package com.ibm.ws.security.common.auth;

import com.ibm.ISecurityLocalObjectBaseL13Impl.CredentialsImpl;
import com.ibm.ISecurityLocalObjectBaseL13Impl.CredentialsPackage.CredentialsNotSet;
import com.ibm.ISecurityUtilityImpl.CredentialsHelper;
import com.ibm.ISecurityUtilityImpl.RealmSecurityName;
import com.ibm.ISecurityUtilityImpl.StringBytesConversion;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.security.auth.CredentialDestroyedException;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.ffdc.FFDCFilter;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;
import javax.security.auth.AuthPermission;
import javax.security.auth.DestroyFailedException;
import javax.security.auth.RefreshFailedException;
import javax.security.auth.login.CredentialExpiredException;
import org.omg.CORBA.IntHolder;
import org.omg.CORBA.StringHolder;
import org.omg.Security.OpaqueHolder;
import org.omg.SecurityLevel2.Credentials;
import org.omg.SecurityLevel2.InvalidCredential;

/* loaded from: input_file:lib/wssec.jar:com/ibm/ws/security/common/auth/WSCredentialImpl.class */
public abstract class WSCredentialImpl implements WSCredential {
    private Set privCredList;
    Credentials CORBACred;
    private static final AuthPermission DESTROY_PERMISSION = new AuthPermission("destroyCredential");
    static final AuthPermission REFRESH_PERMISSION = new AuthPermission("refreshCredential");
    private static final TraceComponent tc;
    static Class class$com$ibm$ws$security$common$auth$WSCredentialImpl;
    private boolean destroyed = false;
    private IntHolder expiry_time_now = new IntHolder(0);
    ArrayList roles = new ArrayList();
    final PrivilegedAction addCredAction = new PrivilegedAction(this) { // from class: com.ibm.ws.security.common.auth.WSCredentialImpl.2
        private final WSCredentialImpl this$0;

        {
            this.this$0 = this;
        }

        @Override // java.security.PrivilegedAction
        public Object run() {
            if (WSCredentialImpl.tc.isEntryEnabled()) {
                Tr.entry(WSCredentialImpl.tc, "addCredAction.run()");
            }
            if (this.this$0.privCredList != null && this.this$0.CORBACred != null && !this.this$0.privCredList.contains(this.this$0.CORBACred)) {
                this.this$0.privCredList.add(this.this$0.CORBACred);
                if (WSCredentialImpl.tc.isDebugEnabled()) {
                    Tr.debug(WSCredentialImpl.tc, "Added CORBA Credential to Subject's private credential list");
                }
            }
            if (!WSCredentialImpl.tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(WSCredentialImpl.tc, "addCredAction.run()");
            return null;
        }
    };
    final PrivilegedAction removeCredential = new PrivilegedAction(this) { // from class: com.ibm.ws.security.common.auth.WSCredentialImpl.1
        private final WSCredentialImpl this$0;

        {
            this.this$0 = this;
        }

        @Override // java.security.PrivilegedAction
        public Object run() {
            if (WSCredentialImpl.tc.isEntryEnabled()) {
                Tr.entry(WSCredentialImpl.tc, "removeCredential.run()");
            }
            if (this.this$0.privCredList != null && this.this$0.CORBACred != null && this.this$0.privCredList.contains(this.this$0.CORBACred)) {
                this.this$0.privCredList.remove(this.this$0.CORBACred);
                if (WSCredentialImpl.tc.isDebugEnabled()) {
                    Tr.debug(WSCredentialImpl.tc, "Removed CORBA Credential from Subject's private credential list");
                }
            }
            if (!WSCredentialImpl.tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(WSCredentialImpl.tc, "removeCredential.run()");
            return null;
        }
    };

