package com.ibm.ws.security.web;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.management.AdminContext;
import com.ibm.websphere.security.ProviderFailureException;
import com.ibm.websphere.security.WSSecurityException;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.management.commands.properties.PropertiesBasedConfigConstants;
import com.ibm.ws.runtime.deploy.DeployedModule;
import com.ibm.ws.security.audit.Attributes;
import com.ibm.ws.security.audit.AuditServiceImpl;
import com.ibm.ws.security.audit.utils.DataHelper;
import com.ibm.ws.security.auth.AuthCache;
import com.ibm.ws.security.auth.CacheException;
import com.ibm.ws.security.auth.Identity;
import com.ibm.ws.security.auth.PlatformCredential;
import com.ibm.ws.security.auth.SubjectHelper;
import com.ibm.ws.security.authorize.WSPolicyContextHandlerImpl;
import com.ibm.ws.security.common.util.AuditConstants;
import com.ibm.ws.security.common.util.CommonConstants;
import com.ibm.ws.security.config.AuthMechanismConfig;
import com.ibm.ws.security.config.AuthorizationConfig;
import com.ibm.ws.security.config.SecurityConfig;
import com.ibm.ws.security.config.SecurityObjectLocator;
import com.ibm.ws.security.core.AccessException;
import com.ibm.ws.security.core.AccessManager;
import com.ibm.ws.security.core.ContextManager;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.security.core.SecurityContext;
import com.ibm.ws.security.core.WSAccessManager;
import com.ibm.ws.security.core.WSPrincipal;
import com.ibm.ws.security.jaspi.commands.AdminConstants;
import com.ibm.ws.security.stat.impl.SecurityAuthorizationModuleImpl;
import com.ibm.ws.security.util.AccessController;
import com.ibm.ws.security.util.Base64Coder;
import com.ibm.ws.security.util.ByteArray;
import com.ibm.ws.security.util.StringUtil;
import com.ibm.ws.security.util.WCCMHelper;
import com.ibm.ws.sm.workspace.impl.WorkSpaceConstant;
import com.ibm.ws.threadContext.ComponentMetaDataAccessorImpl;
import com.ibm.ws.util.WSUtil;
import com.ibm.ws.webcontainer.metadata.WebComponentMetaData;
import com.ibm.ws.webcontainer.metadata.WebModuleMetaData;
import com.ibm.ws.webcontainer.srt.IPrivateRequestAttributes;
import com.ibm.ws.webcontainer.srt.SRTServletRequest;
import com.ibm.ws.webservices.engine.transport.http.HTTPConstants;
import com.ibm.ws390.sm.smf.SmfJActivity;
import com.ibm.wsspi.management.agent.AdminSubsystemExtensionHandler;
import com.ibm.wsspi.pmi.factory.StatsFactory;
import com.ibm.wsspi.security.audit.AuditOutcome;
import com.ibm.wsspi.security.audit.AuditService;
import com.ibm.wsspi.security.audit.ContextHandler;
import com.ibm.wsspi.security.auth.callback.WSCallbackHandlerFactory;
import com.ibm.wsspi.security.token.AttributeNameConstants;
import com.ibm.wsspi.webcontainer.servlet.IExtendedResponse;
import java.io.IOException;
import java.security.CodeSource;
import java.security.Policy;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.ProtectionDomain;
import java.util.ArrayList;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.StringTokenizer;
import java.util.concurrent.ConcurrentHashMap;
import javax.security.auth.Subject;
import javax.security.jacc.PolicyContext;
import javax.security.jacc.PolicyContextException;
import javax.security.jacc.WebResourcePermission;
import javax.security.jacc.WebRoleRefPermission;
import javax.security.jacc.WebUserDataPermission;
import javax.servlet.ServletRequest;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.aspectj.apache.bcel.Constants;
import org.eclipse.jst.j2ee.common.SecurityRole;
import org.eclipse.jst.j2ee.common.SecurityRoleRef;
import org.eclipse.jst.j2ee.internal.web.operations.IWebToolingConstants;
import org.eclipse.jst.j2ee.webapplication.WebApp;

/* loaded from: input_file:wasJars/securityimpl.jar:com/ibm/ws/security/web/WebCollaborator.class */
public abstract class WebCollaborator {
    private static final String nullString = "";
    public static final String pnWebServer = "$webServer";
    public static final String pnVirtualHost = "$virtualHost";
    public static final String pnRemoteHost = "$remoteHost";
    public static final String pnUri = "$uri";
    public static final String pnMethod = "$method";
    public static final String pnIsSSL = "$isSSL";
    public static final String pnCertificate = "$certificate";
    public static final String pnCipher = "$cipher";
    public static final String pnAuthorization = "Authorization";
    public static final String pnCookie = "Cookie";
    protected boolean securityEnabled;
    protected static final int PUBLIC = 0;
    protected static final int ACCESSID = 1;
    protected static final int GROUPID = 2;
    private WebAttributes webSecAttrs;
    private static final String providerName = "WebSphere";
    private static final String componentName = "WAS.security";
    private static String[] jaccHandlerKeyArray;
    private static WSPolicyContextHandlerImpl wpch;
    private static final String PERSIST_CRED = "persisting";
    private static final String ALWAYS_LOGIN = "always";
    private SecurityAuthorizationModuleImpl authModule;
    private static final String[] nullStringArray = new String[0];
    protected static WebReply PERMIT_REPLY = new PermitReply();
    protected static WebReply DENY_AUTHZ_FAILED = new DenyReply("AuthorizationFailed");
    protected static WebReply DENY_AUTHN_FAILED = new DenyReply("AuthenticationFailed");
    protected static WebReply DENY_CONFIG_ERROR = new DenyReply("Configuration error");
    private static final TraceComponent tc = Tr.register(WebCollaborator.class, (String) null, AdminConstants.MSG_BUNDLE_NAME);
    protected static WebAuthenticator authenticator = null;
    protected static JaspiCollaborator jaspiCollaborator = null;
    private static Object _lockObject = new Object();
    private static boolean custom_auth_mech = false;
    private static String custom_jaas_config = null;
    private static TrustAssociationManager taManager = null;
    private static WSCallbackHandlerFactory cbkFactory = null;
    private static String activeUserRegistry = null;
    private static AuditService auditService = null;
    private static String className = null;
    private static boolean initialized = false;
    private static boolean persistCred = false;
    private static boolean alwaysLogin = false;
    protected AccessManager authorizer = null;
    protected boolean authDone = false;
    private WebAppCache webCache = null;
    private ArrayList adminAppList = null;
    private Date startTime = null;
    private Date endTime = null;
    private ConcurrentHashMap auditOutcome = new ConcurrentHashMap();
    private HashMap authorizationMap = new HashMap();
    boolean performTAIForUnprotectedURI = true;

    protected abstract WebAppCache getWebCache();

    public WebCollaborator() throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, Constants.CONSTRUCTOR_NAME);
        }
        initialize();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, Constants.CONSTRUCTOR_NAME, this);
        }
    }

    protected WebCollaborator(Object obj) {
    }

    private static JaspiCollaborator newJaspiCollaborator() {
        return new JaspiWebCollaborator();
    }

    public static JaspiCollaborator getJaspiCollaborator() {
        if (jaspiCollaborator == null) {
            jaspiCollaborator = newJaspiCollaborator();
        }
        return jaspiCollaborator;
    }

    public void createAuthorizationManager() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createAuthorizationManager");
        }
        this.authorizer = new WebAccessManager();
        this.authorizationMap.put("default", this.authorizer);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createAuthorizationManager");
        }
    }

    public AccessManager getAuthorizer() {
        String peek;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getAuthorizer");
        }
        if (!SecurityObjectLocator.getSecurityConfigManager().isAdminAgent() || (peek = AdminContext.peek()) == null) {
            AccessManager accessManager = (AccessManager) this.authorizationMap.get("default");
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getAuthorizer (default)");
            }
            return accessManager;
        }
        AccessManager accessManager2 = (AccessManager) this.authorizationMap.get(peek);
        if (accessManager2 == null) {
            accessManager2 = new WebAccessManager();
            this.authorizationMap.put(peek, accessManager2);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getAuthorizer (uuid = " + peek + ")");
        }
        return accessManager2;
    }

    public void releaseAuthorizer() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "releaseAuthorizer");
        }
        if (SecurityObjectLocator.getSecurityConfigManager().isAdminAgent()) {
            String peek = AdminContext.peek();
            if (this.authorizationMap != null) {
                this.authorizationMap.remove(peek);
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "releaseAuthorizer (uuid = " + peek + ")");
                }
            } else if (tc.isEntryEnabled()) {
                Tr.exit(tc, "releaseAuthorizer authorizationMap is null");
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "releaseAuthorizer (default)");
        }
    }

    public void initialize() throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, AdminSubsystemExtensionHandler.INITIALIZE);
        }
        className = getClass().getName();
        if (StatsFactory.isPMIEnabled()) {
            this.authModule = SecurityAuthorizationModuleImpl.getInstance("Security Authorization");
        }
        this.securityEnabled = false;
        try {
            this.securityEnabled = SecurityContext.isSecurityEnabled();
            if (this.securityEnabled && !initialized) {
                SecurityConfig securityConfig = SecurityObjectLocator.getSecurityConfig();
                if (securityConfig.getActiveAuthMechanism().getType().equals(AuthMechanismConfig.TYPE_SWAM)) {
                    custom_jaas_config = securityConfig.getProperty("com.ibm.ws.security.webInboundLoginConfig");
                } else {
                    taManager = TrustAssociationManager.getInstance();
                    custom_jaas_config = securityConfig.getProperty("com.ibm.ws.security.webInboundLoginConfig");
                    if (securityConfig.getPropertyBool("security.enablePluggableAuthentication")) {
                        custom_auth_mech = true;
                    }
                }
                if (auditService == null) {
                    auditService = ContextManagerFactory.getInstance().getAuditService();
                }
                activeUserRegistry = securityConfig.getActiveUserRegistry().getType();
                authenticator = WebAuthenticator.create(custom_jaas_config);
                jaspiCollaborator = getJaspiCollaborator();
                SecurityConfig securityConfig2 = SecurityObjectLocator.getSecurityConfig("security");
                SecurityConfig securityConfig3 = SecurityObjectLocator.getSecurityConfig(PropertiesBasedConfigConstants.APPSECURITY_RESOURCE_TYPE);
                if (securityConfig2.getAuthorizationConfig().getBoolean(AuthorizationConfig.USE_JACC_PROVIDER) || (securityConfig3 != null && securityConfig3.getAuthorizationConfig().getBoolean(AuthorizationConfig.USE_JACC_PROVIDER))) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Setting the PolicyContextHandlers for JACC for web.");
                    }
                    jaccHandlerKeyArray = new String[]{CommonConstants.JACC_SUBJECT_KEY, "javax.servlet.http.HttpServletRequest"};
                    wpch = WSPolicyContextHandlerImpl.getInstance();
                }
                String string = securityConfig.getString("com.ibm.wsspi.security.web.webAuthReq");
                if (string != null) {
                    if (string.equalsIgnoreCase(PERSIST_CRED)) {
                        persistCred = true;
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Persist authenticated credential even URI is not protected.");
                        }
                    }
                    if (string.equalsIgnoreCase("always")) {
                        alwaysLogin = true;
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "always set credential on executed thread regardless authorization.");
                        }
                    }
                }
            }
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.web.WebCollaborator.initialize", "506", this);
            if (this.securityEnabled) {
                Tr.error(tc, "security.web.initerror");
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, AdminSubsystemExtensionHandler.INITIALIZE, new Object[]{e});
            }
        }
        initialized = true;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, AdminSubsystemExtensionHandler.INITIALIZE);
        }
    }

    public void addWebApp(String str, String str2, WebApp webApp, DeployedModule deployedModule) throws WebSecurityConfigException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "addWebApp", new Object[]{str, str2, webApp});
        }
        if (this.webCache == null) {
            this.webCache = getWebCache();
        }
        try {
            this.webCache.addWebApp(str, str2, webApp, deployedModule);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "addWebApp");
            }
        } catch (Throwable th) {
            FFDCFilter.processException(th, "com.ibm.ws.security.web.WebCollaborator.addWebApp", "542", this);
            WebSecurityConfigException webSecurityConfigException = new WebSecurityConfigException(th.getMessage(), null);
            webSecurityConfigException.initCause(th);
            if (tc.isEventEnabled()) {
                Tr.debug(tc, "addWebApp excption", webSecurityConfigException);
            }
            throw webSecurityConfigException;
        }
    }

    private boolean isAdminApp(String str) {
        return WSAccessManager.checkIfAdminApp(str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Removed duplicated region for block: B:418:0x10ed  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public com.ibm.ws.security.web.WebReply authorize(com.ibm.ws.security.web.WebRequest r14) throws com.ibm.ws.security.web.WebSecurityException {
        /*
            Method dump skipped, instructions count: 4355
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ws.security.web.WebCollaborator.authorize(com.ibm.ws.security.web.WebRequest):com.ibm.ws.security.web.WebReply");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Removed duplicated region for block: B:262:0x0ade  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public com.ibm.ws.security.web.WebReply authorizeForJACC(com.ibm.ws.security.web.WebRequest r14) throws com.ibm.ws.security.web.WebSecurityException {
        /*
            Method dump skipped, instructions count: 2804
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ws.security.web.WebCollaborator.authorizeForJACC(com.ibm.ws.security.web.WebRequest):com.ibm.ws.security.web.WebReply");
    }

