package com.ibm.ISecurityLocalObjectLocalOSImpl;

import com.ibm.IExtendedSecurity._LoginHelper;
import com.ibm.ISecurityL13SupportImpl.SecurityLogger;
import com.ibm.ISecurityLocalObjectBaseL13Impl.LoginHelperImpl;
import com.ibm.ISecurityLocalObjectBaseL13Impl.VaultImpl;
import com.ibm.ISecurityLocalObjectLocalOSImpl.CredentialsPackage.CredentialsNotSet;
import com.ibm.ISecurityUtilityImpl.AuthenticationResult;
import com.ibm.ISecurityUtilityImpl.RealmSecurityName;
import com.ibm.ISecurityUtilityImpl.SecurityConfiguration;
import com.ibm.ISecurityUtilityImpl.StringBytesConversion;
import com.ibm.ISecurityUtilityImpl.VaultConstants;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.auth.BasicAuthData;
import java.util.Date;
import org.omg.Security.Attribute;
import org.omg.Security.AuthenticationStatus;
import org.omg.Security.DuplicateAttributeType;
import org.omg.Security.InvalidAttributeType;
import org.omg.Security.InvalidAuthnMethod;
import org.omg.Security.OpaqueHolder;
import org.omg.SecurityLevel2.CredentialsHolder;
import org.omg.SecurityLevel2.InvalidCredential;
import org.omg.SecurityLevel2.LoginFailed;

/* loaded from: input_file:lib/sas.jar:com/ibm/ISecurityLocalObjectLocalOSImpl/PrincipalAuthenticatorImpl.class */
public class PrincipalAuthenticatorImpl extends com.ibm.ISecurityLocalObjectBaseL13Impl.PrincipalAuthenticatorImpl {
    protected PrincipalAuthenticatorImpl() {
    }

    public PrincipalAuthenticatorImpl(VaultImpl vaultImpl) {
        super(vaultImpl);
        this._authenticationTarget = 2;
        this._authenticationTargetString = "localos";
        synchronized (com.ibm.ISecurityLocalObjectBaseL13Impl.PrincipalAuthenticatorImpl._securityEnabled) {
            if (!com.ibm.ISecurityLocalObjectBaseL13Impl.PrincipalAuthenticatorImpl._atSecurityEnabled && isSecurityEnabled()) {
                com.ibm.ISecurityLocalObjectBaseL13Impl.PrincipalAuthenticatorImpl._atSecurityEnabled = true;
                enableSecurity(this._authenticationTarget);
            }
        }
    }

    @Override // com.ibm.ISecurityLocalObjectBaseL13Impl.PrincipalAuthenticatorImpl, com.ibm.IExtendedSecurityPrivImpl.PrincipalAuthenticatorImpl, com.ibm.IExtendedSecurityPriv._PrincipalAuthenticatorImplBase, org.omg.SecurityLevel2.PrincipalAuthenticatorOperations
    public AuthenticationStatus authenticate(int i, String str, byte[] bArr, Attribute[] attributeArr, CredentialsHolder credentialsHolder, OpaqueHolder opaqueHolder, OpaqueHolder opaqueHolder2) throws LoginFailed, InvalidAuthnMethod, InvalidAttributeType, DuplicateAttributeType {
        if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.authenticate", new StringBuffer().append("Beginning to authenticate principal: ").append(str).append(".").toString());
        }
        long j = VaultImpl.getSecurityConfiguration().getrequestCredsExpiration();
        long j2 = 0;
        byte[] bArr2 = {100};
        byte[] bArr3 = null;
        credentialsHolder.value = null;
        opaqueHolder.value = null;
        opaqueHolder2.value = bArr2;
        String hostName = getHostName();
        String realmSecurityName = RealmSecurityName.getRealmSecurityName(str);
        String securityName = RealmSecurityName.getSecurityName(str);
        String realm = RealmSecurityName.getRealm(str);
        if (realm.length() == 0) {
            realm = RealmSecurityName.getRealm(VaultImpl.getSecurityConfiguration().getprincipalName());
            if (realm.length() == 0) {
                realm = hostName;
            }
            realmSecurityName = RealmSecurityName.getRealmSecurityName(realm, securityName);
        }
        if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.authenticate", new StringBuffer().append("Realm == \"").append(realm).append("\", realmSecurityName == \"").append(realmSecurityName).append("\".").toString());
        }
        if (!com.ibm.ISecurityLocalObjectBaseL13Impl.PrincipalAuthenticatorImpl._securityEnabled[0]) {
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.authenticate", "Security is disabled ... dummy LocalOS creds will be created.");
            }
            credentialsHolder.value = createDummyCreds(realmSecurityName, null);
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.authenticate", "Exiting authenticate with Success.");
            }
            return AuthenticationStatus.SecAuthSuccess;
        }
        CredentialsImpl credentialsImpl = new CredentialsImpl(this._vault);
        com.ibm.ISecurityLocalObjectBaseL13Impl.CredentialsImpl serverCred = getServerCred(this._authenticationTarget);
        if (serverCred == null) {
            if (createServerCred(this._authenticationTarget)) {
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.authenticate", "Establishing the server LocalOS creds ... dummy LocalOS creds will be created.");
                }
                setServerCred(this._authenticationTarget, true, createDummyCreds(realmSecurityName, bArr));
                serverCred = getServerCred(this._authenticationTarget);
            } else {
                serverCred = getServerCred(4);
            }
        }
        if ((i & 131072) == 131072) {
            SecurityLogger.logError("security.JSAS0027E", new Object[]{"PrincipalAuthenticatorImpl.authenticate"});
            bArr2[0] = 10;
            opaqueHolder2.value = bArr2;
            opaqueHolder.value = StringBytesConversion.getConvertedBytes("security.JSAS0027E");
            return AuthenticationStatus.SecAuthFailure;
        }
        if (securityName.length() == 0) {
            SecurityLogger.logError("security.JSAS0190E", new Object[]{"PrincipalAuthenticatorImpl.authenticate"});
            bArr2[0] = 1;
            opaqueHolder.value = StringBytesConversion.getConvertedBytes("security.JSAS0190E");
