package com.ibm.ws.security.web;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.queryengine.eval.Constantdef;
import com.ibm.websphere.security.ProviderFailureException;
import com.ibm.websphere.security.WebTrustAssociationFailedException;
import com.ibm.websphere.security.auth.WSLoginFailedException;
import com.ibm.websphere.security.auth.WSSecurityContext;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.audit.AuditServiceImpl;
import com.ibm.ws.security.audit.utils.AuditHelper;
import com.ibm.ws.security.audit.utils.DataHelper;
import com.ibm.ws.security.auth.AuthCache;
import com.ibm.ws.security.auth.rsatoken.RSAPropagationManager;
import com.ibm.ws.security.common.util.CommonConstants;
import com.ibm.ws.security.config.AuthMechanismConfig;
import com.ibm.ws.security.config.SecurityConfig;
import com.ibm.ws.security.config.SecurityObjectLocator;
import com.ibm.ws.security.core.ContextManager;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.security.core.WSAccessManager;
import com.ibm.ws.security.spnego.TrustAssociationInterceptorImpl;
import com.ibm.ws.security.stat.impl.SecurityAuthenticationModuleImpl;
import com.ibm.ws.security.util.Base64Coder;
import com.ibm.ws.security.util.StringUtil;
import com.ibm.ws.util.Base64;
import com.ibm.ws.webcontainer.session.IHttpSession;
import com.ibm.ws.webcontainer.srt.SRTServletRequest;
import com.ibm.ws.xs.org.apache.log4j.spi.LocationInfo;
import com.ibm.wsspi.pmi.factory.StatsFactory;
import com.ibm.wsspi.security.audit.AuditOutcome;
import com.ibm.wsspi.security.audit.AuditService;
import com.ibm.wsspi.security.audit.ContextHandler;
import com.ibm.wsspi.security.auth.callback.Constants;
import com.ibm.wsspi.security.tai.TAIResult;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.Principal;
import java.security.cert.CertPath;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Map;
import java.util.Vector;
import java.util.concurrent.ConcurrentHashMap;
import javax.security.auth.Subject;
import javax.servlet.ServletRequest;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpUtils;
import org.osgi.framework.ServicePermission;

/* loaded from: input_file:com/ibm/ws/security/web/WebAuthenticator.class */
public class WebAuthenticator {
    public static final String FormUserName = "__WAS_FORM_USERNAME";
    public static final String FormPassword = "__WAS_FORM_PASSWORD";
    public static final String INITIAL_URL = "INITIAL_URL";
    public static final String PARAM_NAMES = "PARAM_NAMES";
    public static final String PARAM_VALUES = "PARAM_VALUES";
    private static final String POSTPARAM_COOKIE = "WASPostParam";
    private static final String POSTPARAM_FAILED = "NO_PARAMETER";
    private static final String POSTPARAM_URL = "U";
    private static final String POSTPARAM_PARAM = "P";
    private static final String providerName = "WebSphere";
    private static final String componentName = "WAS.security";
    private long cushion;
    private static String className;
    private SecurityAuthenticationModuleImpl authModule;
    private static final TraceComponent tc = Tr.register(WebAuthenticator.class, (String) null, "com.ibm.ejs.resources.security");
    private static WebAuthenticator webAuthInstance = null;
    private static AuthenticationResult AUTHN_FAILED_RESULT = new AuthenticationResult(2, "Authentication Failed");
    private static String authMech = null;
    private static String AUTHORIZATION_ENCODING = "Authorization-Encoding";
    private static String BasicAuthEncoding = System.getProperty("com.ibm.websphere.security.BasicAuthEncoding");
    private static HashMap cookieStringCache = new HashMap(20);
    private static int MAX_COOKIE_STRING_ENTRIES = 100;
    private static AuditService auditService = null;
    private static String default_realm = null;
    private static String activeUserRegistry = null;
    private Date auditStartTime = null;
    private Date endTime = null;
    private ConcurrentHashMap auditOutcome = null;
    private TrustAssociationInterceptorImpl spnegoWeb = null;
    private String krb5CookieName = "KRB5Token";
    private WSSecurityContext securityContext = null;

    public static WebAuthenticator create(String str) {
        if (webAuthInstance == null) {
            webAuthInstance = new WebAuthenticator();
            authMech = str;
        }
        ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
        if (auditService == null) {
            auditService = contextManagerFactory.getAuditService();
        }
        default_realm = contextManagerFactory.getDefaultRealm();
        return webAuthInstance;
    }

    public static WebAuthenticator getInstance() {
        return webAuthInstance;
    }

    private WebAuthenticator() {
        initialize();
        if (StatsFactory.isPMIEnabled()) {
            this.authModule = SecurityAuthenticationModuleImpl.getInstance("Security Authentication");
        }
        activeUserRegistry = SecurityObjectLocator.getSecurityConfig().getActiveUserRegistry().getType();
    }

    protected WebAuthenticator(Object obj) {
    }

    /*  JADX ERROR: NullPointerException in pass: RegionMakerVisitor
        java.lang.NullPointerException
        */
    private com.ibm.ws.security.web.AuthenticationResult handleTrustAssociation(com.ibm.ws.security.web.WebAttributes r14, javax.servlet.http.HttpServletRequest r15, javax.servlet.http.HttpServletResponse r16, java.util.HashMap r17, boolean r18) throws java.lang.Exception {
        /*
            Method dump skipped, instructions count: 3726
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ws.security.web.WebAuthenticator.handleTrustAssociation(com.ibm.ws.security.web.WebAttributes, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.util.HashMap, boolean):com.ibm.ws.security.web.AuthenticationResult");
    }

    private AuthenticationResult handleSSO(WebAttributes webAttributes, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String preferredLTPACookieName = webAttributes.getPreferredLTPACookieName();
        String lTPACookieName = webAttributes.getLTPACookieName();
        Cookie[] cookies = httpServletRequest.getCookies();
        AuthenticationResult authenticationResult = null;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "handleSSO");
        }
        boolean booleanValue = Boolean.valueOf(SecurityObjectLocator.getSecurityConfig().getPropertyBool(SecurityConfig.WEB_LOGOUT_ON_HTTP_SESSION_EXPIRE)).booleanValue();
        String challengeType = webAttributes.getChallengeType();
        if (booleanValue && httpServletRequest.getRequestedSessionId() != null && !httpServletRequest.isRequestedSessionIdValid() && challengeType.equalsIgnoreCase("FORM")) {
            WebAttributes.createLogoutCookiesStatic(httpServletRequest, httpServletResponse);
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "handleSSO:HTTPSession expired, logging out.");
            return null;
        }
        if (cookies == null) {
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "handleSSO: no cookies present in the request.");
            return null;
        }
        boolean z = false;
        boolean z2 = false;
        boolean z3 = false;
        boolean z4 = false;
        for (int i = 0; i < cookies.length; i++) {
            if ("RSAToken".equals(cookies[i].getName())) {
                z = true;
            }
            if (this.krb5CookieName.equals(cookies[i].getName())) {
                z2 = true;
            }
            if (preferredLTPACookieName.equals(cookies[i].getName())) {
                z3 = true;
            }
            if (lTPACookieName.equals(cookies[i].getName())) {
                z4 = true;
            }
        }
        if (z) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Attempting rsa cookie validation for: RSAToken");
            }
            authenticationResult = validateCookie(cookies, "RSAToken", webAttributes, httpServletRequest, httpServletResponse);
        } else if (z2) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Attempting krb5 cookie validation for: " + this.krb5CookieName);
            }
            authenticationResult = validateCookie(cookies, this.krb5CookieName, webAttributes, httpServletRequest, httpServletResponse);
        } else if (z3) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Attempting primary cookie validation for: " + preferredLTPACookieName);
            }
            authenticationResult = validateCookie(cookies, preferredLTPACookieName, webAttributes, httpServletRequest, httpServletResponse);
        } else if (z4) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Attempting secondary cookie validation for: " + lTPACookieName);
            }
            authenticationResult = validateCookie(cookies, lTPACookieName, webAttributes, httpServletRequest, httpServletResponse);
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Could not find LTPA cookie(s) in request.");
        }
        if (authenticationResult != null) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "handleSSO: found cookie");
            }
            return authenticationResult;
        }
        if (!tc.isEntryEnabled()) {
            return null;
        }
        Tr.exit(tc, "handleSSO: (null)");
        return null;
    }

