package com.ibm.ws.security.auth;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.security.WSSecurityException;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.common.auth.WSPrincipalImpl;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.security.util.AccessController;
import java.security.GeneralSecurityException;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import javax.security.auth.AuthPermission;
import javax.security.auth.Subject;

/* loaded from: input_file:lib/sas.jar:com/ibm/ws/security/auth/WSLoginHelperImpl.class */
public class WSLoginHelperImpl {
    private static final AuthPermission GET_SUBJECT_PERMISSION = new AuthPermission("getSubject");
    private static final PrivilegedExceptionAction getSubjectAction = new PrivilegedExceptionAction() { // from class: com.ibm.ws.security.auth.WSLoginHelperImpl.1
        @Override // java.security.PrivilegedExceptionAction
        public Object run() throws WSSecurityException, GeneralSecurityException {
            if (WSLoginHelperImpl.tc.isEntryEnabled()) {
                Tr.entry(WSLoginHelperImpl.tc, "getSubjectAction.run()");
            }
            Subject subject = null;
            WSCredential invocationCredential = ContextManagerFactory.getInstance().getInvocationCredential();
            if (invocationCredential != null) {
                subject = new Subject();
                subject.getPrincipals().add(new WSPrincipalImpl(invocationCredential.getRealmSecurityName()));
                subject.getPublicCredentials().add(invocationCredential);
            } else if (WSLoginHelperImpl.tc.isDebugEnabled()) {
                Tr.debug(WSLoginHelperImpl.tc, "Invocation Credential is null, null Subject is returned");
            }
            if (WSLoginHelperImpl.tc.isEntryEnabled()) {
                Tr.exit(WSLoginHelperImpl.tc, "getSubjectAction.run()");
            }
            return subject;
        }
    };
    private static final PrivilegedExceptionAction getSerializableSubjectAction = new PrivilegedExceptionAction() { // from class: com.ibm.ws.security.auth.WSLoginHelperImpl.2
        @Override // java.security.PrivilegedExceptionAction
        public Object run() throws WSSecurityException, GeneralSecurityException {
            if (WSLoginHelperImpl.tc.isEntryEnabled()) {
                Tr.entry(WSLoginHelperImpl.tc, "getSerializableSubjectAction.run()");
            }
            Subject subject = null;
            WSCredential invocationCredential = ContextManagerFactory.getInstance().getInvocationCredential();
            if (invocationCredential != null) {
                subject = new Subject();
                subject.getPrincipals().add(new WSPrincipalImpl(invocationCredential.getRealmSecurityName()));
            } else if (WSLoginHelperImpl.tc.isDebugEnabled()) {
                Tr.debug(WSLoginHelperImpl.tc, "Invocation Credential is null, null Subject is returned");
            }
            if (WSLoginHelperImpl.tc.isEntryEnabled()) {
                Tr.exit(WSLoginHelperImpl.tc, "getSerializableSubjectAction.run()");
            }
            return subject;
        }
    };
    private static final PrivilegedExceptionAction getUnauthSubjectAction = new PrivilegedExceptionAction() { // from class: com.ibm.ws.security.auth.WSLoginHelperImpl.3
        @Override // java.security.PrivilegedExceptionAction
        public Object run() throws GeneralSecurityException {
            if (WSLoginHelperImpl.tc.isEntryEnabled()) {
                Tr.entry(WSLoginHelperImpl.tc, "getUnauthSubjectAction.run()");
            }
            Subject subject = null;
            WSCredential unauthenticatedCredential = ContextManagerFactory.getInstance().getUnauthenticatedCredential();
            if (unauthenticatedCredential != null) {
                subject = new Subject();
                subject.getPrincipals().add(new WSPrincipalImpl(unauthenticatedCredential.getRealmSecurityName()));
                subject.getPublicCredentials().add(unauthenticatedCredential);
            } else if (WSLoginHelperImpl.tc.isDebugEnabled()) {
                Tr.debug(WSLoginHelperImpl.tc, "No unauthenticated credential, null Subject is returned");
            }
            if (WSLoginHelperImpl.tc.isEntryEnabled()) {
                Tr.exit(WSLoginHelperImpl.tc, "getUnauthSubjectAction.run()");
            }
            return subject;
        }
    };
    private static final PrivilegedExceptionAction getSerializableUnauthSubjectAction = new PrivilegedExceptionAction() { // from class: com.ibm.ws.security.auth.WSLoginHelperImpl.4
        @Override // java.security.PrivilegedExceptionAction
        public Object run() throws GeneralSecurityException {
            if (WSLoginHelperImpl.tc.isEntryEnabled()) {
                Tr.entry(WSLoginHelperImpl.tc, "getSerializableUnauthSubjectAction.run()");
            }
            Subject subject = null;
            WSCredential unauthenticatedCredential = ContextManagerFactory.getInstance().getUnauthenticatedCredential();
            if (unauthenticatedCredential != null) {
                subject = new Subject();
                subject.getPrincipals().add(new WSPrincipalImpl(unauthenticatedCredential.getRealmSecurityName()));
            } else if (WSLoginHelperImpl.tc.isDebugEnabled()) {
                Tr.debug(WSLoginHelperImpl.tc, "No unauthenticated credential, null Subject is returned");
            }
            if (WSLoginHelperImpl.tc.isEntryEnabled()) {
                Tr.exit(WSLoginHelperImpl.tc, "getSerializableUnauthSubjectAction.run()");
            }
            return subject;
        }
    };
    private static final TraceComponent tc;
    static Class class$com$ibm$websphere$security$UserRegistry;
    static Class class$com$ibm$ws$security$auth$WSLoginHelperImpl;