    @Override // com.ibm.websphere.security.cred.WSCredential
    public String getRealmName() throws CredentialDestroyedException, CredentialExpiredException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getRealmName()");
        }
        _assert();
        String realm = RealmSecurityName.getRealm(CredentialsHelper.getUserName((CredentialsImpl) this.CORBACred));
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("getRealmName() -> ").append(realm).toString());
        }
        return realm;
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public void setRealmName(String str) throws CredentialDestroyedException, CredentialExpiredException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setRealmName()");
        }
        _assert();
        CredentialsHelper.setUserName((CredentialsImpl) this.CORBACred, new StringBuffer().append(str).append("/").append(RealmSecurityName.getSecurityName(CredentialsHelper.getUserName((CredentialsImpl) this.CORBACred))).toString());
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("setRealmName() -> ").append(getRealmName()).toString());
        }
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public String getSecurityName() throws CredentialDestroyedException, CredentialExpiredException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSecurityName()");
        }
        _assert();
        String securityName = RealmSecurityName.getSecurityName(CredentialsHelper.getUserName((CredentialsImpl) this.CORBACred));
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("getSecurityName() -> ").append(securityName).toString());
        }
        return securityName;
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public void setSecurityName(String str) throws CredentialDestroyedException, CredentialExpiredException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setSecurityName()");
        }
        _assert();
        String realm = RealmSecurityName.getRealm(CredentialsHelper.getUserName((CredentialsImpl) this.CORBACred));
        CredentialsHelper.setUserName((CredentialsImpl) this.CORBACred, new StringBuffer().append(realm).append("/").append(RealmSecurityName.getSecurityName(str)).toString());
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("setSecurityName() -> ").append(getSecurityName()).toString());
        }
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public String getPassword() throws CredentialDestroyedException, CredentialExpiredException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getPassword()");
        }
        _assert();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getPassword() -> XXXXXXXX");
        }
        if (!(this.CORBACred instanceof com.ibm.ISecurityLocalObjectBasicAuthImpl.CredentialsImpl)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Not a BasicAuth cred, returning null.");
            }
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "getPassword() -> null");
            return null;
        }
        StringHolder stringHolder = new StringHolder();
        OpaqueHolder opaqueHolder = new OpaqueHolder();
        try {
            ((CredentialsImpl) this.CORBACred).get_credential_token(stringHolder, opaqueHolder);
            return StringBytesConversion.getConvertedString(opaqueHolder.value);
        } catch (CredentialsNotSet e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.common.auth.WSCredentialImpl.getPassword", "197");
            return null;
        }
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public void setPassword(String str) throws CredentialDestroyedException, CredentialExpiredException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setPassword()");
        }
        _assert();
        if (!(this.CORBACred instanceof com.ibm.ISecurityLocalObjectBasicAuthImpl.CredentialsImpl)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Not a BasicAuth cred, not setting password.");
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "setPassword() -> failed");
                return;
            }
            return;
        }
        byte[] convertedBytes = StringBytesConversion.getConvertedBytes(str);
        try {
            ((CredentialsImpl) this.CORBACred).set_credential_token(CredentialsHelper.getUserName((CredentialsImpl) this.CORBACred), convertedBytes, 0L);
        } catch (CredentialsNotSet e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Setting password failed.");
            }
            FFDCFilter.processException(e, "com.ibm.ws.security.common.auth.WSCredentialImpl.setPassword", "250");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setPassword() -> XXXXXXXX");
        }
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public byte[] getCredentialToken() throws CredentialDestroyedException, CredentialExpiredException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getCredentialToken()");
        }
        _assert();
        if (!(this.CORBACred instanceof com.ibm.ISecurityLocalObjectTokenBaseImpl.CredentialsImpl) && !(this.CORBACred instanceof com.ibm.ISecurityLocalObjectLTPAImpl.CredentialsImpl)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Not a token based credential.");
            }
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "getCredentialToken()");
            return null;
        }
        StringHolder stringHolder = new StringHolder();
        OpaqueHolder opaqueHolder = new OpaqueHolder();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getCredentialToken()");
        }
        try {
            ((CredentialsImpl) this.CORBACred).get_credential_token(stringHolder, opaqueHolder);
            return opaqueHolder.value;
        } catch (CredentialsNotSet e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.common.auth.WSCredentialImpl.getCredentialToken", "313");
            return null;
        }
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public void setCredentialToken(byte[] bArr, long j) throws CredentialDestroyedException, CredentialExpiredException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setCredentialToken()");
        }
        _assert();
        if ((this.CORBACred instanceof com.ibm.ISecurityLocalObjectTokenBaseImpl.CredentialsImpl) || (this.CORBACred instanceof com.ibm.ISecurityLocalObjectLTPAImpl.CredentialsImpl)) {
            byte[] bArr2 = (byte[]) bArr.clone();
            try {
                ((CredentialsImpl) this.CORBACred).set_credential_token(CredentialsHelper.getUserName((CredentialsImpl) this.CORBACred), bArr2, j);
            } catch (CredentialsNotSet e) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Setting token failed.");
                }
                FFDCFilter.processException(e, "com.ibm.ws.security.common.auth.WSCredentialImpl.setCredentialToken", "373");
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Credential is not a token based credential.");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setCredentialToken()");
        }
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public String getHostName() throws CredentialDestroyedException, CredentialExpiredException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getHostName()");
        }
        _assert();
