibm.ISecurityLocalObjectBaseL13Impl.PrincipalAuthenticatorImpl
    public com.ibm.ISecurityLocalObjectBaseL13Impl.CredentialsImpl createUnauthenticatedCred() {
        if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.createUnauthenticatedCred", "Creating unauthenticated LTPA credentials.");
        }
        CredentialsImpl credentialsImpl = new CredentialsImpl(this._vault);
        createUnauthenticatedCred(credentialsImpl);
        return credentialsImpl;
    }

    @Override // com.ibm.ISecurityLocalObjectBaseL13Impl.PrincipalAuthenticatorImpl, com.ibm.IExtendedSecurityPrivImpl.PrincipalAuthenticatorImpl, com.ibm.IExtendedSecurityPriv.PrincipalAuthenticatorOperations
    public AuthenticationStatus validate(int i, String str, byte[] bArr, Attribute[] attributeArr, CredentialsHolder credentialsHolder, OpaqueHolder opaqueHolder, OpaqueHolder opaqueHolder2) throws LoginFailed, InvalidAuthnMethod, InvalidAttributeType, DuplicateAttributeType {
        if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.validate", new StringBuffer().append("Beginning to validate credential token for principal: ").append(str).append(".").toString());
        }
        long j = 0;
        byte[] bArr2 = {100};
        WSCredential wSCredential = null;
        credentialsHolder.value = null;
        opaqueHolder.value = null;
        opaqueHolder2.value = bArr2;
        String hostName = getHostName();
        String realmSecurityName = RealmSecurityName.getRealmSecurityName(str);
        String securityName = RealmSecurityName.getSecurityName(str);
        String realm = RealmSecurityName.getRealm(str);
        if (realm.length() == 0) {
            VaultImpl vaultImpl = this._vault;
            realm = RealmSecurityName.getRealm(VaultImpl.getSecurityConfiguration().getprincipalName());
            if (realm.length() == 0) {
                realm = hostName;
            }
            realmSecurityName = RealmSecurityName.getRealmSecurityName(realm, securityName);
        }
        if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.validate", new StringBuffer().append("Realm == \"").append(realm).append("\", realmSecurityName == \"").append(realmSecurityName).append("\".").toString());
        }
        if (!com.ibm.ISecurityLocalObjectBaseL13Impl.PrincipalAuthenticatorImpl._securityEnabled[0]) {
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.validate", "Security is disabled ... dummy LTPA creds will be created.");
            }
            credentialsHolder.value = createDummyCreds(realmSecurityName, null);
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.validate", "Exiting validate with Success.");
            }
            return AuthenticationStatus.SecAuthSuccess;
        }
        if ((i & 131072) == 131072) {
            SecurityLogger.logError("security.JSAS0185E", new Object[]{"PrincipalAuthenticatorImpl.validate"});
            bArr2[0] = 11;
            opaqueHolder2.value = bArr2;
            return AuthenticationStatus.SecAuthFailure;
        }
        if (bArr == null || bArr.length == 0) {
            SecurityLogger.logError("security.JSAS0461E", new Object[]{"PrincipalAuthenticatorImpl.validate"});
            bArr2[0] = 6;
            opaqueHolder2.value = bArr2;
            return AuthenticationStatus.SecAuthFailure;
        }
        byte[] bArr3 = bArr;
        if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.validate", new StringBuffer().append((i & 262144) == 262144 ? "Authenticating with LTPA credential token" : "Validating credential token with LTPA").append(", realm/security_name == ").append(realm.length() == 0 ? "NULL" : realm).append("/").append(securityName.length() == 0 ? "NULL" : securityName).append(", cred token == ").append(SecurityConfiguration.mask(StringBytesConversion.getConvertedString(bArr3))).toString());
        }
        try {
            wSCredential = SubjectHelper.getWSCredentialFromSubject(ContextManagerFactory.getInstance().login(realm, bArr3));
        } catch (WSLoginFailedException e) {
            FFDCFilter.processException(e, "com.ibm.ISecurityLocalObjectLocalOSImpl.PrincipalAuthenticatorImpl.authenticate", "753", this);
            SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.validate", new StringBuffer().append("Exception during login: ").append(e.getMessage()).toString());
            SecurityLogger.traceException("PrincipalAuthenticatorImpl.validate", (Exception) e, 0, 0);
            opaqueHolder.value = StringBytesConversion.getConvertedBytes(e.getMessage());
            bArr2[0] = 4;
            opaqueHolder2.value = bArr2;
        }
        if (opaqueHolder2.value[0] != 100) {
            return AuthenticationStatus.SecAuthFailure;
        }
        AttributeListHolder buildCredAttributes = buildCredAttributes(wSCredential, realmSecurityName, hostName);
        String convertedString = StringBytesConversion.getConvertedString(buildCredAttributes.value[0].value);
        CredentialsImpl credentialsImpl = null;
        try {
            credentialsImpl = new CredentialsImpl(this._vault, wSCredential.isForwardable());
        } catch (Exception e2) {
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.validate", "Exception extracting attributes from WSCredential.");
