package com.ibm.ISecurityLocalObjectGSSUPImpl;

import com.ibm.CORBA.iiop.ORB;
import com.ibm.ISecurityLocalObjectBaseL13Impl.VaultImpl;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.GSSEncodeDecodeException;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.GSSFactory;
import com.ibm.ISecurityUtilityImpl.CSIUtil;
import com.ibm.ISecurityUtilityImpl.RealmSecurityName;
import com.ibm.ISecurityUtilityImpl.StringBytesConversion;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ffdc.Manager;
import com.ibm.websphere.security.PasswordCheckFailedException;
import com.ibm.websphere.security.auth.WSLoginFailedException;
import com.ibm.websphere.security.auth.WSPrincipal;
import com.ibm.websphere.security.auth.WSSecurityContext;
import com.ibm.websphere.security.auth.WSSecurityContextException;
import com.ibm.websphere.security.auth.WSSecurityContextResult;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.orb.GlobalORBFactory;
import com.ibm.ws.security.auth.SubjectHelper;
import com.ibm.ws.security.auth.WSPasswordCheckFailedException;
import com.ibm.ws.security.common.auth.WSPrincipalImpl;
import com.ibm.ws.security.common.util.CommonConstants;
import com.ibm.ws.security.config.CSIv2Config;
import com.ibm.ws.security.config.SecurityObjectLocator;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.util.PlatformHelperFactory;
import com.ibm.ws.util.StringUtils;
import java.util.ArrayList;
import java.util.Map;
import javax.security.auth.Subject;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.omg.CORBA.Any;
import org.omg.CORBA.BAD_OPERATION;
import org.omg.GSSUP.InitialContextToken;
import org.omg.GSSUP.InitialContextTokenHelper;
import org.omg.IOP.CodecPackage.FormatMismatch;
import org.omg.IOP.CodecPackage.TypeMismatch;
import org.omg.Security.OpaqueHolder;
import org.omg.SecurityLevel2.CredentialsHolder;

/* loaded from: input_file:com/ibm/ISecurityLocalObjectGSSUPImpl/WSSecurityContextImpl.class */
public final class WSSecurityContextImpl implements WSSecurityContext {
    private GSSFactory _gFactory;
    private ORB _orb;
    private VaultImpl vault;
    private static final TraceComponent tc = Tr.register(WSSecurityContextImpl.class, "SASRas", "com.ibm.ISecurityL13SupportImpl.sec");

    public WSSecurityContextImpl() {
        this._gFactory = null;
        this._orb = null;
        this.vault = null;
        this._gFactory = new GSSFactory("oid:2.23.130.1.1.1");
        if (PlatformHelperFactory.getPlatformHelper().isZOS()) {
            this._orb = GlobalORBFactory.globalORB();
        } else {
            this.vault = VaultImpl.getInstance();
            this._orb = this.vault.getORB();
        }
    }

    @Override // com.ibm.websphere.security.auth.WSSecurityContext
    public byte[] initSecContext(WSCredential wSCredential, String str, String str2) throws WSSecurityContextException {
        Subject createSubjectFromWSCredential = SubjectHelper.createSubjectFromWSCredential(wSCredential);
        String str3 = null;
        try {
            str3 = wSCredential.getOID();
        } catch (Exception e) {
        }
        return initSecContext(createSubjectFromWSCredential, str, str2, str3);
    }

    @Override // com.ibm.websphere.security.auth.WSSecurityContext
    public byte[] initSecContext(Subject subject, String str, String str2) throws WSSecurityContextException {
        String str3 = null;
        WSCredential wSCredentialFromSubject = SubjectHelper.getWSCredentialFromSubject(subject);
        if (wSCredentialFromSubject != null) {
            try {
                str3 = wSCredentialFromSubject.getOID();
            } catch (Exception e) {
            }
        }
        return initSecContext(subject, str, str2, str3);
    }

