package com.ibm.ISecurityUtilityImpl;

import com.ibm.CSIv2Security.NotForwardableMechOID;
import com.ibm.IExtendedSecurity._LoginHelper;
import com.ibm.ISecurityL13SupportImpl.SecurityLogger;
import com.ibm.ISecurityLocalObjectBaseL13Impl.CredentialsImpl;
import com.ibm.ISecurityLocalObjectBaseL13Impl.CredentialsPackage.CredentialsNotSet;
import com.ibm.ISecurityLocalObjectBaseL13Impl.CurrentImpl;
import com.ibm.ISecurityLocalObjectBaseL13Impl.LoginHelperImpl;
import com.ibm.ISecurityLocalObjectBaseL13Impl.VaultImpl;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.GSSEncodeDecodeException;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.InvalidOIDException;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.OID;
import com.ibm.websphere.security.WebSphereRuntimePermission;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.auth.registry.URWSCredentialImpl;
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.List;
import org.omg.CORBA.IntHolder;
import org.omg.CORBA.StringHolder;
import org.omg.CSI.KRB5MechOID;
import org.omg.GSSUP.GSSUPMechOID;
import org.omg.Security.Attribute;
import org.omg.Security.AttributeType;
import org.omg.Security.DuplicateAttributeType;
import org.omg.Security.ExtensibleFamily;
import org.omg.Security.InvalidAttributeType;
import org.omg.Security.OpaqueHolder;
import org.omg.SecurityLevel2.Credentials;
import org.omg.SecurityLevel2.CredentialsHolder;
import org.omg.SecurityLevel2.LoginFailed;

/* loaded from: input_file:lib/sas.jar:com/ibm/ISecurityUtilityImpl/CredentialsHelper.class */
public class CredentialsHelper {
    protected static final int PUBLIC = 0;
    protected static final int ACCESSID = 1;
    protected static final int PRIMARYGROUPID = 2;
    protected static final int GROUPID = 3;
    protected static final int ROLE = 4;
    protected static final int HOSTNAME = 5;
    protected static final short ibm_family_definer = 8;
    protected static final short ibm_family = 2;
    protected static final short omg_family_definer = 0;
    protected static final short omg_family = 1;
    private static final int omg_attribute_count = 5;
    private static final int ibm_attribute_count = 1;
    private static final int max_attribute_count = 6;
    private static IntHolder expiry_time_now = new IntHolder(0);
    public static VaultImpl vault = null;
    public static CurrentImpl current = null;
    private static final WebSphereRuntimePermission perm = new WebSphereRuntimePermission("SecurityContext");
    protected static AttributeType[] secAttrType = new AttributeType[6];

    public static String getUserName(CredentialsImpl credentialsImpl) {
        String str = "";
        if (credentialsImpl != null) {
            try {
                if (credentialsImpl.is_valid(expiry_time_now)) {
                    str = StringBytesConversion.getConvertedString(credentialsImpl.get_attributes(secAttrType)[0].value);
                }
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ISecurityUtilityImpl.CredentialsHelper.getUserName", "111");
                SecurityLogger.debugMessage("CredentialsHelper.getUserName", "Exception reading string from credential.");
                SecurityLogger.traceException("CredentialsHelper.getUserName", e, 0, 0);
            }
        }
        if (str == null) {
            str = new String("");
        }
        return str;
    }

    public static void setUserName(CredentialsImpl credentialsImpl, String str) {
        if (credentialsImpl != null) {
            try {
                if (credentialsImpl.is_valid(expiry_time_now)) {
                    Attribute[] attributeArr = credentialsImpl.get_attributes(secAttrType);
                    attributeArr[0].value = StringBytesConversion.getConvertedBytes(str);
                    credentialsImpl.set_attributes(attributeArr);
                }
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ISecurityUtilityImpl.CredentialsHelper.setUserName", "136");
                SecurityLogger.debugMessage("CredentialsHelper.setUserName", "Exception setting string in credential.");
                SecurityLogger.traceException("CredentialsHelper.setUserName", e, 0, 0);
            }
        }
    }

    public static byte[] getUserNameBytes(CredentialsImpl credentialsImpl) {
        byte[] bArr = null;
        if (credentialsImpl != null) {
            try {
                if (credentialsImpl.is_valid(expiry_time_now)) {
                    bArr = credentialsImpl.get_attributes(secAttrType)[0].value;
                }
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ISecurityUtilityImpl.CredentialsHelper.getUserNameBytes", "162");
                SecurityLogger.debugMessage("CredentialsHelper.getUserNameBytes", "Exception reading bytes from credential.");
                SecurityLogger.traceException("CredentialsHelper.getUserNameBytes", e, 0, 0);
            }
        }
        if (bArr == null) {
            bArr = new byte[0];
        }
        return bArr;
    }

