package com.ibm.ws.security.core;

import com.ibm.CORBA.iiop.ORB;
import com.ibm.ISecurityLocalObjectBaseL13Impl.CurrentImpl;
import com.ibm.ISecurityLocalObjectBaseL13Impl.PrincipalAuthenticatorImpl;
import com.ibm.ISecurityLocalObjectBasicAuthImpl.CredentialsImpl;
import com.ibm.ISecurityUtilityImpl.CredentialsHelper;
import com.ibm.ISecurityUtilityImpl.StringBytesConversion;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.security.WebSphereRuntimePermission;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.common.util.CORBAUtil;
import com.ibm.ws.security.common.util.CommonConstants;
import java.lang.reflect.InvocationTargetException;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import org.omg.Security.AttributeType;
import org.omg.Security.CredentialType;
import org.omg.Security.ExtensibleFamily;
import org.omg.SecurityLevel2.Credentials;

/* loaded from: input_file:lib/security.jar:com/ibm/ws/security/core/SecurityContext.class */
public class SecurityContext {
    private static final TraceComponent tc;
    private static CurrentImpl current;
    private static Credentials[] creds;
    private static boolean need_to_get_security_config;
    private static String realm;
    protected static AttributeType[] accessIdAttr;
    protected static AttributeType[] publicAttr;
    private static boolean initContext;
    public static final String REALM_DELIMITER = "/";
    private static final WebSphereRuntimePermission perm;
    static Class class$com$ibm$ws$security$core$SecurityContext;
    static Class class$org$omg$SecurityLevel2$Credentials;

    public static void initContext() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initContext");
        }
        if (!initContext) {
            initContext = true;
            current = null;
            ORB orb = CORBAUtil.getORB();
            if (orb != null) {
                try {
                    current = (CurrentImpl) orb.resolve_initial_references(CommonConstants.SECURITY_CURRENT);
                    if (!current.isSecurityEnabled()) {
                        current = null;
                    }
                } catch (Throwable th) {
                    FFDCFilter.processException(th, "com.ibm.ws.security.core.SecurityContext.initContext", "63");
                    if (tc.isDebugEnabled()) {
                        String property = orb.getProperty("com.ibm.CORBA.securityEnabled");
                        if (property == null || !(property.equalsIgnoreCase("yes") || property.equalsIgnoreCase("true"))) {
                            Tr.debug(tc, "SecurityContext() : Security Is Not Set");
                        } else {
                            Tr.debug(tc, "SecurityContext", th);
                        }
                    }
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "initContext");
        }
    }

    public static CurrentImpl getCurrent() throws SecurityException {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Performing Java 2 Security Permission Check ...");
                Tr.debug(tc, new StringBuffer().append("Expecting : ").append(perm.toString()).toString());
            }
            securityManager.checkPermission(perm);
        }
        return current;
    }

    public static Credentials getActualCreds() throws SecurityException, Exception {
        Class<?> cls;
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Performing Java 2 Security Permission Check ...");
                Tr.debug(tc, new StringBuffer().append("Expecting : ").append(perm.toString()).toString());
            }
            securityManager.checkPermission(perm);
        }
        Credentials credentials = null;
        if (!isSecurityEnabled()) {
            return null;
        }
        Credentials credentials2 = current.get_credentials(CredentialType.SecOwnCredentials, false, false, null);
        try {
            Class<?> cls2 = Class.forName("com.ibm.ws.security.core.SecurityCollaborator");
            Class<?>[] clsArr = new Class[1];
            if (class$org$omg$SecurityLevel2$Credentials == null) {
                cls = class$("org.omg.SecurityLevel2.Credentials");
                class$org$omg$SecurityLevel2$Credentials = cls;
            } else {
                cls = class$org$omg$SecurityLevel2$Credentials;
            }
            clsArr[0] = cls;
            credentials = (Credentials) cls2.getMethod("getActualCredential", clsArr).invoke(null, credentials2);
        } catch (InvocationTargetException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.core.SecurityContext.getActualCreds", "106");
            Tr.error(tc, "security.SecurityContext.getActualCreds.invoke", new Object[]{e.getTargetException()});
        } catch (Exception e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.core.SecurityContext.getActualCreds", "109");
            Tr.error(tc, "security.SecurityContext.getActualCreds", new Object[]{e2});
        }
        if (credentials != null) {
            return credentials;
        }
        Tr.error(tc, "security.authn.error.owncred");
        throw new Exception("Authentication Failed");
    }

