package com.ibm.ws.security.context;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.management.AdminContext;
import com.ibm.websphere.security.WSSecurityException;
import com.ibm.websphere.security.WebSphereRuntimePermission;
import com.ibm.websphere.security.auth.WSLoginFailedException;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.asynchbeans.ServiceContext;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.auth.SubjectHelper;
import com.ibm.ws.security.config.SecurityConfig;
import com.ibm.ws.security.config.SecurityConfigManager;
import com.ibm.ws.security.config.SecurityConfigResource;
import com.ibm.ws.security.config.SecurityObjectLocator;
import com.ibm.ws.security.config.ServerStatusHelper;
import com.ibm.ws.security.core.ContextManager;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.security.token.WSCredentialTokenMapperInterface;
import com.ibm.ws.security.util.SyncToOSThreadHelper;
import com.ibm.wsspi.security.context.Context;
import com.ibm.wsspi.security.context.Domain;
import com.ibm.wsspi.security.token.AuthenticationToken;
import com.ibm.wsspi.security.token.WSOpaqueTokenHelper;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.Serializable;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Map;
import java.util.Stack;
import javax.security.auth.Subject;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:com/ibm/ws/security/context/ContextImpl.class */
public class ContextImpl implements Serializable, Context, ServiceContext {
    private static final long serialVersionUID = 1;
    private static final int VERSION_1 = 1;
    private static final int VERSION_2 = 2;
    private static final int CURRENT_VERSION = 2;
    public static final String DESERIALIZE_ASYNCH_CONTEXT = "system.DESERIALIZE_ASYNCH_CONTEXT";
    private int version;
    private boolean isCallerSame;
    private byte[] runAsSubjToken;
    private byte[] runAsLoginToken;
    private byte[] callerSubjToken;
    private byte[] callerLoginToken;
    private Domain domain;
    private transient Subject runAsSubj;
    private transient Subject callerSubj;
    private transient Map propagationTokens;
    private transient Stack contextStack;
    private transient Stack<Object> syncStack;
    private transient PrivilegedExceptionAction privGetRunAsSubject;
    private transient PrivilegedExceptionAction privGetCallerSubject;
    private static final TraceComponent log = Tr.register(ContextImpl.class, "Security", "com.ibm.ejs.resources.security");
    private static final SecurityManager sm = System.getSecurityManager();
    private static final WSOpaqueTokenHelper tkHelper = WSOpaqueTokenHelper.getInstance();
    private static Object syncCallerObject = new Object();
    private static Object syncRunAsObject = new Object();
    private static Object syncDeserializeSubjectObject = new Object();
    private static final SyncToOSThreadHelper syncHelper = new SyncToOSThreadHelper();
    public static final WebSphereRuntimePermission PERM_SET = new WebSphereRuntimePermission("setSecurityContext");
    public static final WebSphereRuntimePermission PERM_RESTORE = new WebSphereRuntimePermission("restoreSecurityContext");
    public static final WebSphereRuntimePermission PERM_RUN_WITH = new WebSphereRuntimePermission("runWithSecurityContext");
    public static final WebSphereRuntimePermission PERM_MODIFY_CONTEXT = new WebSphereRuntimePermission("modifySecurityContext");
    public static final WebSphereRuntimePermission PERM_READ_CONTEXT = new WebSphereRuntimePermission("readSecurityContext");

    public ContextImpl(boolean z) throws WSSecurityException {
        this.version = 2;
        this.isCallerSame = true;
        this.contextStack = new Stack();
        this.syncStack = new Stack<>();
        this.privGetRunAsSubject = new PrivilegedExceptionAction() { // from class: com.ibm.ws.security.context.ContextImpl.1
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                return ContextManagerFactory.getInstance().getInvocationSubject();
            }
        };
        this.privGetCallerSubject = new PrivilegedExceptionAction() { // from class: com.ibm.ws.security.context.ContextImpl.2
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                return ContextManagerFactory.getInstance().getCallerSubject();
            }
        };
        if (log.isEntryEnabled()) {
            Tr.entry(log, "ContextImpl(boolean)", "Create context for unauthenticated Subject? " + z);
        }
        try {
            retrieveAndSaveCurrentSubjects(z);
            this.propagationTokens = ContextManagerFactory.getInstance().getPropagationTokens();
            SecurityConfigManager securityConfigManager = SecurityObjectLocator.getSecurityConfigManager();
            this.domain = new Domain();
            if (securityConfigManager.isAdminAgent()) {
                this.domain.setProfileId(AdminContext.peek());
            } else {
                SecurityConfigResource peekContext = SecurityObjectLocator.peekContext();
                if (peekContext != null) {
                    this.domain.setApplicationName(peekContext.getName());
                    this.domain.setApplicationType(peekContext.getType());
                } else {
                    this.domain.setApplicationName("");
                    this.domain.setApplicationType(SecurityObjectLocator.ADMIN);
                }
            }
            if (log.isEntryEnabled()) {
                Tr.exit(log, "ContextImpl");
            }
        } catch (Exception e) {
            FFDCFilter.processException(e, "ContextImpl", "%C%", this);
            WSSecurityException wSSecurityException = new WSSecurityException("Unable to retrieve current Subjects");
            wSSecurityException.initCause(e);
            throw wSSecurityException;
        }
    }

