package bpm.rest.client.authentication.was;

import bpm.rest.client.authentication.AuthenticationTokenHandler;
import bpm.rest.client.authentication.AuthenticationTokenHandlerException;
import com.ibm.websphere.security.auth.WSSubject;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.security.util.Constants;
import com.ibm.ws.webservices.engine.encoding.Base64;
import java.security.GeneralSecurityException;
import java.util.Set;
import javax.security.auth.Subject;
import org.restlet.Request;
import org.restlet.Response;
import org.restlet.data.CookieSetting;

/* loaded from: input_file:bpm/rest/client/authentication/was/WASAuthenticationTokenHandler.class */
public class WASAuthenticationTokenHandler implements AuthenticationTokenHandler {
    private String userid;
    private String password;
    private CookieSetting ltpaToken;
    private String cookieName;
    private boolean usingUserIdentityInContainer;

    public WASAuthenticationTokenHandler() throws AuthenticationTokenHandlerException {
        init(null, null, Constants.LTPA_V2_COOKIENAME);
    }

    public WASAuthenticationTokenHandler(String str, String str2) throws AuthenticationTokenHandlerException {
        init(str, str2, Constants.LTPA_V2_COOKIENAME);
    }

    public WASAuthenticationTokenHandler(String str) throws AuthenticationTokenHandlerException {
        init(null, null, str);
    }

    public WASAuthenticationTokenHandler(String str, String str2, String str3) throws AuthenticationTokenHandlerException {
        init(str, str2, str3);
    }

    private void init(String str, String str2, String str3) throws AuthenticationTokenHandlerException {
        this.cookieName = str3;
        this.userid = str;
        this.password = str2;
        if (str == null || str2 == null) {
            this.usingUserIdentityInContainer = true;
            initLtpaToken();
        }
    }

    @Override // bpm.rest.client.authentication.AuthenticationTokenHandler
    public void readAuthenticationToken(Response response) throws AuthenticationTokenHandlerException {
        if (this.usingUserIdentityInContainer) {
            throw new AuthenticationTokenHandlerException("This method shall only be called when not using user identity from container.");
        }
        this.ltpaToken = response.getCookieSettings().getFirst(this.cookieName);
    }

    @Override // bpm.rest.client.authentication.AuthenticationTokenHandler
    public void addAuthenticationToken(Request request) throws AuthenticationTokenHandlerException {
        if (this.ltpaToken != null) {
            request.getCookies().add(this.ltpaToken);
        }
    }

    @Override // bpm.rest.client.authentication.AuthenticationTokenHandler
    public boolean foundAuthenticationToken() {
        return this.ltpaToken != null;
    }

    @Override // bpm.rest.client.authentication.AuthenticationTokenHandler
    public boolean isUsingUserIdentityInContainer() {
        return this.usingUserIdentityInContainer;
    }

    public String toString() {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("-- WAS authentication handler (start) --");
        stringBuffer.append('\n');
        if (this.usingUserIdentityInContainer) {
            stringBuffer.append("LTPA token value: ");
            stringBuffer.append(this.ltpaToken.getValue());
            stringBuffer.append('\n');
        }
        stringBuffer.append("Cookie name: ");
        stringBuffer.append(this.cookieName);
        stringBuffer.append('\n');
        stringBuffer.append("Using user identity in container: ");
        stringBuffer.append(this.usingUserIdentityInContainer);
        stringBuffer.append('\n');
        stringBuffer.append("userid: ");
        stringBuffer.append(this.userid);
        stringBuffer.append('\n');
        stringBuffer.append("-- WAS authentication handler (end) --");
        return stringBuffer.toString();
    }

    @Override // bpm.rest.client.authentication.AuthenticationTokenHandler
    public String getUserid() {
        return this.userid;
    }

    @Override // bpm.rest.client.authentication.AuthenticationTokenHandler
    public String getPassword() {
        return this.password;
    }

    @Override // bpm.rest.client.authentication.AuthenticationTokenHandler
    public void reset() throws AuthenticationTokenHandlerException {
        this.ltpaToken = null;
        if (this.usingUserIdentityInContainer) {
            initLtpaToken();
        }
    }

    private WSCredential readWSCredential() throws AuthenticationTokenHandlerException {
        try {
            WSCredential wSCredential = null;
            Subject runAsSubject = WSSubject.getRunAsSubject();
            if (runAsSubject != null) {
                Set publicCredentials = runAsSubject.getPublicCredentials(WSCredential.class);
                if (publicCredentials.size() > 0) {
                    wSCredential = (WSCredential) publicCredentials.iterator().next();
                }
            }
            return wSCredential;
        } catch (GeneralSecurityException e) {
            throw new AuthenticationTokenHandlerException(e);
        }
    }

    private void initLtpaToken() throws AuthenticationTokenHandlerException {
        byte[] credentialToken;
        WSCredential readWSCredential = readWSCredential();
        if (readWSCredential != null) {
            try {
                if (!readWSCredential.getSecurityName().equalsIgnoreCase("UNAUTHENTICATED") && (credentialToken = readWSCredential.getCredentialToken()) != null) {
                    this.ltpaToken = new CookieSetting(this.cookieName, Base64.encode(credentialToken));
                }
            } catch (GeneralSecurityException e) {
                throw new AuthenticationTokenHandlerException(e);
            }
        }
        if (this.ltpaToken == null) {
            throw new AuthenticationTokenHandlerException("Could not read LTPA token value from container.");
        }
    }
}