    public static void setUserNameBytes(CredentialsImpl credentialsImpl, byte[] bArr) {
        if (credentialsImpl != null) {
            try {
                if (credentialsImpl.is_valid(expiry_time_now)) {
                    Attribute[] attributeArr = credentialsImpl.get_attributes(secAttrType);
                    attributeArr[0].value = bArr;
                    credentialsImpl.set_attributes(attributeArr);
                }
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ISecurityUtilityImpl.CredentialsHelper.setUserNameBytes", "187");
                SecurityLogger.debugMessage("CredentialsHelper.setUserNameBytes", "Exception writing bytes to credential.");
                SecurityLogger.traceException("CredentialsHelper.setUserNameBytes", e, 0, 0);
            }
        }
    }

    public static String getAccessID(CredentialsImpl credentialsImpl) {
        String str = "";
        if (credentialsImpl != null) {
            try {
                if (credentialsImpl.is_valid(expiry_time_now)) {
                    str = StringBytesConversion.getConvertedString(credentialsImpl.get_attributes(secAttrType)[1].value);
                }
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ISecurityUtilityImpl.CredentialsHelper.getAccessID", "212");
                SecurityLogger.debugMessage("CredentialsHelper.getAccessID", "Exception reading accessID from credential.");
                SecurityLogger.traceException("CredentialsHelper.getAccessID", e, 0, 0);
            }
        }
        if (str == null) {
            str = new String("");
        }
        return str;
    }

    public static void setAccessID(CredentialsImpl credentialsImpl, String str) {
        if (credentialsImpl != null) {
            try {
                if (credentialsImpl.is_valid(expiry_time_now)) {
                    Attribute[] attributeArr = credentialsImpl.get_attributes(secAttrType);
                    attributeArr[1].value = StringBytesConversion.getConvertedBytes(str);
                    credentialsImpl.set_attributes(attributeArr);
                }
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ISecurityUtilityImpl.CredentialsHelper.setAccessID", "239");
                SecurityLogger.debugMessage("CredentialsHelper.setAccessID", "Exception writing accessID to credential.");
                SecurityLogger.traceException("CredentialsHelper.setAccessID", e, 0, 0);
            }
        }
    }

    public static byte[] getAccessIDBytes(CredentialsImpl credentialsImpl) {
        byte[] bArr = null;
        if (credentialsImpl != null) {
            try {
                if (credentialsImpl.is_valid(expiry_time_now)) {
                    bArr = credentialsImpl.get_attributes(secAttrType)[1].value;
                }
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ISecurityUtilityImpl.CredentialsHelper.getAccessIDBytes", "263");
                SecurityLogger.debugMessage("CredentialsHelper.getAccessIDBytes", "Exception reading string from credential.");
                SecurityLogger.traceException("CredentialsHelper.getAccessIDBytes", e, 0, 0);
            }
        }
        if (bArr == null) {
            bArr = new byte[0];
        }
        return bArr;
    }

    public static void setAccessIDBytes(CredentialsImpl credentialsImpl, byte[] bArr) {
        if (credentialsImpl != null) {
            try {
                if (credentialsImpl.is_valid(expiry_time_now)) {
                    Attribute[] attributeArr = credentialsImpl.get_attributes(secAttrType);
                    attributeArr[1].value = bArr;
                    credentialsImpl.set_attributes(attributeArr);
                }
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ISecurityUtilityImpl.CredentialsHelper.getAccessIDBytes", "290");
                SecurityLogger.debugMessage("CredentialsHelper.setAccessIDBytes", "Exception writing accessId bytes to credential.");
                SecurityLogger.traceException("CredentialsHelper.setAccessIDBytes", e, 0, 0);
            }
        }
    }

    public static String getPrimaryGroupID(CredentialsImpl credentialsImpl) {
        String str = "";
        if (credentialsImpl != null) {
            try {
                if (credentialsImpl.is_valid(expiry_time_now)) {
                    str = StringBytesConversion.getConvertedString(credentialsImpl.get_attributes(secAttrType)[2].value);
                }
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ISecurityUtilityImpl.CredentialsHelper.getPrimaryGroupID", "323");
                SecurityLogger.debugMessage("CredentialsHelper.getPrimaryGroupID", "Exception reading string from credential.");
                SecurityLogger.traceException("CredentialsHelper.getPrimaryGroupID", e, 0, 0);
            }
        }
        if (str == null) {
            str = new String("");
        }
        return str;
    }

    public static void setPrimaryGroupID(CredentialsImpl credentialsImpl, String str) {
        if (credentialsImpl != null) {
            try {
                if (credentialsImpl.is_valid(expiry_time_now)) {
                    Attribute[] attributeArr = credentialsImpl.get_attributes(secAttrType);
                    attributeArr[2].value = StringBytesConversion.getConvertedBytes(str);
                    credentialsImpl.set_attributes(attributeArr);
                }
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ISecurityUtilityImpl.CredentialsHelper.setPrimaryGroupID", "350");
                SecurityLogger.debugMessage("CredentialsHelper.setPrimaryGroupID", "Exception writing primaryGroupId to credential.");
                SecurityLogger.traceException("CredentialsHelper.setPrimaryGroupID", e, 0, 0);
            }
        }
    }