    private AuthenticationResult validateCookie(Cookie[] cookieArr, String str, WebAttributes webAttributes, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        ContextHandler contextHandler = null;
        AuthenticationResult authenticationResult = null;
        this.auditStartTime = new Date();
        String[] cookieValues = getCookieValues(cookieArr, str);
        String str2 = null;
        String[] strArr = null;
        if (auditService != null) {
            str2 = auditService.getLastTrailId();
            strArr = auditService.getEventTrailIds();
        }
        if (cookieValues == null) {
            return null;
        }
        String str3 = null;
        for (int i = 0; i < cookieValues.length; i++) {
            str3 = cookieValues[i];
            if (str3.length() > 0) {
                try {
                    byte[] bArr = (byte[]) cookieStringCache.get(str3);
                    if (bArr == null) {
                        bArr = StringUtil.getBytes(Base64Coder.base64Decode(str3));
                        synchronized (cookieStringCache) {
                            if (cookieStringCache.size() > MAX_COOKIE_STRING_ENTRIES) {
                                cookieStringCache.clear();
                            }
                            if (bArr != null) {
                                cookieStringCache.put(str3, bArr);
                            }
                        }
                    }
                    if (str.equals("RSAToken")) {
                        authenticationResult = new AuthenticationResult(1, RSAPropagationManager.getInstance().validateRSAPropagationToken(bArr));
                    } else if (str.equals(this.krb5CookieName)) {
                        if (tc.isEntryEnabled()) {
                            Tr.debug(tc, "validate KRB5Token");
                        }
                        authenticationResult = validate(default_realm, bArr, webAttributes, httpServletRequest, httpServletResponse, this.krb5CookieName);
                    } else {
                        authenticationResult = validate(default_realm, bArr, webAttributes, httpServletRequest, httpServletResponse);
                    }
                    if (authenticationResult.getStatus() == 1) {
                        break;
                    }
                } catch (Exception e) {
                    if (tc.isEntryEnabled()) {
                        Tr.debug(tc, "Exception validating SSO token: ", new Object[]{e});
                    }
                    FFDCFilter.processException(e, "com.ibm.ws.security.web.WebAuthenticator.handleSSO", "1251", this);
                    authenticationResult = AUTHN_FAILED_RESULT;
                    if (auditService != null) {
                        contextHandler = ((AuditServiceImpl) auditService).getContextHandler();
                        if (contextHandler == null) {
                            Tr.error(tc, "security.audit.service.context.error");
                            auditService.processAuditFailure("security.audit.service.context.error", null);
                        }
                    }
                    if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", "DENIED")) {
                        contextHandler.buildContextObject("SESSION_CONTEXT", AuditHelper.buildSessionData(httpServletRequest));
                        contextHandler.buildContextObject("ACCESS_CONTEXT", DataHelper.buildAccessData(WebCollaborator.getURI(httpServletRequest), "webAuth", null, null, "denied", httpServletRequest.getMethod(), "web", new Long(0L), null, null, null, null));
                        contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str2, strArr, new Date(), new Long(0L).longValue()));
                        contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                        contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), default_realm));
                        contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(activeUserRegistry)));
                        contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
                        contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData(providerName, "providerSuccess"));
                        this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.UNSUCCESSFUL, new Integer(-1), new Integer(-1), "DENIED", 27L);
                        try {
                            auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
                        } catch (ProviderFailureException e2) {
                            Tr.error(tc, "security.audit.service.sendevent.error", new Object[]{e2});
                            auditService.processAuditFailure("security.audit.service.sendevent.error", e2);
                        }
                    }
                }
            }
        }
        if (authenticationResult == null || authenticationResult.getStatus() != 1) {
            return null;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "The LTPA token was valid.");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "handleSSO", "successful ltpa token validation of " + str3);
        }
        WebCollaborator.setPrivateAttributes(httpServletRequest, "AUTH_TYPE", webAttributes.getChallengeType());
        return authenticationResult;
    }

