package com.ibm.websphere.security.auth;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.security.WSSecurityException;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.auth.SubjectHelper;
import com.ibm.ws.security.core.ContextManager;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.security.core.SecurityContext;
import com.ibm.ws.security.util.AccessController;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.lang.reflect.UndeclaredThrowableException;
import java.security.AccessControlContext;
import java.security.GeneralSecurityException;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import javax.security.auth.AuthPermission;
import javax.security.auth.Subject;

/* loaded from: input_file:lib/wssec.jar:com/ibm/websphere/security/auth/WSSubject.class */
public final class WSSubject {
    private static final TraceComponent tc;
    private static final AuthPermission DOAS_PERM;
    private static final AuthPermission DOASPRIVILEGED_PERM;
    private static final AuthPermission GETCALLERSUBJECT_PERM;
    private static final AuthPermission GETRUNASSUBJECT_PERM;
    private static final AuthPermission SETRUNASSUBJECT_PERM;
    private static final PrivilegedExceptionAction getCallerSubjectAction;
    private static final PrivilegedExceptionAction getRunAsSubjectAction;
    static Class class$com$ibm$websphere$security$auth$WSSubject;

    public static Object doAs(Subject subject, PrivilegedAction privilegedAction) {
        UndeclaredThrowableException undeclaredThrowableException;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "doAs(Subject, PrivilegedAction)");
        }
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(DOAS_PERM);
        }
        if (privilegedAction == null) {
            throw new NullPointerException("invalid null action provided");
        }
        Subject invocationSubject = setInvocationSubject(subject);
        try {
            try {
                return Subject.doAs(subject, privilegedAction);
            } finally {
            }
        } finally {
            restoreInvocationSubject(invocationSubject);
        }
    }

    public static Object doAs(Subject subject, PrivilegedExceptionAction privilegedExceptionAction) throws PrivilegedActionException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "doAs(Subject, PrivilegedAction)");
        }
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(DOAS_PERM);
        }
        if (privilegedExceptionAction == null) {
            throw new NullPointerException("invalid null action provided");
        }
        Subject invocationSubject = setInvocationSubject(subject);
        try {
            try {
                try {
                    return Subject.doAs(subject, privilegedExceptionAction);
                } catch (PrivilegedActionException e) {
                    throw e;
                }
            } catch (Throwable th) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("WSSubject.doAs(Subject, PrivilegedExceptionAction) Exception caught ").append(dump(th)).toString());
                }
                FFDCFilter.processException(th, "com.ibm.websphere.security.auth.WSSubject.doAs", "105");
                throw new UndeclaredThrowableException(th);
            }
        } finally {
            restoreInvocationSubject(invocationSubject);
        }
    }

    public static Object doAsPrivileged(Subject subject, PrivilegedAction privilegedAction, AccessControlContext accessControlContext) {
        UndeclaredThrowableException undeclaredThrowableException;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "doAsPrivileged(Subject, PrivilegedAction, AccessControlContext)");
        }
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(DOASPRIVILEGED_PERM);
        }
        if (privilegedAction == null) {
            throw new NullPointerException("invalid null action provided");
        }
        Subject invocationSubject = setInvocationSubject(subject);
        try {
            try {
                return Subject.doAsPrivileged(subject, privilegedAction, accessControlContext);
            } finally {
            }
        } finally {
            restoreInvocationSubject(invocationSubject);
        }
    }

    public static Object doAsPrivileged(Subject subject, PrivilegedExceptionAction privilegedExceptionAction, AccessControlContext accessControlContext) throws PrivilegedActionException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "doAsPrivileged(Subject, PrivilegedAction, AccessControlContext)");
        }
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(DOASPRIVILEGED_PERM);
        }
        if (privilegedExceptionAction == null) {
            throw new NullPointerException("invalid null action provided");
        }
        Subject invocationSubject = setInvocationSubject(subject);
        try {
            try {
                try {
                    return Subject.doAsPrivileged(subject, privilegedExceptionAction, accessControlContext);
                } catch (Throwable th) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "WSSubject.doAsPrivileged(Subject, PrivilegedAction, AccessControlContext) Exception caught");
                        th.printStackTrace();
                    }
                    FFDCFilter.processException(th, "com.ibm.websphere.security.auth.WSSubject.doAsPrivileged", "286");
                    throw new UndeclaredThrowableException(th);
                }
            } catch (PrivilegedActionException e) {
                throw e;
            }
        } finally {
            restoreInvocationSubject(invocationSubject);
        }
    }