    public static byte[] getPrimaryGroupIDBytes(CredentialsImpl credentialsImpl) {
        byte[] bArr = null;
        if (credentialsImpl != null) {
            try {
                if (credentialsImpl.is_valid(expiry_time_now)) {
                    bArr = credentialsImpl.get_attributes(secAttrType)[2].value;
                }
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ISecurityUtilityImpl.CredentialsHelper.getPrimaryGroupIDBytes", "376");
                SecurityLogger.debugMessage("CredentialsHelper.getPrimaryGroupIDBytes", "Exception reading string from credential.");
                SecurityLogger.traceException("CredentialsHelper.getPrimaryGroupIDBytes", e, 0, 0);
            }
        }
        if (bArr == null) {
            bArr = new byte[0];
        }
        return bArr;
    }

    public static void setPrimaryGroupIDBytes(CredentialsImpl credentialsImpl, byte[] bArr) {
        if (credentialsImpl != null) {
            try {
                if (credentialsImpl.is_valid(expiry_time_now)) {
                    Attribute[] attributeArr = credentialsImpl.get_attributes(secAttrType);
                    attributeArr[2].value = bArr;
                    credentialsImpl.set_attributes(attributeArr);
                }
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ISecurityUtilityImpl.CredentialsHelper.setPrimaryGroupIDBytes", "402");
                SecurityLogger.debugMessage("CredentialsHelper.setPrimaryGroupIDBytes", "Exception writing primaryGroupID bytes to credential.");
                SecurityLogger.traceException("CredentialsHelper.setPrimaryGroupIDBytes", e, 0, 0);
            }
        }
    }

    public static ArrayList getGroupIDs(CredentialsImpl credentialsImpl) {
        String[] attributeStringArray;
        ArrayList arrayList = new ArrayList();
        if (credentialsImpl != null) {
            try {
                if (credentialsImpl.is_valid(expiry_time_now) && (attributeStringArray = SecurityAttributeList.getAttributeStringArray(credentialsImpl.get_attributes(secAttrType)[3].value)) != null) {
                    for (String str : attributeStringArray) {
                        arrayList.add(str);
                    }
                }
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ISecurityUtilityImpl.CredentialsHelper.getGroupIDs", "433");
                SecurityLogger.debugMessage("CredentialsHelper.getGroupIDs", "Exception reading string array from credential.");
                SecurityLogger.traceException("CredentialsHelper.getGroupIDs", e, 0, 0);
            }
        }
        return arrayList;
    }

    public static void setGroupIDs(CredentialsImpl credentialsImpl, ArrayList arrayList) {
        if (credentialsImpl != null) {
            try {
                if (credentialsImpl.is_valid(expiry_time_now)) {
                    Attribute[] attributeArr = credentialsImpl.get_attributes(secAttrType);
                    String[] strArr = new String[0];
                    if (arrayList != null) {
                        strArr = (String[]) arrayList.toArray(new String[0]);
                    }
                    attributeArr[3].value = SecurityAttributeList.getAttributeByteArray(strArr);
                    credentialsImpl.set_attributes(attributeArr);
                }
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ISecurityUtilityImpl.CredentialsHelper.setGroupIDs", "462");
                SecurityLogger.debugMessage("CredentialsHelper.setGroupIDs", "Exception writing groupIds to credential.");
                SecurityLogger.traceException("CredentialsHelper.setGroupIDs", e, 0, 0);
            }
        }
    }

    public static byte[] getGroupIDBytes(CredentialsImpl credentialsImpl) {
        byte[] bArr = null;
        if (credentialsImpl != null) {
            try {
                if (credentialsImpl.is_valid(expiry_time_now)) {
                    bArr = credentialsImpl.get_attributes(secAttrType)[3].value;
                }
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ISecurityUtilityImpl.CredentialsHelper.getGroupIDBytes", "489");
                SecurityLogger.debugMessage("CredentialsHelper.getGroupIDBytes", "Exception reading string array from credential.");
                SecurityLogger.traceException("CredentialsHelper.getGroupIDBytes", e, 0, 0);
            }
        }
        if (bArr == null) {
            bArr = new byte[0];
        }
        return bArr;
    }

    public static String getRole(CredentialsImpl credentialsImpl) {
        String str = "";
        if (credentialsImpl != null) {
            try {
                if (credentialsImpl.is_valid(expiry_time_now)) {
                    str = StringBytesConversion.getConvertedString(credentialsImpl.get_attributes(secAttrType)[4].value);
                }
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ISecurityUtilityImpl.CredentialsHelper.getRole", "517");
                SecurityLogger.debugMessage("CredentialsHelper.getRole", "Exception reading string from credential.");
                SecurityLogger.traceException("CredentialsHelper.getRole", e, 0, 0);
            }
        }
        if (str == null) {
            str = new String("");
        }
        return str;
    }

    public static String getHostName(CredentialsImpl credentialsImpl) {
        String str = "";
        if (credentialsImpl != null) {
            try {
                if (credentialsImpl.is_valid(expiry_time_now)) {
                    str = StringBytesConversion.getConvertedString(credentialsImpl.get_attributes(secAttrType)[5].value);
                }
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ISecurityUtilityImpl.CredentialsHelper.getHostName", "545");
                SecurityLogger.debugMessage("CredentialsHelper.getHostName", "Exception reading string from credential.");
                SecurityLogger.traceException("CredentialsHelper.getHostName", e, 0, 0);
            }
        }
        if (str == null) {
            str = new String("");
        }
        return str;
    }

