package com.ibm.ws.security.auth.registry;

import com.ibm.ISecurityLocalObjectBaseL13Impl.VaultImpl;
import com.ibm.ISecurityUtilityImpl.AuthenticationResult;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.security.auth.CredentialDestroyedException;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.auth.BasicAuthData;
import java.util.ArrayList;
import java.util.List;
import javax.security.auth.AuthPermission;
import javax.security.auth.RefreshFailedException;
import javax.security.auth.login.CredentialExpiredException;

/* loaded from: input_file:lib/sas.jar:com/ibm/ws/security/auth/registry/URWSCredentialImpl.class */
public class URWSCredentialImpl implements WSCredential {
    private String realmname;
    private String username;
    private String password;
    private String hostname;
    private String oid;
    private String primaryGroupId;
    private String accessId;
    private byte[] credentialToken;
    private boolean forwardable;
    private long expiration;
    private ArrayList roles;
    private ArrayList groupIds;
    private transient Object object;
    public String accessIdNative;
    public String primaryGroupIdNative;
    public String[] groupIdsNative;
    private boolean destroyed;
    private static final AuthPermission DESTROY_PERMISSION = new AuthPermission("destroyCredential");
    private static final TraceComponent tc;
    static Class class$com$ibm$ws$security$auth$registry$URWSCredentialImpl;

    public URWSCredentialImpl(String str, String str2, String str3, String str4, String str5, String str6, byte[] bArr, boolean z, long j, List list, List list2, Object obj) {
        this.expiration = 0L;
        this.destroyed = false;
        this.realmname = str;
        this.username = str2;
        this.password = str3;
        this.oid = str4;
        this.primaryGroupId = str5;
        this.accessId = str6;
        this.forwardable = z;
        this.expiration = j;
        this.object = obj;
        this.credentialToken = bArr != null ? (byte[]) bArr.clone() : null;
        this.roles = list != null ? (ArrayList) ((ArrayList) list).clone() : null;
        this.groupIds = list2 != null ? (ArrayList) ((ArrayList) list2).clone() : null;
    }

    public URWSCredentialImpl() {
        this.expiration = 0L;
        this.destroyed = false;
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public String getRealmName() throws CredentialDestroyedException, CredentialExpiredException {
        _assert();
        return this.realmname;
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public void setRealmName(String str) throws CredentialDestroyedException, CredentialExpiredException {
        _assert();
        this.realmname = str;
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public String getSecurityName() throws CredentialDestroyedException, CredentialExpiredException {
        _assert();
        return this.username;
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public void setSecurityName(String str) throws CredentialDestroyedException, CredentialExpiredException {
        _assert();
        this.username = str;
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public byte[] getCredentialToken() throws CredentialDestroyedException, CredentialExpiredException {
        _assert();
        if (this.credentialToken != null) {
            return (byte[]) this.credentialToken.clone();
        }
        return null;
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public void setCredentialToken(byte[] bArr, long j) throws CredentialDestroyedException, CredentialExpiredException {
        _assert();
        this.credentialToken = (byte[]) bArr.clone();
        this.expiration = j;
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public Object getObject() throws CredentialDestroyedException, CredentialExpiredException {
        _assert();
        return this.object;
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public void setObject(Object obj) throws CredentialDestroyedException, CredentialExpiredException {
        _assert();
        this.object = obj;
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public String getOID() throws CredentialDestroyedException, CredentialExpiredException {
        _assert();
        return this.oid;
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public void setOID(String str) throws CredentialDestroyedException, CredentialExpiredException {
        _assert();
        this.oid = str;
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public boolean isForwardable() throws CredentialDestroyedException, CredentialExpiredException {
        _assert();
        return this.forwardable;
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public void setForwardable(boolean z) throws CredentialDestroyedException, CredentialExpiredException {
        _assert();
        this.forwardable = z;
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public long getExpiration() throws CredentialDestroyedException, CredentialExpiredException {
        return this.expiration;
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public void setExpiration(long j) throws CredentialDestroyedException, CredentialExpiredException {
        _assert();
        this.expiration = j;
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public String getPrimaryGroupId() throws CredentialDestroyedException, CredentialExpiredException {
        _assert();
        return this.primaryGroupId;
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public void setPrimaryGroupId(String str) throws CredentialDestroyedException, CredentialExpiredException {
        _assert();
        this.primaryGroupId = str;
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public List getRoles() throws CredentialDestroyedException, CredentialExpiredException {
        _assert();
        return (List) this.roles.clone();
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public void setRoles(List list) throws CredentialDestroyedException, CredentialExpiredException {
        _assert();
        this.roles = (ArrayList) ((ArrayList) list).clone();
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public String getAccessId() throws CredentialDestroyedException, CredentialExpiredException {
        _assert();
        return this.accessId;
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public void setAccessId(String str) throws CredentialDestroyedException, CredentialExpiredException {
        _assert();
        this.accessId = str;
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public List getGroupIds() throws CredentialDestroyedException, CredentialExpiredException {
        _assert();
        return (List) this.groupIds.clone();
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public void setGroupIds(List list) throws CredentialDestroyedException, CredentialExpiredException {
        _assert();
        this.groupIds = (ArrayList) ((ArrayList) list).clone();
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public String getPassword() throws CredentialDestroyedException, CredentialExpiredException {
        _assert();
        return this.password;
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public void setPassword(String str) throws CredentialDestroyedException, CredentialExpiredException {
        _assert();
        this.password = str;
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public String getHostName() throws CredentialDestroyedException, CredentialExpiredException {
        _assert();
        return this.hostname;
    }