            opaqueHolder2.value = bArr2;
            return AuthenticationStatus.SecAuthFailure;
        }
        String convertedString = (bArr == null || bArr.length == 0) ? "" : StringBytesConversion.getConvertedString(bArr);
        if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.authenticate", new StringBuffer().append("Authenticating principal with LocalOS, realm/security_name == ").append(realm.length() == 0 ? "NULL" : realm).append("/").append(securityName).append(", password == ").append(convertedString.length() == 0 ? "NULL" : SecurityConfiguration.mask(convertedString)).toString());
        }
        com.ibm.ISecurityLocalObjectBaseL13Impl.CredentialsImpl doPrivileged = doPrivileged(serverCred);
        AuthenticationResult authenticate = this._vault.getCommonSecurityServer(this._authenticationTarget).authenticate(realm, new BasicAuthData(securityName, convertedString), true);
        WSCredential wSCredential = authenticate.get_auth_cred();
        bArr2[0] = (byte) authenticate.get_auth_fail_reason();
        opaqueHolder2.value = bArr2;
        opaqueHolder.value = StringBytesConversion.getConvertedBytes(authenticate.get_auth_fail_message());
        endPrivileged(doPrivileged);
        if (opaqueHolder2.value[0] != 100) {
            return AuthenticationStatus.SecAuthFailure;
        }
        try {
            credentialsImpl.set_attributes(buildCredAttributes(wSCredential, realmSecurityName, hostName).value);
            if (j != 0) {
                j2 = new Date().getTime() + j;
            }
            try {
                bArr3 = wSCredential.getCredentialToken();
            } catch (Exception e) {
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.authenticate", "Exception extracting attributes from WSCredential.");
                    SecurityLogger.logException("PrincipalAuthenticatorImpl.authenticate", e, 0, 0);
                }
                FFDCFilter.processException(e, "com.ibm.ISecurityLocalObjectLocalOSImpl.PrincipalAuthenticatorImpl.authenticate", "461", this);
            }
            try {
                credentialsImpl.set_credential_token(realmSecurityName, bArr3, j2);
                try {
                    credentialsImpl.setAttributForIdentityAssertion(VaultConstants.ClientAuthToken, StringBytesConversion.getConvertedBytes(realmSecurityName));
                    if (SecurityLogger.debugTraceEnabled) {
                        SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.authenticate", "Setting Identity Type and Value in CredentialImpl.");
                    }
                    if ((i & 65536) == 65536) {
                        try {
                            this._vault.add_default_credentials(credentialsImpl);
                        } catch (InvalidCredential e2) {
                            FFDCFilter.processException((Throwable) e2, "com.ibm.ISecurityLocalObjectLocalOSImpl.PrincipalAuthenticatorImpl.authenticate", "522", (Object) this);
                            SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.authenticate", "Error adding credentials to default credentials list.");
                            SecurityLogger.traceException("PrincipalAuthenticatorImpl.authenticate", (Exception) e2, 0, 0);
                            bArr2[0] = 7;
                            opaqueHolder2.value = bArr2;
                            String message = e2.getMessage();
                            if (message == null || message.equals("")) {
                                opaqueHolder.value = StringBytesConversion.getConvertedBytes("Error adding credentials to default credentials list.");
                            } else {
                                opaqueHolder.value = StringBytesConversion.getConvertedBytes(message);
                            }
                            return AuthenticationStatus.SecAuthFailure;
                        }
                    }
                    if (VaultImpl.getSecurityConfiguration().delegateBasicAuth()) {
                        if (SecurityLogger.debugTraceEnabled) {
                            SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.authenticate", new StringBuffer().append("Caching basicauth cred:  Realm == \"").append(realm).append("\", SecurityName == \"").append(securityName).append("\", realmSecurityName == \"").append(realmSecurityName).append("\".").toString());
                        }
                        _LoginHelper loginHelper = this._vault.loginHelper();
                        if (loginHelper == null) {
                            SecurityLogger.logError("security.JSAS0020E", new Object[]{"PrincipalAuthenticatorImpl.authenticate"});
                            return AuthenticationStatus.SecAuthFailure;
                        }
                        try {
                            this._vault.addBasicAuthCred(realmSecurityName, (com.ibm.ISecurityLocalObjectBaseL13Impl.CredentialsImpl) ((LoginHelperImpl) loginHelper).request_login_controlled(securityName, realm, StringBytesConversion.getConvertedString(bArr), null, null, true, 4, false));
                        } catch (Exception e3) {
                            FFDCFilter.processException(e3, "com.ibm.ISecurityLocalObjectBasicAuthImpl.SecurityContextImpl.initialize", "549", this);
                            SecurityLogger.logError("security.JSAS0240E", new Object[]{"PrincipalAuthenticatorImpl.authenticate", e3});
                        } catch (LoginFailed e4) {
                            FFDCFilter.processException((Throwable) e4, "com.ibm.ISecurityLocalObjectBasicAuthImpl.SecurityContextImpl.initialize", "543", (Object) this);
                            SecurityLogger.logError("security.JSAS0240E", new Object[]{"PrincipalAuthenticatorImpl.authenticate", e4});