    public static void setHostName(CredentialsImpl credentialsImpl, String str) {
        if (credentialsImpl != null) {
            try {
                if (credentialsImpl.is_valid(expiry_time_now)) {
                    Attribute[] attributeArr = credentialsImpl.get_attributes(secAttrType);
                    attributeArr[5].value = StringBytesConversion.getConvertedBytes(str);
                    credentialsImpl.set_attributes(attributeArr);
                }
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ISecurityUtilityImpl.CredentialsHelper.setHostName", "572");
                SecurityLogger.debugMessage("CredentialsHelper.setHostName", "Exception writing hostname to credential.");
                SecurityLogger.traceException("CredentialsHelper.setHostName", e, 0, 0);
            }
        }
    }

    public static final WSCredential mapCorbaToWS(CredentialsImpl credentialsImpl) {
        String authTargetToOid;
        if (credentialsImpl == null) {
            if (!SecurityLogger.debugTraceEnabled) {
                return null;
            }
            SecurityLogger.debugMessage("CredentialsImpl.mapCorbaToWS", "Credentials passed in to be mapped are NULL.");
            return null;
        }
        try {
            StringHolder stringHolder = new StringHolder();
            OpaqueHolder opaqueHolder = new OpaqueHolder();
            credentialsImpl.get_credential_token(stringHolder, opaqueHolder);
            VaultImpl vaultImpl = VaultImpl.getInstance();
            if (credentialsImpl instanceof com.ibm.ISecurityLocalObjectBasicAuthImpl.CredentialsImpl) {
                authTargetToOid = GSSUPMechOID.value;
            } else if (credentialsImpl instanceof com.ibm.ISecurityLocalObjectLTPAImpl.CredentialsImpl) {
                authTargetToOid = "oid:1.3.18.0.2.30.2";
            } else {
                if (!(credentialsImpl instanceof com.ibm.ISecurityLocalObjectTokenBaseImpl.CredentialsImpl)) {
                    if (!SecurityLogger.debugTraceEnabled) {
                        return null;
                    }
                    SecurityLogger.debugMessage("CredentialsImpl.mapCorbaToWS", "Invalid credential type.  Returning null.");
                    return null;
                }
                authTargetToOid = vaultImpl.getAuthenticationTarget().authTargetToOid(((com.ibm.ISecurityLocalObjectTokenBaseImpl.CredentialsImpl) credentialsImpl).getAuthType());
            }
            ArrayList arrayList = new ArrayList();
            arrayList.add(getRole(credentialsImpl));
            ArrayList groupIDs = getGroupIDs(credentialsImpl);
            return credentialsImpl instanceof com.ibm.ISecurityLocalObjectBasicAuthImpl.CredentialsImpl ? new URWSCredentialImpl(RealmSecurityName.getRealm(getUserName(credentialsImpl)), getUserName(credentialsImpl), StringBytesConversion.getConvertedString(opaqueHolder.value), authTargetToOid, getPrimaryGroupID(credentialsImpl), getAccessID(credentialsImpl), opaqueHolder.value, credentialsImpl.isForwardable(), credentialsImpl.getExpiration(), arrayList, groupIDs, credentialsImpl.getObject()) : new URWSCredentialImpl(RealmSecurityName.getRealm(getUserName(credentialsImpl)), getUserName(credentialsImpl), null, authTargetToOid, getPrimaryGroupID(credentialsImpl), getAccessID(credentialsImpl), opaqueHolder.value, credentialsImpl.isForwardable(), credentialsImpl.getExpiration(), arrayList, groupIDs, credentialsImpl.getObject());
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ISecurityUtilityImpl.CredentialsHelper.mapCorbaToWS", "431");
            if (!SecurityLogger.debugTraceEnabled) {
                return null;
            }
            SecurityLogger.debugMessage("CredentialsImpl.mapCorbaToWS", "Error getting credential token.");
            SecurityLogger.traceException("CredentialsImpl.mapCorbaToWS", e, 0, 0);
            return null;
        }
    }

