package com.ibm.websphere.security;

import com.ibm.CORBA.iiop.ORB;
import com.ibm.IExtendedSecurityPriv.PrincipalAuthenticator;
import com.ibm.ISecurityLocalObjectBaseL13Impl.CredentialsImpl;
import com.ibm.ISecurityLocalObjectBaseL13Impl.CurrentImpl;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.common.util.CORBAUtil;
import com.ibm.ws.security.common.util.CommonConstants;
import com.ibm.ws.security.core.SecurityContext;
import com.ibm.ws.security.util.Base64Coder;
import com.ibm.ws.security.util.Constants;
import com.ibm.ws.security.util.StringUtil;
import com.ibm.ws.webcontainer.srt.SRTConnectionContext;
import java.lang.reflect.Method;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.omg.CORBA.StringHolder;
import org.omg.Security.CredentialType;
import org.omg.Security.InvalidCredentialType;
import org.omg.Security.OpaqueHolder;
import org.omg.SecurityLevel2.Credentials;
import org.omg.SecurityLevel2.CredentialsHolder;
import org.omg.SecurityLevel2.InvalidCredential;
import org.omg.SecurityLevel2.LoginFailed;

/* loaded from: input_file:lib/wssec.jar:com/ibm/websphere/security/SSOAuthenticator.class */
public class SSOAuthenticator {
    String cookieName;
    String cookieDomain;
    String cookiePath;
    boolean isCookieSecure;
    boolean setSSODomain = true;
    private CurrentImpl current = null;
    private static Object lockObject = new Object();
    private static TraceComponent tc;
    static Class class$com$ibm$websphere$security$SSOAuthenticator;
    static Class class$java$lang$String;

    public SSOAuthenticator() throws IllegalStateException {
        try {
            init();
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.websphere.security.SSOAuthenticator.SSOAuthenticator", "92", this);
            throw new IllegalStateException();
        }
    }

    public Credentials login(String str, String str2, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws LoginFailed {
        return login(str, str2, httpServletRequest, httpServletResponse, true);
    }

    public Credentials login(String str, String str2, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z) throws LoginFailed {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "login");
        }
        Credentials login = login(str, str2, z);
        Cookie cookie = new Cookie(this.cookieName, getLTPACookieValue(login));
        if (this.setSSODomain) {
            cookie.setDomain(this.cookieDomain);
        } else if (tc.isEntryEnabled()) {
            Tr.debug(tc, new StringBuffer().append("No domain set for ").append(this.cookieName).append(" cookie").toString());
        }
        cookie.setPath(this.cookiePath);
        cookie.setMaxAge(-1);
        cookie.setSecure(this.isCookieSecure);
        httpServletResponse.addCookie(cookie);
        if (tc.isEntryEnabled()) {
            Tr.debug(tc, new StringBuffer().append(cookie.getName()).append(SRTConnectionContext.CONTENT_TYPE_SEPARATOR).append(cookie.getDomain()).append(SRTConnectionContext.CONTENT_TYPE_SEPARATOR).append(cookie.getValue()).toString());
            Tr.exit(tc, "login");
        }
        return login;
    }

    public void logout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "logout");
        }
        Cookie cookie = new Cookie(this.cookieName, "");
        if (this.setSSODomain) {
            cookie.setDomain(this.cookieDomain);
        } else if (tc.isEntryEnabled()) {
            Tr.debug(tc, new StringBuffer().append("No domain set for ").append(this.cookieName).append(" cookie").toString());
        }
        cookie.setPath(this.cookiePath);
        cookie.setSecure(this.isCookieSecure);
        cookie.setMaxAge(0);
        httpServletResponse.addCookie(cookie);
        if (tc.isEntryEnabled()) {
            Tr.debug(tc, new StringBuffer().append(cookie.getName()).append(SRTConnectionContext.CONTENT_TYPE_SEPARATOR).append(cookie.getDomain()).append(SRTConnectionContext.CONTENT_TYPE_SEPARATOR).append(cookie.getValue()).toString());
            Tr.exit(tc, "logout");
        }
    }

    public String getRefererURL(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getRefererURL");
        }
        String str = null;
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies != null) {
            int i = 0;
            while (true) {
                if (i >= cookies.length) {
                    break;
                }
                if (Constants.REFERER_URL_COOKIENAME.equals(cookies[i].getName())) {
                    str = cookies[i].getValue();
                    Cookie cookie = new Cookie(Constants.REFERER_URL_COOKIENAME, "");
                    if (this.setSSODomain) {
                        cookie.setDomain(this.cookieDomain);
                    } else if (tc.isEntryEnabled()) {
                        Tr.debug(tc, "No domain set for WASReqURL cookie");
                    }
                    cookie.setPath(this.cookiePath);
                    cookie.setSecure(this.isCookieSecure);
                    cookie.setMaxAge(0);
                    httpServletResponse.addCookie(cookie);
                } else {
                    i++;
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getRefererURL");
        }
        return str;
    }

    public String getSSOCookieName() {
        return this.cookieName;
    }

    public String getLTPACookieValue(Credentials credentials) {
        byte[] bArr = null;
        StringHolder stringHolder = new StringHolder();
        OpaqueHolder opaqueHolder = new OpaqueHolder();
        if (0 == 0) {
            try {
                ((CredentialsImpl) credentials).get_credential_token(stringHolder, opaqueHolder);
                bArr = opaqueHolder.value;
                if (bArr != null) {
                    if (bArr.length == 0) {
                        bArr = null;
                    }
                }
            } catch (Exception e) {
                if (tc.isEntryEnabled()) {
                    Tr.debug(tc, e.getMessage(), e);
                }
                FFDCFilter.processException(e, "com.ibm.websphere.security.SSOAuthenticator.getLTPACookieValue", "292", this);
            }
        }
        return Base64Coder.base64Encode(StringUtil.toString(bArr));
    }