                SecurityLogger.logException("PrincipalAuthenticatorImpl.validate", e2, 0, 0);
            }
            FFDCFilter.processException(e2, "com.ibm.ISecurityLocalObjectLTPAImpl.PrincipalAuthenticatorImpl.validate", "1022", this);
        }
        try {
            credentialsImpl.set_attributes(buildCredAttributes.value);
            try {
                j = wSCredential.getExpiration();
                bArr3 = wSCredential.getCredentialToken();
            } catch (Exception e3) {
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.validate", "Exception extracting attributes from WSCredential.");
                    SecurityLogger.logException("PrincipalAuthenticatorImpl.validate", e3, 0, 0);
                }
                FFDCFilter.processException(e3, "com.ibm.ISecurityLocalObjectLTPAImpl.PrincipalAuthenticatorImpl.validate", "1064", this);
            }
            try {
                credentialsImpl.set_credential_token(convertedString, bArr3, j);
                if ((i & 65536) == 65536) {
                    try {
                        this._vault.add_default_credentials(credentialsImpl);
                    } catch (InvalidCredential e4) {
                        FFDCFilter.processException((Throwable) e4, "com.ibm.ISecurityLocalObjectLTPAImpl.PrincipalAuthenticatorImpl.validate", "1058", (Object) this);
                        if (SecurityLogger.debugTraceEnabled) {
                            SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.validate", "Error adding credentials to default credentials list.");
                        }
                        if (SecurityLogger.traceEnabled) {
                            SecurityLogger.traceException("PrincipalAuthenticatorImpl.validate", (Exception) e4, 0, 0);
                        }
                        bArr2[0] = 7;
                        opaqueHolder2.value = bArr2;
                        return AuthenticationStatus.SecAuthFailure;
                    }
                }
                try {
                    this._vault.addEstablishedCredentials(credentialsImpl);
                    if (convertedString.length() > 0) {
                        credentialsImpl.setUniqueID(convertedString);
                    } else if (bArr3 != null && bArr3.length > 0) {
                        credentialsImpl.setUniqueID(StringBytesConversion.getConvertedString(bArr3));
                    }
                    if (SecurityLogger.debugTraceEnabled) {
                        SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.validate", "Exiting validate with Success.");
                    }
                    credentialsHolder.value = credentialsImpl;
                    return AuthenticationStatus.SecAuthSuccess;
                } catch (InvalidCredential e5) {
                    FFDCFilter.processException((Throwable) e5, "com.ibm.ISecurityLocalObjectLTPAImpl.PrincipalAuthenticatorImpl.validate", "1082", (Object) this);
                    if (SecurityLogger.debugTraceEnabled) {
                        SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.validate", "Error adding credentials to established credentials list.");
                    }
                    if (SecurityLogger.traceEnabled) {
                        SecurityLogger.traceException("PrincipalAuthenticatorImpl.validate", (Exception) e5, 0, 0);
                    }
                    bArr2[0] = 7;
                    opaqueHolder2.value = bArr2;
                    return AuthenticationStatus.SecAuthFailure;
                }
            } catch (CredentialsNotSet e6) {
                FFDCFilter.processException((Throwable) e6, "com.ibm.ISecurityLocalObjectLTPAImpl.PrincipalAuthenticatorImpl.validate", "1073", (Object) this);
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.validate", "Error setting credential token in CredentialImpl.");
                }
                if (SecurityLogger.traceEnabled) {
                    SecurityLogger.traceException("PrincipalAuthenticatorImpl.validate", (Exception) e6, 0, 0);
                }
                bArr2[0] = 7;
                opaqueHolder2.value = bArr2;
                return AuthenticationStatus.SecAuthFailure;
            }
        } catch (DuplicateAttributeType e7) {
            FFDCFilter.processException((Throwable) e7, "com.ibm.ISecurityLocalObjectLTPAImpl.PrincipalAuthenticatorImpl.validate", "1010", (Object) this);
            SecurityLogger.logError("security.JSAS0355E", new Object[]{"PrincipalAuthenticatorImpl.validate", e7});
            bArr2[0] = 17;
            opaqueHolder2.value = bArr2;
            return AuthenticationStatus.SecAuthFailure;
        } catch (InvalidAttributeType e8) {
            FFDCFilter.processException((Throwable) e8, "com.ibm.ISecurityLocalObjectLTPAImpl.PrincipalAuthenticatorImpl.validate", "1034", (Object) this);
            SecurityLogger.logError("security.JSAS0310E", new Object[]{"PrincipalAuthenticatorImpl.validate", e8});
            bArr2[0] = 16;
            opaqueHolder2.value = bArr2;
            return AuthenticationStatus.SecAuthFailure;
        }
    }
}