    public static final Credentials mapWSToCorba(WSCredential wSCredential) {
        CredentialsImpl credentialsImpl;
        byte[] credentialToken;
        if (wSCredential == null) {
            if (!SecurityLogger.debugTraceEnabled) {
                return null;
            }
            SecurityLogger.debugMessage("CredentialsImpl.mapWSToCorba", "Credentials passed in to be mapped are NULL.");
            return null;
        }
        VaultImpl vaultImpl = VaultImpl.getInstance();
        try {
            if (OID.compareOIDs(wSCredential.getOID(), GSSUPMechOID.value)) {
                credentialsImpl = new com.ibm.ISecurityLocalObjectBasicAuthImpl.CredentialsImpl(vaultImpl);
            } else {
                if (!OID.compareOIDs(wSCredential.getOID(), "oid:1.3.18.0.2.30.2") && !OID.compareOIDs(wSCredential.getOID(), KRB5MechOID.value) && !OID.compareOIDs(wSCredential.getOID(), "oid:1.3.18.0.2.30.3") && !OID.compareOIDs(wSCredential.getOID(), NotForwardableMechOID.value)) {
                    if (SecurityLogger.debugTraceEnabled) {
                        SecurityLogger.debugMessage("CredentialsImpl.mapWSToCorba", new StringBuffer().append("Invalid OID encountered from the passed-in credential: ").append(wSCredential.getOID()).toString());
                    }
                    throw new InvalidOIDException(wSCredential.getOID());
                }
                credentialsImpl = new com.ibm.ISecurityLocalObjectTokenBaseImpl.CredentialsImpl(vaultImpl, wSCredential.getOID(), wSCredential.isForwardable());
            }
            String localHost = vaultImpl.getORB().getLocalHost();
            if (localHost == null || localHost.length() == 0) {
                localHost = "localHost";
            }
            String securityName = wSCredential.getSecurityName();
            Attribute[] attributeArr = new Attribute[6];
            for (int i = 0; i < 6; i++) {
                attributeArr[i] = new Attribute();
                attributeArr[i].attribute_type = new AttributeType();
                if (i == 5) {
                    attributeArr[i].attribute_type.attribute_family = new ExtensibleFamily((short) 8, (short) 2);
                } else {
                    attributeArr[i].attribute_type.attribute_family = new ExtensibleFamily((short) 0, (short) 1);
                }
                switch (i) {
                    case 0:
                        attributeArr[i].attribute_type.attribute_type = 1;
                        break;
                    case 1:
                        attributeArr[i].attribute_type.attribute_type = 2;
                        break;
                    case 2:
                        attributeArr[i].attribute_type.attribute_type = 3;
                        break;
                    case 3:
                        attributeArr[i].attribute_type.attribute_type = 4;
                        break;
                    case 4:
                        attributeArr[i].attribute_type.attribute_type = 5;
                        break;
                    default:
                        attributeArr[i].attribute_type.attribute_type = 2;
                        break;
                }
            }
            if (OID.compareOIDs(wSCredential.getOID(), GSSUPMechOID.value)) {
                attributeArr[0].value = StringBytesConversion.getConvertedBytes(securityName);
                attributeArr[1].value = attributeArr[0].value;
            } else {
                if (wSCredential.getSecurityName() != null && wSCredential.getSecurityName().length() > 0) {
                    String securityName2 = RealmSecurityName.getSecurityName(wSCredential.getSecurityName());
                    String realm = RealmSecurityName.getRealm(wSCredential.getSecurityName());
                    if (securityName2.length() > 0 && realm.length() > 0) {
                        securityName = RealmSecurityName.getRealmSecurityName(realm, securityName2);
                    }
                }
                attributeArr[0].value = StringBytesConversion.getConvertedBytes(securityName);
                attributeArr[1].value = StringBytesConversion.getConvertedBytes(wSCredential.getAccessId());
                attributeArr[2].value = StringBytesConversion.getConvertedBytes(wSCredential.getPrimaryGroupId());
                List groupIds = wSCredential.getGroupIds();
                String[] strArr = new String[0];
                if (groupIds != null) {
                    strArr = (String[]) groupIds.toArray(new String[0]);
                }
                attributeArr[3].value = SecurityAttributeList.getAttributeByteArray(strArr);
                List roles = wSCredential.getRoles();
                String[] strArr2 = new String[0];
                if (roles != null) {
                    strArr2 = (String[]) roles.toArray(new String[0]);
                }
                attributeArr[4].value = SecurityAttributeList.getAttributeByteArray(strArr2);
            }
            attributeArr[5].value = StringBytesConversion.getConvertedBytes(localHost);
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("CredentialsImpl.mapWSToCorba", new StringBuffer().append("Extracted  realmSecurityName == ").append(securityName).toString());
            }
            credentialsImpl.set_attributes(attributeArr);
            long expiration = wSCredential.getExpiration();
            if (expiration == -1) {
                expiration = 0;
            }
            if (credentialsImpl instanceof com.ibm.ISecurityLocalObjectTokenBaseImpl.CredentialsImpl) {
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("CredentialsImpl.mapWSToCorba", new StringBuffer().append("Mapping TokenBase cred expiration to: ").append(expiration).toString());
                }
                credentialsImpl.setExpiration(expiration);
            } else {
                credentialsImpl.setExpiration(0L);
            }
            if (credentialsImpl instanceof CredentialsImpl) {
                String password = wSCredential.getPassword();
                if (password == null || !(credentialsImpl instanceof com.ibm.ISecurityLocalObjectBasicAuthImpl.CredentialsImpl)) {
                    credentialToken = wSCredential.getCredentialToken();
                    if (SecurityLogger.debugTraceEnabled) {
                        SecurityLogger.debugMessage("CredentialsImpl.mapWSToCorba", "Password extracted from credential token.");
                    }
                } else {
                    credentialToken = StringBytesConversion.getConvertedBytes(password);
                    if (SecurityLogger.debugTraceEnabled) {
                        SecurityLogger.debugMessage("CredentialsImpl.mapWSToCorba", "Password extracted from password field.");
                    }
                }
                if (credentialToken == null) {
                    if (!SecurityLogger.debugTraceEnabled) {
                        return null;
                    }
                    SecurityLogger.debugMessage("CredentialsImpl.mapWSToCorba", "Credential token is null for both password and token.");
                    return null;
                }
                credentialsImpl.set_credential_token(securityName, credentialToken, credentialsImpl.getExpiration());
            }
            if (wSCredential.getObject() != null) {
                credentialsImpl.setObject(wSCredential.getObject());
            }
            credentialsImpl.setAttributForIdentityAssertion(VaultConstants.ClientAuthToken, StringBytesConversion.getConvertedBytes(securityName));
            return credentialsImpl;
        } catch (CredentialsNotSet e) {
            FFDCFilter.processException(e, "com.ibm.ISecurityUtilityImpl.CredentialsHelper.mapWSToCorba", "593");
            if (!SecurityLogger.debugTraceEnabled) {
                return null;
            }
            SecurityLogger.debugMessage("CredentialsImpl.mapWSToCorba", "Error setting credential token.");
            SecurityLogger.traceException("CredentialsImpl.mapWSToCorba", (Exception) e, 0, 0);
            return null;
        } catch (Exception e2) {
            FFDCFilter.processException(e2, "com.ibm.ISecurityUtilityImpl.CredentialsHelper.mapWSToCorba", "604");
            if (!SecurityLogger.debugTraceEnabled) {
                return null;
            }
            SecurityLogger.debugMessage("CredentialsImpl.mapWSToCorba", new StringBuffer().append(GSSEncodeDecodeException.exceptionCaughtStr).append(e2.toString()).toString());
            SecurityLogger.traceException("CredentialsImpl.mapWSToCorba", e2, 0, 0);
            return null;
        } catch (DuplicateAttributeType e3) {
            FFDCFilter.processException(e3, "com.ibm.ISecurityUtilityImpl.CredentialsHelper.mapWSToCorba", "586");
            SecurityLogger.logError("security.JSAS0355E", new Object[]{"CredentialsImpl.mapWSToCorba", e3});
            return null;
        } catch (InvalidAttributeType e4) {
            FFDCFilter.processException(e4, "com.ibm.ISecurityUtilityImpl.CredentialsHelper.mapWSToCorba", "579");
            SecurityLogger.logError("security.JSAS0310E", new Object[]{"CredentialsImpl.mapWSToCorba", e4});
            return null;
        }
    }