        String hostName = CredentialsHelper.getHostName((CredentialsImpl) this.CORBACred);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("getHostName() -> ").append(hostName).toString());
        }
        return hostName;
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public Object getObject() throws CredentialDestroyedException, CredentialExpiredException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getObject()");
        }
        _assert();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getObject()");
        }
        return ((CredentialsImpl) this.CORBACred).getObject();
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public void setObject(Object obj) throws CredentialDestroyedException, CredentialExpiredException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setObject()");
        }
        _assert();
        ((CredentialsImpl) this.CORBACred).setObject(obj);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setObject()");
        }
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public String getOID() throws CredentialDestroyedException, CredentialExpiredException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getOID()");
        }
        _assert();
        String oid = ((CredentialsImpl) this.CORBACred).getOID();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("getOID() -> ").append(oid).toString());
        }
        return oid;
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public void setOID(String str) throws CredentialDestroyedException, CredentialExpiredException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setOID()");
        }
        _assert();
        ((CredentialsImpl) this.CORBACred).setOID(str);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("setOID() -> ").append(str).toString());
        }
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public boolean isForwardable() throws CredentialDestroyedException, CredentialExpiredException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isForwardable()");
        }
        _assert();
        boolean isForwardable = ((CredentialsImpl) this.CORBACred).isForwardable();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("isForwardable() -> ").append(isForwardable).toString());
        }
        return isForwardable;
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public void setForwardable(boolean z) throws CredentialDestroyedException, CredentialExpiredException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setForwardable()");
        }
        _assert();
        ((CredentialsImpl) this.CORBACred).setForwardable(z);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("setForwardable() -> ").append(z).toString());
        }
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public long getExpiration() throws CredentialDestroyedException, CredentialExpiredException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getExpiration()");
        }
        _assert();
        long expiration = ((CredentialsImpl) this.CORBACred).getExpiration();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("getExpiration() -> ").append(expiration).toString());
        }
        return expiration;
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public void setExpiration(long j) throws CredentialDestroyedException, CredentialExpiredException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setExpiration()");
        }
        ((CredentialsImpl) this.CORBACred).setExpiration(j);
        _assert();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("setExpiration() -> ").append(((CredentialsImpl) this.CORBACred).getExpiration()).toString());
        }
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public String getPrimaryGroupId() throws CredentialDestroyedException, CredentialExpiredException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getPrimaryGroupId()");
        }
        _assert();
        String primaryGroupID = CredentialsHelper.getPrimaryGroupID((CredentialsImpl) this.CORBACred);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("getPrimaryGroupId() -> ").append(primaryGroupID).toString());
        }
        return primaryGroupID;
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public void setPrimaryGroupId(String str) throws CredentialDestroyedException, CredentialExpiredException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setPrimaryGroupId()");
        }
        _assert();
        CredentialsHelper.setPrimaryGroupID((CredentialsImpl) this.CORBACred, str);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("setPrimaryGroupId() -> ").append(getPrimaryGroupId()).toString());
        }
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public List getRoles() throws CredentialDestroyedException, CredentialExpiredException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getRoles()");
        }
        _assert();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getRoles()");
        }
        return (List) this.roles.clone();
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public void setRoles(List list) throws CredentialDestroyedException, CredentialExpiredException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setRoles()");
        }
        _assert();
        this.roles = (ArrayList) ((ArrayList) list).clone();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setRoles()");
        }
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public String getAccessId() throws CredentialDestroyedException, CredentialExpiredException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getAccessId()");
        }
        _assert();
        String accessID = CredentialsHelper.getAccessID((CredentialsImpl) this.CORBACred);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("getAccessId() -> ").append(accessID).toString());
        }
        return accessID;
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public void setAccessId(String str) throws CredentialDestroyedException, CredentialExpiredException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setAccessId()");
        }
        _assert();
        CredentialsHelper.setAccessID((CredentialsImpl) this.CORBACred, str);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("setAccessId() -> ").append(getAccessId()).toString());
        }
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public List getGroupIds() throws CredentialDestroyedException, CredentialExpiredException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getGroupIds()");
        }
        _assert();
        ArrayList groupIDs = CredentialsHelper.getGroupIDs((CredentialsImpl) this.CORBACred);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getGroupIds()");
        }
        return groupIDs;
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public void setGroupIds(List list) throws CredentialDestroyedException, CredentialExpiredException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setGroupIds()");
        }
        _assert();
        CredentialsHelper.setGroupIDs((CredentialsImpl) this.CORBACred, (ArrayList) list);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setGroupIds()");
        }
    }