    public ContextImpl() throws WSSecurityException {
        this(false);
    }

    /* JADX WARN: Code restructure failed: missing block: B:100:0x0193, code lost:
    
        if (com.ibm.ws.security.context.ContextImpl.log.isDebugEnabled() == false) goto L60;
     */
    /* JADX WARN: Code restructure failed: missing block: B:101:0x0196, code lost:
    
        com.ibm.ejs.ras.Tr.debug(com.ibm.ws.security.context.ContextImpl.log, "runWith", r0);
     */
    /* JADX WARN: Code restructure failed: missing block: B:102:0x01a0, code lost:
    
        r0 = new com.ibm.websphere.security.WSSecurityException(r0);
        r0.initCause(r14);
     */
    /* JADX WARN: Code restructure failed: missing block: B:103:0x01b5, code lost:
    
        throw r0;
     */
    /* JADX WARN: Code restructure failed: missing block: B:63:0x011c, code lost:
    
        if (r12 == false) goto L49;
     */
    /* JADX WARN: Code restructure failed: missing block: B:65:0x0126, code lost:
    
        if (r0.isAdminAgent() == false) goto L48;
     */
    /* JADX WARN: Code restructure failed: missing block: B:66:0x0129, code lost:
    
        com.ibm.websphere.management.AdminContext.pop();
     */
    /* JADX WARN: Code restructure failed: missing block: B:67:0x0130, code lost:
    
        com.ibm.ws.security.config.SecurityObjectLocator.popContext();
     */
    /* JADX WARN: Code restructure failed: missing block: B:69:0x013a, code lost:
    
        if (com.ibm.ws.security.context.ContextImpl.log.isDebugEnabled() == false) goto L52;
     */
    /* JADX WARN: Code restructure failed: missing block: B:70:0x013d, code lost:
    
        com.ibm.ejs.ras.Tr.debug(com.ibm.ws.security.context.ContextImpl.log, "runWith", "Domain has been popped from the running thread.");
     */
    /* JADX WARN: Code restructure failed: missing block: B:71:0x0147, code lost:
    
        r0.popInvocationSubject(r0);
        r0.popReceivedSubject(r0);
     */
    /* JADX WARN: Code restructure failed: missing block: B:72:0x015c, code lost:
    
        if (com.ibm.ws.security.context.ContextImpl.log.isDebugEnabled() == false) goto L55;
     */
    /* JADX WARN: Code restructure failed: missing block: B:73:0x015f, code lost:
    
        com.ibm.ejs.ras.Tr.debug(com.ibm.ws.security.context.ContextImpl.log, "runWith", "Context has been popped from the running thread.");
     */
    /* JADX WARN: Code restructure failed: missing block: B:75:0x016b, code lost:
    
        if (0 == 0) goto L62;
     */
    /* JADX WARN: Code restructure failed: missing block: B:76:0x016e, code lost:
    
        r0 = "Exception " + ((java.lang.Object) null) + " ocurred while running action: " + r6;
     */
    /* JADX WARN: Code restructure failed: missing block: B:77:0x0193, code lost:
    
        if (com.ibm.ws.security.context.ContextImpl.log.isDebugEnabled() == false) goto L60;
     */
    /* JADX WARN: Code restructure failed: missing block: B:78:0x0196, code lost:
    
        com.ibm.ejs.ras.Tr.debug(com.ibm.ws.security.context.ContextImpl.log, "runWith", r0);
     */
    /* JADX WARN: Code restructure failed: missing block: B:79:0x01a0, code lost:
    
        r0 = new com.ibm.websphere.security.WSSecurityException(r0);
        r0.initCause(null);
     */
    /* JADX WARN: Code restructure failed: missing block: B:80:0x01b5, code lost:
    
        throw r0;
     */
    /* JADX WARN: Code restructure failed: missing block: B:82:0x0117, code lost:
    
        throw r15;
     */
    /* JADX WARN: Code restructure failed: missing block: B:86:0x011c, code lost:
    
        if (r12 == false) goto L49;
     */
    /* JADX WARN: Code restructure failed: missing block: B:88:0x0126, code lost:
    
        if (r0.isAdminAgent() == false) goto L48;
     */
    /* JADX WARN: Code restructure failed: missing block: B:89:0x0129, code lost:
    
