package com.ibm.ISecurityLocalObjectBaseL13Impl;

import com.ibm.IExtendedSecurity._LoginHelper;
import com.ibm.ISecurityL13SupportImpl.SecurityLogger;
import com.ibm.ISecurityL13SupportImpl.SecurityMessages;
import com.ibm.ISecurityUtilityImpl.AuthenticationTarget;
import com.ibm.ISecurityUtilityImpl.CSIUtil;
import com.ibm.ISecurityUtilityImpl.SecurityMinorCodes;
import com.ibm.ws.ffdc.FFDCFilter;
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import org.omg.CORBA.Any;
import org.omg.CORBA.CompletionStatus;
import org.omg.CORBA.IntHolder;
import org.omg.CORBA.NO_PERMISSION;
import org.omg.Security.Attribute;
import org.omg.Security.AttributeType;
import org.omg.Security.CredentialType;
import org.omg.Security.DuplicateAttributeType;
import org.omg.Security.ExtensibleFamily;
import org.omg.Security.InvalidAttributeType;
import org.omg.Security.OpaqueHolder;
import org.omg.SecurityLevel2.Credentials;
import org.omg.SecurityLevel2.CredentialsHolder;
import org.omg.SecurityLevel2.InvalidCredential;
import org.omg.SecurityLevel2.LoginFailed;

/* loaded from: input_file:lib/sas.jar:com/ibm/ISecurityLocalObjectBaseL13Impl/CSICredentialsManager.class */
public class CSICredentialsManager {
    public synchronized Credentials getInvocationCredentials() {
        CredentialsImpl credentialsImpl;
        if (SecurityLogger.debugEntryEnabled) {
            SecurityLogger.debugEntry("CSICredentialsManager.getInvocationCredentials");
        }
        CSIUtil cSIUtil = new CSIUtil();
        try {
            credentialsImpl = (CredentialsImpl) cSIUtil.getCurrent().get_credentials(CredentialType.SecInvocationCredentials, true, false, null);
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSICredentialsManager.getInvocationCredentials", "96", this);
            SecurityLogger.debugMessage("CSICredentialsManager.getInvocationCredentials", "Java runtime exception while trying to get Invocation credentials from current.");
            SecurityLogger.logException("CSICredentialsManager.getInvocationCredentials", e, 0, 0);
            credentialsImpl = null;
        }
        if (credentialsImpl == null) {
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("CSICredentialsManager.getInvocationCredentials", "No Invocation Credential during Identity Assertion processing.  Return Unauthenticated credential");
            }
            if (SecurityLogger.debugEntryEnabled) {
                SecurityLogger.debugExit("CSICredentialsManager.getInvocationCredentials");
            }
            return cSIUtil.getCurrent().get_unauthenticated_credential();
        }
        if ((credentialsImpl instanceof com.ibm.ISecurityLocalObjectBasicAuthImpl.CredentialsImpl) && !credentialsImpl.isUnauthenticated()) {
            try {
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("CSICredentialsManager.getInvocationCredentials", "The invocation credential is either BasicAuth or GSSUP.");
                }
                credentialsImpl = (CredentialsImpl) credentialsImpl.get_mapped_credentials(null, "", null);
            } catch (Exception e2) {
                FFDCFilter.processException(e2, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSICredentialsManager.getInvocationCredentials", "132", this);
                if (SecurityLogger.traceEnabled) {
                    SecurityLogger.debugMessage("CSICredentialsManager.getInvocationCredentials", "Java runtime exception while trying to get get_mapped_credentials. Returning Unauthenticated credential");
                    SecurityLogger.logException("CSICredentialsManager.getInvocationCredentials", e2, 0, 0);
                }
                credentialsImpl = (CredentialsImpl) cSIUtil.getCurrent().get_unauthenticated_credential();
            }
        }
        if (credentialsImpl == null) {
            credentialsImpl = (CredentialsImpl) cSIUtil.getCurrent().get_unauthenticated_credential();
        }
        if (SecurityLogger.debugEntryEnabled) {
            SecurityLogger.debugExit("CSICredentialsManager.getInvocationCredentials");
        }
        return credentialsImpl;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public synchronized Credentials getClientCredentials(String str, String str2) throws Exception {
        String str3 = null;
        if (SecurityLogger.debugEntryEnabled) {
            SecurityLogger.debugEntry("CSICredentialsManager.getCredentials");
        }
        CredentialsImpl credentialsImpl = null;
        CSIUtil cSIUtil = new CSIUtil();
        try {
            credentialsImpl = (CredentialsImpl) cSIUtil.getCurrent().get_credentials(CredentialType.SecInvocationCredentials, true, false, null);
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSICredentialsManager.getClientCredentials", "184", this);
            str3 = "Java runtime exception while trying to get_credentials from current.";
            SecurityLogger.debugMessage("CSICredentialsManager.getCredentials", str3);
            SecurityLogger.logException("CSICredentialsManager.getCredentials", e, 0, 0);
        }
        if (credentialsImpl != null && credentialsImpl.isUnauthenticated()) {
            if (SecurityLogger.debugEntryEnabled) {
                SecurityLogger.debugExit("CSICredentialsManager.getCredentials");
            }
            return credentialsImpl;
        }
        if (credentialsImpl == null) {
            try {
                credentialsImpl = (CredentialsImpl) cSIUtil.getCurrent().get_credentials(CredentialType.SecOwnCredentials, false, false, null);
            } catch (Exception e2) {
                FFDCFilter.processException(e2, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSICredentialsManager.getClientCredentials", "217", this);