    public static Subject getCallerSubject() throws WSSecurityException {
        Class cls;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getCallerSubject");
        }
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(GETCALLERSUBJECT_PERM);
        }
        Subject subject = null;
        if (SecurityContext.isServerProcess()) {
            try {
                subject = (Subject) AccessController.doPrivileged(getCallerSubjectAction);
            } catch (PrivilegedActionException e) {
                WSSecurityException wSSecurityException = (WSSecurityException) e.getException();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("Failed in getting the caller identity: ").append(dump(wSSecurityException)).toString());
                }
                StringBuffer stringBuffer = new StringBuffer();
                if (class$com$ibm$websphere$security$auth$WSSubject == null) {
                    cls = class$("com.ibm.websphere.security.auth.WSSubject");
                    class$com$ibm$websphere$security$auth$WSSubject = cls;
                } else {
                    cls = class$com$ibm$websphere$security$auth$WSSubject;
                }
                FFDCFilter.processException(wSSecurityException, stringBuffer.append(cls.getName()).append(".getCallerSubject()").toString(), "294");
                throw wSSecurityException;
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getCallerSubject");
        }
        return subject;
    }

    public static Subject getRunAsSubject() throws WSSecurityException {
        Class cls;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getRunAsSubject");
        }
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(GETRUNASSUBJECT_PERM);
        }
        try {
            Subject subject = (Subject) AccessController.doPrivileged(getRunAsSubjectAction);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getRunAsSubject");
            }
            return subject;
        } catch (PrivilegedActionException e) {
            WSSecurityException wSSecurityException = (WSSecurityException) e.getException();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Failed in getting the run as identity: ").append(dump(wSSecurityException)).toString());
            }
            StringBuffer stringBuffer = new StringBuffer();
            if (class$com$ibm$websphere$security$auth$WSSubject == null) {
                cls = class$("com.ibm.websphere.security.auth.WSSubject");
                class$com$ibm$websphere$security$auth$WSSubject = cls;
            } else {
                cls = class$com$ibm$websphere$security$auth$WSSubject;
            }
            FFDCFilter.processException(wSSecurityException, stringBuffer.append(cls.getName()).append(".getRunAsSubject()").toString(), "358");
            throw wSSecurityException;
        }
    }

    public static void setRunAsSubject(Subject subject) throws WSSecurityException {
        Class cls;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setRunAsSubject");
        }
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(SETRUNASSUBJECT_PERM);
        }
        try {
            AccessController.doPrivileged(new PrivilegedExceptionAction(subject) { // from class: com.ibm.websphere.security.auth.WSSubject.3
                private final Subject val$s;

                {
                    this.val$s = subject;
                }

                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws WSSecurityException {
                    ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
                    if (contextManagerFactory != null) {
                        contextManagerFactory.setInvocationSubject(this.val$s);
                        return null;
                    }
                    if (WSSubject.tc.isDebugEnabled()) {
                        Tr.debug(WSSubject.tc, "Failed to get ContextManager");
                    }
                    throw new WSSecurityException("Failed to get ContextManager");
                }
            });
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "setRunAsSubject");
            }
        } catch (PrivilegedActionException e) {
            WSSecurityException wSSecurityException = (WSSecurityException) e.getException();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Failed in setting the run as identity: ").append(dump(wSSecurityException)).toString());
            }
            StringBuffer stringBuffer = new StringBuffer();
            if (class$com$ibm$websphere$security$auth$WSSubject == null) {
                cls = class$("com.ibm.websphere.security.auth.WSSubject");
                class$com$ibm$websphere$security$auth$WSSubject = cls;
            } else {
                cls = class$com$ibm$websphere$security$auth$WSSubject;
            }
            FFDCFilter.processException(wSSecurityException, stringBuffer.append(cls.getName()).append(".setRunAsSubject()").toString(), "496");
            throw wSSecurityException;
        }
    }

    public static String getCallerPrincipal() {
        WSCredential wSCredentialFromSubject;
        String str = null;
        try {
            Subject callerSubject = ContextManagerFactory.getInstance().getCallerSubject();
            if (callerSubject != null && (wSCredentialFromSubject = SubjectHelper.getWSCredentialFromSubject(callerSubject)) != null && !wSCredentialFromSubject.isUnauthenticated()) {
                str = wSCredentialFromSubject.getSecurityName();
            }
        } catch (GeneralSecurityException e) {
            FFDCFilter.processException(e, "com.ibm.websphere.security.auth.WSSubject.getCallerPrincipal", "537");
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception of getting the caller principal", dump(e));
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("Caller principal: ").append(str).toString());
        }
        return str;
    }

    public static Throwable getRootLoginException() {
        return ContextManagerFactory.getInstance().getRootException();
    }