        com.ibm.websphere.management.AdminContext.pop();
     */
    /* JADX WARN: Code restructure failed: missing block: B:90:0x0130, code lost:
    
        com.ibm.ws.security.config.SecurityObjectLocator.popContext();
     */
    /* JADX WARN: Code restructure failed: missing block: B:92:0x013a, code lost:
    
        if (com.ibm.ws.security.context.ContextImpl.log.isDebugEnabled() == false) goto L52;
     */
    /* JADX WARN: Code restructure failed: missing block: B:93:0x013d, code lost:
    
        com.ibm.ejs.ras.Tr.debug(com.ibm.ws.security.context.ContextImpl.log, "runWith", "Domain has been popped from the running thread.");
     */
    /* JADX WARN: Code restructure failed: missing block: B:94:0x0147, code lost:
    
        r0.popInvocationSubject(r0);
        r0.popReceivedSubject(r0);
     */
    /* JADX WARN: Code restructure failed: missing block: B:95:0x015c, code lost:
    
        if (com.ibm.ws.security.context.ContextImpl.log.isDebugEnabled() == false) goto L55;
     */
    /* JADX WARN: Code restructure failed: missing block: B:96:0x015f, code lost:
    
        com.ibm.ejs.ras.Tr.debug(com.ibm.ws.security.context.ContextImpl.log, "runWith", "Context has been popped from the running thread.");
     */
    /* JADX WARN: Code restructure failed: missing block: B:98:0x016b, code lost:
    
        if (r14 == null) goto L62;
     */
    /* JADX WARN: Code restructure failed: missing block: B:99:0x016e, code lost:
    
        r0 = "Exception " + r14 + " ocurred while running action: " + r6;
     */
    @Override // com.ibm.wsspi.security.context.Context
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public java.lang.Object runWith(java.security.PrivilegedExceptionAction r6) throws com.ibm.websphere.security.WSSecurityException {
        /*
            Method dump skipped, instructions count: 462
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ws.security.context.ContextImpl.runWith(java.security.PrivilegedExceptionAction):java.lang.Object");
    }

    /* JADX WARN: Code restructure failed: missing block: B:58:0x00d3, code lost:
    
        if (r8 == false) goto L43;
     */
    /* JADX WARN: Code restructure failed: missing block: B:60:0x00dc, code lost:
    
        if (r0.isAdminAgent() == false) goto L42;
     */
    /* JADX WARN: Code restructure failed: missing block: B:61:0x00df, code lost:
    
        com.ibm.websphere.management.AdminContext.pop();
     */
    /* JADX WARN: Code restructure failed: missing block: B:62:0x00e6, code lost:
    
        com.ibm.ws.security.config.SecurityObjectLocator.popContext();
     */
    /* JADX WARN: Code restructure failed: missing block: B:64:0x00f0, code lost:
    
        if (com.ibm.ws.security.context.ContextImpl.log.isDebugEnabled() == false) goto L46;
     */
    /* JADX WARN: Code restructure failed: missing block: B:65:0x00f3, code lost:
    
        com.ibm.ejs.ras.Tr.debug(com.ibm.ws.security.context.ContextImpl.log, "runWithDomain", "Domain has been popped from the running thread.");
     */
    /* JADX WARN: Code restructure failed: missing block: B:67:0x00ff, code lost:
    
        if (0 == 0) goto L53;
     */
    /* JADX WARN: Code restructure failed: missing block: B:68:0x0102, code lost:
    
        r0 = "Exception " + ((java.lang.Object) null) + " ocurred while running action: " + r6;
     */
    /* JADX WARN: Code restructure failed: missing block: B:69:0x0127, code lost:
    
        if (com.ibm.ws.security.context.ContextImpl.log.isDebugEnabled() == false) goto L51;
     */
    /* JADX WARN: Code restructure failed: missing block: B:70:0x012a, code lost:
    
        com.ibm.ejs.ras.Tr.debug(com.ibm.ws.security.context.ContextImpl.log, "runWithDomain", r0);
     */
    /* JADX WARN: Code restructure failed: missing block: B:71:0x0134, code lost:
    
        r0 = new com.ibm.websphere.security.WSSecurityException(r0);
        r0.initCause(null);
     */
    /* JADX WARN: Code restructure failed: missing block: B:72:0x0149, code lost:
    
        throw r0;
     */
    /* JADX WARN: Code restructure failed: missing block: B:74:0x00cf, code lost:
    
        throw r12;
     */
    @Override // com.ibm.wsspi.security.context.Context
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public java.lang.Object runWithDomain(java.security.PrivilegedExceptionAction r6) throws com.ibm.websphere.security.WSSecurityException {
        /*
            Method dump skipped, instructions count: 354
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ws.security.context.ContextImpl.runWithDomain(java.security.PrivilegedExceptionAction):java.lang.Object");
    }

