package com.ibm.ws.security.core;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.security.UserRegistry;
import com.ibm.websphere.security.WSSecurityException;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.security.auth.WSCredentialImpl;
import com.ibm.ws.security.common.util.CommonConstants;
import com.ibm.ws.security.icsf.ICSFServerObject;
import com.ibm.ws.security.ltpa.LTPAServerObject;
import com.ibm.ws.security.registry.RegistryUtil;
import com.ibm.ws.security.server.SecurityServer;
import com.ibm.ws.security.server.SecurityServerFactory;
import com.ibm.ws.webservices.engine.Constants;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Properties;

/* loaded from: input_file:lib/securityimpl.jar:com/ibm/ws/security/core/WSCredentialsHelper.class */
public class WSCredentialsHelper {
    private static final TraceComponent tc;
    static String securitySAFUnauthenticated;
    static String securityLocalIdentity;
    static String securityRemoteIdentity;
    private static ContextManager ctxMgr;
    private static boolean inInitialization;
    private static Object synchVariable;
    private static SecurityServer secServer;
    private static UserRegistry currentUserReg;
    static Class class$com$ibm$ws$security$core$WSCredentialsHelper;

    public static Object runAs(PrivilegedExceptionAction privilegedExceptionAction, String str) throws PrivilegedActionException {
        WSCredential wSCredential = null;
        WSCredential wSCredential2 = null;
        if (ctxMgr.isServerSecurityEnabled()) {
            try {
                WSCredential wSCredential3 = null;
                if (str.equals("System")) {
                    wSCredential3 = getServerCredential();
                    if (wSCredential3 != null) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Setting CallerCredential to Server");
                        }
                        wSCredential2 = pushCallerCredential(wSCredential3);
                    }
                } else if (str.equals(Constants.FAULT_CLIENT)) {
                    wSCredential3 = retrieveCredential();
                } else if (str.equals("ReceivedClient")) {
                    wSCredential3 = getCallerCredential();
                }
                if (wSCredential3 != null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, new StringBuffer().append("Setting Invocation credential to ").append(wSCredential3.getSecurityName()).toString());
                    }
                    wSCredential = pushInvocationCredential(wSCredential3);
                }
            } catch (Exception e) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception occurred during RunAs processing");
                }
                if (wSCredential != null) {
                    try {
                        popInvocationCredential(wSCredential);
                    } catch (Exception e2) {
                        if (wSCredential2 != null) {
                            popCallerCredential(wSCredential2);
                        }
                        throw new PrivilegedActionException(e);
                    }
                }
                if (wSCredential2 != null) {
                    popCallerCredential(wSCredential2);
                    wSCredential2 = null;
                }
                throw new PrivilegedActionException(e);
            }
        }
        try {
            Object run = privilegedExceptionAction.run();
            if (ctxMgr.isServerSecurityEnabled()) {
                try {
                    popInvocationCredential(wSCredential);
                    if (wSCredential2 != null) {
                        popCallerCredential(wSCredential2);
                        wSCredential2 = null;
                    }
                } catch (Exception e3) {
                    if (wSCredential != null) {
                        popInvocationCredential(wSCredential);
                    }
                    if (wSCredential2 != null) {
                        popCallerCredential(wSCredential2);
                    }
                    throw new PrivilegedActionException(e3);
                }
            }
            return run;
        } catch (Exception e4) {
            if (ctxMgr.isServerSecurityEnabled()) {
                if (wSCredential != null) {
                    try {
                        popInvocationCredential(wSCredential);
                    } catch (Exception e5) {
                        if (wSCredential2 != null) {
                            popCallerCredential(wSCredential2);
                        }
                        throw new PrivilegedActionException(e4);
                    }
                }
                if (wSCredential2 != null) {
                    popCallerCredential(wSCredential2);
                    wSCredential2 = null;
                }
            }
            throw new PrivilegedActionException(e4);
        }
    }

    private static WSCredential retrieveCredential() {
        WSCredential callerCredential = getCallerCredential();
        if (callerCredential == null) {
            callerCredential = getInvocationCredential();
        }
        return callerCredential;
    }