    public static void restoreOriginalCred(Credentials credentials) throws SecurityException {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Performing Java 2 Security Permission Check ...");
                Tr.debug(tc, new StringBuffer().append("Expecting : ").append(perm.toString()).toString());
            }
            securityManager.checkPermission(perm);
        }
        if (current == null) {
            return;
        }
        try {
            current.set_credentials(CredentialType.SecInvocationCredentials, credentials);
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.core.SecurityContext.restoreOriginalCred", "133");
            Tr.error(tc, "security.SecurityContext.restoreCreds");
        }
    }

    public static Credentials setSystemCred() throws SecurityException {
        Credentials credentials;
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Performing Java 2 Security Permission Check ...");
                Tr.debug(tc, new StringBuffer().append("Expecting : ").append(perm.toString()).toString());
            }
            securityManager.checkPermission(perm);
        }
        Credentials credentials2 = null;
        if (current == null) {
            return null;
        }
        try {
            credentials2 = current.get_credentials(CredentialType.SecInvocationCredentials, false, false, null);
            credentials = current.get_credentials(CredentialType.SecOwnCredentials, false, false, null);
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.core.SecurityContext.setSystemCred", "166");
            Tr.error(tc, "security.SecurityContext.setCreds");
        }
        if (credentials == null) {
            return null;
        }
        current.set_credentials(CredentialType.SecInvocationCredentials, credentials);
        return credentials2;
    }

    public static void enable() {
        enable(false);
    }

    public static void enable(boolean z) {
        if (creds == null && isSecurityEnabled()) {
            if (tc.isEntryEnabled()) {
                Tr.entry(tc, "enable");
            }
            try {
                PrincipalAuthenticatorImpl.enableSecurity(z);
                Credentials credentials = current.get_credentials(CredentialType.SecOwnCredentials);
                creds = new Credentials[]{credentials};
                if (credentials instanceof CredentialsImpl) {
                    ((CredentialsImpl) credentials).get_mapped_credentials(null, "", null);
                }
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.core.SecurityContext.enable", "193");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "", e);
                }
                current = null;
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "enable");
            }
        }
    }

    public static void initialize() {
        if (current != null) {
            current.initialize_requestor_context(creds);
        }
    }

    public static void destroy() {
        if (current != null) {
            current.clear_requestor_context();
        }
    }

    public static boolean isSecurityEnabled() {
        return current != null && current.isSecurityEnabled() && current.isSSLSecurityTagExported();
    }

    public static String getUser() {
        return getReceivedAttributeWeb(accessIdAttr);
    }

    public static String getOwnName() {
        return unqualifySecurityName(getOwnAttribute(publicAttr));
    }

    public static String getName() {
        return unqualifySecurityName(getCallerNameWeb());
    }

    public static String getCallerName() {
        Credentials[] received_credentials;
        AttributeType[] attributeTypeArr = publicAttr;
        if (current == null || (received_credentials = current.received_credentials()) == null || received_credentials[0] == null) {
            return null;
        }
        try {
            return StringBytesConversion.getConvertedString(received_credentials[0].get_attributes(attributeTypeArr)[0].value);
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.core.SecurityContext.getCallerName", "245");
            Tr.warning(tc, "security.web.cred.getAttrFail");
            return null;
        }
    }

    public static String getCallerNameWeb() {
        Credentials[] received_credentials;
        AttributeType[] attributeTypeArr = publicAttr;
        if (current == null || (received_credentials = current.received_credentials()) == null || received_credentials[0] == null) {
            return null;
        }
        try {
            if (((com.ibm.ISecurityLocalObjectBaseL13Impl.CredentialsImpl) received_credentials[0]).isUnauthenticated()) {
                return null;
            }
            return StringBytesConversion.getConvertedString(received_credentials[0].get_attributes(attributeTypeArr)[0].value);
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.core.SecurityContext.getCallerNameWeb", "271");
            Tr.warning(tc, "security.web.cred.getAttrFail");
            return null;
        }
    }