    private boolean checkJaccAccess(final WebResourcePermission webResourcePermission, final String str, final HttpServletRequest httpServletRequest, final Subject subject, String str2, String str3) {
        boolean z = false;
        try {
            try {
                final HashMap hashMap = new HashMap();
                new Boolean(false);
                z = ((Boolean) AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.ws.security.web.WebCollaborator.1
                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws PolicyContextException {
                        PolicyContext.setContextID(str);
                        if (WebCollaborator.tc.isDebugEnabled()) {
                            Tr.debug(WebCollaborator.tc, "Registering JACC context handlers");
                        }
                        for (int i = 0; i < WebCollaborator.jaccHandlerKeyArray.length; i++) {
                            PolicyContext.registerHandler(WebCollaborator.jaccHandlerKeyArray[i], WebCollaborator.wpch, true);
                        }
                        hashMap.put(WebCollaborator.jaccHandlerKeyArray[0], subject);
                        hashMap.put(WebCollaborator.jaccHandlerKeyArray[1], httpServletRequest);
                        SecurityConfig securityConfig = SecurityObjectLocator.getSecurityConfig();
                        ProtectionDomain protectionDomain = (subject == null || subject.getPrincipals().size() <= 0) ? (ProtectionDomain) securityConfig.getObject(SecurityConfig.NULL_PROTECTION_DOMAIN) : new ProtectionDomain((CodeSource) securityConfig.getObject(SecurityConfig.NULL_CODE_SOURCE), null, null, (Principal[]) subject.getPrincipals().toArray(new Principal[subject.getPrincipals().size()]));
                        if (WebCollaborator.tc.isDebugEnabled()) {
                            Tr.debug(WebCollaborator.tc, "Setting JACC handler data");
                        }
                        PolicyContext.setHandlerData(hashMap);
                        if (WebCollaborator.tc.isDebugEnabled()) {
                            Tr.debug(WebCollaborator.tc, "Calling JACC implies");
                        }
                        return new Boolean(Policy.getPolicy().implies(protectionDomain, webResourcePermission));
                    }
                })).booleanValue();
                if (tc.isDebugEnabled()) {
                    if (z) {
                        if (subject == null) {
                            Tr.debug(tc, "hasAccess is true for web during preauthorize");
                        } else {
                            Tr.debug(tc, "hasAccess is true for web during authorize");
                        }
                    } else if (subject == null) {
                        Tr.debug(tc, "hasAccess is false for web during preauthorize");
                    } else {
                        Tr.debug(tc, "hasAccess is false for web during authorize");
                    }
                }
                try {
                    AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.ws.security.web.WebCollaborator.2
                        @Override // java.security.PrivilegedExceptionAction
                        public Object run() {
                            PolicyContext.setHandlerData(null);
                            return null;
                        }
                    });
                } catch (Exception e) {
                }
            } catch (Exception e2) {
                FFDCFilter.processException(e2, "com.ibm.ws.security.web.WebCollaborator.authorize", "1857", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "checkAuthorization() failed with the exception: " + e2);
                }
                if (tc.isDebugEnabled()) {
                    if (str2 == null) {
                        Tr.debug(tc, "authUserName is null");
                    }
                    if (str2 != null) {
                        Tr.debug(tc, "authUserName is not null: " + str2);
                    }
                    if (str3 == null) {
                        Tr.debug(tc, "methodName is null");
                    }
                    if (str3 != null) {
                        Tr.debug(tc, "methodName is not null: " + str3);
                    }
                }
                Tr.audit(tc, "security.web.authz.failed.foruser", new Object[]{str2, str3, str, e2.getMessage()});
                try {
                    AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.ws.security.web.WebCollaborator.2
                        @Override // java.security.PrivilegedExceptionAction
                        public Object run() {
                            PolicyContext.setHandlerData(null);
                            return null;
                        }
                    });
                } catch (Exception e3) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Exception when setting setHandler data: " + e3);
                    }
                    FFDCFilter.processException(e3, "com.ibm.ws.security.web.WebCollaborator.authorize", "1880", this);
                }
            }
            return z;
        } finally {
            try {
                AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.ws.security.web.WebCollaborator.2
                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() {
                        PolicyContext.setHandlerData(null);
                        return null;
                    }
                });
            } catch (Exception e4) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception when setting setHandler data: " + e4);
                }
                FFDCFilter.processException(e4, "com.ibm.ws.security.web.WebCollaborator.authorize", "1880", this);
            }
        }
    }

    protected boolean checkDataConstraints(final String str, final HttpServletRequest httpServletRequest, final WebUserDataPermission webUserDataPermission) throws WebSecurityException {
        boolean z;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkConstraints");
        }
        try {
            try {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "WebUserDataPermission = " + webUserDataPermission);
                }
                final HashMap hashMap = new HashMap();
                new Boolean(false);
                z = ((Boolean) AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.ws.security.web.WebCollaborator.3
                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws PolicyContextException {
                        PolicyContext.setContextID(str);
                        if (WebCollaborator.tc.isDebugEnabled()) {
                            Tr.debug(WebCollaborator.tc, "Registering JACC context handlers");
                        }
                        for (int i = 0; i < WebCollaborator.jaccHandlerKeyArray.length; i++) {
                            PolicyContext.registerHandler(WebCollaborator.jaccHandlerKeyArray[i], WebCollaborator.wpch, true);
                        }
                        hashMap.put(WebCollaborator.jaccHandlerKeyArray[1], httpServletRequest);
                        ProtectionDomain protectionDomain = (ProtectionDomain) SecurityObjectLocator.getSecurityConfig().getObject(SecurityConfig.NULL_PROTECTION_DOMAIN);
                        if (WebCollaborator.tc.isDebugEnabled()) {
                            Tr.debug(WebCollaborator.tc, "Setting JACC handler data");
                        }
                        PolicyContext.setHandlerData(hashMap);
                        if (WebCollaborator.tc.isDebugEnabled()) {
                            Tr.debug(WebCollaborator.tc, "Calling JACC implies");
                        }
                        return new Boolean(Policy.getPolicy().implies(protectionDomain, webUserDataPermission));
                    }
                })).booleanValue();
                try {
                    AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.ws.security.web.WebCollaborator.4
                        @Override // java.security.PrivilegedExceptionAction
                        public Object run() {
                            PolicyContext.setHandlerData(null);
                            return null;
                        }
                    });
                } catch (Exception e) {
                }
            } catch (Exception e2) {
                FFDCFilter.processException(e2, "com.ibm.ws.security.web.WebCollaborator.checkDataConstraints", "1952", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception during checkDataConstraints call: " + e2);
                }
                Tr.audit(tc, "security.web.authz.checkdataconstraint.failed", new Object[]{str, e2});
                z = false;
                try {
                    AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.ws.security.web.WebCollaborator.4
                        @Override // java.security.PrivilegedExceptionAction
                        public Object run() {
                            PolicyContext.setHandlerData(null);
                            return null;
                        }
                    });
                } catch (Exception e3) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Exception when setting setHandler data: " + e3);
                    }
                    FFDCFilter.processException(e3, "com.ibm.ws.security.web.WebCollaborator.authorize", "1969", this);
                }
            }
            if (tc.isDebugEnabled()) {
                if (z) {
                    Tr.debug(tc, "hasUserDataJaccAccess is true for web");
                } else {
                    Tr.debug(tc, "hasUserDataJaccAccess is false for web");
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "checkConstraints", String.valueOf(z));
            }
            return z;
        } finally {
            try {
                AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.ws.security.web.WebCollaborator.4
                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() {
                        PolicyContext.setHandlerData(null);
                        return null;
                    }
                });
            } catch (Exception e4) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception when setting setHandler data: " + e4);
                }
                FFDCFilter.processException(e4, "com.ibm.ws.security.web.WebCollaborator.authorize", "1969", this);
            }
        }
    }

    private boolean isSSLRequired(WebAccessContext webAccessContext, String str, String str2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isSSLRequired");
        }
        return webAccessContext.getConstraints().isSSLRequired(webAccessContext, new WebAccessPermission(str, str2));
    }

    protected SecurityRole[] getRequiredRoles(WebAccessContext webAccessContext, String str, String str2) {
        return getRequiredRoles(webAccessContext, str, str2, null);
    }

    protected SecurityRole[] getRequiredRoles(WebAccessContext webAccessContext, String str, String str2, HttpServletRequest httpServletRequest) {
        WebAccessPermission webAccessPermission = new WebAccessPermission(str, str2);
        return httpServletRequest != null ? webAccessContext.getConstraints().getRequiredRoles(webAccessContext, webAccessPermission, httpServletRequest) : webAccessContext.getConstraints().getRequiredRoles(webAccessContext, webAccessPermission);
    }

    protected void checkAuthorization(WebAccessContext webAccessContext, String str, String str2, Subject subject) throws AccessException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkAuthorization");
        }
        ContextHandler contextHandler = null;
        String str3 = null;
        String[] strArr = null;
        if (!this.securityEnabled) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "checkAuthorization");
            }
            if (auditService != null) {
                contextHandler = ((AuditServiceImpl) auditService).getContextHandler();
                if (contextHandler == null) {
                    Tr.error(tc, "security.audit.service.context.error");
                    auditService.processAuditFailure("security.audit.service.context.error", null);
                }
            }
            if (auditService != null) {
                str3 = auditService.getLastTrailId();
                strArr = auditService.getEventTrailIds();
            }
            if (auditService == null || !auditService.isEventRequired("SECURITY_AUTHZ", "SUCCESS")) {
                return;
            }
            String str4 = null;
            if (subject != null) {
                str4 = ((Principal) subject.getPrincipals().toArray()[0]).getName();
            }
            contextHandler.buildContextObject("SESSION_CONTEXT", DataHelper.buildSessionData(null, null, null, null));
            contextHandler.buildContextObject("ACCESS_CONTEXT", DataHelper.buildAccessData(str, "authz", str4, str4, "accessSuccess", str2, "web", new Long(0L), null, null, null, null));
            contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str3, strArr, new Date(), new Long(0L).longValue()));
            contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
            contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), ContextManagerFactory.getInstance().getDefaultRealm()));
            contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(activeUserRegistry)));
            HashMap buildProviderData = DataHelper.buildProviderData("WebSphere", "providerSuccess");
            contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", buildProviderData);
            buildProviderData.clear();
            contextHandler.buildContextObject("POLICY_CONTEXT", DataHelper.buildPolicyData(null, null));
            this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.SUCCESSFUL, new Integer(0), new Integer(0), "SUCCESS", 6L);
            try {
                auditService.sendEvent("SECURITY_AUTHZ", this.auditOutcome);
                return;
            } catch (ProviderFailureException e) {
                Tr.error(tc, "security.audit.service.sendevent.error", new Object[]{e});
                auditService.processAuditFailure("security.audit.service.sendevent.error", e);
                return;
            }
        }
        try {
            getAuthorizer().checkAccess(webAccessContext, str, str2, subject);
            if (auditService != null) {
                contextHandler = ((AuditServiceImpl) auditService).getContextHandler();
                if (contextHandler == null) {
                    Tr.error(tc, "security.audit.service.context.error");
                    auditService.processAuditFailure("security.audit.service.context.error", null);
                }
            }
            if (auditService != null) {
                str3 = auditService.getLastTrailId();
                strArr = auditService.getEventTrailIds();
            }
            if (auditService != null && auditService.isEventRequired("SECURITY_AUTHZ", "SUCCESS")) {
                String str5 = null;
                if (subject != null) {
                    str5 = ((Principal) subject.getPrincipals().toArray()[0]).getName();
                }
                contextHandler.buildContextObject("SESSION_CONTEXT", DataHelper.buildSessionData(null, null, null, null));
                contextHandler.buildContextObject("ACCESS_CONTEXT", DataHelper.buildAccessData(str, "authz", str5, str5, "accessSuccess", str2, "web", new Long(0L), null, null, null, null));
                contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str3, strArr, new Date(), new Long(0L).longValue()));
                contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), ContextManagerFactory.getInstance().getDefaultRealm()));
                contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(activeUserRegistry)));
                contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData("WebSphere", "providerSuccess"));
                contextHandler.buildContextObject("POLICY_CONTEXT", DataHelper.buildPolicyData(null, null));
                this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.SUCCESSFUL, new Integer(0), new Integer(0), "SUCCESS", 6L);
                try {
                    auditService.sendEvent("SECURITY_AUTHZ", this.auditOutcome);
                } catch (ProviderFailureException e2) {
                    Tr.error(tc, "security.audit.service.sendevent.error", new Object[]{e2});
                    auditService.processAuditFailure("security.audit.service.sendevent.error", e2);
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "checkAuthorization");
            }
        } catch (AccessException e3) {
            FFDCFilter.processException(e3, "com.ibm.ws.security.web.WebCollaborator.checkAuthorization", "2251", this);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "checkAuthorization: throw AccessException");
            }
            if (auditService != null) {
                contextHandler = ((AuditServiceImpl) auditService).getContextHandler();
                if (contextHandler == null) {
                    Tr.error(tc, "security.audit.service.context.error");
                    auditService.processAuditFailure("security.audit.service.context.error", null);
                }
            }
            if (auditService != null) {
                str3 = auditService.getLastTrailId();
                strArr = auditService.getEventTrailIds();
            }
            if (auditService != null && auditService.isEventRequired("SECURITY_AUTHZ", "DENIED")) {
                String str6 = null;
                if (subject != null) {
                    str6 = ((Principal) subject.getPrincipals().toArray()[0]).getName();
                }
                contextHandler.buildContextObject("SESSION_CONTEXT", DataHelper.buildSessionData(null, null, null, null));
                contextHandler.buildContextObject("ACCESS_CONTEXT", DataHelper.buildAccessData(str, "authz", str6, str6, "denied", str2, "web", new Long(0L), null, null, null, null));
                contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str3, strArr, new Date(), new Long(0L).longValue()));
                contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), ContextManagerFactory.getInstance().getDefaultRealm()));
                contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(activeUserRegistry)));
                contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData("WebSphere", "providerSuccess"));
                contextHandler.buildContextObject("POLICY_CONTEXT", DataHelper.buildPolicyData(null, null));
                this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.UNSUCCESSFUL, new Integer(-1), new Integer(-1), "DENIED", 16L);
                try {
                    auditService.sendEvent("SECURITY_AUTHZ", this.auditOutcome);
                } catch (ProviderFailureException e4) {
                    Tr.error(tc, "security.audit.service.sendevent.error", new Object[]{e4});
                    auditService.processAuditFailure("security.audit.service.sendevent.error", e4);
                }
            }
            throw e3;
        }
    }