    private static WSCredential getServerCredential() {
        WSCredential wSCredential = null;
        boolean z = false;
        if (ctxMgr != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "WSCredentialsHelper.getServerCredential");
            }
            try {
                wSCredential = ctxMgr.getServerCredential();
                if (wSCredential != null) {
                    z = wSCredential.isCurrent();
                }
            } catch (WSSecurityException e) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("WSCredentialsHelper.getServerCredential threw exception").append(e.toString()).toString());
                }
            }
        }
        if (!z || wSCredential == null) {
            return null;
        }
        return wSCredential;
    }

    private static WSCredential getInvocationCredential() {
        WSCredential wSCredential = null;
        boolean z = false;
        if (ctxMgr == null) {
            if (!tc.isDebugEnabled()) {
                return null;
            }
            Tr.debug(tc, "ContextManagerImpl null");
            return null;
        }
        try {
            wSCredential = ctxMgr.getInvocationCredential();
            if (wSCredential != null) {
                z = wSCredential.isCurrent();
            }
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Caught Exception in ").append("WSCredentialsHelper.getInvocationCredential").toString());
            }
            Tr.error(tc, "WSCredentialsHelper.getInvocationCredential", e.toString());
            z = false;
        }
        if (!z || wSCredential == null) {
            return null;
        }
        return wSCredential;
    }

    private static WSCredential pushInvocationCredential(WSCredential wSCredential) {
        WSCredential wSCredential2 = null;
        try {
            wSCredential2 = ctxMgr.pushInvocationCredential(wSCredential);
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Caught Exception in ").append("WSCredentialsHelper.pushInvocationCredential").toString());
                Tr.error(tc, "WSCredentialsHelper.pushInvocationCredential", e.toString());
            }
        }
        return wSCredential2;
    }

    private static void popInvocationCredential(WSCredential wSCredential) {
        try {
            ctxMgr.popInvocationCredential(wSCredential);
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Caught Exception in ").append("WSCredentialsHelper.popInvocationCredential").toString());
                Tr.error(tc, "WSCredentialsHelper.popInvocationCredential", e.toString());
            }
        }
    }

    private static WSCredential pushCallerCredential(WSCredential wSCredential) {
        WSCredential wSCredential2 = null;
        try {
            wSCredential2 = getCallerCredential();
            ctxMgr.setCallerCredentials(new WSCredential[]{wSCredential});
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Caught Exception in ").append("WSCredentialsHelper.pushCallerCredential").toString());
                Tr.error(tc, "WSCredentialsHelper.pushCallerCredential", e.toString());
            }
        }
        return wSCredential2;
    }

    private static void popCallerCredential(WSCredential wSCredential) {
        try {
            ctxMgr.setCallerCredentials(new WSCredential[]{wSCredential});
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Caught Exception in ").append("WSCredentialsHelper.popCallerCredential").toString());
            }
            Tr.error(tc, "WSCredentialsHelper.popCallerCredential", e.toString());
        }
    }

    private static WSCredential getCallerCredential() {
        WSCredential[] wSCredentialArr = new WSCredential[1];
        boolean z = false;
        if (ctxMgr != null) {
            try {
                wSCredentialArr = ctxMgr.getCallerCredentials();
                if (wSCredentialArr != null && wSCredentialArr[0] != null) {
                    z = wSCredentialArr[0].isCurrent();
                }
            } catch (Exception e) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("Caught Exception in ").append("CredentialsHelper.getCallerCredential").toString());
                    Tr.error(tc, "CredentialsHelper.getCallerCredential", e.toString());
                }
                z = false;
            }
        }
        if (!z || wSCredentialArr == null || wSCredentialArr[0] == null) {
            return null;
        }
        return wSCredentialArr[0];
    }

    public static WSCredential createRegistryCred(String str, String str2) {
        return createRegistryCred(str, str2, new ArrayList());
    }