    public static WSCredential authenticate(String str, String str2, String str3) throws WSSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("authenticate(username = \"").append(str).append("\", realmname = \"").append(str2).append("\", password = \"XXXXXXXX\")").toString());
        }
        disableAuthRetryForThread();
        WSCredential wSCredential = null;
        try {
            if (ContextManagerFactory.getInstance().isCellSecurityEnabled()) {
                wSCredential = ContextManagerFactory.getInstance().authenticate(str2, str, str3);
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Security is disabled, no authentication is performed, null credential will be returned");
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "authenticate(username, realmname, password)");
            }
            enableAuthRetryForThread();
            return wSCredential;
        } catch (Throwable th) {
            enableAuthRetryForThread();
            throw th;
        }
    }

    public static WSCredential validate(byte[] bArr) throws WSSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "validate(credToken)");
        }
        disableAuthRetryForThread();
        WSCredential wSCredential = null;
        try {
            if (ContextManagerFactory.getInstance().isCellSecurityEnabled()) {
                wSCredential = ContextManagerFactory.getInstance().authenticate(getDefaultRealmName(), bArr);
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Security is disabled, no validation is performed, null credential will be returned");
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "validate(credToken)");
            }
            enableAuthRetryForThread();
            return wSCredential;
        } catch (Throwable th) {
            enableAuthRetryForThread();
            throw th;
        }
    }

    public static Subject getSubject() throws WSSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSubject()");
        }
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(GET_SUBJECT_PERMISSION);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Java 2 Security Permission Check passed");
            }
        }
        Subject subject = null;
        if (ContextManagerFactory.getInstance().isCellSecurityEnabled()) {
            try {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Getting the subject from credential on the Current Thread of Execution");
                }
                subject = (Subject) AccessController.doPrivileged(getSubjectAction);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Got the subject from credential on the Current Thread of Execution");
                }
            } catch (PrivilegedActionException e) {
                Exception exception = e.getException();
                FFDCFilter.processException(exception, "com.ibm.ws.security.auth.WSLoginHelperImpl.getSubject", "245");
                if (exception instanceof WSSecurityException) {
                    throw ((WSSecurityException) exception);
                }
                throw new WSSecurityException(exception.getMessage(), exception);
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Security is disabled, null subject will be returned");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getSubject()");
        }
        return subject;
    }

    public static Subject getSerializableSubject() throws WSSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSerializableSubject()");
        }
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(GET_SUBJECT_PERMISSION);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Java 2 Security Permission Check passed");
            }
        }
        Subject subject = null;
        if (ContextManagerFactory.getInstance().isCellSecurityEnabled()) {
            try {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Getting the serializable subject from credential on the current thread of execution");
                }
                subject = (Subject) AccessController.doPrivileged(getSerializableSubjectAction);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Got the serializable subject from credential on the current thread of execution");
                }
            } catch (PrivilegedActionException e) {
                Exception exception = e.getException();
                FFDCFilter.processException(exception, "com.ibm.ws.security.auth.WSLoginHelperImpl.getSerializableSubject", "245");
                if (exception instanceof WSSecurityException) {
                    throw ((WSSecurityException) exception);
                }
                throw new WSSecurityException(exception.getMessage(), exception);
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Security is disabled, null subject will be returned");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getSerializableSubject()");
        }
        return subject;
    }