    protected void checkAuthorization(WebAccessContext webAccessContext, SecurityRole[] securityRoleArr, Subject subject) throws AccessException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkAuthorization");
        }
        if (this.securityEnabled) {
            if (getAuthorizer().isGrantedAnyRole(webAccessContext, securityRoleArr, subject)) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "checkAuthorization");
                    return;
                }
                return;
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "checkAuthorization: throw AccessException");
            }
            StringBuffer stringBuffer = new StringBuffer(128);
            stringBuffer.append("Authorization failed, Not granted any of the required roles: ");
            for (SecurityRole securityRole : securityRoleArr) {
                stringBuffer.append(securityRole.getRoleName()).append(" ");
            }
            throw new AccessException(stringBuffer.toString());
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "checkAuthorization");
        }
    }

    protected String getCookieValue(String str, String str2) {
        String nextToken;
        int indexOf;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getCookieValue", str2);
        }
        if (str == null) {
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "getCookieValue", "no cookie");
            return null;
        }
        StringTokenizer stringTokenizer = new StringTokenizer(str, ",;");
        while (stringTokenizer.hasMoreElements() && (indexOf = (nextToken = stringTokenizer.nextToken()).indexOf("=")) != 0 && indexOf != nextToken.length()) {
            String trim = nextToken.substring(0, indexOf).trim();
            if (trim.equals(str2) || trim.charAt(0) != '$') {
                String substring = nextToken.substring(indexOf + 1);
                if (substring.startsWith("\"") && substring.endsWith("\"")) {
                    substring = substring.substring(1, substring.length() - 1);
                }
                if (trim.charAt(0) == '$') {
                    if (trim.equalsIgnoreCase("$Version")) {
                        Integer.parseInt(substring);
                    } else if (!trim.equalsIgnoreCase(HTTPConstants.REQ_COOKIE_DOMAIN) && trim.equalsIgnoreCase(HTTPConstants.REQ_COOKIE_PATH)) {
                    }
                } else if (trim.equalsIgnoreCase(str2)) {
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "getCookieValue", substring);
                    }
                    return substring;
                }
            }
        }
        if (!tc.isEntryEnabled()) {
            return null;
        }
        Tr.exit(tc, "getCookieValue: null");
        return null;
    }

    private String getCookieValue(Cookie[] cookieArr, String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getCookieValue", str);
        }
        String str2 = null;
        if (cookieArr != null) {
            int i = 0;
            while (true) {
                if (i >= cookieArr.length) {
                    break;
                }
                if (str.equals(cookieArr[i].getName())) {
                    str2 = cookieArr[i].getValue();
                    break;
                }
                i++;
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getCookieValue", str2);
        }
        return str2;
    }

    public boolean isUserInRole(String str, String str2, String str3, HttpServletRequest httpServletRequest) {
        if (!SecurityObjectLocator.getSecurityConfig().getAuthorizationConfig().getBoolean(AuthorizationConfig.USE_JACC_PROVIDER)) {
            return isUserInRole(str, str2, str3);
        }
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isUserInRoleForJACC");
        }
        Subject subject = null;
        boolean z = false;
        if (this.securityEnabled) {
            try {
                WebComponentMetaData componentMetaData = ComponentMetaDataAccessorImpl.getComponentMetaDataAccessor().getComponentMetaData();
                Subject callerSubject = ContextManagerFactory.getInstance().getCallerSubject();
                if (callerSubject != null) {
                    subject = callerSubject;
                }
                String str4 = str3 + ":" + str2;
                if (componentMetaData != null) {
                    String moduleName = componentMetaData.getModuleMetaData().getConfiguration().getModuleName();
                    String name = componentMetaData.getModuleMetaData().getApplicationMetaData().getName();
                    if (isAdminApp(name)) {
                        if (tc.isEntryEnabled()) {
                            Tr.exit(tc, "isUserInRoleForJACC: The app is an adminApp: " + name);
                        }
                        return isUserInRole(str, str2, str3);
                    }
                    SecurityMetaData securityMetaData = (SecurityMetaData) componentMetaData.getSecurityMetaData();
                    String str5 = null;
                    if (securityMetaData != null) {
                        str5 = securityMetaData.getServletName();
                    }
                    try {
                        z = str5 != null ? checkJaccUserInRolePerm(str5, str, name, moduleName, subject, httpServletRequest) : checkJaccUserInRolePerm("", str, name, moduleName, subject, httpServletRequest);
                    } catch (Exception e) {
                        FFDCFilter.processException(e, "com.ibm.ws.security.web.WebCollaborator.isUserInRole", "2566", this);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Exception: ", e);
                        }
                        z = false;
                    }
                    if (tc.isDebugEnabled()) {
                        if (z) {
                            Tr.debug(tc, "hasJaccAccess is true for web role ref");
                        } else {
                            Tr.debug(tc, "hasJaccAccess is false for web role ref");
                        }
                    }
                }
            } catch (Exception e2) {
                FFDCFilter.processException(e2, "com.ibm.ws.security.web.WebCollaborator.isUserInRole", "2581", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception: ", e2);
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isUserInRoleForJACC", String.valueOf(z));
        }
        return z;
    }

    private boolean checkJaccUserInRolePerm(String str, String str2, String str3, String str4, final Subject subject, final HttpServletRequest httpServletRequest) {
        boolean z;
        StringBuffer stringBuffer = new StringBuffer(WSAccessManager.getContextID(str3));
        if (stringBuffer == null) {
            if (!tc.isDebugEnabled()) {
                return false;
            }
            Tr.debug(tc, "Cannot get the contextID for application: " + str3 + ". Returning false.");
            return false;
        }
        stringBuffer.append("/").append(str4);
        final String stringBuffer2 = stringBuffer.toString();
        try {
            try {
                final WebRoleRefPermission webRoleRefPermission = new WebRoleRefPermission(str, str2);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "WebRoleRefPermission = " + webRoleRefPermission);
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "contextID: " + stringBuffer2);
                }
                final HashMap hashMap = new HashMap();
                new Boolean(false);
                z = ((Boolean) AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.ws.security.web.WebCollaborator.5
                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws PolicyContextException {
                        PolicyContext.setContextID(stringBuffer2);
                        if (WebCollaborator.tc.isDebugEnabled()) {
                            Tr.debug(WebCollaborator.tc, "Registering JACC context handlers");
                        }
                        for (int i = 0; i < WebCollaborator.jaccHandlerKeyArray.length; i++) {
                            PolicyContext.registerHandler(WebCollaborator.jaccHandlerKeyArray[i], WebCollaborator.wpch, true);
                        }
                        hashMap.put(WebCollaborator.jaccHandlerKeyArray[0], subject);
                        hashMap.put(WebCollaborator.jaccHandlerKeyArray[1], httpServletRequest);
                        SecurityConfig securityConfig = SecurityObjectLocator.getSecurityConfig();
                        ProtectionDomain protectionDomain = (subject == null || subject.getPrincipals().size() <= 0) ? (ProtectionDomain) securityConfig.getObject(SecurityConfig.NULL_PROTECTION_DOMAIN) : new ProtectionDomain((CodeSource) securityConfig.getObject(SecurityConfig.NULL_CODE_SOURCE), null, null, (Principal[]) subject.getPrincipals().toArray(new Principal[subject.getPrincipals().size()]));
                        if (WebCollaborator.tc.isDebugEnabled()) {
                            Tr.debug(WebCollaborator.tc, "Setting JACC handler data");
                        }
                        PolicyContext.setHandlerData(hashMap);
                        if (WebCollaborator.tc.isDebugEnabled()) {
                            Tr.debug(WebCollaborator.tc, "Calling JACC implies");
                        }
                        return new Boolean(Policy.getPolicy().implies(protectionDomain, webRoleRefPermission));
                    }
                })).booleanValue();
                try {
                    AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.ws.security.web.WebCollaborator.6
                        @Override // java.security.PrivilegedExceptionAction
                        public Object run() {
                            PolicyContext.setHandlerData(null);
                            return null;
                        }
                    });
                } catch (Exception e) {
                }
            } catch (Exception e2) {
                FFDCFilter.processException(e2, "com.ibm.ws.security. web.WebCollaborator.checkUserInRole", "2662", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception during isUserInRolecall: " + e2);
                }
                Tr.audit(tc, "security.web.authz.isuserinrole.failed", new Object[]{stringBuffer2, e2});
                z = false;
                try {
                    AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.ws.security.web.WebCollaborator.6
                        @Override // java.security.PrivilegedExceptionAction
                        public Object run() {
                            PolicyContext.setHandlerData(null);
                            return null;
                        }
                    });
                } catch (Exception e3) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Exception when setting setHandler data: " + e3);
                    }
                    FFDCFilter.processException(e3, "com.ibm.ws.security.web.WebCollaborator.authorize", "2680", this);
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "isUserInRole", String.valueOf(z));
            }
            return z;
        } finally {
            try {
                AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.ws.security.web.WebCollaborator.6
                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() {
                        PolicyContext.setHandlerData(null);
                        return null;
                    }
                });
            } catch (Exception e4) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception when setting setHandler data: " + e4);
                }
                FFDCFilter.processException(e4, "com.ibm.ws.security.web.WebCollaborator.authorize", "2680", this);
            }
        }
    }

    protected static IPrivateRequestAttributes getPrivateAttributes(HttpServletRequest httpServletRequest) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getPrivateAttributes");
        }
        IPrivateRequestAttributes iPrivateRequestAttributes = null;
        HttpServletRequest httpServletRequest2 = httpServletRequest;
        if (httpServletRequest2 instanceof HttpServletRequestWrapper) {
            ServletRequest request = ((HttpServletRequestWrapper) httpServletRequest2).getRequest();
            while (true) {
                httpServletRequest2 = (HttpServletRequest) request;
                if (httpServletRequest2 == null || !(httpServletRequest2 instanceof HttpServletRequestWrapper)) {
                    break;
                }
                request = ((HttpServletRequestWrapper) httpServletRequest2).getRequest();
            }
        }
        if (httpServletRequest2 != null && (httpServletRequest2 instanceof SRTServletRequest)) {
            iPrivateRequestAttributes = (IPrivateRequestAttributes) httpServletRequest2;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getPrivateAttributes", new Object[]{iPrivateRequestAttributes});
        }
        return iPrivateRequestAttributes;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void setPrivateAttributes(HttpServletRequest httpServletRequest, String str, Object obj) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setPrivateAttributes", new Object[]{str, obj});
        }
        HttpServletRequest httpServletRequest2 = httpServletRequest;
        if (httpServletRequest2 instanceof HttpServletRequestWrapper) {
            ServletRequest request = ((HttpServletRequestWrapper) httpServletRequest2).getRequest();
            while (true) {
                httpServletRequest2 = (HttpServletRequest) request;
                if (httpServletRequest2 == null || !(httpServletRequest2 instanceof HttpServletRequestWrapper)) {
                    break;
                } else {
                    request = ((HttpServletRequestWrapper) httpServletRequest2).getRequest();
                }
            }
        }
        if (httpServletRequest2 != null && (httpServletRequest2 instanceof SRTServletRequest)) {
            ((IPrivateRequestAttributes) httpServletRequest2).setPrivateAttribute(str, obj);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setPrivateAttributes");
        }
    }