    private AuthenticationResult handleCustomLogin(WebAttributes webAttributes, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z) {
        ContextHandler contextHandler = null;
        this.auditStartTime = new Date();
        String str = default_realm;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "handleCustomLogin");
        }
        if (tc.isEntryEnabled()) {
            Tr.debug(tc, "Form based login is configured for the resource");
        }
        StringBuffer requestURL = HttpUtils.getRequestURL(httpServletRequest);
        String stringBuffer = requestURL.toString();
        String contextPath = httpServletRequest.getContextPath();
        if (contextPath.equals("/")) {
            contextPath = "";
        }
        int indexOf = stringBuffer.indexOf("/", stringBuffer.indexOf("//") + 2);
        int length = stringBuffer.length();
        String loginURL = webAttributes.getLoginURL();
        if (!loginURL.startsWith("/")) {
            loginURL = "/" + loginURL;
        }
        requestURL.replace(indexOf, length, contextPath + loginURL);
        String stringBuffer2 = requestURL.toString();
        String reloginURL = webAttributes.getReloginURL();
        if (reloginURL != null) {
            int length2 = stringBuffer2.length();
            if (!reloginURL.startsWith("/")) {
                reloginURL = "/" + reloginURL;
            }
            requestURL.replace(indexOf, length2, contextPath + reloginURL);
            reloginURL = requestURL.toString();
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "webAttr did not have redirect URL");
        }
        SecurityConfig securityConfig = SecurityObjectLocator.getSecurityConfig();
        String type = securityConfig.getActiveAuthMechanism().getType();
        String str2 = null;
        String[] strArr = null;
        if (auditService != null) {
            str2 = auditService.getLastTrailId();
            strArr = auditService.getEventTrailIds();
        }
        IHttpSession iHttpSession = null;
        FormLoginInfo formLoginInfo = null;
        if (type.equals(AuthMechanismConfig.TYPE_SWAM)) {
            iHttpSession = httpServletRequest.getSession(true);
            formLoginInfo = (FormLoginInfo) iHttpSession.getSecurityInfo();
            if (formLoginInfo != null) {
                if (tc.isEntryEnabled()) {
                    Tr.debug(tc, "Form based login: Using HTTP Sessions");
                }
                String username = formLoginInfo.getUsername();
                String password = formLoginInfo.getPassword();
                if (username != null && password != null) {
                    if (tc.isEntryEnabled()) {
                        Tr.debug(tc, "Form based login: Userid/password present in the session");
                    }
                    AuthenticationResult basicAuthenticate = basicAuthenticate(str, username, password, webAttributes, httpServletRequest, httpServletResponse);
                    int status = basicAuthenticate.getStatus();
                    if (status == 2) {
                        basicAuthenticate = new AuthenticationResult(4, reloginURL);
                        if (auditService != null) {
                            contextHandler = ((AuditServiceImpl) auditService).getContextHandler();
                            if (contextHandler == null) {
                                Tr.error(tc, "security.audit.service.context.error");
                                auditService.processAuditFailure("security.audit.service.context.error", null);
                            }
                        }
                        if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", AuditOutcome.S_REDIRECT)) {
                            contextHandler.buildContextObject("SESSION_CONTEXT", AuditHelper.buildSessionData(httpServletRequest));
                            contextHandler.buildContextObject("ACCESS_CONTEXT", DataHelper.buildAccessData(WebCollaborator.getURI(httpServletRequest), "webAuth", username, username, "authnRedirect", httpServletRequest.getMethod(), "web", new Long(0L), null, null, null, null));
                            contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str2, strArr, new Date(), new Long(0L).longValue()));
                            contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                            contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), str));
                            contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(activeUserRegistry)));
                            contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
                            contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData(providerName, "providerSuccess"));
                            this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.UNSUCCESSFUL, new Integer(-1), new Integer(-1), AuditOutcome.S_REDIRECT, 28L);
                            try {
                                auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
                            } catch (ProviderFailureException e) {
                                Tr.error(tc, "security.audit.service.sendevent.error", new Object[]{e});
                                auditService.processAuditFailure("security.audit.service.sendevent.error", e);
                            }
                        }
                    } else {
                        iHttpSession.removeAttribute("WASReqURL");
                    }
                    WebCollaborator.setPrivateAttributes(httpServletRequest, "AUTH_TYPE", "FORM");
                    if (status != 2) {
                        restorePostParams(httpServletRequest, httpServletResponse);
                    }
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "handleCustomLogin");
                    }
                    return basicAuthenticate;
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.debug(tc, "Form based login: No HTTP Session");
            }
        } else {
            AuthenticationResult handleSSO = handleSSO(webAttributes, httpServletRequest, httpServletResponse);
            if (handleSSO != null) {
                if (handleSSO.getStatus() != 2) {
                    restorePostParams(httpServletRequest, httpServletResponse);
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "handleCustomLogin");
                }
                return handleSSO;
            }
            if (tc.isEntryEnabled()) {
                Tr.debug(tc, "Form based login: No or Bad ltpa cookie ");
            }
        }
        if (!z) {
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "handleCustomLogin", "enableRedirect is false. Returing with NULL");
            return null;
        }
        StringBuffer requestURL2 = httpServletRequest.getRequestURL();
        if (httpServletRequest.getQueryString() != null) {
            requestURL2.append(LocationInfo.NA);
            requestURL2.append(httpServletRequest.getQueryString());
        }
        String stringBuffer3 = requestURL2.toString();
        if (tc.isEntryEnabled()) {
            Tr.debug(tc, "Form based login: Stored original request : " + stringBuffer3);
        }
        AuthenticationResult authenticationResult = new AuthenticationResult(4, stringBuffer2);
        savePostParams(httpServletRequest, httpServletResponse, authenticationResult);
        if (auditService != null) {
            contextHandler = ((AuditServiceImpl) auditService).getContextHandler();
            if (contextHandler == null) {
                Tr.error(tc, "security.audit.service.context.error");
                auditService.processAuditFailure("security.audit.service.context.error", null);
            }
        }
        if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", AuditOutcome.S_REDIRECT)) {
            contextHandler.buildContextObject("SESSION_CONTEXT", AuditHelper.buildSessionData(httpServletRequest));
            contextHandler.buildContextObject("ACCESS_CONTEXT", DataHelper.buildAccessData(WebCollaborator.getURI(httpServletRequest), "webAuth", null, null, "authnRedirect", httpServletRequest.getMethod(), "web", new Long(0L), null, null, null, null));
            contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str2, strArr, new Date(), new Long(0L).longValue()));
            contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
            contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), str));
            contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(activeUserRegistry)));
            contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
            contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData(providerName, "providerSuccess"));
            this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.SUCCESSFUL, new Integer(0), new Integer(0), AuditOutcome.S_REDIRECT, 29L);
            try {
                auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
            } catch (ProviderFailureException e2) {
                Tr.error(tc, "security.audit.service.sendevent.error", new Object[]{e2});
                auditService.processAuditFailure("security.audit.service.sendevent.error", e2);
            }
        }
        if (type.equals(AuthMechanismConfig.TYPE_SWAM)) {
            if (formLoginInfo == null) {
                formLoginInfo = new FormLoginInfo();
            }
            formLoginInfo.setRefererURL(stringBuffer3);
            iHttpSession.putSecurityInfo(formLoginInfo);
            if (tc.isEntryEnabled()) {
                Tr.debug(tc, "Form based login: Referer URL set  in session " + stringBuffer3);
            }
        } else {
            Boolean valueOf = Boolean.valueOf(securityConfig.getPropertyBool(SecurityConfig.PROP_WASREQURL_FQURL));
            if (valueOf == null || (valueOf != null && !valueOf.booleanValue())) {
                try {
                    URL url = new URL(stringBuffer3);
                    StringBuffer stringBuffer4 = new StringBuffer();
                    stringBuffer4.append(url.getProtocol());
                    stringBuffer4.append("://");
                    int port = url.getPort();
                    if (port != -1) {
                        stringBuffer4.append(":");
                        stringBuffer4.append(port);
                    }
                    stringBuffer3 = stringBuffer4.toString() + stringBuffer3.substring(indexOf);
                } catch (MalformedURLException e3) {
                    FFDCFilter.processException(e3, "com.ibm.ws.security.web.WebAuthenticator.handleCustomLogin", "1703", this);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Requested URL is malformed. " + stringBuffer3);
                    }
                }
            }
            String str3 = stringBuffer3;
            String replaceAll = stringBuffer3.replaceAll("%", "%25").replaceAll(";", "%3B").replaceAll(Constantdef.COMMA, "%2C");
            if (str3 != replaceAll && tc.isDebugEnabled()) {
                Tr.debug(tc, "Form based login: changed output storedReq from " + str3 + " to " + replaceAll);
            }
            Cookie cookie = new Cookie("WASReqURL", replaceAll);
            cookie.setPath("/");
            cookie.setMaxAge(-1);
            authenticationResult.setCookie(cookie);
            if (tc.isEntryEnabled()) {
                Tr.debug(tc, "Form based login: Referer URL cookie set " + replaceAll);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "handleCustomLogin", "Redirecting to a login form" + stringBuffer2);
        }
        return authenticationResult;
    }

    private void savePostParams(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationResult authenticationResult) {
        HttpSession session;
        String requestURI = httpServletRequest.getRequestURI();
        String method = httpServletRequest.getMethod();
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "savePostParams");
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, " method : " + method + " URL:" + requestURI);
        }
        if (!(httpServletRequest instanceof SRTServletRequest)) {
            Tr.exit(tc, "savePostParams-No SRTServletRequest");
            return;
        }
        SRTServletRequest sRTServletRequest = (SRTServletRequest) httpServletRequest;
        try {
            if (method.equalsIgnoreCase("post")) {
                SecurityConfig securityConfig = SecurityObjectLocator.getSecurityConfig();
                HashMap inputStreamData = sRTServletRequest.getInputStreamData();
                int postParamSaveMethod = getPostParamSaveMethod();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "prop:" + postParamSaveMethod);
                }
                if (postParamSaveMethod == 0) {
                    Hashtable hashtable = new Hashtable();
                    if (inputStreamData != null) {
                        hashtable.put(POSTPARAM_URL, requestURI);
                        hashtable.put(POSTPARAM_PARAM, inputStreamData);
                        String str = null;
                        try {
                            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                            new ObjectOutputStream(byteArrayOutputStream).writeObject(hashtable);
                            byte[] byteArray = byteArrayOutputStream.toByteArray();
                            int intValue = Integer.valueOf(securityConfig.getProperty(SecurityConfig.PROP_POSTPARAM_COOKIE_SIZE)).intValue();
                            if (tc.isDebugEnabled()) {
                                int i = 0;
                                if (byteArray != null) {
                                    i = byteArray.length;
                                }
                                Tr.debug(tc, "length:" + i + "  maximum length:" + intValue);
                            }
                            if (byteArray == null || byteArray.length >= intValue) {
                                Tr.warning(tc, "Post parameters are null or too large to store into a cookie.");
                            } else {
                                byte[] base64Encode = Base64Coder.base64Encode(byteArray);
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "encoded length:" + base64Encode.length);
                                }
                                str = StringUtil.toString(base64Encode);
                            }
                        } catch (Exception e) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Exception storing POST parameters onto a cookie: ", new Object[]{e});
                            }
                            FFDCFilter.processException(e, "com.ibm.ws.security.web.WebAuthenticator.savePostParams", "1814", this);
                        }
                        if (str != null) {
                            Cookie cookie = new Cookie(POSTPARAM_COOKIE, str);
                            cookie.setMaxAge(-1);
                            cookie.setPath(requestURI);
                            authenticationResult.setCookie(cookie);
                        }
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "encoded POST parameters: " + str);
                        }
                    }
                } else if (postParamSaveMethod == 1 && (session = httpServletRequest.getSession(true)) != null && httpServletRequest.getParameterNames() != null) {
                    session.setAttribute(INITIAL_URL, requestURI);
                    session.setAttribute(PARAM_NAMES, (Object) null);
                    session.setAttribute(PARAM_VALUES, inputStreamData);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "URL saved : " + requestURI.toString());
                    }
                }
            }
        } catch (IOException e2) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "IO Exception storing POST parameters onto a cookie: ", new Object[]{e2});
            }
            FFDCFilter.processException(e2, "com.ibm.ws.security.web.WebAuthenticator.savePostParams", "1844", this);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "savePostParams");
        }
    }