    public static Subject getUnauthenticatedSubject() throws WSSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getUnauthenticatedSubjecy()");
        }
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(GET_SUBJECT_PERMISSION);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Java 2 Security Permission Check passed");
            }
        }
        Subject subject = null;
        if (ContextManagerFactory.getInstance().isCellSecurityEnabled()) {
            try {
                subject = (Subject) AccessController.doPrivileged(getUnauthSubjectAction);
            } catch (PrivilegedActionException e) {
                Exception exception = e.getException();
                FFDCFilter.processException(exception, "com.ibm.ws.security.auth.WSLoginHelperImpl.getUnauthenticatedSubject", "431");
                if (exception instanceof WSSecurityException) {
                    throw ((WSSecurityException) exception);
                }
                throw new WSSecurityException(exception.getMessage(), exception);
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Security is disabled, null subject will be returned");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getUnauthenticatedSubjecy()");
        }
        return subject;
    }

    public static Subject getSerializableUnauthSubject() throws WSSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSerializableUnauthSubject()");
        }
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(GET_SUBJECT_PERMISSION);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Java 2 Security Permission Check passed");
            }
        }
        Subject subject = null;
        if (ContextManagerFactory.getInstance().isCellSecurityEnabled()) {
            try {
                subject = (Subject) AccessController.doPrivileged(getSerializableUnauthSubjectAction);
            } catch (PrivilegedActionException e) {
                Exception exception = e.getException();
                FFDCFilter.processException(exception, "com.ibm.ws.security.auth.WSLoginHelperImpl.getUnauthenticatedSubject", "485");
                if (exception instanceof WSSecurityException) {
                    throw ((WSSecurityException) exception);
                }
                throw new WSSecurityException(exception.getMessage(), exception);
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Security is disabled, null subject will be returned");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getSerializableUnauthSubject()");
        }
        return subject;
    }

    /*  JADX ERROR: JadxRuntimeException in pass: BlockProcessor
        jadx.core.utils.exceptions.JadxRuntimeException: Unreachable block: B:28:0x011b
        	at jadx.core.dex.visitors.blocks.BlockProcessor.checkForUnreachableBlocks(BlockProcessor.java:88)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.processBlocksTree(BlockProcessor.java:52)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.visit(BlockProcessor.java:44)
        */
    public static javax.security.auth.Subject restoreSerializedSubject(javax.security.auth.Subject r7, com.ibm.websphere.security.cred.WSCredential r8) throws com.ibm.ws.security.auth.SerialDeserialSubjectException {
        /*
            Method dump skipped, instructions count: 373
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ws.security.auth.WSLoginHelperImpl.restoreSerializedSubject(javax.security.auth.Subject, com.ibm.websphere.security.cred.WSCredential):javax.security.auth.Subject");
    }

    public static WSCredential refresh(String str, String str2, String str3) throws WSSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("refresh(username = \"").append(str).append("\", realmname = \"").append(str2).append("\", password = \"XXXXXXXX\")").toString());
        }
        disableAuthRetryForThread();
        WSCredential wSCredential = null;
        try {
            if (ContextManagerFactory.getInstance().isCellSecurityEnabled()) {
                wSCredential = ContextManagerFactory.getInstance().authenticate(str2, str, str3);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "returned from login");
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Security is disabled, credential is not refreshed, null credential will be returned");
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "refresh(username, realmname, password)");
            }
            enableAuthRetryForThread();
            return wSCredential;
        } catch (Throwable th) {
            enableAuthRetryForThread();
            throw th;
        }
    }

    public static String getDefaultRealmName() {
        return ContextManagerFactory.getInstance().getDefaultRealm();
    }

    private WSLoginHelperImpl() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "WSLoginHelperImpl()");
        }
        Tr.error(tc, "security.jaas.NoWSLoginHelperImpl");
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "WSLoginHelperImpl()");
        }
    }

    private static void disableAuthRetryForThread() {
        ContextManagerFactory.getInstance().put("wssecurity.disableauthretry", new Boolean(true));
    }

    private static void enableAuthRetryForThread() {
        ContextManagerFactory.getInstance().put("wssecurity.disableauthretry", new Boolean(false));
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$com$ibm$ws$security$auth$WSLoginHelperImpl == null) {
            cls = class$("com.ibm.ws.security.auth.WSLoginHelperImpl");
            class$com$ibm$ws$security$auth$WSLoginHelperImpl = cls;
        } else {
            cls = class$com$ibm$ws$security$auth$WSLoginHelperImpl;
        }
        tc = Tr.register(cls, (String) null, "com.ibm.ejs.resources.security");
    }
}