                str3 = "Java runtime exception while trying to get_credentials from current.";
                SecurityLogger.debugMessage("CSICredentialsManager.getCredentials", str3);
                SecurityLogger.logException("CSICredentialsManager.getCredentials", e2, 0, 0);
            }
        }
        if (credentialsImpl == null || !credentialsImpl.isForwardable(str)) {
            if (SecurityLogger.debugTraceEnabled) {
                str3 = new StringBuffer().append("There are no invocation credentials on the current thread; Login will be performed for ").append(str).append("/null").toString();
                SecurityLogger.debugMessage("CSICredentialsManager.getCredentials", str3);
            }
            _LoginHelper login_helper = cSIUtil.getCurrent().login_helper();
            if (login_helper == null) {
                SecurityLogger.logError("security.JSAS0020E", new Object[]{"CSICredentialsManager.getCredentials"});
                if (!SecurityLogger.debugEntryEnabled) {
                    return null;
                }
                SecurityLogger.debugExit("CSICredentialsManager.getCredentials");
                return null;
            }
            try {
                try {
                    credentialsImpl = (CredentialsImpl) AccessController.doPrivileged(new PrivilegedExceptionAction(this, login_helper, str) { // from class: com.ibm.ISecurityLocalObjectBaseL13Impl.CSICredentialsManager.1
                        private final _LoginHelper val$helper;
                        private final String val$realm;
                        private final CSICredentialsManager this$0;

                        {
                            this.this$0 = this;
                            this.val$helper = login_helper;
                            this.val$realm = str;
                        }

                        @Override // java.security.PrivilegedExceptionAction
                        public Object run() throws LoginFailed {
                            return (CredentialsImpl) ((LoginHelperImpl) this.val$helper).request_login_controlled((String) null, this.val$realm, (String) null, (CredentialsHolder) null, (OpaqueHolder) null, true, false);
                        }
                    });
                } catch (PrivilegedActionException e3) {
                    FFDCFilter.processException(e3, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSICredentialsManager.getClientCredentials", "276", this);
                    SecurityMessages.getMsgOrUseDefault("JSAS0240E", "JSAS0240E: Login failed.  Verify the userid/password is correct.  Check the properties file to ensure the login source is valid.  If this error occurs on the server, check the server properties to ensure the principalName has a valid realm and userid.");
                    throw e3.getException();
                }
            } catch (Exception e4) {
                FFDCFilter.processException(e4, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSICredentialsManager.getClientCredentials", "269", this);
                str3 = "security.JSAS0240E";
                SecurityLogger.logError(str3, new Object[]{"CSICredentialsManager.getCredentials", e4});
                credentialsImpl = null;
            } catch (LoginFailed e5) {
                FFDCFilter.processException((Throwable) e5, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSICredentialsManager.getClientCredentials", "262", (Object) this);
                SecurityLogger.logError("security.JSAS0240E", new Object[]{"CSICredentialsManager.getCredentials", e5});
                throw e5;
            }
        }
        if (credentialsImpl != null && !credentialsImpl.isInvalidByRejection() && !credentialsImpl.isForwardable()) {
            if (SecurityLogger.debugTraceEnabled) {
                str3 = "Resolved credentials is NOT forwardable. The credentials will be mapped.";
                SecurityLogger.debugMessage("CSICredentialsManager.getCredentials", str3);
            }
            if (credentialsImpl instanceof com.ibm.ISecurityLocalObjectLocalOSImpl.CredentialsImpl) {
                if (SecurityLogger.debugTraceEnabled) {
                    str3 = "LocalOS credentials is not forwardable.";
                    SecurityLogger.debugMessage("CSICredentialsManager.getCredentials", str3);
                }
                try {
                    Attribute[] attributeArr = credentialsImpl.get_attributes(new AttributeType[]{new AttributeType(new ExtensibleFamily((short) 0, (short) 1), 1)});
                    String str4 = new String(attributeArr[0].value);
                    if (SecurityLogger.debugTraceEnabled) {
                        str3 = (attributeArr.length <= 0 || attributeArr[0].value == null) ? "no Credential access id" : new StringBuffer().append("Credential access id is ").append(str4).toString();
                        SecurityLogger.debugMessage("CSICredentialsManager.getCredentials", str3);
                    }
                    if (str4 == null || str4.length() <= 0) {
                        if (SecurityLogger.debugTraceEnabled) {
                            SecurityLogger.debugMessage("CSICredentialsManager.getCredentials", "No security name found.  Return unauthenticated credential");
                        }
                        if (SecurityLogger.debugEntryEnabled) {
                            SecurityLogger.debugExit("CSICredentialsManager.getCredentials");
                        }
                        return cSIUtil.getCurrent().get_unauthenticated_credential();