    private void restorePostParams(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        HttpSession session;
        String requestURI = httpServletRequest.getRequestURI();
        String method = httpServletRequest.getMethod();
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "restorePostParams");
        }
        if (!(httpServletRequest instanceof SRTServletRequest)) {
            Tr.exit(tc, "restorePostParams-No SRTServletRequest");
            return;
        }
        SRTServletRequest sRTServletRequest = (SRTServletRequest) httpServletRequest;
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, " method : " + method + " URL:" + requestURI);
        }
        if (method.equalsIgnoreCase(ServicePermission.GET)) {
            SecurityObjectLocator.getSecurityConfig();
            int postParamSaveMethod = getPostParamSaveMethod();
            if (postParamSaveMethod == 0) {
                byte[] cookieValueAsBytes = sRTServletRequest.getCookieValueAsBytes(POSTPARAM_COOKIE);
                if (cookieValueAsBytes != null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Found the cookie, restoring POST parameters: " + new String(cookieValueAsBytes));
                    }
                    sRTServletRequest.setMethod("POST");
                    try {
                        Hashtable hashtable = (Hashtable) new ObjectInputStream(new ByteArrayInputStream(Base64Coder.base64Decode(cookieValueAsBytes))).readObject();
                        if (tc.isDebugEnabled() && hashtable != null) {
                            Tr.debug(tc, "Original URL:" + hashtable.get(POSTPARAM_URL));
                        }
                        if (hashtable != null && hashtable.get(POSTPARAM_URL).equals(requestURI)) {
                            sRTServletRequest.setInputStreamData((HashMap) ((Map) hashtable.get(POSTPARAM_PARAM)));
                            Tr.debug(tc, "restored POST paramameters");
                        }
                    } catch (Exception e) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Exception restoring POST parameters from the cookie: ", new Object[]{e});
                        }
                        FFDCFilter.processException(e, "com.ibm.ws.security.web.WebAuthenticator.restorePostParams", "1900", this);
                    }
                    Cookie cookie = new Cookie(POSTPARAM_COOKIE, POSTPARAM_FAILED);
                    cookie.setPath(requestURI);
                    cookie.setMaxAge(0);
                    httpServletResponse.addCookie(cookie);
                }
            } else if (postParamSaveMethod == 1 && (session = httpServletRequest.getSession(false)) != null) {
                String str = (String) session.getAttribute(INITIAL_URL);
                if (str != null && str.equals(requestURI)) {
                    try {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Found the session, restoring POST parameters.");
                        }
                        sRTServletRequest.setMethod("POST");
                        Map map = (Map) session.getAttribute(PARAM_VALUES);
                        if (map != null) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Restoring POST paramameters for URL : " + requestURI);
                            }
                            sRTServletRequest.setInputStreamData((HashMap) map);
                        } else if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "No parameters to restore for URL : " + requestURI);
                        }
                    } catch (IOException e2) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "IOException restoring POST parameters onto a cookie: ", new Object[]{e2});
                        }
                        FFDCFilter.processException(e2, "com.ibm.ws.security.web.WebAuthenticator.savePostParams", "1933", this);
                    }
                } else if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Parameters NOT restored. Original URL : " + str + " req. URL : " + requestURI);
                }
                session.setAttribute(INITIAL_URL, (Object) null);
                session.setAttribute(PARAM_NAMES, (Object) null);
                session.setAttribute(PARAM_VALUES, (Object) null);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "restorePostParams");
        }
    }