    @Override // com.ibm.websphere.security.auth.WSSecurityContext
    public byte[] initSecContext(Subject subject, String str, String str2, String str3) throws WSSecurityContextException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initSecContext", new Object[]{subject, str, str2, this});
        }
        try {
            CSIUtil cSIUtil = new CSIUtil();
            String str4 = null;
            WSPrincipal principalFromSubject = SubjectHelper.getPrincipalFromSubject(subject);
            if (principalFromSubject != null) {
                str4 = RealmSecurityName.getRealm(((WSPrincipalImpl) principalFromSubject).getName());
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "realm retrieved off of the subject: " + str4);
                }
                if (str4 == null || str4.equals("") || str4.equalsIgnoreCase(CommonConstants.DEFAULT_REALM)) {
                    str4 = null;
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "retrieved a null wsPrincipal from subject");
            }
            if (str4 == null) {
                str4 = RealmSecurityName.getRealm(str2);
            }
            if (str4 == null || str4.equals("")) {
                str4 = str2;
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Data to be set on GSSUP token: Realm = " + str4 + ", serverName = " + str);
            }
            InitialContextToken initialContextToken = new InitialContextToken();
            WSCredential wSCredentialFromSubject = SubjectHelper.getWSCredentialFromSubject(subject);
            String securityName = RealmSecurityName.getSecurityName(wSCredentialFromSubject.getRealmSecurityName());
            try {
                initialContextToken.target_name = this._gFactory.encodeExportedTargetName(str4);
                String str5 = ((str4 != null && !str4.equals("")) || securityName == null || securityName.equals("")) ? ((securityName != null && !securityName.equals("")) || str4 == null || str4.equals("")) ? (securityName == null || securityName.equals("") || str4 == null || str4.equals("")) ? "" : securityName + "@" + str4 : "@" + str4 : securityName;
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Scoped username in GSSUP token: " + str5);
                }
                initialContextToken.username = str5.getBytes("UTF8");
                String convertedString = StringBytesConversion.getConvertedString(wSCredentialFromSubject.getCredentialToken());
                if (convertedString == null) {
                    convertedString = "";
                }
                initialContextToken.password = convertedString.getBytes("UTF8");
                Any create_any = this._orb.create_any();
                if (create_any == null) {
                    Tr.debug(tc, "Any is NULL.");
                    throw new WSSecurityContextException(14, 0, "Any is NULL.");
                }
                InitialContextTokenHelper.insert(create_any, initialContextToken);
                try {
                    byte[] encode_value = cSIUtil.getCodec().encode_value(create_any);
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "initSecContext", encode_value);
                    }
                    return encode_value;
                } catch (Exception e) {
                    Manager.Ffdc.log(e, this, "com.ibm.ISecurityLocalObjectGSSUPImpl.WSSecurityContextImpl.initSecContext", "223", new Object[]{this});
                    Tr.debug(tc, "Exception getting codec factory and encoding Any.  Original exception: " + e);
                    throw new WSSecurityContextException(18, 0, "Exception getting codec factory and encoding Any.  Original exception: " + e);
                }
            } catch (Exception e2) {
                Manager.Ffdc.log(e2, this, "com.ibm.ISecurityLocalObjectGSSUPImpl.WSSecurityContextImpl.initSecContext", "169", new Object[]{this});
                Tr.debug(tc, "Unable to get target_name from passed-in target name.  Original exception = " + e2);
                throw new WSSecurityContextException(18, 0, "Unable to get target_name from passed-in target name.  Original exception = " + e2);
            }
        } catch (Exception e3) {
            Manager.Ffdc.log(e3, this, "com.ibm.ISecurityLocalObjectGSSUPImpl.WSSecurityContextImpl.initSecContext", "239", new Object[]{this});
            Tr.debug(tc, "Java exception in initSecContext:  Original exception = " + e3);
            throw new WSSecurityContextException(13, 0, "Java exception in initSecContext:  Original exception = " + e3);
        }
    }

    @Override // com.ibm.websphere.security.auth.WSSecurityContext
    public WSSecurityContextResult acceptSecContext(byte[] bArr) throws WSSecurityContextException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "acceptSecContext", new Object[]{bArr, this});
        }
        WSSecurityContextResult acceptSecContext = acceptSecContext(bArr, null, null);
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "acceptSecContext(gssInitToken)");
        }
        return acceptSecContext;
    }