    @Override // com.ibm.wsspi.security.context.Context
    public void restoreContext() throws WSSecurityException {
        if (log.isEntryEnabled()) {
            Tr.entry(log, "restoreContext");
        }
        if (this.contextStack.isEmpty()) {
            if (log.isDebugEnabled()) {
                Tr.debug(log, "restoreContext", "setContext() must be invoked before restoreContext().");
            }
            throw new WSSecurityException("setContext() must be invoked before restoreContext().");
        }
        if (sm != null) {
            sm.checkPermission(PERM_RESTORE);
        }
        handleSyncToOSThread(syncHelper, this.syncStack, false);
        ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
        contextManagerFactory.popReceivedSubject((Subject) this.contextStack.pop());
        contextManagerFactory.popInvocationSubject((Subject) this.contextStack.pop());
        if (log.isEntryEnabled()) {
            Tr.exit(log, "restoreContext");
        }
    }

    @Override // com.ibm.wsspi.security.context.Context
    public void setContext() throws WSSecurityException {
        if (log.isEntryEnabled()) {
            Tr.entry(log, "setContext");
        }
        if (sm != null) {
            sm.checkPermission(PERM_SET);
        }
        ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
        this.contextStack.push(contextManagerFactory.pushInvocationSubject(this.runAsSubj));
        this.contextStack.push(contextManagerFactory.pushReceivedSubject(this.callerSubj));
        handleSyncToOSThread(syncHelper, this.syncStack, true);
        if (log.isEntryEnabled()) {
            Tr.exit(log, "setContext");
        }
    }

    protected void handleSyncToOSThread(SyncToOSThreadHelper syncToOSThreadHelper, Stack<Object> stack, boolean z) {
        if (log.isEntryEnabled()) {
            Tr.entry(log, "handleSyncToOSThread", new Object[]{"localSyncHelper=" + syncToOSThreadHelper, "localSyncStack=" + stack, "set=" + z});
        }
        if (syncHelper.isCurrentComponentAppSyncEnabled()) {
            if (log.isDebugEnabled()) {
                Tr.debug(log, "syncHelper.isCurrentComponentAppSyncEnabled is true");
            }
            Boolean bool = null;
            Object obj = null;
            if (z) {
                Boolean valueOf = Boolean.valueOf(syncHelper.isThreadLocalApplicationSyncEnabled());
                try {
                    obj = syncHelper.setAppSyncToThread(this.runAsSubj);
                    syncHelper.setThreadLocalApplicationSyncEnabled(true);
                } catch (Exception e) {
                    FFDCFilter.processException(e, "handleSyncToOSThread", "%C%", this);
                    Tr.debug(log, "Took exception establishing syncToOSThread: " + e.getMessage());
                }
                this.syncStack.push(valueOf);
                this.syncStack.push(obj);
            } else {
                try {
                    Object pop = this.syncStack.pop();
                    bool = (Boolean) this.syncStack.pop();
                    if (pop != null) {
                        syncHelper.restoreAppSyncToThread(pop);
                    }
                } catch (Exception e2) {
                    FFDCFilter.processException(e2, "handleSyncToOSThread", "%C%", this);
                    Tr.debug(log, "Took exception restoring syncToOSThread: " + e2.getMessage());
                }
                if (bool != null) {
                    syncHelper.setThreadLocalApplicationSyncEnabled(bool.booleanValue());
                }
            }
        }
        if (log.isEntryEnabled()) {
            Tr.exit(log, "handleSyncToOSThread");
        }
    }

    @Override // com.ibm.wsspi.security.context.Context
    public Subject getCallerSubject() {
        if (log.isEntryEnabled()) {
            Tr.entry(log, "getCallerSubject");
        }
        if (sm != null) {
            sm.checkPermission(PERM_READ_CONTEXT);
        }
        if (log.isEntryEnabled()) {
            Tr.exit(log, "getCallerSubject", this.callerSubj);
        }
        return this.callerSubj;
    }

    @Override // com.ibm.wsspi.security.context.Context
    public Subject getRunAsSubject() {
        if (log.isEntryEnabled()) {
            Tr.entry(log, "getRunAsSubject");
        }
        if (sm != null) {
            sm.checkPermission(PERM_READ_CONTEXT);
        }
        if (log.isEntryEnabled()) {
            Tr.exit(log, "getRunAsSubject", this.runAsSubj);
        }
        return this.runAsSubj;
    }

    @Override // com.ibm.wsspi.security.context.Context
    public void setCallerSubject(Subject subject) throws WSSecurityException {
        if (log.isEntryEnabled()) {
            Tr.entry(log, "setCallerSubject", subject);
        }
        if (sm != null) {
            sm.checkPermission(PERM_MODIFY_CONTEXT);
        }
        this.callerSubj = subject;
        this.isCallerSame = this.callerSubj == this.runAsSubj;
        if (log.isEntryEnabled()) {
            Tr.exit(log, "setCallerSubject", this.callerSubj);
        }
    }