    private AuthenticationResult handleCertificates(WebAttributes webAttributes, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "handleCertificates");
        }
        if (tc.isEntryEnabled()) {
            Tr.debug(tc, "Challenge type used is CERT.");
        }
        ContextHandler contextHandler = null;
        String str = "CLIENT_CERT";
        AuthenticationResult authenticationResult = null;
        String str2 = default_realm;
        this.auditStartTime = new Date();
        SecurityConfig securityConfig = SecurityObjectLocator.getSecurityConfig();
        securityConfig.getActiveAuthMechanism().getType();
        Boolean valueOf = Boolean.valueOf(securityConfig.getActiveAuthMechanism().getBoolean(AuthMechanismConfig.FORWARDABLE_CRED));
        String str3 = null;
        String[] strArr = null;
        if (auditService != null) {
            str3 = auditService.getLastTrailId();
            strArr = auditService.getEventTrailIds();
        }
        try {
            X509Certificate[] x509CertificateArr = (X509Certificate[]) httpServletRequest.getAttribute("javax.net.ssl.peer_certificates");
            if (x509CertificateArr == null) {
                if (!webAttributes.isDefaultToBasic()) {
                    if (tc.isEntryEnabled()) {
                        Tr.debug(tc, "No certificate provided and default to basic is false.");
                    }
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "handleCertificates");
                    }
                    return new AuthenticationResult(2, "No Client Certificate Available", (Cookie) null);
                }
                if (tc.isEntryEnabled()) {
                    Tr.debug(tc, "No certificate was provided but defaulting to BASIC.");
                }
                str = "BASIC";
            }
            if (!str.equalsIgnoreCase("BASIC")) {
                x509CertificateArr[0].getEncoded();
                if (tc.isEntryEnabled()) {
                    Tr.debug(tc, "Map credential for this certificate.");
                }
                String webAppName = webAttributes.getWebAppName();
                String string = SecurityObjectLocator.getSecurityConfig().getActiveUserRegistry().getString("realm");
                try {
                    HashMap hashMap = new HashMap(4);
                    hashMap.put(Constants.WEB_APP_NAME, webAppName);
                    hashMap.put(Constants.REDIRECT_URL, null);
                    setDomainContext(webAttributes, hashMap);
                    String str4 = "system.WEB_INBOUND";
                    if (valueOf != null && !valueOf.booleanValue()) {
                        str4 = "system.SWAM";
                    }
                    Subject login = ContextManagerFactory.getInstance().login(string, x509CertificateArr, str4, httpServletRequest, httpServletResponse, hashMap);
                    if (login != null) {
                        authenticationResult = new AuthenticationResult(1, login);
                        if (auditService != null) {
                            contextHandler = ((AuditServiceImpl) auditService).getContextHandler();
                            if (contextHandler == null) {
                                Tr.error(tc, "security.audit.service.context.error");
                                auditService.processAuditFailure("security.audit.service.context.error", null);
                            }
                        }
                        if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", "SUCCESS")) {
                            String name = login != null ? ((Principal) login.getPrincipals().toArray()[0]).getName() : null;
                            contextHandler.buildContextObject("SESSION_CONTEXT", AuditHelper.buildSessionData(httpServletRequest));
                            contextHandler.buildContextObject("ACCESS_CONTEXT", DataHelper.buildAccessData(WebCollaborator.getURI(httpServletRequest), "webAuth", name, x509CertificateArr[0].getIssuerDN().getName(), "authnSuccess", httpServletRequest.getMethod(), "web", new Long(0L), null, null, null, null));
                            contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str3, strArr, new Date(), new Long(0L).longValue()));
                            contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                            contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), string));
                            contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(activeUserRegistry)));
                            contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
                            contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData(providerName, "providerSuccess"));
                            this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.SUCCESSFUL, new Integer(0), new Integer(0), "SUCCESS", 5L);
                            try {
                                auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
                            } catch (ProviderFailureException e) {
                                Tr.error(tc, "security.audit.service.sendevent.error", new Object[]{e});
                                auditService.processAuditFailure("security.audit.service.sendevent.error", e);
                            }
                        }
                    } else {
                        authenticationResult = AUTHN_FAILED_RESULT;
                        if (auditService != null) {
                            contextHandler = ((AuditServiceImpl) auditService).getContextHandler();
                            if (contextHandler == null) {
                                Tr.error(tc, "security.audit.service.context.error");
                                auditService.processAuditFailure("security.audit.service.context.error", null);
                            }
                        }
                        if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", "DENIED")) {
                            contextHandler.buildContextObject("SESSION_CONTEXT", AuditHelper.buildSessionData(httpServletRequest));
                            contextHandler.buildContextObject("ACCESS_CONTEXT", DataHelper.buildAccessData(WebCollaborator.getURI(httpServletRequest), "webAuth", null, x509CertificateArr[0].getIssuerDN().getName(), "denied", httpServletRequest.getMethod(), "web", new Long(0L), null, null, null, null));
                            contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str3, strArr, new Date(), new Long(0L).longValue()));
                            contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                            contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), string));
                            contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(activeUserRegistry)));
                            contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
                            contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData(providerName, "providerSuccess"));
                            this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.UNSUCCESSFUL, new Integer(-1), new Integer(-1), "DENIED", 15L);
                            try {
                                auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
                            } catch (ProviderFailureException e2) {
                                Tr.error(tc, "security.audit.service.sendevent.error", new Object[]{e2});
                                auditService.processAuditFailure("security.audit.service.sendevent.error", e2);
                            }
                        }
                    }
                    authenticationResult.clearCookieList();
                    if (tc.isEntryEnabled()) {
                        Tr.debug(tc, "Storing certificates in the credential");
                    }
                    ArrayList arrayList = new ArrayList(x509CertificateArr.length);
                    for (X509Certificate x509Certificate : x509CertificateArr) {
                        arrayList.add(x509Certificate);
                    }
                    CertPath generateCertPath = CertificateFactory.getInstance("X.509").generateCertPath(arrayList);
                    WSCredential wSCredential = (WSCredential) authenticationResult.getSubject().getPublicCredentials(WSCredential.class).iterator().next();
                    if (wSCredential != null) {
                        wSCredential.set("wssecurity.setAttributForIdentityAssertion", generateCertPath);
                    }
                } catch (Exception e3) {
                    FFDCFilter.processException(e3, "com.ibm.ws.security.web.WebAuthenticator.handleCertificates", "2201", this);
                    if (tc.isEntryEnabled()) {
                        Tr.debug(tc, "Credential Mapping for Certificate failed.");
                    }
                    authenticationResult = AUTHN_FAILED_RESULT;
                    if (auditService != null) {
                        contextHandler = ((AuditServiceImpl) auditService).getContextHandler();
                        if (contextHandler == null) {
                            Tr.error(tc, "security.audit.service.context.error");
                            auditService.processAuditFailure("security.audit.service.context.error", null);
                        }
                    }
                    if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", "DENIED")) {
                        contextHandler.buildContextObject("SESSION_CONTEXT", AuditHelper.buildSessionData(httpServletRequest));
                        contextHandler.buildContextObject("ACCESS_CONTEXT", DataHelper.buildAccessData(WebCollaborator.getURI(httpServletRequest), "webAuth", null, null, "denied", httpServletRequest.getMethod(), "web", new Long(0L), null, null, null, null));
                        contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str3, strArr, new Date(), new Long(0L).longValue()));
                        contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                        contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), string));
                        contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(activeUserRegistry)));
                        contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
                        contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData(providerName, "providerSuccess"));
                        this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.UNSUCCESSFUL, new Integer(-1), new Integer(-1), "DENIED", 15L);
                        try {
                            auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
                        } catch (ProviderFailureException e4) {
                            Tr.error(tc, "security.audit.service.sendevent.error", new Object[]{e4});
                            auditService.processAuditFailure("security.audit.service.sendevent.error", e4);
                        }
                    }
                    throw e3;
                }
            }
        } catch (Exception e5) {
            FFDCFilter.processException(e5, "com.ibm.ws.security.web.WebAuthenticator.handleCertificates", "2312", this);
            if (!webAttributes.isDefaultToBasic()) {
                if (auditService != null) {
                    contextHandler = ((AuditServiceImpl) auditService).getContextHandler();
                    if (contextHandler == null) {
                        Tr.error(tc, "security.audit.service.context.error");
                        auditService.processAuditFailure("security.audit.service.context.error", null);
                    }
                }
                if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", "DENIED")) {
                    contextHandler.buildContextObject("SESSION_CONTEXT", AuditHelper.buildSessionData(httpServletRequest));
                    contextHandler.buildContextObject("ACCESS_CONTEXT", DataHelper.buildAccessData(WebCollaborator.getURI(httpServletRequest), "webAuth", null, null, "denied", httpServletRequest.getMethod(), "web", new Long(0L), null, null, null, null));
                    contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str3, strArr, new Date(), new Long(0L).longValue()));
                    contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                    contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), str2));
                    contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(activeUserRegistry)));
                    contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
                    contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData(providerName, "providerSuccess"));
                    this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.UNSUCCESSFUL, new Integer(-1), new Integer(-1), "DENIED", 15L);
                    try {
                        auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
                    } catch (ProviderFailureException e6) {
                        Tr.error(tc, "security.audit.service.sendevent.error", new Object[]{e6});
                        auditService.processAuditFailure("security.audit.service.sendevent.error", e6);
                    }
                }
                throw e5;
            }
            if (tc.isEntryEnabled()) {
                Tr.debug(tc, "Exception occurred while processing certificate: " + e5.getMessage());
                Tr.debug(tc, "Defaulting to Basic");
            }
            if (auditService != null) {
                contextHandler = ((AuditServiceImpl) auditService).getContextHandler();
                if (contextHandler == null) {
                    Tr.error(tc, "security.audit.service.context.error");
                    auditService.processAuditFailure("security.audit.service.context.error", null);
                }
            }
            if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", "DENIED")) {
                contextHandler.buildContextObject("SESSION_CONTEXT", AuditHelper.buildSessionData(httpServletRequest));
                contextHandler.buildContextObject("ACCESS_CONTEXT", DataHelper.buildAccessData(WebCollaborator.getURI(httpServletRequest), "webAuth", null, null, "denied", httpServletRequest.getMethod(), "web", new Long(0L), null, null, null, null));
                contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str3, strArr, new Date(), new Long(0L).longValue()));
                contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), str2));
                contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(activeUserRegistry)));
                contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
                contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData(providerName, "providerSuccess"));
                this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.UNSUCCESSFUL, new Integer(-1), new Integer(-1), "DENIED", 15L);
                try {
                    auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
                } catch (ProviderFailureException e7) {
                    Tr.error(tc, "security.audit.service.sendevent.error", new Object[]{e7});
                    auditService.processAuditFailure("security.audit.service.sendevent.error", e7);
                }
            }
        }
        WebCollaborator.setPrivateAttributes(httpServletRequest, "AUTH_TYPE", "CLIENT_CERT");
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "handleCertificates");
        }
        return authenticationResult;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static final String getHeader(HttpServletRequest httpServletRequest, String str) {
        HttpServletRequest httpServletRequest2 = httpServletRequest;
        if (httpServletRequest2 instanceof HttpServletRequestWrapper) {
            ServletRequest request = ((HttpServletRequestWrapper) httpServletRequest2).getRequest();
            while (true) {
                httpServletRequest2 = (HttpServletRequest) request;
                if (httpServletRequest2 == null || !(httpServletRequest2 instanceof HttpServletRequestWrapper)) {
                    break;
                }
                request = ((HttpServletRequestWrapper) httpServletRequest2).getRequest();
            }
        }
        return (httpServletRequest2 == null || !(httpServletRequest2 instanceof SRTServletRequest)) ? httpServletRequest.getHeader(str) : ((SRTServletRequest) httpServletRequest2).getHeaderDirect(str);
    }