    @Override // javax.security.auth.Destroyable
    public void destroy() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "destroy()");
        }
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(DESTROY_PERMISSION);
        }
        this.destroyed = true;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "destroy()");
        }
    }

    @Override // javax.security.auth.Destroyable
    public boolean isDestroyed() {
        return this.destroyed;
    }

    public void refresh() throws RefreshFailedException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "refresh()");
        }
        if (this.username == null || this.username.equals("") || this.password == null || this.password.equals("")) {
            Tr.debug(tc, "Cannot refresh, not a userid/password credential.");
            throw new RefreshFailedException("Credential does not have password available, cannot refresh.");
        }
        BasicAuthData basicAuthData = new BasicAuthData(this.username, this.password);
        VaultImpl.getInstance();
        AuthenticationResult authenticate = VaultImpl.getInstance().getCommonSecurityServer(VaultImpl.getSecurityConfiguration().getauthenticationTarget()).authenticate(this.realmname, basicAuthData, true);
        WSCredential wSCredential = authenticate.get_auth_cred();
        if (((byte) authenticate.get_auth_fail_reason()) != 100) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Credential refresh failed, reason: ").append(authenticate.get_auth_fail_message()).toString());
            }
            throw new RefreshFailedException(authenticate.get_auth_fail_message());
        }
        if (wSCredential == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Credential returned from authenticate is null.");
            }
            throw new RefreshFailedException("Credential returned from authenticate is null.");
        }
        try {
            this.realmname = wSCredential.getRealmName();
            this.username = wSCredential.getSecurityName();
            this.password = wSCredential.getPassword();
            this.hostname = wSCredential.getHostName();
            this.oid = wSCredential.getOID();
            this.primaryGroupId = wSCredential.getPrimaryGroupId();
            this.accessId = wSCredential.getAccessId();
            this.credentialToken = wSCredential.getCredentialToken();
            this.forwardable = wSCredential.isForwardable();
            this.expiration = wSCredential.getExpiration();
            this.roles = (ArrayList) wSCredential.getRoles();
            this.groupIds = (ArrayList) wSCredential.getGroupIds();
            this.object = wSCredential.getObject();
            this.destroyed = false;
        } catch (Exception e) {
            Tr.debug(tc, "Cannot refresh for the following reason.", e);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "refresh()");
        }
    }

    public boolean isCurrent() {
        boolean z = false;
        if (isDestroyed()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Credential destroyed, return false");
            }
        } else if (this.expiration > 0) {
            if (this.expiration - System.currentTimeMillis() <= 0) {
                try {
                    refresh();
                    z = true;
                } catch (RefreshFailedException e) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Refresh of credential failed.");
                    }
                    FFDCFilter.processException((Throwable) e, "com.ibm.ws.security.auth.registry.URWSCredentialImpl.refresh", "776", (Object) this);
                    z = false;
                }
            } else {
                z = true;
            }
        } else {
            z = true;
        }
        return z;
    }

    private final void _assert() throws CredentialDestroyedException, CredentialExpiredException {
        if (isDestroyed()) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "_assert() --> destroyed");
            }
            throw new CredentialDestroyedException("Credential is destroyed, can not be used.");
        }
        if (isCurrent()) {
            return;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "_assert() --> expired");
        }
        throw new CredentialExpiredException("Credential is expired, please refresh.");
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$com$ibm$ws$security$auth$registry$URWSCredentialImpl == null) {
            cls = class$("com.ibm.ws.security.auth.registry.URWSCredentialImpl");
            class$com$ibm$ws$security$auth$registry$URWSCredentialImpl = cls;
        } else {
            cls = class$com$ibm$ws$security$auth$registry$URWSCredentialImpl;
        }
        tc = Tr.register(cls, (String) null, "com.ibm.ISecurityL13SupportImpl.sec");
    }
}