                        }
                    }
                    try {
                        this._vault.addEstablishedCredentials(credentialsImpl);
                        if (realmSecurityName.length() > 0) {
                            credentialsImpl.setUniqueID(realmSecurityName);
                        } else if (bArr3 != null && bArr3.length > 0) {
                            credentialsImpl.setUniqueID(StringBytesConversion.getConvertedString(bArr3));
                        }
                        if (SecurityLogger.debugTraceEnabled) {
                            SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.authenticate", "Exiting authenticate with Success.");
                        }
                        credentialsHolder.value = credentialsImpl;
                        return AuthenticationStatus.SecAuthSuccess;
                    } catch (InvalidCredential e5) {
                        FFDCFilter.processException((Throwable) e5, "com.ibm.ISecurityLocalObjectLocalOSImpl.PrincipalAuthenticatorImpl.authenticate", "548", (Object) this);
                        SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.authenticate", "Error adding credentials to established credentials list.");
                        SecurityLogger.traceException("PrincipalAuthenticatorImpl.authenticate", (Exception) e5, 0, 0);
                        bArr2[0] = 7;
                        opaqueHolder2.value = bArr2;
                        String message2 = e5.getMessage();
                        if (message2 == null || message2.equals("")) {
                            opaqueHolder.value = StringBytesConversion.getConvertedBytes("Error adding credentials to established credentials list.");
                        } else {
                            opaqueHolder.value = StringBytesConversion.getConvertedBytes(message2);
                        }
                        return AuthenticationStatus.SecAuthFailure;
                    }
                } catch (Exception e6) {
                    FFDCFilter.processException(e6, "com.ibm.ISecurityLocalObjectLocalOSImpl.PrincipalAuthenticatorImpl.authenticate", "494", this);
                    SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.authenticate", "Error setting Identity Type or Value in CredentialImpl.");
                    SecurityLogger.traceException("PrincipalAuthenticatorImpl.authenticate", e6, 0, 0);
                    bArr2[0] = 7;
                    opaqueHolder2.value = bArr2;
                    String message3 = e6.getMessage();
                    if (message3 == null || message3.equals("")) {
                        opaqueHolder.value = StringBytesConversion.getConvertedBytes("Error setting Identity Type or Value in CredentialImpl.");
                    } else {
                        opaqueHolder.value = StringBytesConversion.getConvertedBytes(message3);
                    }
                    return AuthenticationStatus.SecAuthFailure;
                }
            } catch (CredentialsNotSet e7) {
                FFDCFilter.processException((Throwable) e7, "com.ibm.ISecurityLocalObjectLocalOSImpl.PrincipalAuthenticatorImpl.authenticate", "464", (Object) this);
                SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.authenticate", "Error setting credential token in CredentialImpl.");
                SecurityLogger.traceException("PrincipalAuthenticatorImpl.authenticate", (Exception) e7, 0, 0);
                bArr2[0] = 7;
                opaqueHolder2.value = bArr2;
                String message4 = e7.getMessage();
                if (message4 == null || message4.equals("")) {
                    opaqueHolder.value = StringBytesConversion.getConvertedBytes("Error setting credential token in CredentialImpl.");
                } else {
                    opaqueHolder.value = StringBytesConversion.getConvertedBytes(message4);
                }
                return AuthenticationStatus.SecAuthFailure;
            }
        } catch (DuplicateAttributeType e8) {
            FFDCFilter.processException((Throwable) e8, "com.ibm.ISecurityLocalObjectLocalOSImpl.PrincipalAuthenticatorImpl.authenticate", "432", (Object) this);
            SecurityLogger.logError("security.JSAS0355E", new Object[]{"PrincipalAuthenticatorImpl.authenticate", e8});
            bArr2[0] = 17;
            opaqueHolder2.value = bArr2;
            String message5 = e8.getMessage();
            if (message5 == null || message5.equals("")) {
                opaqueHolder.value = StringBytesConversion.getConvertedBytes("security.JSAS0355E");
            } else {
                opaqueHolder.value = StringBytesConversion.getConvertedBytes(message5);
            }
            return AuthenticationStatus.SecAuthFailure;
        } catch (InvalidAttributeType e9) {
            FFDCFilter.processException((Throwable) e9, "com.ibm.ISecurityLocalObjectLocalOSImpl.PrincipalAuthenticatorImpl.authenticate", "416", (Object) this);
            SecurityLogger.logError("security.JSAS0310E", new Object[]{"PrincipalAuthenticatorImpl.authenticate", e9});
            bArr2[0] = 16;
            opaqueHolder2.value = bArr2;
            String message6 = e9.getMessage();
            if (message6 == null || message6.equals("")) {
                opaqueHolder.value = StringBytesConversion.getConvertedBytes("security.JSAS0310E");
            } else {
                opaqueHolder.value = StringBytesConversion.getConvertedBytes(message6);
            }
            return AuthenticationStatus.SecAuthFailure;
        }
    }

    @Override // com.ibm.ISecurityLocalObjectBaseL13Impl.PrincipalAuthenticatorImpl
    protected com.ibm.ISecurityLocalObjectBaseL13Impl.CredentialsImpl createDummyCreds(String str, byte[] bArr) {