    private AuthenticationResult handleSpnegoWebAuthentication(WebAttributes webAttributes, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HashMap hashMap) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "handleSpnegoWebAuthentication");
        }
        ContextHandler contextHandler = null;
        String str = default_realm;
        Subject subject = null;
        String str2 = null;
        String[] strArr = null;
        if (auditService != null) {
            str2 = auditService.getLastTrailId();
            strArr = auditService.getEventTrailIds();
        }
        AuthMechanismConfig authMechanism = SecurityObjectLocator.getSecurityConfig().getAuthMechanism(AuthMechanismConfig.TYPE_SPNEGO);
        this.spnegoWeb = TrustAssociationInterceptorImpl.getInstance();
        this.spnegoWeb.initialize(authMechanism.getSpnegoFilterProps());
        if (!this.spnegoWeb.isTargetInterceptor(httpServletRequest)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "SPNEGO Web authentication isn't available for this request.");
            }
            return new AuthenticationResult(6, "SPNEGO Web authentication isn't available for this request.");
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "SPNEGO Web authentication - target is intercepted");
        }
        try {
            TAIResult negotiateValidateandEstablishTrust = this.spnegoWeb.negotiateValidateandEstablishTrust(httpServletRequest, httpServletResponse);
            int status = negotiateValidateandEstablishTrust.getStatus();
            if (status != 200) {
                if (auditService != null) {
                    contextHandler = ((AuditServiceImpl) auditService).getContextHandler();
                    if (contextHandler == null) {
                        Tr.error(tc, "security.audit.service.context.error");
                        auditService.processAuditFailure("security.audit.service.context.error", null);
                    }
                }
                if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", AuditOutcome.S_REDIRECT)) {
                    contextHandler.buildContextObject("SESSION_CONTEXT", AuditHelper.buildSessionData(httpServletRequest));
                    contextHandler.buildContextObject("ACCESS_CONTEXT", DataHelper.buildAccessData(WebCollaborator.getURI(httpServletRequest), "webAuth", null, null, "authnRedirect", httpServletRequest.getMethod(), "web", new Long(0L), null, null, null, null));
                    contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str2, strArr, new Date(), new Long(0L).longValue()));
                    contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                    contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), str));
                    contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(activeUserRegistry)));
                    contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
                    contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData("SPNEGO Web authentication", "providerSuccess"));
                    this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.UNSUCCESSFUL, new Integer(-1), new Integer(-1), AuditOutcome.S_REDIRECT, 23L);
                    try {
                        auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
                    } catch (ProviderFailureException e) {
                        Tr.error(tc, "security.audit.service.sendevent.error", new Object[]{e});
                        auditService.processAuditFailure("security.audit.service.sendevent.error", e);
                    }
                }
                return new AuthenticationResult(5, "Challenge from TrustAssociation Interception: name ?", status);
            }
            Subject subject2 = negotiateValidateandEstablishTrust.getSubject();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Subject retrieved is [" + subject2 + Constantdef.RIGHTSB);
            }
            String authenticatedPrincipal = negotiateValidateandEstablishTrust.getAuthenticatedPrincipal();
            if (tc.isEntryEnabled()) {
                Tr.debug(tc, "Username retrieved from the spnego token is [" + authenticatedPrincipal + Constantdef.RIGHTSB);
            }
            if (0 == 0) {
                ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
                try {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "attempting login with " + authenticatedPrincipal);
                    }
                    subject = contextManagerFactory.login(str, authenticatedPrincipal, authMech, httpServletRequest, httpServletResponse, hashMap, subject2);
                } catch (WSLoginFailedException e2) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "login caught exception " + e2.toString());
                    }
                    return new AuthenticationResult(2, e2.getMessage());
                }
            }
            AuthenticationResult authenticationResult = new AuthenticationResult(1, subject);
            if (auditService != null) {
                contextHandler = ((AuditServiceImpl) auditService).getContextHandler();
                if (contextHandler == null) {
                    Tr.error(tc, "security.audit.service.context.error");
                    auditService.processAuditFailure("security.audit.service.context.error", null);
                }
            }
            if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", "SUCCESS")) {
                String str3 = null;
                if (subject != null) {
                    str3 = ((Principal) subject.getPrincipals().toArray()[0]).getName();
                }
                contextHandler.buildContextObject("SESSION_CONTEXT", AuditHelper.buildSessionData(httpServletRequest));
                contextHandler.buildContextObject("ACCESS_CONTEXT", DataHelper.buildAccessData(WebCollaborator.getURI(httpServletRequest), "webAuth", str3, str3, "authnSuccess", httpServletRequest.getMethod(), "web", new Long(0L), null, null, null, null));
                contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str2, strArr, new Date(), new Long(0L).longValue()));
                contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), str));
                contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(activeUserRegistry)));
                contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
                contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData("SPNEGO Web authentication", "providerSuccess"));
                this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.SUCCESSFUL, new Integer(0), new Integer(0), "SUCCESS", 5L);
                try {
                    auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
                } catch (ProviderFailureException e3) {
                    Tr.error(tc, "security.audit.service.sendevent.error", new Object[]{e3});
                    auditService.processAuditFailure("security.audit.service.sendevent.error", e3);
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "handleSpnegoWebAuthentication");
            }
            return authenticationResult;
        } catch (WebTrustAssociationFailedException e4) {
            FFDCFilter.processException((Throwable) e4, "com.ibm.ws.security.web.WebAuthenticator.handleTrustAssociation", "2631", (Object) this);
            Tr.error(tc, "security.web.ta.validationfailed", new Object[]{e4});
            if (auditService != null) {
                contextHandler = ((AuditServiceImpl) auditService).getContextHandler();
                if (contextHandler == null) {
                    Tr.error(tc, "security.audit.service.context.error");
                    auditService.processAuditFailure("security.audit.service.context.error", null);
                }
            }
            if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", "DENIED")) {
                contextHandler.buildContextObject("SESSION_CONTEXT", AuditHelper.buildSessionData(httpServletRequest));
                contextHandler.buildContextObject("ACCESS_CONTEXT", DataHelper.buildAccessData(WebCollaborator.getURI(httpServletRequest), "webAuth", null, null, "authnRedirect", httpServletRequest.getMethod(), "web", new Long(0L), null, null, null, null));
                contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str2, strArr, new Date(), new Long(0L).longValue()));
                contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), str));
                contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(activeUserRegistry)));
                contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
                contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData("SPNEGO Web authentication", "providerSuccess"));
                this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.UNSUCCESSFUL, new Integer(-1), new Integer(-1), "DENIED", 24L);
                try {
                    auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
                } catch (ProviderFailureException e5) {
                    Tr.error(tc, "security.audit.service.sendevent.error", new Object[]{e5});
                    auditService.processAuditFailure("security.audit.service.sendevent.error", e5);
                }
            }
            return new AuthenticationResult(2, e4.getMessage());
        } catch (Exception e6) {
            FFDCFilter.processException(e6, "com.ibm.ws.security.web.WebAuthenticator.handleTrustAssociation", "2699", this);
            Tr.error(tc, "security.web.ta.genexc", new Object[]{e6});
            if (auditService != null) {
                contextHandler = ((AuditServiceImpl) auditService).getContextHandler();
                if (contextHandler == null) {
                    Tr.error(tc, "security.audit.service.context.error");
                    auditService.processAuditFailure("security.audit.service.context.error", null);
                }
            }
            if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", "FAILURE")) {
                contextHandler.buildContextObject("SESSION_CONTEXT", AuditHelper.buildSessionData(httpServletRequest));
                contextHandler.buildContextObject("ACCESS_CONTEXT", DataHelper.buildAccessData(WebCollaborator.getURI(httpServletRequest), "webAuth", null, null, "authnFailure", httpServletRequest.getMethod(), "web", new Long(0L), null, null, null, null));
                contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str2, strArr, new Date(), new Long(0L).longValue()));
                contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), str));
                contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(activeUserRegistry)));
                contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
                contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData("SPNEGO Web authentication", "failure"));
                this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.UNSUCCESSFUL, new Integer(-1), new Integer(-1), "FAILURE", 26L);
                try {
                    auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
                } catch (ProviderFailureException e7) {
                    Tr.error(tc, "security.audit.service.sendevent.error", new Object[]{e7});
                    auditService.processAuditFailure("security.audit.service.sendevent.error", e7);
                }
            }
            return new AuthenticationResult(2, e6.getMessage());
        }
    }