    protected static void removePrivateAttribute(HttpServletRequest httpServletRequest, String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "removePrivateAttribute", new Object[]{str});
        }
        HttpServletRequest httpServletRequest2 = httpServletRequest;
        if (httpServletRequest2 instanceof HttpServletRequestWrapper) {
            ServletRequest request = ((HttpServletRequestWrapper) httpServletRequest2).getRequest();
            while (true) {
                httpServletRequest2 = (HttpServletRequest) request;
                if (httpServletRequest2 == null || !(httpServletRequest2 instanceof HttpServletRequestWrapper)) {
                    break;
                } else {
                    request = ((HttpServletRequestWrapper) httpServletRequest2).getRequest();
                }
            }
        }
        if (httpServletRequest2 != null && (httpServletRequest2 instanceof SRTServletRequest)) {
            ((IPrivateRequestAttributes) httpServletRequest2).removePrivateAttribute(str);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "removePrivateAttribute");
        }
    }

    public Principal getUserPrincipal() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getUserPrincipal");
        }
        String str = null;
        if (this.securityEnabled) {
            try {
                ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
                Subject callerSubject = contextManagerFactory.getCallerSubject();
                final WSCredential wSCredentialFromSubject = SubjectHelper.getWSCredentialFromSubject(callerSubject);
                if (tc.isEntryEnabled()) {
                    Tr.debug(tc, "Caller credential: ", wSCredentialFromSubject);
                }
                if (callerSubject != null && !wSCredentialFromSubject.isUnauthenticated()) {
                    if (contextManagerFactory.getPlatformHelper().isZOS()) {
                        try {
                            str = (String) AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.ws.security.web.WebCollaborator.7
                                @Override // java.security.PrivilegedExceptionAction
                                public Object run() throws Exception {
                                    PlatformCredential platformCredential = null;
                                    String str2 = (String) wSCredentialFromSubject.get(AttributeNameConstants.CALLER_PRINCIPAL_CLASS);
                                    if (WebCollaborator.tc.isDebugEnabled()) {
                                        Tr.debug(WebCollaborator.tc, "Requested principal class is: " + str2);
                                    }
                                    if (AttributeNameConstants.ZOS_CALLER_PRINCIPAL_CLASS.equals(str2)) {
                                        platformCredential = (PlatformCredential) wSCredentialFromSubject.get(CommonConstants.PLATFORM_CREDENTIAL);
                                    }
                                    if (platformCredential != null) {
                                        return platformCredential.getUserId();
                                    }
                                    return null;
                                }
                            });
                        } catch (PrivilegedActionException e) {
                            FFDCFilter.processException(e.getException(), "com.ibm.ws.security.WebCollaborator", "2835", this);
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Exception getting CallerPrincipalClass: ", new Object[]{e.getException()});
                            }
                            str = null;
                        }
                    }
                    SecurityConfig securityConfig = SecurityObjectLocator.getSecurityConfig();
                    boolean z = securityConfig.getBoolean(SecurityConfig.USE_DOMAIN_QUALIFIED_USER_NAMES);
                    if (str == null) {
                        str = wSCredentialFromSubject.getSecurityName();
                    }
                    if (z) {
                        String realmName = wSCredentialFromSubject.getRealmName();
                        if (realmName == null || realmName.length() == 0) {
                            realmName = securityConfig.getActiveUserRegistry().getString("realm");
                        }
                        str = realmName + "/" + str;
                    }
                }
            } catch (Exception e2) {
                FFDCFilter.processException(e2, "com.ibm.ws.security.web.WebCollaborator", "2865");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception", e2);
                }
                str = null;
            }
        }
        Identity identity = null;
        if (str != null) {
            identity = new Identity(new String(str));
        }
        if (tc.isEntryEnabled()) {
            final Identity identity2 = identity;
            java.security.AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.security.web.WebCollaborator.8
                @Override // java.security.PrivilegedAction
                public Object run() {
                    Tr.exit(WebCollaborator.tc, "getUserPrincipal", identity2);
                    return null;
                }
            });
        }
        return identity;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean SetUnauthenticatedSubjectIfNeeded(Subject subject, Subject subject2) {
        boolean z = false;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "SetUnauthenticatedSubjectIfNeeded");
        }
        if (subject == null && subject2 == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Invoked and received Subject are null, setting it anonymous/unauthenticated.");
            }
            try {
                ContextManagerFactory.getInstance().setInvocationSubject(SubjectHelper.createUnauthenticatedSubject());
                z = true;
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.web.WebCollaborator.SetUnauthenticatedSubjectIfNeeded", "2911", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "setUnauthenticated Subject threw an unexpected exception" + e);
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "SetUnauthenticatedSubjectIfNeeded:" + z);
        }
        return z;
    }

    private int getHTTPSPort(int i) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getHTTPSPort: " + i);
        }
        SecurityConfig securityConfig = SecurityObjectLocator.getSecurityConfig("security");
        Map map = (Map) securityConfig.getObject("host.virtualhosts");
        List list = (List) securityConfig.getObject("webcontainer.transports");
        for (String str : map.keySet()) {
            ArrayList arrayList = (ArrayList) map.get(str);
            for (int i2 = 0; i2 < arrayList.size(); i2++) {
                String str2 = (String) arrayList.get(i2);
                if (tc.isDebugEnabled() && str2 != null) {
                    Tr.debug(tc, "Port " + str2 + " in virtual host " + str);
                }
                int i3 = -1;
                try {
                    i3 = Integer.parseInt(str2);
                } catch (NumberFormatException e) {
                }
                if (str2 != null && i3 == i) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Found HTTP port " + str2 + " in virtual host " + str);
                    }
                    for (int i4 = 0; i4 < list.size(); i4++) {
                        Integer num = (Integer) list.get(i4);
                        if (num != null) {
                            int intValue = num.intValue();
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Checking if port " + intValue + " is in the same virtual host.");
                            }
                            for (int i5 = 0; i5 < arrayList.size(); i5++) {
                                String str3 = (String) arrayList.get(i5);
                                int i6 = -1;
                                try {
                                    i6 = Integer.parseInt(str3);
                                } catch (NumberFormatException e2) {
                                }
                                if (str3 != null && tc.isDebugEnabled()) {
                                    Tr.debug(tc, "Port " + i6 + " in virtual host " + str);
                                }
                                if (str3 != null && i6 == intValue) {
                                    if (tc.isEntryEnabled()) {
                                        Tr.exit(tc, "Found HTTPS port " + intValue + " in virtual host " + str);
                                    }
                                    return intValue;
                                }
                            }
                        }
                    }
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getHTTPSPort: SSL port not found");
        }
        Tr.error(tc, "security.web.httpsPort.notFound");
        return -1;
    }

    protected boolean unsupportedAuthMech(WebAttributes webAttributes) {
        return webAttributes.getChallengeType().equalsIgnoreCase("DIGEST");
    }

    public boolean isUserInRole(String str, String str2, String str3) {
        WebComponentMetaData componentMetaData;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isUserInRole", new Object[]{str, str2, str3});
        }
        WebAccessContext webAccessContext = null;
        if (this.securityEnabled) {
            try {
                componentMetaData = ComponentMetaDataAccessorImpl.getComponentMetaDataAccessor().getComponentMetaData();
                Subject callerSubject = ContextManagerFactory.getInstance().getCallerSubject();
                r11 = callerSubject != null ? callerSubject : null;
                String str4 = str3 + ":" + str2;
                webAccessContext = this.webCache.getWebAccessContext(componentMetaData != null ? componentMetaData.getModuleMetaData().getApplicationMetaData().getName() : null, str4);
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.web.WebCollaborator.isUserInRole", "3148", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception: ", e);
                }
            }
            if (webAccessContext == null) {
                return false;
            }
            if (componentMetaData != null) {
                componentMetaData.getModuleMetaData().getConfiguration().getModuleName();
                SecurityMetaData securityMetaData = (SecurityMetaData) componentMetaData.getSecurityMetaData();
                if (securityMetaData != null) {
                    securityMetaData.getServletName();
                    for (Object obj : securityMetaData.getSecurityRoleRefs()) {
                        if (obj instanceof SecurityRoleRef) {
                            SecurityRoleRef securityRoleRef = (SecurityRoleRef) obj;
                            if (securityRoleRef.getName().equals(str)) {
                                String link = securityRoleRef.getLink();
                                return getAuthorizer().isGrantedRole(webAccessContext, WCCMHelper.createSecurityRole(link, link), new WSPrincipal(r11));
                            }
                        } else if (obj instanceof com.ibm.ws.portletcontainer.om.security.SecurityRoleRef) {
                            com.ibm.ws.portletcontainer.om.security.SecurityRoleRef securityRoleRef2 = (com.ibm.ws.portletcontainer.om.security.SecurityRoleRef) obj;
                            if (securityRoleRef2.getRoleName().equals(str)) {
                                String roleLink = securityRoleRef2.getRoleLink();
                                return getAuthorizer().isGrantedRole(webAccessContext, WCCMHelper.createSecurityRole(roleLink, roleLink), new WSPrincipal(r11));
                            }
                        } else {
                            continue;
                        }
                    }
                } else if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "In isUserInRole, security metadata is null");
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "In isUserInRole, WebComponentMetaData is null");
            }
            SecurityRole createSecurityRole = WCCMHelper.createSecurityRole(str, str);
            if (createSecurityRole != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Found security role named " + str);
                }
                if (webAccessContext == null || r11 == null) {
                    return false;
                }
                return getAuthorizer().isGrantedRole(webAccessContext, createSecurityRole, new WSPrincipal(r11));
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Did not find security role named " + str);
            }
        }
        if (!tc.isEntryEnabled()) {
            return false;
        }
        Tr.exit(tc, "isUserInRole");
        return false;
    }

    protected WebReply checkDataConstraints(WebAccessContext webAccessContext, String str, String str2, HttpServletRequest httpServletRequest) throws WebSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkConstraints");
        }
        WebReply webReply = null;
        if (isSSLRequired(webAccessContext, str, str2)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Request should be over SSL to access the resource. Redirecting to HTTPS...");
            }
            webReply = getRedirectURL(httpServletRequest, str, str2);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "checkConstraints", webReply);
        }
        return webReply;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String getURI(HttpServletRequest httpServletRequest) {
        String servletPath = httpServletRequest.getServletPath();
        String pathInfo = httpServletRequest.getPathInfo();
        if (pathInfo != null) {
            servletPath = servletPath.concat(pathInfo);
        }
        if (servletPath == null || servletPath.length() == 0) {
            servletPath = "/";
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "URI requested: " + servletPath);
        }
        if (servletPath != null) {
            servletPath = WSUtil.resolveURI(servletPath);
            int indexOf = servletPath.indexOf(";");
            if (indexOf != -1) {
                servletPath = servletPath.substring(0, indexOf);
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "URI returned: " + servletPath);
        }
        return servletPath;
    }

    private boolean checkValidURI(String str) {
        return (str == null || str.length() == 0) ? false : true;
    }