    protected static String getReceivedAttributeWeb(AttributeType[] attributeTypeArr) {
        Credentials[] received_credentials;
        if (current == null || (received_credentials = current.received_credentials()) == null || received_credentials[0] == null) {
            return null;
        }
        try {
            if (((com.ibm.ISecurityLocalObjectBaseL13Impl.CredentialsImpl) received_credentials[0]).isUnauthenticated()) {
                return null;
            }
            return StringBytesConversion.getConvertedString(received_credentials[0].get_attributes(attributeTypeArr)[0].value);
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.core.SecurityContext.getReceivedAttributeWeb", "298");
            Tr.warning(tc, "security.web.cred.getAttrFail");
            return null;
        }
    }

    protected static String getReceivedAttribute(AttributeType[] attributeTypeArr) {
        Credentials[] received_credentials;
        if (current == null || (received_credentials = current.received_credentials()) == null || received_credentials[0] == null) {
            return null;
        }
        try {
            return StringBytesConversion.getConvertedString(received_credentials[0].get_attributes(attributeTypeArr)[0].value);
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.core.SecurityContext.getReceivedAttribute", "320");
            Tr.warning(tc, "security.web.cred.getAttrFail");
            return null;
        }
    }

    protected static String getInvokedAttribute(AttributeType[] attributeTypeArr) {
        if (current == null) {
            return null;
        }
        try {
            Credentials credentials = current.get_credentials(CredentialType.SecInvocationCredentials, false, false, null);
            if (credentials == null || ((com.ibm.ISecurityLocalObjectBaseL13Impl.CredentialsImpl) credentials).isUnauthenticated()) {
                return null;
            }
            return StringBytesConversion.getConvertedString(credentials.get_attributes(attributeTypeArr)[0].value);
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.core.SecurityContext.getInvokedAttribute", "347");
            Tr.warning(tc, "security.web.cred.getAttrFail");
            return null;
        }
    }

    protected static String getOwnAttribute(AttributeType[] attributeTypeArr) throws SecurityException {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Performing Java 2 Security Permission Check ...");
                Tr.debug(tc, new StringBuffer().append("Expecting : ").append(perm.toString()).toString());
            }
            securityManager.checkPermission(perm);
        }
        if (current == null) {
            return null;
        }
        try {
            Credentials credentials = current.get_credentials(CredentialType.SecOwnCredentials, false, false, null);
            if (credentials == null || ((com.ibm.ISecurityLocalObjectBaseL13Impl.CredentialsImpl) credentials).isUnauthenticated()) {
                return null;
            }
            return StringBytesConversion.getConvertedString(credentials.get_attributes(attributeTypeArr)[0].value);
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.core.SecurityContext.getOwnAttribute", "373");
            Tr.warning(tc, "security.web.cred.getAttrFail");
            return null;
        }
    }

    public static String unqualifySecurityName(String str) {
        String str2 = null;
        if (str != null) {
            str2 = str.substring(str.indexOf("/") + 1);
        }
        return str2;
    }

    public static Object runAsSystem(PrivilegedExceptionAction privilegedExceptionAction) throws PrivilegedActionException {
        return CredentialsHelper.runAs(privilegedExceptionAction, "System");
    }

    public static Object runAsReceivedClient(PrivilegedExceptionAction privilegedExceptionAction) throws PrivilegedActionException {
        return CredentialsHelper.runAs(privilegedExceptionAction, "ReceivedClient");
    }

    public static Object runAsClient(PrivilegedExceptionAction privilegedExceptionAction) throws PrivilegedActionException {
        return CredentialsHelper.runAs(privilegedExceptionAction, "Client");
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$com$ibm$ws$security$core$SecurityContext == null) {
            cls = class$("com.ibm.ws.security.core.SecurityContext");
            class$com$ibm$ws$security$core$SecurityContext = cls;
        } else {
            cls = class$com$ibm$ws$security$core$SecurityContext;
        }
        tc = Tr.register(cls, (String) null, "com.ibm.ejs.resources.security");
        creds = null;
        need_to_get_security_config = true;
        realm = null;
        initContext = false;
        perm = new WebSphereRuntimePermission("SecurityContext");
        ExtensibleFamily extensibleFamily = new ExtensibleFamily((short) 0, (short) 1);
        accessIdAttr = new AttributeType[1];
        accessIdAttr[0] = new AttributeType(extensibleFamily, 2);
        publicAttr = new AttributeType[1];
        publicAttr[0] = new AttributeType(extensibleFamily, 1);
    }
}