    @Override // com.ibm.wsspi.security.context.Context
    public void setRunAsSubject(Subject subject) throws WSSecurityException {
        if (log.isEntryEnabled()) {
            Tr.entry(log, "setRunAsSubject", subject);
        }
        if (sm != null) {
            sm.checkPermission(PERM_MODIFY_CONTEXT);
        }
        this.runAsSubj = subject;
        this.isCallerSame = this.callerSubj == this.runAsSubj;
        if (log.isEntryEnabled()) {
            Tr.exit(log, "setRunAsSubject", this.runAsSubj);
        }
    }

    @Override // com.ibm.wsspi.security.context.Context
    public Map getPropagationTokens() throws WSSecurityException {
        if (log.isEntryEnabled()) {
            Tr.entry(log, "getPropagationTokens");
        }
        if (sm != null) {
            sm.checkPermission(PERM_READ_CONTEXT);
        }
        if (log.isEntryEnabled()) {
            Tr.exit(log, "getPropagationTokens");
        }
        return this.propagationTokens;
    }

    @Override // com.ibm.wsspi.security.context.Context
    public void setPropagationTokens(Map map) throws WSSecurityException {
        if (log.isEntryEnabled()) {
            Tr.entry(log, "setPropagationTokens", map);
        }
        if (sm != null) {
            sm.checkPermission(PERM_MODIFY_CONTEXT);
        }
        this.propagationTokens = map;
        if (log.isEntryEnabled()) {
            Tr.exit(log, "setPropagationTokens");
        }
    }

    @Override // com.ibm.wsspi.security.context.Context
    public Domain getDomain() {
        if (log.isEntryEnabled()) {
            Tr.entry(log, "getDomain");
        }
        if (sm != null) {
            sm.checkPermission(PERM_READ_CONTEXT);
        }
        if (log.isEntryEnabled()) {
            Tr.exit(log, "getDomain", this.domain);
        }
        return this.domain;
    }

    @Override // com.ibm.wsspi.security.context.Context
    public void setDomain(Domain domain) throws WSSecurityException {
        if (log.isEntryEnabled()) {
            Tr.entry(log, "setDomain", domain);
        }
        if (sm != null) {
            sm.checkPermission(PERM_MODIFY_CONTEXT);
        }
        this.domain = domain;
        if (log.isEntryEnabled()) {
            Tr.exit(log, "setDomain");
        }
    }

    private boolean isCallerSame() {
        return this.isCallerSame;
    }

    private void retrieveAndSaveCurrentSubjects(boolean z) throws PrivilegedActionException, WSSecurityException {
        if (log.isEntryEnabled()) {
            Tr.entry(log, "retrieveAndSaveCurrentSubjects", "Use unauthenticated Subject? " + z);
        }
        if (z) {
            Subject createUnauthenticatedSubject = ContextManagerFactory.getInstance().createUnauthenticatedSubject();
            this.runAsSubj = createUnauthenticatedSubject;
            this.isCallerSame = this.callerSubj == this.runAsSubj;
            this.callerSubj = createUnauthenticatedSubject;
            this.isCallerSame = this.callerSubj == this.runAsSubj;
        } else {
            this.runAsSubj = (Subject) AccessController.doPrivileged(this.privGetRunAsSubject);
            this.isCallerSame = this.callerSubj == this.runAsSubj;
            this.callerSubj = (Subject) AccessController.doPrivileged(this.privGetCallerSubject);
            this.isCallerSame = this.callerSubj == this.runAsSubj;
        }
        if (log.isEntryEnabled()) {
            Tr.exit(log, "retrieveAndSaveCurrentSubjects");
        }
    }

    void initForTest(int i, String[] strArr, Subject[] subjectArr, byte[][] bArr, byte[][] bArr2) {
        this.version = i;
        this.runAsSubj = subjectArr[0];
        this.callerSubj = subjectArr[1];
        this.runAsSubjToken = bArr[0];
        this.runAsLoginToken = bArr[1];
        this.callerSubjToken = bArr2[0];
        this.callerLoginToken = bArr2[1];
    }

