package com.ibm.websphere.objectgrid.security.plugins.builtins;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.objectgrid.security.plugins.CannotGenerateCredentialException;
import com.ibm.websphere.objectgrid.security.plugins.Credential;
import com.ibm.websphere.objectgrid.security.plugins.CredentialGenerator;
import com.ibm.websphere.security.WSSecurityException;
import com.ibm.websphere.security.auth.WSLoginFailedException;
import com.ibm.websphere.security.auth.WSSecurityContext;
import com.ibm.websphere.security.auth.WSSubject;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.management.util.SecurityHelper;
import com.ibm.ws.objectgrid.Constants;
import com.ibm.ws.objectgrid.ObjectGridManagerImpl;
import com.ibm.wsspi.security.token.WSOpaqueTokenHelper;
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import javax.security.auth.Subject;

/* loaded from: input_file:com/ibm/websphere/objectgrid/security/plugins/builtins/WSTokenCredentialGenerator.class */
public class WSTokenCredentialGenerator implements CredentialGenerator {
    private static final TraceComponent TC = Tr.register(WSTokenCredentialGenerator.class, Constants.TR_SECURITY_GROUP_NAME, "com.ibm.ws.objectgrid.resources.ObjectGridMessages");
    public static final int RUN_AS_SUBJECT = 1;
    public static final int CALLER_SUBJECT = 2;
    public static final String RUN_AS_SUBJECT_STRING = "runAs";
    public static final String CALLER_SUBJECT_STRING = "caller";
    private int type;

    public WSTokenCredentialGenerator() {
        this.type = 1;
    }

    public WSTokenCredentialGenerator(int i) {
        this.type = 1;
        if (i != 1 && i != 2) {
            throw new IllegalArgumentException("Unsupported type : " + i);
        }
        this.type = i;
    }

    @Override // com.ibm.websphere.objectgrid.security.plugins.CredentialGenerator
    public Credential getCredential() throws CannotGenerateCredentialException {
        try {
            final int i = this.type;
            return (Credential) AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.websphere.objectgrid.security.plugins.builtins.WSTokenCredentialGenerator.1
                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws WSSecurityException, WSLoginFailedException {
                    byte[] bArr = null;
                    Subject subject = null;
                    if (i == 1) {
                        subject = WSSubject.getRunAsSubject();
                    } else if (i == 2) {
                        subject = WSSubject.getCallerSubject();
                    }
                    byte[] createOpaqueTokenFromSubject = WSOpaqueTokenHelper.getInstance().createOpaqueTokenFromSubject(subject);
                    WSSecurityContext wSSecurityContext = SecurityHelper.getHelper().getWSSecurityContext();
                    String realm = SecurityHelper.getHelper().getRealm();
                    if (wSSecurityContext != null) {
                        bArr = wSSecurityContext.initSecContext(subject, (String) null, realm);
                    }
                    return new WSTokenCredential(bArr, createOpaqueTokenFromSubject);
                }
            });
        } catch (PrivilegedActionException e) {
            FFDCFilter.processException(e, "com.ibm.websphere.objectgrid.security.plugins.builtins.WSTokenCredentialGenerator.getCredential", "74", this);
            if (ObjectGridManagerImpl.isTraceEnabled && TC.isDebugEnabled()) {
                Tr.debug(TC, "PrivilegedActionException: " + e);
            }
            throw new CannotGenerateCredentialException(e.getException());
        }
    }

    public int getType() {
        return this.type;
    }

    public void setType(int i) {
        if (i != 1 && i != 2) {
            throw new IllegalArgumentException("Unsupported type : " + i);
        }
        this.type = i;
    }

    @Override // com.ibm.websphere.objectgrid.security.plugins.CredentialGenerator
    public void setProperties(String str) {
        String trim = str.trim();
        if (trim.equals(RUN_AS_SUBJECT_STRING)) {
            this.type = 1;
        } else {
            if (!trim.equals(CALLER_SUBJECT_STRING)) {
                throw new IllegalArgumentException("The value of the properties should be either runAs or caller");
            }
            this.type = 2;
        }
    }
}