                    }
                    credentialsImpl = (CredentialsImpl) VaultImpl.getInstance().getBasicAuthCred(str4);
                    if (credentialsImpl != null && credentialsImpl.isForwardable()) {
                        if (SecurityLogger.debugTraceEnabled) {
                            SecurityLogger.debugMessage("CSICredentialsManager.getCredentials", new StringBuffer().append("Return BasicAuth Credential.  Security_name: ").append(str4).toString());
                        }
                        if (SecurityLogger.debugEntryEnabled) {
                            SecurityLogger.debugExit("CSICredentialsManager.getCredentials");
                        }
                        return credentialsImpl;
                    }
                    if (credentialsImpl == null) {
                        if (SecurityLogger.debugTraceEnabled) {
                            SecurityLogger.debugMessage("CSICredentialsManager.getCredentials", "No matched BasicAuth credential for this LocalOS credentail.  Return Unauthenticated credential");
                        }
                        if (SecurityLogger.debugEntryEnabled) {
                            SecurityLogger.debugExit("CSICredentialsManager.getCredentials");
                        }
                        return cSIUtil.getCurrent().get_unauthenticated_credential();
                    }
                } catch (DuplicateAttributeType e6) {
                    FFDCFilter.processException((Throwable) e6, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSICredentialsManager.getClientCredentials", "383", (Object) this);
                    if (SecurityLogger.traceEnabled) {
                        str3 = SecurityMessages.getMsgOrUseDefault("TrcMsg405", "Unable to get client security name from credentials.");
                        SecurityLogger.traceMessage("CSICredentialsManager.getCredentials", str3);
                    }
                    SecurityLogger.logException("CSICredentialsManager.getCredentials", e6, 0, 0);
                } catch (InvalidAttributeType e7) {
                    FFDCFilter.processException((Throwable) e7, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSICredentialsManager.getClientCredentials", "373", (Object) this);
                    if (SecurityLogger.traceEnabled) {
                        str3 = SecurityMessages.getMsgOrUseDefault("TrcMsg405", "Unable to get client security name from credentials.");
                        SecurityLogger.traceMessage("CSICredentialsManager.getCredentials", str3);
                    }
                    SecurityLogger.logException("CSICredentialsManager.getCredentials", e7, 0, 0);
                }
            }
            try {
                Any any = null;
                if (credentialsImpl.isServer()) {
                    if (SecurityLogger.debugTraceEnabled) {
                        str3 = new StringBuffer().append("Server invokes downstream request to different target realm: ").append(str).toString();
                        SecurityLogger.debugMessage("CSICredentialsManager.getCredentials", str3);
                    }
                    any = cSIUtil.getORB().create_any();
                    any.insert_long(-18);
                }
                credentialsImpl = (CredentialsImpl) credentialsImpl.get_mapped_credentials(AuthenticationTarget.BasicAuthString, str, any);
            } catch (Exception e8) {
                FFDCFilter.processException(e8, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSICredentialsManager.getClientCredentials", "429", this);
                if (SecurityLogger.traceEnabled) {
                    str3 = "Java runtime exception while trying to get_mapped_credentials.";
                    SecurityLogger.debugMessage("CSICredentialsManager.getCredentials", str3);
                    SecurityLogger.logException("CSICredentialsManager.getCredentials", e8, 0, 0);
                }
                credentialsImpl = null;
            }
        }
        if (credentialsImpl != null && !credentialsImpl.isInvalidByRejection()) {
            try {
                if (credentialsImpl.is_valid(new IntHolder(0))) {
                    if (SecurityLogger.debugTraceEnabled) {
                        SecurityLogger.debugMessage("CSICredentialsManager.getCredentials", "Credentials are valid.");
                    }
                } else if (!credentialsImpl.isInvalidByExpiration() || !credentialsImpl.refresh()) {
                    if (SecurityLogger.debugTraceEnabled) {
                        str3 = "Cannot refresh the credentials.  Throwing a NO_PERMISSION.";
                        SecurityLogger.debugMessage("CSICredentialsManager.getCredentials", str3);
                    }
                    throw new NO_PERMISSION(str3, SecurityMinorCodes.CREDENTIAL_TOKEN_EXPIRED, CompletionStatus.COMPLETED_NO);
                }
            } catch (InvalidCredential e9) {
                FFDCFilter.processException((Throwable) e9, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSICredentialsManager.getClientCredentials", "473", (Object) this);
                SecurityLogger.logError("security.JSAS0202E", new Object[]{"CSICredentialsManager.getCredentials", e9});
                credentialsImpl = null;
            }
        } else if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("CSICredentialsManager.getCredentials", "Credentials are null or invalidated by rejection.");
        }
        if (SecurityLogger.debugEntryEnabled) {
            SecurityLogger.debugExit("CSICredentialsManager.getCredentials");
        }
        return credentialsImpl;
    }
}