        CredentialsImpl credentialsImpl = new CredentialsImpl(this._vault);
        createDummyCreds(str, bArr, credentialsImpl);
        return credentialsImpl;
    }

    @Override // com.ibm.ISecurityLocalObjectBaseL13Impl.PrincipalAuthenticatorImpl
    protected com.ibm.ISecurityLocalObjectBaseL13Impl.CredentialsImpl createUnauthenticatedCred() {
        if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.createUnauthenticatedCred", "Creating unauthenticated LocalOS credentials.");
        }
        CredentialsImpl credentialsImpl = new CredentialsImpl(this._vault);
        createUnauthenticatedCred(credentialsImpl);
        return credentialsImpl;
    }

    @Override // com.ibm.ISecurityLocalObjectBaseL13Impl.PrincipalAuthenticatorImpl, com.ibm.IExtendedSecurityPrivImpl.PrincipalAuthenticatorImpl, com.ibm.IExtendedSecurityPriv._PrincipalAuthenticatorImplBase, com.ibm.IExtendedSecurityPriv.PrincipalAuthenticatorOperations
    public AuthenticationStatus validate(int i, String str, byte[] bArr, Attribute[] attributeArr, CredentialsHolder credentialsHolder, OpaqueHolder opaqueHolder, OpaqueHolder opaqueHolder2) throws LoginFailed, InvalidAuthnMethod, InvalidAttributeType, DuplicateAttributeType {
        com.ibm.ISecurityLocalObjectBaseL13Impl.CredentialsImpl doPrivileged;
        if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.validate", new StringBuffer().append("Beginning to validate credential token for principal: ").append(str).append(".").toString());
        }
        long j = VaultImpl.getSecurityConfiguration().getrequestCredsExpiration();
        long j2 = 0;
        byte[] bArr2 = {100};
        credentialsHolder.value = null;
        opaqueHolder.value = null;
        opaqueHolder2.value = bArr2;
        String hostName = getHostName();
        String realmSecurityName = RealmSecurityName.getRealmSecurityName(str);
        String securityName = RealmSecurityName.getSecurityName(str);
        String realm = RealmSecurityName.getRealm(str);
        if (realm.length() == 0) {
            realm = RealmSecurityName.getRealm(VaultImpl.getSecurityConfiguration().getprincipalName());
            if (realm.length() == 0) {
                realm = hostName;
            }
            realmSecurityName = RealmSecurityName.getRealmSecurityName(realm, securityName);
        }
        if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.validate", new StringBuffer().append("Realm == \"").append(realm).append("\", realmSecurityName == \"").append(realmSecurityName).append("\".").toString());
        }
        if (!com.ibm.ISecurityLocalObjectBaseL13Impl.PrincipalAuthenticatorImpl._securityEnabled[0]) {
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.validate", "Security is disabled ... dummy LocalOS creds will be created.");
            }
            credentialsHolder.value = createDummyCreds(realmSecurityName, null);
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.validate", "Exiting validate with Success.");
            }
            return AuthenticationStatus.SecAuthSuccess;
        }
        CredentialsImpl credentialsImpl = new CredentialsImpl(this._vault);
        com.ibm.ISecurityLocalObjectBaseL13Impl.CredentialsImpl serverCred = getServerCred(this._authenticationTarget);
        if (serverCred == null) {
            if (createServerCred(this._authenticationTarget)) {
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.validate", "Establishing the server LocalOS creds ... dummy creds will be created.");
                }
                setServerCred(this._authenticationTarget, false, createDummyCreds(realmSecurityName, bArr));
                serverCred = getServerCred(this._authenticationTarget);
            } else {
                serverCred = getServerCred(4);
            }
        }
        if ((i & 131072) == 131072) {
            SecurityLogger.logError("security.JSAS0185E", new Object[]{"PrincipalAuthenticatorImpl.validate"});
            bArr2[0] = 11;
            opaqueHolder.value = StringBytesConversion.getConvertedBytes("security.JSAS0185E");
            opaqueHolder2.value = bArr2;
            return AuthenticationStatus.SecAuthFailure;
        }
        if (bArr == null || bArr.length == 0) {
            SecurityLogger.logError("security.JSAS0461E", new Object[]{"PrincipalAuthenticatorImpl.validate"});
            bArr2[0] = 6;
            opaqueHolder.value = StringBytesConversion.getConvertedBytes("security.JSAS0461E");
            opaqueHolder2.value = bArr2;
            return AuthenticationStatus.SecAuthFailure;
        }
        byte[] bArr3 = bArr;
        if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.validate", new StringBuffer().append((i & 262144) == 262144 ? "Authenticating with LocalOS credential token" : "Validating credential token with LocalOS").append(", realm/security_name == ").append(realm.length() == 0 ? "NULL" : realm).append("/").append(securityName.length() == 0 ? "NULL" : securityName).append(", cred token == ").append(SecurityConfiguration.mask(StringBytesConversion.getConvertedString(bArr3))).toString());
        }
        if ((i & 262144) == 262144) {
            CredentialsImpl credentialsImpl2 = new CredentialsImpl(this._vault);
            try {
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.validate", "Validation with the privilege associated with the supplied credential token.");
                }
                credentialsImpl2.set_credential_token(realmSecurityName, bArr3, 0L);
                doPrivileged = doPrivileged(credentialsImpl2);
            } catch (CredentialsNotSet e) {
                FFDCFilter.processException((Throwable) e, "com.ibm.ISecurityLocalObjectLocalOSImpl.PrincipalAuthenticatorImpl.validate", "922", (Object) this);
                SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.validate", "Error setting credential token in CredentialImpl.");
                SecurityLogger.traceException("PrincipalAuthenticatorImpl.validate", (Exception) e, 0, 0);
                bArr2[0] = 7;
                String message = e.getMessage();
                if (message == null || message.equals("")) {
                    opaqueHolder.value = StringBytesConversion.getConvertedBytes("Error setting credential token in CredentialImpl.");
                } else {
                    opaqueHolder.value = StringBytesConversion.getConvertedBytes(message);
                }
                opaqueHolder2.value = bArr2;
                return AuthenticationStatus.SecAuthFailure;
            }
        } else {
            doPrivileged = doPrivileged(serverCred);
        }
        AuthenticationResult authenticate = this._vault.getCommonSecurityServer(this._authenticationTarget).authenticate(realm, bArr3);
        WSCredential wSCredential = authenticate.get_auth_cred();
        bArr2[0] = (byte) authenticate.get_auth_fail_reason();
        opaqueHolder2.value = bArr2;
        opaqueHolder.value = StringBytesConversion.getConvertedBytes(authenticate.get_auth_fail_message());
        endPrivileged(doPrivileged);
        if (opaqueHolder2.value[0] != 100) {
            return AuthenticationStatus.SecAuthFailure;
        }
        try {
            credentialsImpl.set_attributes(buildCredAttributes(wSCredential, realmSecurityName, hostName).value);
            if (j != 0) {
                j2 = new Date().getTime() + j;
            }
            try {
                bArr3 = wSCredential.getCredentialToken();
            } catch (Exception e2) {
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.validate", "Exception extracting attributes from WSCredential.");
                    SecurityLogger.logException("PrincipalAuthenticatorImpl.validate", e2, 0, 0);
                }
                FFDCFilter.processException(e2, "com.ibm.ISecurityLocalObjectLocalOSImpl.PrincipalAuthenticatorImpl.validate", "1034", this);
            }
            try {
                credentialsImpl.set_credential_token(realmSecurityName, bArr3, j2);
                try {
                    credentialsImpl.setAttributForIdentityAssertion(VaultConstants.ClientAuthToken, StringBytesConversion.getConvertedBytes(realmSecurityName));
                    if ((i & 65536) == 65536) {
                        try {
                            this._vault.add_default_credentials(credentialsImpl);
                        } catch (InvalidCredential e3) {
                            FFDCFilter.processException((Throwable) e3, "com.ibm.ISecurityLocalObjectLocalOSImpl.PrincipalAuthenticatorImpl.validate", "1081", (Object) this);
                            SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.validate", "Error adding credentials to default credentials list.");
                            SecurityLogger.traceException("PrincipalAuthenticatorImpl.validate", (Exception) e3, 0, 0);
                            bArr2[0] = 7;
                            String message2 = e3.getMessage();
                            if (message2 == null || message2.equals("")) {
                                opaqueHolder.value = StringBytesConversion.getConvertedBytes("Error adding credentials to default credentials list.");
                            } else {
                                opaqueHolder.value = StringBytesConversion.getConvertedBytes(message2);
                            }
                            opaqueHolder2.value = bArr2;
                            return AuthenticationStatus.SecAuthFailure;
                        }
                    }
                    try {
                        this._vault.addEstablishedCredentials(credentialsImpl);
                        if (realmSecurityName.length() > 0) {
                            credentialsImpl.setUniqueID(realmSecurityName);
                        } else if (bArr3 != null && bArr3.length > 0) {
                            credentialsImpl.setUniqueID(StringBytesConversion.getConvertedString(bArr3));
                        }
                        if (SecurityLogger.debugTraceEnabled) {
                            SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.validate", "Exiting validate with Success.");
                        }
                        credentialsHolder.value = credentialsImpl;
                        return AuthenticationStatus.SecAuthSuccess;
                    } catch (InvalidCredential e4) {
                        FFDCFilter.processException((Throwable) e4, "com.ibm.ISecurityLocalObjectLocalOSImpl.PrincipalAuthenticatorImpl.validate", "1107", (Object) this);
                        SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.validate", "Error adding credentials to established credentials list.");
                        SecurityLogger.traceException("PrincipalAuthenticatorImpl.validate", (Exception) e4, 0, 0);
                        bArr2[0] = 7;
                        String message3 = e4.getMessage();
                        if (message3 == null || message3.equals("")) {
                            opaqueHolder.value = StringBytesConversion.getConvertedBytes("Error adding credentials to established credentials list.");
                        } else {
                            opaqueHolder.value = StringBytesConversion.getConvertedBytes(message3);
                        }
                        opaqueHolder2.value = bArr2;
                        return AuthenticationStatus.SecAuthFailure;
                    }
                } catch (Exception e5) {