    private AuthenticationResult handleBasicAuth(WebAttributes webAttributes, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "handleBasicAuth");
        }
        ContextHandler contextHandler = null;
        this.auditStartTime = new Date();
        String str = default_realm;
        String str2 = null;
        String[] strArr = null;
        if (auditService != null) {
            str2 = auditService.getLastTrailId();
            strArr = auditService.getEventTrailIds();
        }
        String header = httpServletRequest.getHeader(WebCollaborator.pnAuthorization);
        if (header == null || !header.startsWith("Basic ")) {
            if (tc.isEntryEnabled()) {
                Tr.debug(tc, "basic 401");
            }
            AuthenticationResult authenticationResult = new AuthenticationResult(3, webAttributes.getRealm(), (Cookie) null);
            if (auditService != null) {
                contextHandler = ((AuditServiceImpl) auditService).getContextHandler();
                if (contextHandler == null) {
                    Tr.error(tc, "security.audit.service.context.error");
                    auditService.processAuditFailure("security.audit.service.context.error", null);
                }
            }
            if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", AuditOutcome.S_REDIRECT)) {
                contextHandler.buildContextObject("SESSION_CONTEXT", AuditHelper.buildSessionData(httpServletRequest));
                contextHandler.buildContextObject("ACCESS_CONTEXT", DataHelper.buildAccessData(WebCollaborator.getURI(httpServletRequest), "webAuth", null, null, "authnRedirect", httpServletRequest.getMethod(), "web", new Long(0L), null, null, null, null));
                contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str2, strArr, new Date(), new Long(0L).longValue()));
                contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
                contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), str));
                contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(activeUserRegistry)));
                contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
                contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData(providerName, "providerSuccess"));
                this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.UNSUCCESSFUL, new Integer(-1), new Integer(-1), AuditOutcome.S_REDIRECT, 28L);
                try {
                    auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
                } catch (ProviderFailureException e) {
                    Tr.error(tc, "security.audit.service.sendevent.error", new Object[]{e});
                    auditService.processAuditFailure("security.audit.service.sendevent.error", e);
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "handleBasicAuth");
            }
            return authenticationResult;
        }
        if (tc.isEntryEnabled()) {
            Tr.debug(tc, "Authorization: " + header);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "BasicAuthEncoding: " + BasicAuthEncoding);
        }
        String header2 = httpServletRequest.getHeader(AUTHORIZATION_ENCODING);
        if (header2 == null) {
            header2 = BasicAuthEncoding;
        }
        byte[] decode = Base64.decode(header.substring(6));
        boolean z = false;
        if (header2 != null && header2.length() > 0) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Authorization will be decoded using : " + header2);
            }
            try {
                header = new String(decode, header2);
                z = true;
            } catch (Exception e2) {
                z = false;
                FFDCFilter.processException(e2, "com.ibm.ws.security.web.WebAuthenticator.handleBasicAuth", "2991", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception " + e2.getMessage() + " using character encoder " + header2 + " switching to system default decoder");
                }
            }
        }
        if (!z) {
            try {
                header = new String(decode);
            } catch (Exception e3) {
                FFDCFilter.processException(e3, "com.ibm.ws.security.web.WebAuthenticator.handleBasicAuth", "3001", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Error in using character encoder");
                }
            }
        }
        int indexOf = header.indexOf(58);
        if (indexOf >= 0) {
            AuthenticationResult basicAuthenticate = basicAuthenticate(str, header.substring(0, indexOf), header.substring(indexOf + 1), webAttributes, httpServletRequest, httpServletResponse);
            int status = basicAuthenticate.getStatus();
            if ((status == 3 || status == 2) && status == 2) {
                if (tc.isEntryEnabled()) {
                    Tr.debug(tc, "Authentication failed after calling basicAuthenticate");
                }
                basicAuthenticate = new AuthenticationResult(3, webAttributes.getRealm(), (Cookie) null);
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "handleBasicAuth");
            }
            return basicAuthenticate;
        }
        AuthenticationResult authenticationResult2 = new AuthenticationResult(3, webAttributes.getRealm(), (Cookie) null);
        if (auditService != null) {
            contextHandler = ((AuditServiceImpl) auditService).getContextHandler();
            if (contextHandler == null) {
                Tr.error(tc, "security.audit.service.context.error");
                auditService.processAuditFailure("security.audit.service.context.error", null);
            }
        }
        if (auditService != null && auditService.isEventRequired("SECURITY_AUTHN", AuditOutcome.S_REDIRECT)) {
            contextHandler.buildContextObject("SESSION_CONTEXT", AuditHelper.buildSessionData(httpServletRequest));
            contextHandler.buildContextObject("ACCESS_CONTEXT", DataHelper.buildAccessData(WebCollaborator.getURI(httpServletRequest), "webAuth", null, null, "authnRedirect", httpServletRequest.getMethod(), "web", new Long(0L), null, null, null, null));
            contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(str2, strArr, new Date(), new Long(0L).longValue()));
            contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
            contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), str));
            contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(DataHelper.convertRegistryInfoType(activeUserRegistry)));
            contextHandler.buildContextObject("AUTHN_CONTEXT", DataHelper.buildAuthnData("challengeResponse"));
            contextHandler.buildContextObject("AUTHN_PROVIDER_CONTEXT", DataHelper.buildProviderData(providerName, "providerSuccess"));
            this.auditOutcome = DataHelper.buildOutcomeData(AuditOutcome.UNSUCCESSFUL, new Integer(-1), new Integer(-1), AuditOutcome.S_REDIRECT, 28L);
            try {
                auditService.sendEvent("SECURITY_AUTHN", this.auditOutcome);
            } catch (ProviderFailureException e4) {
                Tr.error(tc, "security.audit.service.sendevent.error", new Object[]{e4});
                auditService.processAuditFailure("security.audit.service.sendevent.error", e4);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.debug(tc, "Failed to find username/password info -- Sending 401.");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "handleBasicAuth");
        }
        return authenticationResult2;
    }

    public AuthenticationResult authenticate(WebAttributes webAttributes, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z) {
        return authenticate(webAttributes, httpServletRequest, httpServletResponse, z, true);
    }