    private Subject doLogin(byte[] bArr, byte[] bArr2) throws WSSecurityException {
        if (log.isEntryEnabled()) {
            Tr.entry(log, "doLogin", new Object[]{"Login token=" + bArr, "Subject token=" + bArr2});
        }
        ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
        if (bArr == null) {
            if (log.isEntryEnabled()) {
                Tr.exit(log, "doLogin", "Login token is null, returning unauthenticated.");
            }
            return contextManagerFactory.createUnauthenticatedSubject();
        }
        String defaultRealm = contextManagerFactory.getDefaultRealm();
        HashMap hashMap = new HashMap();
        hashMap.put(com.ibm.wsspi.security.context.ContextManager.DESERIALIZE_ASYNCH_LOGIN_RENEW, Boolean.TRUE);
        hashMap.put(com.ibm.wsspi.security.context.ContextManager.DESERIALIZE_ASYNCH_LOGIN, Boolean.TRUE);
        try {
            createAndCacheTokenHolderList(bArr2);
            Subject login = contextManagerFactory.login(defaultRealm, bArr, DESERIALIZE_ASYNCH_CONTEXT, (HttpServletRequest) null, (HttpServletResponse) null, hashMap);
            removeTokenHolderListFromCache();
            if (log.isEntryEnabled()) {
                Tr.exit(log, "doLogin");
            }
            return login;
        } catch (WSLoginFailedException e) {
            FFDCFilter.processException(e, "doLogin", "%C%", this);
            WSSecurityException wSSecurityException = new WSSecurityException(e.getMessage());
            wSSecurityException.initCause(e);
            throw wSSecurityException;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public byte[] createSubjectToken(Subject subject) throws WSLoginFailedException, WSSecurityException {
        if (log.isEntryEnabled()) {
            Tr.entry(log, "createSubjectToken", "Subject is null? " + (subject == null));
        }
        byte[] bArr = null;
        if (subject != null) {
            ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
            Map propagationTokens = contextManagerFactory.getPropagationTokens();
            contextManagerFactory.setPropagationTokens(this.propagationTokens);
            try {
                bArr = tkHelper.createOpaqueTokenFromSubject(subject);
            } finally {
                contextManagerFactory.setPropagationTokens(propagationTokens);
            }
        }
        if (log.isEntryEnabled()) {
            Tr.exit(log, "createSubjectToken", "Token created is null? " + (bArr == null));
        }
        return bArr;
    }

    private ArrayList createAndCacheTokenHolderList(byte[] bArr) throws WSSecurityException {
        if (log.isEntryEnabled()) {
            Tr.entry(log, "createAndCacheTokenHolderList", bArr);
        }
        ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
        ArrayList createTokenHolderListFromOpaqueToken = tkHelper.createTokenHolderListFromOpaqueToken(bArr);
        contextManagerFactory.put(tkHelper.getOpaqueTokenLookup(), createTokenHolderListFromOpaqueToken);
        if (log.isEntryEnabled()) {
            Tr.exit(log, "createAndCacheTokenHolderList", "tokenList=" + createTokenHolderListFromOpaqueToken);
        }
        return createTokenHolderListFromOpaqueToken;
    }

    private void removeTokenHolderListFromCache() {
        if (log.isEntryEnabled()) {
            Tr.entry(log, "removeTokenHolderListFromCache");
        }
        ContextManagerFactory.getInstance().put(tkHelper.getOpaqueTokenLookup(), null);
        if (log.isEntryEnabled()) {
            Tr.exit(log, "removeTokenHolderListFromCache");
        }
    }

    public String toString() {
        return (String) AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.security.context.ContextImpl.3
            @Override // java.security.PrivilegedAction
            public Object run() {
                StringBuffer stringBuffer = new StringBuffer(super.toString());
                stringBuffer.append(", RunAs=" + ContextImpl.this.runAsSubj);
                stringBuffer.append(", Caller=" + ContextImpl.this.callerSubj);
                return stringBuffer.toString();
            }
        });
    }

    long getExpirationCushion(SecurityConfig securityConfig) {
        if (log.isEntryEnabled()) {
            Tr.entry(log, "getExpirationCushion", "SecurityConfig = " + securityConfig);
        }
        long j = 60000;
        try {
            if (securityConfig != null) {
                try {
                    long longValue = Long.valueOf(securityConfig.getProperty(SecurityConfig.CACHE_CUSHION_MAX)).longValue() * 60000;
                    long longValue2 = Long.valueOf(securityConfig.getProperty(SecurityConfig.CACHE_CUSHION_TIME)).longValue() * 60000;
                    if (longValue2 > longValue) {
                        j = longValue;
                    } else if (longValue2 > 0) {
                        j = longValue2;
                    }
                } catch (NumberFormatException e) {
                    if (log.isDebugEnabled()) {
                        Tr.debug(log, "NumberFormatException Unable to get security configuration, default value will be used.");
                    }
                }
            } else if (log.isDebugEnabled()) {
                Tr.debug(log, "Unable to get security configuration, default value will be used.");
            }
        } catch (Exception e2) {
            FFDCFilter.processException(e2, "getExpirationCushion", "%C%", this);
            if (log.isDebugEnabled()) {
                Tr.debug(log, "Exception " + e2 + " ignored, default value will be used.");
            }
        }
        if (log.isEntryEnabled()) {
            Tr.exit(log, "getExpirationCushion", "Expiration cushion value = " + j);
        }
        return j;
    }