    @Override // com.ibm.websphere.security.auth.WSSecurityContext
    public WSSecurityContextResult acceptSecContext(byte[] bArr, Map map) throws WSSecurityContextException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "acceptSecContext", new Object[]{bArr, map, this});
        }
        WSSecurityContextResult acceptSecContext = acceptSecContext(bArr, map, null);
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "acceptSecContext(gssInitToken)");
        }
        return acceptSecContext;
    }

    @Override // com.ibm.websphere.security.auth.WSSecurityContext
    public WSSecurityContextResult acceptSecContext(byte[] bArr, Map map, String str) throws WSSecurityContextException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "acceptSecContext", new Object[]{bArr, map, this});
        }
        SecurityObjectLocator.getSecurityConfig();
        new CredentialsHolder();
        new OpaqueHolder();
        new OpaqueHolder();
        try {
            InitialContextToken extract = InitialContextTokenHelper.extract(new CSIUtil().getCodec().decode_value(bArr, InitialContextTokenHelper.type()));
            String decodeExportedTargetName = this._gFactory.decodeExportedTargetName(extract.target_name);
            String str2 = new String(extract.username, "UTF8");
            String str3 = new String(extract.password, "UTF8");
            String str4 = "";
            String str5 = "";
            if (str2 != null && !str2.equals("")) {
                int lastIndexOf = str2.lastIndexOf("@");
                if (lastIndexOf < 0) {
                    str4 = str2;
                    str5 = RealmSecurityName.getRealm(decodeExportedTargetName);
                    if (str5 == null || str5.equals("")) {
                        str5 = decodeExportedTargetName;
                    }
                } else {
                    str4 = str2.substring(0, lastIndexOf);
                    str5 = str2.substring(lastIndexOf + 1);
                }
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Security name for WS credential: " + str4 + "@" + decodeExportedTargetName + ", password: " + StringUtils.mask(str3));
            }
            if (str4 == null || str4.length() < 1) {
                Tr.debug(tc, "Userid is null.");
                throw new WSSecurityContextException(15, 0, "Userid is null.");
            }
            if (str4.equals("UNAUTHENTICATED")) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Received unauthenticated GSSUP token.");
                }
                return new WSSecurityContextResult(null, null);
            }
            CSIv2Config cSIv2Config = SecurityObjectLocator.getCSIv2Config();
            try {
                Subject login = ContextManagerFactory.getInstance().login(str5, str4, str3, cSIv2Config.getString("com.ibm.CSI.rmiInboundLoginConfig"), (HttpServletRequest) null, (HttpServletResponse) null, map);
                if (login == null) {
                    throw new WSSecurityContextException(0, 0, "Authentication Failed.");
                }
                boolean z = cSIv2Config.getInteger("com.ibm.CORBA.authenticationTarget") == 7;
                if (cSIv2Config.getBoolean("com.ibm.CORBA.delegateBasicAuth") && (z || cSIv2Config.getInteger("com.ibm.CORBA.authenticationTarget") == 2)) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Caching basicauth subject");
                    }
                    if (this.vault != null) {
                        this.vault.addBasicAuthSubject(str5 + "/" + str4, SubjectHelper.createBasicAuthSubject(str5, str4, str3));
                    }
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "acceptSecContext");
                }
                return new WSSecurityContextResult(null, login);
            } catch (WSLoginFailedException e) {
                int i = 0;
                WSPasswordCheckFailedException wSPasswordCheckFailedException = getWSPasswordCheckFailedException(e);
                if (wSPasswordCheckFailedException != null) {
                    if (wSPasswordCheckFailedException.isInvalidUserID()) {
                        i = 1;
                    } else if (wSPasswordCheckFailedException.isInvalidPassword()) {
                        i = 2;
                    }
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "isInvalidUserID:" + wSPasswordCheckFailedException.isInvalidUserID() + " isInvalidPassword:" + wSPasswordCheckFailedException.isInvalidPassword());