    public static CurrentImpl getCurrent() {
        if (vault == null) {
            vault = VaultImpl.getInstance();
        }
        if (vault != null && current == null) {
            current = vault.getCurrent();
        }
        return current;
    }

    public static Object runAsSystem(PrivilegedExceptionAction privilegedExceptionAction) throws PrivilegedActionException {
        return runAs(privilegedExceptionAction, "System");
    }

    public static Object runAsReceivedClient(PrivilegedExceptionAction privilegedExceptionAction) throws PrivilegedActionException {
        return runAs(privilegedExceptionAction, "ReceivedClient");
    }

    public static Object runAsClient(PrivilegedExceptionAction privilegedExceptionAction) throws PrivilegedActionException {
        return runAs(privilegedExceptionAction, "Client");
    }

    public static Object runAs(PrivilegedExceptionAction privilegedExceptionAction, String str) throws PrivilegedActionException {
        SecurityManager securityManager;
        if (ConfigURLProperties.isSecurityEnabled() && (securityManager = System.getSecurityManager()) != null) {
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("CredentialsHelper.runAs", new StringBuffer().append("Performing Java 2 Security Permission Check ...Expecting : ").append(perm.toString()).toString());
            }
            securityManager.checkPermission(perm);
        }
        Credentials credentials = null;
        Credentials credentials2 = null;
        if (ConfigURLProperties.isSecurityEnabled()) {
            try {
                Credentials credentials3 = null;
                if (str.equals("System")) {
                    credentials3 = getServerTokenCredential();
                    if (credentials3 != null) {
                        credentials2 = pushReceivedCredential(credentials3);
                    }
                } else if (str.equals("Client")) {
                    credentials3 = retrieveCredential();
                } else if (str.equals("ReceivedClient")) {
                    credentials3 = getReceivedCredential();
                }
                if (credentials3 != null) {
                    credentials = pushInvocationCredential(credentials3);
                }
            } catch (Exception e) {
                if (credentials != null) {
                    try {
                        popInvocationCredential(credentials);
                    } catch (Exception e2) {
                        if (credentials2 != null) {
                            popReceivedCredential(credentials2);
                        }
                        throw new PrivilegedActionException(e);
                    }
                }
                if (credentials2 != null) {
                    popReceivedCredential(credentials2);
                    credentials2 = null;
                }
                throw new PrivilegedActionException(e);
            }
        }
        try {
            Object run = privilegedExceptionAction.run();
            if (ConfigURLProperties.isSecurityEnabled()) {
                try {
                    popInvocationCredential(credentials);
                    if (credentials2 != null) {
                        popReceivedCredential(credentials2);
                        credentials2 = null;
                    }
                } catch (Exception e3) {
                    if (credentials != null) {
                        popInvocationCredential(credentials);
                    }
                    if (credentials2 != null) {
                        popReceivedCredential(credentials2);
                    }
                    throw new PrivilegedActionException(e3);
                }
            }
            return run;
        } catch (Exception e4) {
            if (ConfigURLProperties.isSecurityEnabled()) {
                if (credentials != null) {
                    try {
                        popInvocationCredential(credentials);
                    } catch (Exception e5) {
                        if (credentials2 != null) {
                            popReceivedCredential(credentials2);
                        }
                        throw new PrivilegedActionException(e4);
                    }
                }
                if (credentials2 != null) {
                    popReceivedCredential(credentials2);
                    credentials2 = null;
                }
            }
            throw new PrivilegedActionException(e4);
        }
    }