    private byte[] privCreateSubjectToken(final Subject subject) throws WSLoginFailedException, WSSecurityException, PrivilegedActionException {
        return (byte[]) AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.ws.security.context.ContextImpl.4
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                return ContextImpl.this.createSubjectToken(subject);
            }
        });
    }

    private AuthenticationToken privCreateAuthTokenFromWSCredential(final WSCredential wSCredential, final WSCredentialTokenMapperInterface wSCredentialTokenMapperInterface) throws WSLoginFailedException, PrivilegedActionException {
        return (AuthenticationToken) AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.ws.security.context.ContextImpl.5
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                return wSCredentialTokenMapperInterface.createAuthTokenFromWSCredential(wSCredential);
            }
        });
    }

    private void writeObject(ObjectOutputStream objectOutputStream) throws IOException, Exception {
        if (log.isEntryEnabled()) {
            Tr.entry(log, "writeObject", objectOutputStream);
        }
        if (!ServerStatusHelper.isServer()) {
            if (log.isEntryEnabled()) {
                Tr.exit(log, "writeObject - context serialization is not currently supported on clients, returning");
                return;
            }
            return;
        }
        try {
            WSCredentialTokenMapperInterface wSCredTokenMapper = ContextManagerFactory.getInstance().getWSCredTokenMapper();
            SecurityConfig securityConfig = SecurityObjectLocator.getSecurityConfig();
            AuthenticationToken authenticationToken = null;
            if (this.runAsSubj != null) {
                synchronized (syncRunAsObject) {
                    boolean checkCushionValidityOfAllTokens = wSCredTokenMapper.checkCushionValidityOfAllTokens(this.runAsSubj, getExpirationCushion(securityConfig), true);
                    if (log.isDebugEnabled()) {
                        Tr.debug(log, "checkCushionValidityOfAllTokens = " + checkCushionValidityOfAllTokens);
                    }
                    WSCredential wSCredentialFromSubject = SubjectHelper.getWSCredentialFromSubject(this.runAsSubj);
                    if (wSCredentialFromSubject != null && !wSCredentialFromSubject.isUnauthenticated()) {
                        this.runAsSubjToken = privCreateSubjectToken(this.runAsSubj);
                        authenticationToken = privCreateAuthTokenFromWSCredential(wSCredentialFromSubject, wSCredTokenMapper);
                    }
                    this.runAsLoginToken = authenticationToken != null ? authenticationToken.getBytes() : null;
                }
            }
            if (isCallerSame()) {
                this.callerSubjToken = this.runAsSubjToken;
                this.callerLoginToken = this.runAsLoginToken;
            } else {
                AuthenticationToken authenticationToken2 = null;
                synchronized (syncCallerObject) {
                    boolean checkCushionValidityOfAllTokens2 = wSCredTokenMapper.checkCushionValidityOfAllTokens(this.callerSubj, getExpirationCushion(securityConfig), true);
                    if (log.isDebugEnabled()) {
                        Tr.debug(log, "checkCushionValidityOfAllTokens = " + checkCushionValidityOfAllTokens2);
                    }
                    WSCredential wSCredentialFromSubject2 = SubjectHelper.getWSCredentialFromSubject(this.callerSubj);
                    if (wSCredentialFromSubject2 != null && !wSCredentialFromSubject2.isUnauthenticated()) {
                        this.callerSubjToken = privCreateSubjectToken(this.callerSubj);
                        authenticationToken2 = privCreateAuthTokenFromWSCredential(wSCredentialFromSubject2, wSCredTokenMapper);
                    }
                    this.callerLoginToken = authenticationToken2 != null ? authenticationToken2.getBytes() : null;
                }
            }
        } catch (WSSecurityException e) {
            FFDCFilter.processException(e, "writeObject", "%C%", this);
            if (log.isDebugEnabled()) {
                Tr.debug(log, "writeObject", e);
            }
        } catch (WSLoginFailedException e2) {
            FFDCFilter.processException(e2, "writeObject", "%C%", this);
            if (log.isDebugEnabled()) {
                Tr.debug(log, "writeObject", e2);
            }
        } catch (PrivilegedActionException e3) {
            Throwable cause = e3.getCause();
            if (((cause instanceof WSLoginFailedException) || (cause instanceof WSSecurityException)) && log.isDebugEnabled()) {
                Tr.debug(log, "writeObject: swallowing doPriv login failure");
            }
        }
        ObjectOutputStream.PutField putFields = objectOutputStream.putFields();
        if (log.isDebugEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("Serializing Context version: " + this.version + ", serialVersionUID=1");
            stringBuffer.append(", isCallerSame=" + this.isCallerSame);
            stringBuffer.append(", runAsSubjToken=" + this.runAsSubjToken + ", runAsLoginToken=" + this.runAsLoginToken);
            stringBuffer.append(", callerSubjToken=" + this.callerSubjToken + ", callerLoginToken=" + this.callerLoginToken);
            Tr.debug(log, "writeObject", stringBuffer.toString());
        }
        putFields.put("version", this.version);
        putFields.put("isCallerSame", this.isCallerSame);
        putFields.put("runAsSubjToken", this.runAsSubjToken);
        putFields.put("runAsLoginToken", this.runAsLoginToken);
        if (!this.isCallerSame) {
            putFields.put("callerSubjToken", this.callerSubjToken);
            putFields.put("callerLoginToken", this.callerLoginToken);
        }
        if (this.version == 2) {
            putFields.put("domain", this.domain);
        }
        objectOutputStream.writeFields();
        if (log.isEntryEnabled()) {
            Tr.exit(log, "writeObject", this);
        }
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:16:0x0044. Please report as an issue. */
    /* JADX WARN: Removed duplicated region for block: B:26:0x0170 A[Catch: all -> 0x017e, TryCatch #2 {, blocks: (B:15:0x0030, B:16:0x0044, B:17:0x0060, B:19:0x0069, B:20:0x0090, B:21:0x00f9, B:23:0x0104, B:24:0x0167, B:26:0x0170, B:28:0x017a, B:33:0x010d, B:35:0x0120, B:36:0x013c, B:37:0x0166, B:39:0x009c, B:42:0x00d1, B:43:0x00f8), top: B:14:0x0030, inners: #0, #1 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void readObject(java.io.ObjectInputStream r7) throws java.io.IOException, java.lang.ClassNotFoundException {
        /*
            Method dump skipped, instructions count: 390
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ws.security.context.ContextImpl.readObject(java.io.ObjectInputStream):void");
    }