    public static WSCredential createRegistryCred(String str, String str2, ArrayList arrayList) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createRegistryCred");
        }
        WSCredential wSCredential = null;
        SecurityConfig config = SecurityConfig.getConfig();
        if (null == config.getValue(CommonConstants.USE_LOCALOS_AUTHORIZATION) || "true" != config.getValue(CommonConstants.USE_LOCALOS_AUTHORIZATION)) {
            try {
                if (true == isAZOSDefault(str2)) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Created Credential for the Unauthenticated id.");
                    }
                    wSCredential = (WSCredentialImpl) ctxMgr.getUnauthenticatedCredential();
                } else {
                    synchronized (synchVariable) {
                        if (inInitialization) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "inInitialization == true");
                            }
                            wSCredential = new WSCredentialImpl((String) SecurityConfig.getConfig().getValue("security.activeUserRegistry.realm"), (String) SecurityConfig.getConfig().getValue("security.serverId"), "", "", RegistryUtil.appendRealm("user", str2, str), new ArrayList(), arrayList);
                        } else {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "inInitialization == false");
                            }
                            inInitialization = true;
                            if (secServer == null) {
                                secServer = SecurityServerFactory.create();
                                currentUserReg = secServer.getRegistry(null);
                            }
                            wSCredential = currentUserReg.createCredential(str2);
                            inInitialization = false;
                        }
                    }
                }
            } catch (Exception e) {
                Tr.error(tc, new StringBuffer().append("UserRegistry failed to create Credential with userName ").append(str2).append(".  Exception is ").append(e.getMessage()).toString());
                inInitialization = false;
            }
        } else {
            wSCredential = new WSCredentialImpl(str, str2, "", "", RegistryUtil.appendRealm("user", str2, str), new ArrayList(), arrayList);
            if (true == isAZOSDefault(str2)) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Userid is a default zOS user.");
                }
                ((WSCredentialImpl) wSCredential).markAsUnauthenticated();
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createRegistryCred");
        }
        return wSCredential;
    }

    public static WSCredential createTokenCred(WSCredential wSCredential) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createTokenCred");
        }
        WSCredential wSCredential2 = null;
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "getting TokenServer...");
        }
        String str = (String) SecurityConfig.getConfig().getValue("security.activeAuthMechanism");
        if (str == "LTPA") {
            try {
                wSCredential2 = LTPAServerObject.getLTPAServer().createLTPAToken(wSCredential);
            } catch (Exception e) {
                Tr.error(tc, new StringBuffer().append("Failed to create a credential token: ").append(e.getMessage()).toString());
            }
        } else if (str == SecurityConfig.AUTH_MECHANISM_ICSF) {
            try {
                wSCredential2 = ICSFServerObject.getICSFServer().createICSFToken(wSCredential);
            } catch (Exception e2) {
                Tr.error(tc, new StringBuffer().append("Failed to create a credential token: ").append(e2.getMessage()).toString());
            }
        } else {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "creating wsCred with NULL credToken...");
            }
            wSCredential2 = new WSCredentialImpl(wSCredential, (String) null, (byte[]) null, false, -1L);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createTokenCred");
        }
        return wSCredential2;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v16, types: [com.ibm.websphere.security.cred.WSCredential] */
    /* JADX WARN: Type inference failed for: r0v21, types: [com.ibm.websphere.security.cred.WSCredential] */
    public static WSCredential createTokenCred(WSCredential wSCredential, String str, byte[] bArr, long j) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createTokenCred");
        }
        WSCredentialImpl wSCredentialImpl = null;
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "getting TokenServer...");
        }
        String str2 = (String) SecurityConfig.getConfig().getValue("security.activeAuthMechanism");
        if (str2 != "LTPA" && str2 != SecurityConfig.AUTH_MECHANISM_ICSF) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "creating wsCred with NULL credToken...");
            }
            wSCredentialImpl = new WSCredentialImpl(wSCredential, (String) null, (byte[]) null, false, -1L);
        } else if (str != null) {
            wSCredentialImpl = new WSCredentialImpl(wSCredential, str, bArr, true, j);
        } else if (str2 == "LTPA") {
            try {
                wSCredentialImpl = LTPAServerObject.getLTPAServer().createLTPAToken(wSCredential);
            } catch (Exception e) {
                Tr.error(tc, new StringBuffer().append("Failed to create a credential token: ").append(e.getMessage()).toString());
            }
        } else if (str2 == SecurityConfig.AUTH_MECHANISM_ICSF) {
            try {
                wSCredentialImpl = ICSFServerObject.getICSFServer().createICSFToken(wSCredential);
            } catch (Exception e2) {
                Tr.error(tc, new StringBuffer().append("Failed to create a credential token: ").append(e2.getMessage()).toString());
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createTokenCred");
        }
        return wSCredentialImpl;
    }