    private WebReply unprotectedSpecialURI(WebAttributes webAttributes, String str, String str2) {
        String loginURL;
        String reloginURL;
        ContextHandler contextHandler = null;
        if (webAttributes == null) {
            return null;
        }
        String str3 = null;
        String[] strArr = null;
        this.startTime = new Date();
        if (!webAttributes.getChallengeType().equals("FORM") || (loginURL = webAttributes.getLoginURL()) == null || (reloginURL = webAttributes.getReloginURL()) == null) {
            return null;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, " We have a custom login or error page request, web app login URL:[" + loginURL + "], errorPage URL:[" + reloginURL + "], and the requested URI:[" + str + "]");
        }
        if (loginURL.equals(str) || reloginURL.equals(str)) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "authorize, login or error page[" + str + "]  requested, permit: ", PERMIT_REPLY);
            }
            String[] strArr2 = {"unprotectedSpecial"};
            String[] strArr3 = {"unprotectedSpecial"};
            if (auditService != null) {
                contextHandler = ((AuditServiceImpl) auditService).getContextHandler();
                if (contextHandler == null) {
                    Tr.error(tc, "security.audit.service.context.error");
                    auditService.processAuditFailure("security.audit.service.context.error", null);
                }
            }
            if (auditService != null) {
                str3 = auditService.getLastTrailId();
                strArr = auditService.getEventTrailIds();
            }
            if (auditService != null && auditService.isEventRequired("SECURITY_RESOURCE_ACCESS", "SUCCESS")) {
                contextHandler.buildContextObject("SESSION_CONTEXT", DataHelper.buildSessionData(null, null, null, null));
                contextHandler.buildContextObject("ACCESS_CONTEXT", DataHelper.buildAccessData(str, "resourceAccess", null, null, "accessSuccess", str2, "web", new Long(0L), null, null, strArr2, strArr3));
                contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str3, strArr, new Date(), new Long(0L).longValue()));
                contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), ContextManagerFactory.getInstance().getDefaultRealm()));
                contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(activeUserRegistry)));
                contextHandler.buildContextObject("RESPONSE_CONTEXT", DataHelper.buildResponseData(str, null, null));
                this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.SUCCESSFUL, new Integer(0), new Integer(0), "SUCCESS", 6L);
                try {
                    auditService.sendEvent("SECURITY_RESOURCE_ACCESS", this.auditOutcome);
                } catch (ProviderFailureException e) {
                    Tr.error(tc, "security.audit.service.sendevent.error", new Object[]{e});
                    auditService.processAuditFailure("security.audit.service.sendevent.error", e);
                }
            }
            return PERMIT_REPLY;
        }
        if (str == null || !str.equals("/j_security_check") || str2 == null || !str2.equals("POST")) {
            return null;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "authorize, login or error page[" + str + "]  requested, permit: ", PERMIT_REPLY);
        }
        String[] strArr4 = {"unprotectedSpecial"};
        String[] strArr5 = {"unprotectedSpecial"};
        if (auditService != null) {
            contextHandler = ((AuditServiceImpl) auditService).getContextHandler();
            if (contextHandler == null) {
                Tr.error(tc, "security.audit.service.context.error");
                auditService.processAuditFailure("security.audit.service.context.error", null);
            }
        }
        if (auditService != null) {
            str3 = auditService.getLastTrailId();
            strArr = auditService.getEventTrailIds();
        }
        if (auditService != null && auditService.isEventRequired("SECURITY_RESOURCE_ACCESS", "SUCCESS")) {
            contextHandler.buildContextObject("SESSION_CONTEXT", DataHelper.buildSessionData(null, null, null, null));
            contextHandler.buildContextObject("ACCESS_CONTEXT", DataHelper.buildAccessData(str, "resourceAccess", null, null, "accessSuccess", str2, "web", new Long(0L), null, null, strArr4, strArr5));
            contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str3, strArr, new Date(), new Long(0L).longValue()));
            contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
            contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), ContextManagerFactory.getInstance().getDefaultRealm()));
            contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(activeUserRegistry)));
            contextHandler.buildContextObject("RESPONSE_CONTEXT", DataHelper.buildResponseData(str, null, null));
            this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.SUCCESSFUL, new Integer(0), new Integer(0), "SUCCESS", 6L);
            try {
                auditService.sendEvent("SECURITY_RESOURCE_ACCESS", this.auditOutcome);
            } catch (ProviderFailureException e2) {
                Tr.error(tc, "security.audit.service.sendevent.error", new Object[]{e2});
                auditService.processAuditFailure("security.audit.service.sendevent.error", e2);
            }
        }
        return PERMIT_REPLY;
    }

    private WebReply handleAlwaysLogin(AuthenticationResult authenticationResult, WebAttributes webAttributes, String str, String str2) {
        WebReply unprotectedSpecialURI = unprotectedSpecialURI(webAttributes, str, str2);
        if (unprotectedSpecialURI != null) {
            return unprotectedSpecialURI;
        }
        if (authenticationResult != null) {
            return checkAuthStatus(authenticationResult, webAttributes);
        }
        Tr.error(tc, "authResult is null");
        return DENY_AUTHN_FAILED;
    }

    private AuthenticationResult SetAuthenticatedSubjectIfNeeded(WebRequest webRequest) {
        AuthenticationResult authenticate = authenticator.authenticate(webRequest);
        if (authenticate != null && authenticate.getStatus() == 1) {
            try {
                ContextManagerFactory.getInstance().setCallerSubject(authenticate.getSubject());
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.web.WebCollaborator.SetAuthenticatedSubjectIfNeeded", "3460", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception occurred when setting credentials for 'current'. ");
                }
            }
        }
        return authenticate;
    }

    private WebReply validSecAttrs(String str, String str2, String str3, boolean z, String str4) {
        return validSecAttrs(str, str2, str3, z, str4, null);
    }

    private WebReply validSecAttrs(String str, String str2, String str3, boolean z, String str4, HttpServletRequest httpServletRequest) {
        ContextHandler contextHandler = null;
        WebAccessContext webAccessContext = this.webCache.getWebAccessContext(str4, str);
        String str5 = null;
        String[] strArr = null;
        if (webAccessContext == null) {
            this.startTime = new Date();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "No Web App config found.");
            }
            DenyReply denyReply = new DenyReply(new StringBuffer("Cannot create a web security context for this request.").toString());
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "authorize", denyReply);
            }
            if (auditService != null) {
                contextHandler = ((AuditServiceImpl) auditService).getContextHandler();
                if (contextHandler == null) {
                    Tr.error(tc, "security.audit.service.context.error");
                    auditService.processAuditFailure("security.audit.service.context.error", null);
                }
            }
            if (auditService != null) {
                str5 = auditService.getLastTrailId();
                strArr = auditService.getEventTrailIds();
            }
            if (auditService != null && auditService.isEventRequired("SECURITY_RESOURCE_ACCESS", "DENIED")) {
                contextHandler.buildContextObject("SESSION_CONTEXT", DataHelper.buildSessionData(null, null, null, null));
                contextHandler.buildContextObject("ACCESS_CONTEXT", DataHelper.buildAccessData(str2, "resourceAccess", null, null, "denied", str3, "web", new Long(0L), null, null, null, null));
                contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str5, strArr, new Date(), new Long(0L).longValue()));
                contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), ContextManagerFactory.getInstance().getDefaultRealm()));
                contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(activeUserRegistry)));
                contextHandler.buildContextObject("RESPONSE_CONTEXT", DataHelper.buildResponseData(str2, null, null));
                this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.UNSUCCESSFUL, new Integer(-1), new Integer(-1), "DENIED", 22L);
                try {
                    auditService.sendEvent("SECURITY_RESOURCE_ACCESS", this.auditOutcome);
                } catch (ProviderFailureException e) {
                    Tr.error(tc, "security.audit.service.sendevent.error", new Object[]{e});
                    auditService.processAuditFailure("security.audit.service.sendevent.error", e);
                }
            }
            return denyReply;
        }
        WebAttributes webAttributes = webAccessContext.getWebAttributes();
        if (!z) {
            if (webAttributes == null) {
                if (tc.isDebugEnabled()) {
                    StringBuffer stringBuffer = new StringBuffer("No WebAttributes for context root = ");
                    stringBuffer.append(str);
                    Tr.debug(tc, stringBuffer.toString());
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "authorize: ", PERMIT_REPLY);
                }
                String[] strArr2 = {"unprotected"};
                String[] strArr3 = {"unprotected"};
                if (auditService != null) {
                    contextHandler = ((AuditServiceImpl) auditService).getContextHandler();
                    if (contextHandler == null) {
                        Tr.error(tc, "security.audit.service.context.error");
                        auditService.processAuditFailure("security.audit.service.context.error", null);
                    }
                }
                if (auditService != null) {
                    str5 = auditService.getLastTrailId();
                    strArr = auditService.getEventTrailIds();
                }
                if (auditService != null && auditService.isEventRequired("SECURITY_RESOURCE_ACCESS", "SUCCESS")) {
                    contextHandler.buildContextObject("SESSION_CONTEXT", DataHelper.buildSessionData(null, null, null, null));
                    contextHandler.buildContextObject("ACCESS_CONTEXT", DataHelper.buildAccessData(str2, "resourceAccess", null, null, "accessSuccess", str3, "web", new Long(0L), null, null, strArr2, strArr3));
                    contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str5, strArr, new Date(), new Long(0L).longValue()));
                    contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                    contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), ContextManagerFactory.getInstance().getDefaultRealm()));
                    contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(activeUserRegistry)));
                    contextHandler.buildContextObject("RESPONSE_CONTEXT", DataHelper.buildResponseData(str2, null, null));
                    this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.SUCCESSFUL, new Integer(0), new Integer(0), "SUCCESS", 6L);
                    try {
                        auditService.sendEvent("SECURITY_RESOURCE_ACCESS", this.auditOutcome);
                    } catch (ProviderFailureException e2) {
                        Tr.error(tc, "security.audit.service.sendevent.error", new Object[]{e2});
                        auditService.processAuditFailure("security.audit.service.sendevent.error", e2);
                    }
                }
                return PERMIT_REPLY;
            }
            if (webAccessContext.getConstraints().getConstraints(webAccessContext, str2, str3, httpServletRequest) == null) {
                if (tc.isDebugEnabled()) {
                    StringBuffer stringBuffer2 = new StringBuffer("No WebConstraints for URI = ");
                    stringBuffer2.append(str2);
                    stringBuffer2.append(", method = ");
                    stringBuffer2.append(str3);
                    Tr.debug(tc, stringBuffer2.toString());
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "authorize: ", PERMIT_REPLY);
                }
                String[] strArr4 = {"unprotected"};
                String[] strArr5 = {"unprotected"};
                if (auditService != null) {
                    contextHandler = ((AuditServiceImpl) auditService).getContextHandler();
                    if (contextHandler == null) {
                        Tr.error(tc, "security.audit.service.context.error");
                        auditService.processAuditFailure("security.audit.service.context.error", null);
                    }
                }
                if (auditService != null) {
                    str5 = auditService.getLastTrailId();
                    strArr = auditService.getEventTrailIds();
                }
                if (auditService != null && auditService.isEventRequired("SECURITY_RESOURCE_ACCESS", "SUCCESS")) {
                    contextHandler.buildContextObject("SESSION_CONTEXT", DataHelper.buildSessionData(null, null, null, null));
                    contextHandler.buildContextObject("ACCESS_CONTEXT", DataHelper.buildAccessData(str2, "resourceAccess", null, null, "accessSuccess", str3, "web", new Long(0L), null, null, strArr4, strArr5));
                    contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str5, strArr, new Date(), new Long(0L).longValue()));
                    contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                    contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), ContextManagerFactory.getInstance().getDefaultRealm()));
                    contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(activeUserRegistry)));
                    contextHandler.buildContextObject("RESPONSE_CONTEXT", DataHelper.buildResponseData(str2, null, null));
                    this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.SUCCESSFUL, new Integer(0), new Integer(0), "SUCCESS", 6L);
                    try {
                        auditService.sendEvent("SECURITY_RESOURCE_ACCESS", this.auditOutcome);
                    } catch (ProviderFailureException e3) {
                        Tr.error(tc, "security.audit.service.sendevent.error", new Object[]{e3});
                        auditService.processAuditFailure("security.audit.service.sendevent.error", e3);
                    }
                }
                return PERMIT_REPLY;
            }
        }
        return unprotectedSpecialURI(webAttributes, str2, str3);
    }

    private WebReply checkAuthStatus(AuthenticationResult authenticationResult, WebAttributes webAttributes) {
        switch (authenticationResult.getStatus()) {
            case 0:
            case 6:
                Tr.audit(tc, "security.authn.failed", new Object[]{new Integer(authenticationResult.getStatus())});
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Authentication failed. Status: " + authenticationResult.getStatus());
                }
                WebReply webReply = DENY_AUTHN_FAILED;
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "checkAuthStatus", webReply);
                }
                return webReply;
            case 1:
            default:
                return null;
            case 2:
                WebReply webReply2 = DENY_AUTHN_FAILED;
                Tr.audit(tc, "security.authn.failed", new Object[]{authenticationResult.getReason()});
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "checkAuthStatus", webReply2);
                }
                return webReply2;
            case 3:
                ChallengeReply challengeReply = new ChallengeReply(webAttributes.getRealm());
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "authentication failed - sending a 401");
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "checkAuthStatus", challengeReply);
                }
                return challengeReply;
            case 4:
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "redirecting to another url");
                }
                RedirectReply redirectReply = authenticationResult.getCookies() != null ? new RedirectReply(authenticationResult.getRedirectURL(), authenticationResult.getCookies()) : new RedirectReply(authenticationResult.getRedirectURL());
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "checkAuthStatus", redirectReply);
                }
                return redirectReply;
            case 5:
                TAIChallengeReply tAIChallengeReply = new TAIChallengeReply(authenticationResult.getTAIChallengeCode());
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "TAI authentication challenge - sending " + authenticationResult.getTAIChallengeCode());
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "checkAuthStatus", tAIChallengeReply);
                }
                return tAIChallengeReply;
        }
    }

    private WebReply createReply(boolean z, String str, ArrayList arrayList) {
        WebReply webReply;
        if (z) {
            webReply = new PermitReply(arrayList);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Authorization check for uri: " + str + " succeeded. ");
            }
        } else {
            webReply = DENY_AUTHZ_FAILED;
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Authorization check for uri: " + str + " failed. ");
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createReply", webReply);
        }
        return webReply;
    }