    private static Subject setInvocationSubject(Subject subject) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setInvocationSubject(Subject)");
        }
        try {
            Subject pushInvocationSubject = subject == null ? ContextManagerFactory.getInstance().pushInvocationSubject(SubjectHelper.createUnauthenticatedSubject()) : ContextManagerFactory.getInstance().pushInvocationSubject(subject);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "setInvocationSubject(Subject)");
            }
            return pushInvocationSubject;
        } catch (Throwable th) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("WSSubject.setInvocationSubject(Subject), Exception caught ").append(dump(th)).toString());
            }
            FFDCFilter.processException(th, "com.ibm.websphere.security.auth.WSSubject.setInvocationSubject", "590");
            throw new UndeclaredThrowableException(th);
        }
    }

    private static void restoreInvocationSubject(Subject subject) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "restoreInvocationSubject(Subject)");
        }
        try {
            ContextManagerFactory.getInstance().popInvocationSubject(subject);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "restoreInvocationSubject(Subject)");
            }
        } catch (Throwable th) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("WSSubject.restoreInvocationSubject(Subject) Exception caught ").append(dump(th)).toString());
            }
            FFDCFilter.processException(th, "com.ibm.websphere.security.auth.WSSubject.restoreInvocationSubject", "612");
            throw new UndeclaredThrowableException(th);
        }
    }

    private static String dump(Throwable th) {
        StringWriter stringWriter = new StringWriter();
        th.printStackTrace(new PrintWriter(stringWriter));
        return stringWriter.toString();
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$com$ibm$websphere$security$auth$WSSubject == null) {
            cls = class$("com.ibm.websphere.security.auth.WSSubject");
            class$com$ibm$websphere$security$auth$WSSubject = cls;
        } else {
            cls = class$com$ibm$websphere$security$auth$WSSubject;
        }
        tc = Tr.register(cls, (String) null, "com.ibm.ejs.resources.security");
        DOAS_PERM = new AuthPermission("doAs");
        DOASPRIVILEGED_PERM = new AuthPermission("doAsPrivileged");
        GETCALLERSUBJECT_PERM = new AuthPermission("wssecurity.getCallerSubject");
        GETRUNASSUBJECT_PERM = new AuthPermission("wssecurity.getRunAsSubject");
        SETRUNASSUBJECT_PERM = new AuthPermission("wssecurity.setRunAsSubject");
        getCallerSubjectAction = new PrivilegedExceptionAction() { // from class: com.ibm.websphere.security.auth.WSSubject.1
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws WSSecurityException {
                if (WSSubject.tc.isEntryEnabled()) {
                    Tr.entry(WSSubject.tc, "WSSubject.getCallerSubjectAction.run");
                }
                ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
                if (contextManagerFactory == null) {
                    if (WSSubject.tc.isDebugEnabled()) {
                        Tr.debug(WSSubject.tc, "Failed to get ContextManager");
                    }
                    throw new WSSecurityException("Failed to get ContextManager");
                }
                Subject callerSubject = contextManagerFactory.getCallerSubject();
                if (callerSubject != null) {
                    callerSubject.setReadOnly();
                } else if (WSSubject.tc.isDebugEnabled()) {
                    Tr.debug(WSSubject.tc, "No caller subject");
                }
                if (WSSubject.tc.isEntryEnabled()) {
                    Tr.exit(WSSubject.tc, "WSSubject.getCallerSubjectAction.run");
                }
                return callerSubject;
            }
        };
        getRunAsSubjectAction = new PrivilegedExceptionAction() { // from class: com.ibm.websphere.security.auth.WSSubject.2
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws WSSecurityException {
                if (WSSubject.tc.isEntryEnabled()) {
                    Tr.entry(WSSubject.tc, "WSSubject.getRunAsSubjectAction.run");
                }
                ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
                if (contextManagerFactory == null) {
                    if (WSSubject.tc.isDebugEnabled()) {
                        Tr.debug(WSSubject.tc, "Failed to get ContextManager");
                    }
                    throw new WSSecurityException("Failed to get ContextManager");
                }
                Subject invocationSubject = contextManagerFactory.getInvocationSubject();
                if (invocationSubject != null) {
                    invocationSubject.setReadOnly();
                } else if (WSSubject.tc.isDebugEnabled()) {
                    Tr.debug(WSSubject.tc, "No invocation credential");
                }
                if (WSSubject.tc.isEntryEnabled()) {
                    Tr.entry(WSSubject.tc, "WSSubject.getRunAsSubjectAction.run");
                }
                return invocationSubject;
            }
        };
    }
}