    /*  JADX ERROR: NullPointerException in pass: RegionMakerVisitor
        java.lang.NullPointerException
        */
    public com.ibm.ws.security.web.AuthenticationResult authenticate(com.ibm.ws.security.web.WebAttributes r14, javax.servlet.http.HttpServletRequest r15, javax.servlet.http.HttpServletResponse r16, boolean r17, boolean r18) {
        /*
            Method dump skipped, instructions count: 2113
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ws.security.web.WebAuthenticator.authenticate(com.ibm.ws.security.web.WebAttributes, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, boolean, boolean):com.ibm.ws.security.web.AuthenticationResult");
    }

    public AuthenticationResult authenticate(WebAttributes webAttributes, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return authenticate(webAttributes, httpServletRequest, httpServletResponse, true);
    }

    public static String getCookieValue(Cookie[] cookieArr, String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getCookieValue", str);
        }
        String str2 = null;
        if (cookieArr != null) {
            int i = 0;
            while (true) {
                if (i >= cookieArr.length) {
                    break;
                }
                if (str.equals(cookieArr[i].getName())) {
                    str2 = cookieArr[i].getValue();
                    break;
                }
                i++;
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getCookieValue", str2);
        }
        return str2;
    }

    public static String[] getCookieValues(Cookie[] cookieArr, String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getCookieValues", str);
        }
        Vector vector = new Vector();
        int i = 0;
        if (cookieArr != null) {
            for (int i2 = 0; i2 < cookieArr.length; i2++) {
                if (str.equals(cookieArr[i2].getName())) {
                    vector.add(cookieArr[i2].getValue());
                    i++;
                    if (tc.isEntryEnabled()) {
                        Tr.debug(tc, cookieArr[i2].getValue());
                    }
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getCookieValues");
        }
        if (vector.size() > 0) {
            return (String[]) vector.toArray(new String[i]);
        }
        return null;
    }

    public AuthenticationResult validate(String str, byte[] bArr, WebAttributes webAttributes, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return validate(str, bArr, webAttributes, httpServletRequest, httpServletResponse, null);
    }

    /* JADX WARN: Removed duplicated region for block: B:63:0x0629  */
    /* JADX WARN: Removed duplicated region for block: B:72:0x0463  */
    /* JADX WARN: Removed duplicated region for block: B:75:0x0483  */
    /* JADX WARN: Removed duplicated region for block: B:92:0x05ff  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public com.ibm.ws.security.web.AuthenticationResult validate(java.lang.String r14, byte[] r15, com.ibm.ws.security.web.WebAttributes r16, javax.servlet.http.HttpServletRequest r17, javax.servlet.http.HttpServletResponse r18, java.lang.String r19) {
        /*
            Method dump skipped, instructions count: 1589
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ws.security.web.WebAuthenticator.validate(java.lang.String, byte[], com.ibm.ws.security.web.WebAttributes, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.String):com.ibm.ws.security.web.AuthenticationResult");
    }

    private void initialize() {
        this.cushion = AuthCache.getInstance().getCushion();
    }

    public AuthenticationResult basicAuthenticate(String str, String str2, String str3) {
        return basicAuthenticate(str, str2, str3, null, null, null);
    }

    /* JADX WARN: Removed duplicated region for block: B:60:0x05c2  */
    /* JADX WARN: Removed duplicated region for block: B:67:0x041c  */
    /* JADX WARN: Removed duplicated region for block: B:70:0x043c  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public com.ibm.ws.security.web.AuthenticationResult basicAuthenticate(java.lang.String r14, java.lang.String r15, java.lang.String r16, com.ibm.ws.security.web.WebAttributes r17, javax.servlet.http.HttpServletRequest r18, javax.servlet.http.HttpServletResponse r19) {
        /*
            Method dump skipped, instructions count: 1486
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ws.security.web.WebAuthenticator.basicAuthenticate(java.lang.String, java.lang.String, java.lang.String, com.ibm.ws.security.web.WebAttributes, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse):com.ibm.ws.security.web.AuthenticationResult");
    }

    protected WSCredential setSasBasicAuth(String str, String str2, String str3) throws Exception {
        throw new RuntimeException("Not Implemented");
    }

    public Subject getPreferredSubject(Subject subject, Subject subject2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getPreferredSubject");
        }
        return subject != null ? subject : subject2;
    }

    private boolean isAdminApp(WebAttributes webAttributes) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isAdminApp");
        }
        boolean checkIfAdminApp = webAttributes != null ? WSAccessManager.checkIfAdminApp(webAttributes.getWebAppName()) : false;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isAdminApp", Boolean.valueOf(checkIfAdminApp));
        }
        return checkIfAdminApp;
    }

    private void setDomainContext(WebAttributes webAttributes, Map map) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setDomainContext");
        }
        boolean checkIfAdminApp = WSAccessManager.checkIfAdminApp(webAttributes.getWebAppName());
        map.put(CommonConstants.REALM_NAME, SecurityObjectLocator.getSecurityConfig().getActiveUserRegistry().getString("realm"));
        if (checkIfAdminApp) {
            map.put("security.domain.type", "administration");
        } else {
            map.put("security.domain.type", "application");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setDomainContext", map);
        }
    }

    private AuthenticationResult restoreWASReqURLValue(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "restoreWASReqURLValue");
        }
        AuthenticationResult authenticationResult = null;
        String restoreReqURL = new RestoreWASReqURL().restoreReqURL(httpServletRequest);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "WASReqURL value: " + restoreReqURL);
        }
        if (restoreReqURL != null && restoreReqURL.trim().length() > 0) {
            StringBuffer requestURL = httpServletRequest.getRequestURL();
            if (httpServletRequest.getQueryString() != null) {
                requestURL.append(LocationInfo.NA);
                requestURL.append(httpServletRequest.getQueryString());
            }
            String stringBuffer = requestURL.toString();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "\nCurrentURL: " + stringBuffer + "\nWasReqURL: " + restoreReqURL);
            }
            String uri = WebCollaborator.getURI(httpServletRequest);
            if (stringBuffer != null && uri != null && restoreReqURL.toLowerCase().indexOf(uri.toLowerCase()) > 0 && !restoreReqURL.equalsIgnoreCase(stringBuffer)) {
                Boolean valueOf = Boolean.valueOf(SecurityObjectLocator.getSecurityConfig().getPropertyBool(SecurityConfig.ALWAYS_RESTORE_WASREQURL));
                if (valueOf != null && valueOf.booleanValue()) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Redirect a request to the original URL.");
                    }
                    authenticationResult = new AuthenticationResult(4, restoreReqURL);
                    Cookie cookie = new Cookie("WASReqURL", "");
                    cookie.setPath("/");
                    cookie.setMaxAge(0);
                    httpServletResponse.addCookie(cookie);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "cleared WASReqURL cookie.");
                    }
                } else if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "skip redirecting to the original URL, since com.ibm.websphere.security.alwaysRestoreOriginalURL is set to false.");
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "restoreWASReqURLValue result: " + authenticationResult);
        }
        return authenticationResult;
    }

    protected int getPostParamSaveMethod() {
        int i = 0;
        SecurityConfig securityConfig = SecurityObjectLocator.getSecurityConfig();
        String str = null;
        if (securityConfig != null) {
            str = securityConfig.getProperty(SecurityConfig.PROP_POSTPARAM_SAVE_METHOD);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "postParamSaveMethod string: " + str);
        }
        if (str != null) {
            if (str.equalsIgnoreCase("Cookie")) {
                i = 0;
            } else if (str.equalsIgnoreCase(CommonConstants.PROP_SAVE_TO_SESSION)) {
                i = 1;
            } else if (str.equalsIgnoreCase(CommonConstants.PROP_SAVE_DISABLE)) {
                i = 2;
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "postParamSaveMethod value: " + i);
        }
        return i;
    }

    /* JADX WARN: Code restructure failed: missing block: B:28:0x00a8, code lost:
    
        r7 = true;
     */
    /* JADX WARN: Code restructure failed: missing block: B:29:0x00b0, code lost:
    
        if (com.ibm.ws.security.web.WebAuthenticator.tc.isDebugEnabled() == false) goto L31;
     */
    /* JADX WARN: Code restructure failed: missing block: B:30:0x00b3, code lost:
    
        com.ibm.ejs.ras.Tr.debug(com.ibm.ws.security.web.WebAuthenticator.tc, "Found matching predefined Subject tag.");
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    protected boolean checkSubject(javax.servlet.http.HttpServletRequest r5, javax.security.auth.Subject r6) {
        /*
            Method dump skipped, instructions count: 275
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ws.security.web.WebAuthenticator.checkSubject(javax.servlet.http.HttpServletRequest, javax.security.auth.Subject):boolean");
    }
}