    private static boolean isAZOSDefault(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("SecurityORBImpl isAZOSDefault for user: ").append(str).toString());
        }
        try {
            if (securityLocalIdentity != null && securityLocalIdentity.length() != 0 && str.toUpperCase().equals(securityLocalIdentity.toUpperCase())) {
                if (!tc.isDebugEnabled()) {
                    return true;
                }
                Tr.debug(tc, new StringBuffer().append("Input Userid is equal to security_local_identity ").append(securityLocalIdentity).toString());
                return true;
            }
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception securityLocalIdentity compare failed.");
                e.printStackTrace();
            }
        }
        try {
            if (securityRemoteIdentity != null && securityRemoteIdentity.length() != 0 && str.toUpperCase().equals(securityRemoteIdentity.toUpperCase())) {
                if (!tc.isDebugEnabled()) {
                    return true;
                }
                Tr.debug(tc, new StringBuffer().append("Input Userid is equal to security_remote_identity. ").append(securityRemoteIdentity).toString());
                return true;
            }
        } catch (Exception e2) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception securityRemoteIdentity compare failed.");
                e2.printStackTrace();
            }
        }
        try {
            if (securitySAFUnauthenticated != null && securitySAFUnauthenticated.length() != 0 && str.toUpperCase().equals(securitySAFUnauthenticated.toUpperCase())) {
                if (!tc.isDebugEnabled()) {
                    return true;
                }
                Tr.debug(tc, new StringBuffer().append("Input Userid is equal to com_ibm_security_SAF_unauthenticated. ").append(securitySAFUnauthenticated).toString());
                return true;
            }
        } catch (Exception e3) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception securitySAFUnauthenticate compare failed.");
                e3.printStackTrace();
            }
        }
        if (!tc.isDebugEnabled()) {
            return false;
        }
        Tr.entry(tc, "SecurityORBImpl isAZOSDefault retuning false.");
        return false;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$com$ibm$ws$security$core$WSCredentialsHelper == null) {
            cls = class$("com.ibm.ws.security.core.WSCredentialsHelper");
            class$com$ibm$ws$security$core$WSCredentialsHelper = cls;
        } else {
            cls = class$com$ibm$ws$security$core$WSCredentialsHelper;
        }
        tc = Tr.register(cls, (String) null, "com.ibm.ejs.resources.security");
        securitySAFUnauthenticated = null;
        securityLocalIdentity = null;
        securityRemoteIdentity = null;
        securitySAFUnauthenticated = (String) SecurityConfig.getConfig().getValue(CommonConstants.SAF_UNAUTHENTICATED_PROPERTY);
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("SecurityORBImpl isAZOSDefault ibm.security.SAF.unauthenticated: ").append(securitySAFUnauthenticated).toString());
        }
        Properties properties = (Properties) SecurityConfig.getConfig().getValue(CommonConstants.TOPLEVEL_PROPS);
        if (null != properties) {
            securityLocalIdentity = (String) properties.get("was.security.local.identity");
            if (tc.isEntryEnabled()) {
                Tr.entry(tc, new StringBuffer().append("SecurityORBImpl isAZOSDefault security.local.identity : ").append(securityLocalIdentity).toString());
            }
            securityRemoteIdentity = (String) properties.get(CommonConstants.SECURITY_REMOTE_IDENTITY);
            if (tc.isEntryEnabled()) {
                Tr.entry(tc, new StringBuffer().append("SecurityORBImpl isAZOSDefault security.remote.identity : ").append(securityRemoteIdentity).toString());
            }
        } else {
            Tr.entry(tc, "SecurityORBImpl: No z/OS default ids found, no toplevel_props found. ");
        }
        ctxMgr = null;
        inInitialization = false;
        synchVariable = new Object();
        secServer = null;
        currentUserReg = null;
        ctxMgr = ContextManagerFactory.getInstance();
    }
}