    private void deserializeSubjects() throws WSSecurityException {
        if (log.isEntryEnabled()) {
            Tr.entry(log, "deserializeSubjects", "perform login to get runAsSubject");
        }
        ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
        Map propagationTokens = contextManagerFactory.getPropagationTokens();
        try {
            contextManagerFactory.setPropagationTokens(null);
            if (log.isDebugEnabled()) {
                Tr.debug(log, "deserializeSubjects", "Propagation Tokens before login: " + propagationTokens);
            }
            Subject doLogin = doLogin(this.runAsLoginToken, this.runAsSubjToken);
            if (isCallerSame()) {
                if (log.isDebugEnabled()) {
                    Tr.debug(log, "deserializeSubjects", "callerSubject is same as runAsSubject, no need to perform login for callerSubject.");
                }
                setRunAsSubject(doLogin);
                setCallerSubject(doLogin);
                setPropagationTokens(contextManagerFactory.getPropagationTokens());
            } else {
                if (log.isDebugEnabled()) {
                    Tr.debug(log, "deserializeSubjects", "callerSubject is not same as runAsSubject, must perform login to get callerSubject.");
                }
                setRunAsSubject(doLogin);
                contextManagerFactory.setPropagationTokens(null);
                setCallerSubject(doLogin(this.callerLoginToken, this.callerSubjToken));
                setPropagationTokens(contextManagerFactory.getPropagationTokens());
            }
            if (log.isEntryEnabled()) {
                Tr.exit(log, "deserializeSubjects", "Subjects have been successfully deserialized.");
            }
        } finally {
            contextManagerFactory.setPropagationTokens(propagationTokens);
        }
    }

    private void readState(ObjectInputStream.GetField getField, int i) throws IOException {
        if (log.isEntryEnabled()) {
            Tr.entry(log, "readState");
        }
        this.isCallerSame = getField.get("isCallerSame", true);
        this.runAsSubjToken = (byte[]) getField.get("runAsSubjToken", (Object) null);
        this.runAsLoginToken = (byte[]) getField.get("runAsLoginToken", (Object) null);
        if (!this.isCallerSame) {
            this.callerSubjToken = (byte[]) getField.get("callerSubjToken", (Object) null);
            this.callerLoginToken = (byte[]) getField.get("callerLoginToken", (Object) null);
        }
        if (log.isDebugEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("Deserialized Context version: " + i + ", serialVersionUID=1");
            stringBuffer.append(", isCallerSame=" + this.isCallerSame);
            stringBuffer.append(", runAsSubjToken=" + this.runAsSubjToken + ", runAsLoginToken=" + this.runAsLoginToken);
            stringBuffer.append(", callerSubjToken=" + this.callerSubjToken + ", callerLoginToken=" + this.callerLoginToken);
            Tr.debug(log, "readState", stringBuffer.toString());
        }
        if (i == 2) {
            this.domain = (Domain) getField.get("domain", (Object) null);
        }
        if (log.isEntryEnabled()) {
            Tr.exit(log, "readState", "Context state has been successfully deserialized.");
        }
    }
}