    private static Credentials getServerTokenCredential() {
        Credentials credentials = null;
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("CredentialsHelper.getServerTokenCredential", new StringBuffer().append("Performing Java 2 Security Permission Check ...Expecting : ").append(perm.toString()).toString());
            }
            securityManager.checkPermission(perm);
        }
        try {
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("CredentialsHelper.getServerTokenCredential", "Getting server basic auth credentials.");
            }
            String realm = VaultImpl.getInstance() != null ? RealmSecurityName.getRealm(VaultImpl.getSecurityConfiguration().getprincipalName()) : "";
            _LoginHelper _loginhelper = null;
            if (getCurrent() != null) {
                _loginhelper = getCurrent().login_helper();
            }
            if (_loginhelper != null) {
                try {
                    try {
                        credentials = (Credentials) AccessController.doPrivileged(new PrivilegedExceptionAction(_loginhelper, realm) { // from class: com.ibm.ISecurityUtilityImpl.CredentialsHelper.1
                            private final _LoginHelper val$helper;
                            private final String val$myRealm;

                            {
                                this.val$helper = _loginhelper;
                                this.val$myRealm = realm;
                            }

                            @Override // java.security.PrivilegedExceptionAction
                            public Object run() throws LoginFailed {
                                return ((LoginHelperImpl) this.val$helper).request_login_controlled((String) null, this.val$myRealm, (String) null, (CredentialsHolder) null, (OpaqueHolder) null, true, false);
                            }
                        });
                    } catch (PrivilegedActionException e) {
                        FFDCFilter.processException(e.getException(), "com.ibm.ws.security.core.SecurityContext.getServerTokenCredential", "607");
                        throw e.getException();
                    }
                } catch (Exception e2) {
                    if (SecurityLogger.debugTraceEnabled) {
                        SecurityLogger.debugMessage("CredentialsHelper.getServerTokenCredential", "Exception logging in to get server cred.");
                        SecurityLogger.traceException("CredentialsHelper.getServerTokenCredential", e2, 0, 0);
                    }
                    credentials = null;
                    FFDCFilter.processException(e2, "com.ibm.ws.security.core.SecurityContext.getServerTokenCredential", "628");
                } catch (LoginFailed e3) {
                    if (SecurityLogger.debugTraceEnabled) {
                        SecurityLogger.debugMessage("CredentialsHelper.getServerTokenCredential", "LoginFailed exception getting server cred.");
                        SecurityLogger.traceException("CredentialsHelper.getServerTokenCredential", (Exception) e3, 0, 0);
                    }
                    credentials = null;
                    FFDCFilter.processException(e3, "com.ibm.ws.security.core.SecurityContext.getServerTokenCredential", "619");
                }
            }
        } catch (Exception e4) {
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("CredentialsHelper.getServerTokenCredential", "unable to obtain own credential or credential expired");
                SecurityLogger.traceException("CredentialsHelper.getServerTokenCredential", e4, 0, 0);
            }
            credentials = null;
            FFDCFilter.processException(e4, "com.ibm.ws.security.core.SecurityContext.getServerTokenCredential", "639");
        }
        if (credentials != null) {
            return getActualCredential(credentials);
        }
        return null;
    }

    private static Credentials getActualCredential(Credentials credentials) {
        if (credentials instanceof com.ibm.ISecurityLocalObjectBasicAuthImpl.CredentialsImpl) {
            try {
                credentials = ((com.ibm.ISecurityLocalObjectBasicAuthImpl.CredentialsImpl) credentials).get_mapped_credentials(null, "", null);
            } catch (Exception e) {
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("CredentialsHelper.getActualCredential", "Exception occurred in getActualCredential");
                    SecurityLogger.traceException("CredentialsHelper.getActualCredential", e, 0, 0);
                }
                FFDCFilter.processException(e, "com.ibm.ws.security.core.SecurityContext.getActualCredential", "664");
            }
        }
        return credentials;
    }