    public boolean isCurrent() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isCurrent()");
        }
        boolean z = false;
        if (!isDestroyed()) {
            try {
                z = this.CORBACred.is_valid(this.expiry_time_now);
            } catch (InvalidCredential e) {
                z = false;
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Credential destroyed, return false");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("isCurrent() -> ").append(z).toString());
        }
        return z;
    }

    @Override // javax.security.auth.Destroyable
    public void destroy() throws DestroyFailedException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "destroy()");
        }
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(DESTROY_PERMISSION);
        }
        this.destroyed = true;
        AccessController.doPrivileged(this.removeCredential);
        this.CORBACred = null;
        _cleanup();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "destroy()");
        }
    }

    @Override // javax.security.auth.Destroyable
    public boolean isDestroyed() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isDestroyed()");
            Tr.exit(tc, new StringBuffer().append("isDestroyed() -> ").append(this.destroyed).toString());
        }
        return this.destroyed;
    }

    public Credentials getCORBACred() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getCORBACred()");
            Tr.exit(tc, "getCORBACred()");
        }
        return this.CORBACred;
    }

    public void setPrivateCredentialList(Set set) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setPrivateCredentialList(privCredList)");
            Tr.exit(tc, "setPrivateCredentialList(privCredList)");
        }
        this.privCredList = set;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public WSCredentialImpl(Credentials credentials) {
        this.CORBACred = null;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "WSCredentialImpl(CORBACred)");
        }
        if (credentials == null) {
            throw new NullPointerException("CORBA Credential is null");
        }
        this.CORBACred = credentials;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "WSCredentialImpl(CORBACred)");
        }
    }

    private final void _assert() throws CredentialDestroyedException, CredentialExpiredException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "_assert()");
        }
        if (isDestroyed()) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "_assert() --> destroyed");
            }
            throw new CredentialDestroyedException("Credential is destroyed, can not be used.");
        }
        if (!isCurrent()) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "_assert() --> expired");
            }
            throw new CredentialExpiredException("Credential is expired, please refresh.");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "_assert() --> normal");
        }
    }

    abstract void _cleanup();

    public abstract void refresh() throws RefreshFailedException;

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$com$ibm$ws$security$common$auth$WSCredentialImpl == null) {
            cls = class$("com.ibm.ws.security.common.auth.WSCredentialImpl");
            class$com$ibm$ws$security$common$auth$WSCredentialImpl = cls;
        } else {
            cls = class$com$ibm$ws$security$common$auth$WSCredentialImpl;
        }
        tc = Tr.register(cls);
    }
}