                    FFDCFilter.processException(e5, "com.ibm.ISecurityLocalObjectLocalOSImpl.PrincipalAuthenticatorImpl.validate", "1053", this);
                    SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.validate", "Error setting Identity Type or Value in CredentialImpl.");
                    SecurityLogger.traceException("PrincipalAuthenticatorImpl.validate", e5, 0, 0);
                    bArr2[0] = 7;
                    String message4 = e5.getMessage();
                    if (message4 == null || message4.equals("")) {
                        opaqueHolder.value = StringBytesConversion.getConvertedBytes("Error setting Identity Type or Value in CredentialImpl.");
                    } else {
                        opaqueHolder.value = StringBytesConversion.getConvertedBytes(message4);
                    }
                    opaqueHolder2.value = bArr2;
                    return AuthenticationStatus.SecAuthFailure;
                }
            } catch (CredentialsNotSet e6) {
                FFDCFilter.processException((Throwable) e6, "com.ibm.ISecurityLocalObjectLocalOSImpl.PrincipalAuthenticatorImpl.validate", "1043", (Object) this);
                SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.validate", "Error setting credential token in CredentialImpl.");
                SecurityLogger.traceException("PrincipalAuthenticatorImpl.validate", (Exception) e6, 0, 0);
                bArr2[0] = 7;
                String message5 = e6.getMessage();
                if (message5 == null || message5.equals("")) {
                    opaqueHolder.value = StringBytesConversion.getConvertedBytes("Error setting credential token in CredentialImpl.");
                } else {
                    opaqueHolder.value = StringBytesConversion.getConvertedBytes(message5);
                }
                opaqueHolder2.value = bArr2;
                return AuthenticationStatus.SecAuthFailure;
            }
        } catch (DuplicateAttributeType e7) {
            FFDCFilter.processException((Throwable) e7, "com.ibm.ISecurityLocalObjectLocalOSImpl.PrincipalAuthenticatorImpl.validate", "998", (Object) this);
            SecurityLogger.logError("security.JSAS0355E", new Object[]{"PrincipalAuthenticatorImpl.validate", e7});
            bArr2[0] = 17;
            String message6 = e7.getMessage();
            if (message6 == null || message6.equals("")) {
                opaqueHolder.value = StringBytesConversion.getConvertedBytes("security.JSAS0355E");
            } else {
                opaqueHolder.value = StringBytesConversion.getConvertedBytes(message6);
            }
            opaqueHolder2.value = bArr2;
            return AuthenticationStatus.SecAuthFailure;
        } catch (InvalidAttributeType e8) {
            FFDCFilter.processException((Throwable) e8, "com.ibm.ISecurityLocalObjectLocalOSImpl.PrincipalAuthenticatorImpl.validate", "982", (Object) this);
            SecurityLogger.logError("security.JSAS0310E", new Object[]{"PrincipalAuthenticatorImpl.validate", e8});
            bArr2[0] = 16;
            String message7 = e8.getMessage();
            if (message7 == null || message7.equals("")) {
                opaqueHolder.value = StringBytesConversion.getConvertedBytes("security.JSAS0310E");
            } else {
                opaqueHolder.value = StringBytesConversion.getConvertedBytes(message7);
            }
            opaqueHolder2.value = bArr2;
            return AuthenticationStatus.SecAuthFailure;
        }
    }

    @Override // com.ibm.ISecurityLocalObjectBaseL13Impl.PrincipalAuthenticatorImpl
    public AuthenticationStatus simple_authenticate(String str, String str2) throws LoginFailed, InvalidAuthnMethod, InvalidAttributeType, DuplicateAttributeType {
        if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.simple_authenticate", new StringBuffer().append("Beginning to simple authenticate principal: ").append(str).append(".").append("Returning true for now").toString());
        }
        OpaqueHolder opaqueHolder = new OpaqueHolder();
        byte[] bArr = {100};
        opaqueHolder.value = bArr;
        AuthenticationResult authenticate = this._vault.getCommonSecurityServer(this._authenticationTarget).authenticate("myRealm", new BasicAuthData(str, str2), true);
        authenticate.get_auth_cred();
        bArr[0] = (byte) authenticate.get_auth_fail_reason();
        opaqueHolder.value = bArr;
        if (opaqueHolder.value[0] != 100) {
            return AuthenticationStatus.SecAuthFailure;
        }
        if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.simple_authenticate", new StringBuffer().append("Principal authenticated with LocalOS, SecurityName == ").append(str).toString());
        }
        return AuthenticationStatus.SecAuthSuccess;
    }

    @Override // com.ibm.ISecurityLocalObjectBaseL13Impl.PrincipalAuthenticatorImpl
    public AuthenticationStatus authenticateUser(int i, String str, byte[] bArr, Attribute[] attributeArr, CredentialsHolder credentialsHolder, OpaqueHolder opaqueHolder, OpaqueHolder opaqueHolder2, String str2) throws LoginFailed, InvalidAuthnMethod, InvalidAttributeType, DuplicateAttributeType {
        if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.authenticateUser", new StringBuffer().append("Beginning to authenticate principal: ").append(str).append(".").toString());
        }
        long j = VaultImpl.getSecurityConfiguration().getrequestCredsExpiration();
        long j2 = 0;
        byte[] bArr2 = {100};
        byte[] bArr3 = null;
        credentialsHolder.value = null;
        opaqueHolder.value = null;
        opaqueHolder2.value = bArr2;
        String hostName = getHostName();
        String realmSecurityName = RealmSecurityName.getRealmSecurityName(str);
        String securityName = RealmSecurityName.getSecurityName(str);