    private static Credentials pushInvocationCredential(Credentials credentials) {
        Credentials credentials2 = null;
        try {
            credentials2 = getCurrent().get_credentials(org.omg.Security.CredentialType.SecInvocationCredentials);
            getCurrent().set_credentials(org.omg.Security.CredentialType.SecInvocationCredentials, credentials);
        } catch (Exception e) {
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("CredentialsHelper.pushInvocationCredential", "Exception occurred in pushInvocationCredential");
                SecurityLogger.traceException("CredentialsHelper.pushInvocationCredential", e, 0, 0);
            }
            FFDCFilter.processException(e, "com.ibm.ws.security.core.SecurityContext.pushInvocationCredential", "689");
        }
        return credentials2;
    }

    private static Credentials retrieveCredential() {
        Credentials receivedCredential = getReceivedCredential();
        if (receivedCredential == null) {
            receivedCredential = getInvocationCredential();
        }
        return receivedCredential;
    }

    private static void popInvocationCredential(Credentials credentials) {
        try {
            getCurrent().set_credentials(org.omg.Security.CredentialType.SecInvocationCredentials, credentials);
        } catch (Exception e) {
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("CredentialsHelper.popInvocationCredential", "Exception occurred in popInvocationCredential");
                SecurityLogger.traceException("CredentialsHelper.popInvocationCredential", e, 0, 0);
            }
            FFDCFilter.processException(e, "com.ibm.ws.security.core.SecurityContext.popInvocationCredential", "717");
        }
    }

    private static Credentials pushReceivedCredential(Credentials credentials) {
        Credentials credentials2 = null;
        try {
            credentials2 = getReceivedCredential();
            getCurrent().set_received_credentials(new Credentials[]{credentials});
        } catch (Exception e) {
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("CredentialsHelper.pushReceivedCredential", "Exception occurred in pushReceivedCredential");
                SecurityLogger.traceException("CredentialsHelper.pushReceivedCredential", e, 0, 0);
            }
            FFDCFilter.processException(e, "com.ibm.ws.security.core.SecurityContext.pushReceivedCredential", "1159");
        }
        return credentials2;
    }

    private static void popReceivedCredential(Credentials credentials) {
        try {
            getCurrent().set_received_credentials(new Credentials[]{credentials});
        } catch (Exception e) {
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("CredentialsHelper.popReceivedCredential", "Exception occurred in popReceivedCredential");
                SecurityLogger.traceException("CredentialsHelper.popReceivedCredential", e, 0, 0);
            }
            FFDCFilter.processException(e, "com.ibm.ws.security.core.SecurityContext.popReceivedCredential", "1179");
        }
    }

    private static Credentials getReceivedCredential() {
        Credentials[] credentialsArr = new Credentials[1];
        IntHolder intHolder = new IntHolder(0);
        boolean z = false;
        if (getCurrent() != null) {
            try {
                credentialsArr = getCurrent().received_credentials();
                if (credentialsArr != null && credentialsArr[0] != null) {
                    z = credentialsArr[0].is_valid(intHolder);
                }
            } catch (Exception e) {
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("CredentialsHelper.getReceivedCredential", "Unable to obtain received credential from getCurrent().");
                    SecurityLogger.traceException("CredentialsHelper.getReceivedCredential", e, 0, 0);
                }
                FFDCFilter.processException(e, "com.ibm.ws.security.core.SecurityContext.getReceivedCredential", "749");
                z = false;
            }
        }
        if (!z || credentialsArr == null || credentialsArr[0] == null) {
            return null;
        }
        return credentialsArr[0];
    }

    private static Credentials getInvocationCredential() {
        Credentials credentials = null;
        IntHolder intHolder = new IntHolder(0);
        boolean z = false;
        if (getCurrent() != null) {
            try {
                credentials = getCurrent().get_credentials(org.omg.Security.CredentialType.SecInvocationCredentials);
                if (credentials != null) {
                    z = credentials.is_valid(intHolder);
                }
            } catch (Exception e) {
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("CredentialsHelper.getInvocationCredential", "Unable to obtain invocation credential from getCurrent().");
                    SecurityLogger.traceException("CredentialsHelper.getInvocationCredential", e, 0, 0);
                }
                FFDCFilter.processException(e, "com.ibm.ws.security.core.SecurityContext.getInvocationCredential", "796");
                z = false;
            }
        }
        if (!z || credentials == null) {
            return null;
        }
        return credentials;
    }

    static {
        ExtensibleFamily extensibleFamily = new ExtensibleFamily((short) 0, (short) 1);
        ExtensibleFamily extensibleFamily2 = new ExtensibleFamily((short) 8, (short) 2);
        secAttrType[0] = new AttributeType(extensibleFamily, 1);
        secAttrType[1] = new AttributeType(extensibleFamily, 2);
        secAttrType[2] = new AttributeType(extensibleFamily, 3);
        secAttrType[3] = new AttributeType(extensibleFamily, 4);
        secAttrType[4] = new AttributeType(extensibleFamily, 5);
        secAttrType[5] = new AttributeType(extensibleFamily2, 2);
    }
}