    private WebReply getRedirectURL(HttpServletRequest httpServletRequest, String str, String str2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getRedirectURL");
        }
        ContextHandler contextHandler = null;
        this.startTime = new Date();
        StringBuffer requestURL = httpServletRequest.getRequestURL();
        String stringBuffer = requestURL.toString();
        int indexOf = stringBuffer.indexOf(47) + 2;
        int indexOf2 = stringBuffer.indexOf(47, indexOf);
        String substring = stringBuffer.substring(indexOf, indexOf2);
        int lastIndexOf = substring.lastIndexOf(58);
        if (lastIndexOf != -1) {
            requestURL.replace(indexOf + lastIndexOf + 1, indexOf2, Integer.toString(getHTTPSPort(Integer.parseInt(substring.substring(lastIndexOf + 1)))));
        }
        requestURL.replace(0, 4, "https");
        if (httpServletRequest.getQueryString() != null) {
            requestURL.append(IWebToolingConstants.HTTP_PARAMETER_SEPARATOR);
            requestURL.append(httpServletRequest.getQueryString());
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Redirected to " + requestURL.toString());
        }
        if (auditService != null) {
            contextHandler = ((AuditServiceImpl) auditService).getContextHandler();
            if (contextHandler == null) {
                Tr.error(tc, "security.audit.service.context.error");
                auditService.processAuditFailure("security.audit.service.context.error", null);
            }
        }
        if (auditService != null && auditService.isEventRequired("SECURITY_RESOURCE_ACCESS", AuditOutcome.S_REDIRECT)) {
            contextHandler.buildContextObject("SESSION_CONTEXT", DataHelper.buildSessionData(getSessionId(httpServletRequest), httpServletRequest.getRemoteAddr(), httpServletRequest.getRemoteHost(), new Integer(httpServletRequest.getRemotePort()).toString()));
            contextHandler.buildContextObject("ACCESS_CONTEXT", DataHelper.buildAccessData(str, "resourceAccess", null, null, "accessRedirect", str2, "web", new Long(0L), null, null, null, null));
            contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(auditService.getLastTrailId(), auditService.getEventTrailIds(), new Date(), new Long(0L).longValue()));
            contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
            contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), ContextManagerFactory.getInstance().getDefaultRealm()));
            contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(activeUserRegistry)));
            int i = 0;
            Enumeration<String> headerNames = httpServletRequest.getHeaderNames();
            while (headerNames.hasMoreElements()) {
                headerNames.nextElement();
                i++;
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "reqLength: " + i);
                }
            }
            Attributes[] attributesArr = new Attributes[i];
            int i2 = -1;
            Enumeration<String> headerNames2 = httpServletRequest.getHeaderNames();
            while (headerNames2.hasMoreElements()) {
                String nextElement = headerNames2.nextElement();
                i2++;
                if (attributesArr[i2] == null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "reqHdrs null, creating new");
                    }
                    attributesArr[i2] = new Attributes();
                }
                attributesArr[i2].setName("headerName");
                attributesArr[i2].setValue(httpServletRequest.getHeader(nextElement));
                attributesArr[i2].setSource("application");
            }
            contextHandler.buildContextObject("RESPONSE_CONTEXT", DataHelper.buildResponseData(requestURL.toString(), attributesArr, null));
            this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.SUCCESSFUL, new Integer(0), new Integer(0), AuditOutcome.S_REDIRECT, 21L);
            try {
                auditService.sendEvent("SECURITY_RESOURCE_ACCESS", this.auditOutcome);
            } catch (ProviderFailureException e) {
                Tr.error(tc, "security.audit.service.sendevent.error", new Object[]{e});
                auditService.processAuditFailure("security.audit.service.sendevent.error", e);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getRedirectURL", requestURL.toString());
        }
        return new RedirectReply(requestURL.toString());
    }

    protected boolean checkIfAlreadyEstablished(Subject subject, WSCredential wSCredential, SecurityConfig securityConfig, WebCollaborator webCollaborator, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2) {
        if (subject == null || wSCredential == null || wSCredential.isUnauthenticated()) {
            return false;
        }
        if (securityConfig == null || !securityConfig.getPropertyBool(SecurityConfig.WEB_ALWAYS_LOGIN)) {
            if (!tc.isDebugEnabled()) {
                return true;
            }
            Tr.debug(tc, "The user had been already established");
            return true;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "The user had been already established, but com.ibm.websphere.security.webAlwaysLogin=true");
        }
        try {
            webCollaborator.logout(httpServletRequest, httpServletResponse, str, str2);
            return false;
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception caught while trying to logout: " + e);
            }
            FFDCFilter.processException(e, "com.ibm.ws.security.web.WebCollaborator.checkIfAlreadyEstablished", "4051", this);
            return false;
        }
    }

    public void login(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2, String str3, String str4) throws IOException, WebSecurityException {
        if (tc.isEntryEnabled()) {
            TraceComponent traceComponent = tc;
            Object[] objArr = new Object[6];
            objArr[0] = httpServletRequest;
            objArr[1] = httpServletResponse;
            objArr[2] = str;
            objArr[3] = str2;
            objArr[4] = str3;
            objArr[5] = str4 != null ? "<not null>" : "<null>";
            Tr.entry(traceComponent, "login(req, res, contextRoot, vHost, username, password) ", objArr);
        }
        if (tc.isDebugEnabled()) {
            debugGetAllHttpHdrs(httpServletRequest);
        }
        String str5 = str2 + ":" + str;
        String str6 = null;
        String str7 = null;
        WebComponentMetaData componentMetaData = ComponentMetaDataAccessorImpl.getComponentMetaDataAccessor().getComponentMetaData();
        if (componentMetaData != null) {
            str6 = componentMetaData.getModuleMetaData().getConfiguration().getModuleName();
            str7 = componentMetaData.getModuleMetaData().getApplicationMetaData().getName();
        }
        WebAccessContext webAccessContext = this.webCache.getWebAccessContext(str7, str5);
        WebAttributes webAttributes = webAccessContext.getWebAttributes();
        ContextHandler contextHandler = null;
        String str8 = null;
        String[] strArr = null;
        SecurityConfig securityConfig = SecurityObjectLocator.getSecurityConfig();
        securityConfig.getActiveAuthMechanism();
        boolean booleanValue = Boolean.valueOf(securityConfig.getPropertyBool(SecurityConfig.WEB_LOGOUT_ON_HTTP_SESSION_EXPIRE)).booleanValue();
        if (httpServletRequest.getRequestedSessionId() != null && !httpServletRequest.isRequestedSessionIdValid() && booleanValue) {
            httpServletRequest.getSession(true);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "login username: " + str3);
        }
        Subject subject = null;
        if (auditService != null) {
            contextHandler = ((AuditServiceImpl) auditService).getContextHandler();
            if (contextHandler == null) {
                Tr.error(tc, "security.audit.service.context.error");
                auditService.processAuditFailure("security.audit.service.context.error", null);
            }
            str8 = auditService.getLastTrailId();
            strArr = auditService.getEventTrailIds();
        }
        boolean z = false;
        ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
        try {
            Subject callerSubject = contextManagerFactory.getCallerSubject();
            if (tc.isDebugEnabled()) {
                subject = contextManagerFactory.getInvocationSubject();
                Tr.debug(tc, "invokedSubject: " + subject);
                Tr.debug(tc, "callerSubject: " + callerSubject);
            }
            z = checkIfAlreadyEstablished(callerSubject, SubjectHelper.getWSCredentialFromSubject(callerSubject), securityConfig, this, httpServletRequest, httpServletResponse, str, str2);
            if (z) {
                throw new WebSecurityException(com.ibm.ws.security.util.Constants.nls.getString("security.web.authAlreadyEstablished", "Authentication had been already established."), null);
            }
            SecurityObjectLocator.getSecurityConfig().getActiveUserRegistry().getString("realm");
            boolean z2 = true;
            String property = securityConfig.getProperty("com.ibm.websphere.security.loginSkipTAI");
            if (property != null && property.equalsIgnoreCase("true")) {
                z2 = false;
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "login performTAI: " + z2);
            }
            AuthenticationResult authenticate = authenticator.authenticate(new WebRequestImpl(webAttributes, httpServletRequest, httpServletResponse, z2, false, str3, str4, true, webAccessContext, str6, str7, str2 + ' ' + str, jaspiCollaborator));
            if (authenticate.getStatus() != 1) {
                if (tc.isEntryEnabled()) {
                    Tr.debug(tc, "Authentication failed after calling basicAuthenticate");
                }
                throw new WebSecurityException(authenticate.getReason(), null);
            }
            Subject subject2 = authenticate.getSubject();
            if (subject2 == null) {
                if (tc.isEntryEnabled()) {
                    Tr.debug(tc, "authenticate() returns a null subject.");
                }
                throw new WebSecurityException("authenticate() returns a null subject.", null);
            }
            try {
                postProgrammaticAuthenticate(httpServletRequest, httpServletResponse, webAttributes, authenticate);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "invokedSubject: " + subject);
                    Tr.debug(tc, "callerSubject: " + callerSubject);
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "login(req,..) " + subject2);
                }
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.web.WebCollaborator.login", "4253", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Caught unexpected exception" + e);
                }
                throw new WebSecurityException(e.getMessage(), null);
            }
        } catch (Exception e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.web.WebCollaborator.login", "4155", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Caught unexpected exception", e2);
            }
            if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", "FAILURE")) {
                contextHandler.buildContextObject("SESSION_CONTEXT", DataHelper.buildSessionData(getSessionId(httpServletRequest), httpServletRequest.getRemoteAddr(), httpServletRequest.getRemoteHost(), new Integer(httpServletRequest.getRemotePort()).toString()));
                contextHandler.buildContextObject("ACCESS_CONTEXT", DataHelper.buildAccessData(webAttributes.getWebAppName(), AuditConstants.LOGIN, null, str3, AuditConstants.LOGIN, httpServletRequest.getMethod(), "web", new Long(0L), null, null, null, null));
                contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str8, strArr, new Date(), new Long(0L).longValue()));
                contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), ContextManagerFactory.getInstance().getDefaultRealm()));
                contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(activeUserRegistry)));
                contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
                contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData("WebSphere", "failure"));
                this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.UNSUCCESSFUL, new Integer(-1), new Integer(-1), "FAILURE", z ? 103L : 99L);
                try {
                    auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
                } catch (ProviderFailureException e3) {
                    Tr.error(tc, "security.audit.service.sendevent.error", new Object[]{e3});
                    auditService.processAuditFailure("security.audit.service.sendevent.error", e3);
                }
            }
            throw new WebSecurityException(e2.getMessage(), null);
        }
    }