    private void init() throws Exception {
        obtainSSOProperties();
        this.current = getSecurityCurrent();
    }

    private CurrentImpl getSecurityCurrent() throws IllegalStateException {
        try {
            ORB orb = CORBAUtil.getORB();
            if (orb != null) {
                return (CurrentImpl) orb.resolve_initial_references(CommonConstants.SECURITY_CURRENT);
            }
            throw new IllegalStateException("SecurityCurrent: null");
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.websphere.security.SSOAuthenticator.getSecurityCurrent", "336", this);
            throw new IllegalStateException("Error getting SecurityCurrent from the ORB");
        }
    }

    private static Credentials getOwnedCredentials() {
        Credentials credentials = null;
        try {
            credentials = SecurityContext.getCurrent().get_credentials(CredentialType.SecOwnCredentials);
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.websphere.security.SSOAuthenticator.getOwnedCredentials", "384");
        }
        return credentials;
    }

    private static Credentials beginPrivileged(Credentials credentials) throws InvalidCredentialType, InvalidCredential {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "beginPrivileged");
        }
        CurrentImpl current = SecurityContext.getCurrent();
        Credentials credentials2 = current.get_credentials(CredentialType.SecInvocationCredentials);
        current.set_credentials(CredentialType.SecInvocationCredentials, credentials);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "beginPrivileged");
        }
        return credentials2;
    }

    private static void endPrivileged(Credentials credentials) throws InvalidCredentialType, InvalidCredential {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "endPrivileged");
        }
        SecurityContext.getCurrent().set_credentials(CredentialType.SecInvocationCredentials, credentials);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "endPrivileged");
        }
    }

    private void obtainSSOProperties() throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "obtainSSOProperties");
        }
        this.cookieDomain = getCookieDomain();
        this.cookieName = Constants.LTPA_COOKIENAME;
        this.cookiePath = "/";
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "obtainSSOProperties");
        }
    }

    private String getCookieDomain() throws Exception {
        Class<?> cls;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getCookieDomain");
        }
        try {
            Class<?> cls2 = Class.forName("com.ibm.ws.security.core.SecurityConfig");
            Method method = cls2.getMethod("getConfig", null);
            Class<?>[] clsArr = new Class[1];
            if (class$java$lang$String == null) {
                cls = class$("java.lang.String");
                class$java$lang$String = cls;
            } else {
                cls = class$java$lang$String;
            }
            clsArr[0] = cls;
            Method method2 = cls2.getMethod("getValue", clsArr);
            Object invoke = method.invoke(null, new Object[0]);
            String str = (String) method2.invoke(invoke, CommonConstants.SSO_DOMAIN);
            if (str == null) {
                str = "";
            }
            if (str != null && str.length() > 0) {
                str = str.trim();
                if (str.charAt(0) != '.') {
                    str = new StringBuffer().append(".").append(str).toString();
                }
            }
            Boolean bool = (Boolean) method2.invoke(invoke, CommonConstants.SSO_SSL);
            if (bool != null) {
                this.isCookieSecure = bool.booleanValue();
            }
            Boolean bool2 = (Boolean) method2.invoke(invoke, CommonConstants.SET_SSO_DOMAIN);
            if (bool2 != null) {
                this.setSSODomain = bool2.booleanValue();
            }
            if (str.length() < 1) {
                this.setSSODomain = false;
            }
            if (tc.isEntryEnabled()) {
                Tr.debug(tc, str);
                Tr.exit(tc, "getCookieDomain");
            }
            return str;
        } catch (ClassNotFoundException e) {
            e.printStackTrace();
            throw e;
        } catch (IllegalAccessException e2) {
            e2.printStackTrace();
            throw e2;
        } catch (NoSuchMethodException e3) {
            e3.printStackTrace();
            throw e3;
        }
    }

    private Credentials login(String str, String str2, boolean z) throws LoginFailed {
        try {
            PrincipalAuthenticator principalAuthenticator = (PrincipalAuthenticator) getSecurityCurrent().principal_authenticator(1);
            byte[] bArr = null;
            if (str2 != null) {
                bArr = str2.getBytes();
            }
            CredentialsHolder credentialsHolder = new CredentialsHolder();
            try {
                if (principalAuthenticator.authenticate(0, str, bArr, null, credentialsHolder, new OpaqueHolder(), new OpaqueHolder()).value() != 0) {
                    throw new LoginFailed();
                }
                return credentialsHolder.value;
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.websphere.security.SSOAuthenticator.login", "584", this);
                Tr.debug(tc, e.getMessage(), e);
                throw new LoginFailed();
            }
        } catch (ClassCastException e2) {
            FFDCFilter.processException(e2, "com.ibm.websphere.security.SSOAuthenticator.login", "553", this);
            Tr.debug(tc, e2.getMessage(), e2);
            throw new IllegalStateException("wrong type for PrincipalAuthenticator");
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$com$ibm$websphere$security$SSOAuthenticator == null) {
            cls = class$("com.ibm.websphere.security.SSOAuthenticator");
            class$com$ibm$websphere$security$SSOAuthenticator = cls;
        } else {
            cls = class$com$ibm$websphere$security$SSOAuthenticator;
        }
        tc = Tr.register(cls);
    }
}