                    }
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "WSLoginFailedException occurred in acceptSecContext: " + e.getMessage(), new Object[]{e});
                }
                Manager.Ffdc.log(e, this, "com.ibm.ISecurityLocalObjectGSSUPImpl.WSSecurityContextImpl.acceptSecContext", "380", new Object[]{this});
                throw new WSSecurityContextException(i, 0, e.getMessage(), e);
            } catch (Exception e2) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception occurred in acceptSecContext: " + e2.getMessage(), new Object[]{e2});
                }
                Manager.Ffdc.log(e2, this, "com.ibm.ISecurityLocalObjectGSSUPImpl.WSSecurityContextImpl.acceptSecContext", "388", new Object[]{this});
                throw new WSSecurityContextException(0, 0, e2.getMessage(), e2);
            }
        } catch (GSSEncodeDecodeException e3) {
            Manager.Ffdc.log(e3, this, "com.ibm.ISecurityLocalObjectGSSUPImpl.WSSecurityContextImpl.acceptSecContext", "430", new Object[]{this});
            Tr.debug(tc, "GSSEncodeDecodeException occurred, reason: " + e3.getMessage(), new Object[]{e3});
            throw new WSSecurityContextException(18, 0, "GSSEncodeDecodeException occurred, reason: " + e3.getMessage());
        } catch (FormatMismatch e4) {
            Manager.Ffdc.log(e4, this, "com.ibm.ISecurityLocalObjectGSSUPImpl.WSSecurityContextImpl.acceptSecContext", "457", new Object[]{this});
            Tr.debug(tc, "Codec Factory FormatMismatch exception occurred.", new Object[]{e4});
            throw new WSSecurityContextException(18, 0, "Codec Factory FormatMismatch exception occurred.");
        } catch (BAD_OPERATION e5) {
            Manager.Ffdc.log(e5, this, "com.ibm.ISecurityLocalObjectGSSUPImpl.WSSecurityContextImpl.acceptSecContext", "439", new Object[]{this});
            Tr.debug(tc, "Corba BAD_OPERATION exception occurred, reason: " + e5.getMessage(), new Object[]{e5});
            throw new WSSecurityContextException(9, 0, "Corba BAD_OPERATION exception occurred, reason: " + e5.getMessage());
        } catch (WSSecurityContextException e6) {
            Manager.Ffdc.log(e6, this, "com.ibm.ISecurityLocalObjectGSSUPImpl.WSSecurityContextImpl.acceptSecContext", "423", new Object[]{this});
            Tr.debug(tc, "Caught WSSecurityContextException, reason: " + e6.getMessage(), new Object[]{e6});
            throw e6;
        } catch (Exception e7) {
            Manager.Ffdc.log(e7, this, "com.ibm.ISecurityLocalObjectGSSUPImpl.WSSecurityContextImpl.acceptSecContext", "466", new Object[]{this});
            Tr.debug(tc, "Java exception occurred.", new Object[]{e7});
            throw new WSSecurityContextException(13, 0, "Java exception occurred.");
        } catch (TypeMismatch e8) {
            Manager.Ffdc.log(e8, this, "com.ibm.ISecurityLocalObjectGSSUPImpl.WSSecurityContextImpl.acceptSecContext", "448", new Object[]{this});
            Tr.debug(tc, "Codec Factory Type Mismatch exception occurred.", new Object[]{e8});
            throw new WSSecurityContextException(18, 0, "Codec Factory Type Mismatch exception occurred.");
        }
    }

    @Override // com.ibm.websphere.security.auth.WSSecurityContext
    public void completeSecContext(byte[] bArr) {
    }

    @Override // com.ibm.websphere.security.auth.WSSecurityContext
    public void dispose() {
    }

    private WSPasswordCheckFailedException getWSPasswordCheckFailedException(WSLoginFailedException wSLoginFailedException) {
        ArrayList exceptions;
        ArrayList exceptions2 = wSLoginFailedException.getExceptions();
        if (exceptions2 != null) {
            for (int i = 0; i < exceptions2.size(); i++) {
                Throwable th = (Throwable) exceptions2.get(i);
                if ((th instanceof PasswordCheckFailedException) && (exceptions = ((PasswordCheckFailedException) th).getExceptions()) != null) {
                    for (int i2 = 0; i2 < exceptions.size(); i2++) {
                        Throwable th2 = (Throwable) exceptions.get(i2);
                        if (th2 instanceof WSPasswordCheckFailedException) {
                            return (WSPasswordCheckFailedException) th2;
                        }
                    }
                }
            }
        }
        return null;
    }
}