    public void logout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2) throws IOException, WebSecurityException {
        Principal userPrincipal;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "logout(req, res, contextRoot, vHost) ", new Object[]{httpServletRequest, httpServletResponse, str, str2});
        }
        if (tc.isDebugEnabled()) {
            debugGetAllHttpHdrs(httpServletRequest);
        }
        if (!this.securityEnabled) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "security is not enabled.");
            }
            Tr.warning(tc, "security.disabled.during.login");
        }
        Subject subject = null;
        Subject subject2 = null;
        ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
        if (tc.isDebugEnabled()) {
            try {
                subject2 = contextManagerFactory.getInvocationSubject();
                subject = contextManagerFactory.getCallerSubject();
                Tr.debug(tc, "invokedSubject: " + subject2);
                Tr.debug(tc, "callerSubject: " + subject);
            } catch (Exception e) {
            }
        }
        ContextHandler contextHandler = null;
        if (auditService != null) {
            contextHandler = ((AuditServiceImpl) auditService).getContextHandler();
            if (contextHandler == null) {
                Tr.error(tc, "security.audit.service.context.error");
                auditService.processAuditFailure("security.audit.service.context.error", null);
            }
            auditService.getLastTrailId();
            auditService.getEventTrailIds();
        }
        String str3 = str2 + ":" + str;
        String str4 = null;
        String str5 = null;
        WebComponentMetaData componentMetaData = ComponentMetaDataAccessorImpl.getComponentMetaDataAccessor().getComponentMetaData();
        if (componentMetaData != null) {
            str4 = componentMetaData.getModuleMetaData().getConfiguration().getModuleName();
            str5 = componentMetaData.getModuleMetaData().getApplicationMetaData().getName();
        }
        WebAttributes webAttributes = this.webCache.getWebAccessContext(str5, str3).getWebAttributes();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "moduleName: " + str4);
            Tr.debug(tc, "appName: " + str5);
            Tr.debug(tc, "webAttrs: " + webAttributes);
        }
        AuthMechanismConfig activeAuthMechanism = SecurityObjectLocator.getSecurityConfig().getActiveAuthMechanism();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "activeUserRegistry: " + activeUserRegistry);
        }
        try {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "before get session");
            }
            Cookie[] cookies = httpServletRequest.getCookies();
            if (cookies != null) {
                pushSubject(webAttributes, cookies);
            }
            HttpSession session = httpServletRequest.getSession(false);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "after get session");
            }
            if (session != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "invalidating existing HTTP Session");
                }
                session.invalidate();
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Existing HTTP Session does not exist, nothing to invalidate");
            }
            try {
                contextManagerFactory.clearCallerContext();
                String remoteUser = httpServletRequest.getRemoteUser();
                if (remoteUser == null && (userPrincipal = httpServletRequest.getUserPrincipal()) != null) {
                    remoteUser = userPrincipal.getName();
                }
                if (remoteUser != null) {
                    try {
                        AuthCache.getInstance().removeEntry((String) null, remoteUser);
                    } catch (CacheException e2) {
                        Tr.debug(tc, "Exception caught while trying to remove a cache entry: " + e2);
                        throw new WebSecurityException(e2.getMessage(), null);
                    }
                } else if (activeAuthMechanism.getType().equals("LTPA") || activeAuthMechanism.getType().equals(AuthMechanismConfig.TYPE_KERBEROS)) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "user id is null, attempt to clear AuthCache entry by using LTPAToken cookie.");
                    }
                    if (cookies != null) {
                        removeAuthCache(webAttributes, cookies);
                    }
                }
                if (activeAuthMechanism.getType().equals("LTPA") || activeAuthMechanism.getType().equals(AuthMechanismConfig.TYPE_KERBEROS)) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "KRB5 and/or LTPA enabled, clearing LTPA Cookies");
                    }
                    if (webAttributes != null) {
                        webAttributes.createLogoutCookies(httpServletRequest, httpServletResponse, true);
                    }
                } else if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "KRB5, LTPA and SSO NOT Enabled");
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "clear cookie now.");
                }
                clearCookie(httpServletRequest, httpServletResponse);
                removePrivateAttribute(httpServletRequest, "AUTH_TYPE");
                if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN_TERMINATE", "SUCCESS")) {
                    if (contextHandler != null) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "contextHandler not null");
                        }
                        contextHandler.buildContextObject("SESSION_CONTEXT", DataHelper.buildSessionData(getSessionId(httpServletRequest), httpServletRequest.getRemoteAddr(), httpServletRequest.getRemoteHost(), new Integer(httpServletRequest.getRemotePort()).toString()));
                        contextHandler.buildContextObject("ACCESS_CONTEXT", DataHelper.buildAccessData(null, "logout", null, null, "logoutSuccess", httpServletRequest.getMethod(), "web", new Long(0L), null, null, null, null));
                        contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(auditService.getLastTrailId(), auditService.getEventTrailIds(), new Date(), new Long(0L).longValue()));
                        contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                        contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), ContextManagerFactory.getInstance().getDefaultRealm()));
                        contextHandler.buildContextObject("AUTHN_TERM_CONTEXT", DataHelper.buildAuthnTermData("logout"));
                        contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(activeUserRegistry)));
                        contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
                        contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData("WebSphere", "providerSuccess"));
                        this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.SUCCESSFUL, new Integer(0), new Integer(0), "SUCCESS", 9L);
                    }
                    try {
                        auditService.sendEvent("SECURITY_AUTHN_TERMINATE", this.auditOutcome);
                    } catch (ProviderFailureException e3) {
                        Tr.error(tc, "security.audit.service.sendevent.error", new Object[]{e3});
                        auditService.processAuditFailure("security.audit.service.sendevent.error", e3);
                    }
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "invokedSubject: " + subject2);
                    Tr.debug(tc, "callerSubject: " + subject);
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "logout(req,..)");
                }
            } catch (Exception e4) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "BAD! clearCallerContext failed");
                }
                throw new WebSecurityException(e4.getMessage(), null);
            }
        } catch (WebSecurityException e5) {
            if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN_TERMINATE", "FAILURE")) {
                if (contextHandler != null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "contextHandler not null");
                    }
                    contextHandler.buildContextObject("SESSION_CONTEXT", DataHelper.buildSessionData(getSessionId(httpServletRequest), httpServletRequest.getRemoteAddr(), httpServletRequest.getRemoteHost(), new Integer(httpServletRequest.getRemotePort()).toString()));
                    contextHandler.buildContextObject("ACCESS_CONTEXT", DataHelper.buildAccessData(null, "logout", null, null, AuditConstants.LOGOUT_FAILURE, httpServletRequest.getMethod(), "web", new Long(0L), null, null, null, null));
                    contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(auditService.getLastTrailId(), auditService.getEventTrailIds(), new Date(), new Long(0L).longValue()));
                    contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                    contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), ContextManagerFactory.getInstance().getDefaultRealm()));
                    contextHandler.buildContextObject("AUTHN_TERM_CONTEXT", DataHelper.buildAuthnTermData("logout"));
                    contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(activeUserRegistry)));
                    contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
                    contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData("WebSphere", "failure"));
                    this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.UNSUCCESSFUL, new Integer(-1), new Integer(-1), AuditOutcome.LOGOUT_FAILURE, 102L);
                }
                try {
                    auditService.sendEvent("SECURITY_AUTHN_TERMINATE", this.auditOutcome);
                } catch (ProviderFailureException e6) {
                    Tr.error(tc, "security.audit.service.sendevent.error", new Object[]{e6});
                    auditService.processAuditFailure("security.audit.service.sendevent.error", e6);
                }
            }
            FFDCFilter.processException(e5, "com.ibm.ws.security.web.WebCollaborator.logout", "4501", this);
            throw e5;
        }
    }

    public boolean authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2) throws WebSecurityException, IOException {
        Principal userPrincipal;
        Principal userPrincipal2;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "authenticate(req, res, contextRoot, vHost) ", new Object[]{httpServletRequest, httpServletResponse, str, str2});
        }
        if (tc.isDebugEnabled()) {
            debugGetAllHttpHdrs(httpServletRequest);
        }
        ContextHandler contextHandler = null;
        String str3 = null;
        String[] strArr = null;
        if (auditService != null) {
            contextHandler = ((AuditServiceImpl) auditService).getContextHandler();
            if (contextHandler == null) {
                Tr.error(tc, "security.audit.service.context.error");
                auditService.processAuditFailure("security.audit.service.context.error", null);
            }
            str3 = auditService.getLastTrailId();
            strArr = auditService.getEventTrailIds();
        }
        String str4 = str2 + ":" + str;
        String str5 = "";
        String str6 = "";
        WebComponentMetaData componentMetaData = ComponentMetaDataAccessorImpl.getComponentMetaDataAccessor().getComponentMetaData();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "WebComponentMetaData", componentMetaData);
        }
        if (componentMetaData != null) {
            WebModuleMetaData moduleMetaData = componentMetaData.getModuleMetaData();
            str5 = moduleMetaData.getConfiguration().getModuleName();
            str6 = moduleMetaData.getApplicationMetaData().getName();
        }
        WebAccessContext webAccessContext = this.webCache.getWebAccessContext(str6, str4);
        WebAttributes webAttributes = webAccessContext.getWebAttributes();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "moduleName: " + str5);
            Tr.debug(tc, "appName: " + str6);
        }
        ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
        try {
            Subject invocationSubject = contextManagerFactory.getInvocationSubject();
            Subject callerSubject = contextManagerFactory.getCallerSubject();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "invokedSubject: " + invocationSubject);
                Tr.debug(tc, "callerSubject: " + callerSubject);
            }
            WSCredential wSCredentialFromSubject = SubjectHelper.getWSCredentialFromSubject(callerSubject);
            if (callerSubject != null && !wSCredentialFromSubject.isUnauthenticated()) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "The underlying login mechanism has committed");
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "authenticate(req, res, contextRoot, vHost) true");
                }
                return true;
            }
            if (SetUnauthenticatedSubjectIfNeeded(invocationSubject, callerSubject)) {
                try {
                    invocationSubject = contextManagerFactory.getInvocationSubject();
                } catch (WSSecurityException e) {
                    FFDCFilter.processException(e, "com.ibm.ws.security.web.WebCollaborator.authenticate", "4728", this);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Caught unexpected exception", e);
                    }
                    throw new WebSecurityException(e.getMessage(), null);
                }
            }
            try {
                WebReply authorize = authorize(new WebRequestImpl(httpServletRequest, httpServletResponse, str2 + ' ' + str, true, str6, true, jaspiCollaborator, webAccessContext));
                boolean z = authorize.getStatusCode() == 200;
                authorize.writeResponse(httpServletResponse);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "invokedSubject: " + invocationSubject);
                    Tr.debug(tc, "callerSubject: " + callerSubject);
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "authenticate(req, res, contextRoot, vHost) " + z);
                }
                return z;
            } catch (Exception e2) {
                FFDCFilter.processException(e2, "com.ibm.ws.security.web.WebCollaborator.authenticate", "4751", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Caught unexpected exception", e2);
                }
                httpServletResponse.setStatus(401);
                if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", "FAILURE")) {
                    contextHandler.buildContextObject("SESSION_CONTEXT", DataHelper.buildSessionData(getSessionId(httpServletRequest), httpServletRequest.getRemoteAddr(), httpServletRequest.getRemoteHost(), new Integer(httpServletRequest.getRemotePort()).toString()));
                    String remoteUser = httpServletRequest.getRemoteUser();
                    if (remoteUser == null && (userPrincipal2 = httpServletRequest.getUserPrincipal()) != null) {
                        remoteUser = userPrincipal2.getName();
                    }
                    contextHandler.buildContextObject("ACCESS_CONTEXT", DataHelper.buildAccessData(webAttributes.getWebAppName(), AuditConstants.AUTHENTICATION, null, remoteUser, AuditConstants.AUTHENTICATION, httpServletRequest.getMethod(), "web", new Long(0L), null, null, null, null));
                    contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str3, strArr, new Date(), new Long(0L).longValue()));
                    contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                    contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), ContextManagerFactory.getInstance().getDefaultRealm()));
                    contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(activeUserRegistry)));
                    contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
                    contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData("WebSphere", "failure"));
                    this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.UNSUCCESSFUL, new Integer(-1), new Integer(-1), "FAILURE", 99L);
                    try {
                        auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
                    } catch (ProviderFailureException e3) {
                        Tr.error(tc, "security.audit.service.sendevent.error", new Object[]{e3});
                        auditService.processAuditFailure("security.audit.service.sendevent.error", e3);
                    }
                }
                throw new WebSecurityException(e2.getMessage(), null);
            }
        } catch (Exception e4) {
            FFDCFilter.processException(e4, "com.ibm.ws.security.web.WebCollaborator.authenticate", "4656", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Caught unexpected exception", e4);
            }
            if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", "FAILURE")) {
                contextHandler.buildContextObject("SESSION_CONTEXT", DataHelper.buildSessionData(getSessionId(httpServletRequest), httpServletRequest.getRemoteAddr(), httpServletRequest.getRemoteHost(), new Integer(httpServletRequest.getRemotePort()).toString()));
                String remoteUser2 = httpServletRequest.getRemoteUser();
                if (remoteUser2 == null && (userPrincipal = httpServletRequest.getUserPrincipal()) != null) {
                    remoteUser2 = userPrincipal.getName();
                }
                contextHandler.buildContextObject("ACCESS_CONTEXT", DataHelper.buildAccessData(webAttributes.getWebAppName(), AuditConstants.AUTHENTICATION, null, remoteUser2, AuditConstants.AUTHENTICATION, httpServletRequest.getMethod(), "web", new Long(0L), null, null, null, null));
                contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str3, strArr, new Date(), new Long(0L).longValue()));
                contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), ContextManagerFactory.getInstance().getDefaultRealm()));
                contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(activeUserRegistry)));
                contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
                contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData("WebSphere", "failure"));
                this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.UNSUCCESSFUL, new Integer(-1), new Integer(-1), "FAILURE", 99L);
                try {
                    auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
                } catch (ProviderFailureException e5) {
                    Tr.error(tc, "security.audit.service.sendevent.error", new Object[]{e5});
                    auditService.processAuditFailure("security.audit.service.sendevent.error", e5);
                }
            }
            throw new WebSecurityException(e4.getMessage(), null);
        }
    }

    private void debugGetAllHttpHdrs(HttpServletRequest httpServletRequest) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "debugGetAllHttpHdrs");
        }
        if (httpServletRequest == null) {
            Tr.debug(tc, "HttpServletRequest is null");
            return;
        }
        StringBuffer stringBuffer = new StringBuffer(512);
        try {
            Enumeration<String> headerNames = httpServletRequest.getHeaderNames();
            while (headerNames.hasMoreElements()) {
                String nextElement = headerNames.nextElement();
                stringBuffer.append(nextElement).append("=");
                stringBuffer.append(WorkSpaceConstant.FIELD_SEPERATOR).append(WebAuthenticator.getHeader(httpServletRequest, nextElement)).append("]\n");
            }
        } catch (Throwable th) {
        }
        Tr.debug(tc, "Http Header names and values:\n" + stringBuffer.toString());
        StringBuffer stringBuffer2 = new StringBuffer();
        stringBuffer2.append(" Request Context Path=").append(httpServletRequest.getContextPath());
        stringBuffer2.append(", Servlet Path=").append(httpServletRequest.getServletPath());
        stringBuffer2.append(", Path Info=").append(httpServletRequest.getPathInfo());
        Tr.debug(tc, stringBuffer2.toString());
        Tr.debug(tc, "RequestHeader cookies: ");
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies != null) {
            for (int i = 0; i < cookies.length; i++) {
                Tr.debug(tc, "cookieList: " + i + " value: " + cookies[i].getValue());
                Tr.debug(tc, "cookie maxAge: " + cookies[i].getMaxAge());
            }
        }
    }