        String realm = RealmSecurityName.getRealm(str);
        if (realm.length() == 0) {
            realm = RealmSecurityName.getRealm(VaultImpl.getSecurityConfiguration().getprincipalName());
            if (realm.length() == 0) {
                realm = hostName;
            }
            realmSecurityName = RealmSecurityName.getRealmSecurityName(realm, securityName);
        }
        if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.authenticateUser", new StringBuffer().append("Realm == \"").append(realm).append("\", realmSecurityName == \"").append(realmSecurityName).append("\".").toString());
        }
        if (!com.ibm.ISecurityLocalObjectBaseL13Impl.PrincipalAuthenticatorImpl._securityEnabled[0]) {
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.authenticateUser", "Security is disabled ... dummy LocalOS creds will be created.");
            }
            credentialsHolder.value = createDummyCreds(realmSecurityName, null);
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.authenticateUser", "Exiting authenticate with Success.");
            }
            return AuthenticationStatus.SecAuthSuccess;
        }
        CredentialsImpl credentialsImpl = new CredentialsImpl(this._vault);
        com.ibm.ISecurityLocalObjectBaseL13Impl.CredentialsImpl serverCred = getServerCred(this._authenticationTarget);
        if (serverCred == null) {
            if (createServerCred(this._authenticationTarget)) {
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.authenticateUser", "Establishing the server LocalOS creds ... dummy LocalOS creds will be created.");
                }
                setServerCred(this._authenticationTarget, true, createDummyCreds(realmSecurityName, null));
                serverCred = getServerCred(this._authenticationTarget);
            } else {
                serverCred = getServerCred(4);
            }
        }
        if ((i & 131072) == 131072) {
            SecurityLogger.logError("security.JSAS0186E", new Object[]{"PrincipalAuthenticatorImpl.authenticateUser"});
            bArr2[0] = 10;
            opaqueHolder.value = StringBytesConversion.getConvertedBytes("security.JSAS0186E");
            opaqueHolder2.value = bArr2;
            return AuthenticationStatus.SecAuthFailure;
        }
        if (securityName.length() == 0) {
            SecurityLogger.logError("security.JSAS0190E", new Object[]{"PrincipalAuthenticatorImpl.authenticateUser"});
            bArr2[0] = 1;
            opaqueHolder.value = StringBytesConversion.getConvertedBytes("security.JSAS0190E");
            opaqueHolder2.value = bArr2;
            return AuthenticationStatus.SecAuthFailure;
        }
        if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.authenticateUser", new StringBuffer().append("Authenticating principal with LocalOS, realm/security_name == ").append(realm.length() == 0 ? "NULL" : realm).append("/").append(securityName).toString());
        }
        com.ibm.ISecurityLocalObjectBaseL13Impl.CredentialsImpl doPrivileged = doPrivileged(serverCred);
        AuthenticationResult authenticate = this._vault.getCommonSecurityServer(this._authenticationTarget).authenticate(securityName);
        WSCredential wSCredential = authenticate.get_auth_cred();
        bArr2[0] = (byte) authenticate.get_auth_fail_reason();
        opaqueHolder2.value = bArr2;
        opaqueHolder.value = StringBytesConversion.getConvertedBytes(authenticate.get_auth_fail_message());
        endPrivileged(doPrivileged);
        if (opaqueHolder2.value[0] != 100) {
            return AuthenticationStatus.SecAuthFailure;
        }
        try {
            credentialsImpl.set_attributes(buildCredAttributes(wSCredential, realmSecurityName, hostName).value);
            if (j != 0) {
                j2 = new Date().getTime() + j;
            }
            try {
                bArr3 = wSCredential.getCredentialToken();
            } catch (Exception e) {
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.authenticateUser", "Exception extracting attributes from WSCredential.");
                    SecurityLogger.logException("PrincipalAuthenticatorImpl.authenticateUser", e, 0, 0);
                }
                FFDCFilter.processException(e, "com.ibm.ISecurityLocalObjectLocalOSImpl.PrincipalAuthenticatorImpl.authenticateUser", "1563", this);
            }
            try {
                credentialsImpl.set_credential_token(realmSecurityName, bArr3, j2);
                try {
                    credentialsImpl.setAttributForIdentityAssertion(str2, bArr);
                    if ((i & 65536) == 65536) {
                        try {
                            this._vault.add_default_credentials(credentialsImpl);
                        } catch (InvalidCredential e2) {
                            FFDCFilter.processException((Throwable) e2, "com.ibm.ISecurityLocalObjectLocalOSImpl.PrincipalAuthenticatorImpl.authenticateUser", "1614", (Object) this);
                            SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.authenticateUser", "Error adding credentials to default credentials list.");
                            SecurityLogger.traceException("PrincipalAuthenticatorImpl.authenticateUser", (Exception) e2, 0, 0);
                            bArr2[0] = 7;
                            String message = e2.getMessage();
                            if (message == null || message.equals("")) {
                                opaqueHolder.value = StringBytesConversion.getConvertedBytes("Error adding credentials to default credentials list.");
                            } else {
                                opaqueHolder.value = StringBytesConversion.getConvertedBytes(message);
                            }
