package com.ibm.ws.wssecurity.wssapi.token.impl;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.security.krb5.wss.KerberosTokenConfig;
import com.ibm.websphere.wssecurity.wssapi.token.DerivedKeyToken;
import com.ibm.websphere.wssecurity.wssapi.token.KRBToken;
import com.ibm.ws.wssecurity.token.CacheableToken;
import com.ibm.ws.wssecurity.util.KRB5Util;
import com.ibm.ws.wssecurity.util.KRBTokenProfileConstants;
import com.ibm.ws.wssecurity.util.SecurityUIDGenerator;
import java.security.SecurityPermission;
import java.util.HashMap;
import javax.security.auth.kerberos.KerberosTicket;

/* loaded from: input_file:lib/com.ibm.wsfp.main.jar:com/ibm/ws/wssecurity/wssapi/token/impl/KRB5TokenImpl.class */
public class KRB5TokenImpl extends BinarySecurityTokenImpl implements KRBToken, CacheableToken {
    private static final long serialVersionUID = -8196867605653915139L;
    private String principal;
    private String realmName;
    private String uniqueID;
    private String _tokenId;
    private boolean valid;
    private boolean readOnly;
    private long expiration;
    protected int hashcode;
    private HashMap initMap;
    private HashMap contextMap;
    private DerivedKeyToken dkey;
    private KerberosTicket kTicket;
    private String identifier;
    private static final TraceComponent tc = Tr.register(KRB5TokenImpl.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.wssmessages");
    private static final SecurityPermission ACCESS_KRB5TKT_PERM = new SecurityPermission("wsspi.KRB5Token.accessTKT");
    private static final SecurityPermission ACCESS_KRB5_INITMAP_PERM = new SecurityPermission("wsspi.KRB5Token.accessInitMap");
    private static final SecurityPermission ACCESS_KRB5_CNTXTMAP_PERM = new SecurityPermission("wsspi.KRB5Token.accessContxtMap");

    public KRB5TokenImpl() {
        this.principal = "";
        this.realmName = "localhost";
        this.uniqueID = "";
        this._tokenId = "";
        this.valid = true;
        this.readOnly = false;
        this.expiration = -1L;
        this.hashcode = 0;
        this.initMap = null;
        this.contextMap = null;
        this.dkey = null;
        this.kTicket = null;
        this.hashcode = SecurityUIDGenerator.createUID().hashCode();
    }

    public KRB5TokenImpl(HashMap hashMap, HashMap hashMap2) {
        this.principal = "";
        this.realmName = "localhost";
        this.uniqueID = "";
        this._tokenId = "";
        this.valid = true;
        this.readOnly = false;
        this.expiration = -1L;
        this.hashcode = 0;
        this.initMap = null;
        this.contextMap = null;
        this.dkey = null;
        this.kTicket = null;
        this.hashcode = SecurityUIDGenerator.createUID().hashCode();
        this.initMap = hashMap;
        this.contextMap = hashMap2;
    }

    public KRB5TokenImpl(HashMap hashMap) {
        this.principal = "";
        this.realmName = "localhost";
        this.uniqueID = "";
        this._tokenId = "";
        this.valid = true;
        this.readOnly = false;
        this.expiration = -1L;
        this.hashcode = 0;
        this.initMap = null;
        this.contextMap = null;
        this.dkey = null;
        this.kTicket = null;
        if (hashMap != null) {
            this._tokenId = (String) hashMap.get("tokenID");
            this.principal = (String) hashMap.get("WASPrincipal");
            this.uniqueID = (String) hashMap.get("uniqueID");
            String str = (String) hashMap.get(KRBTokenProfileConstants.STR_EXPIRY_TIME);
            if (str != null && !str.equals("")) {
                try {
                    this.expiration = Long.parseLong(str);
                } catch (NumberFormatException e) {
                    this.expiration = -1L;
                }
            }
        }
    }

    public HashMap getContextMap() {
        return this.contextMap;
    }

    public HashMap getInitMap() {
        return this.initMap;
    }

    public Object getFromInitMap(Object obj) {
        if (this.initMap != null) {
            return this.initMap.get(obj);
        }
        return null;
    }

    public Object getFromContextMap(Object obj) {
        if (this.contextMap != null) {
            return this.contextMap.get(obj);
        }
        return null;
    }

    public void setDerviedKeyToken(DerivedKeyToken derivedKeyToken) {
        this.dkey = derivedKeyToken;
    }

    @Override // com.ibm.websphere.wssecurity.wssapi.token.KRBToken
    public DerivedKeyToken getDerviedKeyToken() {
        return this.dkey;
    }

    @Override // com.ibm.ws.wssecurity.wssapi.token.impl.SecurityTokenImpl, com.ibm.websphere.wssecurity.wssapi.token.SecurityToken
    public String getPrincipal() {
        if (!KRB5Util.hasValue(this.principal)) {
            this.principal = (String) getFromContextMap(KerberosTokenConfig.CLIENT_NAME);
        }
        return this.principal;
    }

    @Override // com.ibm.websphere.wssecurity.wssapi.token.KRBToken
    public long getExpirationTime() {
        Long l;
        if (this.expiration == -1 && (l = (Long) getFromContextMap(KerberosTokenConfig.CLIENT_AUTHTIME)) != null) {
            this.expiration = l.longValue();
        }
        return this.expiration;
    }

    @Override // com.ibm.websphere.wssecurity.wssapi.token.KRBToken
    public String getRealmName() {
        if (!KRB5Util.hasValue(this.realmName)) {
            this.realmName = (String) getFromContextMap(KerberosTokenConfig.REALM_NAME);
        }
        return this.realmName;
    }

    public KerberosTicket getRequestKRBTicket() {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Performing Java 2 Security Permission Check ...");
                Tr.debug(tc, "Expecting: " + ACCESS_KRB5TKT_PERM.toString());
            }
            securityManager.checkPermission(ACCESS_KRB5TKT_PERM);
        }
        if (this.kTicket == null) {
            this.kTicket = (KerberosTicket) getFromContextMap(KerberosTokenConfig.CONTEXT_DELEG_KERBEROS_TICKET);
        }
        return this.kTicket;
    }

    public int hashCode() {
        if (this.hashcode == 0) {
            StringBuffer stringBuffer = new StringBuffer();
            if (getId() != null) {
                stringBuffer.append(getId());
            }
            if (stringBuffer.length() > 0) {
                this.hashcode = stringBuffer.hashCode();
            } else {
                this.hashcode = SecurityUIDGenerator.createUID().hashCode();
            }
        }
        return this.hashcode;
    }

    @Override // com.ibm.ws.wssecurity.token.CacheableToken
    public String getIdentifier() {
        return this.identifier;
    }

    public void setIdentifier(String str) {
        this.identifier = str;
    }
}