    private void debugGetHttpResponse(HttpServletResponse httpServletResponse) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "debugGetHttpResponse");
        }
        if (httpServletResponse == null) {
            Tr.debug(tc, "debugGetHttpResponse is null");
            return;
        }
        try {
            Tr.debug(tc, "LtpaToken2 = " + httpServletResponse.getHeader(com.ibm.ws.security.util.Constants.LTPA_V2_COOKIENAME));
            Tr.debug(tc, "LtpaToken = " + httpServletResponse.getHeader("LtpaToken"));
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception caught while trying to print out the response " + e);
            }
        }
    }

    public void pushSubject(WebAttributes webAttributes, Cookie[] cookieArr) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "pushSubject");
        }
        pushSubjectRmAuthCache(webAttributes, cookieArr, true, false);
    }

    public void removeAuthCache(WebAttributes webAttributes, Cookie[] cookieArr) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "removeAuthCache");
        }
        pushSubjectRmAuthCache(webAttributes, cookieArr, false, true);
    }

    public void pushSubjectRmAuthCache(WebAttributes webAttributes, Cookie[] cookieArr, boolean z, boolean z2) {
        byte[] bytes;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "pushSubjectRmAuthCache");
        }
        ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
        String preferredLTPACookieName = webAttributes.getPreferredLTPACookieName();
        String lTPACookieName = webAttributes.getLTPACookieName();
        String[] cookieValues = WebAuthenticator.getCookieValues(cookieArr, preferredLTPACookieName);
        if (cookieValues == null) {
            cookieValues = WebAuthenticator.getCookieValues(cookieArr, lTPACookieName);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Cookie values: " + cookieValues);
        }
        if (cookieValues != null) {
            for (String str : cookieValues) {
                if (str.length() > 0 && (bytes = StringUtil.getBytes(Base64Coder.base64Decode(str))) != null && bytes.length > 0) {
                    ByteArray byteArray = new ByteArray(bytes);
                    AuthCache authCache = AuthCache.getInstance();
                    if (z) {
                        try {
                            Subject subject = authCache.getSubject(bytes);
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "subject: " + subject);
                            }
                            contextManagerFactory.initializeCallerContext(subject);
                        } catch (Exception e) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Exception caught while trying to retrieve subject cache entry by using token: " + e);
                            }
                        }
                    } else if (z2) {
                        try {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Cache Key: " + bytes.toString());
                            }
                            authCache.removeEntry(byteArray);
                        } catch (Exception e2) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Exception caught while trying to remove an authenticate cache entry by using token: " + e2);
                            }
                        }
                    }
                }
            }
        }
    }

    protected void clearCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "clearCookie");
        }
        String cookieValue = WebAuthenticator.getCookieValue(httpServletRequest.getCookies(), com.ibm.ws.security.util.Constants.REFERER_URL_COOKIENAME);
        if (cookieValue != null && cookieValue.length() > 0) {
            Cookie cookie = new Cookie(com.ibm.ws.security.util.Constants.REFERER_URL_COOKIENAME, "");
            cookie.setPath("/");
            cookie.setMaxAge(0);
            httpServletResponse.addCookie(cookie);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "cleared REFERER_URL cookie. Original value was " + cookieValue);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "clearCookie");
        }
    }

    protected void postProgrammaticAuthenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, WebAttributes webAttributes, AuthenticationResult authenticationResult) throws WebSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "postProgrammaticAuthenticate ", new Object[]{httpServletRequest, httpServletResponse, webAttributes, authenticationResult});
        }
        Subject subject = null;
        if (authenticationResult != null) {
            subject = authenticationResult.getSubject();
        }
        if (subject != null) {
            try {
                ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
                Subject callerSubject = contextManagerFactory.getCallerSubject();
                WSCredential wSCredentialFromSubject = SubjectHelper.getWSCredentialFromSubject(callerSubject);
                if (callerSubject == null || wSCredentialFromSubject == null || (wSCredentialFromSubject != null && wSCredentialFromSubject.isUnauthenticated())) {
                    contextManagerFactory.setCallerSubject(subject);
                }
                contextManagerFactory.setInvocationSubject(subject);
                SecurityConfig securityConfig = SecurityObjectLocator.getSecurityConfig();
                if (securityConfig.getActiveAuthMechanism().getType().equals(AuthMechanismConfig.TYPE_SWAM)) {
                    httpServletRequest.getSession(true);
                } else {
                    boolean z = false;
                    if (webAttributes.isSSOEnabled()) {
                        z = webAttributes.isSecureSSO() ? httpServletRequest.getScheme().equalsIgnoreCase("https") : true;
                    }
                    if (z) {
                        try {
                            ArrayList cookies = authenticationResult.getCookies();
                            if (cookies != null) {
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "Remove LTPA cookie(s) from the response if any");
                                }
                                try {
                                    ((IExtendedResponse) httpServletResponse).removeCookie(com.ibm.ws.security.util.Constants.LTPA_V2_COOKIENAME);
                                    if (securityConfig.getPropertyBool("com.ibm.ws.security.ssoInteropModeEnabled")) {
                                        ((IExtendedResponse) httpServletResponse).removeCookie("LtpaToken");
                                    }
                                } catch (Throwable th) {
                                    FFDCFilter.processException(th, "com.ibm.ws.security.web.WebAttributes.createLogoutCookiesStatic", "5108");
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "Exception removing cookie from response.", new Object[]{th});
                                    }
                                }
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "Add cookies to the response " + cookies);
                                }
                                WebAttributes.addCookiesToResponse(cookies, httpServletResponse);
                            }
                        } catch (Exception e) {
                            FFDCFilter.processException(e, "com.ibm.ws.security.web.WebCollaborator.login", "5118", this);
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Caught unexpected exception" + e);
                            }
                            throw new WebSecurityException(e.getMessage(), null);
                        }
                    }
                }
            } catch (Exception e2) {
                FFDCFilter.processException(e2, "com.ibm.ws.security.web.WebCollaborator.login", "5127", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Caught unexpected exception" + e2);
                }
                throw new WebSecurityException(e2.getMessage(), null);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "postProgrammaticAuthenticate");
        }
    }

    protected void generateAuditMessageWhenAccessDenied(HttpServletRequest httpServletRequest, long j) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "generateAuditMessageWhenAccessDenied", new Object[]{httpServletRequest, Long.valueOf(j)});
        }
        ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
        ContextHandler contextHandler = null;
        String str = null;
        String[] strArr = null;
        if (auditService != null) {
            contextHandler = ((AuditServiceImpl) auditService).getContextHandler();
            if (contextHandler == null) {
                Tr.error(tc, "security.audit.service.context.error");
                auditService.processAuditFailure("security.audit.service.context.error", null);
            }
            str = auditService.getLastTrailId();
            strArr = auditService.getEventTrailIds();
        }
        if (auditService != null && auditService.isEventRequired("SECURITY_RESOURCE_ACCESS", "DENIED")) {
            String str2 = null;
            String str3 = null;
            String str4 = null;
            String str5 = null;
            String str6 = null;
            String str7 = null;
            if (httpServletRequest != null) {
                str2 = getURI(httpServletRequest);
                str3 = getSessionId(httpServletRequest);
                str4 = httpServletRequest.getRemoteAddr();
                str5 = httpServletRequest.getRemoteHost();
                str6 = new Integer(httpServletRequest.getRemotePort()).toString();
                str7 = httpServletRequest.getMethod();
            }
            contextHandler.buildContextObject("SESSION_CONTEXT", DataHelper.buildSessionData(str3, str4, str5, str6));
            contextHandler.buildContextObject("ACCESS_CONTEXT", DataHelper.buildAccessData(str2, "resourceAccess", null, null, "denied", str7, "web", new Long(0L), null, null, null, null));
            contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str, strArr, new Date(), new Long(0L).longValue()));
            contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
            contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), contextManagerFactory.getDefaultRealm()));
            contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(activeUserRegistry)));
            int i = 0;
            if (httpServletRequest != null) {
                Enumeration<String> headerNames = httpServletRequest.getHeaderNames();
                while (headerNames.hasMoreElements()) {
                    headerNames.nextElement();
                    i++;
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "reqLength: " + i);
                    }
                }
            }
            Attributes[] attributesArr = new Attributes[i];
            int i2 = -1;
            if (httpServletRequest != null) {
                Enumeration<String> headerNames2 = httpServletRequest.getHeaderNames();
                while (headerNames2.hasMoreElements()) {
                    String nextElement = headerNames2.nextElement();
                    i2++;
                    if (attributesArr[i2] == null) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "reqHdrs null, creating new");
                        }
                        attributesArr[i2] = new Attributes();
                    }
                    attributesArr[i2].setName("headerName");
                    attributesArr[i2].setValue(httpServletRequest.getHeader(nextElement));
                    attributesArr[i2].setSource("application");
                }
            }
            contextHandler.buildContextObject("RESPONSE_CONTEXT", DataHelper.buildResponseData(str2, attributesArr, null));
            this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.UNSUCCESSFUL, new Integer(-1), new Integer(-1), "DENIED", j);
            try {
                auditService.sendEvent("SECURITY_RESOURCE_ACCESS", this.auditOutcome);
            } catch (ProviderFailureException e) {
                Tr.error(tc, "security.audit.service.sendevent.error", new Object[]{e});
                auditService.processAuditFailure("security.audit.service.sendevent.error", e);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "generateAuditMessageWhenAccessDenied");
        }
    }

    protected String getSessionId(HttpServletRequest httpServletRequest) {
        HttpSession session;
        String str = null;
        if (httpServletRequest != null && (session = httpServletRequest.getSession(false)) != null) {
            str = session.getId();
        }
        return str;
    }

    public List<String> getURIsInSecurityConstraints(String str, String str2, String str3, List<String> list) {
        WebAccessContext webAccessContext;
        WebConstraintsTable constraints;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getURIsInSecurityConstraints", new Object[]{str, str2, str3, list});
        }
        List<String> list2 = null;
        if (this.securityEnabled && (webAccessContext = this.webCache.getWebAccessContext(str, str3 + ":" + str2)) != null && (constraints = webAccessContext.getConstraints()) != null) {
            list2 = getURIsInSecurityConstraints(constraints, list);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getURIsInSecurityConstraints", new Object[]{list2});
        }
        return list2;
    }

    protected List<String> getURIsInSecurityConstraints(WebConstraintsTable webConstraintsTable, List<String> list) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getURIsInSecurityConstraints", new Object[]{webConstraintsTable, list});
        }
        ArrayList arrayList = null;
        if (webConstraintsTable != null && list != null && list.size() > 0) {
            for (int i = 0; i < list.size(); i++) {
                if (webConstraintsTable.existsExactMatchURI(list.get(i))) {
                    if (arrayList == null) {
                        arrayList = new ArrayList();
                    }
                    arrayList.add(list.get(i));
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getURIsInSecurityConstraints", new Object[]{arrayList});
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void doSmfLogging(Subject subject, Subject subject2, Subject subject3) {
        String securityName;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "doSmfLogging");
        }
        if (subject != null) {
            try {
                securityName = SubjectHelper.getWSCredentialFromSubject(subject).getSecurityName();
            } catch (Exception e) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "doSmfLogging", "Call to SmfJActivity.setSmfSecurityIdentities did not occur due to the following exception " + e);
                }
            }
        } else {
            securityName = null;
        }
        String str = securityName;
        String securityName2 = subject2 != null ? SubjectHelper.getWSCredentialFromSubject(subject2).getSecurityName() : null;
        String securityName3 = subject3 != null ? SubjectHelper.getWSCredentialFromSubject(subject3).getSecurityName() : null;
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "doSmfLogging", "Subject values to log: server subject=" + str + ", receivedSubject=" + securityName2 + ", invokedSubject=" + securityName3);
        }
        if (str == null || securityName2 == null || securityName3 == null) {
            Tr.debug(tc, "doSmfLogging", "One of the parameters passed to Smf logging is null. Smf logging api is only called when all subjects are present");
            return;
        }
        SmfJActivity.setSmfSecurityIdentities(str, securityName2, securityName3);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "doSmfLogging", "Called SmfJActivity.setSmfSecurityIdentities(" + str + "," + securityName2 + "," + securityName3 + ")");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "doSmfLogging");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Subject getServerSubject() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getServerSubject");
        }
        Subject subject = null;
        try {
            final ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
            subject = (Subject) AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.ws.security.web.WebCollaborator.9
                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws WSSecurityException {
                    return contextManagerFactory.getServerSubject();
                }
            });
        } catch (PrivilegedActionException e) {
            Exception exception = e.getException();
            FFDCFilter.processException(exception, "com.ibm.ws.security.core.EJSWebCollaborator.preInvoke", "224", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Error getting subjects", exception);
            }
        } catch (Exception e2) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Error getting subjects", e2);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getServerSubject");
        }
        return subject;
    }
}