                            opaqueHolder2.value = bArr2;
                            return AuthenticationStatus.SecAuthFailure;
                        }
                    }
                    try {
                        this._vault.addEstablishedCredentials(credentialsImpl);
                        if (realmSecurityName.length() > 0) {
                            credentialsImpl.setUniqueID(realmSecurityName);
                        } else if (bArr3 != null && bArr3.length > 0) {
                            credentialsImpl.setUniqueID(StringBytesConversion.getConvertedString(bArr3));
                        }
                        if (SecurityLogger.debugTraceEnabled) {
                            SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.authenticateUser", "Exiting authenticate with Success.");
                        }
                        credentialsHolder.value = credentialsImpl;
                        return AuthenticationStatus.SecAuthSuccess;
                    } catch (InvalidCredential e3) {
                        FFDCFilter.processException((Throwable) e3, "com.ibm.ISecurityLocalObjectLocalOSImpl.PrincipalAuthenticatorImpl.authenticateUser", "1640", (Object) this);
                        SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.authenticateUser", "Error adding credentials to established credentials list.");
                        SecurityLogger.traceException("PrincipalAuthenticatorImpl.authenticateUser", (Exception) e3, 0, 0);
                        bArr2[0] = 7;
                        String message2 = e3.getMessage();
                        if (message2 == null || message2.equals("")) {
                            opaqueHolder.value = StringBytesConversion.getConvertedBytes("Error adding credentials to established credentials list.");
                        } else {
                            opaqueHolder.value = StringBytesConversion.getConvertedBytes(message2);
                        }
                        opaqueHolder2.value = bArr2;
                        return AuthenticationStatus.SecAuthFailure;
                    }
                } catch (Exception e4) {
                    FFDCFilter.processException(e4, "com.ibm.ISecurityLocalObjectLocalOSImpl.PrincipalAuthenticatorImpl.authenticateUser", "1582", this);
                    SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.authenticateUser", "Error setting Identity Type or Value in CredentialImpl.");
                    SecurityLogger.traceException("PrincipalAuthenticatorImpl.authenticateUser", e4, 0, 0);
                    bArr2[0] = 7;
                    String message3 = e4.getMessage();
                    if (message3 == null || message3.equals("")) {
                        opaqueHolder.value = StringBytesConversion.getConvertedBytes("Error setting Identity Type or Value in CredentialImpl.");
                    } else {
                        opaqueHolder.value = StringBytesConversion.getConvertedBytes(message3);
                    }
                    opaqueHolder2.value = bArr2;
                    return AuthenticationStatus.SecAuthFailure;
                }
            } catch (CredentialsNotSet e5) {
                FFDCFilter.processException((Throwable) e5, "com.ibm.ISecurityLocalObjectLocalOSImpl.PrincipalAuthenticatorImpl.authenticateUser", "1573", (Object) this);
                SecurityLogger.debugMessage("PrincipalAuthenticatorImpl.authenticateUser", "Error setting credential token in CredentialImpl.");
                SecurityLogger.traceException("PrincipalAuthenticatorImpl.authenticateUser", (Exception) e5, 0, 0);
                bArr2[0] = 7;
                String message4 = e5.getMessage();
                if (message4 == null || message4.equals("")) {
                    opaqueHolder.value = StringBytesConversion.getConvertedBytes("Error setting credential token in CredentialImpl.");
                } else {
                    opaqueHolder.value = StringBytesConversion.getConvertedBytes(message4);
                }
                opaqueHolder2.value = bArr2;
                return AuthenticationStatus.SecAuthFailure;
            }
        } catch (DuplicateAttributeType e6) {
            FFDCFilter.processException((Throwable) e6, "com.ibm.ISecurityLocalObjectLocalOSImpl.PrincipalAuthenticatorImpl.authenticateUser", "1527", (Object) this);
            SecurityLogger.logError("security.JSAS0355E", new Object[]{"PrincipalAuthenticatorImpl.authenticateUser", e6});
            bArr2[0] = 17;
            String message5 = e6.getMessage();
            if (message5 == null || message5.equals("")) {
                opaqueHolder.value = StringBytesConversion.getConvertedBytes("security.JSAS0355E");
            } else {
                opaqueHolder.value = StringBytesConversion.getConvertedBytes(message5);
            }
            opaqueHolder2.value = bArr2;
            return AuthenticationStatus.SecAuthFailure;
        } catch (InvalidAttributeType e7) {
            FFDCFilter.processException((Throwable) e7, "com.ibm.ISecurityLocalObjectLocalOSImpl.PrincipalAuthenticatorImpl.authenticateUser", "1511", (Object) this);
            SecurityLogger.logError("security.JSAS0310E", new Object[]{"PrincipalAuthenticatorImpl.authenticateUser", e7});
            bArr2[0] = 16;
            String message6 = e7.getMessage();
            if (message6 == null || message6.equals("")) {
                opaqueHolder.value = StringBytesConversion.getConvertedBytes("security.JSAS0310E");
            } else {
                opaqueHolder.value = StringBytesConversion.getConvertedBytes(message6);
            }
            opaqueHolder2.value = bArr2;
            return AuthenticationStatus.SecAuthFailure;
        }
    }
}
