package com.ibm.websphere.objectgrid.security.plugins.builtins;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.objectgrid.security.plugins.InvalidSubjectException;
import com.ibm.websphere.objectgrid.security.plugins.SubjectValidation;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.objectgrid.Constants;
import com.ibm.ws.objectgrid.ObjectGridManagerImpl;
import com.ibm.ws.objectgrid.security.auth.callback.WSCredTokenCallbackHandlerImpl;
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;

/* loaded from: input_file:com/ibm/websphere/objectgrid/security/plugins/builtins/WSSubjectValidationImpl.class */
public class WSSubjectValidationImpl implements SubjectValidation {
    private static final String CLASS_NAME = WSSubjectValidationImpl.class.getName();
    static final TraceComponent TC = Tr.register(CLASS_NAME, Constants.TR_SECURITY_GROUP_NAME, "com.ibm.ws.objectgrid.resources.ObjectGridMessages");

    @Override // com.ibm.websphere.objectgrid.security.plugins.SubjectValidation
    public Subject validateSubject(final Subject subject) throws InvalidSubjectException {
        try {
            return (Subject) AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.websphere.objectgrid.security.plugins.builtins.WSSubjectValidationImpl.1
                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws LoginException, SecurityException {
                    if (ObjectGridManagerImpl.isTraceEnabled && WSSubjectValidationImpl.TC.isEntryEnabled()) {
                        Tr.entry(WSSubjectValidationImpl.TC, "validateSubject", new Object[]{this, subject});
                    }
                    LoginContext loginContext = new LoginContext("WSLogin", new WSCredTokenCallbackHandlerImpl(subject));
                    loginContext.login();
                    Subject subject2 = loginContext.getSubject();
                    if (ObjectGridManagerImpl.isTraceEnabled && WSSubjectValidationImpl.TC.isEntryEnabled()) {
                        Tr.exit(WSSubjectValidationImpl.TC, "validateSubject", subject2);
                    }
                    return subject2;
                }
            });
        } catch (PrivilegedActionException e) {
            FFDCFilter.processException(e, CLASS_NAME + ".validateSubject", "116", this);
            if (ObjectGridManagerImpl.isTraceEnabled && TC.isEntryEnabled()) {
                Tr.exit(TC, "validateSubject", "LoginException");
            }
            throw new InvalidSubjectException(e.getException());
        }
    }
}
